The RSE licensee is required to submit to APRA all reports required to be prepared by the RSE auditor in accordance with the prudential requirements and within the time specified in SPS 310.

These reporting requirements include the scenario where the RSE licensee has more than one RSE within its business operations. In this case, the RSE licensee must ensure that the RSE auditor completes a separate auditor’s report for each RSE.

In the case of the RSE licensee whose business operations include one or more small APRA funds (SAFs), the RSE licensee may engage the RSE auditor to prepare a single auditor’s report covering some or all of the SAFs within its business operations, provided that the RSE meets the requirements as set out in SPS 310 in relation to:

1. its risk management strategy;
2. each SAF is individually audited;
3. the RSE auditor's report is unmodified; and
4. the RSE licensee provides APRA with a listing of all SAFs covered by the single RSE auditor's report.

Where the RSE licensee is part of a group, the RSE auditor may prepare that part of the auditor’s report as the RSE auditor considers appropriate, either as part of the group, provided it is clear where the RSE auditor is referring to the RSE licensee or the group; or on a standalone basis separate to the group.

Under SPS 310, the RSE licensee must use all reasonable endeavours to assist the RSE auditor in being fully informed of all APRA Prudential Requirements applicable to the RSE licensee. This may include the RSE licensee making the RSE auditor aware of any circumstances that have changed in the RSE licensee’s business operations that may impact the scope of any limited or reasonable assurance engagements under SPS 310.

Under SPS 310, the RSE licensee is furthermore required to ensure that the RSE auditor has access to all relevant data, information, reports and staff of the RSE licensee, that the RSE auditor reasonably believes is necessary to fulfil their responsibilities. This includes access to the Board of the RSE licensee, the Board Audit Committee and the internal auditor’s where required.

In particular, the RSE licensee is required to provide the RSE auditor with access to their Risk Management Framework (RMF) documents, as outlined in SPS 220 Risk Management, including the annual Risk Management Declaration as approved and signed by TCWG, and forwarded to APRA by the RSE licensee. In practice, this declaration may only be available immediately prior to the RSE auditor completing their audit.

Under section 35AB(1) of the SIS Act, the RSE auditor can request, in writing from the trustee of the RSE a document that is relevant to the preparation of their report. Each trustee of the RSE must ensure the document is given to the RSE auditor within 14 days of the request being made.

In relation to the RSE licensee’s responsibility to keep the RSE auditor informed, the RSE auditor includes these responsibilities clearly in the engagement letter^[6] and also requests management of the RSE licensee to sign an appropriate representation letter^[7] (refer paragraphs 129 and 130).

Under SPS 220, the RSE is required to submit to APRA, at the same time as lodgement of the annual information under FSCOD Act, a declaration on risk management. This declaration includes but is not limited to, statements by the RSE on:

1. the reliability of financial information lodged with APRA;
2. the adequacy of the systems in place to ensure compliance with APRA prudential requirements including the Risk Management Strategy (RMS);
3. systems and resources are in place for managing and monitoring risks, and the RMF is appropriate to the RSE licensee’s business operations;
4. adequate reporting systems and internal controls supporting the preparation and reporting of accurate financial and statistical information to APRA;
5. the effectiveness of the RSEs processes and systems surrounding the production of financial information.

Refer to SPS 220 Attachment A for further information in relation to the RSE’s Risk Management Declaration.

The RSE auditor is not required to form an opinion on the declaration other than in the context of the RSE auditor’s responsibility to express a conclusion on the RSE’s compliance in accordance with the responsibilities and reporting requirements of SPS 310.