Table of contents
Prudential standard
3PS 310 Audit and Related Matters
-
Current1 July 2017
Prudential framework pillars
About this standard
This standard requires a level 3 head to appoint an auditor to provide independent advice. Level 3 heads must specify the Appointed Auditor's terms of engagement in a written contract. Level 3 heads must ensure the Appointed Auditor is able to fulfil their responsibilities within specified timeframes.
This standard supports CPS 510 Governance, which is a core standard in the Governance Pillar. It applies to each level 3 head.
Objectives and key requirements of this Prudential Standard
This Prudential Standard requires a Level 3 Head to obtain and make available to APRA independent advice from an auditor relating to the operations, internal controls and information provided to APRA in respect of the Level 3 Head and the Level 3 group.
The ultimate responsibility for providing impartial advice in relation to the operations, financial condition and internal controls of a Level 3 group rests with the Appointed Auditor. This advice is designed to assist the Board of a Level 3 Head and senior management of the Level 3 group in carrying out their responsibility for the sound and prudent management of the group.
The key requirements of this Prudential Standard are that a Level 3 Head must:
- appoint an auditor to undertake the functions set out in this Prudential Standard;
- specify the roles and responsibilities of the Appointed Auditor; and
- ensure that, as appropriate, the Appointed Auditor is able to fulfil its responsibilities in accordance with this Prudential Standard.
The requirements in this Prudential Standard are in addition to the obligations imposed on prudentially regulated institutions under other Prudential Standards.
Preamble
Banking, Insurance and Life Insurance (prudential standard) determination No. 4 of 2016
Prudential Standard 3PS 310 Audit and Related Matters
Banking Act 1959
Insurance Act 1973
Life Insurance Act 1995
I, Wayne Byres, delegate of :
under subsection 11AF(1) of the Banking Act 1959 DETERMINE Prudential Standard 3PS 310 Audit and Related Matters in the form set out in the Schedule, to the extent that it applies to all ADIs and authorised banking NOHCs;
under subsection 32(1) of the Insurance Act 1973 DETERMINE Prudential Standard 3PS 310 Audit and Related Matters in the form set out in the Schedule, to the extent that it applies to all general insurers, authorised insurance NOHCs, and subsidiaries of general insurers and authorised insurance NOHCs; and
under subsection 230A(1) of the Life Insurance Act 1995 DETERMINE Prudential Standard 3PS 310 Audit and Related Matters in the form set out in the Schedule, to the extent that it applies to all life companies, friendly societies, registered life NOHCs, and subsidiaries of life companies and registered life NOHCs.
This instrument commences on 1 July 2017.
Dated: 8 September 2016
[Signed]
Wayne Byres
Chairman
Interpretation
In this Determination:
ADI has the meaning given in section 5 of the Banking Act 1959.
APRA means the Australian Prudential Regulation Authority.
authorised banking NOHC has the meaning given to the expression authorised NOHC in section 5 of the Banking Act 1959.
authorised insurance NOHC has the meaning given to the expression authorised NOHC in subsection 3(1) of the Insurance Act 1973.
friendly society has the meaning given in section 16C of the Life Insurance Act 1995.
general insurer has the meaning given in section 11 of the Insurance Act 1973.
life company has the meaning given in the Schedule to the Life Insurance Act 1995.
registered life NOHC has the meaning given to the expression registered NOHC in the Schedule to the Life Insurance Act 1995.
Schedule
Prudential Standard 3PS 310 Audit and Related Matters comprises the 7 pages commencing on the following page.
Prudential Standard 3PS 310
Audit and Related Matters
Authority
This Prudential Standard is made under:
section 11AF of the Banking Act 1959 (Banking Act);
section 32 of the Insurance Act 1973 (Insurance Act); and
section 230A of the Life Insurance Act 1995 (Life Insurance Act).
In this Prudential Standard, the term ‘Prudential Acts’ is used to refer to the Banking Act, the Insurance Act and the Life Insurance Act.
Application
This Prudential Standard applies to each Level 3 Head.
This Prudential Standard commences on 1 July 2017.
Interpretation
Terms that are defined in Prudential Standard 3PS 001 Definitions appear in bold the first time they are used in this Prudential Standard.
Where this Prudential Standard provides for APRA to exercise a power or discretion, this power or discretion is to be exercised in writing.
APRA
APRA means the Australian Prudential Regulation Authority.
General requirements
For the purposes of this Prudential Standard, a Level 3 Head must appoint a group auditor. This ‘Appointed Auditor’ may be the same auditor who audits a Level 3 Head for the purposes of the Corporations Act 2001. Separate auditors may be appointed to undertake the different engagements provided for in this Prudential Standard. APRA may also require a Level 3 Head to appoint another auditor, in addition to any auditor already appointed by the Level 3 Head, for the purposes of this Prudential Standard.
