Prudential standard

GPS 310 Audit and Related Matters

  • General insurance
  • Current
    1 July 2019
Prudential framework pillars
Governance
Audit
Supporting

About this standard

This standard requires a general insurer or level 2 insurance group to enable the Appointed Auditor to fulfil its legal responsibilities. General insurers and level 2 insurance groups must ensure the Appointed Auditor is able to fulfil their responsibilities within specified timeframes.

This standard supports CPS 510 Governance, which is a core standard in the Governance Pillar. It applies to all general insurers and level 2 insurance groups.

Objective and key requirements of this Prudential Standard

This Prudential Standard sets out the roles and responsibilities of a general insurer’s and Level 2 insurance group’s Appointed Auditor and Group Auditor (Auditor). It also sets out the obligations of a general insurer or Level 2 insurance group to make arrangements to enable its Auditor to fulfil their responsibilities.
The ultimate responsibility for providing impartial advice in relation to the operations, financial condition and internal controls of a general insurer or Level 2 insurance group rests with the Auditor. This advice is designed to assist the Board and senior management in carrying out their responsibility for the sound and prudent management of the general insurer or Level 2 insurance group.
The key requirements of this Prudential Standard are that:
  • the general insurer or Level 2 insurance group must make arrangements to enable the Auditor to undertake their roles and responsibilities;
  • the Auditor must prepare the certificates and reports required in accordance with the requirements of and timeframes specified in this Prudential Standard;
  • the general insurer or Level 2 insurance group must submit to APRA all certificates and reports to be prepared by the Auditor;
  • the Appointed Auditor must audit the yearly statutory accounts of the general insurer and review other aspects of their operations on an annual basis. The Appointed Auditor must prepare a certificate and report on these matters and provide them to the Board;
  • the Group Auditor must conduct a limited assurance review of the annual accounts of the Level 2 insurance group on an annual basis and review other aspects of the group’s operations; and
  • the general insurer or Level 2 insurance group must submit a Financial Information Declaration to APRA on an annual basis.
Preamble

Insurance (prudential standard) determination No. 9 of 2019

Prudential Standard GPS 310 Audit and Related Matters

Insurance Act 1973
I, Pat Brennan, delegate of :
under subsection 32(4) of the Insurance Act 1973 (the Act) REVOKE Insurance (prudential standard) determination No. 5 of 2014, including Prudential Standard GPS 310 Audit and Related Matters, made under that Determination; and
under subsection 32(1) of the Act DETERMINE Prudential Standard GPS 310 Audit and Related Matters, in the form set out in the Schedule, which applies to:
all general insurers and authorised NOHCs; and
a subsidiary of a or , where that is a of a .
This instrument takes effect on 1 July 2019.
Dated: 17 April 2019
[Signed]
Pat Brennan
Executive General Manager
Policy and Advice Division

Interpretation

In this Determination:
APRA means the Australian Prudential Regulation Authority.
authorised NOHC has the meaning given in section 3 of the Act.
general insurer has the meaning given in section 11 of the Act.
Level 2 insurance group has the meaning given in Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018 or, if that prudential standard is revoked, the meaning given in the replacement prudential standard.
parent entity has the meaning given in Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018 or, if that prudential standard is revoked, the meaning given in the replacement prudential standard.
replacement prudential standard means any prudential standard made under section 32 of the Act which replaces Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018.
subsidiary has the meaning given in Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018 or, if that prudential standard is revoked, the meaning given in the replacement prudential standard.

Schedule

Prudential Standard GPS 310 Audit and Related Matters comprises the 16 pages commencing on the following page

Prudential Standard GPS 310

Audit and Related Matters

Authority

This Prudential Standard is made under section 32 of the Insurance Act 1973 (the Act) and includes a determination made under subsection 7(1) of the Act.

Application

This Prudential Standard applies to each:
general insurer authorised under the Act (insurer); and
Level 2 insurance group as defined in Prudential Standard GPS 001 Definitions (GPS 001).
Where a requirement applies to a Level 2 insurance group, the requirement is imposed on the parent entity of the Level 2 insurance group.
This Prudential Standard includes requirements that apply to all auditors appointed under the Act. These requirements are functions of an auditor for the purposes of paragraph 49J(1)(b) of the Act.
This Prudential Standard applies to insurers and Level 2 insurance groups (regulated institutions) from 1 July 2019.

