Audit Implications of Prudential Reporting …...2003/03/24 · GPS 220, including those for audit periods where transitional arrangements apply; (c) provides example engagement letters

Auditing and Assurance Guidance Statement AGS 1064 (March 2003)

Audit Implications of Prudential Reporting Requirements for General Insurers Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation

Issued by the Australian Accounting Research Foundation on behalf of CPA Australia and The Institute of Chartered Accountants in Australia

The Australian Accounting Research Foundation was established by CPA Australia and The Institute of Chartered Accountants in Australia, and undertakes a range of technical and research activities on behalf of the accounting profession as a whole. A major responsibility of the Foundation is the development of Australian Auditing and Assurance Standards and Statements. Auditing and Assurance Guidance Statements are issued by the Auditing & Assurance Standards Board where the Board wishes to provide guidance on procedural matters, guidance on entity or industry specific issues, or believes an underlying principle in an Auditing and Assurance Standard requires clarification, explanation or elaboration. Auditing and Assurance Guidance Statements do not establish new Auditing and Assurance Standards, do not amend existing Auditing and Assurance Standards, and are not mandatory. Australian Accounting ResearchFoundation Level 10, 600 Bourke Street Melbourne Victoria 3000 AUSTRALIA

Phone: (03) 9641 7433 Fax: (03) 9602 2249 E-mail: [email protected] Website: www.aarf.asn.au

COPYRIGHT 2003 Australian Accounting Research Foundation (AARF). The text, graphics and layout of this Statement are protected by Australian copyright law and the comparable law of other countries. No part of this Statement may be reproduced stored or transmitted in any form or by any means without the prior written permission of the AARF except as permitted by law. ISSN 1324-4191

AUDITING AND ASSURANCE GUIDANCE STATEMENT

AGS 1064 “AUDIT IMPLICATIONS OF PRUDENTIAL REPORTING REQUIREMENTS FOR GENERAL INSURERS”

CONTENTS

Paragraphs

Main Features

Introduction................................................................................. .01-.06 Institutional Background ............................................................ .07-.10 Approved Auditor........................................................................ .11-.17

Discussion of Reporting Requirements – Approved Auditor Reporting on the Audit of the Yearly Statutory Accounts ........... .18-.19 Reporting under the Prudential Standards ................................. .20-.38 Statistical and Financial Data .................................................... .39-.43 Statutory and Regulatory Requirements ..................................... .44-.47 Policyholders’ Interests .............................................................. .48-.51 Conclusion .................................................................................. .52-.55 Format of Reporting Requirements ............................................ .56 Terms of Engagement ................................................................. .57

Agreed-upon Procedures - Specific Area of Review Reporting Requirements ............................................................. .58-.70 Format of Reporting Requirements ............................................ .71 Terms of Engagement ................................................................. .72

Trilateral Relationship ................................................................ .73-.76

Non-Routine Reporting by the Approved Auditor of a General Insurer, Auditor of an authorised NOHC, or a Subsidiary of a General Insurer or authorised NOHC ......................................... .77-.80

Entity’s Responsibility to Keep Approved Auditor Informed .... .81-.84

Entity’s Written Risk Management Strategy (RMS) Document. .85-.88

Internal Audit.............................................................................. .89-.90

- 3 -

Other Reporting Responsibilities Audit Committee ......................................................................... .91-.96

Operative Date ............................................................................ .97

Compatibility with International Standards and Statements on Auditing............................................................... .98

Appendix 1: Example Audit Report on the Yearly Statutory Accounts of a General Insurer

Appendix 2: Example Review Report Prepared by the Auditor of a General Insurer in Compliance with APRA Annual Reporting Requirements Specified in GPS 220.25

Appendix 3: Example Engagement Letter for Reporting Engagements Undertaken Pursuant to Australian Prudential Regulation Authority (APRA) Prudential Standards GPS 220.25

Appendix 4: Example Engagement Letter for Agreed-upon Procedures Engagement on a Specific Area of the General Insurer’s Operations or Risk Management Systems

Appendix 5: Transitional Issues and Example Transitional Review Report Prepared by the Auditor of a General Insurer in Compliance with APRA Annual Reporting Requirements Specified in GPS 220.25

- 4 -


MAIN FEATURES

This Auditing and Assurance Guidance Statement (AGS):

(a) provides guidance for reporting engagements undertaken for entities in conformity with GPS 220 “Risk Management” and related Guidance Notes (GGNs) issued by the Australian Prudential Regulation Authority (APRA);

(b) provides example report formats that meet the reporting requirements of GPS 220, including those for audit periods where transitional arrangements apply;

(c) provides example engagement letters appropriate to undertaking engagements under GPS 220, including a suggested format for “specific review” engagements; and

(d) describes transitional issues of relevance to auditors as client general insurers move to the reporting standards under the new regulatory regime.

- 5 -


Introduction

.01 This Auditing and Assurance Guidance Statement (AGS) has been prepared by the Auditing & Assurance Standards Board (AuASB) in consultation with the Australian Prudential Regulation Authority (APRA) to assist the auditor in reporting to entities on prudential reporting requirements specified by APRA.

.02 Reporting requirements imposed on the auditor of a general insurer by APRA are in addition to the audit or review of a financial report under the Corporations Act 2001 (Cth.). Section 49J of the Insurance Act 1973 extends responsibilities of the auditor to:

•

•

•

an audit of the yearly statutory accounts1 in accordance with AUS 802 “The Audit Report on Financial Information Other than a General Purpose Financial Report”;

a review of the systems and procedures in place to ensure compliance with prudential standards and statutory requirements; and

a specific review of a particular aspect of the general insurer’s operations as per AUS 904 “Engagements to Perform Agreed-upon Procedures”, where identified by APRA in consultation with the general insurer.

APRA is looking to the auditors of general insurers to provide assurance over certain information supplied to it by a general insurer, and in certain respects, to provide review-level assurance as to the conduct of a general insurer’s operations.

.03 To act as the auditor of an authorised general insurer, in accordance with the Insurance Act 1973, the auditor must be approved by APRA thereby becoming an Approved Auditor. An auditor of an authorised non-operating holding company (NOHC) or of a subsidiary of a general insurer or authorised NOHC does not require to be approved by APRA. Reporting obligations imposed by the Insurance Act 1973 on the auditor of a general insurer, an authorised NOHC or the subsidiary of a general insurer or an authorised NOHC are contained in AGS 1064.77.

.04 AUS 304 “Knowledge of the Business” requires that the auditor has or obtains a knowledge of the business sufficient to enable the auditor to identify and understand the events, transactions and practices that in the

1 Yearly statutory accounts, in relation to a body corporate, means the reporting documents that the

body corporate is required under section 13 of the Financial Sector (Collection of Data) Act 2001 to lodge with APRA in respect of a financial year.

- 6 -


auditor’s judgement may have a significant effect on the engagement. Due to the extended audit scope imposed by APRA requirements, the auditor gives further consideration as to whether the auditor has, or will be able to obtain, adequate knowledge and the required skills to undertake the engagement. The auditor of a general insurer needs to be aware that once the financial report audit engagement for a general insurer under the Corporations Act 2001 is accepted by the auditor, restrictions are imposed by the Act on withdrawal from the engagement.

.05 This AGS has been developed to assist the auditor of a general insurer in discharging reporting obligations in relation to the specific matters requested by APRA and not in relation to the audit of the financial report, guidance for which is provided in AUS 702 “The Audit Report on a General Purpose Financial Report”. It is not intended to limit or supplant individual judgement and initiative or to limit the application of Auditing and Assurance Standards on such engagements. Programs for each engagement are designed to meet the requirements of the particular situation, giving careful consideration to the size and type of general insurer and the adequacy of the internal control structure.

.06 The use by APRA of reports prepared by auditors needs to be evaluated in the context of the inherent limitations of an audit or review and the subject matter of the audit or review. Australian Auditing and Assurance Standards contain the basic principles and essential procedures to be applied to audit and review engagements.

Institutional Background

.07 The General Insurance Reform Act 20012 provides for the prudential supervision of general insurers by APRA, the national prudential regulator created on 1 July 19983.

.08 The Insurance Act 1973 as amended, section 11, defines a general insurer as a body corporate that is authorised in writing by APRA under section 12 of the Insurance Act 1973 to carry on general insurance business in Australia. General insurer includes a foreign general insurer as defined in subsection 3(1) of the Act.

.09 APRA formulates, promulgates and enforces prudential policy and practice applicable to general insurers. It does this through General Insurance Prudential Standards (GPS) and accompanying Guidance Notes (GGN), which form part of the Prudential Standards, applicable to general insurers from 1 July 2002.

2 Assented to 19 September 2001. 3 Australian Prudential Regulation Authority Act 1998.

- 7 -


.10 Without limiting the role of the GPSs and GGNs in their entirety, of most relevance to the Approved Auditor of a general insurer for engagement periods from 1 July 20024 is GPS 220 “Risk Management for General Insurers” (hereafter GPS 220). The Guidance Note of most relevance to the Approved Auditor is GGN 220.1 “Governance” which, in conjunction with GGN 220.2 “Risk Management Systems”, GGN 220.3 “Balance Sheet and Market Risk”, GGN 220.4 “Credit Quality” and GGN 220.5 “Operational Risks”, forms part of GPS 220.5 Access to the Prudential Standards, Guidance Notes and legislation relevant to general insurers is available through APRA’s Website (http://www.apra.gov.au).

Approved Auditor

.11 In order to be approved by APRA as an Approved Auditor under sections 39 and 40 of the Insurance Act 1973, the person concerned must meet certain eligibility criteria, specifically those under GPS 220 paragraphs 8, 10 and 11, which include:

(a) fitness and propriety;

(b) appropriate formal qualifications and membership of a suitable professional body;

(c) a minimum of 5 years experience in the general insurance industry;

(d) ordinarily resides in Australia; and

(e) must not be the Approved Actuary of the general insurer and must be able to demonstrate that there are no other material conflicts of interest with the general insurer.

