Federal Register of Legislation - Australian Government

Primary content

Determinations/Prudential as made
This instrument determines Prudential Standard HPS 310 Audit and Related Matters.
Administered by: Treasury
Registered 05 Jun 2023
Tabling HistoryDate
Tabled HR13-Jun-2023
Tabled Senate13-Jun-2023
Table of contents.

Commonwealth Coat of Arms

Health Insurance (prudential standard) determination No. 8 of 2023

Prudential Standard HPS 310 Audit and Related Matters

Private Health Insurance (Prudential Supervision) Act 2015

I, Helen Rowell, a delegate of APRA:

(a)       under subsection 92(5) of the Private Health Insurance (Prudential Supervision) Act 2015 (the PHIPS Act) revoke Health Insurance (prudential standard) determination No. 1 of 2019, including Prudential Standard HPS 310 Audit and Related Matters made under that Determination; and

(b)       under subsection 92(1) of the PHIPS Act determine Prudential Standard HPS 310 Audit and Related Matters, in the form set out in the Schedule, which applies to all private health insurers.

This instrument commences on 1 July 2023.

Dated: 24 May 2023

 

[Signed]

 

Helen Rowell

Deputy Chair

Interpretation

In this instrument:

 

APRA means the Australian Prudential Regulation Authority.

private health insurer has the meaning given in section 4 of the PHIPS Act.

 


 

Schedule

 

Prudential Standard HPS 310 Audit and Related Matters, comprises the document commencing on the following page.

 


Commonwealth Coat of Arms

Prudential Standard HPS 310 

Audit and Related Matters  

Objectives and key requirements of this Prudential Standard

This Prudential Standard establishes requirements for the provision, to the Board and senior management of a private health insurer, of independent advice in relation to the operations, financial position and risk controls of the business operations of the private health insurer. This independent advice is designed to assist the Board and senior management in carrying out their responsibilities for the sound and prudent management of the business operations of the private health insurer.

This Prudential Standard outlines the roles and responsibilities that a private health insurer must require of its Appointed Auditor. It also outlines the obligations of a private health insurer to make arrangements to enable its Appointed Auditor to fulfil his or her responsibilities.

The key requirements of this Prudential Standard, are that a private health insurer:

·               must appoint an auditor (Appointed Auditor);

·               must make arrangements to enable its Appointed Auditor to undertake his or her responsibilities to audit the financial statements and annual information required by APRA in relation to a private health insurer, and to review other aspects of that private health insurer, (including special purpose engagements) and provide a report to the private health insurer regarding such reviews;

·               must submit to APRA all reports required to be prepared by its Appointed Auditor including the Appointed Auditor’s report or a special purpose report by an agreed auditor engaged to prepare a such a report, as required under this Prudential Standard; and

·               will facilitate APRA liaison with an Appointed Auditor if required.

 

 



Authority

1.             This Prudential Standard is made under subsection 92(1) of the Private Health Insurance (Prudential Supervision) Act 2015 (the Act). 

Application and commencement

2.             This Prudential Standard applies to all operations and activities of private health insurers registered under the Act. 

3.             All private health insurers must comply with this Prudential Standard in its entirety, unless otherwise expressly indicated.

4.             This Prudential Standard applies to private health insurers from 1 July 2023.

Interpretation

5.             Terms that are defined in Prudential Standard HPS 001 Definitions appear in bold the first time they are used in this Prudential Standard.

Obligations of a private health insurer – Auditor appointment

6.             For the purposes of this Prudential Standard, a private health insurer must appoint an auditor (the Appointed Auditor).

7.             A private health insurer must ensure the terms of engagement of the Appointed Auditor are set out in a legally binding contract between the private health insurer and the Appointed Auditor, including requirements that:

(a)           the Appointed Auditor fulfils the roles and responsibilities of the Appointed Auditor as specified in this Prudential Standard and in the manner specified in this Prudential Standard;

(b)          the Appointed Auditor, in meeting its role and responsibilities to comply with the relevant Standards and Guidance issued from time to time by the AUASB (AUASB standards and guidance) to the extent they are not inconsistent with this Prudential Standard. If they are inconsistent:

(i)            this Prudential Standard prevails; or

(ii)          APRA may notify the private health insurer, in writing, that alternative standards and guidance must be used by the Appointed Auditor.

