Skip to main content
Guidance Statements

GS 017

Audit Implications for Prudential Reporting Requirements of a Life Company

Download PDF

Approval Date: 17 December 2014

Operative Date This Guidance Statements is operative for financial reporting periods beginning on or after 1 December 2014

Download PDF

Approval Date: 17 December 2014

This Guidance Statement has been formulated by the Auditing and Assurance Standards Board (AUASB) to provide guidance to the auditor of a life company in reporting, pursuant to the prudential reporting requirements specified by the Australian Prudential Regulations Authority (APRA) in Prudential Standard LPS 310 Audit and Related Matters (January 2013) (LPS 310).

Preamble

Includes: Important Note, Authority Statement

Important Note

Guidance Statements are developed and issued by the AUASB to provide guidance to auditors and assurance practitioners on certain procedural, entity or industry specific matters related to the application of an AUASB Standard(s).

 

Guidance Statements are designed to provide assistance to auditors and assurance practitioners to assist them in fulfilling the objective(s) of the audit or other assurance engagement.  Accordingly, Guidance Statements refer to, and are written in the context of specific AUASB Standard(s); and where relevant, legislation, regulation or other authoritative publication.  Guidance Statements are not aimed at providing guidance covering all aspects of the audit or other assurance engagement.  Further, Guidance Statements do not establish or extend the requirements under an existing AUASB Standard(s).

 

Guidance Statement GS 017 Audit Implications for Prudential Reporting Requirements of a Life Company is not, and is not intended to be, a substitute for compliance with the relevant AUASB Standard(s) and auditors and assurance practitioners are required to comply with the relevant AUASB Standard(s) when conducting an audit or other assurance engagement.

Authority Statement

The Auditing and Assurance Standards Board (AUASB) formulates Guidance Statement GS 017 Audit Implications for Prudential Reporting Requirements of a Life Company pursuant to section 227B of the Australian Securities and Investments Commission Act 2001, for the purposes of providing guidance on auditing and assurance matters.

 

This Guidance Statement provides guidance to assist the auditor to fulfil the objectives of the audit or assurance engagement.  It includes explanatory material on specific matters for the purposes of understanding and complying with AUASB Standards.  The auditor exercises professional judgement when using this Guidance Statement.

 

This Guidance Statement does not prescribe or create new requirements.

Application

1

This Guidance Statement has been formulated by the Auditing and Assurance Standards Board (AUASB) to provide guidance to the auditor of a life company[1] in reporting, pursuant to the prudential reporting requirements specified by the Australian Prudential Regulations Authority (APRA) in Prudential Standard LPS 310 Audit and Related Matters (January 2013) (LPS 310).

2

LPS 310 applies to Life Companies from 1 January 2013.

1

The term auditor and life company are defined in paragraph 17 of this guidance statement.

Issuance Date

3

This Guidance Statement is issued on 17 December 2014 by the AUASB and replaces GS 017 Prudential Reporting Requirements for Auditors of a Life Company, issued in June 2010.

Introduction

Prudential Supervision of a Life company

4

Under the Life Insurance Act 1995 (Life Act), APRA is responsible for the prudential supervision and monitoring of prudential matters relating to all life companies, a specified class of life companies or one or more specified life companies in order to protect the interests of policy holders or prospective policy holders of the life companies concerned.

5

APRA formulates, promulgates and enforces prudential policy and practice through life company Prudential Standards (LPSs) and Crossindustry Prudential Standards (CPSs). In addition, APRA may also issue nonenforceable life company Prudential Practice Guides (LPGs), letters, publications, circulars and other guidelines, to assist life companies in complying with the requirements in its Prudential Standards and, more generally, to outline prudent practices in relation to certain elements of a life company’s operations.[2]

6

Under the Life Act, a life company is required to appoint an auditor. LPS 310 provides eligibility criteria for auditors. The auditor of a life company has an important role to play in the prudential supervision process. Requirements for auditors of life companies to provide reports on prudential matters to APRA are intended to assist APRA in assessing the reliability of information supplied to it by a life company.

7

The use by life companies and APRA of assurance reports prepared by auditors is to be evaluated in the context of the inherent limitations of an audit or review (refer paragraphs 111–115) and the subject matter of the audit or review (refer paragraphs 47-53 of this Guidance Statement).

8

LPS 310 warns that all persons involved in the provision of information (which includes the auditor) are to note that it is an offence under subsection 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false or misleading documents or information to a Commonwealth entity (such as APRA).

Scope of this Guidance Statement

9

LPS 310 provides for two types of engagements to be conducted by the auditor of a life company, namely:

  1. annual prudential reporting engagements (see paragraphs 30-136); and
  2. special purpose engagements (see paragraphs 137-147).

10

The audit or review of financial reports required under the Corporations Act 2001 (the Act) (where required) is directed towards obtaining sufficient appropriate evidence to form an opinion or conclusion, as applicable, on whether the financial report is presented fairly in accordance with the required financial reporting framework. The financial report audit or review is not designed to enable the auditor to conclude in relation to the matters specified in LPS 310.

11

The LPS 310 prudential reporting requirements, imposed on the auditor via the terms of engagement with a life company, are in addition to the audit or review of financial reports required under the Act.

Responsibilities of the Auditor

12

The responsibilities and reporting requirements of the auditor of a life company are contained in:

  1. applicable AUASB Standards;
  2. LPS 310;
  3. other applicable APRA Prudential Requirements[3], including the Life Act, the Financial Sector (Collection of Data) Act 2001 (FSCODA), and APRA Prudential and Reporting Standards; and
  4. relevant ethical and professional standards.

13

APRA places reliance on accounting and auditing standards to the extent that they do not conflict with Prudential Requirements applicable to life companies. LPS 310 requires auditors in meeting their role and responsibilities, to comply with the Australian Auditing Standards and consider Guidance Statements issued by the AUASB, except where:

  1. they are inconsistent with the requirements of LPS 310, in which case LPS 310 prevails; or
  2. APRA otherwise specifies, in writing, to the life company that alternative standards and guidance are to be used by the auditor. In the case of an eligible foreign life insurance company (EFLIC), APRA requires compliance with Australian Accounting Standards in the completion of APRA annual returns under LPS 310.

14

The following AUASB Standards are applicable to the engagement:

  1. Australian Auditing Standards – where reasonable assurance on historical financial information is required; and
  2. Standard on Assurance Engagements ASAE 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information (ASAE 3000) – where reasonable and limited assurance is required in relation to information other than historical financial information, including internal controls. ASAE 3000 has been written for general application to assurance engagements other than audits or reviews of historical financial information covered by Auditing Standards or Standards on Review Engagements. Where topic specific ASAEs exist, for example ASAE 3100 Compliance Engagements, the auditor applies the relevant topic specific ASAEs, as well as ASAE 3000.

15

The auditor accepts the prudential reporting engagement only when the auditor has no reason to believe that the auditor and the engagement team (if applicable) will not satisfy the relevant ethical requirements relating to audit and assurance engagements[4].

16

The concept of independence is important to the auditor’s compliance with the fundamental ethical principles of integrity and objectivity. The auditor is required to meet the independence requirements set out in:

  1. APRA’s life company Prudential Standard CPS 510 Governance (CPS 510); and
  2. ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements (ASA 102).

2

Access to APRA Prudential Standards, Prudential Practice Guides and legislation relevant to life companies is available on APRA’s website (www.apra.gov.au).

3

See paragraph 17 of this Guidance Statement.

4

See ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements.

Definitions

17

For the purposes of this Guidance Statement, the following items have the meanings attributed below:

17(a)

Assurance engagement means an engagement in which an assurance practitioner[5] aims to obtain sufficient appropriate evidence in order to express a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the subject matter information (that is, the outcome of the measurement or evaluation of an underlying subject matter against criteria).

17(b)

Auditor means an independent auditor(s) appointed by a life company to meet the prudential reporting requirements under LPS 310[6].