.12 In relation to AGS 1064.11(a), GPS 220.6(a)-(h) lists criteria used by APRA to assess fitness and propriety. In addition to the eligibility criteria, GPS 220.6(g) states that in the case of an Approved Auditor, criteria used by APRA for assessing fitness and propriety include that the person:

4 Appendix 5 provides information related to transitional issues. 5 It has been agreed with APRA that in addition to GPS 220, the following standards and guidance

note are of specific relevance for Approved Auditors: GPS 110 “Capital Adequacy for General Insurers”, GPS 210 “Liability Valuation for General Insurers” and GGN 110.4 “Investment Risk Capital Charge”.

- 8 -


(a) is not a director or employee of the insurer or of a related body corporate within the meaning of section 50 of the Corporations Act 2001; and

(b) is registered as an auditor under the Corporations Act 2001.

.13 Under the Insurance Act 1973 and GGN 220.1.22, an application for approval of an auditor must be submitted in writing by the general insurer to APRA. The details to be included in the application are contained in GGN 220.1.22.

.14 APRA may approve individuals, on a case-by-case basis, who do not meet the eligibility criteria in AGS 1064.11 if the general insurer can demonstrate to the reasonable satisfaction of APRA that exceptional circumstances exist as to why the person should be approved as an Approved Auditor (GPS 220.9).

.15 A person is not eligible to be appointed as both an Approved Auditor and Approved Actuary to the same general insurer (GPS 220.10). When the actuarial valuation service involves the valuation of matters material to the financial report and the valuation involves a significant degree of subjectivity, Professional Statement F.16 paragraphs 2.71-2.73 provide that valuation services are not to be provided by a firm or network firm for an entity where the valuation is to be incorporated into the entity’s financial report. Professional Statement F.1 paragraph 2.74 provides guidance on safeguards when valuation services that are neither separately nor in the aggregate material to the financial reports, or that do not involve a significant degree of subjectivity, are provided by a firm or network firm for an entity.

.16 Although the engagement to which this AGS relates is not in relation to the audit of a financial report under the Corporations Act 2001, AUS 524 “The Auditor’s Use of the Work of the Actuary and the Actuary’s Use of the Work of the Auditor in Connection with the Preparation and Audit of a Financial Report” provides information that may be useful in clarifying the relationship between the Approved Auditor and Approved Actuary of a general insurer.

.17 Under the Insurance Act 1973 section 42, APRA may revoke the approval of a person’s appointment as an Approved Auditor and under section 44 of that Act, disqualify a person from holding an appointment as an Approved Auditor where APRA finds that person:

(a) has failed to perform adequately and properly the functions and duties of such an appointment; or

6 Issued May 2002.

- 9 -


(b) otherwise does not meet one or more of the criteria for fitness and propriety; or

(c) does not meet the eligibility criteria for such an appointment.7

Discussion of Reporting Requirements –Approved Auditor

Reporting on the Audit of the Yearly Statutory Accounts

.18 The Insurance Act 1973 section 49J, together with GPS 220.25, require the yearly statutory accounts of a general insurer to be audited by an Approved Auditor. APRA reporting requirements require the Approved Auditor, under GGN 220.1.24, to provide the general insurer with an opinion that states whether the yearly statutory accounts are reliable. AUS 802 “The Audit Report on Financial Information Other than a General Purpose Financial Report” establishes the standards and provides guidance on the audit of financial information, other than a general purpose financial report, prepared by either a reporting entity or a non-reporting entity. AUS 802 states that the auditor’s report “should clearly express the auditor’s opinion as to whether the financial information is presented fairly in accordance with an identified financial reporting framework”.

.19 Following consultation between the AuASB and APRA, it has been agreed that the Approved Auditor expresses the required opinion referred to in AGS 1064.18 (ie whether the yearly statutory accounts are reliable), as ‘‘present fairly the results of operations for the year and financial position at year end, in accordance with (identify framework)”. An example report can be found in Appendix 1. The Approved Auditor considers the concept of materiality in providing reports and in reporting exceptions. Guidelines in relation to materiality are contained in AGS 1064.27-.28.

Reporting under the Prudential Standards

.20 APRA reporting requirements require the Approved Auditor, under GGN 220.1.24, to provide to the entity a certificate detailing the Approved Auditor’s opinion as to whether during the period of review and up to the year-end date of the general insurer:

(a) the insurer has adequate systems and procedures in place to ensure it observes all the Prudential Standard requirements

7 Individuals affected by a decision made by APRA referred to in AGS 1064.18 may request that

APRA review that decision. An appeal process is set out in Part VI of the Insurance Act 1973.

- 10 -


APRA has set for the entity. These requirements may differ between locally incorporated and foreign insurers;

(b) certain statistical and financial data specified by APRA on its Website (www.apra.gov.au) as subject to assurance and provided by the general insurer to APRA in both its quarterly and yearly statutory accounts (as defined in the Insurance Act 1973) are reliable;

(c) the insurer has adequate systems and procedures in place to ensure it complies with statutory general insurance requirements, any conditions on the authority to carry on general insurance business, and any other conditions imposed by APRA in relation to a general insurer’s operations; and

(d) there are any matters, which, in the Approved Auditor’s opinion, will, or are likely to, adversely affect the interests of the insurer’s policyholders.

.21 Where the Approved Auditor is unable to satisfy him or herself that the requirements under AGS 1064.20 (a)-(d) have been met, the certificate includes details of these matters (GGN 220.1.248). An example format for an annual review report prepared by the Approved Auditor in compliance with APRA annual reporting requirements appears in Appendix 2. This format has been approved by APRA. A review engagement provides a moderate level of assurance that the information subject to review is free of material misstatement. The report provides this assurance in the form of negative assurance.

.22 To assist in the effective and efficient operation of the reporting process, there is a need to avoid misunderstanding and to clarify what is required or can be achieved in providing the reports as per AGS 1064.20. There is also a mutually agreed need to avoid excessive or unwarranted amounts of work that would not be cost beneficial to the regulatory process.

.23 It has been agreed with APRA that reporting on the review as to whether the insurer has adequate systems and procedures in place to ensure it observes all the Prudential Standard requirements, statutory general insurance requirements, and any conditions on the insurer’s operations imposed by APRA as per AGS 1064.20(a) and (c) is limited

8 This is a matter of audit judgement but GGN 220.1.24 states: “for example, if there are

accounting records that have not been appropriately kept, transactions that appear irregular or that have not been accurately or properly recorded, requests for information and explanation that have not been met, or aspects to the accounts that do not truly represent the transactions and financial position, the certificate should contain details of these matters.”

- 11 -


(subject to AGS 1064.36) to reporting on whether the entity complies with its written Risk Management Strategy (RMS)9 in relation to the following:

(a) capital adequacy (GPS 110 “Capital Adequacy for General Insurers”), and in particular the Minimum Capital Requirement (MCR) including Tier 1 and upper and lower Tier 2 capital requirements as per GGN 110.1 “Measurement of Capital Base”;

(b) asset holdings in Australia as per GPS 120 “Assets in Australia for General Insurers” (excluding assets proscribed in GPS 120.3) being of a value equal to or greater than the total of liabilities in Australia (unless APRA has permitted otherwise or there is a determination in force under section 7 of the Insurance Act 1973)10;

(c) the Approved Actuary’s valuation of insurance liabilities (GPS 210 “Liability Valuation for General Insurers”), including reinsurance arrangements (GPS 230 “Reinsurance Arrangements for General Insurers”)11;

(d) balance sheet and market risk as per GGN 220.3 “Balance Sheet and Market Risk” (including insurance risks {outstanding claims and premiums liability risks} [refer GPS 210 “Liability Valuation for General Insurers”, investment risks, and risks associated with underwriting, claims management, liquidity management and the use of derivatives);

(e) credit quality risk as per GGN 220.4 “Credit Quality” (including limits for credit exposures, large exposures and other credit risk concentrations and reporting to the Board and senior management of any breaches thereof);

(f) operational risks as per GGN 220.5 “Operational Risk” (including risks associated with outsourcing and disruption to business continuity);

9 References to RMS here and hereinafter also include the Reinsurance Management Strategy

(REMS). The RMS is a high level strategy document which identifies the general insurer’s policies and procedures, processes and controls appropriate to the size, business mix and complexity of operations of the general insurer (GPS 220).

10 Refer sections 28 and 116A of the Insurance Act 1973. 11 The role of the Approved Actuary is defined in GGN 220.1.25 which can be found on APRA’s

website www.apra.gov.au. Paragraphs 15-16 of this AGS also provide information in relation to the Approved Actuary.

- 12 -


(g) risk arising out of reinsurance arrangements as per GPS 230 “Reinsurance Arrangements for General Insurers”;

(h) authority under the Insurance Act 1973 section 12 (or in the case of an authorised NOHC, section 18) including conditions on exemptions from that Act specified by APRA under section 7 of that Act; and

(i) other prudential requirements, including any directions in relation to assets and/or provisions or other liabilities specified in writing by APRA.

.24 The Approved Auditor reviews whether there has been compliance with the high level controls over systems and procedures pertinent to these listed Prudential Standards and other relevant regulations. The basis for the review is whether, and for what period(s), the general insurer has complied with the systems and procedures documented in the RMS,12 approved by the entity’s Board and forwarded to APRA by the entity as per GPS 220.42. A list of any material breaches, whether notified to APRA or not, which come to the Approved Auditor’s notice during the course of the engagement accompanies the report.

.25 For a foreign insurer, the requirement as per AGS 1064.20(a) for reporting on whether the insurer has adequate systems and procedures in place to ensure it observes Prudential Standard requirements is as specified in AGS 1064.23(a) – AGS 1064.23(i) with the exception of Tier 1 and upper and lower Tier 2 capital requirements as per GGN 110.1 “Measurement of Capital Base”.

