April 2025 roundup

It has been a hectic few months for our policy and public affairs work, and we are pleased to report on several advocacy successes highlighted in the roundup below.

Questions, Questions, Questions

In February, we held meetings with Mary Glindon MP and Richard Holden MP, the Shadow Paymaster General, who were both interested in hearing our views on the collapse of ISG and audit reform. This follows our letters last November to the Business Secretary and the Chair of the Business and Trade Committee, raising our concerns about the collapse of ISG from an internal audit and governance perspective. As far as we could tell, ISG did not have a proper independent internal audit function when it collapsed, nor did it have an Audit Committee. We also issued a parliamentary briefing on the topic, which garnered interest from several MPs. In response to the collapse, we have called for all government contractors involved in the construction of major public sector infrastructure projects, such as schools, hospitals, and prisons, to be required to have internal audit. This would align with internal audit mandates already in place across the public sector. Following our meetings, we worked with Mary and Richard to table a series of parliamentary questions, which have received responses from Justin Madders MP, the Minister for Employment Rights, Competition, and Markets, who has responsibility for audit and corporate governance.

Building with Internal Audit

Since then, we have received a further letter from the Department for Business and Trade informing us that “the financial resilience of major suppliers to government, including firms working on infrastructure projects, is monitored on an ongoing basis by the Crown Commercial Service, supported by detailed policies and processes set out in the Construction Playbook.” While the Construction Playbook sets out guidance regarding risk management, there is currently nothing about the vital role of internal audit in independently assuring the effectiveness of internal control and risk management frameworks and processes. We have therefore written to the Chief Executive of the Crown Commercial Service to request a meeting to discuss the issues we have raised concerning ISG and to explore opportunities to work with them to ensure the Construction Playbook is updated to include guidance on internal audit. We have also written to the Chairs of the Treasury Select Committee and the Public Accounts Committee, as well as the Financial Reporting Council and the National Audit Office, to inform them of our concerns. Additionally, we continue to liaise with MPs on this issue.

Audit Reform Bill

In March, we met with senior civil servants working on the Audit Reform Bill, announced in the King’s Speech, to outline our views on audit reform and get an update from them on the legislation. We understand the draft Bill is due to be published before the summer parliamentary recess, and it is expected to outline legislative proposals to put the Financial Reporting Council on a statutory footing with new legal powers to hold company directors to account as part of the transition to the new Audit, Reporting and Governance Authority. The legislation is also expected to widen the definition of a Public Interest Entity to encompass the very largest private companies. These are all measures that the Chartered IIA has long supported and that we are keen to see enacted as swiftly as possible.

A Watershed Opportunity for Internal Audit?

In February, following the launch of the Independent Water Commission’s Call for Evidence, we reissued our parliamentary briefing to MPs calling for internal audit to be a regulatory requirement for all water suppliers across England and Wales. Last year, we revealed that at the time of our research, three water companies in the South East of England were operating without any internal audit capability. Furthermore, at present, Ofwat, unlike other regulators such as the Charity Commission, Financial Conduct Authority, Financial Reporting Council, and Ofgem, offers no regulatory guidance on the important role of internal audit. In fact, we cannot find a single reference to internal audit in any Ofwat guidance. Interestingly, in Northern Ireland and Scotland, both of their water companies must have internal audit because they are publicly owned and covered by public sector rules on the need for public bodies to have internal audit. This inconsistency in regulatory approach across the UK is a gap that we believe needs addressing.

We were therefore asked by civil servants at the Department for Environment, Food and Rural Affairs to engage with the Commission on the concerns we have raised with Ofwat regarding the lack of internal audit at several water companies, with a view to the Commission making recommendations to set clear expectations regarding internal audit across the water sector. We are currently finalising our response to the call for evidence, and in April, we held a virtual roundtable discussion with senior internal audit executives from water companies to get the views and insights of our members working in the sector. We also recently met with Matt Rodda MP, who was interested to hear our views and insights on the topic, and has agreed to write to the Commission.

Winning with the Cyber Governance Code

In April, the Department for Science, Innovation and Technology published the Cyber Governance Code of Practice. We are pleased to see that, thanks to our advocacy, the new Code explicitly references internal audit (whereas the previous draft version did not), acknowledging the crucial role it plays in ensuring strong governance of cyber risks and controls. The Code also references the word "assurance" 21 times, indicating a strong focus on assurance overall. Under the dedicated section of the Code on assurance and oversight, the Code recommends boards “Gain assurance that cyber security considerations (including the actions in this code) are integrated and consistent with existing internal and external audit and assurance mechanisms.”

Boosting Internal Audit in Local Government

A few days later, we were delighted when the Ministry for Housing, Communities and Local Government made a clear commitment to strengthening the capability and capacity of internal audit functions in smaller local authorities. This commitment was outlined in the Government’s response to the Local Audit Reform Consultation conducted earlier this year. In our response to this consultation, we emphasised that, alongside addressing issues with external audit, including the local audit backlog, a stronger internal audit profession is vital for enhancing governance across local government. We also highlighted the significant challenges internal audit faces, such as a lack of skills and resources, as underscored by our recent research report, “An Evaluation of the Health of Internal Audit in Local Authorities.” We are therefore pleased to see the Government taking first steps to strengthen the capability and capacity of internal audit across local government in response to the concerns we have raised.

Elevating Standards

We have continued to capitalise on the positive reception received from our members and other stakeholders to our new Internal Audit Code of Practice, which came into force at the start of the year. Our work focuses on raising the profile of the Code amongst board members, regulators, and other stakeholders. In March, this work included writing a blog for the Risk Coalition website, calling on internal audit and risk management to leverage the guidance in the Code and work together to navigate uncertainty.

Driving Growth with Internal Audit: Summer Parliamentary Reception

Finally, in July, we are delighted to announce that we will be staging a Summer Parliamentary Reception hosted by Mary Glindon MP on behalf of the Chartered IIA. The event takes place from 18:30-20:30 on Wednesday 9 July at the House of Commons. Our theme for the evening is “Driving Growth with Internal Audit,” and we are thrilled that Meg Hillier MP, the Chair of the cross-party Treasury Select Committee, has agreed to be one of our speakers. Currently, attendance is only open to members of our Internal Audit Leaders Forum and parliamentarians.

We look forward to updating you on how the event goes, along with all our other policy and public affairs activities, in our next advocacy round-up blog due in July!

Summary of recent press mentions

   ·   Accounting Web
The ups and downs of audit reform 

   ·   Compliance Week
 Experts explain why IIA's new global audit rules will be 'central' to securing high-quality assurance 

   ·    Risk Coalition
Internal audit and risk management must work together to navigate uncertainty 

   ·   The Times
Watchdog investigates auditor over construction firm  ISG’s collapse 

   ·   Caithness Business Index
Business leaders supported to bolster online defences to safeguard growth 

   ·   London Reviews
Business leaders supported to bolster online defences to safeguard growth 

   ·   Payadvice.uk
Business leaders supported to bolster online defences 

   ·   Wired Gov
Business leaders supported to bolster online defences to safeguard growth