Prudential standard

HPS 310 Audit and Related Matters

  • Private health insurance
  • Current
    1 July 2023
Prudential framework pillars
Governance
Audit
Supporting

About this standard

This standard requires a private health insurer to appoint an auditor to provide independent advice. Private health insurers must ensure the Appointed Auditor is able to fulfil their responsibilities within specified timeframes.

This standard supports CPS 510 Governance, which is a core standard in the Governance Pillar. It applies to all private health insurers.

Objectives and key requirements of this Prudential Standard

This Prudential Standard establishes requirements for the provision, to the Board and senior management of a , of independent advice in relation to the operations, financial position and risk controls of the business operations of the private health insurer. This independent advice is designed to assist the Board and senior management in carrying out their responsibilities for the sound and prudent management of the business operations of the private health insurer.
This Prudential Standard outlines the roles and responsibilities that a private health insurer must require of its Appointed Auditor. It also outlines the obligations of a private health insurer to make arrangements to enable its Appointed Auditor to fulfil his or her responsibilities.
The key requirements of this Prudential Standard, are that a private health insurer:
  • must appoint an auditor (Appointed Auditor);
  • must make arrangements to enable its Appointed Auditor to undertake his or her responsibilities to audit the financial statements and annual information required by APRA in relation to a private health insurer, and to review other aspects of that private health insurer, (including special purpose engagements) and provide a report to the private health insurer regarding such reviews;
  • must submit to APRA all reports required to be prepared by its Appointed Auditor including the Appointed Auditor’s report or a special purpose report by an agreed auditor engaged to prepare a such a report, as required under this Prudential Standard; and
  • will facilitate APRA liaison with an Appointed Auditor if required.
private health insurer
private health insurer has the meaning given in section 4 of the PHIPS Act.
Preamble

Health Insurance (prudential standard) determination No. 8 of 2023

Prudential Standard HPS 310 Audit and Related Matters

Private Health Insurance (Prudential Supervision) Act 2015
I, Helen Rowell, a delegate of :
under subsection 92(5) of the Private Health Insurance (Prudential Supervision) Act 2015 (the PHIPS Act) revoke Health Insurance (prudential standard) determination No. 1 of 2019, including Prudential Standard HPS 310 Audit and Related Matters made under that Determination; and
under subsection 92(1) of the PHIPS Act determine Prudential Standard HPS 310 Audit and Related Matters, in the form set out in the Schedule, which applies to all private health insurers.
This instrument commences on 1 July 2023.
Dated: 24 May 2023
[Signed]
Helen Rowell
Deputy Chair

Interpretation

In this instrument:
APRA means the Australian Prudential Regulation Authority.
private health insurer has the meaning given in section 4 of the PHIPS Act.

Schedule

Prudential Standard HPS 310 Audit and Related Matters, comprises the document commencing on the following page.

Prudential Standard HPS 310

Audit and Related Matters

Authority

This Prudential Standard is made under subsection 92(1) of the Private Health Insurance (Prudential Supervision) Act 2015 (the Act).

Application and commencement

This Prudential Standard applies to all operations and activities of private health insurers registered under the Act.
All private health insurers must comply with this Prudential Standard in its entirety, unless otherwise expressly indicated.
This Prudential Standard applies to private health insurers from 1 July 2023.

Interpretation

Terms that are defined in Prudential Standard HPS 001 Definitions appear in bold the first time they are used in this Prudential Standard.
APRA
APRA means the Australian Prudential Regulation Authority.

