Changes to how registered company auditors report breaches

Registered company auditors are now required to report contraventions and suspected contraventions of the Corporations Act 2001 to ASIC through the ASIC Regulatory Portal. Key points and some frequently asked questions are below.

We have recently published more detail about the breach report transaction and how it works in the ASIC Regulatory Portal.

Key points:

  • Effective 30 March 2020 – registered company auditors are now required to submit breach reports to us via the ASIC Regulatory Portal
  • The portal has replaced existing submission channels.
  • Submitting breach reports via online forms on the portal features mandatory fields designed to help auditors comply with their breach reporting obligations. There are no changes to ongoing breach reporting obligations for registered company auditors as a result of this change.
  • The portal also features:
    • A record of previous breach reports.
    • The ability to track the status of submitted breach reports.
    • The ability to correspond with ASIC online about submitted breach reports.

FAQs: Using the ASIC Regulatory Portal

I'm a registered company auditor – what do I need to do?

Most auditors have registered on the ASIC Regulatory Portal as part of their annual industry funding obligations. 

If you are a registered company auditor with an existing ASIC Regulatory Portal account, the new “submit auditor breach report” transaction is now available to you.

This transaction will enable registered company auditors to report contraventions and suspected contraventions under the following sections of the Corporations Act 2001:

  • s.311
  • s.990K
  • s.601HG.

For information about how to find a form or transaction once you are logged in to your portal account, see our FAQ page.

Who is responsible for submitting the breach report?

The lead auditor or the auditor signing off on the audit should submit the breach report through their own individual portal user account. Registering for the portal creates an individual portal user account. Each registered auditor should be registered for access – they will only need to register once.

Breach reports that have been submitted via the portal can also be viewed or downloaded in PDF format at any time.

What information am I required to provide to ASIC as part of the breach report?

We have recently published more detail about the breach report transaction and how it will work in the ASIC Regulatory Portal.

Submitting breach reports via online forms on the portal features mandatory fields designed to help auditors comply with their breach reporting obligations.

There are no changes to ongoing breach reporting obligations for registered auditors as a result of this change.

Can I arrange for someone else to report a breach to ASIC on my behalf via the portal?

Yes. You can invite trusted representatives to act on your behalf in the portal.

If you would like someone to act on your behalf in the portal, you first need to invite them to connect to your account. 

When inviting someone to connect to your account you can define user access levels that control what others can do on your behalf. For example, you can authorise another user to launch and edit a transaction, but only you can submit.

Only a user with Senior administrator or Administrator Access level for an entity can invite other users to connect to that entity.

For more information, including on how to invite someone to connect to your account and user access levels, see the Administration section on the FAQ page.

I've invited someone to connect to my portal account, how do I ensure they don't see confidential information?

The invitation process involves setting an Access level to determine what someone can and can't see and do, on your behalf.

There are four Access levels – Senior administrator, Administrator, Approver and Editor.

  • Senior administrator – can launch, edit and submit a transaction, invite other users to the entity and view other administrative details for an entity.
  • Administrator – can launch, edit and submit a transaction and invite other users to the entity.
  • Approver – can launch, edit and submit a form or transaction, and view other administrative details for an entity.
  • Editor – in general, can launch and edit a form and transaction, but they cannot submit it.

You can also restrict access to transactions in portal – refer to the below section for more information about this.

For more information on setting Access levels, see the Administration section on the FAQ page.

Can I restrict access to transactions in the portal?

Yes. Once you launch a form or transaction, the portal will direct you to a transaction settings page. The transaction settings page asks if you want to restrict access to the transaction. To restrict access, click Yes – restrict access. This will take you to a set restrictions page, which allows you to select users who can access the transaction.

Once you have set the restrictions for a form or transaction, you also have the option to add or remove users later.

For more information on restricting access to transactions, see the Forms and transactions section on the FAQ page.

I've invited someone to connect, can they see which entities I am connected to?

No. A trusted representative cannot view which entities you are connected to.

I'm not on the portal, how do I register?

Go to the ASIC Regulatory Portal homepage and select the blue 'Register' button.

You can connect using your auditor registration number. For more information on how to register, see our user guide.

What is the ASIC Regulatory Portal?

The ASIC Regulatory Portal will become your central access to ASIC's growing suite of digital regulatory services.

Key features:

  • Allows you to act on behalf of multiple entities (individuals or organisations) – for example, you may be a company officeholder (director or secretary of a company) in which case you can register and claim that entity. You can then invite others to act on your behalf or you may be invited by an entity or an officeholder to act on their behalf.
  • Uses information you have previously supplied to pre-fill applications and transactions.
  • Tracks the status of your applications and transactions.
  • Ensures greater security through use of your own individual portal user account and password.
  • Enables you to define user access levels that control what others can do on behalf of an entity or individual – for example, you can authorise another user to launch and edit a transaction, but only you can submit.

Where do I go if I need help using the portal?

The ASIC Regulatory Portal help page has resources to help with using the portal. These include step-by-step user guides, FAQs and videos to help you – from registering your account to connecting your registration and inviting trusted representatives to act on your behalf.

Still have a question?

You can send questions about this change to: feedback.breach@asic.gov.au

What's new

More releases on financial reporting and audit

Last updated: 06/02/2020 12:00