Level 2 insurance groups

Paragraphs 8 to 36 and Attachment A apply to insurers only. Paragraphs 37, 38 and Attachment D apply to all regulated institutions. Attachment B (read in conjunction with Attachment C) sets out the requirements for Level 2 insurance groups, including the requirement to appoint a Group Auditor.

Interpretation

Terms that are defined in GPS 001 appear in bold the first time they are used in this Prudential Standard.
Where this Prudential Standard provides for APRA to exercise a power or discretion, this power or discretion is to be exercised in writing.
APRA
APRA means the Australian Prudential Regulation Authority.
general insurer
general insurer has the meaning given in section 11 of the Act.
authorised NOHC
authorised NOHC has the meaning given in section 3 of the Act.
subsidiary
subsidiary has the meaning given in Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018 or, if that prudential standard is revoked, the meaning given in the replacement prudential standard.
parent entity
parent entity has the meaning given in Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018 or, if that prudential standard is revoked, the meaning given in the replacement prudential standard.
Level 2 insurance group
Level 2 insurance group has the meaning given in Prudential Standard GPS 001 Definitions made by Insurance (prudential standard) determination No. 2 of 2018 or, if that prudential standard is revoked, the meaning given in the replacement prudential standard.

Obligations of an insurer

Under the Act, an insurer must appoint an auditor (Appointed Auditor).
[1]
Refer to section 39 of the Act.
Under the Act, APRA may exempt an insurer from the requirement to appoint an Appointed Auditor.
[2]
  Refer to paragraph 7(1)(c) of the Act.
An insurer must make arrangements that are necessary to enable its Appointed Auditor to undertake their functions as required by the Act and prudential standards made under the Act. These arrangements include ensuring that an insurer’s Appointed Auditor is fully informed of all prudential requirements applicable to the insurer. These arrangements also include ensuring that an insurer’s Appointed Auditor is provided with any other information that:
[3]
  Refer to section 49J of the Act.
APRA has provided to the insurer and may assist the Appointed Auditor in performing their duties; and
has been requested by the Appointed Auditor in performing their duties.
An insurer must ensure that its Appointed Auditor has access to all relevant data, information, reports and staff of the insurer (and must take all reasonable steps to ensure access to contractors of the insurer) that its Appointed Auditor reasonably believes are necessary to fulfil their responsibilities. This will include access to the insurer’s Board and Board committees, if any.
Under the Act, an insurer must submit to APRA all certificates and reports required to be prepared by its Appointed Auditor. An insurer must submit to APRA:
[4]
  Refer to section 49L of the Act.
certificates and reports, other than those relating to a special purpose review, on or before the day that the insurer’s yearly statutory accounts are submitted in accordance with reporting standards made under the Financial Sector (Collection of Data) Act 2001 (Collection of Data Act); and
[5]
This Prudential Standard sets out further detail regarding these certificates and reports.
certificates and reports relating to a special purpose review within the time specified in paragraph 21.
An insurer must provide to APRA an annual declaration on financial information (Financial Information Declaration) as set out in Attachment D.

Roles and responsibilities of the Appointed Auditor

In addition to and without derogation from the role of an Appointed Auditor as provided for under the Act, an Appointed Auditor’s primary roles are to provide:
[6]
Refer to section 49J of the Act.
an independent and objective view on the truth and fairness of the insurer’s financial statements; and
an assessment of the insurer’s systems, procedures and controls used to address compliance with prudential requirements and for the purposes of producing reliable financial data.
An insurer may also seek the advice of its Appointed Auditor in relation to other matters where the insurer considers this to be appropriate.
The Appointed Auditor must:
audit the yearly statutory accounts of the insurer; and
provide a certificate to the insurer relating to the yearly statutory accounts. The certificate must fulfil the requirements set out in paragraphs 29 to 33.
[7]
Refer to paragraph 49J(1)(a) and subsection 49J(3) of the Act.
[8]
Refer to subsection 49(J)(3) of the Act.
The Appointed Auditor must:
on an annual basis, review and test the insurer’s systems, processes, and controls designed to:
address compliance with all prudential requirements; and
enable the insurer to report reliable financial information to APRA; and
perform such other work as necessary to fulfil the Appointed Auditor’s responsibilities under this Prudential Standard.
The Appointed Auditor must provide a report to the insurer relating to the findings of this review. The report must meet the requirements set out in paragraphs 34 to 36.
[9]
Refer to paragraph 49J(1)(c) of the Act.
[10]
  Refer to subsection 49J(4) of the Act.
The Appointed Auditor must provide the certificate and the report to the insurer within such time as to enable the insurer to provide the certificate and the report to APRA on or before the day that the insurer’s yearly statutory accounts are required to be given to APRA in accordance with reporting standards made under the Collection of Data Act.
[11]
Refer to paragraphs 49L(1)(a) and (aa) of the Act.

