Past Event: Tuesday, August 30, 2022

CPS 234 Tripartite Reviews for PHIs

APRA has begun issuing notices to private health insurers to start preparing for CPS 234 Tripartite Reviews, which involves engaging a third party Independent Auditor to undertake a thorough CPS 234 compliance audit, with results reported directly to APRA.

Whilst each entity will receive a tailored notification, the notifications issued in the last few weeks have provided deadlines ranging from April 2023 to July 2023. You may feel as though there's significant time to plan and prepare for the tripartite audit, however in our experience, it's highly beneficial to begin engaging with your chosen auditor as soon as possible.

Acting quickly will provide time to agree the detailed audit requirements upfront, time for your auditor to become familiar with your environment, and the opportunity to schedule the audit fieldwork at a time that’s least disruptive to your business.

Listen back to our webinar where we’ll take you through what a CPS 234 audit looks like in practice and steps you can begin taking now to prepare for this significant audit requirement.

This webinar is also relevant for general insurers and superannuation funds, who we understand have begun to receive notices from APRA.

Featured speakers

Matthew Green
Partner

Matthew brings 19 years’ experience in providing IT risk assurance and advisory services to listed, Government and private enterprise. His extensive IT risk assurance and advisory experience covers business and technology across strategy, governance, operations, service delivery, procurement, major projects, data risk management and 3rd party auditing.

Daniel Farthing
Partner

Daniel is a cyber security risk and technology controls Partner based in Grant Thornton's Sydney office. With 15 years of experience in the United States and Australia, Daniel is one of the market's leading experts on SOC-2 and technology controls audits more broadly -- including reviews with a focus on cyber/information security, access, change management, data governance and processing integrity.