Why ESG Is Now a Controls Issue: The UK’s Shift to Investment‑Grade Sustainability Reporting
Mark Lumsdon-Taylor · Posted on: March 16th 2026 · read
Provision 29 of the UK Corporate Governance Code is the centrepiece of the 2024 reforms, requiring Boards to make a formal "material controls declaration" for accounting periods beginning on or after 1 January 2026. It significantly raises expectations around risk management and internal controls, moving the UK closer to a UK/SOX‑style regime.
How ESG and regulation are reshaping the Provision 29 agenda
Research over the last 2–3 years has been consistent on several points:
ESG is now a controls issue, not just a narrative exercise
Labelled ESG data (GHG emissions, energy, water, waste, human capital, supply chain, diversity, etc.) is increasingly treated by investors and regulators as investment‑grade information. As a result, it must sit within a robust internal control environment rather than a parallel, less‑governed reporting stream.
Regulation forces convergence of financial and non‑financial controls
CSRD, EU Taxonomy, ISSB, TCFD/transition plans, and emerging UK sustainability reporting requirements all push Boards toward integrated reporting and integrated internal controls. The Big 4 are aligned: ESG can no longer be "off ledger"; discipline applied to financial data must increasingly apply to Scope 1–3 emissions, taxonomy alignment, and climate‑risk metrics.
Assurance expectations are rising
Boards and audit committees expect assurance over key ESG metrics within a short horizon. That is only achievable if ESG processes and data flows are embedded in the risk management and internal control framework, which Provision 29 now requires Boards to formally declare.
If you take Provision 29 seriously, ESG can’t be an annex. You must define “material controls” to explicitly include ESG. Not just financial, operational, reporting, compliance, but ESG and sustainability related controls. A strong, futureproof Provision 29 statement would:
- Explicitly state that the Board’s review of material controls covers financial and nonfinancial (including ESG) information.
- Describe how ESG related regulations (CSRD, ISSB, climate/transition, supply chain, etc.) have been integrated into the risk and control assessment, not treated as a separate compliance silo.
- Set out the assurance mode; internal audit, external assurance, and management testing—over key ESG metrics and regulatory disclosures, alongside financial reporting.
- Acknowledge any material weaknesses in ESG data, systems, or governance, and link them to timebound remediation plans.
The gap between basic and advanced adoption is not cosmetic; it is the difference between a Provision 29 declaration that is technically compliant and one that is defensible under regulatory, investor, and assurance scrutiny, especially once UK SRS embeds sustainability data into statutory reporting.
Why Provision 29 matters?
- Strengthens Accountability: The FRC’s intent is to reinforce board accountability for internal controls, mirroring global trends in governance and investor expectations.
- Enhances Transparency: Investors gain clearer insight into how Boards ensure resilience, reliability of reporting, and operational integrity.
- Drives Better Control Environments: The requirement pushes companies to:
- Map and define material controls
- Implement continuous monitoring
- Strengthen assurance frameworks
- Improve documentation and evidence trails
Provision 29 and other regimes
Now more than ever, the abundance of different reporting requirements can seem overwhelming to adhere to. There are an increasing number of non-financial disclosure requirements being introduced, however, while some are mandatory and some comply or explain, often times complying with one gets you halfway to achieving compliance with another.
Although they originate from different authorities Provision 29, UK SRS, IFRS S1 and S2 and TCFD are becoming mutually reinforcing. They same can be told about EU requirements, like CSRD and EU Taxonomy.
Emerging themes in P29 early disclosures
With UK Sustainability Reporting Standards (UK SRS) approaching, companies are beginning to treat sustainability data with the same rigour as financial information. Early adopters are documenting data processes, defining methodologies, strengthening reporting controls and preparing for future assurance requirements. This integration reflects the growing recognition that sustainability metrics will fall within the material controls perimeter and will need to withstand both Board scrutiny and external assurance.
Sustainability & ESG
Combining commercial awareness and fresh thinking to help businesses and leaders recognise and respond to the ESG challenge and support them on their journey to a sustainable future.
Governance, Risk & Controls
MHA’s internal audit specialists help organisations to take well-informed risks, ensure company-wide compliance and execute good governance to enable them to grow and succeed.
