New research has revealed that six of the UK’s thirteen major broadband providers currently operate without internal audit, and that without independent assurance on internal controls and risk management, these companies could be more vulnerable to collapse.
The Chartered Institute of Internal Auditors (Chartered IIA) has issued a stark warning to Ofcom, highlighting that these companies could collapse in a similar way to the energy sector where none of the 30 failed suppliers had internal audit.
Amid growing concerns about the financial health of some broadband providers, the Chartered Institute of Internal Auditors has written an open letter to Ofcom Chief Executive Dame Melanie Dawes, urging the regulator to introduce a clear expectation for broadband companies to have internal audit to ensure robust governance, risk management, and internal controls.
The letter highlights six major broadband companies that currently operate without internal audit.
These companies collectively serve around two million customers and, in some cases, build and maintain their own infrastructure networks.
In June, it was reported that one of these companies operating without internal audit has entered talks about a rescue deal to avoid a cash crunch — raising questions about its financial controls and whether the board is receiving sufficient independent assurance around capital, liquidity, and cash flow risks.
Anne Kiem OBE, Chief Executive of the Chartered IIA, said: “Nearly half of the UK’s major broadband providers are operating without internal audit, and this is a serious audit and governance weakness.
“We’ve seen time and again the damage caused when companies collapse due to failures that might have been prevented with proper internal controls. We cannot afford to make the same mistakes with broadband companies.”
The Chartered IIA notes in its letter that there is currently no regulatory requirement or guidance from Ofcom that reflects the critical role of internal audit in ensuring effective governance, internal control, and risk management.
The letter draws comparisons with other regulators that have acted decisively. Ofgem now requires energy suppliers to report on their internal audit capability in its updated Financial Responsibility Principle Guidance, while the Prudential Regulation Authority and the Financial Conduct Authority mandate internal audit in financial services.
Meanwhile, only last month, Sir Jon Cunliffe, Chair of the Independent Water Commission, recommended the abolition of Ofwat, calling for stronger governance and oversight across the water sector. The Chartered IIA argues that Ofcom should now take urgent action to bolster governance and oversight for broadband companies, given their strategic importance to the UK’s digital economy.
The letter concludes: “Setting a clear regulatory expectation for broadband companies to have appropriate internal audit arrangements would strengthen independent oversight of how key risks are managed, improve organisational resilience, build investor confidence, and support the growth of the UK’s digital economy.”
