Chartered IIA raises concerns about audit deficiencies at energy suppliers

The Chartered Institute of Internal Auditors has this week raised concerns about serious audit and corporate governance shortfalls at regulated energy suppliers.

Ofgem has so far failed to put in place a requirement for all energy suppliers to have an internal audit function, despite dozens of its regulated firms going into administration in the UK.

According to data from Citizen’s Advice, 30 energy suppliers have gone bust since the start of 2021. This includes Bulb, the seventh biggest supplier of energy in the UK, which left over 1.7 million customers in limbo until the company was recently acquired by Octopus Energy.

The Chartered IIA is now urging that Ofgem make it a requirement for energy providers to have an internal audit capability.

In its letter, the institute points out that while energy suppliers are providing an essential public utility, there is still no requirement for them to have an internal audit function, which is vital when it comes to mitigating risk.

The institute's own research suggests that none of the energy providers that have recently been placed into administration had any internal audit capabilities. Whilst the institute does not claim that the absence of an internal audit function was the primary cause of these suppliers going into administration, it does believe it is in the public interest that Ofgem are made aware of how important internal audit is when it comes to reducing risk.

In its open letter to the energy regulator, chief executive Jonathan Brearley, the Chartered IIA’s chief executive John Wood says: “With several energy suppliers going bankrupt, it is possible that they weren't receiving adequate and effective independent assurance on their business-critical risks, such as energy market exposures, financial and liquidity concerns, and so on”.

“Ofgem should consider a more stringent regulatory approach to the audit and corporate governance arrangements for these firms. Other regulators such as the FCA (Financial Conduct Authority) and PRA (Prudential Regulation Authority) require financial services firms to have an internal audit function and it is also mandated across the public sector”.

The letter ends by saying: “it is crucial for Ofgem as a regulator to require energy suppliers to have an internal audit capability as this is essential to strengthening their corporate governance and enhancing their prospects for long-term sustainability.”

    Share Story:


Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023

Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.