AI is becoming an increasingly useful tool to support corporate governance. Find out how different kinds of AI can improve the oversight and efficiency of your organisation. We also look at the latest updates to corporate governance codes: how might they alter your company culture?
Corporate governance in the UK is in a period of meaningful change. For directors – who are collectively responsible for overseeing risk, internal controls, strategic direction and the organisation’s long‑term sustainability – the 2023 revision to the QCA Corporate Governance Code and 2024 update to the UK Corporate Governance Code introduce clearer expectations and a more defined framework for effective governance.
What are the key changes to the QCA Code?
The revised code is applicable to financial periods beginning on or after 1 April 2024. The changes bring the code in line with the latest good practice, while maintaining the flexibility valued by smaller, growing companies. Here are the new elements:
(1) Greater emphasis on corporate purpose and culture
There are stronger requirements on boards to explain the company’s purpose. This gives rise to the business model and long term strategy. The corporate culture must be developed via a ‘tone from the top’ to support the company’s purpose.
New disclosures include:
- Principle 1: Explanation of the company’s purpose
- Principle 2: Details on the corporate culture and explanations for deviations
(2) More focus on environmental and social responsibilities
Environmental and social responsibilities – including climate‑related considerations – are now explicitly embedded in the code. Boards must improve their oversight of these areas, ensuring they are effectively managed and valued by the company’s stakeholders and consumers. The company’s workforce is recognised as a key stakeholder, with the expectation that its practices and behaviours consistently reflect and support the organisation’s stated values in these areas.
New disclosures include:
- Principle 4 & 5: Clear explanation on how the organisation governs climate‑related risks and opportunities, including the processes used to identify, assess and manage them
(3) A new standalone principle on remuneration
Companies must now align remuneration policy with purpose, strategy, culture, and long‑term value creation. It recommends shareholders be able to vote not only on remuneration reports but also on forward‑looking remuneration policy proposals.
New disclosures include:
- Principle 9: Disclosure on the remuneration policy should be simple to understand, and include an explanation on how it aligns to the company’s purpose, strategy and culture.
(4) Strengthened expectations for board structure and independence
At least half the board should be independent non‑executive directors. Audit and remuneration committees are also expected to have majority independence. Boards are encouraged to consider diversity and skillset in their composition, and implement board performance reviews. This must be supported by disclosures and an outline of the succession planning process.
How has the UK Corporate Governance Code been updated?
The FRC’s targeted revisions to the UK Corporate Governance Code are applicable to periods beginning on or after 1 January 2025. The most significant change is the new Provision 29, effective from 1 January 2026.
What is Provision 29?
The code has always referred to the implementation and oversight of internal controls. But Provision 29 builds on these expectations and reflects the increasing importance of non-financial disclosures. It prompts directors to review the effectiveness of the material controls which are crucial to the sustainability of their company.
| The board should monitor the company’s risk management and internal control framework and, at least annually, carry out a review of its effectiveness. The monitoring and review should cover all material controls, including financial, operational, reporting and compliance controls. The board should provide in the annual report: – A description of how the board has monitored and reviewed the effectiveness of the framework; – A declaration of effectiveness of the material controls as at the balance sheet date – A description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues. |
(Source: FRC – frc.org.uk)
How AI can support Corporate Governance and Policy Development
Advances in AI are becoming increasingly relevant as expectations around governance, risk management and reporting continue to rise. When used responsibly, AI can strengthen control environments, improve oversight, and enhance the quality and efficiency of board‑level decision‑making.
Generative AI
Generative AI can rapidly summarise long documents, produce high‑quality first drafts, and answer queries by pulling information from multiple sources. This reduces manual preparation time and means boards and committees can focus on strategic oversight rather than administrative processes.
Example:
- Drafting an audit committee internal controls report using earlier reports, risk registers and control logs as inputs.
Agentic AI and workflow automation
Agentic AI performs multi‑step tasks with limited human input. It understands an objective, breaks it into steps, and executes autonomously within predefined boundaries. When combined with workflow automation, these tools can continuously monitor risks and controls.
Example:
- Ongoing review of user‑access logs, identification of segregation‑of‑duties issues, and preparation of a monthly summary for the audit committee.
Vendor services
Third‑party governance and compliance platforms increasingly offer embedded AI capabilities. These include anomaly detection, sentiment analysis and regulatory mapping. These tools can improve the consistency of control monitoring and enhance reporting quality without requiring internal development.
Example:
- Identifying unusual journal entries (eg late-night manual postings or atypical approvers) and generating an exception report for finance and the board.
AI governance – ISO 42001
ISO 42001 provides the first international framework for governing the selection, use and oversight of AI systems. Even without certification, boards can use the standard to strengthen internal governance.
What would be the key actions aligned to ISO 42001?
- To define governance roles and oversight for AI use
- To assess AI‑related risks including data, security, GDPR, compliance and operational impacts
- To establish policies for acceptable use, procurement, monitoring and retirement of AI systems
- To maintain transparency through documentation and monitoring records
- To regularly review AI performance for accuracy and reliability
- To ensure human judgement and clear accountability remain central.
These give boards confidence that AI is being managed responsibly, even without formal ISO certification.
How we can help with corporate governance
Our specialist team and general corporate governance advisory services can:
- assess governance frameworks and identify areas for strengthening
- evaluate board and committee capability, skills and effectiveness
- review governance documentation and decision‑making materials to ensure they support high‑quality decisions and clear accountability
- provide an independent view on board effectiveness, for example when considering risks, impacts and the adequacy of decisions
For more information, please contact Jessica Wills.
How we can help with AI implementation
Our technology experts can advise on the implementation of AI tools, and provide:
- AI governance maturity assessments and gap analysis
- ISO42001 readiness assessment
- workshops to identify and prioritise AI opportunities
- outsourced AI officer support, including steering group setup and policy rollout
- vendor and third‑party risk assessments
For more information, please contact Phil Broadbery.
