View Current

Compliance Policy

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Preamble

(1) The University Council is responsible for controlling and managing the concerns of the University and to:

  1. approve and monitor systems of control and accountability for the University (including controlled entities) (s16(1B)(f) Southern Cross University Act 1993 (NSW)); and
  2. establish policies and procedural principles for the University consistent with legal requirements and community expectations (s16(1B)(h) Southern Cross University Act 1993 (NSW)).

(2) Southern Cross University is committed to delivering its strategic and operational objectives in accordance with the law and principles of good governance, and with honesty, fairness, trust, accountability and respect.

(3) To do this, the University must comply with a diverse range of State and Commonwealth legislation and regulatory requirements. The University 's Compliance Framework aims to assist the University in its efforts to appropriately manage its compliance obligations.

(4) The Compliance Framework consists of the following, which lists the University's primary compliance obligations:

  1. Compliance Policy
  2. Annual Risk Management and Control Checklist
  3. Central Compliance Register (List of Laws and Compliance Officers)

(5) This framework conforms to the Australian Standard AS 3806 — 2006 Compliance Programs.

Top of Page

Section 2 - Purpose and Scope

(6) This policy establishes the fundamental principles of conduct and commitment for the University and its Controlled Entities with respect to achieving compliance. It also sets the level of responsibility and performance expected by the University against which actions will be assessed.

(7) This policy is designed to:

  1. ensure the University and its Controlled Entities comply with obligations relating to their activities;
  2. foster an environment where staff assume responsibility for compliance;
  3. assess the existing compliance program and promote and implement continuous improvement of processes and procedures; and
  4. develop and support a culture of compliance within the University.

(8) This Policy assists in effective management of operational risk within the legal and regulatory environment in which the University operates.

(9) In addition to assisting the University to carry out its functions effectively and efficiently, this policy is designed to preserve public confidence in the administration of the University.

(10) This Policy should be read in conjunction with:

  1. Central Compliance Register 
  2. Enterprise Risk Management Policy;
  3. Complaints Management Framework; and
  4. Code of Conduct.

Scope

(11) The Policy applies to all Work Units and Controlled Entities of the University, and to all staff members and students who perform work for the University.

Top of Page

Section 3 - Definitions

(12) Central Compliance Register

  1. means the register which lists external legislation, regulations, codes, guidelines and standards which identify the University's obligations. The register operates as an overall guide to the external legislation, regulations, codes, guidelines and standards which the University has to comply with and does not endeavour to identify the range of obligations under any single piece of legislation. The register also identifies the responsible area/division within the University.

(13) Controlled Entity

  1. means an entity controlled by the University within the meaning of section 50AA of the Corporations Act 2001.

(14) Compliance Framework

  1. means the overarching framework which includes this policy, the Annual Risk Management and Control Checklist, and the Central Compliance Register.

(15) Compliance Officer

  1. means a senior appointed person in a Work Unit who is assigned responsibility for specified compliance obligations, including where appropriate maintaining a detailed compliance register and applying risk ratings. See clauses (29) and (30) for a full description of the roles and responsibilities of Compliance Officers.

(16) Detailed Compliance Register

  1. means the registers maintained by each Compliance Officer (where appropriate) for their particular area which identify specific requirements under legislation and indicates what actions are to be taken to achieve compliance. The register refers to the various control mechanisms in place including procedures, reporting, training, and monitoring.

(17) Risk

  1. is as defined in the Enterprise Risk Management Policy.

(18) Risk Identification

  1. is as defined in the Enterprise Risk Management Policy.

(19) Risk Rating

  1. the rating given to a risk according to the University's Risk Rating Matrix by assessing the severity of consequences against the likelihood of the risk occurring.

(20) University

  1. means Southern Cross University.
Top of Page

Section 4 - Policy Statement

Commitment to Compliance

(21) As an international university offering quality undergraduate and postgraduate education, Southern Cross University is subject to a wide range of legislative, regulatory and commercial legal obligations. The University is committed to compliance with these requirements relating to its operations, and to adhering to applicable codes of conduct and best practice.

