Section 39 of the Act outlines the mechanism for the appointment of an auditor by an insurer and parent entity of the insurance group. Under this section, an insurer or the insurance group must not appoint a person as the auditor unless:

1. the insurer is reasonably satisfied that the person meets the eligibility criteria for such an appointment set out in the Prudential Standards; and
2. no determination is in force under section 44 which disqualifies the person from holding such an appointment^[11].

Prudential Standard CPS 520 Fit and Proper (CPS 520) sets out the eligibility criteria for appointment as auditor of an insurer or insurance group. Prudential Standard CPS 510 Governance (CPS 510) includes provisions relating to the independence of an Appointed Auditor or Group Auditor engaged to perform work of a prudential nature in relation to the Act, APRA Prudential Standards and APRA Reporting Standards.

Section 44 of the Act sets out the circumstances under which APRA may disqualify a person from holding an appointment as an auditor of an insurer.^[12] APRA may, if satisfied that grounds exist under section 49R^[13], direct an insurer to remove an auditor.

Under section 41 of the Act, an auditor appointed by an insurer and the Group Auditor appointed by the parent entity of an insurance group, must comply with the Prudential Standards in performing their duties and exercising their powers.

Sections 49, 49A and 49B of the Act, together with GPS 310, specify certain circumstances where the Appointed Auditor or Group Auditor is required to report to APRA on a nonroutine basis, where APRA requests specific information, or where an Appointed Auditor or Group Auditor possesses reportable information specified in the Act or where the Appointed Auditor or Group Auditor considers that the provision of information would assist APRA in performing its functions under the Act (refer paragraphs 122-131).

Appointed Auditor

Broadly, section 49J of the Act, together with GPS 310, requires the appointed auditor to:

1. conduct an audit of the yearly statutory accounts of the insurer and provide an auditor’s report to the insurer which contains the auditor’s opinion in relation to the audit (refer paragraphs 40-51 and Appendix 1);
2. undertake a review and prepare a report, on an annual basis, which contains the auditor’s review conclusions providing limited assurance in relation to the matters specified in Attachment A to GPS 310 (refer paragraphs 56-108 and Appendix 3);
3. undertake a special purpose engagement, when requested by APRA in writing, of specific matters relating to the insurer’s operations, risk management or financial affairs, and to prepare a report in respect of that engagement (refer paragraphs 109-121); and
4. perform such other work considered necessary to fulfil the auditor’s responsibilities under the Prudential Standards.

Group Auditor

GPS 310 Attachment B requires on an annual basis, the Group Auditor to:

1. conduct a review of the group’s annual accounts and provide a report to the parent entity of the insurance group which contains the Group Auditor’s conclusion in relation to the limited assurance review (refer paragraphs 52-55 and Appendix 2);
2. undertake a review and prepare a report which contains the Group Auditor’s conclusions providing limited assurance in relation to the matters specified in Attachment C to GPS 310 (refer paragraphs 56-108 and Appendix 3);
3. undertake a special purpose engagement, when requested by APRA in writing, of specific matters relating to the insurance group’s operations, risk management or financial affairs, and to prepare a report in respect of that engagement (refer paragraphs 109-121); and
4. perform such other work considered necessary to fulfil the auditor’s responsibilities under the Prudential Standards.