• Section 1 - Purpose
• Section 2 - Glossary
• Section 3 - Policy
• Section 4 - Procedures
• Part A - Review of training completion
• Requirement to complete training
• Review procedure
• Part B - Audit of research projects
• Part C - Benchmarking
• Part D - Non-compliance
• Notification of non-compliance
• Section 5 - Guidelines

Section 1 - Purpose

(1) This audit framework is structured to include multiple checkpoints for ensuring compliance of research activities with the Defence Trade Controls Act 2012.

(2) This audit framework has been developed in line with the policies and procedures established by the National Security Compliance Committee to guide researchers and their supervisors in remaining compliant with the Defence Trade Controls Act 2012.

Section 2 - Glossary

(3) For the purpose of this framework:

1. Act – means the Defence Trade Controls Act 2012.
2. Defence Export Controls (DEC) – means the Australian Government agency responsible for oversight and regulation of Australian defence export controls.
3. ELMO module – means the Defence Trade Controls Act ELMO module, an online training package hosted by Charles Sturt University. 
4. Export control – refers to both the tangible export and intangible supply, publication or brokering of controlled goods or technology outside of Australia, as regulated under the Customs Act 1901, the Defence Trade Controls Act 2012, and other associated legislation and regulations.
5. Researcher – means any staff member, person awarded honorary or academic status by the University, student, or person otherwise associated with the University, who conducts research in the course of employment, study or a formal research affiliation with the University.

Section 3 - Policy

(4) This procedure supports the Research Policy and should be read alongside that policy.

Section 4 - Procedures

Part A - Review of training completion

Requirement to complete training

(5) The Defence Trade Controls Procedure lists all staff required to complete the training specified by the National Security Compliance Committee.

(6) It is the responsibility of all Heads of School and Centre Directors to monitor personnel within schools and centres who may be at risk of conducting activities that fall under the scope of the Act and direct them to complete the required training. 

(7) Personnel who request information from the National Security Compliance Committee will be referred to the following documents, available via the Defence Trade Controls Committee website:

1. Defence Export Control Compliance Checklist,
2. Defence Trade Controls Procedure, and
3. Defence Trade Controls Act ELMO module.

(8) Annually in July, the National Security Compliance Committee will send a reminder to all heads of school and centre directors of their responsibilities in ensuring compliance of all researchers under their purview with the Act and include a link to the Defence Trade Controls Procedure.

Review procedure

(9) The National Security Compliance Committee will review completion of the required training module/s each trimester. Training completion reports will be a standing item in the agenda of each National Security Compliance Committee meeting and non-compliance discussed.

(10) The Research Integrity Unit will generate a report containing:

1. completion rates,
2. the names of personnel who have completed the module, and
3. the names and email addresses of personnel who are enrolled but not yet completed the module, and their manager’s name and email address.

(11) The National Security Compliance Committee will report on the review of training completion in the quarterly compliance committee reports to the Audit and Risk Committee.

Part B - Audit of research projects

(12) The National Security Compliance Committee (NSCC) will conduct an annual audit of approved research projects to ensure that research projects that fall under the scope of the Act have not been undertaken without a permit.

(13) The audit of approved projects should be conducted in the first half of each calendar year.

(14) Each January, a sample of research proposals approved in the previous calendar year will be provided to the NSCC, as follows:

1. The Research Integrity Unit will request from the Research Office a random sample of 10% of both the funded research proposals and HDR proposals that were approved between 1 January – 31 December of the previous year, including a copy of the Notice to Submit.
2. The Research Integrity Unit will provide a random sample of 10% of the research proposals that were approved by relevant compliance committees between 1 January – 31 December of the previous year.

(15) The sample research proposals will be circulated to committee members who will evaluate them against regulatory requirements. Their responses will be collated and added to the agenda of the next NSCC meeting for discussion.

(16) Based on the recommendation of the committee, the National Security Compliance Committee's presiding officer will notify non-compliant staff of their non-compliance and advise corrective actions.

(17) Incidences of staff non-compliance will be reported to staff line managers, the Deputy Vice-Chancellor (Research) and the Audit and Risk Committee as appropriate.

Part C - Benchmarking

(18) The National Security Compliance Committee (NSCC) will undertake benchmarking against university sector practices as required.

(19) The NSCC will review the documents provided by peer institutions and based on best practice and insights from other institutional processes, provide recommendations for updates to University policies and procedures to the Deputy Vice-Chancellor (Research). If no updates are recommended, the NSCC will provide a null report to the Deputy Vice-Chancellor (Research).

Part D - Non-compliance

Notification of non-compliance

(20) Based on the recommendation of the committee, the National Security Compliance Committee's presiding officer will notify non-compliant staff and their line managers to inform them of the non-compliance and advise corrective actions.

(21) Incidences of non-compliance and corrective actions will be reported to staff line managers, the Deputy Vice-Chancellor (Research) and the Audit and Risk Committee as appropriate.

(22) The National Security Compliance Committee's presiding officer will provide a recommendation that the Deputy Vice-Chancellor (Research) inform the relevant Commonwealth authorities of the non-compliance, as follows:

1. The Department of Immigration and Border Protection will be notified in the event of a confirmed breach relating to physical exports of controlled goods.
2. The Department of Foreign Affairs and Trade (DFAT) will be notified in the event of a confirmed unapproved export to a destination subject to Australia’s autonomous sanctions.
3. Defence Export Controls will be notified in the event of a confirmed breach relating to supply, publication or brokering of controlled technology or software.

(23) If the National Security Compliance Committee is unable to make a clear determination of whether a breach of export control regulations has occurred, the Deputy Vice-Chancellor (Research) will be notified of the situation and Defence Export Controls will be contacted for advice and guidance.

Section 5 - Guidelines

(24) Nil.