• Section 1 - Purpose and Scope
• Purpose
• Scope
• Legislative alignment
• Section 2 - Definitions
• Section 3 - Policy Principles
• Section 4 - Roles and Responsibilities
• Council
• Audit and Risk Management Committee
• Vice-Chancellor
• Vice Chancellor's Group
• Compliance Leads
• Heads of Work Units
• Governance Services
• Office of Business Intelligence and Quality
• Staff Members
• Section 5 - Record Keeping
• Section 6 - Associated Documents

Section 1 - Purpose and Scope

Purpose

(1) This Policy establishes a flexible compliance management framework to provide clear accountability and responsibility for the University’s compliance obligations and to establish appropriate identification, allocation, reporting and oversight of University-wide compliance controls. 

(2) The framework is based on the ASO ISO 37301:2023 Compliance Management System guidelines and adopts a risk-based approach to compliance management. 

Scope

(3) The Policy applies to:

1.  the University and its controlled entities; and
2. all University staff members, students and affiliates.

Legislative alignment

(4) This Policy supports compliance with:

1. Southern Cross University Act 1993 (NSW), section 16
2. Higher Education Standards Framework (Threshold Standards) 2021 (Cth), Standard 6.2.1(a) and (k).

Section 2 - Definitions

(5) For the purpose of this Policy:

1. Compliance Controls means the actions, activities, policies and procedures that support compliance with the relevant Compliance Obligations.
2. Compliance Drivers means an external legislation, regulations, codes, guidelines and standards which impose Compliance Obligations on the University.
3. Compliance Incident means a circumstance, or possible circumstance, that exposes the University to risk of a breach of one or more Compliance Obligations.
4. Compliance Lead means the senior staff member (normally an Executive) assigned accountability for a Compliance Driver as specified in the Compliance Register.
5. Compliance Management Framework consists of:
   1. this Policy 
   2. the Compliance Register, setting out the Compliance Drivers, Obligations and Controls.
6. Compliance Obligation means a legislative or regulatory obligation the University is required to comply with as specified in a Compliance Driver.
7. Compliance Drivers – Risk Descriptors means the document describing the risk allocation (tiers) to be applied to Compliance Drivers.
8. Compliance Register means the list of Compliance Drivers, Obligations and Controls.
9. Key Compliance Obligations means the Compliance Obligations which, if not complied with, have the potential to:
   1. impact the University’s ongoing sustainability or licence to operate; or
   2. result in significant financial penalties or fines, undertakings, criminal sanctions or reputational damage.

Section 3 - Policy Principles

(6) The University operates in a highly regulated environment, requiring it to identify and manage legal and regulatory Compliance Obligations across various jurisdictions.

(7) The University is committed to a positive culture of compliance and effective integration of controls within its daily operations.

(8) The University will:

1. adopt a compliance management framework that supports the implementation of proportionate, flexible and sustainable compliance processes;
2. take a risk-based approach to prioritisation, resource allocation and investment in compliance activities which is informed by risk analysis and with reference to the Compliance Drivers - Risk Descriptors;
3. maintain clear accountability and responsibility for Compliance Drivers and Compliance Obligations;
4. monitor the statutory and regulatory environment and maintain a Register of Compliance Obligations.
5. build a culture of compliance at both an institutional and individual level where identifying and managing compliance is accepted as everyone’s responsibility;
6. establish transparency and oversight to Council, its committees, the Vice Chancellor's Group and senior management that Key Compliance Obligations are being effectively managed.
7. Support education and training in compliance as an essential tool in developing and maintaining a culture of compliance.

Section 4 - Roles and Responsibilities

Council

(9) The Council has overarching accountability for the University’s compliance with its Compliance Obligations.

Audit and Risk Management Committee

(10) The Audit and Risk Management Committee is responsible for:

1. oversight of the University's compliance management activities; and
2. Liaising with management in monitoring Key Compliance Obligations and, where appropriate, reporting to Council
3. to provide assurance concerning the management of compliance within the University.