17(c)

Engagement risk means the risk that the assurance practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated.

17(d)

Internal control[7] encompasses the following components:

  1. the control environment;
  2. the life company’s risk assessment process;
  3. information systems, including the related business processes, relevant to financial and prudential reporting, and communication;
  4. control activities; and
  5. monitoring of controls.

 

The way in which internal control is designed and implemented varies depending on the life company’s size and complexity.

17(e)

Life company means all life companies (including friendly societies) registered under section 21 of the Life Act.

17(f)

Life company auditable annual return(s), means a form used for the collection and reporting of information in relation to a life company, as required to be provided to APRA by a life company in accordance with APRA Reporting Standards made under the FSCODA.

17(g)

Limited assurance engagement means an assurance engagement in which the assurance practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement but where that risk is greater than for a reasonable assurance engagement as the basis for expressing a conclusion in a form that conveys whether, based on the procedures performed and evidence obtained, a matter(s) has come to the assurance practitioner’s attention to cause the assurance practitioner to believe the subject matter information is materially misstated. The nature, timing, and extent of procedures performed in a limited assurance engagement is limited compared with that necessary in a reasonable assurance engagement but is planned to obtain a level of assurance that is, in the assurance practitioner’s professional judgement, meaningful. To be meaningful, the level of assurance obtained by the assurance practitioner is likely to enhance the intended users’ confidence about the subject matter information to a degree that is clearly more than inconsequential.

17(h)

Prudential Requirements[8], are defined in LPS 001 and include requirements imposed by:

  1. the Life Act;
  2. Regulations (made under the Life Act);
  3. APRA Prudential Standards (made under the Life Act);
  4. the FSCODA;
  5. APRA Reporting Standards (made under the FSCODA);
  6. APRA conditions on the registration of a life company; and
  7. any other requirements imposed by APRA, in writing, in relation to the life company.

17(i)

Reasonable assurance engagement means an assurance engagement in which the assurance practitioner reduces engagement risk to an acceptably low level in the circumstances of the engagement as the basis for the assurance practitioner’s conclusion. The assurance practitioner’s conclusion is expressed in a form that conveys the assurance practitioner’s opinion on the outcome of the measurement or evaluation of the underlying subject matter against criteria.

17(j)

Reliability under the Australian Accounting Standards Board’s Framework for the Preparation and Presentation of Financial Statements means information has the quality of reliability “… when it is free from material error and bias and can be depended upon by users to represent faithfully that which it either purports to represent or could reasonably be expected to represent”.

5

The term assurance practitioner has the same meaning as auditor, and is generally used in relation to assurance engagements performed under ASAE 3000.

6

A life company may appoint an auditor to fulfil LPS 310 requirements that is different to the auditor responsible for undertaking the financial report audit or review under the Act however this is not a common practice.

7

See paragraph 4(c) of ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment.

8

These requirements may differ between locally incorporated and foreign life companies.

Tripartite Relationship

18

Under normal circumstances, APRA does not consult directly with an auditor of a life company on matters concerning an individual life company. APRA’s liaison with an auditor of a life company is normally conducted under tripartite arrangements involving APRA, the life company and its auditor(s)[9].

19

Any one of the parties involved in the tripartite relationship may initiate meetings or discussions at any time, when considered necessary.

20

Notwithstanding the tripartite relationship, APRA and the auditor may meet, at any time, on a bilateral basis at the request of either party. APRA may communicate with an auditor of a life company on a bilateral basis to obtain or discuss information for whatever reason it considers appropriate.

21

Under CPS 510, a life company is required to ensure that its internal policy and contractual arrangements do not explicitly or implicitly restrict or discourage auditors (or other parties) from communicating with APRA.

9

See LPS 310, paragraph 15.

Obligations of the Life Company

22

Under CPS 510, it is the responsibility of a life company’s Board and management to ensure that the life company meets prudential and statutory requirements and has management practices in place to limit risks to prudent levels.

23

Under the Life Act, a life company is required to appoint an auditor(s) to meet the prudential reporting requirements under LPS 310. LPS 310 sets out the eligibility criteria for the appointment of an auditor.[10]

24

Under LPS 310, a life company is required to ensure that its auditor(s):

  1. has access to all relevant data, information, reports and staff of the life company, which the auditor reasonably believes is necessary to fulfil their role and responsibilities under LPS 310. This includes, access to the life company’s Board[11], Board Audit Committee and internal auditors as required;
  2. is kept fully informed of all APRA prudential requirements applicable to the life company; and
  3. is provided with any other information that APRA has provided to the life company that may assist the auditor in fulfilling their role and responsibilities.

25

Under LPS 310, a life company must ensure that the following are provided to its Board or Board Audit Committee (if not already sighted by one of them):

  1. reports, provided by the auditor in accordance with LPS 310, and any associated assessments and other material prepared in connection with fulfilling the requirements of LPS 310;
  2. commentary or responses provided by APRA to the life company on reports provided by the auditor, and any associated assessments and other material; and
  3. any commentary or response on the reports, associated assessments and other material provided by the auditor that is given by the life company to APRA.

26

LPS 310 requires a life company, if requested by APRA, within a reasonable time to provide APRA with the terms of engagement and other instructions or correspondence, including management letters, that may have a bearing on the:

  1. scope or conduct of the work undertaken by the auditor in accordance with LPS 310; and
  2. form, content (including findings made or opinion/conclusions expressed by the auditor) or scope of the reports provided in accordance with LPS 310.

10

See LPS 310, paragraph 7.

11

In the case of an eligible foreign life insurance company (EFLIC), the Compliance Committee.

Role and Responsibilities of the Auditor

27

In order for the life company to provide the reports under LPS 310 to APRA within the period specified by APRA’s Reporting Standard LRS 001 Reporting Requirements[12], the auditor of a life company must provide their report(s) to the Board of the life company, in relation to the following matters:

  1. Reasonable Assurance on Annual returns[13]LPS 310 requires the auditor to prepare a report that provides reasonable assurance that, in all material respects the:
    1. annual returns are reliable and in accordance with the relevant prudential requirements, and
    2. prudential requirements in relation to the accounting for statutory funds have been met.
  2. Limited Assurance on Controls: LPS 310 requires the auditor to prepare a report that provides limited assurance that, based on the review which is not an audit, in all material respects, nothing has come to the attention of the auditor that:
    1. the life company has not implemented systems, procedures and internal controls that are designed to ensure the life company has:
      1. complied with all applicable prudential requirements; and
      2. provided reliable data to APRA in the life company auditable annual returns prepared under the FSCODA; and
    2. the controls in paragraph 27(b)(i) have not operated effectively throughout the financial year; and
    3. the life company’s systems, procedures and internal controls relating to actuarial data integrity and financial reporting risks (the risks that incorrect source data will be used in completing the annual returns under FSCODA) are not adequate and effective.

 

Refer to paragraphs 124-127 for further guidance on the auditor’s opinion/conclusions.

28

The Life Act specifies in section 88 the circumstances where the auditor is required to report to APRA in the instance where a life company or its directors may have contravened the Life Act or any other law and the contravention may significantly prejudice the interests of the holders of policies issued by the life company. When a report is made to APRA, the auditor should not disclose this to the life company if the auditor:

  1. has lost confidence in or mistrusts the Board or senior management of the life company; or
  2. the auditor considers that by doing so the interests of policy holders may be jeopardised.

29

In accordance with LPS 310, an auditor, whether as part of the annual prudential reporting or special purpose engagements, must not place sole reliance on work performed by APRA.

12

LRS 001 specifies for reporting periods ending on or after 1 January 2015 reports are to be provided within three months and four months for periods ending prior to that date.

13

For a listing of life company annual returns to be subjected to audit, refer to APRA Prudential Standard LPS 310  b.

