Under the Banking Act, APRA is responsible for the prudential supervision and monitoring of prudential matters relating to ADIs, authorised non-operating holding companies (authorised NOHCs)^[5], and groups of bodies corporate which are their subsidiaries, in order to protect the interests of depositors of the ADIs and to promote financial system stability in Australia.

APRA formulates, promulgates and enforces prudential policy and practice through APRA Prudential Standards (APSs), which have the force of law. APRA may also issue non-enforceable Prudential Practice Guides (APGs) and other guidelines, to assist ADIs in complying with the requirements in its Prudential Standards and, more generally, to outline prudent practices in relation to certain elements of an ADI’s operations.^[6]

Prudentially regulated institutions, which includes ADIs, are required, under the FSCODA and Reporting Standards made under the FSCODA, to submit data to APRA as defined in APRA Reporting Forms and accompanying instructions. Some Reporting Forms are subject to assurance requirements.^[7]

The appointed auditor of an ADI and/or an ADI group has an important role to play in the prudential supervision process. Requirements for appointed auditors of ADIs and/or ADI groups to provide assurance reports on prudential matters to APRA are intended to assist APRA in assessing the reliability of information supplied to it by an ADI and/or an ADI group.

APRA also collects EFS data on behalf of the Australian Bureau of Statistics (ABS) and the Reserve Bank of Australia (RBA) (together, referred to as “the Agencies”), from ADIs and certain non-regulated corporations required to be registered under the FSCODA^[8].

EFS data is used by the Agencies for various purposes, including analysis, policy-making, compilation of key macroeconomic indicators for Australia, and as input to the national accounts to meet Australia’s international reporting obligations. This data may also be used by APRA for prudential purposes to promote financial system stability in Australia.

The FSCODA defines which categories of entities are registrable and also facilitates the collection of EFS data. Under the FSCODA, certain non-ADI lenders whose business activities in Australia includes the “provision of finance”^[9], or have been identified either individually or as a class of corporation specified by APRA, are required to be registered with APRA and to comply with requirements to submit EFS data to APRA.

EFS reporting requirements will depend on the size of an ADI or RFC. Based on thresholds included in APRA’s individual EFS Reporting Standards, larger ADIs and RFCs are required to report more detailed information, while smaller entities report less detailed information or do not report at all.

RRS 710.0 implements an assurance framework similar to that of APS 310/3PS 310 to RFCs.^[10]

The FCS for ADIs was put in place to protect the account-holders of locally incorporated ADIs from loss on their deposits, and to provide them with timely access to those deposits, in the event of an ADI becoming insolvent, up to a maximum amount guaranteed by the Australian Government. APRA is responsible for the administration of the FCS and for making payments to account-holders.^[11]

The audit [and review] of financial reports under the Corporations Act 2001 (Corporations Act) (where required) is directed towards obtaining sufficient appropriate evidence to form an opinion or conclusion, as applicable, on whether the financial report is presented fairly in accordance with the required financial reporting framework. The financial report audit [and review] is not designed to enable the appointed auditor to conclude in relation to the matters specified in APS 310, 3PS 310 and APS 910.

Prudential reporting requirements, imposed on the appointed auditor via the terms of engagement with an ADI, are in addition to the audit [and review] of financial reports required under the Corporations Act.

APS 310, 3PS 310 and APS 910 provide for two types of prudential reporting engagements to be conducted by the appointed auditor of an ADI and/or ADI group, namely:

1. annual prudential reporting engagements (routine reporting) - see paragraphs 48-57 of this Guidance Statement; and
2. special purpose engagements - see paragraphs 292-301 of this Guidance Statement.

APRA Prudential Standards may include further requirements for ‘independent’^[12] assurance engagements to be undertaken in relation to specific prudential matters.^[13] The appointed auditor of an ADI and/or ADI group may be engaged to undertake engagements of this type.

These requirements for independent assurance engagements are additional, and separate, to the APS 310, 3PS 310 and APS 910 annual prudential reporting requirements, and fall outside the scope of this Guidance Statement.