Obligations of a private health insurer – Auditor appointment

For the purposes of this Prudential Standard, a private health insurer must appoint an auditor (the Appointed Auditor).
A private health insurer must ensure the terms of engagement of the Appointed Auditor are set out in a legally binding contract between the private health insurer and the Appointed Auditor, including requirements that:
the Appointed Auditor fulfils the roles and responsibilities of the Appointed Auditor as specified in this Prudential Standard and in the manner specified in this Prudential Standard;
the Appointed Auditor, in meeting its role and responsibilities to comply with the relevant Standards and Guidance issued from time to time by the AUASB (AUASB standards and guidance) to the extent they are not inconsistent with this Prudential Standard. If they are inconsistent:
this Prudential Standard prevails; or
APRA may notify the private health insurer, in writing, that alternative standards and guidance must be used by the Appointed Auditor.
A private health insurer must ensure its Appointed Auditor has access to all relevant data, information, reports and staff of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities. This will include access to the private health insurer’s Board, Board Audit Committee and Internal Auditors, and any information APRA has provided to the private health insurer, as required.
A private health insurer must take all reasonable steps or make necessary arrangements to ensure its Appointed Auditor has access to contractors of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities.

Obligations of a private health insurer – fitness and propriety

A private health insurer must ensure that its Appointed Auditor:
is a fit and proper person in accordance with the private health insurer’s fit and proper policy as required by Prudential Standard CPS 520 Fit and Proper, including those requirements that apply specifically to the Appointed Auditor; and
satisfies the Auditor independence requirements in Prudential Standard CPS 510 Governance; and
satisfies the eligibility and independence criteria in the Corporations Act 2001.

Appointed Auditor’s report

A private health insurer must engage the Appointed Auditor to prepare an annual report that at a minimum, must address:
reasonable assurance regarding:
the annual financial statements of the private health insurer prepared in accordance with relevant Australian Accounting Standards issued by the Australian Accounting Standards Board (AASB);
the annual information, relating to the private health insurer, required under the reporting standards made by APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) that are identified in Table 1 of Attachment A as requiring reasonable assurance;
the quarterly information, relating to the private health insurer, required under the reporting standards made by APRA under FSCODA that are identified in Table 2 of Attachment A as requiring reasonable assurance; and
limited assurance regarding:
the annual information, relating to the private health insurer, required under the reporting standards made by APRA under FSCODA that are identified in Attachment A as requiring limited assurance; and
the private health insurer’s systems, procedures and internal controls that are designed to ensure that the private health insurer has complied with all applicable prudential requirements are adequate, has operated effectively throughout the year of income, and has provided reliable data to APRA as required under the reporting standards prepared under FSCODA (including those provided quarterly and semi-annually, except those listed in Table 2 of Attachment A).
For the purposes of this Prudential Standard, ‘reasonable assurance’ and ‘limited assurance’ are defined in accordance with the Framework for Assurance Engagements issued by the AUASB.
A private health insurer must ensure that the Appointed Auditor, when preparing a report or assessment required under this Prudential Standard (whether as part of routine or special purpose engagement):
does so on the basis that APRA may rely upon the report in the performance of its functions under the Act; and
exercises independent judgement and not place sole reliance on the work performed by APRA.
A private health insurer must ensure its Appointed Auditor, or an auditor appointed under paragraph 21 (special purpose engagement auditor), retains all working papers and other documentation in relation to the prudential requirements of the private health insurer for a period of seven years from the date of the report to which the working papers or documentation relate. Where requested to do so in writing by APRA, the private health insurer must direct the auditor to provide the working papers and other documentation to APRA.

Obligations of a private health insurer – Auditor’s report

A private health insurer must submit the Appointed Auditor’s report to APRA, addressing matters referred to in paragraph 11, within three months after the end of the year of income to which the report relates.
The private health insurer must ensure that the Appointed Auditor provides the Appointed Auditor’s report to the Board of the private health insurer within sufficient time to enable the private health insurer to submit the report to APRA, as specified in paragraph 15.
A private health insurer, if requested by APRA, must within a reasonable time provide APRA with the terms of engagement, other instructions to, or correspondence with the Appointed Auditor, including management letters, that may have a bearing on:
the scope or conduct of the work undertaken by the Appointed Auditor in accordance with this Prudential Standard; and
the form, content (including findings made or opinions expressed by the Appointed Auditor) or coverage of the reports provided by the Appointed Auditor in accordance with this Prudential Standard.

