An RSE licensee must appoint an RSE auditor for each RSE within the RSE licensee’s business operations.[3] 

Where an RSE licensee is a member of a group[4], the auditor engaged by that group may also be appointed as the RSE auditor provided that auditor meets all relevant requirements of this Prudential Standard, Prudential Standard SPS 510 Governance (SPS 510) and, if applicable, Part 2M.4 of the Corporations Act 2001 (Corporations Act).[5]

An RSE licensee must ensure that the terms of engagement of the RSE auditor are set out in a legally binding contract between the RSE licensee and the RSE auditor. The RSE auditor must comply with terms of engagement that:

require the RSE auditor to fulfil the roles and responsibilities of the RSE auditor in the manner specified in this Prudential Standard;

require the RSE auditor, in meeting their role and responsibilities, to comply with relevant standards and guidance statements issued by the Auditing and Assurance Standards Board (AUASB) (relevant AUASB standards and guidance); and

refer the RSE auditor to the relevant provisions in the SIS Act and the Corporations Act.[6]

An RSE licensee must use all reasonable endeavours to:

ensure that the RSE auditor complies with the terms of engagement referred to in paragraph 10; and

assist the RSE auditor in being fully informed of all prudential requirements applicable to the RSE licensee.[7] 

An RSE licensee must ensure that the RSE auditor has access to all data, information, reports and staff in respect of the RSE licensee’s business operations that the RSE auditor reasonably believes necessary to fulfil their role and responsibilities under the SIS Act, the Corporations Act (if applicable) and this Prudential Standard. This must include access to the Board of the RSE licensee (the Board)[8], Board Audit Committee, internal auditor(s) and any information APRA has provided to the RSE licensee, as required by the RSE auditor.

As applicable, an RSE licensee must ensure that an individual RSE auditor or a lead auditor[9]:

is not disqualified under section 130D of the SIS Act;

satisfies the eligibility criteria in Prudential Standard SPS 520 Fit and Proper (SPS 520);

is a fit and proper person in accordance with the RSE licensee’s Fit and Proper Policy as required by SPS 520; and

satisfies the auditor independence requirements in SPS 510.

As applicable, an RSE licensee must ensure that an RSE audit firm or an RSE audit company[10]:

is not disqualified under section 130EA of the SIS Act; and

satisfies the independence requirements in SPS 510.

An RSE licensee must ensure that the RSE auditor provides a report to the Board on the audit of the operations of each RSE within the RSE licensee’s business operations, for each year of income, that complies with this Prudential Standard (refer to paragraph 22). The auditor’s report must cover the operations of the RSE licensee in respect of that RSE to the extent required to provide the assurances specified in paragraph 22.

An RSE licensee, other than an RSE licensee of a small APRA fund (SAF), may lodge the auditor’s report required under paragraph 22 with ASIC, together with the report lodged with ASIC in accordance with section 319 of the Corporations Act.[11] The APRA and ASIC components of the auditor’s report may be contained in a single document. Alternatively, the RSE licensee must lodge the report required under paragraph 22 with APRA within three months after the end of the year of income to which the report relates. An RSE licensee of a SAF must submit the auditor’s report required under paragraph 22 to APRA within three months after the end of the year of income to which the report relates.

An RSE licensee must ensure that the auditor’s report is completed in respect of the RSE’s whole year of income, even if the RSE was transferred, in whole or in part, to the RSE licensee from another RSE licensee during that year of income.

If an RSE was wound up during the year of income to which the report relates, an RSE licensee must ensure that the auditor’s report covers the period from the start of the RSE’s year of income to the date the RSE was wound up and is completed no later than within three months after the end of the year of income to which the report relates.

Subject to paragraph 20, where an RSE licensee has more than one RSE within its business operations, the RSE licensee must ensure that the RSE auditor(s) completes a separate auditor’s report in respect of each RSE.

An RSE licensee may engage an RSE auditor to prepare a single auditor’s report covering some or all of any SAFs within its business operations, provided that:

the RSE licensee, consistent with its obligations under the SIS Act, the governing rules and Prudential Standard SPS 220 Risk Management (SPS 220), is satisfied that its risk management strategy adequately covers each of the SAFs covered by the single auditor’s report;

the auditor’s report is unmodified;

each SAF has been individually audited in accordance with relevant AUASB standards and guidance; and

the RSE licensee provides APRA with a listing of the SAFs covered by the single auditor’s report.

Where an RSE licensee is part of a group and the RSE auditor audits other entities in the group, to the extent that the auditor’s report relates to the RSE licensee itself, an RSE auditor may prepare that part of the auditor’s report (and any other documents required to be provided or maintained under this Prudential Standard) on whichever of the following bases the RSE auditor considers appropriate:

both the RSE licensee and the group, provided it is clear where the RSE auditor is referring to matters relating to the RSE licensee or the group; or

the RSE licensee on a standalone basis, separate to the group.

