1. Purpose of policy
1.1 The purpose of this policy is to provide a framework for the University to manage its legal and compliance obligations.
1.2 This policy must be read in conjunction with the linked Compliance Management Framework - Procedures.
2. Policy scope and application
2.1 This policy applies to all staff, and members of University decision-making or advisory bodies.
2.2 This policy is consistent with Australian Standard AS ISO 19600:2015: Compliance Management Systems and is supported by related procedures.
Refer to the University’s Glossary of Terms for definitions as they specifically relate to policy documents.
Compliance meaning all the organisation’s compliance obligations which refer to compliance requirements, or compliance commitments (Australian Standard AS ISO 19600:2015).
Management system means the set of interrelated or interacting elements of an organization that establish policies and objectives and processes to achieve those objectives (Australian Standard AS ISO 19600:2015 Compliance management systems).
4. Regulatory background
4.1 The University of the Sunshine Coast Act 1998 establishes the University as a statutory body, and the Council as its governing body with general powers to do anything necessary or convenient to govern the University provided this is in the University’s interests.
4.2 Universities undertake a wide range of activities and as such are subject to a vast range of compliance obligations under multiple State and Commonwealth agencies. This includes but is not limited to, the Higher Education Support Act 2003, the Tertiary Education Quality and Standards Agency Act 2011 and the Education Services for Overseas Students Act 2000.
4.3 Queensland Treasury has developed the Statutory Body Guide (the Guide) to assist statutory bodies in assessing their obligations under the Financial Accountability Act 2009 (the Act), Financial and Performance Management Standard 2009 (the Standard) and Financial Accountability Handbook (the Handbook).
4.4 While the Guide is not mandated, it is considered best practice and recommends agencies establish a compliance framework to ensure that the requirements of all legislation applicable to the agency are complied with.
(a) Section 7 of the Standard requires agencies to establish an appropriate governance framework to outline the way the agency manages the performance of its functions and operations.
(b) The Handbook identifies various foundation principles which underpin the Act including the requirement to administer agencies in the most efficient, effective and economical manner within legislative requirements.
5. Policy statement
5.1 The University, as a public entity, is committed to ensuring that it complies with all international, national and state legislation, accountability frameworks, regulations, codes of practice, standards and similar that are applicable to the operations and governance of the University and its activities. The University will maintain the highest standards of diligence in all areas of public accountability, through its policies, in meeting its legal obligations and in the maintenance of the Compliance Management Framework.
6. Compliance Management Framework
6.1.1 The University’s Compliance Management Framework is founded on the following principles:
(a) the sponsorship and support from University’s Council and Audit and Risk Management Committee for the University's compliance program;
(b) the active engagement of senior management in the identification and management of compliance issues and risks; and
(c) the allocation of resources throughout the University to manage compliance obligations.
6.2.1 The University’s Compliance Management Framework (refer to Diagram 1) comprises:
(a) Commitment -
(i) a Compliance Management Framework – Governing Policy that is approved by Council and aligns to the University’s strategic objectives;
(ii) top down commitment from Council and Executive to promote effective compliance practices across the University;
(iii) an Audit and Risk Management Committee that oversees the outcomes of the compliance process;
(iv) a Senior University Officer who is responsible for overseeing the implementation of the Compliance Management Framework, this person will be the Director, Governance and Risk Management; and
(v) a University Register of Compliance Obligations created to identify and record the key compliance requirements for and within the University, and will assign relevant responsibilities for these obligations.
(b) Implementation -
(i) Cost Centre Managers who are primarily responsible for the management of compliance obligations which affect their area of responsibility, this includes, but is not limited to, Workplace, Health and Safety obligations;
(ii) training delivered annually as part of the quarterly compliance attestation process as well as more general training on risk and compliance that is undertaken on a regular basis;
(iii) a culture where compliance is encouraged and recognised; and
(iv) controls established to manage the compliance obligations.
(c) Improvement -
(i) the University’s Compliance Framework is reviewed at least annually and improvements are made as part of the review, or wherever it is deemed necessary; and
(ii) where non-compliance is identified, appropriate steps by the Cost Centre Manager will be taken to address the breach, implement actions to strengthen the control environment and manage any consequences.
(d) Monitoring -
(i) Compliance performance is monitored quarterly as part of the quarterly compliance attestation process, and throughout the year as part of ongoing oversight; and
(ii) Internal Audit also undertakes monitoring of compliance activities and other areas of the University will undertake specific monitoring where relevant.
Diagram 1 – Compliance Management Framework
7. Potential compliance failure
7.1 The University encourages the proactive reporting of potential compliance breaches, issues, incidents and complaints.
7.2 Staff who knowingly and recklessly breach the University’s compliance obligations may be subject to applicable legislative penalties or disciplinary action.
Responsible for the monitoring of compliance with legislative and regulatory requirements.
Audit and Risk Management Committee
Responsible for all compliance matters and is accountable to Council for compliance across the whole of the University. Responsible for promoting a culture committed to lawful and ethical behaviour.
Vice-Chancellor and President
Responsible and accountable to the Vice-Chancellor and President to oversee implementation of the Compliance Management Framework across the University, the Register of Compliance Obligations and quarterly Compliance Reporting to ARMC.
Director, Governance and Risk Management
Responsible and accountable to the Vice-Chancellor and President for:
- management of the Cost Centre’s compliance obligations and compliance reporting;
- the appointment or designation of at least one person for compliance reporting, unless otherwise recorded in the Register this person will be the Cost Centre Manager;
- reviewing and updating each obligation at least quarterly as part of the compliance reporting process and identifying new obligations or changes in obligations by monitoring legislation or advice from staff;
- assisting with the organisation and coordination of risk assessments, internal audits and compliance reviews that involve their cost centre; and
- identifying and arranging for the provision of appropriate training that may be needed to improve or ensure compliance within their Cost Centre.
Cost Centre Managers
Responsible and accountable to the relevant Cost Centre Manager for compliance as it pertains to their work, Cost Centre or area of operation.
Evaluating the systems established to ensure compliance with those policies, plans, procedures, law and regulations which could have a significant impact on the University.