This is the current version of this document. To view historic versions, click the link in the document's navigation bar.
Section 1 - Purpose and Context
Part A - Introduction
(1) This policy:
- sets out how the University will enable and demonstrate compliance with its legislative obligations without compromising the efficiency, or the achievement, of its strategic objectives;
- promotes the highest standards of university governance and supports the Board of Trustees to fulfil its functions as prescribed by section 22 of the Western Sydney Act 1997 (NSW); and
- is, in conjunction with the Compliance Management Program (“Program”), consistent with the Australian Standard Compliance Management Systems Guidelines (AS ISO 19600:2015).
Part B - Application
(2) This policy applies to all University staff, whether full-time, part-time, casual, paid or voluntary, and all its current and future activities.
(3) The policy should be read in conjunction with relevant University policies, including the Code of Conduct, and Conflict of Interest Policy.
(4) University controlled entities are expected to establish and implement their own compliance policies but may resolve to adopt this policy.
Top of PageSection 2 - Definitions
(5) The following definitions apply for the purposes of this policy:
- Compliance means meeting the requirements of all relevant laws, and internal codes of conduct and policies applicable to the University as a whole and to individual schools and units.
- Compliance Attestation means the annual acknowledgment and demonstration of the University's attendance to, and management of, its overall compliance obligations, which is completed by the Compliance Network.
- Compliance Culture means the values, ethics and beliefs that exist throughout the University, and interact with its structures and systems, to produce relationships and behaviours that are conducive to both positive compliance and strategic outcomes.
- Compliance Directory means the list of NSW and Commonwealth laws governing the University and the sector.
- Compliance Incident means any incident or situation that potentially or actually breaches or does not fulfil the University's compliance requirements, or causes behaviours that do not conform to the compliance culture. This includes non-compliance with legislative obligations, University policy, or University procedures.
- Compliance Incident Reporting means notifying the Compliance Program Unit of potential risks or actual incidents of non-compliance.
- Compliance Incident Reporting Register means the online database to which potential and actual compliance incidents can be reported to the Compliance Program Unit.
- Compliance Management Framework means the relationship between the strategic and operational components of its compliance management program, overarching benchmarks of standards, and compliance risk management.
- Compliance Management Program means a set of interrelated or interacting systems, processes and controls to achieve organisational compliance.
- Compliance Network means those University staff within particular operating units who are designated on the Compliance Directory as Compliance Representatives or who are designated as Compliance Contacts and are responsible for the operational compliance of laws on the Compliance Directory that are assigned to them.
- Compliance Program Unit means the independent business unit within the University that has the objective responsibility of overseeing, maintaining and applying the Compliance Management Framework.
- Compliance Self-assessment means the continuous review and assessment of the University's ability to comply with specific assigned laws on the Compliance Directory, which is completed by the Compliance Network.
Top of PageSection 3 - Policy Statement
Part C - Compliance at the University
(6) The University is committed to complying with all relevant Commonwealth and NSW laws, standards, and codes relating to its governance and operations. In particular, the University recognises its obligations to its students, its staff, and the wider community to provide a safe environment that adopts the highest standards of accountability.
(7) The University maintains a high standard of diligence in all areas of accountability through the promotion of a positive compliance culture, and the maintenance of a uniform and responsive risk-based compliance management program under its Compliance Management Framework.
Part D - University's Requirements
(8) The University requires all University staff to:
- retain the responsibility for compliance even for activities that are outsourced to third parties;
- be individually responsible and accountable for their own awareness of, and compliance with, applicable laws and policies;
- integrate with other University functions of legal, governance, training and development, risk, and audit;
- embed compliance obligations in University policies, processes, procedures, and practices for managing relationships with external and internal stakeholders; and
- report and manage Compliance Incidents through the University's Compliance Incident Reporting Register.
(9) The University maintains a Compliance Incident Reporting Register where the disclosure, investigation and management of potential and actual breaches of law, University policy and University procedure are recorded, monitored and reported.
(10) The University additionally requires staff in the Compliance Network to:
- complete self-assessments as to the risk of non-compliance with the assigned laws, including recording key information such as specific obligations, compliance status, and internal controls; and
- annually attest that there is no material non-compliance of the assigned laws within their operating areas. Annual compliance attestations provide assurance to the Board of Trustees that there is no material non-compliance of assigned laws that could adversely affect the University's ability to comply with its legislative obligations.
Part E - Compliance Management Program
(11) Under its Compliance Management Framework, the University recognises that effective management of its legislative compliance obligations is a shared responsibility, and can only be achieved where:
- compliance responsibilities are clearly assigned; and
- every level of management is aware of, and understands its role in, managing compliance obligations.
(12) The University has embedded the continual improvement enhancement principle of "Develop, Implement, Evaluate, Maintain" in the Program and its specific procedures. The University ensures there is a consistently applied and well understood process for the:
- development of awareness of, and accountability for, legislative obligations through its Compliance Directory;
- implementation of compliance culture and compliance verification processes through the assignment of Compliance Directory laws to its designated compliance network, reporting on the Compliance Incident Reporting Register, and completion of any relevant training;
- evaluation of the University's overall operation and management of compliance through its continuous Compliance Self-assessment, annual Compliance Attestation, and root cause analysis of reported non-compliance incidents. These are intended to be an assessment, acknowledgment and demonstration of the University's attendance to, and management of, its compliance obligations; and
- maintenance of the Program, this Policy, and associated procedures through the independence of, and regular monitoring by, the Compliance Program Unit, as well as the regular reporting by the Unit to the University's Audit and Risk Committee on the Program.
(13) For specific procedures referred to in clause 12, please refer to the Compliance Operational Manual.
Top of PageSection 4 - Procedures
Part F - Roles and Responsibilities
(14) The University Compliance Program Manager is responsible for coordinating the implementation of this Policy.
(15) The Compliance Network is responsible for:
- complying with and/or enabling compliance with assigned laws across the University;
- communicating any changes to those laws to the University including the Senior Executive Group;
- updating associated policies and procedures;
- creating and disseminating applicable training to relevant stakeholders;
- undertaking training and/or relevant qualifications relevant to their roles;
- promoting a compliance culture;
- continuously self-assessing and annually attesting to the risk of non-compliance in their operating areas; and
- reporting on the Compliance Incident Reporting Register of any potential or actual incidents of non-compliance of which they are aware as it pertains to their operating area, but also in other areas if known.
(16) University staff are responsible and accountable for their own awareness of, and compliance with, applicable laws, policies and relevant training, and for reporting any Compliance Incidents as required under clause 8.
Part G - Consequence of Non-Compliance
(17) Non-compliance with legislative and other obligations can expose the University and individuals to risks, including physical, financial and reputational risks, and the University regards non-compliance with this Policy as a serious matter and a breach of its Code of Conduct.
(18) Non-compliance may also result in a report to an external reporting agency such as NSW Independent Commission Against Corruption (ICAC) or the NSW Auditor-General.
(19) Refer to the Compliance Operational Manual.
Top of PageSection 5 - Guidelines
(20) Nil.