Advocacy Round-up: January 2026

Over the past quarter, Chartered IIA has stepped up its advocacy, championing robust payment practices, smarter use of data analytics within the public sector to combat fraud and error, and stronger assurance across the UK’s digital infrastructure. 
From influencing parliamentary debate to responding to major consultations, we’re ensuring boards, audit committees and policymakers recognise the value of internal audit. Here’s a quick round‑up of where we’ve moved the dial and what’s next in 2026.

 

Strengthening Payment Practices Through Internal Audit

In October, we submitted our response to the Department for Business and Trade’s consultation on tackling late payments. The consultation proposes greater oversight and responsibility for Audit Committees in monitoring and improving payment practices and associated reporting.

In our response, we emphasised the vital role of internal audit in supporting boards, including Audit Committees, by providing assurance around payment practices to support tackling late payments. Appropriately resourced and independent internal audit functions can add significant value in this space. 

Internal audit can also help identify systemic issues, such as cultural attitudes toward suppliers or weak dispute-handling processes, that may not be visible from metrics alone.

Our response was informed by insights from senior internal audit executives across sectors who attended a virtual roundtable we organised. As one Chief Audit Executive noted: 
“If audit committees are required to make statements on payment practices, they will almost certainly want some independent assurance on this—it would come to us [internal audit]. This is bread-and-butter internal audit work.” 

 

Using Data Analytics to Tackle Public Sector Fraud and Error

In December, we submitted our response to the Public Accounts Committee Inquiry on the use of data analytics to address error and fraud. Our submission highlights how internal audit within the public sector is helping departments use data analytics to prevent and detect fraud and error, thereby improving value for money for taxpayers.

It draws on evidence from the Chartered IIA’s work on internal audit and data analytics in both the public and private sectors, as well as insights from the Government Internal Audit Agency (GIAA). We plan to continue engaging with the Public Accounts Committee on this topic in the months ahead.

 

Why Broadband Providers Need Internal Audit Functions

In December, we issued our latest Parliamentary Briefing ‘Securing the Digital Economy: The Case for Stronger Internal Audit Requirements for Broadband Providers’ to MPs and Peers. The briefing highlights our research, which revealed that six of the thirteen largest broadband providers in the UK currently operate without an internal audit function.

Without internal audit capabilities, boards may lack the independent and objective assurance they need to ensure governance, risk management, and internal control arrangements are working effectively. In a sector underpinning so many aspects of daily life and business, weaknesses in these areas could lead to operational failures, security breaches, and widespread disruption.

The briefing resonated strongly with parliamentarians. As a result, we have worked with Helen Morgan MP, Baroness Margaret Ritchie, and Lord Godfrey Cromwell to table parliamentary questions in both the House of Commons and House of Lords.

In response to questions tabled by Baroness Ritchie, the Telecoms Minister stated: “We recently held a public consultation on proposed updates to the Telecommunications Security Code of Practice, which provides guidance on how public telecoms providers can meet their statutory requirements to secure their networks and services. These include requirements relating to reviews, governance and board responsibilities. Ofcom monitors and enforces these requirements. In response to the consultation, the Chartered Institute of Internal Auditors raised the matter of independent assurance arrangements. We are now carefully reviewing all feedback to the consultation to ensure that any updates to the Code of Practice are appropriate and proportionate.”

We will continue to work closely with parliamentarians and the Minister on these matters.

 

Embedding Internal Audit in the Telecommunications Security Code

Linked to our work on broadband providers’ internal audit capabilities, in October we submitted a response to the Department for Science, Innovation and Technology’s consultation on the Telecommunications Security Code.

Currently, the Code includes dedicated sections on Governance and Reviews; however, it does not reference the critical role of internal audit in providing assurance over telecommunications security risks. We have therefore proposed several sensible amendments to embed internal audit’s role within the Code.

In December, we met with senior officials at the Department for Science and Technology to discuss our response. We continue to engage with officials on these matters.

 

What’s Next for Internal Audit Advocacy in 2026

As the risk landscape evolves, the need for the independent, evidence-based assurance that internal audit provides has never been greater. We’ll continue working with members, government and regulators to embed internal audit where it matters most, share practical insights, and secure policy wins that improve governance and value for money. If you’d like to contribute views, case studies or sector intelligence to our advocacy, please get in touch! Your expertise and insights can help shape the agenda in 2026.

 

Highlights of recent press coverage      

  • NEDonBoard - What the Internal Audit Code of Practice means for NEDs 
  • Board Agenda - Cybersecurity ‘is a boardroom issue’
  • Accountancy Today - Chartered IIA calls for skills investment and audit reform in Autumn Budget
  • Accountancy Today - Chartered IIA calls for stronger governance rules in telecoms security code
  • ISP Preview - Internal Auditors Seek Greater UK Telecoms Role via New Security Code
  • Compliance Week - U.K. Cyber Security and Resilience bill set to regulate critical infrastructure suppliers
  • The Accountant - Audit Reform and Corporate Governance bill: reinforcing an urgent need for action
  • Board Agenda - UK government will not yet draft audit reform bill
  • Board Agenda - Are you ready for 2026? 


About Us
Quick Links
Contact