Compliance Management Framework - Procedures

Accessibility links

Compliance Management Framework - Procedures


Approval authority
Vice-Chancellor and President
Responsible officer
Chief Operating Officer
Designated officer
Chief Operating Officer
First approved
23 February 2016
Last amended
24 May 2018
Effective start date
24 May 2018
Review date
24 May 2023
Related documents
Audit and Assurance Framework - Governing Policy
Compliance Management Framework - Governing Policy
Compliance Management Framework: Annual Compliance Review - Procedures
Compliance Management Framework: Breach Reporting - Procedures
Critical Incident Management - Governing Policy
Enterprise Risk Management - Governing Policy
Fraud and Corruption Control - Governing Policy
Governance Framework - Governing Policy
Health, Safety and Wellbeing - Governing Policy
Related legislation / standards
University of the Sunshine Coast Act 1998
Financial and Performance Management Standard 2009 (Qld)
Financial Accountability Act 2009 (Qld)
Work Health and Safety Act 2011 (Qld)
Work Health and Safety Regulations 2011 (Qld)
AS ISO 196000:2015 Compliance management systems
Download PDF

1. Definitions

Please refer to the University’s Glossary of Terms for policies and procedures.

2. Purpose of procedures

The procedures that follow must be read in association with the Compliance Management Framework – Governing Policy and other related procedures.

The intent of these procedures is to:

  • provide detailed elements relating to the operation and implementation of the University’s Compliance Management Framework;
  • assign specific accountabilities and responsibilities for components of the University’s Compliance Management Framework; and
  • enable the gathering of information to facilitate monitoring and reporting of compliance performance within the University.

3. Elements of the Compliance Management Framework

Successful achievement of the policy objectives will require recognition and incorporation of the following elements:

3.1 Commitment

3.1.1 The Compliance Management Framework – Governing Policy outlines the University’s commitment to maintain and improve the Compliance Management Framework and processes. Accordingly, the University will allocate appropriate resources to the development, implementation and continuous improvement of its Compliance Management Framework.

3.1.2 Council, through the Audit and Risk Management Committee, is responsible for overseeing the University’s compliance with legislation, regulatory requirements, reporting obligations, and University policies.

3.1.3 Compliance is the responsibility of all University staff.

3.1.4 Corporate Services will have overarching responsibility for:

a. the design and implementation of the Compliance Management Framework;

b. coordinating, managing and maintaining the Register of Compliance Obligations; and

c. providing oversight of compliance across the University.

3.1.5 All Cost Centre Managers are accountable for ensuring compliance with all legislative obligations, standards and best practice guidance and for putting the necessary controls and processes in place to manage their compliance obligations. This includes ensuring Higher Degree Research (HDR) students are aware of their obligations, with supervisors monitoring student compliance with relevant legislative requirements. Cost Centre Managers are responsible for keeping abreast of changes and updates to existing legislation and identifying new obligations. Responsible Officers will need to attest to compliance annually.

3.1.6 All staff must be aware of compliance responsibilities that apply to their area of work or activities, and ensure that their actions on behalf of the University comply with relevant laws, industry codes and organisational standards. It is the responsibility of Cost Centre Managers to ensure staff have appropriate information to ensure compliance.

3.2 Implementation

3.2.1 The University will adopt a risk-based approach to the implementation of its compliance obligations.

3.2.2 All compliance obligations are important, with the University having a conservative risk appetite for regulatory and compliance risk. Higher risk obligations require additional oversight and controls to ensure the risk of any potential non-compliance in any of these areas is minimised.

3.2.3 Compliance obligations will be classified as High, Medium or Low risk. The classification will be undertaken within Corporate Services. Higher risk obligations have a major impact on the University and are critical to its functioning. The obligations will be assessed against the following criteria:

1.relevant importance to the University’s functions and operations;

2.potential consequences of non-compliance;

3.inherent risk associated with compliance, including the breadth and complexity of the legislation; and

4.relationship to the University’s Strategic Plan.

3.2.4 If a Responsible Officer disagrees with the risk-rating of a compliance obligation, they should notify the University Risk Manager.

3.2.5 Compliance responsibilities will be identified and promulgated through the Register of Compliance Obligations. Each Responsible Officer identified in the Register of Compliance Obligations must liaise with other areas of the University where the relevant obligation exists to ensure they are comfortable with the controls and processes in place for managing the obligations.

3.2.6 Behaviours that create and support compliance will be encouraged. Behaviours that compromise compliance will be investigated.

3.3 Monitoring and Review

3.3.1 Systems, procedures and controls will be implemented to support the monitoring of compliance obligations against the requirements of the Compliance Management Framework.

3.3.2 Corporate Services will be responsible for reviewing and maintaining the Register of Compliance Obligations, the Compliance Management Framework – Governing Policy and systems which support the compliance management framework within the University.

3.3.3 Corporate Services will report at least annually to Council on the University’s framework program, via the Audit and Risk Management Committee.

3.3.4 The Compliance Management Framework will be reviewed each year following the annual compliance attestation process.

3.3.5 If issues impacting compliance are identified throughout the year, Cost Centre Managers will take appropriate action to address the issue and implement additional controls to strengthen compliance.

4. Register of Compliance Obligations

4.1 The Chief Operating Officer is responsible for maintaining a Register of Compliance Obligations.

4.2 The Register of Compliance Obligations will be updated as an ongoing activity through information and changes identified by Cost Centres throughout the year and will be maintained within the Office of the Chief Operating Officer.

4.3 Cost Centre Managers are responsible for the currency of Compliance Obligations recorded in this Register against their Cost Centre.

4.4 Cost Centre Managers should convey to the University Risk Manager advice of any new obligations or any changes to existing ones.

5. Records management

The Register of Compliance Obligations and responses that support the annual attestation process must be maintained according to the University’s Information and Records Management - Procedures.


Back to top

Pro tip: To search, just start typing - at any time, on any page.

Searching {{ model.SearchType }} for returned more than {{ model.MaxResults }} results.
The top {{ model.MaxResults }} of {{ model.TotalItems }} are shown below.

Searching {{ model.SearchType }} for returned {{ model.TotalItems }} results.

Searching {{ model.SearchType }} for returned no results.