8.             A private health insurer must ensure its Appointed Auditor has access to all relevant data, information, reports and staff of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities. This will include access to the private health insurer’s Board, Board Audit Committee and Internal Auditors, and any information APRA has provided to the private health insurer, as required.

9.             A private health insurer must take all reasonable steps or make necessary arrangements to ensure its Appointed Auditor has access to contractors of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities.

Obligations of a private health insurer – fitness and propriety

10.         A private health insurer must ensure that its Appointed Auditor:

(a)           is a fit and proper person in accordance with the private health insurer’s fit and proper policy as required by Prudential Standard CPS 520 Fit and Proper, including those requirements that apply specifically to the Appointed Auditor; and

(b)          satisfies the Auditor independence requirements in Prudential Standard CPS 510 Governance; and

(c)           satisfies the eligibility and independence criteria in the Corporations Act 2001.

Appointed Auditor’s report

11.         A private health insurer must engage the Appointed Auditor to prepare an annual report that at a minimum, must address:

(a)           reasonable assurance regarding:

(i)            the annual financial statements of the private health insurer prepared in accordance with relevant Australian Accounting Standards issued by the Australian Accounting Standards Board (AASB);

(ii)          the annual information, relating to the private health insurer, required under the reporting standards made by APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) that are identified in Table 1 of Attachment A as requiring reasonable assurance;

(iii)        the quarterly information, relating to the private health insurer, required under the reporting standards made by APRA under FSCODA that are identified in Table 2 of Attachment A as requiring reasonable assurance; and

(b)          limited assurance regarding:

(i)            the annual information, relating to the private health insurer, required under the reporting standards made by APRA under FSCODA that are identified in Attachment A as requiring limited assurance; and

(ii)          the private health insurer’s systems, procedures and internal controls that are designed to ensure that the private health insurer has complied with all applicable prudential requirements are adequate, has operated effectively throughout the year of income, and has provided reliable data to APRA as required under the reporting standards prepared under FSCODA (including those provided quarterly and semi-annually, except those listed in Table 2 of Attachment A).

12.         For the purposes of this Prudential Standard, ‘reasonable assurance’ and ‘limited assurance’ are defined in accordance with the Framework for Assurance Engagements issued by the AUASB.

13.         A private health insurer must ensure that the Appointed Auditor, when preparing a report or assessment required under this Prudential Standard (whether as part of routine or special purpose engagement):

(a)           does so on the basis that APRA may rely upon the report in the performance of its functions under the Act; and

(b)          exercises independent judgement and not place sole reliance on the work performed by APRA.

14.         A private health insurer must ensure its Appointed Auditor, or an auditor appointed under paragraph 21 (special purpose engagement auditor), retains all working papers and other documentation in relation to the prudential requirements of the private health insurer for a period of seven years from the date of the report to which the working papers or documentation relate. Where requested to do so in writing by APRA, the private health insurer must direct the auditor to provide the working papers and other documentation to APRA.

Obligations of a private health insurer – Auditor’s report

15.         A private health insurer must submit the Appointed Auditor’s report to APRA, addressing matters referred to in paragraph 11, within three months after the end of the year of income to which the report relates.

16.         The private health insurer must ensure that the Appointed Auditor provides the Appointed Auditor’s report to the Board of the private health insurer within sufficient time to enable the private health insurer to submit the report to APRA, as specified in paragraph 15.

17.         A private health insurer, if requested by APRA, must within a reasonable time provide APRA with the terms of engagement, other instructions to, or correspondence with the Appointed Auditor, including management letters, that may have a bearing on:

(a)           the scope or conduct of the work undertaken by the Appointed Auditor in accordance with this Prudential Standard; and

(b)          the form, content (including findings made or opinions expressed by the Appointed Auditor) or coverage of the reports provided by the Appointed Auditor in accordance with this Prudential Standard.