Agreeing the Terms of the Annual Prudential Reporting Engagement

30

The requirement to report in accordance with APRA’s annual prudential reporting requirements is in addition to the audit or review of financial reports required under the Act, and is to be treated by the auditor as a separate assurance engagement.

31

The auditor and the life company agree on the terms of the engagement in accordance with the requirements of Auditing Standard ASA 210 Agreeing the Terms of Audit Engagements (ASA 210) and ASAE 3000. These arrangements have to be legally binding and include the required terms of engagement specified in LPS 310.

32

An engagement letter (or other suitable form) confirms both the client’s and the auditor’s understanding of the terms of the engagement and the auditor’s acceptance of the appointment. Both parties sign the engagement letter to acknowledge that it is a legally binding contract.

33

For recurring engagements, the auditor considers whether circumstances require the terms of the engagement to be revised and whether there is a need to reconfirm in writing the existing terms of the engagement. While the auditor may decide not to reconfirm the terms of engagement each year, factors that may make it appropriate to do so include a recent change of senior management or those charged with governance, or any indication that the life company misunderstands the objectives and scope of LPS 310 prudential reporting engagements.

34

Ordinarily, matters that are contained in the engagement letter include the following:

  • The objectives and scope of the annual prudential reporting engagement pursuant to LPS 310.
  • The responsibilities of management and, where appropriate, those charged with governance, for the subject matter of the report.
  • The role and responsibilities of the auditor in accordance with the requirements of LPS 310.
  • Acknowledgement that the auditor, in meeting their role and responsibilities, will comply with the requirements of applicable AUASB Standards and will consider relevant Guidance Statements issued by the AUASB, except where inconsistent with the requirements of LPS 310 or where APRA specifies alternative standards and guidance to be used.
  • Identification of the relevant AUASB Standards under which the engagement will be conducted and inclusion of a statement that, although it does not prescribe or create new mandatory requirements, the auditor will consider the guidance contained in this Guidance Statement.
  • Agreement from management and, where appropriate, those charged with governance, to provide unrestricted access to records, documentation and other information requested in connection with the prudential reporting engagement.
  • Agreement from management and, where appropriate, those charged with governance, to provide written representations requested by the auditor.
  • Any limitations on the engagement (see paragraphs 112-115).
  • The agreed use of the assurance report(s) issued by the auditor, and the extent to which, and the basis on which, the assurance reports may be made available to others (refer paragraphs 124-127).
  • The auditor’s additional responsibilities to report to APRA under sections 80(3), 88 and 88A of the Life Act for which the auditor is provided protection in relation to the disclosure of such information under section 89.
  • Confirmation that the auditor will meet the independence requirements under CPS 510 and ASA 102.
  • The form of reporting and communication in relation to the engagement.

35

The engagement letter explains that any special purpose engagement of any aspect of the life company’s operations, risk management or financial affairs, will constitute a separate engagement(s) and that the details of such engagement(s) will be the subject of a separate engagement letter(s).

36

The engagement letter furthermore clarifies that, in accordance with LPS 310 and CPS 510, the auditor is not to be a party to any contractual arrangements, or any understandings with a life company, that seek in any way to limit the auditor’s ability or willingness to communicate to APRA. The auditor notifies APRA of any attempts by a life company to achieve such arrangements or understandings. APRA may liaise bilaterally with an auditor and may although not usually, request information directly from the auditor.

Planning the Annual Prudential Reporting Engagement

Includes: The Auditor’s Understanding of the Life Company and its Environment, including its Internal Control and Compliance Framework, The Characteristics of the Subject Matter and the Identified Criteria, The Intended Users of the Auditor’s Assurance Report and Their Needs, Materiality, Personnel and Expertise Requirements, Including the Nature and Extent of Experts’ Involvement, Work Performed by Another Auditor, The Activities of the Internal Audit Function and the Effect on Audit and Review Procedures

37

The nature and extent of planning activities will vary with the engagement circumstances. Specific matters that may be considered by the auditor as part of the planning process include:

  • The auditor’s understanding of the life company and its environment, including its internal control and compliance framework (see paragraphs 38-46).
  • The auditor’s previous experience with the life company.
  • The characteristics of the subject matter and the identified criteria (see paragraphs 47-53).
  • The internal controls relating to actuarial data integrity and financial reporting risks and the reliability and accuracy of the underlying source data (see paragraph 40).
  • The intended users of the auditor’s assurance report and their needs (see paragraphs 54-55).
  • Materiality (see paragraphs 56-70).
  • Engagement risk (see paragraphs 41-46).
  • The appropriate assurance strategy to adopt for each part of the engagement and possible sources of evidence.
  • Personnel and expertise requirements, including the nature and extent of experts’ involvement (see paragraphs 71-75).
  • Work to be performed by another auditor (see paragraph 76).
  • The activities of the internal audit function and the effect on audit and review procedures (see paragraphs 77-79).
  • The auditor’s additional reporting responsibilities under the Life Act (see paragraphs 132-135).

 

Further guidance on planning an audit may be found in ASAE 3000 and ASA 300 Planning an Audit of a Financial Report (ASA 300).

The Auditor’s Understanding of the Life Company and its Environment, including its Internal Control and Compliance Framework

38

The auditor obtains an understanding of the life company and its environment, including its internal control and compliance framework, and other assurance engagement circumstances, sufficient to:

  1. identify and assess the risks of the subject matter information being materially misstated, that significant deficiencies in internal controls may exist (in relation to the area of activity to be examined), and/or that the life company may not be complying with applicable prudential requirements; and
  2. design and perform further evidence gathering procedures.

39

The auditor exercises professional judgement to determine the nature and extent of the understanding that is needed. When performing procedures to obtain an understanding of the life company and its environment, consideration of the following matters may be helpful:

  • The size, nature and complexity of the life company and its activities.
  • Any changes in the market environment.
  • Governance and management functions within the life company, including the attitude, awareness and actions of those charged with governance and of management concerning the life company’s compliance with Prudential Requirements, and the respective roles and responsibilities attributed to the finance, risk management, compliance and internal audit functions.
  • Relevant aspects of the life company’s risk management framework and systems applicable to the engagement, including the life company’s risk assessment process for identifying risks relevant to prudential reporting objectives and deciding on actions to address those risks through its risk management systems.
  • The life company’s internal control relevant to the assurance engagement.
  • The life company’s compliance framework, processes and controls (refer to ASAE 3100).
  • The significance and complexity of the life company’s information technology environment and systems.
  • Any formal communications between APRA and the life company, and the results of any supervisory visits conducted by APRA in relation to the engagement.
  • Recent reports prepared by other assurance practitioners appointed to report on any aspect of the life company.
  • Work performed by the internal audit, risk management and compliance functions, for example key findings, control deficiencies, compliance register or incident reporting, and any reliance that may be placed on this work.
  • Discussions with life company staff responsible for monitoring regulatory compliance, such as the life company’s compliance officer or chief risk officer.

40

In addition to the general planning considerations, the auditor takes the following factors into account when planning the review of the life company’s internal controls relevant to the assurance engagement:

  • The overall compliance framework adopted by the life company to ensure compliance with all applicable prudential requirements, including its controls, policies and processes, and consideration of whether or not these are appropriate given the size, nature and complexity of the life company.
  • The sufficiency and appropriateness of the life company’s risk management strategy, including systems, policies and controls adopted in accordance with specific prudential standards, and consideration of whether these are up to date and in sufficient detail to facilitate compliance with the relevant prudential standards.
  • Matters relating to the life company’s organisational structure and operating characteristics, and recent significant changes thereto, which could impact on the life company’s internal controls.
  • Knowledge of the life company’s internal controls obtained during other assurance engagements conducted in relation to the life company.
  • Previously communicated instances of material non compliance with prudential requirements and/or material deficiencies in internal controls designed to ensure compliance with all applicable prudential requirements and the provision of reliable data to APRA in annual returns that have and have not been resolved by the life company.
  • In relation to actuarial data integrity and financial reporting risks the auditor may consider some of the following:
    • Sufficiency of expert resources within the life company e.g. actuarial or financial analysis and modelling;
    • Level/frequency of internal/external review of actuarial forecasting systems, models and associated controls;
    • Complexity of the underlying IT systems and general IT controls including:
      • storage and protection of data;
      • number of source systems;
      • system interfaces;
      • data transfer processes;
      • updating of actuarial data/key fields in the source systems; and
      • end user computing controls in relation to spreadsheets or other business owned applications e.g. version control, integrity, password control and logic tests.

