(1) This procedure: (2) See the Risk Management Policy. (3) This procedure supports the Risk Management Policy. (4) Meeting the University's compliance obligations is an essential part of everyone’s role at the University. The University recognises that effective compliance management supports accountability, good governance and achievement of its strategic objectives. (5) The University is committed to ensuring that compliance is integrated into day-to-day operations and decision-making, to support an appropriate risk culture of ethical conduct, compliance, continuous improvement and quality enhancements within a framework of public accountability. (6) Doing the right thing underpins the University’s values and is a key part of its culture and reputation. Escalating and reporting compliance breaches is part of everyone’s role at the University. (7) This procedure leverages the principles of AS ISO 37301 – Compliance Management Systems – Requirements with Guidance for Use. (8) To assist staff to effectively manage compliance, the University has established a set of interrelated systems, controls and processes, supported by the University's policies and procedures, that support a culture of compliance and ethical conduct at the University, under the guiding principles of the Risk Management Policy. (9) The compliance management processes provide consistent, transparent and measurable processes for: (10) All staff actively engage in compliance management in day-to-day operations in all areas of responsibility and must: (11) Compliance with legislation, regulations and substantive standards and codes is managed through reference to the Legislative Compliance Guide (the LCG). The LCG identifies the University's substantive legislative obligations and assigns management and oversight of each of those obligations to relevant staff. (12) All staff should refer to the LCG for relevant compliance obligations any time they are introducing new, or making changes to, existing systems, processes or policies. (13) Staff assigned obligations in the LCG are: (14) The Risk and Compliance Unit is responsible for coordinating the annual attestation process and reporting the outcome of the attestation to the Audit and Risk Committee. (15) Compulsory training courses, such as through the ELMO platform, must be completed by all relevant staff for key legislative instruments. Retraining for these courses is required periodically. (16) Students must also complete relevant compulsory online training regarding key legislative obligations, as required either at the commencement of or during the course of their studies. (17) Relevant staff and students must complete their compulsory training courses within the required timeframe: (18) In addition to the University's legislative obligations, staff must also comply with voluntary compliance obligations the University has chosen to meet, managed through reference to the University's policies, procedures, guidelines and processes. Voluntary compliance obligations may be derived from a range of sources, including but not limited to: (19) Persons affiliated with the University must also conduct themselves in accordance with their legal obligations and the University's policies and procedures (this includes but is not limited to the University's rules, policies, procedures, guidelines and processes). (20) Where operational processes are delivered by a third party, the University retains responsibility for ensuring the third party meets the University's compliance obligations. As a result, the University must satisfy itself that the third party’s processes and internal controls are adequate to meet the University's compliance obligations. (21) All staff are responsible for identifying, assessing and managing compliance as part of their day-to-day activities, in line with their first line obligations defined in the Risk Management Policy. (22) Executive Leadership Team members are responsible for ensuring their portfolio’s operating systems, processes and activities meet the University's compliance obligations including: (23) Actual or potential compliance breaches with legislative and other obligations may be identified through monitoring of day-to-day activities, complaints or compliance review processes, including annual attestations, staff reporting, internal and external audits, risk assessments and compliance reviews. (24) Escalating and reporting actual or potential compliance breaches supports: (25) Staff must report actual or potential compliance breaches to their supervisor and the Risk and Compliance Unit as soon as reasonably practicable, generally within 24 hours of identification. Include as much information as possible about the matter and how it occurred. (26) Management of the relevant business unit must ensure the matter has been reported to the Risk and Compliance Unit and work with the Risk and Compliance Unit to assess and resolve the matter. (27) Actual or potential compliance breaches will be reviewed as soon as practicable to: (28) Where immediate action is required to protect the wellbeing of people, animals or the environment, the Risk and Compliance Unit will escalate the matter to the relevant Executive Leadership Team member. (29) The Director, Risk and Compliance, will assess the actual or potential compliance breach to determine: (30) The Risk and Compliance Unit maintains a compliance issues register as a record of all reported actual or potential compliance breaches, outcomes of root cause analysis, lessons learnt, and confirmation of any compliance breaches reported to external agencies. (31) Preventative and corrective actions identified are included in the enterprise actions register and items will be monitored, validated and closed in line with the Risk Management Procedure. (32) In consultation with the Vice-Chancellor and University Secretary, the Director, Risk and Compliance will report a summary of reported compliance issues to the Executive Leadership Team and Council. (33) The Risk and Compliance Unit will provide updates to the individual who makes a report (where applicable and where appropriate to do so), advising of any recommendations and/or actions taken in regard to the actual or potential compliance breach. (34) In line with the University's Code of Conduct, staff must report any breaches of the Code of Conduct and any suspected corrupt conduct, maladministration or serious or substantial waste of public money to an appropriate authority. For more details on staff obligations, see the Public Interest Disclosure (Whistleblowing) Policy. (35) It is a breach of this procedure to victimise anyone for coming forward to provide information in respect of an actual or potential compliance breach. Allegations of victimisation should be referred to the University Ombudsman to be managed in line with the Complaints Management Policy. (36) The University supports education and training in compliance as an essential mechanism in developing and maintaining a culture of compliance. (37) The University implements education and training programs to increase awareness of compliance and the responsibilities of managers and all members of staff to understand and fulfil their obligations. (38) Nil. (39) This procedure uses the following terms:Compliance Management Procedure
Section 1 - Purpose
Scope
Section 2 - Policy
Section 3 - Procedure
Compliance principles
Compliance management processes
Compliance with legislation
Other compliance requirements
Third-party arrangements
Managing compliance breaches
Identifying actual or potential breaches (See it)
Reporting actual or potential compliance breaches (Report it)
Response to reports of actual or potential compliance breaches (Sort it)
Education and training
Section 4 - Guidelines
Section 5 - Glossary
Top of PageSection 6 - Document context
Compliance drivers
NA
Review requirements
As per Policy Framework Policy
Document class
Governance
View Current
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.