The following are selected features published in recent ILC Newsletters, with back issues below Repository_of_GRA_features_in_ILC_Newsletters_2021.pdf. More information on below among other topics can be found in newsletters January - May 2022.
1.UK Dept. of Business, Energy and Industrial Strategy (BEIS) ( published on 31 May 2022, the outcome of its major audit reform consultation -- Restoring trust in audit and corporate governance. With more than 600 responses received (including from ISACA), the outcome proposes improvements in the quality and accuracy of corporate information shared with stakeholders, and reforms in audit and corporate governance. Reforms reflect recommendations of the Kingman, CMA and Brydon reviews and include:
- establishing a new regulator – the Audit, Reporting and Governance Authority (ARGA), to be a more empowered version of the current Financial Reporting Council (FRC), and to use the IESBA International Code of Ethics for Professional Accountants as the basis for enforcement action
- introducing a new statutory regime for the oversight of accountancy
- redefining public interest entities (PIE) so that reforms apply also to large private companies (with more than 750 employees and £750m annual turnover)
- strengthening reporting of company internal controls through the UK Corporate Governance Code
- making directors more accountable for failures in corporate reporting and audit related duties.
Reforms are expected to balance the need for action with time needed for proper preparation, and comprise higher-quality regulation for better markets and improved outcomes as well as lighter touch market-based solutions and non-regulatory options.
2. News from the UK Department for Digital, Culture, Media and Sport (DCMS):
2a) The UK Digital Strategy Policy paper, published 13 June 2022, presents government-wide digital programmes and activities (see Annex) underpinning improvements in the UK’s digital economy:
- foundational infrastructure, data and regulation (eg, on smart data, secure digital identities, National Security and Investment Act, Online Safety Bill, data protection, connected devices)
- innovation and intellectual property
- digital skills and talent, including Global Talent and related visas
- finance for digital growth, eg, through British Business Bank’s initiatives
- technology sector tools and levelling up to support productivity, public services, and climate net zero
- UK influence on global decisions on the digital world.
2b) In benefitting from data for the national interest, the Government is committed to creating a risk management framework to protect the storage and processing infrastructures on which data relies. The Policy paper Data storage and processing infrastructure security and resilience, published 26 May 2022, presents proposals in three areas for which DCMS seeks views by 24 July:
- risks to UK data storage and processing infrastructure
- security and resilience measures in particular for (third-party) data centres
- the customer base of data centre operators, cloud platform providers and Managed Service Providers (MSPs) to inform risk impact assessments.
This Call for views does not include telecommunications infrastructure, already covered by the updated Telecommunications (Security) Act 2021, nor cloud computing services, already regulated by the Networks and Information Systems (NIS) Regulations 2018; a recent consultation considered adding MSPs to the NIS.
2c) The consultation outcome on Embedding standards and pathways across the cyber profession by 2025 was published 20 June 2022. The outcome reported on proposals to develop the cyber security profession and capabilities of the UK Cyber Security Council (CSC) to deliver accordingly, and included progress and challenges on:
- alignment between the Council’s standards and government recruitment, procurement and schemes, such as NCSC’s CCP scheme, as well as internationally given the global nature of cyber security
- launch of associate, principal and chartered standards for 16 cyber specialisms using the Cyber Security Body of Knowledge (CyBOK)
- creation of a career route map
- creation of a voluntary register of individuals accredited at associate, principal and chartered levels.
To learn more about the government response, readers who are not members of the UK CSC are invited to join a public webinar, 12 July 2022, 10am.