 

The above is not meant to represent an exhaustive list and there may be other factors relevant to the specific circumstances of a life company.

41

In accordance with ASA 315 Identifying and Assessing Risks of Material Misstatement through Understanding the Entity and its Environment, the auditor performs risk assessment procedures and related activities to obtain an understanding of the life company and its environment. The Prudential Capital Requirement (PCR) of a life company is intended to take account of the range of risks to which a typical life company is exposed. The PCR for a life company, a statutory fund or a general fund is determined under LPS 110 Capital Adequacy and includes but is not limited to consideration of the following:

  1. the Insurance Risk Charge (IRC)
  2. the Asset Risk Charge (ARC)
  3. the Asset Concentration Risk Charge (ACRC)
  4. the Operational Risk Charge (ORC)

42

In identifying and assessing the risks of material misstatement, the auditor may need to consider the use of accounting estimates in the calculation of the life company’s PCR under ASA 540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures and evaluate the degree of estimation uncertainty associated with any accounting estimates.

43

The degree of estimation uncertainty associated with an accounting estimate may be influenced by factors such as:

  • The extent to which the accounting estimate depends on judgement.
  • The sensitivity of the accounting estimate to changes in assumptions.
  • The existence of recognised measurement techniques that may mitigate the estimation uncertainty (though the subjectivity of the assumptions used as inputs may nevertheless give rise to estimation uncertainty).
  • The length of the forecast period, and the relevance of data drawn from past events to forecast future events.
  • The availability of reliable data from external sources.
  • The extent to which the accounting estimate is based on observable or unobservable inputs.
  • The degree of estimation uncertainty associated with an accounting estimate may influence the estimate’s susceptibility to bias.

44

Matters the auditor considers in assessing the risks of material misstatement in an accounting estimate may also include:

  • The actual or expected magnitude of an accounting estimate.
  • The recorded amount of the accounting estimate (that is, management’s point estimate) in relation to the amount expected by the auditor to be recorded.
  • Management’s documentation of the judgements involved in estimates, for example, assumptions, model risk and understanding and data quality.
  • Outcomes of the sensitivity analysis performed on the assumptions by management.
  • Adequacy and outcomes of the process adopted by the life company in determining the PCR is appropriate as it relates to the life company as a whole.
  • Complexities and disclosures required for each component of risk under the life company’s PCR calculation.
  • Whether the models developed by management are using recognised measurement techniques and are independently reviewed and approved by appropriate personnel or an external expert.
  • Reliance on and use of internally developed or externally sourced models to estimate scenarios arising from movements in future mortality, morbidity, longevity, servicing expenses, lapses and other insurance risks.
  • Whether relevant and reliable controls are in place around the modelling process and the protection of model integrity.
  • Whether management has used an expert in making the accounting estimate.
  • The effectiveness of the controls and processes relied upon in setting the best estimate assumptions and insurance risk stress margins underlying the life company’s PCR calculation.
  • Outcomes of the Appointed Actuary’s Financial Condition Report (FCR) and any impacts they may have on accounting estimates.
  • Outcomes of the review of prior period accounting estimates.

 

The auditor considers the above factors and their impact on the audit approach and uses professional judgement in forming a view as to whether the accounting estimates are reliable.

45

In addressing the risks and accounting estimates associated with each of the areas in paragraph 41, the auditor may need to consider performing further substantive procedures to respond to significant risks associated with estimation uncertainty.

46

The auditor uses professional judgement to assess whether there is sufficient evidence available to enable the auditor to form an opinion in relation to accounting estimates.

The Characteristics of the Subject Matter and the Identified Criteria

47

The auditor identifies the most recent yearend life company annual returns submitted to APRA for audit.

48

The auditor identifies, and obtains an understanding of, all the prudential requirements (refer to definition under paragraph 17) applicable to the specific life company (including any additional guidance provided by APRA to the life company), with particular attention to changes in these requirements during the reporting period. The auditor makes enquiries with respect to any requirements that are imposed in writing by APRA on the life company, or in relation to conditions on the life company’s authorisation, as these requirements may vary from one life company to another.

49

Compliance with prudential requirements (see paragraphs 27(a) and 27(b) of this Guidance Statement) is broader than compliance with only the quantitative limits in APRA Prudential Standards (for example, capital adequacy requirements). The auditor is required to obtain reasonable assurance in relation to the preparation of the annual return(s) in accordance with the Life Act, the FSCODA Act 2001 and the applicable APRA reporting standards (refer Auditor’s Opinion in Appendix 1 Part A).

50

In relation to a life company’s responsibility to keep the auditor informed of all APRA prudential requirements applicable to the life company, the auditor obtains written representations from those responsible (see paragraphs 109-110).

51

APRA Prudential and Reporting Standards provide the criteria for evaluation or measurement, within the context of the auditor’s professional judgement, of the reliability of the information included in life company annual returns.

52

The auditor identifies and obtains an understanding of the applicable prudential requirements that govern the preparation of data within life company annual returns, with particular attention to changes in these requirements during the reporting period under review. In addition to the Prudential and Reporting Standards issued by APRA, other Prudential Requirements, including the life company Reporting Form Instruction Guides, will have an impact on the provision of reliable data to APRA under the FSCODA and, therefore, the auditor has regard to all relevant Prudential Requirements when planning and conducting the engagement.

53

It is important that the auditor obtains an understanding of how APRA Prudential Standards and APRA Reporting Standards differ from the financial reporting framework (Australian Accounting Standards), which determines data recorded in the life company’s accounting records.

The Intended Users of the Auditor’s Assurance Report and Their Needs

54

Data collected in a life company annual return(s) is primarily used by APRA to ensure that:

  1. the regulated entity has met the requirements of all prudential standards and other statutory and regulatory requirements;
  2. statistical and financial data provided to APRA is reliable; and
  3. other matters that could materially prejudice/adversely affect the interests of policyholders are concluded upon.

55

APRA has the power under subsection 56(5) of the Australian Prudential Regulation Authority Act 1998 to make ‘protected information’ (which may include auditors’ reports or information extracted from such reports) available to another financial sector supervisory agency (for example, the Reserve Bank of Australia (RBA), the Australian Bureau of Statistics (ABS) and the Australian Securities and Investments Commission (ASIC), or any other ‘specified’ agency (including foreign agencies), when APRA is satisfied such information will assist those agencies in performing their functions or exercising their powers.

Materiality

56

The auditor considers materiality when:

  1. determining the nature, timing and extent of audit and review procedures;
  2. evaluating the effect of uncorrected misstatements identified in life company annual returns;
  3. evaluating the effect of identified deficiencies in internal controls designed to ensure:
    1. compliance with Prudential Requirements; and
    2. reliable data is provided in the life company annual returns; and
    3. integrity of actuarial data;
  4. assessing the significance of identified instances of non compliance with relevant Prudential Requirements.

57

Determining materiality involves the exercise of professional judgement. Judgements about materiality are made in light of relevant circumstances, and are affected by quantitative and qualitative factors as well as consideration of the potential impact of misstatements, control deficiencies and/or instances of noncompliance that are individually immaterial but in the aggregate may be of concern.

58

Since the concept of materiality is applied differently in the context of an audit or review of financial and other information, a review of internal controls, and for the purpose of reporting on a life company’s compliance with Prudential Requirements, it is considered separately below in paragraphs 67-69.

