ISACA and the Chartered Institute of Internal Auditors (Chartered IIA), have sent a letter to Rt Hon Jonathan Reynolds MP, Secretary of State for Business and Trade, stressing the urgent need for audit reform legislation to boost digital resilience. The letter underlines strong stakeholder support for the Audit Reform and Corporate Governance Bill promised in the King’s Speech last year, but that has yet to be published.
Other signatories include CEO’s from Airmic; CREST; Sheffield University’s Audit Reform Lab; the Chartered Governance Institute, UK & Ireland; CompTIA; IASME Consortium; The National Preparedness Commission; NEDonBoard; and Share Action – alongside Sir Donald Brydon; Rt Hon Baroness Neville-Jones; and Ciaran Martin, former CEO of the NCSC. Dr Vladlena Benson MBE, Professor and Director of the Aston Centre for Cyber Security Innovation; and Adrian Jolly, Co-Founder of the Institute of Corporate Resilience, also signed.
ISACA, the Chartered IIA and signatories are calling for recommendations made by Sir John Kingman in 2018 and Sir Donald Brydon in 2019 to be rapidly implemented, including legislating to give the UK’s audit regulator, the Financial Reporting Council, enhanced powers. The letter also calls for the Government to enact wider reforms, ensuring that the UK’s largest companies are reporting on their resilience against digital as well as financial risks.
The letter stresses that the government is already taking positive steps in the right direction when it comes to improving digital resilience. However, it argues that the UK must go further, faster. The US, EU, and Asia are already advancing similar audit reforms, and unless the UK Government acts, we risk falling behind on investment and digital governance, which has wide ranging economic ramifications.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “Our letter to government stresses that legislation and reform is long overdue. Failure to prioritise audit reforms will have a catastrophic impact on digital resilience leaving our vital infrastructure and businesses vulnerable to regular technological disruptions, including by malicious attacks and threats. This will have major implications for the economy, as well as on privacy and data protection.
“But alongside legislation, we must prioritise skills. The digital sectors including cyber, audit and privacy are plagued by skills gaps and understaffing. In fact, ISACA’s latest State of Cyber study finds that 40% of cyber and IT professionals feel that their job has become more stressful today than it was 5 years ago due to their teams being understaffed. This is having a real impact on businesses’ ability to protect themselves.”
Anne Kiem, Chief Executive at the Chartered IIA, added: “We have witnessed multiple corporate failures connected to audit and governance deficiencies since the collapse of Carillion, with some of these companies completely lacking any internal audit capability. To tackle this, the Government needs to publish the long-awaited Audit Reform Bill and bring forward proposals for larger companies to publish Audit and Assurance Policies and Resilience Statements. This will drive growth and foster responsible risk-taking but also enhance digital resilience in an increasingly digital world.”
This letter comes as bad actors increasingly use emerging technologies to identify vulnerabilities in systems and orchestrate effective attacks. Upcoming research due to be released later this month from ISACA finds that over two-thirds of European IT professionals are worried that quantum computing could break today’s internet encryption before browsers and websites can fully implement new post-quantum cryptography algorithms approved by NIST.
Dimitriadis continued: “Digital transformation – driven by AI and cloud computing, has increased dependence on digital systems. One outage or breach can compromise entire networks, disrupting public services, threatening jobs, and weakening investor confidence. We’ve seen this in high profile cases such as last year’s Crowdstrike outage.
“It’s clear that rapid developments in AI and quantum are creating fresh challenges for digital resilience, highlighting the urgent need to bolster our defences. ISACA are looking forward to working closely with the UK government to build a digitally resilient future.