Other responsibilities of the private health insurer

APRA liaison with an Appointed Auditor will normally be conducted under tripartite arrangements involving APRA, the private health insurer and the Appointed Auditor. Notwithstanding the tripartite relationship, a private health insurer must ensure that the Appointed Auditor is not prevented from meeting with APRA on a bilateral basis if requested by either party.
Persons involved in the provision of information should note that it is a serious offence under subsection 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false or misleading documents or information to a Commonwealth entity such as APRA.

Special purpose engagements

APRA may require the private health insurer, by notice in writing, to engage its Appointed Auditor to:
undertake a special purpose engagement relating to matters set out in writing by APRA relating to the private health insurer’s operations, risk management or financial affairs; and
prepare a report in respect of that engagement.
A private health insurer may engage an auditor other than the Auditor appointed under paragraph 6 to conduct a special purpose engagement, but only where this is agreed to by APRA and the Auditor satisfies the criteria set out in paragraph 10.
A private health insurer must require an auditor appointed for a special purpose engagement to address limited assurance on the matters upon which the auditor is required to report unless otherwise determined by APRA and advised to the private health insurer in writing.
A private health insurer must require an auditor appointed for a special purpose engagement to submit, within three months of the date of the notice commissioning the report, an auditor’s report simultaneously to APRA and to the Board of the private health insurer, unless otherwise determined by APRA.
A private health insurer must require an auditor appointed for a special purpose engagement to modify the report referred to in paragraph 22 for breaches relating to the matters upon which the Auditor is required to report which, in the Auditor’s professional opinion, are material. In forming an opinion as to whether a breach is material, the private health insurer must require the auditor to have regard to relevant AUASB standards and guidance.
The cost of a special purpose engagement will be borne by the private health insurer.

Adjustments and exclusions

APRA may, by notice in writing to a private health insurer, adjust or exclude a specific requirement in this Prudential Standard in relation to that private health insurer.

Previous exercise of discretion

A private health insurer must contact APRA if it seeks to place reliance, for the purposes of complying with this Prudential Standard, on a previous exemption or other exercise of discretion made by APRA under a previous Prudential Standard.

Attachment A

The Auditor must provide assurance on the data provided to APRA in the forms as listed below, or as instructed by APRA from time to time.
APRA determined these forms in reporting standards made under FSCODA.

Table 1 – Auditable annual returns

 
Reporting Standard Name
Reporting Standard Number
Level of Assurance
1
Regulatory Income Statement Supplementary Information
HRS 101.0
Reasonable
2
Forecasts and Targets
HRS 104.0
Limited
3
Claims
HRS 109.0
Reasonable
4
Prescribed Capital Amount
HRS 110.0
Reasonable
5
Adjustments and Exclusions
HRS 111.0
Reasonable
6
Determination of Capital Base
HRS 112.0
Reasonable
7
Related Party Exposures
HRS 112.3
Reasonable
8
Asset Risk Charge
HRS 114.0
Reasonable
9
Insurance Risk Charge
HRS 115.0
Reasonable
10
Asset Concentration Risk Charge
HRS 117.0
Reasonable
11
Operational Risk Charge
HRS 118.0
Reasonable
12
Statement of Financial Position
HRS 300.0
Reasonable
13
Statement of Profit and Loss and Other Comprehensive Income
HRS 310.0
Reasonable
14
Liability Roll Forwards
HRS 320.0
Reasonable
[1]
Reasonable Assurance is defined in the Framework for Assurance Engagements issued by the AUASB.

Table 2 – Quarterly returns requiring reasonable assurance

 
Reporting Standard Name
Reporting Standard Number
Level of Assurance
1
Statistical Data by State
HRS 601.1
Reasonable