(22) The University recognises that proper and timely compliance with these obligations is essential for the success of the University, its students and the communities which benefit from the services provided by the University.

Compliance Program

(23) The University's compliance program is in conformance with Australian Standard AS 3806-2006 Compliance Programs, and is an important element of the University's corporate governance framework.

(24) The practical component of the compliance program, namely the compliance procedure, review and complaints handling is described in Section 5 - below and is embedded in the Annual Risk Management & Control Checklist.

Continuous Improvement

(25) The University, through its Compliance Framework, will maintain appropriate standards in the maintenance of legal compliance. It will allocate appropriate resources to the development, implementation and continuous improvement of its compliance program.

Responsibilities and Approvals

Staff Members

(26) Staff members of the University are responsible for adherence to those compliance obligations that apply to activities under their responsibility or in the course of their employment, including monitoring and reporting compliance risk events and incidents of non-compliance to the Manager, Insurance and Risk and undertaking any necessary training in relation to the carrying out of their compliance obligations. Staff members who knowingly and recklessly breach compliance obligations may be subject to disciplinary action by the University.

Council

(27) The Council is the governing authority of the University and is responsible for overseeing risk management and risk assessment across the University, including the University's overall compliance with external legislation, statutory and regulatory requirements, reporting obligations, and University procedures, codes and policies.

The Vice-Chancellor

(28) The Vice-Chancellor is responsible for:

  1. approving the University's Compliance Policy and associated Compliance Framework and ensuring that these are aligned with the University's strategic and operational objectives and with relevant state and federal legislation;
  2. in consultation with Council, taking necessary preventive and corrective actions to address any problems identified with regard to compliance;
  3. ongoing monitoring and assessment of compliance programs; and
  4. fostering a culture of compliance and good corporate citizenship.

Compliance Officers

(29) Compliance Officers are appointed senior persons who are assigned responsibility for specified compliance obligations. There may be multiple responsible officers for certain obligations.

(30) Compliance Officers are responsible for:

  1. being aware of and adhering to the obligations set out by the relevant external legislation, regulations, codes, guidelines and standards listed in the Central Compliance Register
  2. where it is appropriate, establishing and maintaining a Detailed Compliance Register;
  3. applying a Risk Rating for each obligation identified in the compliance register for the particular area in accordance with the University's Enterprise Risk Management Policy;
  4. in consultation with the University's Manager, Insurance and Risk, at least yearly, evaluating the Risk, the Risk Treatments identified for each obligation, monitoring compliance and reporting on any incidents of non-compliance and the remedial action taken to address them, including any ongoing non-compliance issues to the Manager, Insurance and Risk; and
  5. maintaining a record of all incident reports and incidental compliance documents.
Top of Page

Section 5 - Procedures

Incident reports handling

(31) All incident reports shall first be provided to the Manager, Insurance and Risk. Additionally, all breaches of legislation shall be reported to the Vice-Chancellor.

(32) The Manager, Insurance and Risk will assess each of the Risks of the complained matter and/or reported incident. When necessary, they will assign the matter to a particular Compliance Officer or relevant department within the University for further action, including Risk Rating.

(33) The Manager, Insurance and Risk must be consulted regarding the progress of any investigations into the incident.

(34) Complaints about non-compliance or related issues can also be dealt with through the University's Complaints Framework or Public Interests Disclosure Policy.

Reporting

(35) Executives and heads of relevant departments within the University must provide the Manager, Insurance and Risk with yearly compliance reports via the Annual Risk Management & Control Checklist, including:

  1. incidents of non-compliance, the cause and any remedial action proposed or undertaken; and
  2. any compliance issues arising.

(36) Upon receipt and review of the Annual Risk Management & Control Checklist, the Manager, Insurance and Risk shall assess the reports and provide a summary and any recommendations to the Vice Chancellor.