Why Impero Is the Ideal Platform for Delivering Provision 29 Compliance

Guest blog by Ndalela Mulwila, Managing Director at SecondB Holdings Ltd. For full disclosure, the author and Impero have a non-paid collaboration.

The updated UK Corporate Governance Code introduces a significant shift in expectations for listed companies. Under Provision 29, boards must issue an annual declaration confirming whether their risk management and internal control systems have been effective throughout the reporting period, supported by a clear explanation of how that conclusion was reached.

For many organisations, the challenge is not understanding the requirement, but demonstrating it. That requires consistent control operation, reliable testing, clear documentation, and an evidence base robust enough to support board assurance.

Impero is designed specifically to meet this need.

Provision 29 raises the bar for internal control programmes

Provision 29 calls for more structured governance around internal controls. Boards must show that controls across financial, operational, compliance, and reporting domains are:

• Properly designed
• Operating effectively
• Monitored throughout the year
• Supported by timely testing and remediation
• Evidenced in a transparent and audit-ready manner

This means organisations need a system that can bring clarity, consistency, and visibility to their internal control framework. Manual spreadsheets or scattered documentation cannot deliver the level of accountability, repeatability, or assurance expected under the new Code.

A platform built for internal controls, not complexity

Impero focuses on what organisations need most under Provision 29: a clear, operational system for managing controls, collecting evidence, completing testing, and maintaining a defensible audit trail.

Its design is intentionally simple, making it accessible for finance teams, tax teams, local control owners, and compliance functions who need a platform that supports control execution without adding unnecessary complexity.

Aligned to the requirements of Provision 29

Impero provides built-in structure that supports organisations from the outset. This includes:

• Control categorisation aligned to financial, operational, compliance, and reporting domains
• The ability to tag risks and controls as material
• Clear mapping of risks to control activities
• Automated reminders and workflows for consistent control operation
• Evidence upload directly linked to the relevant control
• Testing workflows for both design and operational effectiveness
• Dashboards showing status, exceptions, and remediation progress

This structure helps organisations move from reactive documentation to proactive control management.

How Impero supports the full Provision 29 lifecycle

Provision 29 expects organisations to evidence the effectiveness of their internal controls across the full year. Impero supports each step of that process.

1. Establishing a clear and centralised control framework

Impero acts as a single source of truth, bringing risks, controls, ownership, and documentation together. Controls can be categorised by domain, entity, risk type, and materiality, providing clarity for everyone involved in the process.

2. Ensuring consistent control operation

Impero’s automated reminders and role-based workflows help control owners understand what needs to be completed and when. Evidence is uploaded directly to the control activity, supporting a complete and transparent audit trail.

3. Managing testing and assurance

Design and operational effectiveness testing are straightforward in Impero. Results are stored in a structured testing repository, and any exceptions identified during testing are logged and tracked within the platform. Users can assign remediation actions directly from these findings, allowing teams to monitor progress through dashboards and follow-up task views.  

4. Supporting governance, oversight, and the annual declaration

Provision 29 requires boards to issue an effectiveness statement based on clear evidence. Impero provides tailored dashboards and assurance reporting that consolidate the status of risks, controls, testing, deficiencies, and remediation activity. This helps senior leadership and audit committees review progress and sign off with confidence.

Why Impero is a strong choice for organisations preparing for Provision 29

Organisations choose Impero because it delivers what is essential for a successful internal control programme:

Purpose-built for controls
Impero focuses on making control operation, evidence collection, and testing simple and repeatable. This aligns directly with the expectations of Provision 29.

Easy for teams across the organisation to adopt
Local control owners and finance or compliance teams can learn the system quickly, reducing friction and ensuring consistent participation in the control process.

Designed for clarity and accountability
The platform brings transparency to the entire control environment, making it easier to identify issues, monitor remediation, and demonstrate a strong governance structure.

An audit-ready backbone for your control programme
With audit trails, dashboards, and real-time reporting, Impero gives organisations the evidence base they need to support the annual effectiveness declaration and improve internal control maturity over time.

Strengthening governance under the updated Code

Provision 29 represents a shift toward greater transparency and responsibility in corporate reporting. Organisations that invest in a structured, technology-enabled approach will find it easier to monitor their controls, address issues promptly, and provide the robust assurance expected by boards and regulators.

Impero provides the practical foundation for meeting these expectations. By simplifying control operation and strengthening the evidence base, it helps organisations deliver on Provision 29 with confidence and build a more resilient governance framework for the future.

About the author

Ndalela Mulwila is an Independent Consultant and Managing Director of SecondB Holdings, a UK-based boutique advisory firm specialising in Governance, Risk & Compliance (GRC). Trained at the UK Audit Commission and Deloitte, he began his career in external audit before transitioning into the broader GRC and internal controls landscape.

He has since held senior leadership roles across industry, including Chief Risk Officer, Head of Internal Controls, and Head of Compliance for PATRIZIA’s UK operations, later becoming the firm’s Global Director of Internal Controls and Risk. His previous roles include Head of Internal Audit within Blackstone portfolio companies, and EMEA & Group Head of Internal Audit & Risk at Dentsu International.

Today, Ndalela supports premium-listed UK businesses with the adoption of Provision 29 under the revised UK Corporate Governance Code (often referred to as “UK SOX”). He advises Boards, Executives, and operational teams on risk management, internal control frameworks, and GRC transformation. His recent work includes engagements with Serco Plc, Ceres Plc, Zotefoams Plc, LSL Group Plc, and True Potential. Drawing on his experience both procuring and implementing GRC technologies, he helps organisations and vendors align on value-driven outcomes.