Under section 49L of the Act, an insurer and parent entity of an insurance group are required to submit to APRA all certificates and reports required to be prepared by their Appointed or Group Auditor in accordance with the Prudential Requirements and within the time specified in GPS 310.

Under section 49J of the Act, an insurer and parent entity of an insurance group are required to make arrangements necessary to enable the Appointed or Group Auditor to undertake the audit function as required by the Act and Prudential Standards made under the Act. Under GPS 310, these arrangements include ensuring that the Appointed or Group Auditor is kept fully informed of all APRA Prudential Requirements applicable to the insurer and/or insurance group.

Under GPS 310, the insurer and parent entity of the insurance group are furthermore required to ensure that the auditor has access to all relevant data, information, reports and staff of the insurer or insurance group, that the auditor reasonably believes is necessary to fulfil their responsibilities. This includes access to those charged with governance^[8] of the insurer and insurance group and to the Board Audit Committee.

In particular, the insurer and insurance group are required to provide the auditor with access to their Risk Management Strategy (RMS) and Reinsurance Management Strategy (REMS) documents, as discussed below, approved by those charged with governance and forwarded to APRA by the insurer and insurance group, including information relating to the timing of their supply to APRA and any changes in the documents.

In relation to the insurer’s or insurance group’s responsibility to keep the Appointed or Group Auditor informed, the Appointed or Group Auditor requests management of the insurer and/or insurance group to sign an appropriate representation letter^[9].

Prudential Standard GPS 220 Risk Management (GPS 220) requires an insurer and the insurance group to have in place a Risk Management Framework (RMF) to manage the risks arising from its business. Prudential Standard GPS 230 Reinsurance Management (GPS 230) requires an insurer and the insurance group to have in place, as part of their overall RMF, a Reinsurance Management Framework (REMF) to manage the risks arising from their reinsurance arrangements. There must be a clear link between the insurer’s and the insurance group’s REMF (including its REMS) and the insurer’s or group’s RMF.

The RMS is a high level, strategic document intended to describe the key elements of an insurer’s and insurance group’s RMF, including the insurer’s risk appetite, policies, procedures, managerial responsibilities and controls to identify, assess, monitor, report on and mitigate all material risks, financial and nonfinancial, having regard to such factors as the size, business mix and complexity of the insurer’s operations. Appendix 6 of this Guidance Statement includes a list of some of the key aspects to be included in an insurer’s and/or the insurance group’s RMS^[10].

The REMS is a high level, strategic document intended to describe the key elements of the insurer’s REMF, including policies, procedures, management responsibilities and controls to manage the selection, implementation, monitoring, review, amendment and documentation of reinsurance arrangements of the insurer or the insurance group. Appendix 6 of this Guidance Statement includes a list of some of the key aspects to be included in an insurer’s and the insurance group’s REMS.

Under GPS 220, an insurer or parent entity of the insurance group is required to submit to APRA, at the same time as lodgement of the yearly statutory accounts or group annual accounts, a declaration on risk management and on financial information. These Declarations include statements by the insurer or the insurance group on: the reliability of financial information lodged with APRA by the insurer or insurance group; the adequacy of the insurer’s or group’s systems in place to ensure compliance with APRA Prudential Requirements; the effectiveness of the insurer’s or insurance group’s processes and systems surrounding the production of financial information; and compliance with the insurer’s or insurance group’s RMS and REMS. Refer to GPS 220 for information in relation to an insurer’s or insurance group’s Risk Management and Financial Information Declarations.

The Appointed or Group Auditor is not required to form an opinion on these Declarations other than in the context of the auditor’s responsibility to express a conclusion on the insurer’s or insurance group’s compliance with the responsibilities and reporting requirements of GPS 310.