A Level 3 Head must ensure that the terms of engagement of the Appointed Auditor are set out in writing in a legally binding contract between the Level 3 Head and the Appointed Auditor and that the terms of engagement:
require the Appointed Auditor to fulfil the roles and responsibilities of the Appointed Auditor as specified in this Prudential Standard and in the manner specified in this Prudential Standard; and
require the Appointed Auditor, in meeting its role and responsibilities, to comply with Australian Auditing and Assurance Standards and Guidance issued from time to time by the Auditing and Assurance Standards Board (AUASB) except where:
they are inconsistent with the requirements of this Prudential Standard, in which case this Prudential Standard prevails; or
APRA otherwise specifies to the Level 3 Head that alternative standards and guidance must be used by the Appointed Auditor.
A Level 3 Head must use all reasonable endeavours to ensure the Appointed Auditor complies with the terms of engagement contained in paragraphs 8(a) and 8(b) of this Prudential Standard.
For the purposes of this Prudential Standard, ‘reasonable assurance’ and ‘limited assurance’ have the meanings given in the Framework for Assurance Engagements issued by the AUASB.
The costs of preparing and submitting reports, documents and other material required by this Prudential Standard, whether routine or as part of a special purpose engagement (refer to paragraphs 26 to 31), must be borne by the Level 3 Head.
Persons involved in the provision of information (including the Appointed Auditor, officers and employees of a Level 3 Head and Level 3 institutions in the Level 3 group) must note that it is an offence under subsection 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false and misleading information to a Commonwealth entity such as APRA.
Fitness and propriety of the Appointed Auditor
A Level 3 Head must ensure that its Appointed Auditor:
is a fit and proper person in accordance with the Level 3 Head’s Fit and Proper Policy as required by Prudential Standard CPS 520 Fit and Proper, including those requirements that apply specifically to the auditor;
satisfies the auditor independence requirements in Prudential Standard CPS 510 Governance; and
is not subject to a direction or order issued under the Prudential Acts.
[1]
Such as under subsection 17(2) or 21(1) of the Banking Act, section 49R of the Insurance Act and subsection 230B(2) of the Life Insurance Act.
Responsibilities of a Level 3 Head
A Level 3 Head, if requested by APRA, must within a reasonable time provide APRA with the Appointed Auditor’s terms of engagement and related instructions or correspondence, including management letters.
A Level 3 Head must ensure that the Appointed Auditor has access to all data, information, reports and staff of the Level 3 group that the Appointed Auditor reasonably believes is necessary to fulfil its role and responsibilities under this Prudential Standard. This includes access to the Board and Board Audit Committee of the Level 3 Head, and the auditors of Level 3 institutions in the Level 3 group as required.
A Level 3 Head must ensure that its Appointed Auditor is fully informed of all prudential requirements applicable to the Level 3 Head. Prudential requirements include requirements imposed by the Prudential Acts, regulations, prudential standards, the Financial Sector (Collection of Data) Act 2001 (FSCODA), reporting standards, conditions on authority and any other requirements imposed by APRA in relation to a Level 3 Head. In addition, the Level 3 Head must ensure that the Appointed Auditor is provided with any other information APRA has provided to the Level 3 Head that may assist the Appointed Auditor in fulfilling its role and responsibilities under this Prudential Standard.
A Level 3 Head must ensure that its Board or Board Audit Committee are provided with:
reports provided by the Appointed Auditor in accordance with this Prudential Standard, and any associated assessments and other material provided by an Appointed Auditor to the Level 3 Head on request;
commentary or responses provided by APRA to the Level 3 Head on reports provided by the Appointed Auditor, and any associated assessments and other material; and
any commentary or response on the reports, associated assessments and other material provided by the Appointed Auditor that are given by the Level 3 Head to APRA.
Internal audit
A Level 3 Head must ensure that the scope of its internal audit includes a review of the policies, processes and controls put in place by management to ensure compliance with APRA’s prudential requirements.
A Level 3 Head must allow its internal auditor to be represented in meetings with APRA, the Level 3 Head and its Appointed Auditor.
Meetings with the Appointed Auditor
APRA’s liaison with an Appointed Auditor will normally be conducted under arrangements involving APRA, the Level 3 Head and the Appointed Auditor. APRA and an Appointed Auditor may meet, at any time, on a bilateral basis at the request of either party.
For the purposes of this Prudential Standard, it is the responsibility of an Appointed Auditor to attend all meetings with APRA related to this Prudential Standard, whether:
on a bilateral basis between APRA and the Appointed Auditor;
between APRA, the Level 3 Head and the Appointed Auditor; or
on any other basis which APRA may specify to the Appointed Auditor,
unless APRA indicates otherwise. It is also the responsibility of an Appointed Auditor to supply all information and documents requested by APRA relevant to the Level 3 Head and Level 3 group.
Responsibilities of the Appointed Auditor
It is the responsibility of an Appointed Auditor to submit directly to APRA:
all reports required to be produced under this Prudential Standard; and
all assessments and other material associated with the reports, if requested by APRA.
