Federal Register of Legislation - Australian Government

Primary content

Determinations/Prudential as made
This instrument determines the Prudential Standard HPS 310 Audit and Related Matters.
Administered by: Treasury
Registered 29 Apr 2019
Tabling HistoryDate
Tabled Senate02-Jul-2019
Tabled HR02-Jul-2019

Health Insurance (prudential standard) determination No. 1 of 2019

Prudential Standard HPS 310 Audit and Related Matters

Private Health Insurance (Prudential Supervision) Act 2015

I, Pat Brennan, delegate of APRA:

 

a)      under subsection 92(5) of the Private Health Insurance (Prudential Supervision) Act 2015 (the Act) REVOKE Health Insurance (prudential standard) determination No. 1 of 2018, including Prudential Standard HPS 310 Audit and Related Matters made under that determination; and

 

b)      under subsection 92(1) of the Act DETERMINE Prudential Standard HPS 310 Audit and Related Matters, in the form set out in the Schedule, which applies to all private health insurers.

 

This instrument commences on 1 July 2019.

 

Dated: 17 April 2019

 

 

[Signed]

 

 

Pat Brennan

 

Executive General Manager

Policy and Advice Division

 

 

 

 

 


Interpretation

In this Determination:

APRA means the Australian Prudential Regulation Authority.

private health insurer has the same meaning as in the Act.  

Schedule

 

Prudential Standard HPS 310 Audit and Related Matters comprises the following 7 pages


 
Prudential Standard HPS 310

Audit and Related Matters

Objectives and key requirements of this Prudential Standard

This Prudential Standard establishes requirements for the provision, to the Board and senior management of a private health insurer, of independent advice in relation to the operations, financial position and risk controls of the business operations of the private health insurer. This independent advice is designed to assist the Board and senior management in carrying out their responsibilities for the sound and prudent management of the business operations of the private health insurer.

This Prudential Standard outlines the roles and responsibilities that a private health insurer must require of its Appointed Auditor. It also outlines the obligations of a private health insurer to make arrangements to enable its Appointed Auditor to fulfil his or her responsibilities.

The key requirements of this Prudential Standard, are that a private health insurer:

·                must appoint an auditor (Appointed Auditor);

·                must make arrangements to enable its Appointed Auditor to undertake his or her responsibilities to audit the financial statements and annual information required by APRA in relation to a private health insurer, and to review other aspects of that private health insurer, (including special purpose engagements) and provide a report to the private health insurer regarding such reviews;

·                must submit to APRA all reports required to be prepared by its Appointed Auditor including the Appointed Auditor’s report or a special purpose report by an agreed auditor engaged to prepare a such a report, as required under this Prudential Standard; and

·                will facilitate APRA liaison with an Appointed Auditor if required.


 

Authority

1.             This Prudential Standard is made under paragraph 92(1) of the Private Health Insurance (Prudential Supervision) Act 2015 (the Act). 

Application

2.             This Prudential Standard applies to all operations and activities of private health insurers registered under the Act.[1] 

3.             All private health insurers must comply with this Prudential Standard in its entirety, unless otherwise expressly indicated.

4.             This Prudential Standard commences on 1 July 2019.

Interpretation

5.             Terms that are defined in Prudential Standard HPS 001 Definitions appear in bold the first time they are used in this Prudential Standard.

Obligations of a private health insurer – Auditor appointment

6.             For the purposes of this Prudential Standard, a private health insurer must appoint an auditor (the Appointed Auditor).

7.             A private health insurer must ensure the terms of engagement of the Appointed Auditor are set out in a legally binding contract between the private health insurer and the Appointed Auditor, including requirements that:

(a)           the Appointed Auditor fulfils the roles and responsibilities of the Appointed Auditor as specified in this Prudential Standard and in the manner specified in this Prudential Standard;

(b)          the Appointed Auditor, in meeting its role and responsibilities to comply with the relevant Standards and Guidance issued from time to time by the AUASB (AUASB standards and guidance) to the extent they are not inconsistent with this Prudential Standard. If they are inconsistent:

(i)            this Prudential Standard prevails; or

(ii)          APRA may notify the private health insurer, in writing, that alternative standards and guidance must be used by the Appointed Auditor.

8.             A private health insurer must ensure its Appointed Auditor has access to all relevant data, information, reports and staff of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities. This will include access to the private health insurer’s Board, Board Audit Committee and Internal Auditors, and any information APRA has provided to the private health insurer, as required.

9.             A private health insurer must take all reasonable steps or make necessary arrangements to ensure its Appointed Auditor has access to contractors of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities.

Obligations of a private health insurer – fitness and propriety

10.         A private health insurer must ensure that its Appointed Auditor:

(a)           is a fit and proper person in accordance with the private health insurer’s fit and proper policy as required by Prudential Standard CPS 520 Fit and Proper, including those requirements that apply specifically to the Appointed Auditor; and

(b)          satisfies the Auditor independence requirements in Prudential Standard CPS 510 Governance; and

(c)           satisfies the eligibility and independence criteria in the Corporations Act 2001.

Appointed Auditor’s report

11.         A private health insurer must engage the Appointed Auditor to prepare an annual report that at a minimum, must address:

(a)           reasonable assurance regarding:

(i)            the annual financial statements of the private health insurer prepared in accordance with relevant Australian Accounting Standards issued by the Australian Accounting Standards Board (AASB);

(ii)          the annual information, relating to the private health insurer, required under the reporting standards made by APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) that are identified in Attachment A as requiring reasonable assurance; and

(b)          limited assurance regarding:

(i)            the annual information, relating to the private health insurer, required under the reporting standards made by APRA under FSCODA that are identified in Attachment A as requiring limited assurance; and

(ii)          the private health insurer’s systems, procedures and internal controls that are designed to ensure that the private health insurer has complied with all applicable prudential requirements, has provided reliable data to APRA as required under the reporting standards prepared under FSCODA, and has operated effectively throughout the year of income.