.26 In relation to AGS 1064.23(i), the “other” category does not include Prudential Standards omitted from the list of requirements of AGS 1064 .23(a)-(h) unless specified in writing by APRA to the general insurer as required to be reported on.

.27 The Approved Auditor considers the concept of materiality in providing reports as per AGS 1064.20 and in the reporting of exceptions. An omission or misstatement, either individually or in aggregate with other omissions or misstatements, is considered material if the Approved Auditor considers APRA would be influenced by the inclusion or correction of the information or requirement that was omitted or misstated. The relative, rather than the absolute, size of an omission or misstatement determines whether it is material in a given situation.

12 While the RMS is a high-level strategy document, the general insurer’s risk management and

control systems include detailed policies, procedures, defined management responsibilities and controls as per GPS 220.38.

- 13 -


.28 AUS 306 “Materiality and Audit Adjustments” provides guidance on materiality and its relationship with audit risk, albeit primarily in the context of a financial report audit under the Corporations Act 2001. Australian Accounting Standard AASB 1031 “Materiality” is a source of reference also. In the context of APRA’s reporting requirements, the general insurer’s MCR is an important consideration with respect to materiality. However, the auditor also needs to consider whether an alternative base (eg. profit, assets, revenue) is more appropriate.

.29 The Approved Auditor exercises professional judgement in selecting a materiality level appropriate to the general insurer’s circumstances in accordance with AUS 306. Guidelines on materiality are also provided by APRA in their Guidance Note on “Forms Subject to Audit and Application of Materiality – Authorised General Insurers” which can be found on its web site (www.apra.gov.au). While the Guidance Note refers to different materiality levels for each form, it has been agreed with APRA that the Approved Auditor may use a single materiality level across the various forms.

.30 With respect to compliance with the Tier 1 and Tier 2 capital ratios, general insurers have a variety of systems and procedures to monitor daily compliance. Projections and estimates are necessary and general insurers may establish trigger ratios.

.31 Compliance with the Tier 1 and Tier 2 capital ratios is required at all times for the general insurer, on a stand-alone and consolidated group basis. Projections and estimates are likely to be part of the monitoring process, as the preparation of a full financial report for the general insurer and the group is unlikely to be practical on a day-by-day or week-by-week basis.

.32 APRA is aware that general insurers have different systems to monitor whether they are complying with each of the Prudential Standards as per AGS 1064.20(a), and is also aware that varying degrees of precision exist in applying the monitoring process. Notwithstanding these differences, APRA expects that such systems should seek to ensure that general insurers comply with all Prudential Standards on a continuous basis.

.33 The Approved Auditor is to report to APRA material exceptions to compliance with the matters listed below (whether or not the general insurer has reported the non-compliance to APRA). The matters on which non-compliance is to be reported, when noted during the course of audit testing, are:

(a) Tier 1 and Tier 2 capital ratios;

(b) asset holdings in Australia;

- 14 -


(c) the entity’s RMS in relation to balance sheet and market risk, investment risks and risks associated with underwriting, claims management, liquidity management and the use of derivatives;

(d) credit quality risk;

(e) operational risk;

(f) reinsurance arrangements; and

(g) other prudential requirement(s) specified in writing by APRA.

.34 Accounting records and data relied upon for the monitoring process are generally not subject to continuous audit. Estimates and projections cannot normally be verified conclusively, and in many instances the normal type of year-end financial adjustments are not determined or processed on a continuous basis. Accordingly, it is accepted by APRA that there are practical limitations in requesting the Approved Auditor to form an opinion that a general insurer has complied at all times with Prudential Standards during the period covered by the Approved Auditor’s report.

.35 In relation to reporting as per AGS 1064.23(i), the Approved Auditor of a general insurer lists in the report prudential requirements specified in writing by APRA of which the Approved Auditor is aware.

.36 In relation to compliance with the qualitative aspects of the Prudential Standards, it has been agreed with APRA that there is no expectation that the Approved Auditor expresses assurance on the adequacy of the RMS, nor to detect all compliance errors or irregularities in relation to all descriptions of high level controls pertinent to the RMS descriptions supplied to APRA. Rather, the Approved Auditor reviews compliance with the written RMS designed to ensure the proper recording of information for the purpose of reporting to APRA in terms of requirements under AGS 1064.23(a)-(i) as appropriate, including reviewing compliance with internal limits and trigger levels. APRA expects the Approved Auditor to report material compliance errors or irregularities highlighted during the review.

.37 While the Approved Auditor is not expected to review the adequacy of the RMS or the design effectiveness of control procedures, during the course of the review the Approved Auditor may become aware of deficiencies in the RMS and material control weaknesses. APRA expects the Approved Auditor to report these instances to an appropriate level of management of the general insurer as per AUS 810 “Special Purpose Reports on the Effectiveness of Control Procedures” paragraphs .78-.79. In the absence of a specific requirement in the terms of engagement the Approved Auditor is not expected to design

- 15 -


procedures to identify these instances. A specific agreed-upon procedures engagement requires a separate engagement and reporting as identified in AGS 1064 .58-.70.

.38 In providing a report on the qualitative requirements of the Prudential Standards as per AGS 1064.20(a), the Approved Auditor, after consideration of the guidance as per AGS 1064.34-.35, lists any key strategies included in the written RMS provided to APRA by the entity as per GPS 220.42, but not reviewed by the Approved Auditor as a consequence of a circumstance that makes the review impractical (eg. any period for which the strategy has not been in place).

Statistical and Financial Data

.39 The Approved Auditor of either a locally incorporated or foreign insurer is required to report whether certain statistical and financial data provided by the entity to APRA in its yearly statutory accounts are “reliable” [GGN 220.1.24(b)].

.40 The Approved Auditor could provide an audit report on the “reliability” of the statistical and financial data provided to APRA only if sufficient appropriate audit evidence is obtained through the performance of tests of control and substantive procedures on the system, and on the data included in the statutory accounts, to enable reasonable conclusions to be drawn on each form.

.41 APRA expects substantive testing to be performed on the compilation of the required statistical and financial data for the yearly and quarterly statutory accounts, to the extent the Approved Auditor considers appropriate. This substantive testing involves, at a minimum, test checking from the yearly statutory accounts (or other audited accounts) and quarterly returns to the general insurer’s general ledger or appropriate sub-ledger or sub-system.

.42 The interpretation of the word “reliable” requires mutual understanding in that it has practical limitations in the present circumstances. For many general insurers it is at financial year-end only that the general insurer’s accounts, including all the appropriate adjustments for accruals, prepayments, provisioning and valuations, are prepared. Some general insurers also report their results half-yearly, and therefore would incorporate the necessary adjustments, but generally an audit is not carried out on these balances unless the general insurer chooses an audit rather than a review of the half-yearly financial report (AUS 902 “Review of Financial Reports” provides guidance on the scope of a review engagement and an explanation of the negative assurance provided by such an engagement). APRA is well aware of the position in relation to half-yearly financial reporting and has indicated it accepts general insurer reporting based on the general insurer’s normal

- 16 -


accounting process. The necessity to report adverse findings will be a matter of judgement by the Approved Auditor taking into account consideration of materiality as per AGS 1064.27-.28.

.43 In relation to reporting breaches of the quantitative requirements of the statistical and financial data required by the Prudential Standards as per AGS 1064.20(b), the Approved Auditor considers evidence with respect to notification by the entity to APRA of the breach(es). In meeting APRA’s reporting requirements, the Approved Auditor lists only those breaches where the Approved Auditor considers the matter(s) in question have not been dealt with adequately by the entity reporting the matters to APRA.

Statutory and Regulatory Requirements

.44 The Approved Auditor is required to report whether relevant statutory general insurance requirements and conditions on the authority to carry on insurance business, and any other conditions imposed by APRA in relation to the insurer’s operations have been met, including bilateral APRA-general insurer requirements and conditions [GGN 220.19(c)].

.45 Conditions on the authority to carry on insurance business may vary from one general insurer to another and the Approved Auditor makes make reasonable enquiries with respect to conditions imposed on the general insurer by APRA.

.46 In order to provide a report on review of compliance with the relevant regulatory and statutory requirements imposed on the entity by APRA, the Approved Auditor inquires of general insurer management as to:

(a) the nature of the Insurance Act 1973 section 12 authorisation to carry on general insurance business;

(b) any conditions or change in conditions imposed by APRA on the section 12 authorisation;

(c) any exemption granted by APRA to the entity in relation to specific sections of the Insurance Act 1973;

(d) any directions by APRA to the entity under section 36 of the Insurance Act 1973 in relation to compliance with a prudential standard where there has been a breach of the standard or is likely to be a breach; and

(e) any directions issued by APRA to the general insurer under section 62 of the Insurance Act 1973 in the context of an investigation.

- 17 -


.47 Reporting on compliance with relevant statutory or regulatory requirements includes (but is not limited to) compliance with the following sections of the Insurance Act 1973:

(a) authorisation under section 12 of the Insurance Act 1973;

(b) formal correspondence issued to a general insurer in relation to a prudential visit/review;

(c) conditions imposed under section 13 of the Insurance Act 1973;

(d) directions issued pursuant to sections 7, 36, 49M, 49Q, 51, or 62 of the Insurance Act 1973; and

(e) other specified matter(s) [details of the matter(s) to be provided] (delete if not applicable).

Policyholders’ Interests

.48 APRA’s final requirement as per AGS1064.20 relates to whether there are any matters that, in the Approved Auditor’s opinion, will, or are likely to adversely affect the interests of the policyholders [GGN 220.1.24 (d)]. APRA has indicated that matters likely to adversely affect the interests of the policyholders are generally related to solvency issues and going concern assumptions, for example, the general insurer’s compliance with MCR as per GGN 110.1 “Measurement of Capital Base”.13

.49 The Approved Auditor’s obligation in this area is to report to APRA on the basis of information gained during the course of the audit under the Corporations Act 2001, additional work undertaken for APRA reporting purposes, and current knowledge of the general insurer’s affairs at the time of issuing the report.