59

Although there is a greater risk that misstatements, control deficiencies or instances of noncompliance may not be detected in a review than in an audit, the judgement as to what is material is made by reference to the subject matter on which the auditor is reporting and the needs of those relying on that information, as opposed to the level of assurance obtained.

Audit of Life Company Annual Returns

60

The principles of assessing materiality for the purpose of expressing an opinion on a life company’s annual returns (an audit), will generally be similar to that applying to the audit of a financial report.

61

For the purposes of the audit of life company annual returns, the auditor considers materiality, as appropriate, under Auditing Standard ASA 320 Materiality in Planning and Performing an Audit (ASA 320).

62

Misstatements in the life company annual returns, either individually or in aggregate with other misstatements, are considered material if the auditor believes the intended users (refer paragraphs 54-55) may be influenced by the misstatement(s) of the information.

63

ASA 320 deals with materiality in the context of the financial statements taken as a whole. For the purpose of reporting on the reliability of information included in specified life company annual returns, the auditor considers and applies materiality at the level of individual annual returns, or data items, as appropriate.

64

In applying ASA 320 and ASAE 3000, as appropriate, to individual annual returns, the auditor has regard to the nature, purpose and use of the information included in each annual return. The collection and analysis of data in specified annual returns is a critical component of APRA’s supervisory function. APRA collects data from life companies and friendly societies (and other APRA regulated entities) in order to:

  1. verify compliance with prudential requirements (e.g. solvency and capital requirements);
  2. understand the operations of the company and the industry;
  3. identify emerging issues in both the company and the industry;
  4. pass on data to other government agencies; and
  5. provide information on the finance sector to research organisations and the general public.

65

The auditor’s preliminary assessment of materiality is based largely on quantitative factors. A percentage is often applied to a chosen benchmark as a starting point in determining materiality. The base and percentage may vary depending upon the life company annual return in question.

66

The auditor has regard to alternative bases such as profit, revenue or assets when considering whether a misstatement within a life company’s annual returns such as the Statement of Financial Position, Income Statement, Summary of Revenue and Expenses or Retained Profits, is material.

Review of Internal Controls

67

In accordance with ASAE 3000, when reviewing internal controls, the auditor assesses materiality in the context of the life company’s objectives relevant to the particular area of activity being examined, and whether the internal controls will reduce to an acceptably low level, the risks that may threaten the achievement of the control objectives – in this case compliance with prudential requirements and integrity of actuarial data.

68

In assessing materiality, the auditor has regard to the measures the life company has adopted to ensure:

  1. reliable data is provided to APRA in all of the life company’s annual returns prepared under the FSCODA;
  2. compliance with all applicable Prudential Requirements; and
  3. integrity of actuarial data.

69

ASAE 3100 sets out the requirements and provides guidance to the auditor in applying materiality in the context of a compliance engagement.

Reporting on Compliance with Prudential Requirements and Actuarial Data Integrity

70

LPS 310 requires the auditor to provide limited assurance that the life company has suitably designed systems, procedures and controls to ensure the life company has complied, in all material respects, with all applicable Prudential Requirements (see paragraph 27(b) of this Guidance Statement). The auditor considers materiality when evaluating the significance of identified instances of noncompliance with relevant Prudential Requirements (refer to paragraphs 93-99). For further guidance in relation to the controls and appropriate audit evidence (refer to paragraphs 81 –92) and the evaluation of findings by the auditor (refer to paragraphs 101-103).

Personnel and Expertise Requirements, Including the Nature and Extent of Experts’ Involvement

71

An auditor gives further consideration as to whether the auditor has, or will be able to obtain, adequate knowledge and the required skills to undertake the engagement.

72

LPS 310 prohibits auditors from placing sole reliance on the work performed by APRA. As required by professional ethical requirements, auditors exercise their professional judgement and reach their own conclusions when undertaking any assurance engagement.

73

The nature and complexity of the life company determines whether the auditor may need to involve experts in the engagement. When conducting this type of engagement, there are a number of considerations that need to be addressed by the auditor in relation to the use of, for example, an actuarial expert:

  • whether there is an expert appointed by management or those charged with governance (management’s expert) under the requirements outlined in LPS 320 Actuarial and Related Matters (LPS 320), in which case ASAE 3000[14] will need to be considered;
  • whether there is a requirement for an auditor’s expert (auditor’s expert) in which case ASA 620 Using the Work of an Auditor’s Expert (ASA 620) and ASAE 3000 will need to be considered; and
  • where the engagement team includes actuarial experts.

 

Under the Life Act, a life company must appoint an appointed actuary (management’s expert as defined by ASA 620). One of the key requirements to be met by the appointed actuary is to complete a financial condition report on the life company. As outlined in LPS 320, this is the minimum requirement for a life company or a friendly society.

74

The complexity and nature of the life company may warrant the use of both a management’s expert and an auditor’s expert on the same engagement. Generally this is the case for the larger more complex life companies, however, in the case of a friendly society the management’s expert may be able to provide the auditor with sufficient appropriate audit/review evidence.

75

The life company auditor also liaises with the life company appointed actuary with regard to the requirements of s80(2) of the Life Act in order for the auditor to obtain assurance that the income and outgoings apportionments have been made equitably and in accordance with generally accepted accounting principles (refer to paragraph 133).

Work Performed by Another Auditor

76

Where the auditor plans to use the work of another independent auditor or assurance practitioner, the auditor:

  • for the audit of financial information, complies with the requirements of Auditing Standard ASA 600 Special Considerations Audits of a Group Financial Report (Including the Work of Component Auditors) (ASA 600); and
  • for other assurance, complies with the requirements of ASAE 3000.

The Activities of the Internal Audit Function and the Effect on Audit and Review Procedures

77

CPS 510 requires all life companies (including an eligible foreign life insurance companies (EFLICs), to have in place an independent and adequately resourced internal audit function.[15]

78

CPS 510 requires that the objectives of the internal audit function include an evaluation of the adequacy and effectiveness of the financial and risk management framework of the life company.

79

In considering the activities of the internal audit function and evaluating the effect, if any, on audit and review procedures, the auditor:

  • for the audit of financial information, complies with the requirements of Auditing Standard ASA 610 Using the Work of Internal Auditors (ASA 610); and
  • for other assurance, complies with the requirements of ASAE 3000.

14

Further guidance on this area is available in GS 005 Using the Work of a Management’s Expert (to be issued in January 2015).

15

Under CPS 510, APRA may approve alternative arrangements where APRA is satisfied that it will achieve the same objectives.

Conducting the Annual Prudential Reporting Engagement

Includes: Audit of Annual Returns to APRA, Review of Internal Controls over Compliance with Prudential Requirements and Reliability of the Life Company’s Annual Returns, Evaluation of Misstatements, Reporting on Compliance with Prudential Requirements, Written Representations, Inherent Limitations of the Engagement

Audit of Annual Returns to APRA

Audit Objective

80

The auditor is required to prepare a report that provides reasonable assurance on the life company’s annual returns to APRA, as specified in attachment A to LPS 310[16]. In particular, the report must specify whether in all material respects, the auditor concludes the:

  1. annual returns are reliable in accordance with relevant prudential requirements; and
  2. prudential requirements in relation to the accounting for statutory funds have been met.

 

The report to the life company is addressed to the board of the life company.

Review of Internal Controls over Compliance with Prudential Requirements and Reliability of the Life Company’s Annual Returns

Review Objective

81

Under LPS 310, the auditor is required to express a conclusion, based on a review, as to whether anything has come to the attention of the auditor to cause the auditor to believe that, in all material respects:

  1. The life company has not implemented internal controls that are designed to ensure the life company has:
    1. complied with all applicable Prudential Requirements; and
    2. provided reliable data to APRA in the life company’s annual returns prepared under the FSCODA.
  2. The controls in paragraph 81(a) have not operated effectively throughout the financial year.
  3. The life company’s systems, procedures and internal controls relating to actuarial data integrity and financial reporting risks (the risks that incorrect source data will be used in completing the Annual returns under FSCODA) are not adequate and effective.

