The Chartered Institute of Internal Auditors (Chartered IIA) has expressed concerns regarding the lack of internal audit functions within several prominent broadband providers, warning that this could increase the risk of company failures.
In a letter directed to Ofcom’s chief executive, Dame Melanie Dawes, the Chartered IIA has called for the establishment of a “clear expectation” that broadband companies implement internal audit processes to strengthen governance, risk management, and internal controls.
The communication identifies six broadband companies—Community Fibre, Hyperoptic, Utility Warehouse, YouFibre, Glide, and CityFibre—that currently do not have internal audit capabilities.
These companies together cater to around two million customers and, in certain cases, are involved in the construction and maintenance of their own network infrastructures.
The Chartered IIA highlighted the absence of any regulatory framework or guidance from Ofcom that recognises the vital role of internal audit in ensuring effective governance and risk management within the sector.
The letter also draws attention to actions taken by other regulatory bodies. For instance, Ofgem has recently required energy suppliers to disclose their internal audit capabilities in its updated Financial Responsibility Principle Guidance.
The letter concludes: “Setting a clear regulatory expectation for broadband companies to have appropriate internal audit arrangements would strengthen independent oversight of how key risks are managed, improve organisational resilience, build investor confidence, and support the growth of the UK’s digital economy.”
Additionally, both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) have made internal audit a requirement in the financial services industry.
Furthermore, the Independent Water Commission chair Sir Jon Cunliffe recently recommended the dissolution of Ofwat, advocating for improved governance and oversight in the water sector.
In light of these issues, the Chartered IIA has urged Ofcom to take immediate steps to enhance governance and oversight for broadband providers, given their critical role in the UK’s digital infrastructure.
Chartered IIA chief executive Anne Kiem said: “Broadband companies are now essential to daily life and the economy. Yet, nearly half of the UK’s major broadband providers are operating without internal audit.
“This is a serious audit and governance weakness. We’ve seen time and again the damage caused when companies collapse due to failures that might have been prevented with proper internal controls. We cannot afford to make the same mistakes with broadband companies.”