.50 Since generally the Approved Auditor of a foreign general insurer has incomplete knowledge of the overseas operations of the parent or related entities of the foreign general insurer, and has not had responsibility for the financial report audit of the foreign general insurer, the Approved Auditor of a foreign general insurer is limited in the assurance that can be provided with respect to foreign general insurer policyholders’ interests.

13 Reference to policyholders relates to a class of policyholders rather than to individual

policyholders.

- 18 -


.51 It has been agreed with APRA that where a situation as per AGS 1064.49 exists, the Approved Auditor of a foreign general insurer is not expected to expand the scope of the engagement in order to meet the reporting requirements of GPS 220 and Guidance Notes thereto, or to be aware of all material issues or events that are outside the operations of the foreign general insurer. Rather, in meeting APRA’s reporting requirements, the Approved Auditor reports the scope of any financial report audit work performed with respect to the foreign general insurer and, where no financial report audit has been conducted, reports only on matters that come to the Approved Auditor’s attention during the course of the Approved Auditor’s work in relation to APRA’s additional reporting requirements.

Conclusion

.52 It must be recognised that, as stated in AUS 202 “Objective and General Principles Governing an Audit of a Financial Report”, the user cannot assume that the auditor’s opinion is an assurance:

(a) as to the future viability of the entity; or

(b) about the efficiency or effectiveness with which management has conducted the affairs of the entity.

.53 Neither, as stated in AGS 1006 “Expression of an Opinion on Internal Control”, is an audit of the financial report under the Corporations Act 2001 designed to provide sufficient appropriate evidence on which to base an opinion on the adequacy of the internal control structure.

.54 Evidence on which to base a review report on the adequacy of the internal control structure would require the application of audit related procedures beyond the scope of an audit of the financial report under the Corporations Act 2001. However, agreement may be reached with the entity to extend the scope of the audit under the Act. AGS 1064.18 refers to the conduct of the audit of the yearly statutory accounts as a separate engagement. AGS 1064.58 refers to provisions for the Approved Auditor to undertake an agreed-upon procedures engagement on a specific area of a general insurer’s operations or risk management systems. Example engagement letters for reporting engagements undertaken pursuant to APRA Prudential Standards and for agreed-upon procedures can be found in Appendices 3 and 4.

.55 The report in relation to AGS 1064.20 is to be on an annual basis and to cover the same period as the yearly statutory report unless other arrangements between APRA and either the general insurer and/or the Approved Auditor of the general insurer apply. It is to be issued on a timely basis. It is expected this will be within three months after reporting date for disclosing entities (ie one to which section 111AC of

- 19 -


the Corporations Act 2001 applies) and within four months for non-disclosing entities (ie non-disclosing entities not covered by section 111AC). The report is to indicate that its use is limited to the entity and APRA.

Format of Reporting Requirements

.56 The format for the Approved Auditor reporting as per AGS 1064.20 is set out in Appendices 1 and 2.

Terms of Engagement

.57 The responsibilities of the Approved Auditor to the entity under the trilateral arrangements are confirmed by way of an engagement letter. For engagements encompassing ongoing general requirements, AUS 204 “Terms of Audit Engagements” specifies that the terms of the engagement are agreed and documented, preferably before the commencement of the engagement to help to avoid uncertainty and misunderstandings with respect to the engagement. It is important those charged with the governance of the entity are aware of the obligations referred to in AGS 1064.20 imposed on Approved Auditors and of the implications for confidentiality. It is important also that the engagement letter includes a reference to management’s responsibility for establishing and maintaining an effective internal control structure. The Approved Auditor refers to AUS 204 when preparing the engagement letter and adapts it as appropriate to the circumstances of the engagement. The format of example engagement letter paragraphs to accommodate APRA reporting requirements as per AGS 1064.20 is set out in Appendix 3 of this AGS.

Agreed-upon Procedures – Specific Area of Review

Reporting Requirements .58 Under GPS 220.29, in addition to the annual prudential reporting

requirements, a general insurer’s Approved Auditor may be requested by APRA, in consultation with the general insurer, to undertake an agreed-upon procedures engagement to review a specific aspect of the general insurer’s operations or the RMS.

.59 In such circumstances as those outlined in AGS 1064.58; APRA meets with the general insurer and the Approved Auditor periodically to discuss the Approved Auditor’s report and agree on the area to be reviewed. Timing of these trilateral meetings is negotiated with the general insurer and the Approved Auditor at the initiative of APRA. The area to be reviewed may vary among general insurers and may change from period to period.

- 20 -


.60 The APRA requirement for an Approved Auditor to undertake an agreed-upon procedures engagement in a selected area of the general insurer’s operations requires a separate engagement and reporting. The Approved Auditor of a general insurer undertakes the engagement having due regard to the guidance in AUS 904 “Engagements to Perform Agreed-upon Procedures”.

.61 The objective of the agreed-upon procedures engagement is for the Approved Auditor to carry out procedures of an audit related nature to which the general insurer and APRA have agreed, and to report the factual findings to the directors and management of the general insurer and to APRA. The concept of materiality in relation to this engagement is addressed in AGS 1064.28.

.62 In performing the audit of a financial report under the Corporations Act 2001, it must be appreciated that the Approved Auditor of a general insurer does not evaluate all aspects of the internal control structure and systems of controls and is not therefore in a position to express an opinion, following the audit, on the adequacy of all controls.

.63 The Approved Auditor is normally involved with internal controls that are relevant to the financial report assertions. The Approved Auditor would have knowledge and understanding of other internal controls which relate to management policy and operating risk only where they impact on the Approved Auditor’s understanding of the internal control structure when determining the nature, timing and extent of audit procedures for expressing an opinion on the financial report. The Approved Auditor obtains an understanding of the internal control structure sufficient to plan the audit and develop an effective audit approach as per AUS 402 “Risk Assessments and Internal Controls” paragraph .02. In planning the engagement, the Approved Auditor obtains an understanding of the significance and complexity of the information technology environment of the entity and the availability of data for use in the engagement.

.64 In requesting a report on operations and when undertaking such engagements, it must be recognised that the likelihood of an entity achieving its objectives is affected by limitations of the type described in AGS 1064.86 that are inherent in all control systems.

.65 As the Approved Auditor provides a report of the factual findings, no assurance is expressed in the report. Instead, the users of the report assess for themselves the procedures and findings reported by the Approved Auditor and draw their own conclusions from the Approved Auditor’s work.

.66 The report is to be restricted to the directors and management of the general insurer and APRA, as those are the parties that have agreed to

- 21 -


the procedures to be performed, and others, unaware of the reasons for the procedures, may misinterpret the results.

.67 To ensure that there is a clear understanding regarding the agreed-upon procedures and the conditions of the engagement; the following is to be agreed beforehand:

(a) APRA is to identify the scope of the general insurer’s operations or RMS to be the subject of the engagement; and

(b) APRA in conjunction with the general insurer, specifies the objectives of the engagement and, following discussion with the Approved Auditor, agrees the:

(i) nature, scope and extent of procedures to be undertaken by the Approved Auditor; and

(ii) period to be covered by the engagement after considering the nature of the system(s) operative at a particular date(s) during the financial period.

It is accepted that the objective and scope of these engagements will normally be to ascertain that the procedures described have been effectively placed in operation at the time the engagement was conducted.

.68 It is accepted by APRA that the Approved Auditor’s report of factual findings includes details of the key features of the specific area and the Approved Auditor’s findings from the agreed-upon procedures, and by exception, any other matters of concern that come to the Approved Auditor’s attention during the performance of the agreed-upon procedures. The management and Board of a general insurer are responsible for establishing and maintaining the management systems and controls to manage exposures and limit risks. It is accepted that it is not the role of the Approved Auditor to comment on the prudence or otherwise of the risk profile adopted by the general insurer. That is a matter for, firstly the general insurer’s management and Board, and subsequently APRA.

.69 The reporting of aspects that could be improved will be a matter of judgement for the Approved Auditor. Materiality in relation to the specific area subject to the agreed-upon procedures refers to the possible effect that an internal control, or lack thereof, may have on the achievement of the objectives. APRA does not require comments on minor omissions, weaknesses and failures. Matters that are commented on are those, which, in the view of the Approved Auditor, individually or collectively indicate that the objectives of the system may not be achieved. It will be for APRA in the light of the contents of the factual

- 22 -


findings report to assess whether the objectives of the specific area are being met.

.70 The Approved Auditor’s report on the agreed-upon procedures engagement is required to be submitted to APRA and the entity simultaneously, within 3 months after the review is commissioned (GPS 220.29).

Format of Reporting Requirements

.71 The format for the specific area of review report will vary depending upon the topic and the findings.

Terms of Engagement

.72 Following the determination by APRA of the specific area of review, the Approved Auditor in conjunction with APRA and the general insurer are to agree on the objective of the engagement, key features and criteria of the area to be examined and the nature and extent of procedures to be performed. The Approved Auditor undertakes the engagement having due regard to the guidance in AUS 904 “Engagements to Perform Agreed-upon Procedures”. It is in the interest of both the general insurer and the auditor that an engagement letter is compiled, preferably before the commencement of the engagement, to help in avoiding misunderstandings with respect to the engagement. Appendix 4 provides an example of the detail to be agreed and included in the engagement letter from the general insurer to the Approved Auditor with respect to the specific area of review engagement.

Trilateral Relationship

.73 Periodic trilateral liaison between APRA, the general insurer and its Approved Auditor to discuss the Approved Auditor’s report with respect to APRA’s reporting requirements is provided for in GPS 220.34. Any one of APRA, the general insurer or its Approved Auditor can initiate meetings or discussions at any time where it be considered necessary.

