What is the UK Corporate Governance Code?
The UK Corporate Governance Code is the Financial Reporting Council’s corporate governance framework for listed companies in the UK.
It sets out principles and provisions covering board leadership, company purpose, division of responsibilities, board composition, succession, evaluation, audit, risk, internal control, and remuneration.
The Financial Reporting Council explains that the UK Corporate Governance Code applies to companies listed on the London Stock Exchange in the commercial companies category. The Code operates on a “comply or explain” basis, meaning companies should either comply with its provisions or explain why they have not.
The 2024 version of the UK Corporate Governance Code is separated into 5 sections:
board leadership and company purpose
- division of responsibilities
- composition, succession, and evaluation
- audit, risk, and internal control
- Remuneration
In governance, risk, and compliance (GRC), the UK Corporate Governance Code matters because it sets expectations for board oversight, internal control, risk management, reporting, accountability, and evidence.
The Code is not just about what the board says it does. It is about whether the organization can show how governance works in practice.
ORIGINS
Where did the UK Corporate Governance Code come from?
The UK Corporate Governance Code has its roots in the Cadbury Report.
Published in 1992, the Cadbury Report responded to major corporate failures and concerns about financial reporting, audit, board oversight, and accountability.
It gave one of the most widely used definitions of corporate governance:
The Cadbury Report also introduced the principle that companies should either comply with recommended governance standards or explain why they have not.
That “comply or explain” approach became central to the UK governance model. It recognizes that not every company should be forced into the same structure, but it expects transparency when a company takes a different approach.
The UK Corporate Governance Code has been updated over time as expectations around board leadership, stakeholder interests, culture, risk, audit, remuneration, diversity, internal control, and reporting have developed.
The current 2024 Code applies to financial years beginning on or after 1 January 2025, except Provision 29, which applies to financial years beginning on or after 1 January 2026.
PROCESS
Why does the UK Corporate Governance Code matter?
The UK Corporate Governance Code matters because it shapes how listed companies explain board oversight, decision-making, risk management, internal control, and accountability.
For boards, the Code creates a clear governance reference point. For investors and stakeholders, it improves transparency. For risk, compliance, audit, and control teams, it creates practical pressure to show that governance processes are working.
The Code helps organizations focus on:
- board leadership and company purpose
- clear division of responsibilities
- board composition, succession, and evaluation
- audit committee oversight
- risk management
- internal control effectiveness
- remuneration governance
- shareholder and stakeholder confidence
- transparent reporting
The biggest recent change is Provision 29.
Under Provision 29 of the 2024 UK Corporate Governance Code, the board should monitor the company’s risk management and internal control framework and, at least annually, review its effectiveness. The monitoring and review should cover material controls, including financial, operational, reporting, and compliance controls.
The FRC’s Provision 29 mythbuster explains that although Provision 29 came into force on 1 January 2026, it applies to accounting periods beginning on or after that date. The FRC expects reporting against the new Provision in the following year.
That timing matters. Many organizations are now preparing for their first real Provision 29 reporting cycle.
What does the UK Corporate Governance Code look like in practice?
In practice, the UK Corporate Governance Code usually affects:
- board and committee reporting
- audit committee activity
- risk management and internal control reviews
- material control identification
- control testing and evidence
- board declarations on control effectiveness
- governance reporting in the annual report
- decision records and board minutes
- committee terms of reference
- remuneration reporting
- succession planning
- board evaluation
- stakeholder engagement reporting
- assurance over financial, operational, reporting, and compliance controls
The practical question for boards is no longer only “do we have controls?”
It is also:
- What are our material controls?
- Who owns them?
- How are they monitored?
- What evidence shows they operated effectively?
- What exceptions or weaknesses were found?
- What remediation is underway?
- What does the board need to disclose?
- What can we explain clearly to investors, auditors, regulators, and stakeholders?
The Code pushes companies toward clearer governance reporting. It also raises the standard for evidence behind risk management and internal control statements.
PEOPLE
Who is responsible for the UK Corporate Governance Code?
Responsibility for the UK Corporate Governance Code sits mainly with the board, but delivery depends on several groups across the organization.
Common stakeholders include:
1. The board of directors
The board is responsible for applying the Code’s principles, overseeing governance, monitoring management, and making sure reporting is fair, balanced, and understandable.
2. The chair
The chair leads the board, supports constructive challenge, and helps ensure directors receive the information needed to make effective decisions.
3. Audit committee
The audit committee plays a key role in oversight of audit, risk management, internal control, assurance, reporting, and control effectiveness.
4. Risk committee
Where a separate risk committee exists, it may provide more detailed oversight of risk appetite, material risks, internal controls, and emerging risks.
5. Remuneration committee
The remuneration committee oversees executive pay, incentives, workforce remuneration alignment, and related reporting.
6. Nomination committee
The nomination committee oversees board composition, succession, evaluation, skills, diversity, and appointment processes.
7. CEO and executive leadership
Senior leaders are responsible for running the business, operating controls, managing risks, and providing the board with accurate information.
