For the purpose of this Guidance Statement, the following terms have the meanings attributed below:


‘Authorised Deposit-taking Institution’ (ADI) is defined in APS 001, to mean a body corporate authorised under section 9 of the Banking Act, to carry on banking business in Australia.[18]

Reference in this Guidance Statement to an “ADI” will be taken, unless otherwise indicated, to include:

  1. a “locally incorporated ADI”;
  2. a “foreign ADI”; and
  3. an “extended licenced entity”.[19]


‘Appointed auditor’ means an independent auditor appointed by:

  1. an ADI as an auditor for the purposes of APS 310 and APS 910; and
  2. a Level 3 head as group auditor for the purposes of 3PS 310.

APS 310 and APS 910 allows for the appointed auditor to be the same auditor who audits an ADI for the purposes of the Corporations Act. Similarly, 3PS 310 allows for the Level 3 group auditor to be the same auditor who audits a Level 3 head for the purposes of the Corporations Act.

Under APS 310 and 3PS 310 separate auditors may be appointed to meet the APS 310 and 3PS 310 reporting requirements on a Level 1, Level 2 and Level 3 basis, and to undertake the different types of engagements provided for in these standards. APRA may also require that an ADI appoint another auditor, in addition to any auditor already appointed by the ADI, for the purposes of APS 310 and 3PS 310.

Therefore, it is possible for an ADI and ADI group to have more than one appointed auditor at any time, and for an APS 310/3PS 310 appointed auditor to be different from the auditor responsible for undertaking the financial report audit [and review] under the Corporations Act.

Where the Banking Act refers to “the auditor” of an ADI, this can be an auditor appointed for the purposes of APS 310 and/or 3PS 310, or another auditor, such as the auditor responsible for the audit [and review] of financial reports required under the Corporations Act.

Refer to APS 310 and 3PS 310 for further information on the use of group auditors, where the ADI is a member of a group.


‘Accounting records’ is defined in the AUASB Glossary as including “the records of initial accounting entries and supporting records, such as cheques and records of electronic fund transfers, invoices, contracts, the general and subsidiary ledgers, journal entries and other adjustments to the financial report that are not reflected in journal entries, and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures.”

For guidance on the application of the definition of “accounting records” to the assurance engagement, refer to paragraphs 148-156 of this Guidance Statement.


‘Advanced ADI’, means an ADI that has APRA’s approval to use an internal ratings-based approach to credit risk and/or an advanced measurement approach to operational risk, available under APRA Prudential Standards, for capital adequacy purposes.[20]

ADIs choosing to adopt the advanced measurement approaches for the purpose of determining the ADI’s regulatory capital, require prior approval from APRA (APRA accreditation). Under the advanced approaches for measuring capital adequacy, an ADI is permitted to use its own quantitative risk estimates in calculating regulatory capital. This involves a greater use of internal modelling and other forms of statistical analysis, as well as qualitative assessment.


‘Authorised non-operating holding company’ (authorised NOHC), is defined in APS 001 to have the same meaning as under section 5 of the Banking Act.


‘ADI Reporting Form’ (or Data Collection Form), means a form used for the collection and reporting of information in relation to an ADI, as required to be provided to APRA by an ADI in accordance with APRA Reporting Standards made under the FSCODA.


‘Controls’ or ‘internal controls’, as used in this Guidance Statement, is defined in ASAE 3150 and generally encompasses the following components:

  1. the control environment;
  2. the ADI’s risk assessment process;
  3. the information system, including the related business processes, relevant to financial and prudential reporting, and communication;
  4. control activities; and
  5. monitoring of controls.


‘Economic and Financial Statistics (EFS) Collection’, is defined in APRA Reporting Standard ARS 701.0 ABS/RBA Definitions for the EFS Collection, and comprises the EFS Reporting Standards and data collected under the EFS Reporting Standards.


‘Foreign ADI’, is defined in APS 001 to have the same meaning as under section 5 of the Banking Act. The terms “branch of a foreign bank” and “branch of a foreign ADI” are also used in APRA Reporting Standards and Reporting Forms when referring to a “foreign ADI” and refers to the foreign ADI’s Australian operations as if it was a stand-alone ADI.