.74 The Approved Auditor of a general insurer is positioned uniquely by virtue of his or her knowledge of the operations of the entity and the resources at his or her disposal to meet both regular and ad hoc requests that may emerge. The continued development of the trilateral arrangement should assist in achieving:

(a) greater clarity of expectations of the Approved Auditor by APRA;

- 23 -


(b) more meaningful input to the supervisory process through focused examinations undertaken by the Approved Auditor in accordance with instructions from the general insurer to meet the requirements of APRA; and

(c) improved value-added feedback to general insurer management in areas such as RMS and systems to implement the strategies.

.75 This AGS acknowledges that the Approved Auditor of a general insurer has an important role to play in the supervision process and identifies the work the Approved Auditor may have to perform to meet the requests of APRA under the trilateral arrangements.

.76 In the normal course, APRA does not consult directly with the Approved Auditor on matters concerning individual general insurers. However, notwithstanding the trilateral relationship, in exceptional circumstances as required under the statutory obligations imposed by the Insurance Act 1973 (sections 49, 49A and 49B), a general insurer’s Approved Auditor and APRA may engage with each other on a bilateral basis (GPS 220.35) where either party deems this necessary. APRA may communicate with the Approved Auditor of a general insurer on a bilateral basis to obtain or discuss information for whatever reason(s) it sees as appropriate.

Non-routine Reporting by the Approved Auditor of a General Insurer, Auditor of an authorised NOHC, or a Subsidiary of a General Insurer or authorised NOHC

.77 It is important that the Approved Auditor of a general insurer, an auditor of an authorised NOHC, or an auditor of a subsidiary of a general insurer or authorised NOHC, recognise the additional responsibilities in relation to non-routine reporting imposed under the Insurance Act 1973. Section 49A(2) of the Act requires that if the Approved Auditor of a general insurer or an auditor of an authorised NOHC or a subsidiary of a general insurer or an authorised NOHC has reasonable grounds to believe that:

(a) the general insurer, NOHC or subsidiary is insolvent or there is a significant risk that the general insurer, NOHC or subsidiary will become insolvent; or

(b) the general insurer, NOHC or subsidiary has failed to comply with a Prudential Standard or in the case of a general insurer – the insurer has failed to comply with a condition of its authorisation under section 12; or in the case of an authorised NOHC – the NOHC has failed to comply with a condition of its authorisation under section 18; or

- 24 -


(c) the insurer, NOHC or subsidiary has failed to comply with a requirement or direction under the Insurance Act 1973 or a requirement under the Financial Sector (Collection of Data) Act 2001; or

(d) an existing or proposed state of affairs may materially prejudice the interests of14:

i) in the case of an auditor of a general insurer or a subsidiary of a general insurer – the insurer’s policyholders; or

ii) in the case of an auditor of an authorised NOHC or a subsidiary of an authorised NOHC, the policyholders of any general insurer who is a subsidiary of the NOHC; or

(e) the general insurer, NOHC or subsidiary has contravened the Insurance Act 1973 or any other law and the contravention of the Act is of such a nature that it may affect significantly the interest of policyholders of the general insurer, that is a subsidiary of the NOHC;

and there is no determination in force under subsection 7(1) of the Insurance Act 1973 determining that the subsection does not apply to the Approved Auditor, then the Approved Auditor must inform APRA in writing, or otherwise the Approved Auditor is guilty of an offence. Under section 49A(4) of the Act, the Criminal Code applies to offences against the Act.

.78 Additionally, section 49B of the Insurance Act 1973 provides that a person who is, or who has been, the Approved Auditor of a general insurer, an auditor of a NOHC or a subsidiary of a general insurer or authorised NOHC, may provide information about such entities to APRA if the person considers that the provision of that information to APRA will assist APRA in performing its functions under the Insurance Act 1973 or the Financial Sector (Collection of Data) Act 2001.

.79 GGN 220.1.36 confirms that, in relation to reporting under sections 49A and 49B of the Insurance Act 1973, there is no requirement for the Approved Auditor of a general insurer to carry out additional work to satisfy the Approved Auditor with respect to the above matters. Thus,

14 Materially prejudice is taken to be the same as adversely affect. In cases where there is doubt

auditors may need to obtain a legal opinion. Circumstances that may adversely affect the interests of policyholders are defined in AGS 1064.47.

- 25 -


subject to the reporting requirements as per AGS 1064.20, the Approved Auditor is not required to extend the scope of the work to ascertain that the general insurer is complying with all aspects of all Prudential Standards for general insurers. If the Approved Auditor becomes aware of any of the matters discussed in AGS 1064.77-.78, the Approved Auditor brings the matters to the attention of an appropriate level of management of the general insurer. If the response provided by management of the general insurer is unsatisfactory, the Approved Auditor is obliged to report the matters to APRA in a timely way. The Approved Auditor reports to APRA as soon as the Approved Auditor identifies or becomes aware of an issue or concern that would lead the Approved Auditor to consider that APRA would be influenced by it, having regard to materiality as per AGS 1064.27-.28.

.80 The Insurance Act 1973 sections 49C and 49D and GGN 220.1.39 protect an Approved Auditor providing information referred to in AGS 1064.77 and .78 in good faith to APRA from incrimination or liability to penalty.

Entity’s Responsibility to Keep Approved Auditor Informed

.81 The general insurer’s Board and management are in accordance with GPS 220.26 required to keep the Approved Auditor informed fully of APRA’s prudential requirements for the general insurer and any changes made by the general insurer to the RMS.

.82 Under GPS 220.28, the general insurer must ensure that the Approved Auditor has access to all relevant data and people which the Approved Auditor reasonably believes is necessary to fulfil his/her obligations under the Insurance Act 1973, Insurance Regulations 2002, Financial Sector (Collection of Data) Act 2001, Prudential Standards, and Auditing and Assurance Standards.

.83 The Approved Auditor requires access particularly to the written RMS approved by the Board and forwarded to APRA by the entity, including information relating to the timing of its supply to APRA and similarly for any changes in the document, in order to fulfil the reporting requirements set out in AGS 1064.23.

.84 In relation to AGS 1064.81, the Approved Auditor may request entity management to sign a management representation letter with appropriate content. AUS 520 “Management Representations” provides guidance with respect to this letter.

Entity’s Written Risk Management Strategy (RMS) Document

.85 GPS 220.41 provides that an insurer’s written RMS must be submitted to APRA within 14 days of its being approved by the Board. Under

- 26 -


GPS 220.46 and GGN 220.2, the RMS should address all material risks and, at a minimum:

(a) balance sheet and market risk (including investment risk, insurance risk, product design and pricing risk, underwriting and liability risk, liquidity risk, risk arising from claims management and derivatives risk) (refer GGN 220.3 “Balance Sheet and Market Risk”);

(b) credit quality risk (refer GGN 220.4 “Credit Quality”);

(c) operational risk (including legal and reputational risks) (refer GGN 220.5 “Operational Risks”); and

(d) risks arising out of reinsurance arrangements (refer GPS 230 “Reinsurance Arrangements for General Insurers”).

.86 When reviewing compliance with the written RMS provided to APRA as per AGS 1064.83, it must be recognised that the likelihood of an entity achieving its objectives is affected by limitations inherent in all control systems. These include:

(a) management’s usual requirement that the cost of a control procedure does not exceed the expected benefits to be derived;

(b) most control procedures tend to be directed at routine rather than non-routine transactions/events;

(c) the potential for human error due to carelessness, distraction or fatigue, misunderstanding of instructions and mistakes in judgement;

(d) the possibility of circumvention of control procedures through the collusion of employees with one another or with parties outside the entity;

(e) the possibility that a person responsible for exercising an internal control could abuse that responsibility, for example a member of management overriding a control procedure;

(f) the possibility that management may not be subject to the same controls applicable to other personnel; and

(g) the possibility that procedures may become inadequate due to changes in conditions, and compliance with procedures may deteriorate.

- 27 -


.87 A ‘declaration’ with respect to the adequacy of, and compliance with, the insurer’s RMS is to be made to APRA by two directors, or in the case of a foreign insurer, by a senior officer from outside Australia delegated the requisite authority from the Board (GPS 220.54). Under GGN 220.2.21, included in this “declaration”, which is provided to APRA at the same time as lodgement of the yearly statutory accounts, is that for the last financial year:

(a) the general insurer has systems in place to ensure compliance with the Insurance Act 1973, Insurance Regulations 2002, Prudential Standards, authorisation conditions and directions;

(b) the Board and senior management have identified the key risks facing the general insurer and have a RMS in place to manage and monitor those risks;

(c) the general insurer has in place a REMS for selecting and monitoring reinsurance programs;

(d) the general insurer has substantially complied with its written RMS as supplied to APRA and that it is operating effectively in practice, having regard to the risks they are designed to control; and

(e) copies of its RMS strategy document provided to APRA are accurate and current.

.88 The Approved Auditor of a general insurer is not required to form an opinion on this declaration (GGN 220.2.24) other than in the context of reporting on compliance with the entity’s written RMS and the qualitative aspects of compliance with Prudential Standards as per AGS 1064.20(a).

Internal Audit

.89 Periodic internal audits of the general insurer must be carried out under GPS 220.52, with results reported promptly to the Board or the Audit Committee and to senior management. AUS 604 “Considering the Work of Internal Auditing” provides guidance to Approved Auditors on obtaining an understanding of the activities of internal audit and evaluating the effect on audit risk.

.90 Where deficiencies are identified as part of internal audit under GPS 220.53, these must be reported in a timely manner to the appropriate management and addressed. Material deficiencies must be reported to the board or the audit committee and senior management. For this purpose, a material deficiency can result not only from a single

- 28 -


deficiency, but also from a number of small deficiencies that, when considered together, amount to a material deficiency.

Other Reporting Responsibilities

Audit Committee

.91 A board audit committee comprising a majority of non-executive directors, to monitor compliance with the Board’s policies as well as prudential and statutory requirements, is to exist for all locally incorporated general insurers (GPS 220.20). Under GPS 220.21, the Chair of the Board must not also be the Chair of the Audit Committee15.

