The requirement to report pursuant to APRA’s annual prudential reporting requirements, is in addition to the audit [and review] of financial reports required under the Corporations Act, and is to be treated by the appointed auditor as a separate engagement.

The appointed auditor accepts the prudential reporting engagement only when satisfied that relevant ethical requirements relating to the assurance engagement have been met. The concept of independence is important to the appointed auditor’s compliance with the fundamental ethical principles of integrity and objectivity and the auditor is required to meet the independence requirements stipulated under both CPS 510 and Auditing Standard ASA 102^[43]. Furthermore, the auditor needs to satisfy the fitness and propriety requirements specified in CPS 520.

The appointed auditor and the ADI and/or head of the ADI group, as applicable, agree on the terms of the engagement for each discrete part of the assurance engagement, in accordance with the requirements contained in AUASB standards ASA 210^[44], ASAE 3000, ASAE 3150, ASAE 3450 and ASRE 2405. These arrangements have to be legally binding and include the required terms of engagement specified in APS 310/3PS 310.

An engagement letter^[45] confirms both the client’s and the appointed auditor’s understanding of the terms of the engagement, helping to avoid misunderstanding, and the appointed auditor’s acceptance of the appointment. Both parties sign the engagement letter to acknowledge that it is a legally binding contract.

The auditor may also use the engagement letter to clarify the respective roles of the ADI and/or the head of the ADI group, as appropriate, and the auditor. In particular, it is important to highlight in the engagement letter the entity’s responsibility to establish and maintain effective internal control to ensure compliance with Prudential Requirements and to ensure the reliability of data included in ADI Reporting Forms. As part of the acceptance of the prudential assurance engagement, the auditor may consider obtaining acknowledgement of this obligation from those charged with governance of the ADI and/or ADI group when obtaining agreement on the terms of the engagement.

For recurring engagements, the appointed auditor considers whether circumstances require the terms of the engagement to be revised and whether there is a need to re-confirm in writing the existing terms of the engagement. While the appointed auditor may decide not to re-confirm the terms of engagement each year, factors that may make it appropriate to do so include a recent change of senior management or those charged with governance, or any indication that the entity misunderstands the objectives and scope of the prudential reporting engagements.

APS 910 identifies additional requirements for ADIs and their appointed auditors, including a requirement for auditors to perform a limited assurance engagement on the ADI’s controls in relation to the SCV data and FCS payment instruction and reporting information. These requirements are in addition to the APS 310/3PS 310 requirement for auditors to perform a limited assurance engagement on controls implemented by the ADI to ensure compliance with all prudential requirements (which includes compliance with APS 910). The auditor may use the engagement letter to clarify the respective roles of the ADI and the appointed auditor. In particular, it is important to highlight the entity’s responsibility for ensuring the integrity of the operations, internal controls and information required under APS 910.

The engagement letter explains that any special purpose engagement of any aspect of the ADI’s business operations, prudential reporting, risk management systems or financial position, will constitute a separate engagement(s) and that the details of such engagement(s) will be the subject of a separate engagement letter(s).^[46]

The engagement letter furthermore clarifies that, in accordance with CPS 510, the appointed auditor is not to be a party to any contractual arrangements, or any understandings with an ADI, that seeks in any way to limit the auditor’s ability or willingness to communicate to APRA. APRA may liaise bilaterally with an appointed auditor and may, although not usually, request information directly from the appointed auditor. The appointed auditor notifies APRA of any attempts by an ADI to achieve such arrangements or understandings.

Refer to Appendix 2 of this Guidance Statement for an example engagement letter that reflects APRA reporting requirements as per APS 310 and APS 910. This letter includes examples of matters typically included in the engagement letter.