Special purpose review

When APRA specifies in writing, an Appointed Auditor must:
undertake a special purpose review of matters specified by APRA relating to the insurer’s operations, risk management or financial affairs; and
prepare a report in respect of that review.
[12]
  Refer to paragraphs 49J(1)(b) and (c), and subsection 49J(4) of the Act.
The review must be completed in accordance with any relevant professional standards and guidance notes (as appropriate to the nature of the special purpose review), to the extent that they are not inconsistent with the requirements of this Prudential Standard. Where APRA considers, having regard to the nature of the insurer’s operations and the purpose of the special purpose review, that the review should not be completed in accordance with those professional standards and guidance notes, APRA may advise the insurer in writing that an alternative standard must be used.
The cost of a special purpose review will be borne by the insurer. The Appointed Auditor must submit the report to APRA and the insurer simultaneously within three months of the review being commissioned, unless APRA grants an extension of time in writing.

Non-routine reporting by Appointed Auditors

The Act specifies certain circumstances where Appointed Auditors are required to report to APRA on a non-routine basis. This may be where:
[13]
  Refer to sections 49 and 49A of the Act for details of these requirements. See also section 49B of the Act in relation to voluntary reporting.
APRA requests specific information; or
where an Appointed Auditor has information that is specified in the Act or that they consider would assist APRA in performing its functions.
APRA may require an Appointed Auditor to provide information, or to produce books, accounts or documents, about an insurer if it will assist APRA in performing its functions under the Act. To ensure that an Appointed Auditor is able to comply with any such request from APRA, the Appointed Auditor must retain all working papers and other documentation in relation to the insurer for a period of seven years after the date of the report or certificate to which the working papers or documentation relate, as required under the Corporations Act 2001.
[14]
Refer to section 49 of the Act.
[15]
  Refer to section 307B, Corporations Act 2001 for further requirements in relation to audit working papers.
In assessing whether the interests of policyholders may be materially prejudiced, an Appointed Auditor must not consider a single activity or a single deficiency only in isolation. Policyholder interests may be materially prejudiced by a number of activities or deficiencies that may not individually result in a material threat to policyholder interests but, when considered in total, do amount to a material threat. In such cases, the Appointed Auditor must provide such information to APRA as required under the Act if they have reasonable grounds for believing that the interests of policyholders may be materially prejudiced.
[16]
  Within the meaning of paragraph 49A(2)(d) of the Act.
[17]
Refer to subsection 49A(2) of the Act.
In most cases, matters reported to APRA by an Appointed Auditor should also be reported by that person to the insurer to which the matter relates. An Appointed Auditor must not notify the insurer where:
[18]
Note the operation of section 38E of the Act in relation to disclosure of certain information to directors and officers of the insurer.
that person considers that, by doing so, the interests of policyholders would be jeopardised; or
there is a situation of mistrust between the Appointed Auditor and the Board or senior management of the insurer.
An Appointed Auditor who is required to provide information to APRA on a non-routine basis is not excused from such a requirement on the ground that doing so would tend to incriminate them or make them liable to a penalty. Certain protection is provided under the Act to Appointed Auditors who supply information to APRA in these circumstances.
[19]
  Refer to sections 49 or 49A of the Act.
[20]
Refer to subsection 38F(1) of the Act.
[21]
  Refer to section127B of the Act.

