Policy and Compliance Manager, Governance and Legal Services
Date of Next Review
QUT is committed to the management of its compliance obligations as an integral and embedded part of all its activities. Effective management of QUT’s compliance obligations, through a risk-based approach, ensures that the University's strategic direction and corporate objectives are pursued in a lawful and sustainable manner.Consistent with principles of good governance, QUT has a responsibility to identify and comply with all relevant laws, regulations and other externally imposed requirements, e.g. higher education standards or codes of relevant industry or regulatory bodies. QUT achieves this through the implementation of a University-wide compliance risk management program based on ISO 19600:2014: Compliance management systems.
The QUT compliance risk management program applies to all QUT activities to which external compliance obligations are relevant.
Compliance risk management is the program of activities to address or mitigate compliance risk, including the establishment of culture, policy, procedures and processes.Compliance risk is the risk of exposure to legal or financial penalties or other material losses (including reputational damage) due to a failure to prevent, detect or reduce the undesired or unacceptable effects of non-compliance with external laws, regulations and other externally imposed requirements.
In accordance with the QUT Staff Code of Conduct (B/8.1), and the principle of respect for the law, all University staff, while undertaking their duties, must comply with compliance obligations relevant to their position and duties.
Vice-President (Administration) and Registrar
The Vice-President (Administration) and Registrar , as chief administrative officer, has overall responsibility for oversight of the development and implementation of a compliance risk management program, and will designate primary responsible officers for each compliance obligation.
Primary responsible officers
The primary responsible officer is the senior officer with accountability, responsibility and authority for coordination and management of appropriate compliance risk management activities for their particular compliance obligation(s), including:
- raising awareness and understanding of their compliance obligation(s) and the development and implementation of compliance risk management activities (including training, processes and procedures)
- ensuring that adequate resources are allocated to enable appropriate and effective management of the compliance risk, including the ongoing monitoring and review of the adequacy and effectiveness of compliance risk management activities
- appointing secondary responsible officers (where appropriate)
- overseeing continuous improvement activities, including remedial actions where necessary.
Secondary responsible officers
For a particular compliance obligation, the secondary responsible officer has day-to-day responsibility for the development and implementation of activities, processes and procedures to address or mitigate compliance risks.
Director, Governance and Legal Services
The Director, Governance and Legal Services is responsible for:
- the development, approval and implementation of a program for the management of compliance risk at the University
- working collaboratively with and supporting primary responsible officers to raise awareness of compliance obligations, and assisting in the development and implementation of compliance risk management activities by responsible officers
- monitoring of laws, regulations and other relevant requirements, including identification of new obligations or material changes to existing obligations
- providing advice (including statutory interpretation) on new and existing compliance obligations
- establishing and maintaining a Register of Compliance Obligations and approving the entries in the Register
- facilitating annual reporting as to the management of compliance obligations and the development and implementation of compliance risk management activities.
The Director, Governance and Legal Services, reports annually to Audit and Risk Management Committee on the implementation of the Compliance Risk Management Program.
Audit and Risk Management Committee
Audit and Risk Management Committee (A/3.3) assess the adequacy and effectiveness of the University's internal controls, including the risk management and compliance frameworks. Audit and Risk Management Committee receives, on behalf of Council, an annual report and any ad hoc reporting as required, and identifies and requests follow-up action on any issues of concern or non-compliance.
Key elements of QUT's Compliance Risk Management Program are the:
- identification and management of the University's obligations in a Register of Compliance Obligations, taking account of the purpose and objectives of the University and internal and external issues and stakeholders
- allocation of roles, accountability, responsibility and authority to individuals within the relevant operational areas for ensuring appropriate compliance risk management of obligations
- risk assessment and risk rating of obligations, in particular, as part of the annual planning process
- development of actions integrated into operational requirements, processes and procedures to address or mitigate compliance risks in a proportional way reflecting the level of compliance risk exposure
- a commitment to compliance as an organisational value in line with the QUT Staff Code of Conduct (B/8.1)
- promoting awareness of obligations and training of staff on compliance with specific obligations
- the assessment of how well QUT meets its obligations, and where and how it could improve, including identification of any non-compliance and remedial action taken
- fostering continuous improvement in compliance risk management across QUT to ensure compliance obligations are met
- regular reporting to Audit and Risk Management Committee.
The Compliance Risk Management Program provides detailed information on the management of compliance obligations, the compliance risk management process, the roles and responsibilities of key stakeholders, and documentation and reporting requirements.
At the time of occurrence, all incidents of non-compliance must be assessed. Where a non-compliance incident is assessed as having moderate or major consequences (as described in the Compliance Risk Management Program), the issue must be reported to the primary responsible officer. This officer will determine if adjustments to compliance procedures and risk treatments are required, and whether an ad hoc report should be made to Audit and Risk Management Committee.
The primary responsible officer is also required to oversee and monitor any remedial action or adjustments to compliance risk management activities (including policies, procedures and processes) which may be required in light of the non-compliance incident.
A summary of all incidents of non-compliance must be included in annual reporting.
MOPP A/1.1 QUT Governance Framework
MOPP A/2.5 Risk management
MOPP B/8.1 QUT Staff Code of Conduct
International Standard ISO19600:2015 Compliance management systems - Guidelines
Compliance Risk Management Program (QUT staff access only)
Compliance Risk Matrix
QUT Risk Management Framework (QUT staff access only)
|15.06.16||All||Council||Revised policy following review of compliance program|
|20.02.15||All||Policy and Compliance Manager||Periodic review - minor editorial changes only|
|25.08.10||All||Council||Periodic review - minor editorial changes only|
|18.07.07||All||Council||Revised policy (endorsed by Audit and Risk Management Committee 20.06.07)|