The Chartered Institute of Internal Auditors and ISACA have urged the UK secretary of state for business and trade, Jonathan Reynolds, to urgently consider audit reform legislation to boost digital resilience.

The two groups, along with other senior industry figures, are calling for the rapid implementation of recommendations made by John Kingman in 2018 and Donald Brydon in 2019, including legislating to give the UK’s audit regulator, the Financial Reporting Council, enhanced powers. In a letter, the groups also urge the Government to enact wider reforms to ensure that the UK’s largest companies are reporting on their resilience against digital, as well as financial, risks.

Other signatories of the letter include CEOs from Airmic, CREST, Sheffield University’s Audit Reform Lab, the Chartered Governance Institute, CompTIA, IASME Consortium, The National Preparedness Commission, NEDonBoard and Share Action. Also signing in a personal capacity were Donald Brydon, Pauline Neville-Jones, Ciaran Martin (pictured), Dr Vladlena Benson and Adrian Jolly.

While they acknowledge that the Government is already taking steps in the right direction when it comes to improving digital resilience, the groups argue that the UK must go further, faster – or risk falling behind the US, EU, and Asia, where audit reforms are advancing.

Anne Kiem, chief executive at the Chartered IIA, commented: “We have witnessed multiple corporate failures connected to audit and governance deficiencies since the collapse of Carillion, with some of these companies completely lacking any internal audit capability. To tackle this, the Government needs to publish the long-awaited Audit Reform Bill and bring forward proposals for larger companies to publish Audit and Assurance Policies and Resilience Statements. This will drive growth and foster responsible risk-taking but also enhance digital resilience in an increasingly digital world.”

Chris Dimitriadis, chief global strategy officer at ISACA, added: “Our letter to government stresses that legislation and reform is long overdue. Failure to prioritise audit reforms will have a catastrophic impact on digital resilience leaving our vital infrastructure and businesses vulnerable to regular technological disruptions, including by malicious attacks and threats. This will have major implications for the economy, as well as on privacy and data protection.”

---