APS 310 and 3PS 310 require an ADI and/or the head of the ADI group, as applicable, to ensure its auditor:

1. satisfies the fitness and propriety requirements set out in Prudential Standard CPS 520 Fit and Proper;
2. satisfies the auditor independence requirements in CPS 510 ; and
3. is not subject to a direction issued under the Banking Act.

As such, the auditor will need to provide information to the entity to enable the ADI and/or head of the ADI group to comply with requirements.

For an outline of the relevant reporting requirements applicable to the appointed auditor of an ADI and/or ADI group reporting pursuant to APS 310, 3PS 310 and APS 910, refer to the table in Appendix 1 to this Guidance Statement, entitled Outline of Auditor’s Reporting Requirements, Levels of Assurance, Subject Matter, Evaluation Criteria and Applicable AUASB Standards.

Prudential Standards APS 310 and 3PS 310^[31]

Under APS 310 and 3PS 310^[32], the appointed auditor of an ADI and/or group auditor of an ADI group is required to report simultaneously to APRA and the Board (or Board Audit Committee) of the ADI and/or head of the ADI group, as appropriate,^[33] within three months^[34] of the end of the financial year, in relation to the following matters^[35]:

1. Assurance on Specified^[36] ADI Reporting Forms at the financial year-end:
   1. Reporting Forms with Data Sourced from Accounting Records
2. The appointed auditor is required to provide reasonable assurance that the information included in the Specified ADI Reporting Forms at the financial year-end, sourced from accounting records, is reliable and in accordance with the relevant APRA Prudential and Reporting Standards;
   2. Reporting Forms with Data Sourced from Non-Accounting Records
3. Unless otherwise indicated, in writing, by APRA, the appointed auditor is required to provide limited assurance that the information, included in the Specified ADI Reporting Forms at the financial year-end, sourced from non-accounting records, is reliable and in accordance with the relevant APRA Prudential and Reporting Standards;
   3. Reporting Forms with Data Sourced from a Combination of Accounting and Non-Accounting Records
4. Unless otherwise indicated, in writing, by APRA, the appointed auditor is required to provide reasonable assurance on information sourced from accounting records, and limited assurance that information sourced from non-accounting records, at the financial year-end, is reliable and in accordance with the relevant APRA Prudential and Reporting Standards.

2. Limited Assurance on Internal Controls addressing Compliance with Prudential Requirements and the Reliability of Data included in ADI Reporting Forms
   1. The appointed auditor is required to provide limited assurance that:

      1. the ADI and/or head of ADI group has implemented internal controls that are designed to ensure the ADI and/or head of the ADI group, as relevant, has:

         1. complied with all applicable Prudential Requirements; and

         2. provided reliable data to APRA in the Reporting Forms prepared under the FSCODA; and

      2. the controls in paragraph (b)(i) have operated effectively throughout the financial year.

3. Limited Assurance on Compliance with Prudential Requirements

   The appointed auditor is required to provide limited assurance, based on the appointed auditor’s work under (a) and (b) above^[37], that the ADI and/or the head of the ADI group, as relevant, has complied with all relevant Prudential Requirements under the Banking Act and the FSCODA, including compliance with APRA Prudential and Reporting Standards, during the financial year.^[38]

3PS 310 requires that reports, assessments and other material required under this standard make it clear where the auditor is referring to matters relating to the Level 3 head or the Level 3 group.

Under APS 310 and 3PS 310, it is the responsibility of the appointed auditor, as provided for in the required terms of engagement, to submit directly to APRA:

1. all reports required to be produced under APS 310 and 3PS 310; and
2. all assessments and other material associated with these reports, if requested by APRA.

Ordinarily, matters reported to APRA under paragraph 50 are also reported to the ADI and/or head of the ADI group to which the matter relates. However, APS 310 and 3PS 310 specifically prohibit the appointed auditor from notifying the ADI and/or head of the ADI group of, or from providing the ADI and/or head of the ADI group with, the documents referred to in paragraph 50, where:

1. the appointed auditor considers that by doing so the interests of depositors of the ADI or ADIs within the group would be jeopardised; or
2. there is a situation of mistrust between the appointed auditor and the Board of the ADI and/or head of the ADI group, or senior management of the ADI or ADI group.

In accordance with APS 310 and 3PS 310, an appointed auditor, whether as part of routine or special purpose engagements, must not place sole reliance on the work performed by APRA.

The appointed auditor of an ADI is required to attend all meetings with APRA related to APS 310 and 3PS 310, whether on a bilateral, tripartite or other basis, unless APRA indicates otherwise in writing.

Prudential Standard APS 910 Financial Claims Scheme

APS 910^[39] requires the appointed auditor, in accordance with APS 310, to provide limited assurance that:

1. the ADI^[40] has controls that are designed to ensure that Single Customer View (SCV) data as set out in APS 910 Attachment A, to the extent practicable, and FCS payment instruction and reporting information can be relied upon as being complete and accurate and in accordance with APS 910; and
2. these controls have operated effectively when tested.

APS 910 requirements are in addition to the APS 310 requirement for appointed auditors to perform a limited assurance engagement on controls implemented by the ADI to ensure compliance with all prudential requirements (which includes compliance with APS 910).

Generally, the APS 910 assurance engagement will be undertaken as part of the annual APS 310 assurance engagement on controls. APRA has indicated^[41] that, in circumstances where the APS 310/3PS 310 appointed auditor may not be in a position to undertake the APS 910 engagement, a different auditor from the same or a different audit firm will be able to carry out the APS 910 engagement, in accordance with the requirements of applicable AUASB Standards.^[42]

APRA requires the timing of the APS 910 assurance engagement to be aligned with the annual APS 310 assurance engagement. A separate assurance report for the APS 910 engagement is preferred, but the requirement is that this report be submitted to APRA at the same time as the APS 310 prudential assurance report.