.92 Under GGN 220.1.12, the Audit Committee should, at a minimum, oversee the insurer’s financial reporting, internal and external audits, the appointment of the Approved Auditor, and generally assist the Board in providing an objective, non-executive review of the effectiveness of the insurer’s financial reporting and risk management and control processes.

.93 Under GGN 220.1.13, the Audit Committee must review the Approved Auditor’s engagement every year, including evaluating the Approved Auditor’s independence in accordance with the Professional Code of Conduct issued by CPA Australia and The Institute of Chartered Accountants in Australia and relevant Auditing and Assurance Standards.

.94 The general insurer must give the Audit Committee sufficient powers to enable it to obtain all information necessary for the performance of its functions (GGN 220.14).

.95 The Audit Committee must provide the Approved Auditor (and Approved Actuary) of the general insurer the opportunity to attend the meetings of the Audit Committee and, where necessary, provide the Approved Auditor (and Approved Actuary) the opportunity to bring matters to the attention of that Committee without reference to the other directors or senior management of the general insurer (GGN 220.15).

15 Where the insurer is part of a larger corporate group, APRA may allow the insurer to use the

Group Audit Committee as a Board Audit Committee where it is demonstrated that the Group Audit Committee can effectively address the needs of the general insurer (provided the Group Audit Committee has a majority of directors who are non-executives of the general insurer) (GPS 220.1.21).

- 29 -


.96 Although the type of engagement to which this AGS relates is not that in relation to the audit of a financial report under the Corporations Act 2001, further guidance on matters that the Approved Auditor considers communicating to the Audit Committee can be found in AUS 710 “Communicating with Management on Matters Arising from an Audit”.

Operative Date

.97 This AGS is operative from the date of issue.

Compatibility with International Standards and Statements on Auditing

.98 There is no corresponding International Standard or Statement on Auditing.

- 30 -


APPENDIX 1

EXAMPLE AUDIT REPORT ON THE YEARLY STATUTORY ACCOUNTS OF A GENERAL INSURER

Date The Board of Directors [General Insurer] (Senior Officer outside Australia for foreign general insurer)

Scope We have audited the attached yearly statutory accounts, being a special purpose financial report, of [general insurer] for the financial year ended [date]. The yearly statutory accounts comprise [specify form numbers] with the authentication code of [……]. The directors of [general insurer] are responsible for the preparation of the yearly statutory accounts and the information they contain, in accordance with the requirements of the Insurance Act 1973, the Financial Sector (Collection of Data) Act 2001 and Prudential Standard GPS 220 as set down by the Australian Prudential Regulation Authority (“Prudential Standards”) and, to the extent that they do not contain any requirements to the contrary, Accounting Standards and other mandatory professional reporting requirements in Australia. We have conducted an independent audit of the yearly statutory accounts in order to express an opinion on them to the Board of Directors. The yearly statutory accounts have been prepared for the purpose of fulfilling the reporting requirements of [general insurer] under the Insurance Act 1973, Section 13 of the Financial Sector (Collection of Data) Act 2001 and the Prudential Standards. We disclaim any assumption of responsibility for any reliance on this report or on the yearly statutory accounts to which it relates to any person other than the Australian Prudential Regulation Authority, or for any purpose other than that for which it was prepared. Our audit has been conducted in accordance with Australian Auditing and Assurance Standards. Our procedures included examination, on a test basis, of evidence supporting the amounts and other disclosures in the yearly statutory accounts, and the evaluation of significant accounting estimates. These procedures have been undertaken to form an opinion as to whether, in all material respects, the yearly statutory accounts present fairly the results of operations for the year and financial position at year-end in accordance with the provisions of the Insurance Act 1973, and the Prudential Standards and, to the

- 31 -


extent that they do not contain any requirements to the contrary, Accounting Standards and other mandatory professional reporting requirements in Australia. The Insurance Act 1973 and Prudential Standards do not require the application of all Accounting Standards and other mandatory professional reporting requirements in Australia. The audit opinion expressed in this report has been formed on the above basis.

Qualification(*) [provide details where a qualification is included]

[Qualified*] Audit Opinion In accordance with Section 49J of the Insurance Act 1973, we report that in our opinion, [except for the matters referred to in the qualification paragraph(*)]: The yearly statutory accounts of [general insurer] in respect of the year ended [date] present fairly the results of operations for the year and financial position at year end, in accordance with the provisions of the Insurance Act 1973, the Financial Sector (Collection of Data) Act 2001 and the Prudential Standards, and, to the extent that they do not contain any requirements to the contrary, Accounting Standards and other mandatory professional reporting requirements in Australia. Firm……………………………….….….. Signature (Partner)………………………. Date……………………………………

- 32 -


APPENDIX 2

EXAMPLE REVIEW REPORT PREPARED BY THE AUDITOR OF A GENERAL INSURER IN COMPLIANCE WITH APRA ANNUAL REPORTING

REQUIREMENTS SPECIFIED IN GPS 220.25

The Board of Directors [General Insurer] (Senior Officer outside Australia for foreign general insurer) As outlined in our letter of engagement dated [date], the Australian Prudential Regulation Authority’s (APRA’s) Prudential Standard GPS 220 imposes additional responsibilities and reporting requirements on the Approved Auditor. Our audit work in relation to the annual financial report under the Corporations Act 2001 and yearly statutory accounts under the Insurance Act 1973 is directed towards obtaining sufficient audit evidence to form an opinion under the appropriate legislation. This audit work is not designed to enable us to form an opinion on other matters outlined in APRA’s Prudential Standards. We have therefore performed additional work beyond that which is performed in order to meet our responsibilities as outlined above. It is to be noted that accounting records and data relied on for prudential reporting and compliance are not continuously audited and do not necessarily reflect accounting adjustments necessary for end of reporting period financial report preparation, or events occurring after the end of the reporting period. This report has been prepared for the Board of Directors in order to meet [general insurer’s] APRA reporting requirements. The report is not to be used for any other purpose or distributed to any other party. We disclaim any assumption of responsibility for any reliance on this report to any party other than [general insurer] and APRA, or for any other purpose other than that for which it was prepared. The statement in this report expressed below is to be read in the context of the foregoing observations. Scope We have reviewed, [general insurer’s] systems and procedures that are directed to ensuring compliance with its undertakings to APRA and with its Risk Management Strategy (RMS) and Reinsurance Management Strategy (REMS) [as at/for the period ended {date}] with respect to the Prudential Standards relating to capital adequacy and in particular minimum capital requirement as per

- 33 -


GPS 110 “Capital Adequacy for General Insurers”, asset holdings in Australia as per GPS 120 “Assets in Australia for General Insurers”, valuation of liabilities as per GPS 210 “Liability Valuation for General Insurers”, balance sheet and market risk as per GGN 220.3 “Balance Sheet and Market Risk”, credit quality risk as per GGN 220.4 “Credit Quality”, operational risks as per GGN 220.5 “Operational Risk”, risk arising out of reinsurance arrangements as per GPS 230 “Reinsurance Arrangements for General Insurers”, authority under the Insurance Act 1973 section 12, including conditions or exemptions from the Insurance Act 1973 and other prudential requirement(s) [list] (together referred to as the Prudential Requirements) specified in writing by APRA. We have reviewed [general insurer’s] systems and procedures for providing statistical and financial data to APRA in the undermentioned forms:

(List specific name of each form on which assurance is provided excluding statistical forms which are not required to be audited. Refer to APRA’s Website www.apra.gov.au.)

We have performed the review of selected quarterly returns and yearly statutory accounts in order to state whether, on the basis of the procedures described, anything has come to our attention that would indicate that [general insurer] has provided statistical and financial data to APRA in the quarterly returns and yearly statutory accounts that cannot be relied upon. Additionally, we have reviewed [general insurer’s] control procedures in relation to adherence to its RMS and REMS with respect to the Prudential Requirements [as at/for the period ended {date}] in order to state whether, on the basis of our examination as described, anything has come to our attention that would indicate that they did not operate effectively, in order to ensure that [general insurer] complies with its RMS and REMS as represented to APRA. Our review has been conducted to provide sufficient assurance to support our review report in respect of whether the control procedures in relation to adherence to the RMS and REMS with respect to the Prudential Requirements have been appropriately designed and operated effectively during the period. Accordingly we included such tests and procedures as we considered necessary in the circumstances. These procedures have been undertaken as the basis for gathering and evaluating evidence on which to support our review report. The control procedures in relation to adherence to the RMS and REMS with respect to the Prudential Requirements that have been reviewed for compliance include those relating to:

(Auditor to describe as appropriate, including any directions in relation to assets and/or provisions, other liabilities or other prudential requirements specified in writing by APRA.)

(The overseas operations of a foreign insurer are excluded from the scope of this review.)

- 34 -


The board of directors of [general insurer] is responsible for compliance with and reporting of required statistical and financial data under the Prudential Standards. The board of directors is also responsible for the preparation and presentation of an appropriate RMS and REMS and for ensuring that the RMS and REMS are consistent with the requirements of the Prudential Standards as specified by APRA. Additionally, the board of directors of [general insurer] is responsible for maintaining an effective internal control structure including control procedures to ensure adherence to the RMS and REMS.