Meetings with Appointed Auditors

APRA liaison with an Appointed Auditor will normally be conducted under trilateral arrangements involving:
APRA;
the insurer; and
the insurer’s Appointed Auditor.
Any one of these parties may initiate a meeting or discussion when the party considers it necessary. Notwithstanding the trilateral relationship, APRA and an insurer’s Appointed Auditor may meet on a bilateral basis where either party considers this to be necessary.

Audit certificate and report

As required under the Act, an insurer’s Appointed Auditor must:
prepare a certificate relating to the insurer’s yearly statutory accounts on an annual basis; and
provide that certificate to the insurer within the time specified in paragraph 18.
[22]
  Refer to subsection 49J(3) of the Act.
The certificate must be:
addressed to the Board of the insurer; and
provide the Appointed Auditor’s opinion in respect of the insurer’s yearly statutory accounts.
In preparing the certificate, the Appointed Auditor must have regard to relevant professional standards and guidance notes issued by the Auditing and Assurance Standards Board (AUASB), to the extent that they are not inconsistent with the requirements of this Prudential Standard.
The certificate must specify whether, in the Appointed Auditor’s opinion, the yearly statutory accounts of the insurer present a true and fair view of the results of the insurer’s operations for the year and financial position at year end, in accordance with:
the provisions of the Act and prudential standards, the Collection of Data Act and reporting standards; and
to the extent that they do not specify any requirements that conflict with the aforementioned:
Australian Accounting Standards; and
other mandatory professional reporting requirements in Australia.
Where, for reasons beyond their control, the Appointed Auditor is unable to provide a certificate that complies with paragraph 32 (for example, if there are accounting records that have not been appropriately kept, transactions that appear irregular or that have not been accurately or properly recorded, requests for information and explanation that have not been met, or aspects of the accounts that do not represent a true and fair view of the transactions and financial position), the certificate must be qualified and contain details of these matters.
An Appointed Auditor must prepare a report on an annual basis and provide that report to the insurer by the time specified in paragraph 18. The report must:
[23]
  Refer to paragraph 49J(1)(c), subsection 49J(4) and paragraph 49L(1)(aa) of the Act.
be addressed to the Board of the insurer; and
provide the Appointed Auditor’s opinion on a range of matters.
In preparing the report, the Appointed Auditor must have regard to professional standards and guidance notes issued by the AUASB, to the extent that they are not inconsistent with the requirements of this Prudential Standard. The Appointed Auditor must base this report on at least a limited assurance engagement.
The Appointed Auditor must specify in the report the results of their investigations, including the matters listed in Attachment A.

Adjustments and exclusions

APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to a regulated institution.

Determinations made under previous prudential standards

An exercise of APRA’s discretion under a previous version of an audit prudential standard continues to have effect under this Prudential Standard. 
[24]
Reliance on an exercise of APRA’s discretion with respect to actuarial matters under a previous version of Prudential Standard GPS 310 Audit and Actuarial Valuation and Reporting is captured in Prudential Standard CPS 320 Actuarial and Related Matters.

Attachment A - Matters to be addressed in an Appointed Auditor’s report

For the purposes of paragraph 36 of this Prudential Standard, the Appointed Auditor’s report must address whether:
there exist systems, procedures and controls that are kept up-to-date and address compliance with all prudential requirements. If the Appointed Auditor is of the opinion that the insurer does not have such systems, procedures and controls, it must specify in the report the reasons for this opinion;
systems, procedures and controls relating to actuarial data integrity and financial reporting risks (the risks that incorrect source data will be used in completing returns to APRA in accordance with the Collection of Data Act) are adequate and effective;
during the course of testing the insurer’s systems, procedures and controls, instances of non-compliance with prudential requirements have been identified. If so, details are to be provided;
the insurer has complied, in all significant respects, with its Risk Management Strategy (RMS) and Reinsurance Management Strategy (ReMS). If the Appointed Auditor is of the opinion that the insurer has not complied with its RMS and ReMS, it must specify in the report the reasons for this opinion;
the insurer has systems, procedures and controls in place to ensure that reliable statistical and financial data are provided to APRA in the quarterly returns required by reporting standards made under the Collection of Data Act. If the Appointed Auditor is of the opinion that the insurer does not have such systems, procedures and controls, it must specify in the report the reasons for this opinion; and
there are matters that have come to the Appointed Auditor’s attention that will, or are likely to, adversely affect the interests of policyholders of the insurer. If so, the Appointed Auditor must provide details in the report.