Reference to a foreign ADI does not capture locally incorporated ADI subsidiaries of foreign banks, that is, a “foreign-owned ADI”.[21]


‘Group’, is defined in APS 001 as reference to a corporate group that comprises of more than one company that are related bodies corporate within the meaning of section 50 of the Corporations Act.


‘Head of the group’, means the head or parent entity of a Level 2 or Level 3 group, as relevant. Where a Level 2 group operates within a Level 3 group, a requirement expressed as applying to the head of the group, is to be read as applying to the “Level 3 head”.


‘Level 1’ ADI, means the ADI itself, as defined in APS 001 (see definition above).


‘Level 2’ ADI group, means the entities that comprise “Level 2”, as defined in APS 001.


‘Level 3’ group, as defined in APS 001 and 3PS 001, means the conglomerate group at the widest level and include all institutions determined by APRA to be members of a Level 3 group.

APRA may determine a Level 3 group where it considers that material activities are performed within the group across more than one prudentially regulated industry and/or in one or more non-prudentially regulated industries, to ensure that the ability of the group’s prudentially regulated institutions to meet their obligations to depositors, policy holders or registrable superannuation entity beneficiaries is not adversely impacted by risks emanating from the group, including its non-prudentially regulated institutions.

Generally, a conglomerate group will be headed by an ADI or an authorised NOHC and may include financial (APRA regulated[22] and unregulated) as well as non-financial (commercial) entities.

Attachment A to APS 001 provides further information to inform the auditor’s understanding of what constitutes a conglomerate group for the purposes of reporting pursuant to APS 310 and 3PS 310.


‘Level 3 head’, is defined in 3PS 001 to mean:

  1. an ADI or authorised NOHC under the Banking Act;
  2. a general insurer or authorised NOHC under the Insurance Act; or
  3. a life company or registered NOHC under the Life Insurance Act,

determined by APRA to be the head of a Level 3 group.


‘Limited assurance’, is defined in APS 001, in accordance with the AUASB’s Framework for Assurance Engagements.


‘Prudential Requirements’[23], is defined in APS 001 and includes requirements imposed by:

  1. the Banking Act;
  2. Regulations (made under the Banking Act);
  3. APRA Prudential Standards (made under the Banking Act);
  4. the FSCODA;
  5. APRA Reporting Standards (made under the FSCODA);
  6. APRA conditions on the ADI’s authorisation; and
  7. any other requirements imposed by APRA, in writing, in relation to an ADI.


‘Reasonable assurance’, is defined in APS 001, in accordance with the AUASB’s Framework for Assurance Engagements.


‘Routine reporting’, refers to the appointed auditor’s responsibility under APS 310, 3PS 310 and APS 910 to report to APRA and the ADI and/or Level 3 head, on an annual basis, in relation to the matters identified in paragraphs 48-57 of this Guidance Statement.


‘Specified ADI Reporting Forms’, means APRA ADI Reporting Forms listed in APS 310 Attachment A – Data Collections subject to reasonable and/or limited assurance.[24]


‘Standardised ADI’, means an ADI that uses the standardised measurement approaches, available under APRA Prudential Standards, for capital adequacy purposes in respect of the whole of its operations. See also paragraph 28(d) above.


ADI’s may include, but are not limited to: Australian owned banks, locally incorporated ADI subsidiaries of foreign banks, branches of foreign banks, building societies, credit unions and providers of purchased payment facilities.


“locally incorporated ADI”, “foreign ADI” and “extended licenced entity” are defined in APS 001.


For example, refer to APRA Prudential Standards APS 110 Capital Adequacy, APS 113 Capital Adequacy: Internal Ratings-based Approach to Credit Risk and APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk.


APS 001 defines a “foreign-owned ADI” to mean an ADI in relation to which an approval has been given, under section 14 of the Financial Sector (Shareholdings) Act 1998, for a bank that is not locally incorporated to hold a stake of more than 15 per cent in the ADI.


Entity directly regulated by APRA or by an equivalent regulator overseas.


These requirements may differ between locally incorporated and foreign ADIs.


The requirements are different for Standardised, Advanced and Foreign ADIs.