8. Company secretary or general counsel
The company secretary or general counsel often supports governance processes, board papers, minutes, annual reporting, committee administration, and Code-related documentation.
9. Risk and compliance teams
Risk and compliance teams support risk frameworks, control mapping, compliance controls, reporting, issue escalation, and remediation tracking.
10. Internal audit and assurance teams
Internal audit and assurance teams provide independent evidence on whether governance, risk, and control processes are operating effectively.
11. Control owners and business managers
Control owners and business managers operate the controls and provide the evidence that supports board-level declarations and reporting.
The board is accountable, but it cannot evidence Code readiness without reliable information from across the business.
TECHNOLOGY
What do good UK Corporate Governance Code tools look like?
Good UK Corporate Governance Code tools should help organizations connect governance reporting with the evidence behind it.
That is especially important for Provision 29, where boards need a clear view of material controls across financial, operational, reporting, and compliance areas.
Strong tools should support:
- board and committee dashboards
- material control registers
- risk and control mapping
- control ownership
- control effectiveness testing
- issue and remediation tracking
- evidence management
- approval workflows
- audit trails
- delegated authority records
- reporting across entities, teams, regions, and business units
- board packs linked to live governance data
- audit and assurance reporting
- role-based access for sensitive information
The point is not to create longer board reports. It is to make the evidence behind those reports easier to trust.
The FRC Corporate Governance Code Guidance makes clear that the guidance is not intended to be prescriptive. It is designed to support those using the Code with advice, detail, and examples.
That matters for technology. UK Corporate Governance Code readiness should not force every organization into the same process. Tools need to support each organization’s governance model, control environment, and reporting structure.
How CoreStream GRC helps with the UK Corporate Governance Code
In summary, UK Corporate Governance Code readiness should be practical, evidence-led, and connected to how governance actually works.
Too often, Code-related information sits across spreadsheets, board papers, control testing files, audit reports, policy folders, issue trackers, and email updates. That makes it difficult to show which controls are material, who owns them, what evidence exists, what weaknesses were found, and what the board can confidently report.
CoreStream GRC helps organizations connect UK Corporate Governance Code activity across:
- governance workflows
- board and committee reporting
- risk management
- material controls
- control ownership
- control effectiveness evidence
- issues and remediation
- audit and assurance findings
- compliance controls
- delegated authority
- approvals and escalations
- evidence and audit trails
Our Provision 29 guide explains the shift clearly:
“Boards are moving from ‘we have controls’ to ‘we can show those controls operated effectively, based on evidence.’”
That is the CoreStream GRC angle. UK Corporate Governance Code readiness is not just about annual reporting. It is about building a repeatable, evidence-backed process that gives boards confidence before they make a declaration.
CoreStream GRC’s Governance software helps teams connect governance workflows, reporting, ownership, controls, approvals, and evidence in one flexible platform.
UK Corporate Governance Code best practices
Strong UK Corporate Governance Code readiness usually depends on:
- clear board and committee responsibilities
- a reliable view of material controls
- defined control ownership
- evidence that controls operated in practice
- regular review of risk management and internal control frameworks
- clear issue escalation and remediation tracking
- board reporting linked to underlying evidence
- governance disclosures that are specific, not generic
- audit and assurance input
- regular review of whether governance reporting remains useful
The FRC’s 2025 Annual Review of Corporate Governance Reporting highlighted the value of meaningful explanations in governance reporting and the flexibility of the Code.
That is the balance organizations need to strike. Reporting should be clear and proportionate, but it also needs enough evidence to show that governance is working.
Recommended UK Corporate Governance Code reads:
FRC: UK Corporate Governance Code 2024
FRC: Corporate Governance Code Guidance
FRC: Annual Review of Corporate Governance Reporting 2025
Cadbury Report: The Financial Aspects of Corporate Governance
CoreStream GRC: Provision 29 explained
CoreStream GRC: Governance software
CoreStream GRC: Corporate governance
FAQs on the UK Corporate Governance Code
The UK Corporate Governance Code is a framework that sets expectations for how listed companies should be governed. It covers board leadership, responsibilities, board composition, audit, risk, internal control, and remuneration.
The UK Corporate Governance Code applies to companies listed on the London Stock Exchange in the commercial companies category.
“Comply or explain” means companies should either comply with the Code’s provisions or explain why they have chosen a different approach. The model gives companies flexibility, but it also expects clear and meaningful explanations.
Provision 29 requires the board to monitor the company’s risk management and internal control framework and review its effectiveness at least annually. The review should cover material controls, including financial, operational, reporting, and compliance controls.
Provision 29 applies to financial years beginning on or after 1 January 2026. The FRC expects reporting against the new Provision in the following year.
The Code matters for GRC teams because it creates expectations around risk management, internal controls, reporting, evidence, ownership, audit trails, and board oversight.
CoreStream GRC helps organizations connect risk management, material controls, control ownership, evidence, remediation, assurance findings, governance reporting, and audit trails in one flexible GRC platform.



