Health Insurance (prudential standard) determination No. 1 of 2019
Prudential Standard HPS 310 Audit and Related Matters
Private Health Insurance (Prudential Supervision) Act 2015
I, Pat Brennan, delegate of APRA:
a) under subsection 92(5) of the Private Health Insurance (Prudential Supervision) Act 2015 (the Act) REVOKE Health Insurance (prudential standard) determination No. 1 of 2018, including Prudential Standard HPS 310 Audit and Related Matters made under that determination; and
b) under subsection 92(1) of the Act DETERMINE Prudential Standard HPS 310 Audit and Related Matters, in the form set out in the Schedule, which applies to all private health insurers.
This instrument commences on 1 July 2019.
Dated: 17 April 2019
[Signed]
Pat Brennan
Executive General Manager
Policy and Advice Division
Interpretation
In this Determination:
APRA means the Australian Prudential Regulation Authority.
private health insurer has the same meaning as in the Act.
Schedule
Prudential Standard HPS 310 Audit and Related Matters comprises the following 7 pages
Prudential Standard HPS 310
Audit and Related Matters
Objectives and key requirements of this Prudential Standard
This Prudential Standard establishes requirements for the provision, to the Board and senior management of a private health insurer, of independent advice in relation to the operations, financial position and risk controls of the business operations of the private health insurer. This independent advice is designed to assist the Board and senior management in carrying out their responsibilities for the sound and prudent management of the business operations of the private health insurer.
This Prudential Standard outlines the roles and responsibilities that a private health insurer must require of its Appointed Auditor. It also outlines the obligations of a private health insurer to make arrangements to enable its Appointed Auditor to fulfil his or her responsibilities.
The key requirements of this Prudential Standard, are that a private health insurer:
must appoint an auditor (Appointed Auditor);
must make arrangements to enable its Appointed Auditor to undertake his or her responsibilities to audit the financial statements and annual information required by APRA in relation to a private health insurer, and to review other aspects of that private health insurer, (including special purpose engagements) and provide a report to the private health insurer regarding such reviews;
must submit to APRA all reports required to be prepared by its Appointed Auditor including the Appointed Auditor’s report or a special purpose report by an agreed auditor engaged to prepare a such a report, as required under this Prudential Standard; and
will facilitate APRA liaison with an Appointed Auditor if required.
Authority
- This Prudential Standard is made under paragraph 92(1) of the Private Health Insurance (Prudential Supervision) Act 2015 (the Act).
2. This Prudential Standard applies to all operations and activities of private health insurers registered under the Act.
3. All private health insurers must comply with this Prudential Standard in its entirety, unless otherwise expressly indicated.
4. This Prudential Standard commences on 1 July 2019.
Interpretation
5. Terms that are defined in Prudential Standard HPS 001 Definitions appear in bold the first time they are used in this Prudential Standard.
6. For the purposes of this Prudential Standard, a private health insurer must appoint an auditor (the Appointed Auditor).
7. A private health insurer must ensure the terms of engagement of the Appointed Auditor are set out in a legally binding contract between the private health insurer and the Appointed Auditor, including requirements that:
(a) the Appointed Auditor fulfils the roles and responsibilities of the Appointed Auditor as specified in this Prudential Standard and in the manner specified in this Prudential Standard;
(b) the Appointed Auditor, in meeting its role and responsibilities to comply with the relevant Standards and Guidance issued from time to time by the AUASB (AUASB standards and guidance) to the extent they are not inconsistent with this Prudential Standard. If they are inconsistent:
(i) this Prudential Standard prevails; or
(ii) APRA may notify the private health insurer, in writing, that alternative standards and guidance must be used by the Appointed Auditor.
8. A private health insurer must ensure its Appointed Auditor has access to all relevant data, information, reports and staff of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities. This will include access to the private health insurer’s Board, Board Audit Committee and Internal Auditors, and any information APRA has provided to the private health insurer, as required.
9. A private health insurer must take all reasonable steps or make necessary arrangements to ensure its Appointed Auditor has access to contractors of the private health insurer that its Appointed Auditor reasonably believes are necessary to fulfil his or her responsibilities.
Obligations of a private health insurer – fitness and propriety
10. A private health insurer must ensure that its Appointed Auditor:
(a) is a fit and proper person in accordance with the private health insurer’s fit and proper policy as required by Prudential Standard CPS 520 Fit and Proper, including those requirements that apply specifically to the Appointed Auditor; and
(b) satisfies the Auditor independence requirements in Prudential Standard CPS 510 Governance; and
(c) satisfies the eligibility and independence criteria in the Corporations Act 2001.