Vice-Chancellor

(11) The Vice-Chancellor is responsible for overall effectiveness of the compliance management framework, including:

1. Overall compliance management across the University;
2. maintaining alignment between the University’s strategic and operational objectives and its Compliance Obligations;
3. promoting an appropriate compliance management culture across the University;
4. allocating adequate and appropriate resources to enable effective compliance management;
5. reporting on the management of the University’s Key Compliance Obligations to the Audit and Risk Management Committee and University Council.

Vice Chancellor's Group

(12) The Vice Chancellor's Group have collective and individual accountability for the management of compliance as Executives of the University. They are accountable for the oversight, implementation, management and embedding of the Compliance Management Framework across their portfolios, including:

1. Promoting a compliance culture across the University;
2. ensuring compliance with this Policy;
3. allocating the right skills and resources to effectively implement the Compliance Management Framework throughout the University.

Compliance Leads

(13) Compliance Leads are responsible for managing the Compliance Obligations arising from the Compliance Drivers for which they are accountable, including:

1. being aware of the Compliance Obligations and evaluating the risks of non-compliance using the risk assessment process set out in the Enterprise Risk Management Framework;
2. monitoring the effectiveness of Compliance Controls and developing and implementing further controls to achieve compliance where required;
3. ensuring the Compliance Obligations are supported by University policies, procedures and processes;
4. managing compliance breaches and remediation processes for relevant Compliance Obligations;
5. reporting to the Vice Chancellor's Group on compliance performance;
6. reporting compliance breaches to external authorities, as relevant, with the Pro Vice-Chancellor (Academic Quality) responsible for reporting any material breach to TEQSA.
7. supporting and facilitating compliance assurance, review and enhancement activities for relevant Compliance Obligations.

Heads of Work Units

(14) Heads of Work Units are responsible for managing day-to-day compliance within their area, including:

1. maintaining and monitoring Compliance Obligations and Controls to ensure Controls are effective, and fit for purpose;
2. ensuring all staff within their Work Unit comply with the University’s compliance management framework and supporting policies, procedures and processes;
3. advising Compliance Leads and other key stakeholders of compliance incidents and compliance risk exposures within their Work Unit;
4. ensuring staff have the appropriate competence through training and support that enables them to fulfill compliance requirements within their functional areas;  
5. contributing to the management of compliance breaches and remediation processes for Compliance Obligations within their area;
6. supporting and participating in compliance assurance, review, and enhancement activities as directed; and
7. promoting an appropriate compliance management culture within their areas of responsibility.

Governance Services

(15) Governance Services is responsible for the operation of the Compliance Management Framework, including

1. maintaining the Compliance Register
2. providing guidance and advice to stakeholders on current, new, and emerging compliance exposures, in consultation with Compliance Leads and other key stakeholders;
3. facilitating and supporting the monitoring, review, and enhancement of the Compliance Management Framework, policies, systems and processes;
4. reporting to Compliance Leads and the Vice Chancellor's Group on Compliance Obligations.

Office of Business Intelligence and Quality

(16) Office of Business Intelligence and Quality is responsible for providing advice and guidance to Compliance Leads and Heads of Work Units;

1.  to ensure that any changes to Compliance Obligations are implemented at an operational level including updating business processes and ensuring communications and training are provided to staff;
2. about risks to Compliance posed by a Compliance Incident and appropriate responses to resolve the issue or mitigate the risk.

Staff Members

(17) All staff are required to:

1. familiarise themselves with the Compliance Management Framework and apply to their roles, as relevant;
2. report compliance concerns and suspected areas of non-compliance to Compliance Lead; and
3. participate and complete any required training.

Section 5 - Record Keeping

(18) The Compliance Register records compliance accountability for Compliance Drivers and associated Compliance Obligations that the University has exposure to.

(19) All records relating to complaint management are recorded and stored in accordance with the Records Management Policy and Records Management Procedures.

Section 6 - Associated Documents

(20) This Policy should be read in conjunction with:

1. Enterprise Risk Management Framework
2. Work Health and Safety Policy 
3. Fraud and Corruption Prevention Policy
4. Academic Quality, Standards and Integrity Policy