Attachment B - Level 2 insurance groups

Appointment of a Group Auditor

The parent entity of a Level 2 insurance group must appoint a Group Auditor. The Group Auditor of a Level 2 insurance group must be one of the following persons:
the Appointed Auditor of the parent entity where the parent entity is an insurer;
[25]
Note that the Appointed Auditor must meet fit and proper criteria under Prudential Standard CPS 520 Fit and Proper (CPS 520).
the Appointed Auditor of an APRA-authorised insurer within the group; or
[26]
Note that the Appointed Auditor must meet fit and proper criteria under CPS 520.
a responsible auditor of the parent entity where the parent entity is an authorised NOHC.
[27]
As defined in CPS 520. Note that the responsible auditor must meet fit and proper criteria under CPS 520.
In addition to the fit and proper criteria that the Group Auditor is required to meet under Prudential Standard CPS 520 Fit and Proper (CPS 520), the parent entity of a Level 2 insurance group must ensure that the Group Auditor is not:
the Group Actuary;
the actuary of an entity within the group carrying on insurance business;
an employee or director of the entity of which a person referred to in sub- paragraph (a) or (b) is an employee or director; or
a partner of a person referred to in sub-paragraph (a) or (b).
The parent entity of a Level 2 insurance group must also ensure that its Group Auditor meets the independence requirements applicable to an Appointed Auditor under Prudential Standard CPS 510 Governance (CPS 510). 
[28]
In particular, under CPS 510 read with this paragraph, the Group Auditor of a Level 2 insurance group cannot also be employed by a related body corporate or by related firms.

Role of Group Auditor

The parent entity of a Level 2 insurance group must ensure that its Group Auditor:
conducts a limited assurance review of the group’s annual accounts;
[29]
For the purposes of the limited assurance review in Attachment B and Attachment C of this Prudential Standard, a Level 2 insurance group’s annual accounts comprise the reporting documents in respect of the Level 2 insurance group’s financial year that are required to be prepared by the parent entity of the group in compliance with reporting standards made under the Collection of Data Act but excluding the reporting documents required to be prepared under Reporting Standard GRS 460.0_G Reinsurance Assets by Counterparty (Level 2 Insurance Group) and Reporting Standard GRS 460.1_G Exposure Analysis by Reinsurance Counterparty (Level 2 Insurance Group).
performs for the group the functions of a Group Auditor set out in this Prudential Standard and any other prudential standard; and
prepares, and gives to the group, any reports required to be prepared by the Group Auditor under this Prudential Standard.
The parent entity of a Level 2 insurance group must:
ensure that the reports required to be prepared by the Group Auditor deal with all the matters required by this Prudential Standard to be dealt with in the reports; and
lodge with APRA the reports required to be prepared by its Group Auditor under this Prudential Standard.

Obligations of a Level 2 insurance group

The parent entity of a Level 2 insurance group must make any arrangements necessary to enable its Group Auditor to undertake their functions as required by this Prudential Standard. These arrangements include ensuring that its Group Auditor is fully informed of material prudential requirements applicable to the group. These arrangements also include ensuring that its Group Auditor is provided with any other information that:
APRA has provided to the group and may assist the Group Auditor in performing their duties; and
has been requested by the Group Auditor in performing their duties.
The parent entity of a Level 2 insurance group must ensure that its Group Auditor has access to all relevant data, information, reports and staff of the group (and must take all reasonable steps to ensure access to contractors of the group) that its Group Auditor reasonably believes are necessary to fulfil their responsibilities. This will include access to:
the Board of the parent entity of the group;
the Board committees of the parent entity, if any;
the Board of any other entity within the group; and
the Board committees, if any, of any other entity within the group.
The parent entity of a Level 2 insurance group must submit to APRA:
reports, other than those relating to a special purpose review, on or before the day that the group’s annual accounts are to be lodged in accordance with reporting standards made under the Collection of Data Act; and
[30]
This Prudential Standard sets out further detail regarding these reports.
reports relating to a special purpose review within the time specified in paragraph 16 of this Attachment.
A Level 2 insurance group must provide to APRA an annual declaration on financial information as set out in Attachment D.

