Skip Navigation

Compliance Procedures

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the pale grey navigation bar above.

Section 1 - Overview

(1) These procedures are for the guidance of UNE Representatives in the implementation of the Compliance Rule and must be read in conjunction with that Rule.

Section 2 - Scope

(2) These procedures apply to all UNE Representatives.

Section 3 - Procedure

(3) The University's compliance management system is supported by a compliance software system, known as the Compliance Register System (CRS) consisting of a public portal and a password only accessible compliance management tool. The public portal can be accessed at https://compliance.une.edu.au . This continually improving portal enables users to:

  1. View the University's Compliance Commitment Statement;
  2. View the Compliance Register;
  3. View directories of applicable legislation, standards and codes;
  4. Search via:
    1. Role based responsibilities
    2. Business unit impacted
    3. Driver/obligation
    4. Key words
  5. Report compliance events (e.g. new obligations, concerns, issues and failures);
  6. Obtain information about:
    1. FAQs (frequently asked questions); and
    2. Compliance management processes at UNE

(4) In addition, throughout the University, particular drivers and obligations maybe supported by a specific software system.

Compliance Drivers and Obligations

(5) Compliance is the outcome of the University meeting its obligations. To meet its obligations, the University needs to systematically identify and understand its compliance drivers and obligations.

Identification

(6) Sources to identify compliance drivers and obligations include:

  1. Federal and State legislation and regulations;
  2. International treaties, conventions and protocols;
  3. Permits, licences and approvals;
  4. Regulatory bodies rules, guidance and orders;
  5. University rules, policies and procedures;
  6. Codes of practice; and
  7. Australian and international standards.
Maintenance

(7) To ensure ongoing compliance, compliance drivers and obligations must be maintained to make certain all recorded details are current. Sources to identify new and changed legislation, regulations, standards and codes include:

  1. Regulator's websites, mailing lists and direct contact;
  2. Commonwealth law and State law websites;
  3. Attending conferences, forums and seminars; and
  4. Membership of professional organisations.
Capture/Record

(8) The Compliance Register System (CRS) located at https://compliance.une.edu.au/ is the system mandated to capture/record and maintain the University's compliance:

  1. Drivers;
  2. Obligations (both requirements and commitments);
  3. Tasks and actions (required to meet/address the obligation); and
  4. Events.
Prioritisation

(9) The University prioritises both compliance drivers and obligations to ensure its responses (i.e. implementation of control procedures, levels of monitoring, reporting requirements and resource allocation) are proportionate to the risks faced and add value to the University.

(10) Compliance drivers are prioritised based on two elements:

  1. Classification, and
  2. Breach/risk rating.

(11) Classification is based on the scope and breadth of impact on the University. The levels are:

  1. Level 1 University-wide concern. Impacts on reputation and funding.
  2. Level 2 University-wide requirement. Lower impacts.
  3. Level 3 Centrally managed, local area(s) requirement.
  4. Level 4 Local area requirement, managed locally.
  5. Level 5 Compliance expected, not reportable.

(12) Breach/risk rating - as compliance drivers have a mandatory component that must be addressed, compliance uses the risk management methodology to assess the obligation, rate the risk of non-compliance and to prioritise the application of its responses. The compliance driver will take on highest breach/risk rating of the attached obligations.

Tasks and Actions

(13) Tasks:

  1. Prevent, detect and reduce undesired effects;
  2. Achieve continual improvement; and
  3. Provide an assurance that the University can achieve the desired outcome - compliance.

(14) Tasks are the actions required to ensure an obligation is met.

(15) Where required, a task can be broken down into components - known as "actions" in the CRS.

Compliance Roles

(16) The compliance responsibilities of UNE Representatives (based on organisational structure) are set out in section 2 of the Compliance Rule. In addition, to ensure effective and efficient compliance outcomes, responsibilities for specific compliance drivers and obligations are assigned based on operational/functional management of activities on a day to day basis. This is illustrated by the compliance roles diagram (Click here for the diagram).

(17) There are five main roles in the compliance system (it is important to note that one person might be expected to fulfil multiple roles). These are:

  1. VC (Vice-Chancellor) Compliance Delegate
    1. A Unit Head delegated responsibility by the Vice-Chancellor for ensuring whole of University compliance with a specific compliance driver.
    2. Accountable for the implementation of compliance processes, systems and controls for their compliance drivers, and reporting thereon.
    3. To be a member of the Senior Executive for all Level 1 and 2 classified drivers.
    4. Responsible for providing an Annual Compliance Statement to the Vice-Chancellor and CEO. These statements are used as the basis for providing assurance to the Vice-Chancellor and Council (through the Audit and Risk Committee), that the University is compliant.
  2. Compliance Coordinator
    1. Responsible, in conjunction with the VC Compliance Delegate and Compliance System Manager, for the identification and capture of compliance obligations in the CRS.
    2. Responsible for the implementation, monitoring, and reporting on, compliance processes, systems and controls for allocated compliance drivers and obligations.
    3. Liaises with Responsible Managers and Coordinating Officers to identify and assign tasks and actions to ensure compliance with obligations.
  3. Responsible Manager
    1. Responsible for assigned compliance obligations and identifying, assigning and approving tasks and actions required to ensure the obligation is met.
    2. Responsible for compliance and control activities for particular obligations, including education and awareness tools.
    3. Liaises with the Compliance Coordinator to implement compliance processes, systems, controls and reporting.
  4. Coordinating Officer
    1. Assists the Responsible Manager in meeting their role.
    2. Has the same responsibilities as the Compliance Coordinator but at the obligation, not driver level.
    3. The majority of obligations pertaining to Level 1 and 2 classified drivers will have a Coordinating Officer appointed, otherwise the Compliance Coordinator will also be responsible for this role.
  5. Local Compliance Officer
    1. Responsible for processing tasks and actions. It is important to note that one person might be expected to fulfil multiple roles

Authority and Compliance

(18) The Rule Administrator, pursuant to the University's Compliance Rule, makes these procedures. University Representatives must observe these Procedures in relation to University matters.

(19) These Procedures operate as and from the Effective Date.

(20) Previous Procedures relating to the Compliance Rule are replaced and have no further operation from the Effective Date of this new Procedure.

Section 4 - Definitions

(21) Compliance — means meeting all the University's compliance obligations

(22) Compliance commitment — means a requirement that the University chooses to comply with This includes: University rules and policies; principles or codes of practice; contractual obligations; agreements; environmental commitments; industry standards; etc

(23) Compliance obligation — means a compliance requirement or a compliance commitment.

(24) Compliance register system - is a component of the CMS, and the University specific tool relied upon to inform, record, manage and report upon the University's compliance obligations.

(25) Compliance Requirements — means a requirement that the University has to comply with. This includes: laws and regulations; permits and licences; regulator guidance; court judgements; treaties and conventions; etc. Compliance Requirements are known as Compliance Drivers in the Compliance Register System.

(26) Effective Date - is the date on which this Rule will take effect.

(27) Rule Administrator - is the Chief Legal and Governance Officer.

(28) University Representative means a University employee (casual, fixed term and permanent) contractor, agent, appointee, UNE Council member, adjunct, visiting academic and any other person engaged by the University to undertake some activity for or on behalf of the University. It includes corporations and other bodies falling into one or more of these categories.