Marentis Labs

Marentis Labs · Self-Serve Diagnostic

Board Risk Readiness Assessment

Twelve questions drawn from the assessment framework Marentis Labs applies in board engagements, covering the Provision 29 declaration, DORA, PRA SS5/25, and AI governance. Your score, your three priority gaps, and the recommended next step, on screen in under five minutes.

Start the assessment →

Answered by audit committee chairs, CFOs, and CROs. Your responses go to the principal only, handled under our Privacy Notice.

1. Has the board formally reviewed and approved the criteria for what constitutes a material control for the current financial year?
2. Does the population of material controls reconcile directly to the principal risks disclosed in the Strategic Report?
3. Are non-financial reporting controls, including operational, compliance, and ESG/climate disclosure controls, inside the declaration scope?
4. Has the board agreed, before testing begins, what constitutes a material control failure?
5. Is there a unified assurance map drawing together first-line, second-line, and internal audit outputs for every material control?
6. Is board-level risk reporting specific, timely, and decision-useful enough for directors to challenge management, rather than summary-level?
7. Has draft declaration wording been dry-run with the Audit Committee against a real evidence pack?
8. Is the Register of Information complete and current, covering direct ICT providers, their subcontractors, and shadow IT?
9. Has the 4-hour serious-incident reporting workflow been documented and exercised under realistic conditions?
10. Does the board's risk appetite statement include quantitative climate metrics, with third-party climate models governed as material controls?
11. Is there a board-approved framework identifying which AI systems are high-risk, with a designated senior manager accountable for AI outcomes?
12. Could every director defend the control effectiveness declaration in a regulator interview tomorrow?

Your Report

Where should we attribute your score?

Your readiness score, three priority gaps, and recommended next step appear on screen immediately. Responses are seen by the principal only; no mailing list, no automated sequence.

Please answer every question and complete the name, email, and organisation fields.

Why these twelve questions

In 2027, FTSE 350 boards sign their first mandatory declarations that material internal controls were effective. Provision 29, DORA, and PRA SS5/25 converge on that signature: a material error in a DORA Register of Information, or an unexamined third-party climate model, is a failure of a material compliance control, whichever team owns it day to day. The twelve questions test the points where that convergence breaks boards in practice.

They are drawn from the gap assessment framework in our briefing UK Governance Compliance in 2026, written from twenty years of CRO and board-level practice across PRA and FCA-supervised institutions. The full evidence base is in the SGaaS white paper.