AUASB Standards

82

The auditor conducts the review of internal controls in accordance with ASAE 3000 and other relevant topic specific ASAEs, for example, ASAE 3150 Assurance Engagements on Controls.

Gathering Assurance Evidence

83

The evaluation of whether the life company has implemented internal controls that are designed to achieve the relevant control objectives as set out in paragraph 81 above, is performed in the context of the auditor’s general understanding of the life company and its environment, the life company’s risk management practices, and its internal control and compliance framework, as obtained for the purpose of planning the engagement. This review is based on whether the life company has implemented internal controls that have been suitably designed to reduce to an acceptably low level, the risks that threaten achievement of the relevant control objectives.

84

The auditor generally adopts a ‘top down’ approach in gathering evidence, by making enquiries of key personnel, observing the life company’s operations, performing ‘walk through’ tests of controls, and inspecting relevant documentation, as appropriate, in order to achieve the following:

  • Obtaining an understanding of the life company’s overall control environment and compliance framework.
  • Identifying the internal compliance function(s) designed to ensure compliance with all applicable Prudential Requirements.
  • Identifying policies, procedures and controls designed to ensure compliance with all applicable Prudential Requirements, by reviewing documents such as the life company’s Internal Capital Adequacy Assessment Process (ICAAP) Summary Statement and management declaration, Risk Management Framework, Risk Management Strategy and similar risk management policy documents issued by the life company in accordance with applicable prudential standards.
  • Identifying the processes used by the Board of the life company to support its Risk Management Declaration to APRA as outlined in CPS 220 Risk Management (CPS 220).
  • Identifying key Board and operational matters by reviewing the minutes of the life company’s Board, as well as minutes of any sub committees responsible, for example, for oversight of risk, compliance and audit, held during the year and enquiring about matters discussed and outcomes from Board decisions.
  • Identifying the internal risk and compliance functions designed to oversee the provision of data to APRA in life company annual returns.
  • Identifying significant processes for the preparation of life company annual returns e.g. ICAAP.
  • Identifying the key controls over these significant processes that are designed to ensure that reliable data is provided to APRA in life company annual returns.

 

The above is not an exhaustive list of procedures that the auditor may perform in gathering evidence. An auditor’s professional judgement would be used as appropriate in the circumstances of the assurance engagement.

85

Life companies have different systems and procedures in place to monitor compliance with specific Prudential Standards. Projections and estimates are likely to be part of the monitoring process, as the preparation of a full financial report is unlikely to be practical on a daybyday or weekbyweek basis. Varying degrees of precision may exist therefore in applying the monitoring process. Notwithstanding these differences, such systems seek to ensure that life companies comply with all Prudential Standards on a continuous basis.

86

The way in which internal control is designed and implemented varies with a life company’s size and complexity. Smaller life companies may use less formal means and simpler processes to achieve their control objectives.

87

The auditor gathers evidence in response to assessed risks with a focus on identifying key controls within the control systems design. The auditor exercises professional judgement in determining the specific nature, timing and extent of review procedures to achieve the review objective.

88

Following the evaluation of whether the life company has internal controls designed to achieve the relevant control objectives, the auditor performs review procedures to obtain evidence about whether these controls have operated as designed throughout the financial year. The auditor may consider how the controls were applied, the consistency with which they were applied, by whom they were applied and the period of time over which the controls were applied.

89

The review of operating effectiveness may include procedures such as:

  • Enquiry of appropriate life company personnel (and obtaining written representations).
  • Observation of the control process.
  • Ascertaining whether the person(s) performing the control(s) possesses the necessary authority and competence to perform the control(s) effectively.
  • Review of relevant documentation.
  • ‘Walk through’ tests; and
  • Limited re performance of the controls.

90

Interpretation of the word ‘reliable’ in the context of the review of controls over life company annual returns has practical limitations in some circumstances. For many life companies, it is only at the financial yearend (or for life companies that are disclosing entities, also at the half yearend) that all the necessary accounting adjustments, such as accruals, prepayments, provisioning and valuations, are prepared and subjected to audit or review. APRA accepts this position that annual returns prepared throughout the year are based on the life company’s normal accounting process.

91

The auditor makes enquires as to whether there were any changes in internal control, or other matters, subsequent to the financial yearend date and up to the date of the auditor’s assurance report, that may have an impact on the auditor’s conclusion about the effectiveness of internal controls, and obtains written representations from management relating to such matters.

92

Materiality is to be considered as outlined in paragraphs 56-70 of this Guidance Statement.

Evaluation of Misstatements

Audit of Life Company Annual Returns

93

The auditor evaluates, individually and in the aggregate, whether uncorrected misstatements that have come to the auditor’s attention, are material to the reported information. Materiality is applied in the context of paragraphs 56-69 of this Guidance Statement.

94

In evaluating whether or not the specified life company annual returns, or data in annual returns, are, in all material respects, reliable and in accordance with the relevant APRA Prudential and Reporting Standards, the auditor exercises professional judgement, having regard to both the users and intended uses of the information in the annual returns.

95

The magnitude of a misstatement alone is only one factor used to assess the misstatement. The auditor evaluates each identified misstatement in the context of information relevant to users of the annual return, by considering qualitative factors and the circumstances in which each misstatement has been made. For example, in evaluating identified misstatements, the auditor has regard to factors such as the level of the life company’s buffer above the particular minimum prudential capital requirements (determined under periodic quantitative calculations) and the sensitivity of these buffers to fluctuations in the life company’s financial performance and position.

96

The auditor may designate an amount below which misstatements need not be aggregated, because the auditor expects that the aggregation of such amounts clearly would not have a material effect on the reported information. In doing so, the auditor considers that the materiality of misstatements involves qualitative as well as quantitative considerations and those misstatements of a relatively small amount could nevertheless have a material effect on the reported information.

97

A key concern with any misstatement within a life company’s annual returns is its potential impact on the life company’s ‘capital adequacy requirement’ that is determined in accordance with APRA’s prudential standards[17]. This is taken into consideration by the auditor when evaluating whether a misstatement in the life company’s annual returns, has a material impact on the Prescribed Capital Amount.

98

The auditor may also consider LPS 112 Capital Adequacy: Measurement of Capital, where materiality in relation to capital adequacy must be evaluated and applied at the statutory fund level. The materiality of the statutory fund relative to the size of the company overall may be taken into account for the purposes of assessing the impact on the Prescribed Capital Amount.

99

In extremely rare circumstances, the auditor may conclude that information reported in life company annual return(s) in accordance with the relevant APRA Prudential and Reporting Standards is misleading. The auditor discusses the matter with management and, depending how it is resolved, determines whether, and how, to communicate the matter in the auditor’s assurance report.

Review of Internal Controls

100

The auditor evaluates, individually and in aggregate, whether internal control deficiencies that have come to the auditor’s attention are material. Materiality is to be applied in the context of paragraphs 67-69.

101

The auditor exercises professional judgement in evaluating the materiality of internal control deficiencies, having regard to the intended users of the auditor’s assurance report.

102

In evaluating the severity of identified internal control deficiencies, the auditor having regard to materiality, considers:

  1. the likelihood that the relevant internal controls may fail to prevent or detect:
    1. non compliance with a Prudential Requirement;
    2. a misstatement in the data being provided to APRA in life company annual returns;
    3. misstatements in actuarial data used in financial reporting;
  2. the significance of the potential resulting non compliance with a Prudential Requirement in the context of the life company’s overall compliance with applicable Prudential Requirements;
  3. the magnitude of the potential misstatement that could result from the internal control deficiency in the information reported in the life company annual returns; and
  4. the magnitude of the potential misstatement that could result from a deficiency in internal control over the adequacy and effectiveness of actuarial data integrity and financial reporting risks.