Such reports, assessments and other material must be prepared by the Appointed Auditor on the basis that APRA may rely upon them in the performance of its functions under the Prudential Acts.
The responsibilities of an Appointed Auditor include an obligation to refrain from notifying the Level 3 Head of, or from providing the Level 3 Head with, the documents referred to in paragraph 22 of this prudential standard, where:
the Appointed Auditor considers that by doing so the interests of depositors, policyholders or RSE beneficiaries of prudentially regulated institutions within the Level 3 group would be jeopardised; or
there is a situation of mistrust between the Appointed Auditor and the Board of the Level 3 Head or senior management of the Level 3 group.
As part of its responsibilities, an Appointed Auditor in preparing reports, whether as part of routine or special purpose engagements (refer to paragraphs 26 to 31), must not place sole reliance on the work performed by APRA.
Reports by the Appointed Auditor
Unless otherwise instructed by APRA, reports, assessments and other material required by this Prudential Standard must make it clear where the Appointed Auditor is referring to matters relating to the Level 3 Head or the Level 3 group.
Routine reports
The responsibilities of the Appointed Auditor include reporting simultaneously (subject to paragraph 23) to APRA and the Board or Board Audit Committee of the Level 3 Head, within three months of the end of the financial year of the Level 3 Head, on:
[2]
For a Level 3 Head that is an ADI or non-operating holding company authorised under the Banking Act that is not a disclosing entity within the meaning of the Corporations Act 2001, the relevant period is four months.
matters relating to APRA data collections; and
internal controls at a Level 3 basis,
as referred to in paragraph 27. For this purpose, ‘APRA data collections’ means any data collected in accordance with FSCODA.
An Appointed Auditor’s responsibilities must specifically include reporting as follows:
APRA data collections
for those collections where the data are sourced only from accounting records – the Appointed Auditor must provide reasonable assurance that the information in these collections at the financial year-end is reliable and in accordance with the relevant prudential standards and reporting standards;
for those collections where the data are sourced only from non-accounting records – unless otherwise indicated by APRA, the Appointed Auditor must provide limited assurance that the information in these collections at the financial year-end is reliable and in accordance with the relevant prudential standards and reporting standards;
[3]
The level of assurance required by this Prudential Standard does not override the assurance requirements for an individual prudentially regulated institution.
for those collections where the data are sourced from a combination of accounting and non-accounting records – unless otherwise indicated by APRA, the Appointed Auditor must provide reasonable assurance for information sourced from accounting records, and limited assurance that information sourced from non-accounting records at the financial year-end is reliable. This must be in accordance with the relevant prudential standards and reporting standards;
[4]
Refer to footnote 3.
Internal controls relating to prudential requirements
an Appointed Auditor must provide limited assurance that the Level 3 Head has controls that are designed to ensure that the Level 3 Head:
has complied with all applicable prudential requirements; and
has provided reliable data to APRA in the reporting forms prepared under FSCODA,
and, in relation to (i) and (ii), the Appointed Auditor must also provide limited assurance that these controls have operated effectively throughout the financial year; and
Compliance with prudential and reporting requirements
a report must take the form of limited assurance, based on the Appointed Auditor’s work in (a) to (d) above, that the Level 3 Head has complied with all relevant prudential and reporting requirements under the Prudential Acts and FSCODA, including compliance with prudential standards and reporting standards during the financial year.
[5]
With respect to any matters of non-compliance, an Appointed Auditor should note section 16BA of the Banking Act, section 49A of the Insurance Act, and section 132A of the Life Insurance Act, which require the auditor to immediately notify APRA of certain matters and to notify APRA as soon as practicable about certain other matters.
The reporting requirements in paragraph 27 only apply to audit engagements undertaken for the purposes of this Prudential Standard. Where an auditor is engaged for the purposes of another Prudential Standard, the engagement must ensure that the requirements of that other Prudential Standard are met.
Special purpose engagements
APRA may require a Level 3 Head to appoint an auditor, who may be the existing Appointed Auditor or another auditor (which may be determined by APRA), to provide a report on a particular aspect of the Level 3 group’s operations, prudential reporting, risk management systems or financial position. Such a report will normally only be required following consultation with the Level 3 Head. APRA may, however, require such a report without prior consultation with the Level 3 Head.
The responsibilities of an Appointed Auditor for a special purpose engagement include an obligation to provide limited assurance on the matters upon which the Appointed Auditor is required to report, unless otherwise determined by APRA and advised to the Level 3 Head.
Under the responsibilities of an Appointed Auditor for a special purpose engagement, the auditor’s report must be submitted within three months of the date of the notice commissioning the report, simultaneously to APRA and to the Board (or Board Audit Committee) of the Level 3 Head, unless otherwise determined by APRA and advised to the Level 3 Head (subject to paragraph 23).
Adjustments and exclusions
APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to the Level 3 Head.
[6]
Refer to subsection 11AF(2) of the Banking Act, subsection 32(3D) of the Insurance Act and subsection 230A(4) of the Life Insurance Act.