Roles and responsibilities of the Group Auditor

A Group Auditor’s primary roles are to provide:
an independent and objective view of the truth and fairness of the group’s annual accounts required by reporting standards made under the Collection of Data Act; and
an assessment of the group’s systems, procedures and controls used to address compliance with prudential requirements and for the purposes of producing reliable financial data.
A Level 2 insurance group may also seek the advice of its Group Auditor in relation to other matters where the group considers this to be appropriate.
The parent entity of a Level 2 insurance group must ensure that its Group Auditor:
conducts a limited assurance review of the annual accounts of the group;
on an annual basis, reviews and tests the group’s systems, processes and controls designed to:
address compliance with all prudential requirements; and
enable the group to report reliable financial information to APRA; and
performs such other work as necessary to fulfil the Group Auditor’s responsibilities under this Prudential Standard.
The parent entity of a Level 2 insurance group must ensure that its Group Auditor provides a report to the group relating to the findings of the limited assurance review. This report must meet the requirements set out in paragraphs 21 to 23 of this Attachment.
The parent entity of a Level 2 insurance group must ensure that its Group Auditor provides the limited assurance review report to the group within such time as to enable the group to provide the report to APRA on or before the day that the Level 2 insurance group’s annual accounts are submitted in accordance with the Collection of Data Act.

Special purpose review

When APRA specifies in writing, a Group Auditor must:
undertake a special purpose review of matters specified by APRA relating to the Level 2 insurance group’s operations, risk management or financial affairs; and
prepare a report in respect of that review.
[31]
  Refer to paragraphs 49J(1)(b) and (c), subsection 49J(4), paragraphs 49K(1)(a) and (b), and subsection 49K(3) of the Act.
The review must be completed in accordance with any relevant professional standards and guidance notes (as appropriate to the nature of the special purpose review), to the extent that they are not inconsistent with the requirements of this Prudential Standard. Where APRA considers, having regard to the nature of the Level 2 insurance group’s operations and the purpose of the special purpose review, that the review should not be completed in accordance with those professional standards and guidance notes, APRA may advise the Level 2 insurance group in writing that an alternative standard must be used.
The cost of a special purpose review will be borne by the Level 2 insurance group. The Group Auditor must submit the report to APRA and the insurer simultaneously within three months of the review being commissioned, unless APRA grants an extension of time in writing.

Non-routine reporting by Group Auditors

The parent entity of a Level 2 insurance group must ensure that its Group Auditor reports to APRA on a non-routine basis where APRA requests specific information or where the Group Auditor has information that they consider would assist APRA in performing its functions.
[32]
Also note that Part IV Division 2 of the Act sets out the duties of auditors and actuaries of insurers, authorised NOHCs or subsidiaries to give information to APRA.
If APRA requests information or documents from the Group Auditor, the parent entity of the Level 2 insurance group must ensure that such information or documents are provided to APRA.

Meetings with Group Auditors

APRA liaison with a Group Auditor is normally conducted under trilateral arrangements involving:
APRA;
the Level 2 insurance group; and
the Group Auditor.
Any one of these parties may initiate a meeting or discussion when the party considers it necessary. Notwithstanding the trilateral relationship, APRA and a Group Auditor may meet on a bilateral basis where either party considers this to be necessary.

Limited assurance review report

The parent entity of a Level 2 insurance group must ensure that its Group Auditor prepares a report on an annual basis and provides that report to the group by the time specified in paragraph 13 of this Attachment. The report must:
be addressed to the Board of the parent entity of the group; and
provide the Group Auditor’s opinion on a range of matters.
Preparation of the report must be consistent with professional standards and guidance notes issued by the Auditing and Assurance Standards Board as may be amended from time to time, to the extent that they are not inconsistent with the requirements of this Prudential Standard. The parent entity of a Level 2 insurance group must ensure that its Group Auditor bases this report on at least a limited assurance engagement.
The parent entity of a Level 2 insurance group must ensure that its Group Auditor specifies in the report the results of their investigations, including the matters listed at Attachment C.