103

The evaluation of the severity of a deficiency in internal control does not depend on whether a misstatement or noncompliance with a Prudential Requirement has actually occurred, but rather the likelihood that the life company’s controls may fail to prevent or detect a material misstatement or material noncompliance with a Prudential Requirement.

Reporting on Compliance with Prudential Requirements

104

The auditor is required under LPS 310 to express a conclusion, based on the audit or review(s) conducted under paragraphs 80-103 above, as to whether anything has come to the attention of the auditor to cause the auditor to believe that, during the financial year, the life company has not complied, in all material respects, with all applicable Prudential Requirements in the Life Act and the FSCODA, including compliance with APRA Prudential and Reporting Standards.

105

Under sections 88 and 88A of the Life Act, auditors are required to report to APRA when the auditor believes the life company or its directors may have contravened the Life Act or to assist APRA to perform its functions under the Life Act (refer to paragraphs 28132-136 of this Guidance Statement for further detail).

106

The auditor considers materiality when assessing the significance of identified instances of noncompliance with relevant Prudential Requirements.

107

In order to conclude on a life company’s compliance with all applicable Prudential Requirements, the auditor considers the existence of relevant matters that may indicate instances of noncompliance, throughout the reporting period and up to the date of signing the auditor’s assurance report.

108

The auditor complies with the requirements of Auditing Standard ASA 560 Subsequent Events (ASA 560), as appropriate, which may include the following audit procedures:

  • Reading minutes of the life company’s Board, as well as minutes of any sub committees responsible, for example, for oversight of risk, compliance and audit, held after balance date and enquiring about matters discussed at these meetings for which minutes are not yet available.
  • Examining the life company’s breach registers up to the date of the auditor’s assurance report.
  • Enquiring of the life company’s management as to whether any subsequent events have occurred which might represent non compliance with applicable Prudential Requirements.

Written Representations

109

Prior to issuing the Auditor’s Annual Prudential Assurance Report, the auditor obtains written representations, as are considered appropriate to matters specific to the life company, from the party responsible[18] for the life company.

110

These written representations are generally in the form of a representation letter. In obtaining and using these written representations, the auditor complies with the requirements of, as appropriate, Auditing Standard ASA 580 Written Representations (ASA 580) and ASAE 3000.

Inherent Limitations of the Engagement

111

As the systems, procedures and controls to ensure compliance with Prudential Requirements are part of the life company’s operations, it is possible that either the inherent limitations of the internal control structure, or weaknesses in it, may impact on the effective operation of the life company’s specific control procedures. Furthermore, fraud, error or noncompliance with laws and regulations may occur and not be detected.

112

Due to the nature of audit and review procedures and other inherent limitations of an audit and review, there is a possibility that a properly planned and executed audit or review may not detect all errors or omissions in life company annual returns, deficiencies in controls, or instances of noncompliance with Prudential Requirements.

113

An audit provides reasonable assurance and cannot constitute a guarantee that the information included in life company annual returns specified in Attachment A to LPS 310, sourced from accounting records, is reliable, or that all instances of noncompliance with relevant APRA Prudential and Reporting Standards have been detected.

114

While reviews involve the application of audit related skills and techniques, usually they do not involve many of the procedures performed during an audit. In an audit, as the auditor’s objective is to provide a high, but not absolute, level of assurance on the reliability of information included in life company annual returns, the auditor uses more extensive audit procedures than in a review. Review procedures, therefore, do not provide all the evidence required in an audit and, consequently, the level of assurance obtained is less than that in an audit.

115

The auditor performs procedures appropriate to provide limited assurance in relation to internal controls existing at the review date, and whether those controls have operated as documented throughout the financial year.

16

This should include any reference to amendments set out in letters from APRA to Registered Life Companies and Appointed Auditors.

17

Refer to LPS 100 Solvency, LPS 110 Capital Adequacy and LPS 112 Capital Adequacy: Measurement of Capital.

18

Management and, where appropriate, those charged with governance of the life company.

Communication

116

It is the responsibility of the auditor to make the life company aware, as soon as practicable, of any identified material misstatements in life company annual returns, material deficiencies in internal controls and instances of material noncompliance arising from the prudential reporting engagement.

117

Such communications are made as soon as practicable, either orally or in writing. The auditor’s decision whether to communicate orally or in writing ordinarily is affected by factors such as the nature, sensitivity and significance of the matter to be communicated and the timing of the communications. If the information is communicated orally, the auditor documents the communication.

118

When, in the auditor’s judgement, those charged with governance do not respond appropriately within a reasonable period of time, the auditor considers whether to modify the auditor’s annual prudential assurance report.

119

It is important that the auditor understands the additional statutory responsibilities to report certain matters to APRA under the Life Act. Failure to notify APRA as required represents a criminal offence, which attracts criminal penalties (refer paragraphs 132-136).

120

Material findings (misstatements, control deficiencies and noncompliance) are reported to APRA and the life company’s Board (or Board Audit Committee) as modifications to the auditor’s assurance report (refer paragraph 125).

121

Under Auditing Standard ASA 260 Communication with Those Charged With Governance (ASA 260), ASA 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management (ASA 265) and ASAE 3000, the auditor communicates relevant matters of governance interest arising from the engagement to those charged with governance on a timely basis. Examples of such matters may include:

  • The general approach and overall scope of the engagement, or any additional requirements.
  • Fraud or information that indicates that fraud may exist.
  • Significant deficiencies in internal controls identified during the engagement. A significant deficiency in internal control means a deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgement is of sufficient importance to merit the attention of those charged with governance.
  • Disagreements with management about matters that, individually or in aggregate, could be significant to the engagement.
  • Expected modifications to the auditor’s prudential assurance report.

122

The auditor informs those charged with governance of the life company of those uncorrected misstatements, other than clearly trivial amounts, aggregated by the auditor during and pertaining to the engagement that were considered to be immaterial, both individually and in the aggregate, to the assurance engagement.

123

Under LPS 310, if requested by APRA, the auditor submits directly to APRA all assessments and other material associated with the auditor’s report, such as management letters issued by the auditor to the life company which contain material findings relating to the auditor’s prudential assurance report.

The Auditor’s Annual Prudential Assurance Report

Includes: Format of Auditor’s Annual Prudential Assurance Report

124

The auditor evaluates the conclusions drawn from the evidence obtained in conducting the assurance engagement as the basis for the auditor’s opinion/conclusion as required under LPS 310.

125

If the auditor:

  1. concludes that a material misstatement, internal control deficiency and/or non compliance exists; or
  2. is unable to obtain sufficient appropriate assurance evidence to conclude whether a material misstatement, internal control deficiency and/or non compliance may exist,

 

the auditor modifies the opinion/conclusion, and includes a clear description of the reasons in the assurance report, in accordance with the requirements of, as appropriate, ASA 705 Modifications to the Opinion in the Independent Auditor’s Report (ASA 705) or ASA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report (ASA 706) and applicable ASAEs. (Refer Appendix 2 of this Guidance Statement).

126

As required under LPS 310, the auditor of a life company must provide the reports to the life company’s Board (or Board Audit Committee)[19], to ensure the life company can provide the reports to APRA within the timeframes specified in LRS 001.

127

To avoid the possibility of the assurance report being used for purposes for which it was not intended, the auditor indicates in the auditor’s report the purpose for which the report is prepared and any restrictions on its distribution and use in an emphasis of matter paragraph as required by ASA 706 (refer paragraphs 30-36).

Format of Auditor’s Annual Prudential Assurance Report

128

AUASB Standards do not prescribe a standardised format for reporting on all assurance engagements. Instead, both Auditing Standard ASA 800 and ASAE 3000 identify the basic elements required to be included in the assurance report. The short form auditor’s report ordinarily includes only the basic elements. Appendix 1 provides an example auditor’s report with Section A illustrating a reasonable assurance report on the APRA Annual Returns and Section B illustrating a limited assurance report on Controls to ensure compliance with APRA Prudential Requirements.

