Special Purpose Engagements
Reporting Requirements
109
In addition to APRA’s annual prudential reporting requirements, the Appointed or Group Auditor may be requested by the insurer or insurance group, under GPS 310, to undertake a special purpose engagement in relation to matters specified by APRA in writing, relating to the insurer’s or insurance group’s operations, risk management or financial affairs, and to prepare a report in respect of that engagement[32].
110
APRA requires such special purpose engagements to be completed in accordance with relevant AUASB Standards and Guidance Statements, to the extent that these pronouncements are not inconsistent with the requirements of GPS 310.
111
Under GPS 310, the Appointed or Group Auditor’s special purpose engagement report is required to be submitted to APRA and the insurer or insurance group simultaneously, within three months of the engagement being commissioned, unless APRA grants an extension of time in writing.
112
APRA may meet with the insurer and its Appointed Auditor or the insurance group and the Group Auditor, periodically to discuss the auditor’s report and to agree on the area(s) to be examined. Timing of these trilateral meetings is negotiated with the insurer and the Appointed Auditor or the insurance group and the Group Auditor, at the initiative of APRA. The area(s) to be examined may vary among insurers or insurance groups.
113
The Appointed or Group Auditor may be requested to perform any of the following types of engagements:
- an audit (reasonable assurance);
- a review (limited assurance); and/or
- agreed upon procedures (no assurance).
114
It must be appreciated that the Appointed Auditor of an insurer or the Group Auditor of an insurance group, does not evaluate all aspects of the internal control structure and systems of controls when performing an audit or review of financial reports required under the Corporations Act 2001 and is therefore not in a position to express an opinion on the adequacy of the systems of accounting and internal control taken as a whole.
115
The APRA requirement for an Appointed or Group Auditor to undertake a special purpose engagement in a selected area of the insurer’s or insurance group’s operations, constitutes a separate engagement and reporting. The Appointed or Group Auditor undertakes the engagement in accordance with ASAE 3000 and having due regard to relevant Auditing Standards (ASAs), ASREs, ASAEs and Standards on Related Services (ASRSs).
116
Due to the nature of audit testing and review procedures, and other inherent limitations of audits and reviews, together with the inherent limitations of all control systems, there is a possibility that a properly planned and executed audit or review will not detect all deficiencies in relation to the insurer’s or insurance group’s operations, risk management or financial affairs.
117
The extent of reporting matters that could be improved depends on the Appointed or Group Auditor’s judgement. Materiality is to be addressed in the context of the insurer’s or insurance group’s objectives relevant to the particular area of activity being examined and whether the internal controls will reduce to an acceptable level the risks that threaten achievement of those objectives. Minor omissions, weaknesses and failures are not required to be reported upon. Matters that are commented on are those which, in the view of the Appointed or Group Auditor, indicate individually or collectively that the objectives of the system may not be achieved. Materiality is addressed in paragraphs 73-78.
118
The report is to be restricted to the parties that have agreed to the terms of the special purpose engagement, namely those charged with governance and management of the insurer or insurance group, and APRA.
Format of Reporting Requirements
119
The format of the special purpose engagement report will vary depending on the type of engagement; that is, an audit (reasonable assurance), a review (limited assurance) or agreedupon procedures (no assurance), as well as the topic and the findings. The Appointed or Group Auditor has regard to the requirements, guidance and illustrative examples of reports provided in ASAs, ASREs, ASAEs and ASRSs, as applicable, when preparing the special purpose engagement report.
Terms of Engagement
120
Following the determination by APRA of the specific area to be examined, the Appointed or Group Auditor, APRA and the insurer or insurance group agree on the terms of the engagement. It is in the interests of both the insurer or insurance group and the Appointed or Group Auditor that an engagement letter is compiled to help avoid misunderstandings with respect to the engagement. When agreeing on the terms of the engagement, the Appointed or Group Auditor has regard to the requirements of ASAs, ASREs, ASAEs and ASRSs, as applicable.
121
To ensure that there is a clear understanding regarding the terms of the engagement, the following are examples of matters to be agreed:
- APRA is to identify the scope of the insurer’s or insurance group’s operations, risk management or financial affairs to be the subject of the engagement.
- APRA is to identify clearly whether the engagement is an audit, review or agreed upon procedures engagement.
- The Appointed or Group Auditor, APRA and the insurer or insurance group are to agree on the objectives of the engagement, key features and criteria of the area to be examined, and the period to be covered by the engagement.
- For an agreed upon procedures engagement, the Appointed or Group Auditor, APRA and the insurer or insurance group are to agree on the nature and extent of procedures to be performed.
Furthermore, in accordance with Prudential Standard CPS 231 Outsourcing, APRA may request the auditor of the insurer to provide an assessment of the risk management processes in place with respect to an arrangement to outsource a material business activity.