Their belief is probably that there's an application that somehow needs something non-Internet Explorer, but it (wrongly) needs to be locked to the version that the vendor shipped it with. Preventing web browser updates is dangerous because these policies are actively preventing security updates from being distributed to the client. IMO, forcing users to stick to one version of a browser is a) lame and b) dangerous.
One great tool is Active Directory Group Policy. Corporate IT departments love locking down workstations.