Inherent Limitations Our review has been conducted in accordance with Australian Auditing and Assurance Standards applicable to review engagements. A review is limited primarily to inquiries of [general insurer’s] personnel, testing of internal controls including controls over the compilation of forms, inspection of evidence, test checking data as appropriate and analytical procedures applied to the data. These procedures do not provide all the evidence that would be required in an audit, thus the level of assurance provided is less than given in an audit. We have not performed an audit and, accordingly, we do not express an audit opinion. There are inherent limitations in any internal control structure, and fraud, error or non-compliance with laws and regulations may occur and not be detected. As the requirement for a RMS and REMS and the system to implement those strategies are part of the risk management policy relating to the operations of [general insurer], it is possible that either the inherent limitation of the general internal control structure, or weaknesses in it, can impact on the effective operation of the specific control procedures of [general insurer]. Furthermore, projections of any evaluation of internal control procedures to future periods are subject to the risk that control procedures may become inadequate because of changes in conditions, or that the degree of compliance may deteriorate. Consequently, there are inherent limitations on the assurance that can be provided. Qualification* [provide details where a qualification is included]. [Qualified*] Review Statement Based on our review, which is not an audit, [except for the matters referred to in the qualification paragraph](*) nothing has come to our attention that causes us to believe that for the [period] ended [date] [general insurer] did not comply, in all significant respects, with its control procedures in relation to adherence to its RMS and REMS with respect to the Prudential Requirements based on the criteria referred to above, and that: • [general insurer] has not complied with relevant statutory and regulatory

requirements under the Insurance Act 1973 or Financial Sector (Collection of Data) Act 2001, including section 12 [and/or section 18] authority under

- 35 -


the Insurance Act 1973 and conditions on [general insurer] authority [including requirements and conditions on the general insurer’s operations imposed by APRA {Auditor to list}];

• [general insurer] has not provided reliable statistical and financial data to

APRA in the quarterly returns; • [general insurer] has not complied with Prudential Standards specified by

APRA for [general insurer] in relation to minimum capital requirement as per GPS 110 “Capital Adequacy for General Insurers”, asset holdings in Australia as per GPS 120 “Assets in Australia for General Insurers”, valuation of liabilities as per GPS 210 “Liability Valuation for General Insurers”, balance sheet and market risk as per GGN 220.3 “Balance Sheet and Market Risk”, credit quality risk as per GGN 220.4 “Credit Quality”, operational risks as per GGN 220.5 “Operational Risk”, risk arising out of reinsurance arrangements as per GPS 230 “Reinsurance Arrangements for General Insurers”, and other prudential requirement(s) [list known APRA specified requirements beyond those required by Prudential Standards] specified in writing by APRA ; and

• the interests of policyholders of [general insurer] are likely to be adversely

affected. Firm……………………………….….….. Signature (Partner)………………………. Date………………………………………

- 36 -


APPENDIX 3

EXAMPLE ENGAGEMENT LETTER FOR REPORTING ENGAGEMENTS UNDERTAKEN PURSUANT TO AUSTRALIAN PRUDENTIAL REGULATION

AUTHORITY (APRA) PRUDENTIAL STANDARD GPS 220.25

Date The Board of Directors [General Insurer] (Senior Officer outside Australia for foreign general insurer) The Insurance Act 1973, Section 13 of the Financial Sector (Collection of Data) Act 2001 and the Australian Prudential Regulation Authority’s (APRA’s) Prudential Standard GPS 220 identify the reporting requirements for general insurers and their Approved Auditor to APRA. So that the Board/senior management may appreciate the additional responsibilities arising from APRA’s requirements, we set out below in general terms the scope of work that we will have to perform and other related matters. These represent a separate engagement from our audit appointment under the Corporations Act 2001. Reports APRA has requested that you obtain from us an audit report on the yearly statutory accounts and a review report on the following matters insofar as they relate to [General Insurer]: (a) whether the [General Insurer] has adequate systems and procedures in

place to ensure it observes all the prudential standard requirements APRA has set for the insurer;

(b) whether statistical and financial data provided by the [General Insurer] to APRA are reliable;

(c) whether the insurer has adequate systems and procedures in place to ensure it complies with statutory general insurance requirements, any conditions on the authority to carry on insurance business, and any other conditions imposed by APRA in relation to an insurer’s operations; and

(d) whether any matters that came to our attention during the course of our review or as a result of additional work carried out to meet APRA’s reporting requirements may have potential to adversely affect the interests of policyholders.

- 37 -


Our reports will cover the same period as the annual financial report and are to be issued within three months [four months], (as specified for reporting and non-reporting entities, respectively under the Corporations Act 2001) of reporting date. Designated Responsibility (where applicable) We believe it will be desirable for [General Insurer] to designate responsibility and set down terms of reference so as to centralise and monitor all aspects of prudential supervision and to co-ordinate liaison and communication both within [General Insurer] group and with APRA. This will also provide a focal point for both internal and external audit reference. Despite our increased involvement in examining the [General Insurer’s] systems of control, it must be appreciated that it is management’s responsibility to establish and maintain all of [general insurer’s] internal control systems. All such systems have their limitations and this being so, errors or irregularities may occur and which may not be detected. Our work is not to be relied upon for the purpose of discovering fraud, error, or non-compliance with laws and regulations, although we shall report to the appropriate level of management any fraud, error, or non-compliance that may be identified as a result of our work. Scope of Work to Form Opinion As the auditor of [General Insurer] we carry out sufficient work to enable us to form our professional opinion upon the state of the general insurer’s affairs and its results and to report thereon to the members of the general insurer in the terms required by the Corporations Act 2001 (Cth.) (or other appropriate local or overseas requirements). Although this work will include such review of [General Insurer’s] systems of accounting and internal control and performing such tests and inquiries as we consider necessary, our work is not designed to express an opinion on the systems of accounting and internal control taken as a whole. Our audit work under the Corporations Act 2001 (reporting requirement to the head office auditor) is also not designed to enable us to express an opinion as to the adequacy of systems and procedures operating within [General Insurer] to generate [General Insurer’s] yearly statutory accounts pursuant to APRA’s reporting requirements and to ensure compliance with the Prudential Standards of APRA, its Reinsurance Management Strategy (REMS) and its Risk Management Strategy (RMS); nor is it designed to enable us to express an opinion as to the adequacy of systems and procedures operating within [General Insurer] to generate financial information to ensure compliance with statutory or regulatory requirements; nor is it designed to enable us to express an opinion as to whether [General Insurer’s] risk management systems are being observed.

- 38 -


(The Approved Auditor of a foreign general insurer needs to amend the above paragraphs to reflect the circumstances applying to the scope of the other audit work. The overseas operations of a foreign insurer are excluded from the scope of this review.)

To satisfy the requirements of APRA, therefore, we will have to carry out additional work over and above that which is performed in the capacity as the auditor under the Corporations Act 2001 (other legislation). This additional work will include such review of [General Insurer’s] management systems and the making of such tests and enquiries as we consider necessary in the circumstances. Our work will be carried out in accordance with Auditing Guidance Statement AGS 1064 “Audit Implications of Prudential Reporting Requirements for General Insurers”. AGS 1064 provides specific guidance concerning the application of Auditing and Assurance Standards to APRA reporting. We recognise that there may be some overlap between our audit work under the Corporations Act 2001 and work that is necessary to fulfil APRA’s requirements. In order to help ensure the most efficient use of resources, reliance will be placed on work that is carried out for statutory audit purposes wherever possible. Directors’ Responsibilities The board of directors of [general insurer] is responsible for compliance with and reporting of required statistical and financial data under the Prudential Standards; for the preparation and presentation of an appropriate Risk Management Strategy (RMS) and Reinsurance Management Strategy (REMS); for ensuring that the RMS and REMS are consistent with the requirements of the Prudential Standards as specified by APRA and for maintaining an effective internal control structure including control procedures to ensure adherence to the RMS and REMS.

Internal Audit Department (where applicable) [General Insurer’s] Internal Audit Department is considered well placed to review and test properly documented systems and procedures operating within [General Insurer]. In view of this it is our intention to liaise closely with the Internal Audit Department throughout the year. Where work is carried out by the Internal Audit Department as part of [General Insurer’s] internal control procedures, we will (may) review the work performed and carry out such reperformance tests and other procedures as we consider necessary. Where we are satisfied with the work carried out by the Internal Audit Department it is our intention to place reliance on such work in accordance with Auditing and Assurance Standard AUS 604 “Considering the

- 39 -


Work of Internal Auditing” and accordingly reduce the extent of our own procedures. Agreed-upon Procedures –Specific Area of Review As a separate engagement, we will undertake an agreed-upon procedures engagement and issue a report of factual findings on an agreed specific area of review identified by APRA. The details of this engagement will be the subject of a specific request from APRA and a separate engagement letter based on that request. Confidentiality Our annual APRA reports and specific area of review report will be issued to the Board (senior officer outside Australia) of [General Insurer] with a copy of the specific area of review report sent to APRA at the same time. Any further requests or enquiries from APRA will be communicated to us through [General Insurer]. In this way our confidential relationship with [General Insurer] will be maintained. However, the Insurance Act 1973 sections 49, 49A and 49B provide that a general insurer’s Approved Auditor and APRA may engage with each other on a bilateral basis in certain circumstances. These reports are prepared for the Board of Directors in order to meet [general insurer’s] APRA reporting requirements. These reports are not to be used for any other purpose or distributed to any other party. We disclaim any assumption of responsibility for any reliance on these reports to any party other than [general insurer] and APRA, or for any other purpose other than that for which they were prepared. Fees APRA requirements will result in additional work being carried out. Fees relating to this work will be based on the degree of responsibility and skill involved and the time necessarily occupied by the work undertaken. As the fees will not relate to work carried out in our capacity as the statutory Auditor under the Corporations Act 2001, our bills will be rendered separately so as to clearly identify the additional costs of APRA’s requirements. We shall be grateful if you will kindly acknowledge receipt of this letter by signing the attached acknowledgement and returning it to us. If the contents are not in accordance with your understanding of our agreement, we shall be pleased to have your comments and to give you any further information you may require. Yours faithfully

Firm……………………………….….….

