The government is under renewed pressure to push ahead with its governance and audit reform plans following years of delays.

An open letter to the business secretary, Jonathan Reynolds, from the Institute of Internal Auditors (IIA), calls for progress on a long-promised bill that would create a new governance and audit regulator with strengthened powers.

The call was prompted by government efforts to introduce a new Cyber Security and Resilience bill. The IIA points out a review of corporate governance in 2019, by Sir Donald Brydon, called for the UK’s corporate risk framework to include digital resilience. The IIA adds it is concerned by speculation of more “delays and dilutions”.

Yet, legislation to act on Sir Donald’s governance recommendations, as well as those of others, has failed to materialise under both the current Labour government and the previous Tory leadership.

“It is vital that, alongside legislating to give the UK’s audit regulator enhanced powers,” the letter says, “your government enacts wider reforms to ensure the UK’s largest companies are reporting on their resilience against digital as well as financial risks.”

The IIA has also called on government to resurrect the introduction of “resilience reporting”, another recommendation of Sir Donald’s. A resilience statement had been earmarked for inclusion as part of UK corporate reporting in 2023, through new regulation. However, the idea was killed off in October under the then Rishi Sunak government, a move that was greeted with criticism from many in the audit sector.

IIA says: “When it comes to the review of non-financial reporting, it is particularly important these reforms take forward Sir Donald’s recommendations that large employers be required to regularly publish resilience statements, addressing short, medium and long-term risks, including cyber and audit and assurance policy statements, explaining their approach to auditing these risks and requiring them to report on their internal auditing and other assurance capabilities.”

Audit and assurance statements were another new reporting requirement killed off in 2023.

The review of audit and governance was launched in 2019 following the collapse of outsourcing giant, Carillion at the end of 2018.

The then Tory government commissioned reviews by the Competition and Markets Authority, Sir Donald Brydon and Sir John Kingman looking at aspects of the audit process, market and regulation.

The biggest recommendation, in the Kingman Review published six years ago, was the creation of a new regulator, the Audit, Reporting and Governance Authority (ARGA), to supersede the Financial Reporting Council (FRC).

ARGA was to have beefed up powers including the ability to sanction company directors for any failure on corporate reporting or audit duties.

The reforms were never fully implemented under the Tories, but after the election last year the new Labour government pledged it would honour continuing concerns with a new bill.

That too has so far failed to materialise though there have been debates in the House of Lords in which members have attempted to pressure government to move ahead. Written questions in the House of Commons by Labour MP Mary Glindon has also produced little additional information.

In a House of Lords debate at the end of March, Labour peer Lord Lemos, asked government ministers: “Despite numerous statements that this is a priority, firm after firm has collapsed, raising new concerns about the adequacy of the UK’s auditing arrangements.

“While it is of course important that we get this right, can my noble friend reassure your Lordships’ House that we will not have to wait another seven years before we make progress?”

Lord Leong, speaking for the government in the Lords, could only say the legislation would appear in “due course”.

Anne Kiem, chief executive at the IIA, says corporate failures connected to audit and assurance failures have continued: “To tackle this, the government needs to publish the long-awaited audit reform bill and bring forward proposals for larger companies to publish audit and assurance policies and resilience statements.

“This will drive growth and foster responsible risk-taking but also enhance digital resilience in an increasingly digital world.”

Perhaps the biggest obstacle for audit reform is the government’s drive to cut regulation as part of its growth agenda. Regulators have been asked to say how they are supporting the government’s aims.

Lord Leong told the Lords: “The new regulator will have additional powers to ensure that directors are held responsible for their fiduciary duties.

“It is important that we get it right and that we consult widely, but, at the same time, we do not want to overburden SMEs and other businesses with the new regulator. We are taking our time to make sure that we get it right.”