Submitting breach reports on the portal

Registered company auditors are now required to report contraventions and suspected contraventions of the Corporations Act 2001 to ASIC via the ASIC Regulatory Portal. Submitting breach reports via the portal features mandatory fields designed to help auditors comply with their obligations to report breaches.

Important note: there are no changes to the ongoing breach reporting obligations for registered company auditors to report breach as a result of this change to the lodgement process.

Navigate to the sections below for more information on specific topics.

How the transactions work

The forms in the portal are known as transactions. They feature a common design and functionality. When you answer a question in a transaction, you may be requested to provide information specific to your response. This conditional logic ensures that appropriate questions are tailored to the specific details of the breach you are reporting.

About the transaction

Key information is displayed on a landing page before you begin the transaction including:

  • Legislative references
  • Lodgement periods
  • Documents you may need to attach to the transaction
  • Links to regulatory guides and related information
  • Privacy information.

1 Auditor

Restricting access to transactions

When you launch a breach report transaction (or any other transaction) in the portal you will first be asked if you want to restrict access to it on the transaction settings page.

To restrict access, click Yes – restrict access. This will take you to a set restrictions page, which allows you to select users who can access the transaction.

If you choose not to restrict access, all users connected to the account will have access to the transaction. If you choose to restrict access, only users you select will be able to access the transaction.

Once you have set these restrictions, you can add or remove users later.

For more information on restricting access to transaction see the Forms and transactions section on the FAQ page. For more information on how to invite someone to connect to your account and user access levels, see the Administration section on the FAQ page.

2 Auditor

Sections

The breach report transaction has up to 10 sections. The total number of sections you need to complete will depend on the circumstances of the suspected breach. You will need to complete the sections of the transaction sequentially.

3 Auditor

Save a draft, come back later

If you do not have the information required at hand, you can save the transaction as a draft and return later to complete it.

Multiple people can contribute to the draft, provided they have been given access to edit the transaction.

4 Auditor

You can access your drafts from the ‘View all transactions’ page in the portal – where you can then click on an individual transaction. This will take you to a detailed view for that transaction. From here you can continue with the transaction by selecting the ‘Continue transaction’ button.

Auditor 5

For more information on providing access to a transaction see the Forms and transactions section on the FAQ page. For more information on how to invite someone to connect to your account, see the Administration section on the FAQ page.

Download a PDF version

Breach reports that have been submitted via the portal can also be viewed or downloaded in PDF format at any time.

Auditor 6

Return to top

More information captured upfront

Submitting breach reports via the portal will feature mandatory fields and other questions designed to help registered company auditors comply with their obligations to report breaches. Examples of the type of information that is required from the breach report transaction are outlined below.

Identification

You will be required to confirm some current details – some of which will be pre-filled.

7 Auditor

Dates

Based on your knowledge, you will be required to provide details about the date of the breach or suspected breach. Depending on the type of breach and the information you provide, you may be required to specify:

  • When the breach or event first occurred.
  • The last instance of the breach or event occurring.
  • When you first became aware of the issue.
  • Whether or not the breach is continuing.

8 Auditor

Nature of the breach

There are categories to choose from to help you describe the nature of the breach.

9 Auditor

You will be asked to specify, based on your knowledge, the cause/s of the issue/potential breach.

10 Auditor

You will need to specify the name of the Rule or Act and relevant section(s) under the Act.

Auditor 11

Rectification/remediation of the issue

If the organisation has rectified the issue, you will need to select how they have done so, based on your knowledge.

12 Auditor

There are several other questions relating to the rectification/remediation of the issue including:

  • Has the entity/licensee undertaken measures to prevent future issues form occurring?
  • Are you aware of preventative measures that the auditor/entity/licensee will undertake to prevent similar issues occurring in future?
  • Has the entity/licensee completed a remediation process for affected consumers (if applicable)?
  • Are you aware of the date (or approximate timeframe) in which the remediation process will be completed?

Reduced need to attach supporting documentation

There will be limited requirement to attach documentation as part of the transaction. Most of the information ASIC requires will be asked for within the transaction.

Return to top

Invite trusted representatives to transact in the portal on your behalf

The lead auditor or the auditor signing the audit report should submit the breach report through their portal user account. The lead auditor can invite a trusted representative to act on their behalf in the portal.

Invitation process

If you would like someone to act on your behalf in the portal, you first need to invite them to connect to your account. Only a user with Senior administrator or Administrator Access level can invite other users to connect.

For more information on how to invite someone to connect to your account, see the Administration section on the FAQ page.

Setting access levels

When inviting someone to connect to your account you can define user access levels that control what others can do on your behalf. For more information on how to invite someone to connect to your account and user access levels, see the Administration section on the FAQ page.

13 Auditor

For more information, including on how to invite someone to connect to your account and user access levels, see the Administration section on the FAQ page.

Return to top

Last updated: 28/04/2020 02:04