129

Assurance reports are tailored to the specific assurance engagement circumstances. Although not specifically required under LPS 310, the auditor may consider it appropriate to include other information and explanations that do not directly affect the auditor’s opinion or conclusions, but provide additional useful information to the users (that is, a ‘long form’ style of reporting). The inclusion of this information depends on its significance to the needs of the intended users. The following are examples of additional information that may be considered for inclusion:

  • Disclosure of materiality considerations (materiality levels) applied.
  • Significant findings or exceptions relating to particular aspects of the assurance engagement.
  • Recommendations.

130

The auditor ensures that this additional information is clearly separated from the auditor’s opinion and conclusions, and worded in a manner to ensure that it does not affect the opinion and conclusions. This can be achieved, for example, by including any additional information in:

  1. a separate appendix to the auditor’s short form assurance report; or
  2. a separate section of the auditor’s short form assurance report, following the ‘opinion and conclusions’[20] in an other matter paragraph as required by ASA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report (ASA 706).

 

This will enable users to clearly distinguish this additional information from the auditor’s responsibility to report on the matters identified in LPS 310.

131

Refer to Appendix 1 of this Guidance Statement for an illustrative example of the auditor’s annual prudential assurance report (short form report), prepared pursuant to APRA’s LPS 310 annual reporting requirements.

19

Alternatively, for a foreign life company, a senior officer outside Australia to whom authority has been delegated in accordance with CPS 510, for overseeing the Australian operations.

20

See examples of assurance practitioner reports included in Appendix 1 to ASAE 3100.

Additional Reporting Requirements under the Life Insurance Act

Includes: Auditor may provide information to APRA

132

It is important that management, those charged with governance and the auditor of a life company[21] understand the additional responsibilities to report to APRA under sections 80, 88 and 88A of the Life Act (refer paragraph 28).

133

The Life Act specifies under section 80(3) that the apportionment of income and outgoings for a life company carrying on other business as well as its Life Insurance business is not effective unless a report given by the auditor of the life company for the purposes of FSCODA states that the apportionment has been made equitably and in accordance with generally accepted accounting principles. Section 80(2) of the Life Act states that before an apportionment is made, those charged with governance of the company concerned must obtain the appointed actuary’s written advice whether the basis of the proposed apportionment is appropriate.

 

This report is provided by the auditor as part of the annual return(s) audit opinion. An example is given in Appendix 1 Part A.

134

Under section 88 of the Life Act, the auditor has certain obligations to report to the company or those charged with governance any matters that come to the attention of the auditor that the auditor thinks requires action to be taken by the company or its directors. If the auditor of a life company concludes that there are reasonable grounds for believing that the company or those charged with governance have contravened the Life Act or any other law and it may significantly affect the interests of the policy holders the auditor must immediately inform APRA in writing. It is a serious offence under sub section 137.1 and 137.2 of the Criminal Code 1995 to provide, whether directly or indirectly, false or misleading documents or information to a Commonwealth entity such as APRA.

135

Section 89 of the Life Act applies the concept of qualified privilege to auditors of a life company and is in addition to any privilege conferred on a person by the Corporations Act 2001.

Auditor may provide information to APRA

136

Section 88A of the Life Act states:

  1. a person who is or was the auditor of a life company may give information, or produce books, accounts or documents, about the life company to APRA if the person considers that doing so will assist APRA in performing its functions under this Act or under the FSCODA.
  2. a person who, in good faith and without negligence, gives information to APRA in accordance with this section is not subject to any action, claim or demand by, or any liability to, any other person in respect of the information.

21

See definitions at paragraph 17(e).

Special Purpose Engagements

Includes: APRA Prudential Reporting Requirements (LPS 310), Terms of the Engagement, Format of Reporting Requirements

APRA Prudential Reporting Requirements (LPS 310)

137

Under LPS 310, in addition to the annual prudential reporting requirements, APRA may require a life company, by notice in writing, to arrange for its auditor (who may be the existing auditor or another auditor agreed to by APRA and who satisfies the criteria in LPS 310), to provide a report on a particular aspect of the life company’s operations, risk management or financial affairs. Although a special purpose engagement report will normally only be requested following consultation with a life company, APRA may commission such a report without prior consultation with a life company.

138

Unless otherwise determined by APRA, an auditor appointed to undertake a special purpose engagement will be required to provide limited assurance on the matters required to be reported on.

139

Under LPS 310, the auditor’s special purpose engagement assurance report is to be submitted simultaneously to APRA and the life company’s Board (or Board Audit Committee)[22], within three months of the date of the notice commissioning the report, unless otherwise determined by APRA, and advised to the life company by notice in writing.

140

The APRA requirement for an auditor to undertake a special purpose engagement in a selected area of the life company’s operations, risk management or financial affairs constitutes a separate reporting engagement. The details of the engagement will normally be the subject of a specific request from APRA to the life company and a separate engagement letter from the life company to the auditor based on that request.

Terms of the Engagement

141

Following the determination by APRA of the specific area to be examined, the auditor, APRA and the life company agree on the terms of the engagement in accordance with the requirements of applicable AUASB Standards. These arrangements are legally binding and include the required terms of engagement specified in LPS 310.

142

The auditor accepts the engagement only when the auditor is satisfied that the auditor and the engagement team, if applicable, have met the relevant ethical requirements relating to the assurance engagement. The concept of independence is important to the auditor’s compliance with the fundamental ethical principles of integrity and objectivity and the auditor must be able to meet the independence requirements stipulated under both CPS 510 and ASA 102.

143

An engagement letter (or other suitable form) helps to avoid misunderstandings with respect to the engagement and confirms both the life company’s and the auditor’s understanding of the terms of the engagement, and the auditor’s acceptance of the appointment. Both parties sign the engagement letter to acknowledge that it is a legally binding contract.

144

To ensure that there is a clear understanding regarding the terms of the engagement, the following are examples of matters to be agreed:

  • APRA is to identify the scope of the life company’s operations, risk management or financial affairs to be the subject of the engagement.
  • The auditor, APRA and the life company are to agree on the objectives of the engagement, key features and criteria of the area(s) to be examined, and the period to be covered by the engagement.
  • APRA is to identify clearly the level of assurance required, that is, limited or reasonable assurance.
  • The format of reports required (for example, long and/or short form reports) and other communication of results of the engagement.
  • Responsibility of those charged with governance for the subject matter of the engagement.
  • Understanding of the inherent limitations of an assurance engagement.

Format of Reporting Requirements

145

The format of the special purpose assurance report may vary depending on the type of engagement: that is, an audit (reasonable assurance) or a review (limited assurance), as well as the subject matter and the findings. The auditor has regard to the requirements, guidance and illustrative examples of reports provided in relevant AUASB Standards - ASAs, ASREs and ASAEs, as applicable, when preparing the special purpose assurance report.

146

AUASB Standards do not require a standardised format for special purpose reporting under LPS 310. Instead, these Standards identify the basic elements to be included in the auditor’s report. Ordinarily, the auditor adopts a long form style of reporting and the report may include a description of the terms of the engagement, materiality considerations applied, the assurance approach and an other matter paragraph which may include - findings relating to particular aspects of the engagement and, in some cases, recommendations.

147

The auditor’s assurance report is to be restricted to the parties that have agreed to the terms of the special purpose engagement, namely the life company and APRA, as well as other parties with whom APRA is lawfully entitled to share the information, by means of an emphasis of matter paragraph required by ASA 706 (refer example at Appendix 1).

22

Alternatively, for a foreign life company, a senior officer outside Australia to whom authority has been delegated in accordance with CPS 510 for overseeing the Australian operations.

Conformity with International Pronouncements

148

As this Guidance Statement relates to Australian legislative requirements, there is no equivalent International Standard on Auditing or International Auditing Practice Statement to this Guidance Statement.

Top of Page