Chartered IIA and ISACA pen open letter to UK Government urging swift audit reform to build digital resilience

• An influential coalition of CEOs from major organisations, led by the Chartered Institute for Internal Auditors and ISACA, have penned an open letter to the Business Secretary.
• The letter calls for Government to support the UK’s digital resilience through urgent reforms to the UK’s audit and corporate governance regime, amid speculation about delays and dilution.
• Key signatories include the Chartered Governance Institute, CompTIA and the National Preparedness Commission and CREST, alongside high-profile figures such as Sir Donald Brydon, Rt Hon Baroness Neville-Jones and Ciaran Martin, former CEO of the National Cyber Security Centre (NCSC).
• 58% of cyber professionals believe that their organisation will fall victim to a cyber-attack in 2025,1 with UK businesses having already lost over £44 billion to cybercrime in the last five years, underscoring the need for urgent action.

London, 16th April 2025 – the Chartered Institute of Internal Auditors (Chartered IIA) and ISACA, the leading global professional association helping individuals and organisations in their pursuit of digital trust, have sent a letter to Rt Hon Jonathan Reynolds MP, Secretary of State for Business and Trade, stressing the urgent need for audit reform legislation to boost digital resilience. The letter underlines strong stakeholder support for the Audit Reform and Corporate Governance Bill promised in the King’s Speech last year, but that has yet to be published.

Other signatories include CEO’s from Airmic, CREST, Sheffield University’s Audit Reform Lab, the Chartered Governance Institute, CompTIA, IASME Consortium, The National Preparedness Commission, NEDonBoard and Share Action - alongside Sir Donald Brydon, Rt Hon Baroness Neville-Jones and Ciaran Martin, former CEO of the NCSC. Dr Vladlena Benson MBE, Professor and Director of the Aston Centre for Cyber Security Innovation, and Adrian Jolly, Co-Founder of the Institute of Corporate Resilience, also signed.

The Chartered IIA, ISACA and signatories are calling for recommendations made by Sir John Kingman in 2018 and Sir Donald Brydon in 2019 to be rapidly implemented, including legislating to give the UK’s audit regulator, the Financial Reporting Council, enhanced powers. The letter also calls for the Government to enact wider reforms, ensuring that the UK’s largest companies are reporting on their resilience against digital as well as financial risks.

The letter stresses that the government is already taking positive steps in the right direction when it comes to improving digital resilience. However, it argues that the UK must go further, faster. The US, EU, and Asia are already advancing similar audit reforms, and unless the UK Government acts, we risk falling behind on investment and digital governance, which has wide ranging economic ramifications.

Anne Kiem, Chief Executive at the Chartered IIA, said: “We have witnessed multiple corporate failures connected to audit and governance deficiencies since the collapse of Carillion, with some of these companies completely lacking any internal audit capability. To tackle this, the Government needs to publish the long-awaited Audit Reform Bill and bring forward proposals for larger companies to publish Audit and Assurance Policies and Resilience Statements. This will drive growth and foster responsible risk-taking but also enhance digital resilience in an increasingly digital world.”

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, added: “Our letter to government stresses that legislation and reform is long overdue. Failure to prioritise audit reforms will have a catastrophic impact on digital resilience leaving our vital infrastructure and businesses vulnerable to regular technological disruptions, including by malicious attacks and threats. This will have major implications for the economy, as well as on privacy and data protection.

“But alongside legislation, we must prioritise skills. The digital sectors including cyber, audit and privacy are plagued by skills gaps and understaffing. In fact, ISACA’s latest State of Cyber study finds that 40% of cyber and IT professionals feel that their job has become more stressful today than it was 5 years ago due to their teams being understaffed. This is having a real impact on businesses’ ability to protect themselves.”

This letter comes as bad actors increasingly use emerging technologies to identify vulnerabilities in systems and orchestrate effective attacks. Upcoming research due to be released later this month from ISACA finds that over two-thirds of European IT professionals are worried that quantum computing could break today’s internet encryption before browsers and websites can fully implement new post-quantum cryptography algorithms approved by NIST.

Dimitriadis continued: “Digital transformation – driven by AI and cloud computing, has increased dependence on digital systems. One outage or breach can compromise entire networks, disrupting public services, threatening jobs, and weakening investor confidence. We’ve seen this in high profile cases such as last year’s Crowdstrike outage.

“It's clear that rapid developments in AI and quantum are creating fresh challenges for digital resilience, highlighting the urgent need to bolster our defences. ISACA are looking forward to working closely with the UK government to build a digitally resilient future.”

FOR MORE INFORMATION / FURTHER COMMENT CALL GAVIN HAYES ON +447900 195591

Notes to editors

Download the full letter and list of signatories by clicking here.

About Chartered Institute of Internal Auditors

The Chartered Institute of Internal Auditors (Chartered IIA) is the professional body dedicated exclusively to championing and supporting the vital work of internal auditors in the UK and Ireland since 1948. It is the leading voice for over 10,000 internal audit professionals in organisations spanning all sectors of the economy. The Chartered IIA champions and promotes the valuable contribution its members make to good corporate governance, strong risk management processes and a rigorous internal control environment, ensuring the long-term success of all organisations.

About ISACA

ISACA® (www.isaca.org) champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.

State of Cybersecurity – research methodology

On May 3, 2024, an online survey was sent to approximately 39,000 ISACA members and non-members, globally, holding a CISM certification OR having “security” in their job title, asking their opinions on the state of cybersecurity within their organization. As this respondent pool is comprised entirely of ISACA members or ISACA certification holders, within limited geographies and industries, it should not be interpreted to represent the entire IT Security population. 1,868 respondents completed the entire survey, with a margin of error of +/- 2 points at the 95% confidence level. Note that response rates vary by question.