Signature (Partner)………………………

- 40 -


APPENDIX 4

EXAMPLE ENGAGEMENT LETTER FOR AGREED-UPON PROCEDURES ENGAGEMENT ON A SPECIFIC AREA OF THE GENERAL INSURER’S

OPERATIONS OR RISK MANAGEMENT SYSTEMS

Date

The Board of Directors [General Insurer] (Senior Officer outside Australia for foreign general insurer) (cc APRA) This letter is to confirm our understanding of the terms and objectives of our engagement and the nature and limitations of the services we will provide. Our engagement will be conducted in accordance with Australian Auditing and Assurance Standards applicable to agreed-upon procedures engagements and we will indicate so in our report. Information acquired by us in the course of our engagement is subject to strict confidentiality requirements and will not be disclosed by us to other parties except as required or allowed for by law or professional standards, or with your express consent. We have agreed to perform the following procedures and report to you the factual findings resulting from our work: [describe the nature, timing and extent of the procedures to be performed, including specific reference, where applicable, to the identity of documents and records to be read, individuals to be contacted and parties from whom confirmations will be obtained.] This report is prepared for the Board of Directors in order to meet [general insurer’s] APRA reporting requirements. This report is not to be used for any other purpose or distributed to any other party. We disclaim any assumption of responsibility for any reliance on this report to any party other than [general insurer] and APRA, or for any other purpose other than that for which it was prepared. We shall be grateful if you will kindly acknowledge receipt of this letter by signing the attached acknowledgement and returning it to us. If the contents are not in accordance with your understanding of our agreement, we shall be pleased to have your comments and to give you any further information you may require.

Yours faithfully,

Firm……………………………….….…..

Signature (Partner)……………………….

- 41 -


APPENDIX 5

TRANSITIONAL ISSUES AND EXAMPLE TRANSITIONAL REVIEW REPORT PREPARED BY THE AUDITOR OF A GENERAL INSURER IN COMPLIANCE

WITH APRA ANNUAL REPORTING REQUIREMENTS SPECIFIED IN GPS 220.25

Introduction

.01 This Appendix provides guidance for auditors of general insurers applying the provisions of the Insurance Act 1973, the Financial Sector (Collection of Data) Act 2001 and the Prudential Standards during a transition period that has been agreed with APRA.

Transitional Arrangements

.02 The Insurance Act 1973, the Financial Sector (Collection of Data) Act 2001 and the Prudential Standards took effect on 1 July 2002. Transitional provisions are not relevant to the engagement involving an audit of the yearly statutory accounts and Appendix 1 remains appropriate in relation to this portion of the engagement.

- 42 -


APPENDIX 5

EXAMPLE TRANSITIONAL REVIEW REPORT PREPARED BY THE AUDITOR OF A GENERAL INSURER IN COMPLIANCE WITH APRA ANNUAL REPORTING REQUIREMENTS SPECIFIED IN GPS 220.25

Date The Board of Directors [General Insurer] (Senior Officer outside Australia for foreign general insurer) As outlined in our letter of engagement dated [date], the Australian Prudential Regulation Authority’s (APRA’s) Prudential Standard GPS 220 imposes additional responsibilities and reporting requirements on the Approved Auditor. Our audit work in relation to the annual financial report under the Corporations Act 2001 and yearly statutory accounts under the Insurance Act 1973 is directed towards obtaining sufficient audit evidence to form an opinion under the appropriate legislation. This audit work is not designed to enable us to form an opinion on other matters outlined in APRA’s Prudential Standards. We have therefore performed additional work beyond that which is performed in order to meet our responsibilities as outlined above. It is to be noted that accounting records and data relied on for prudential reporting and compliance are not continuously audited and do not necessarily reflect accounting adjustments necessary for end of reporting period financial report preparation, or events occurring after the end of the reporting period. This report has been prepared for the Board of Directors in order to meet [general insurer’s] APRA reporting requirements. The report is not to be used for any other purpose or distributed to any other party. We disclaim any assumption of responsibility for any reliance on this report to any party other than [general insurer] and APRA, or for any other purpose other than that for which it was prepared. The statement in this report expressed below is to be read in the context of the foregoing observations. Scope We have reviewed from [{date} generally 1 July 2002 to {date}] [general insurer’s] systems and procedures that are directed to ensuring compliance with

- 43 -


its undertakings to APRA and with its Risk Management Strategy (RMS) and Reinsurance Management Strategy (REMS) [as at/for the period ended {date}] with respect to the Prudential Standards relating to capital adequacy and in particular minimum capital requirement as per GPS 110 “Capital Adequacy for General Insurers”, asset holdings in Australia as per GPS 120 “Assets in Australia for General Insurers”, valuation of liabilities as per GPS 210 “Liability Valuation for General Insurers”, balance sheet and market risk as per GGN 220.3 “Balance Sheet and Market Risk”, credit quality risk as per GGN 220.4 “Credit Quality”, operational risks as per GGN 220.5 “Operational Risk”, risk arising out of reinsurance arrangements as per GPS 230 “Reinsurance Arrangements for General Insurers”, and other prudential requirement(s) [list known APRA specified requirements beyond those required by Prudential Standards] specified in writing by APRA, authority under the Insurance Act 1973 section 12, including conditions on exemptions from the Insurance Act 1973 and other prudential requirement(s) [list] (together referred to as the Prudential Requirements) specified in writing by APRA. We have reviewed [general insurer’s] systems and procedures from [{date} generally 1 July 2002 to {date}] for providing statistical and financial data to APRA in the undermentioned forms:

(List specific name of each form on which assurance is provided excluding statistical forms which are not required to be audited. Refer to APRA’s Website www.apra.gov.au.)

We have performed the review of selected quarterly returns and yearly statutory accounts from {[date] generally 1 July 2002 to [date]} in order to state whether, on the basis of the procedures described, anything has come to our attention that would indicate that [general insurer] has provided statistical and financial data to APRA in the quarterly returns and yearly statutory accounts that cannot be relied upon. Additionally, we have reviewed [general insurer’s] control procedures in relation to adherence to its RMS and REMS with respect to the Prudential Requirements [as at/for the period ended {date}] in order to state whether, on the basis of our examination as described, anything has come to our attention that would indicate that they did not operate effectively, in order to ensure that [general insurer] complies with its RMS and REMS as represented to APRA. Our review has been conducted to provide sufficient assurance to support our review report in respect of whether the control procedures in relation to adherence to the RMS and REMS with respect to the Prudential Requirements have been appropriately designed and operated effectively during the period. Accordingly we included such tests and procedures as we considered necessary in the circumstances. These procedures have been undertaken as the basis for gathering and evaluating evidence on which to support our review report.

- 44 -


The control procedures in relation to adherence to the RMS and REMS with respect to the Prudential Requirements that have been reviewed for compliance include those relating to:

[Auditor to describe as appropriate, including any directions in relation to assets and/or provisions, other liabilities or other prudential requirements specified in writing by APRA.]

(The overseas operations of a foreign insurer are excluded from the scope of this review.) The board of directors of [general insurer] is responsible for compliance with and reporting of required statistical and financial data under the Prudential Standards. The board of directors is also responsible for the preparation and presentation of an appropriate RMS and REMS and for ensuring that the RMS and REMS are consistent with the requirements of the Prudential Standards as specified by APRA. Additionally, the board of directors of [general insurer] is responsible for maintaining an effective internal control structure including control procedures to ensure adherence to the RMS and REMS. Inherent Limitations Our review has been conducted in accordance with Australian Auditing and Assurance Standards applicable to review engagements. A review is limited primarily to inquiries of [general insurer’s] personnel, testing of the internal controls including controls over the compilation of forms, inspection of evidence, test checking data as appropriate and analytical procedures applied to the data. These procedures do not provide all the evidence that would be required in an audit, thus the level of assurance provided is less than given in an audit. We have not performed an audit and, accordingly, we do not express an audit opinion. There are inherent limitations in any internal control structure, and fraud, error or non-compliance with laws and regulations may occur and not be detected. As the requirement for a RMS and REMS and the system to implement those strategies are part of the risk management policy relating to the operations of [general insurer], it is possible that either the inherent limitation of the general internal control structure, or weaknesses in it, can impact on the effective operation of the specific control procedures of [general insurer]. Furthermore, projections of any evaluation of internal control procedures to future periods are subject to the risk that control procedures may become inadequate because of changes in conditions, or that the degree of compliance may deteriorate. Consequently, there are inherent limitations on the assurance that can be provided. Qualification* [provide details where a qualification is included].

- 45 -


[Qualified*] Review Statement Based on our review, which is not an audit, [except for the matters referred to in the qualification paragraph](*) nothing has come to our attention that causes us to believe that for the period from [{date} generally 1 July 2002 to {date}] [general insurer did not comply in all significant respects, with its control procedures in relation to adherence to its RMS and REMS with respect to the Prudential Requirements based on the criteria referred to above, and that: • [general insurer] has not complied with relevant statutory and regulatory

requirements under the Insurance Act 1973 or Financial Sector (Collection of Data) Act 2001, including section 12 [and/or section 18] authority under the Insurance Act 1973 and conditions on [general insurer] authority [including requirements and conditions on the general insurer’s operations imposed by APRA {Auditor to list}];

• [general insurer] has not provided reliable statistical and financial data to

APRA in the quarterly returns;

[general insurer] has not complied with Prudential Standards specified by APRA for [general insurer] in relation to minimum capital requirement as per GPS 110 “Capital Adequacy for General Insurers”, asset holdings in Australia as per GPS 120 “Assets in Australia for General Insurers”, valuation of liabilities as per GPS 210 “Liability Valuation for General Insurers”, balance sheet and market risk as per GGN 220.3 “Balance Sheet and Market Risk”, credit quality risk as per GGN 220.4 “Credit Quality”, operational risks as per GGN 220.5 “Operational Risk”, risk arising out of reinsurance arrangements as per GPS 230 “Reinsurance Arrangements for General Insurers”, and other prudential requirement(s) [list known APRA specified requirements beyond those required by Prudential Standards] specified in writing by APRA: and

•

• the interests of policyholders of [general insurer] are likely to be adversely

affected. Firm……………………………….….….. Signature (Partner)………………………. Date………………………………………

- 46 -

Documents

Audit Implications of Prudential Reporting …...2003/03/24 · GPS 220, including those for audit periods where transitional arrangements apply; (c) provides example engagement letters