12.         For the purposes of this Prudential Standard, ‘reasonable assurance’ and ‘limited assurance’ are defined in accordance with the Framework for Assurance Engagements issued by the AUASB.

13.         A private health insurer must ensure that the Appointed Auditor, when preparing a report or assessment required under this Prudential Standard (whether as part of routine or special purpose engagement):

(a)           does so on the basis that APRA may rely upon the report in the performance of its functions under the Act; and

(b)          exercises independent judgement and not place sole reliance on the work performed by APRA.

14.         A private health insurer must ensure its Appointed Auditor, or an auditor appointed under paragraph 21 (special purpose engagement auditor), retains all working papers and other documentation in relation to the prudential requirements of the private health insurer for a period of seven years from the date of the report to which the working papers or documentation relate. Where requested to do so in writing by APRA, the private health insurer must direct the auditor to provide the working papers and other documentation to APRA.

Obligations of a private health insurer – Auditor’s report

15.         A private health insurer must submit the Appointed Auditor’s report to APRA, addressing matters referred to in paragraph 11, within three months after the end of the year of income to which the report relates.

16.         The private health insurer must ensure that the Appointed Auditor provides the Appointed Auditor’s report to the Board of the private health insurer within sufficient time to enable the private health insurer to submit the report to APRA, as specified in paragraph 15.

17.         A private health insurer, if requested by APRA, must within a reasonable time provide APRA with the terms of engagement, other instructions to, or correspondence with the Appointed Auditor, including management letters, that may have a bearing on:

(a)           the scope or conduct of the work undertaken by the Appointed Auditor in accordance with this Prudential Standard; and

(b)          the form, content (including findings made or opinions expressed by the Appointed Auditor) or coverage of the reports provided by the Appointed Auditor in accordance with this Prudential Standard.

Other responsibilities of the private health insurer

18.        APRA liaison with an Appointed Auditor will normally be conducted under tripartite arrangements involving APRA, the private health insurer and the Appointed Auditor. Notwithstanding the tripartite relationship, a private health insurer must ensure that the Appointed Auditor is not prevented from meeting with APRA on a bilateral basis if requested by either party.

19.         Persons involved in the provision of information should note that it is a serious offence under subsection 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false or misleading documents or information to a Commonwealth entity such as APRA.

Special purpose engagements

20.        APRA may require the private health insurer, by notice in writing, to engage its Appointed Auditor to:

(a)           undertake a special purpose engagement relating to matters set out in writing by APRA relating to the private health insurer’s operations, risk management or financial affairs; and

(b)          prepare a report in respect of that engagement.

21.        A private health insurer may engage an auditor other than the Auditor appointed under paragraph 6 to conduct a special purpose engagement, but only where this is agreed to by APRA and the Auditor satisfies the criteria set out in paragraph 10.

22.        A private health insurer must require an auditor appointed for a special purpose engagement to address limited assurance on the matters upon which the auditor is required to report unless otherwise determined by APRA and advised to the private health insurer in writing.

23.        A private health insurer must require an auditor appointed for a special purpose engagement to submit, within three months of the date of the notice commissioning the report, an auditor’s report simultaneously to APRA and to the Board of the private health insurer, unless otherwise determined by APRA.

24.        A private health insurer must require an auditor appointed for a special purpose engagement to modify the report referred to in paragraph 22 for breaches relating to the matters upon which the Auditor is required to report which, in the Auditor’s professional opinion, are material. In forming an opinion as to whether a breach is material, the private health insurer must require the auditor to have regard to relevant AUASB standards and guidance.

25.         The cost of a special purpose engagement will be borne by the private health insurer.

Adjustments and exclusions

26.         APRA may, by notice in writing to a private health insurer, adjust or exclude a specific requirement in this Prudential Standard in relation to that private health insurer.[2]


 

Attachment A

Auditable returns

The Auditor must provide assurance on the data provided to APRA in the forms as listed below, or as instructed by APRA from time to time.

 

APRA determined these forms in reporting standards made under FSCODA.

 

Table 1

 

Form Name

Form Number

Level of Assurance

1

Statistical Data by State

HRF 601

Reasonable[3]

2

Financial and Capital Data - CA forecasts

HRF 602.1

Limited [4]

3

Financial and Capital Data - Solvency Forecasts

HRF 602.2

Limited

4

Financial and Capital Data - Revenue

HRF 602.3

Reasonable

5

Financial and Capital Data - Expenses

HRF 602.4

Reasonable

6

Financial and Capital Data - Capital Transfers 

HRF 602.5

Reasonable

7

Financial and Capital Data - Assets     

HRF 602.6

Reasonable

8

Financial and Capital Data - Liabilities

HRF 602.7

Reasonable

9

Financial and Capital Data - Related Party Disclosures

HRF 602.8

Reasonable

10

Financial and Capital Data - Claims Data

HRF 602.9

 

Reasonable

 

 



[1]           Refer to subsection 15(1) of the Act.

[2] Refer to subsection 92(4) of the Act.

[3]               Reasonable Assurance is defined in the Framework for Assurance Engagements issued by the AUASB.

[4]               Limited Assurance is defined in the Framework for Assurance Engagements issued by the AUASB.