View Current

Compliance Management procedure

This is not a current document. To view the current version, click the link in the document's navigation bar.

Section 1 - Preamble

(1) This Procedure is effective from 4 April 2017.

Top of Page

Section 2 - Purpose

(2) This Procedure outlines the requirements for recording, prioritising and monitoring the University's compliance obligations as part of an integrated risk-based compliance approach to effective corporate governance.

Top of Page

Section 3 - Scope

(3) This Procedure applies to all staff and associates of the University.

Top of Page

Section 4 - Policy

(4) This Procedure is pursuant to the Risk Management policy.

Top of Page

Section 5 - Procedure

(5) The University's compliance management program is based on the AS 3806-2006 Australian Standard: Compliance programs. The Compliance Management Framework articulates the process for identifying, recording, evaluating, prioritising and monitoring the University's compliance obligations. The Framework details a structure for responsibilities and accountabilities and specifies the broader compliance management approach for the University, which all staff are expected to follow.

Compliance obligations

(6) Compliance obligations relevant to the University are documented in the University's compliance obligation register which is maintained by the Risk and Compliance Unit.

(7) Compliance obligations can be internal or external to the University and can be identified through a number of methods including monitoring of legislative and regulatory updates, facilitation of compliance working groups, and through other benchmarking activities.

(8) Compliance obligations are risk assessed by the Risk and Compliance Unit and prioritised according to their inherent risk ratings, consistent with the University's Risk Matrix Table and the Risk Management procedure.

(9) Compliance risks will be created for the obligations with very high and high inherent risk ratings. These will link to the University's strategic risk register and inform the University's compliance priorities. All compliance risks will be subject to the risk management process as prescribed by the Risk Management procedure.

(10) The University Solicitor is available to advise all Faculties and Portfolios in respect of their legislative compliance obligations. The Risk and Compliance Unit will work with the University Solicitor to determine the impact of non-compliance with the legislation and appropriately risk assess the new or amended compliance obligations.

(11) A Compliance Obligation Owner and a Compliance Implementation Officer will be determined for each compliance obligation, who will have overall responsibility for managing compliance with obligations throughout the University. The most appropriate staff to hold these positions will be determined by the University Executive and/or senior management in consultation with the Risk and Compliance Unit.

(12) The Compliance Obligation Owner and Compliance Implementation Officer will, in consultation with the Risk and Compliance Unit, determine which Faculties and Portfolios the compliance obligation will apply to, and this will inform the Faculty or Portfolio’s overall compliance profile.

(13) The Risk and Compliance Unit will work with the Compliance Implementation Officer and Compliance Obligation Owner to identify key controls relating to the compliance obligation, and recording these in the compliance obligations register. Where additional controls are identified as being necessary, treatment plans will be developed for implementation by the Compliance Implementation Officer.

(14) Compliance obligations and their associated controls will be actively monitored by the Compliance Obligation Owner. Changes to compliance obligations and their associated controls can be made by the Compliance Obligation Owner.

(15) The Risk and Compliance Unit will work with Compliance Obligation Owners and Compliance Implementation Officers to ensure that compliance obligations are managed proactively and proportionately according to their inherent risk ratings. The Risk and Compliance Unit will have an assurance schedule which will include compliance risks.

(16) The Risk and Compliance Unit will provide quarterly compliance reporting to the University Executive, the Audit and Risk Committee and any other University committee as appropriate.

(17) All members of the Executive, Executive Directors and Directors will participate in the University's annual compliance attestation process. This process will be managed centrally by the Risk and Compliance Unit. Results will be reported to the Executive and Audit and Risk Committee.

Breach management

(18) All breaches must be managed in accordance with the Breach Management procedure.

Top of Page

Section 6 - Definitions

(19) For the purpose of this Procedure:

  1. attestation process: a verification process undertaken by all senior staff whereby they attest to compliance/non-compliance with the obligations that are relevant to their areas of operation throughout the University.
  2. compliance: as defined in the Risk Management policy.
  3. compliance breach: an occurrence of non-compliance with legislation, regulations, codes of practice and standards, as well as University legislation, policies and procedures.
  4. Compliance Management Framework: a document outlining all the relevant components and processes for compliance management across the University to ensure consistency of compliance management application.
  5. compliance management program: as defined in the Risk Management policy.
  6. compliance obligation: laws, regulations, codes, standards, policies and procedures the University is required to comply with.
  7. compliance obligation register: a record maintained by the Risk and Compliance Unit used to identify the University's compliance obligations and to assess the risk, impact and likelihood of non-compliance with these obligations. Key compliance activities and controls for these obligations are documented within the register.
  8. compliance profile: a description of a set of compliance obligations that can relate to the whole university, part of the university, or as otherwise specified. This typically includes some representation of the level/magnitude of the compliance obligations and associated risks involved.