The auditor’s report, which must be prepared by the RSE auditor, must, at a minimum, provide:

reasonable assurance addressing:

the information, relating to each RSE, required under the reporting standards made by APRA under the Financial Sector (Collection of Data) Act 2001 (FSCOD Act) that are identified in Attachment A as requiring reasonable assurance;

compliance with the legislative provisions that are identified in Attachment B and any additional conditions APRA has imposed on the RSE licensee’s RSE licence under section 29EA of the SIS Act; and

the annual financial statements for each RSE that is a SAF, prepared in accordance with relevant Australian Accounting Standards issued by the Australian Accounting Standards Board; and

limited assurance addressing:

the information, relating to each RSE, required under the reporting standards made by APRA under the FSCOD Act that are identified in Attachment A as requiring limited assurance;

the RSE licensee’s systems, procedures and internal controls that are designed to ensure that the RSE licensee has complied with all applicable prudential requirements, has provided reliable data to APRA as required under the reporting standards made under the FSCOD Act, and has operated effectively throughout the year of income; and

the RSE licensee’s compliance with its risk management framework required under SPS 220.

For the purposes of this Prudential Standard, ‘reasonable assurance’ and ‘limited assurance’ are defined in accordance with relevant AUASB standards and guidance.

An RSE auditor must modify the opinion contained in the auditor’s report for breaches of any laws specified in paragraph 22 which, in the RSE auditor’s professional opinion, are material. In forming an opinion as to whether a breach is material, the RSE auditor must refer to relevant AUASB standards and guidance.

When preparing a report required under the SIS Act or this Prudential Standard (whether as part of a routine or special purpose engagement), an RSE auditor must:

do so on the basis that APRA may rely upon the report in the performance of its functions under the SIS Act; and

exercise independent judgement and not place sole reliance on work performed by APRA.

An RSE auditor must retain all working papers and other documentation in relation to an engagement under this Prudential Standard for a period of at least seven years after the end of year of income.[12] APRA may require the RSE auditor to provide the working papers and other documentation to APRA.

An RSE licensee must bear the costs of preparing and submitting reports, documents and other material required by this Prudential Standard.

An RSE licensee must facilitate meeting arrangements requested by APRA, including ensuring attendance by the individual RSE auditor or lead auditor, the internal auditor (where applicable) and, where an RSE licensee is part of a group, responsible persons from the head entity of the group.

APRA may require an RSE licensee to engage an auditor, who may be the existing RSE auditor or another auditor as specified by APRA, to provide a report on a particular aspect of the RSE licensee’s business operations, compliance with prudential requirements or the RSE licensee’s risk management framework.

An auditor engaged for a special purpose engagement must provide limited assurance on the matters upon which the auditor is required to report unless otherwise determined by APRA and advised to the RSE licensee in writing.

Unless otherwise determined by APRA, an auditor engaged for a special purpose engagement must submit, within three months of the date of the notice commissioning the report, the auditor’s report simultaneously to APRA and to the Board.

An auditor must modify the report referred to in paragraph 28 for breaches of laws relating to the matters upon which the auditor is required to report which, in the auditor’s professional opinion, are material. In forming an opinion as to whether a breach is material, the auditor must refer to relevant AUASB standards and guidance.

Subject to paragraph 2 of this Attachment, for the purposes of paragraph 22(a)(i) and 22(b)(i) of this Prudential Standard, the auditor’s report must address the information in the following reporting standards on the basis specified below in relation to each listed reporting standard[13]:

In place of the reporting standards listed in this attachment, the auditor’s report for an RSE that has wound up must address the information in Reporting Standard SRS 602.0 Wind-up (SRS 602.0), plus the information in the additional reporting standards identified in SRS 602.0, on a reasonable assurance basis.

For the purposes of paragraph 22(a)(ii) of this Prudential Standard, the auditor’s report must address compliance, at a reasonable assurance level, with the following legislative provisions, to the extent that the provisions are applicable to the RSE licensee’s business operations:

sections 29VA, 35A, 65, 66, 67, 95, 97, 98, 99F, 101, 105, 106, 109, 117, 154 and 155(2) of the SIS Act;

regulations 3.10, 5.08, 6.17, 7.04, 7.05, 9.09, 9.14, 13.14, 13.17 and 13.17A of the Superannuation Industry (Supervision) Regulations 1994;

sections 1012B, 1012F, 1012H(2), 1017B(1), 1017B(5), 1017D(1), 1017D(3A), 1017E(2), 1017E(3) and 1017E(4) of the Corporations Act; and

regulations 7.9.07R, 7.9.07S, 7.9.07T, 7.9.07V and 7.9.07W of the Corporations Regulations 2001.