Engagement of the Group Auditor

Where this Prudential Standard requires the parent entity of a Level 2 insurance group to ensure that its Group Auditor performs a particular task or service or complies with a certain prudential requirement, the parent entity of a Level 2 insurance group must ensure that the contract engaging the Group Auditor includes a term requiring the Group Auditor to perform the task or service or comply with that requirement.

Attachment C - Matters to be addressed in a limited assurance review report

For the purposes of paragraph 23 of Attachment B, the Group Auditor’s report must address whether:
there is evidence to suggest that the returns provided to APRA in accordance with the Collection of Data Act do not present a fair view of the financial position of the Level 2 insurance group;
there exist systems, procedures and controls that are kept up-to-date and address compliance with all prudential requirements. If the Group Auditor is of the opinion that the group does not have such systems, procedures and controls, it must specify in the report the reasons for this opinion;
systems, procedures and controls relating to actuarial data integrity and financial reporting risks (the risks that incorrect source data will be used in completing returns to APRA in accordance with the Collection of Data Act) are adequate and effective;
during the course of testing the group’s systems, procedures and controls, instances of non-compliance with prudential requirements have been identified. If so, details are to be provided;
the group has complied, in all significant respects, with its Risk Management Strategy (RMS) and Reinsurance Management Strategy (ReMS). If the Group Auditor is of the opinion that the Level 2 insurance group has not complied with its RMS and ReMS, it must specify in the report the reasons for this opinion;
the group has systems, procedures and controls in place to ensure that reliable statistical and financial data are provided to APRA in the semi-annual returns required by reporting standards made under the Collection of Data Act. If the Group Auditor is of the opinion that the group does not have such systems, procedures and controls, it must specify in the report the reasons for this opinion; and
there are matters which have come to the Group Auditor’s attention that will, or are likely to, adversely affect the interests of policyholders of the group. If so, the Group Auditor must provide details in the report.

Attachment D - Financial Information Declaration

A regulated institution must provide to APRA a declaration on financial information (Financial Information Declaration) signed by:
the chief executive officer (CEO) (by whatever name called, or for a Category C insurer, the local equivalent); and
the chief financial officer (CFO) (by whatever name called, or for a Category C insurer, the local equivalent).
This declaration is set out in paragraph 2 of this Attachment. Where the CEO and the CFO are the same person, the Financial Information Declaration must be signed by that person and another person to be agreed upon with APRA.
The CEO and the CFO must (by the time provided for in paragraph 3 of this Attachment) provide APRA with a Financial Information Declaration, signed by both of them, stating that for the last financial year, to the best of their knowledge and belief having made appropriate enquiries:
[33]
As per paragraph 1 of this Attachment, where the CEO and the CFO are the same person, the Financial Information Declaration must be signed by that person and another person to be agreed upon with APRA.
the financial information that the regulated institution has lodged with APRA has been prepared in accordance with the Act, Regulations, prudential standards, the Collection of Data Act, accounting standards and other mandatory professional reporting requirements in Australia, to the extent that the accounting standards and professional reporting requirements do not contain any requirements contrary to the aforementioned legislative and prudential requirements;
the information provided to the auditor and Appointed Actuary for the purpose of enabling them to undertake their roles and responsibilities is accurate and complete, consistent with the accounting records of the regulated institution, and a true representation of the transactions for the year and the financial position of the regulated institution; and
[34]
  Refer to the Act and this Prudential Standard for the roles and responsibilities of auditors; and Prudential Standard CPS 320 Actuarial and Related Matters for the roles and responsibilities of Appointed Actuaries.
the financial information lodged with APRA is accurate and complete, consistent with the accounting records of the regulated institution, and represents a true and fair view of the transactions for the year and the financial position of the regulated institution.
The Financial Information Declaration must be submitted to APRA on, or before, the day that the insurer’s yearly statutory accounts or Level 2 insurance group’s annual accounts (as appropriate) are required to be submitted to APRA in accordance with reporting standards made under the Collection of Data Act.
If the CEO or CFO qualifies the Financial Information Declaration, the qualified Declaration must include a description of the cause and circumstances of the qualification, and steps taken, or proposed to be taken, to remedy the problem.
Open official version