11. A private health insurer must engage the Appointed Auditor to prepare an annual report that at a minimum, must address:
(a) reasonable assurance regarding:
(i) the annual financial statements of the private health insurer prepared in accordance with relevant Australian Accounting Standards issued by the Australian Accounting Standards Board (AASB);
(ii) the annual information, relating to the private health insurer, required under the reporting standards made by APRA under the Financial Sector (Collection of Data) Act 2001 (FSCODA) that are identified in Attachment A as requiring reasonable assurance; and
(b) limited assurance regarding:
(i) the annual information, relating to the private health insurer, required under the reporting standards made by APRA under FSCODA that are identified in Attachment A as requiring limited assurance; and
(ii) the private health insurer’s systems, procedures and internal controls that are designed to ensure that the private health insurer has complied with all applicable prudential requirements, has provided reliable data to APRA as required under the reporting standards prepared under FSCODA, and has operated effectively throughout the year of income.
12. For the purposes of this Prudential Standard, ‘reasonable assurance’ and ‘limited assurance’ are defined in accordance with the Framework for Assurance Engagements issued by the AUASB.
13. A private health insurer must ensure that the Appointed Auditor, when preparing a report or assessment required under this Prudential Standard (whether as part of routine or special purpose engagement):
(a) does so on the basis that APRA may rely upon the report in the performance of its functions under the Act; and
(b) exercises independent judgement and not place sole reliance on the work performed by APRA.
14. A private health insurer must ensure its Appointed Auditor, or an auditor appointed under paragraph 21 (special purpose engagement auditor), retains all working papers and other documentation in relation to the prudential requirements of the private health insurer for a period of seven years from the date of the report to which the working papers or documentation relate. Where requested to do so in writing by APRA, the private health insurer must direct the auditor to provide the working papers and other documentation to APRA.
15. A private health insurer must submit the Appointed Auditor’s report to APRA, addressing matters referred to in paragraph 11, within three months after the end of the year of income to which the report relates.
16. The private health insurer must ensure that the Appointed Auditor provides the Appointed Auditor’s report to the Board of the private health insurer within sufficient time to enable the private health insurer to submit the report to APRA, as specified in paragraph 15.
17. A private health insurer, if requested by APRA, must within a reasonable time provide APRA with the terms of engagement, other instructions to, or correspondence with the Appointed Auditor, including management letters, that may have a bearing on:
(a) the scope or conduct of the work undertaken by the Appointed Auditor in accordance with this Prudential Standard; and
(b) the form, content (including findings made or opinions expressed by the Appointed Auditor) or coverage of the reports provided by the Appointed Auditor in accordance with this Prudential Standard.
Other responsibilities of the private health insurer
18. APRA liaison with an Appointed Auditor will normally be conducted under tripartite arrangements involving APRA, the private health insurer and the Appointed Auditor. Notwithstanding the tripartite relationship, a private health insurer must ensure that the Appointed Auditor is not prevented from meeting with APRA on a bilateral basis if requested by either party.
19. Persons involved in the provision of information should note that it is a serious offence under subsection 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false or misleading documents or information to a Commonwealth entity such as APRA.
Special purpose engagements
20. APRA may require the private health insurer, by notice in writing, to engage its Appointed Auditor to:
(a) undertake a special purpose engagement relating to matters set out in writing by APRA relating to the private health insurer’s operations, risk management or financial affairs; and
(b) prepare a report in respect of that engagement.
21. A private health insurer may engage an auditor other than the Auditor appointed under paragraph 6 to conduct a special purpose engagement, but only where this is agreed to by APRA and the Auditor satisfies the criteria set out in paragraph 10.
22. A private health insurer must require an auditor appointed for a special purpose engagement to address limited assurance on the matters upon which the auditor is required to report unless otherwise determined by APRA and advised to the private health insurer in writing.
23. A private health insurer must require an auditor appointed for a special purpose engagement to submit, within three months of the date of the notice commissioning the report, an auditor’s report simultaneously to APRA and to the Board of the private health insurer, unless otherwise determined by APRA.
24. A private health insurer must require an auditor appointed for a special purpose engagement to modify the report referred to in paragraph 22 for breaches relating to the matters upon which the Auditor is required to report which, in the Auditor’s professional opinion, are material. In forming an opinion as to whether a breach is material, the private health insurer must require the auditor to have regard to relevant AUASB standards and guidance.
25. The cost of a special purpose engagement will be borne by the private health insurer.
26. APRA may, by notice in writing to a private health insurer, adjust or exclude a specific requirement in this Prudential Standard in relation to that private health insurer.