The responsibilities of the appointed auditor of an ADI and/or ADI group are contained in:

1. APS 310, 3PS 310 and APS 910;
2. other applicable APRA Prudential Requirements^[14], including the Banking Act, the FSCODA, and APRA Prudential and Reporting Standards;
3. applicable AUASB Standards; and
4. relevant ethical and professional standards.^[15]

(For an outline of the relevant reporting requirements applicable to the appointed auditor of an ADI and/or ADI group reporting pursuant to APS 310, 3PS 310 and APS 910, refer to the table in Appendix 1 to this Guidance Statement, entitled Outline of Auditor’s Reporting Requirements, Levels of Assurance, Subject Matter, Evaluation Criteria and Applicable AUASB Standards.)

In addition to the legislative and regulatory requirements imposed on appointed auditors, relevant AUASB Standards are applicable to assurance engagements under prudential standards:

1. Applicable Auditing Standards (ASAs), adapted as necessary in the circumstances of the engagement – when conducting a reasonable assurance engagement on historical financial information.

In applying Australian Auditing Standards to the engagement, the auditor has regard to any special considerations identified in ASA 805 Special considerations – Audits of single financial Statements and Specific Elements, Accounts or Items of a financial Statement, that may be relevant to the engagement.

2. Standard on Review Engagements (ASRE) ASRE 2405 Review of Historical Financial Information Other than a Financial Report (ASRE 2405) – when conducting a limited assurance engagement on historical financial information.
3. Standard on Assurance Engagements (ASAE) ASAE 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information (ASAE 3000) – when conducting assurance engagements on subject matters other than historical financial information.
4. ASAE 3450 Assurance Engagements involving Corporate Fundraisings and/or Prospective Financial Information (ASAE 3450) – when conducting assurance engagements in relation to prospective financial information such as forecasts or projections.
5. ASAE 3150 Assurance Engagements on Controls (ASAE 3150) – when conducting assurance engagements in relation to internal controls.

(For an outline of the relevant AUASB Standards applicable to each part of the prudential assurance engagement, refer to Appendix 1 of this Guidance Statement.)

This Guidance Statement is to be read in conjunction with, and is not a substitute for referring to, the requirements and application and other explanatory material contained in AUASB Standards applicable to the prudential assurance engagement.

APRA places reliance on accounting and auditing standards to the extent that they do not conflict with Prudential Requirements applicable to the ADI. APS 310 and 3PS 310 requires appointed auditors, in meeting their role and responsibilities, to comply with the Auditing Standards and Guidance Statements issued by the AUASB, except where:

1. requirements are inconsistent, in which case the requirements of APS 310 and 3PS 310 will prevail; or
2. APRA otherwise specifies, in writing, to the ADI that alternative standards and guidance are to be used by the appointed auditor.

It is important that the appointed auditor of an ADI and/or ADI group recognises the additional responsibilities under sections 16B, 16BA and 16C of the Banking Act, imposed on any auditor of an ADI, an authorised NOHC, or their subsidiaries, to provide information to APRA upon request, or where the auditor possesses reportable information specified in that Act, or where the auditor considers that the provision of information would assist APRA in performing its functions under the Banking Act or the FSCODA.^[16]

Under section 70B of the Banking Act, Banking Act provisions will take precedence over any conflicting Corporations Act provisions. Therefore, any provisions made under the Banking Act governing auditor reporting to APRA will override any conflicting Corporations Act provisions which may apply to such reporting.

The use by ADIs and APRA of assurance reports prepared by appointed auditors need to be evaluated in the context of the inherent limitations of an assurance engagement and the subject matter of the engagement.^[17]

Both APS 310 and 3PS 310 warn that all persons involved in the provision of information (which includes the appointed auditor) are to note that it is an offence under subsections 137.1 and 137.2 of the Criminal Code Act 1995 to provide, whether directly or indirectly, false and misleading information to a Commonwealth entity, such as APRA.