Other responsibilities of the private health insurer

18.         APRA liaison with an Appointed Auditor will normally be conducted under tripartite arrangements involving APRA, the private health insurer and the Appointed Auditor. Notwithstanding the tripartite relationship, a private health insurer must ensure that the Appointed Auditor is not prevented from meeting with APRA on a bilateral basis if requested by either party.

19.         Persons involved in the provision of information should note that it is a serious offence under subsection 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false or misleading documents or information to a Commonwealth entity such as APRA.

Special purpose engagements

20.         APRA may require the private health insurer, by notice in writing, to engage its Appointed Auditor to:

(a)           undertake a special purpose engagement relating to matters set out in writing by APRA relating to the private health insurer’s operations, risk management or financial affairs; and

(b)          prepare a report in respect of that engagement.

21.         A private health insurer may engage an auditor other than the Auditor appointed under paragraph 6 to conduct a special purpose engagement, but only where this is agreed to by APRA and the Auditor satisfies the criteria set out in paragraph 10.

22.         A private health insurer must require an auditor appointed for a special purpose engagement to address limited assurance on the matters upon which the auditor is required to report unless otherwise determined by APRA and advised to the private health insurer in writing.

23.         A private health insurer must require an auditor appointed for a special purpose engagement to submit, within three months of the date of the notice commissioning the report, an auditor’s report simultaneously to APRA and to the Board of the private health insurer, unless otherwise determined by APRA.

24.         A private health insurer must require an auditor appointed for a special purpose engagement to modify the report referred to in paragraph 22 for breaches relating to the matters upon which the Auditor is required to report which, in the Auditor’s professional opinion, are material. In forming an opinion as to whether a breach is material, the private health insurer must require the auditor to have regard to relevant AUASB standards and guidance.

25.         The cost of a special purpose engagement will be borne by the private health insurer.

Adjustments and exclusions

26.         APRA may, by notice in writing to a private health insurer, adjust or exclude a specific requirement in this Prudential Standard in relation to that private health insurer.

Previous exercise of discretion

27.         A private health insurer must contact APRA if it seeks to place reliance, for the purposes of complying with this Prudential Standard, on a previous exemption or other exercise of discretion made by APRA under a previous Prudential Standard.

 


Attachment A

The Auditor must provide assurance on the data provided to APRA in the forms as listed below, or as instructed by APRA from time to time.

APRA determined these forms in reporting standards made under FSCODA.

Table 1 – Auditable annual returns

 

Reporting Standard Name

Reporting Standard Number

Level of Assurance[1]

1

Regulatory Income Statement Supplementary Information

HRS 101.0

Reasonable

2

Forecasts and Targets

HRS 104.0

Limited

3

Claims

HRS 109.0

Reasonable

4

Prescribed Capital Amount

 

HRS 110.0

Reasonable

5

Adjustments and Exclusions

 

HRS 111.0

Reasonable

6

Determination of Capital Base

 

HRS 112.0

Reasonable

7

Related Party Exposures

 

HRS 112.3

Reasonable

8

Asset Risk Charge

 

HRS 114.0

Reasonable

9

Insurance Risk Charge

 

HRS 115.0

Reasonable

10

Asset Concentration Risk Charge

 

HRS 117.0

Reasonable

11

Operational Risk Charge

 

HRS 118.0

Reasonable

12

Statement of Financial Position

 

HRS 300.0

Reasonable

13

Statement of Profit and Loss and Other Comprehensive Income

HRS 310.0

Reasonable

14

Liability Roll Forwards

 

HRS 320.0

Reasonable

 


 

Table 2 – Quarterly returns requiring reasonable assurance

 

Reporting Standard Name

Reporting Standard Number

Level of Assurance

1

Statistical Data by State

 

HRS 601.1

Reasonable

 

 

 

 

 

 



[1]               Reasonable Assurance is defined in the Framework for Assurance Engagements issued by the AUASB.