View Current

Compliance Management Policy

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Preamble

(1) Charles Darwin University (‘the University’, ‘CDU’) is committed to having an effective Compliance Management Program (CMP) and demonstrating its commitment to comply with relevant laws, regulatory requirements, industry codes and organisational standards; as well as standards of good governance, generally accepted good practices, ethics and community expectations.

(2) Compliance is a key component of the University’s governance framework and covers both legal, regulatory and policy compliance. Compliance is the basis and an opportunity for the long-term success and sustainability of the University through the establishment and maintenance of a culture of compliance and consideration of the needs and expectations of key stakeholders.

Top of Page

Section 2 - Purpose

(3) This policy provides the University’s formal, structured approach to assuring legal, regulatory and policy obligations are met. The policy outlines the:

  1. key principles that guide compliance management within the University, consistent with CDU Values, Strategic Plan and risk appetite; and
  2. key components of the University’s CMP.
Top of Page

Section 3 - Scope

(4) This policy is mandatory and applies to all University staff, researchers, volunteers and contractors and encompasses all compliance obligations. Throughout the policy, the mention of ‘staff’ means all University staff, researchers, volunteers and contractors, unless specifically identified.

(5) The scope of this policy includes:

  1. Legal and Regulatory Compliance – with laws, regulations, statutory obligations and contracts. This is a mandatory obligation that is imposed; and
  2. Policy Compliance – with University policies and procedures. This is an obligation that is self-imposed by the University.
Top of Page

Section 4 - Policy 

(6) This policy should be read in conjunction with the University’s Obligations Register.

Principles

(7) The University’s CMP reflects the core values of the University and is:

  1. appropriate to the University’s structure, financial resources and level of digitisation; as well as the legal, social, cultural, environmental and stakeholder context within which it operates; and
  2. based on the principles of integrity, good governance, proportionality, transparency, accountability and sustainability.

Objectives

(8) The University’s CMP is a compliance program that provides visibility into and control over the University’s compliance efforts and is comprised of written documents, functions, processes, controls and tools that help the University to comply with its obligations and minimise compliance risk.

(9) The CMP aims to ensure that the University:

  1. meets its legal, regulatory and policy compliance obligations;
  2. assures fulfilment of its legal obligations and that its policies, procedures, systems and methods are followed;
  3. establishes and undertakes regular audits, reviews and evidence-based self-assessment and other assurance activities to assess and validate compliance with legal and regulatory obligations, systems, policies and procedures;
  4. establishes processes for the continuous strengthening of systems, policies and procedures; and
  5. has early detection of weaknesses and timely corrective action is taken.

Benefits

(10) The University’s CMP:

  1. provides greater insight into compliance issues and focuses on the most critical and complex processes;
  2. ensures consistency in approach and adherence to legal and regulatory obligations, policies and procedures;
  3. identifies short-term and long-term needs to improve compliance capabilities and takes the lead on compliance management;
  4. manages compliance risks more cost-effectively and efficiently, and establishes controls to promote and validate compliance;
  5. operates consistently across international, national, regional and remote levels, including University-wide;
  6. supports the establishment and nurturing of a compliance culture;
  7. establishes a process for continuous strengthening of systems and processes;
  8. provides lead indicators of weaknesses and timely corrective action to be taken;
  9. provides integrated compliance analysis and reporting to senior management relevant University governance committees; and
  10. gives assurance to key stakeholders the University is serious about complying with its compliance obligations.

Compliance Management System

(11) The key components of the University’s CMP are:

Obligations Registers

(12) The Obligations Register is a University-wide single source of truth for all the University’s mandatory and voluntary obligations that captures all the relevant information in a simple and logical way; as well as outlining the process for reviewing and updating the obligations register on a regular basis. The Obligations Register is aligned to the Comprehensive Reporting Framework and will be developed in 2022.

Compliance Plan

(13) Taking a compliance risk-based approach, the Compliance Plan sets out the compliance audits/reviews scheduled to be conducted. The annual Compliance Plan is approved by the Audit, Risk and Compliance Committee. The inaugural Compliance Plan will be developed in 2022.

Policy Framework

(14) The University’s Policy Framework governs the development and review of policy and policy related documents to:

  1. ensure that they are consistent with the University’s objectives and relevant governing legislation;
  2. provide guidance for adherence to the University’s regulatory obligations;
  3. ensure that the policy and procedures and are kept current and relevant;
  4. define responsibilities for the development, review and implementation of policies; and
  5. sets out steps to ensure that policies are effectively implemented and well understood across the University.

Delegated Authorities

(15) The University’s Delegations Register sets out delegations Council has conferred on positions within the University. The Delegations Register provides formal authority to Council members, University governing committees and University staff to make decisions on the University’s behalf, e.g., commit the University and/or occur liabilities for the University. The Delegations Register ensures:

  1. increased accountability of staff and volunteers for their performance;
  2. the efficiency and effectiveness of the University's administrative processes;
  3. that the appropriate University staff or governing committee have been provided with the level of authority necessary to discharge their responsibilities;
  4. that delegated authority is exercised by the most appropriate and best-informed individuals within the University; and
  5. responsibility and judgment is exercised across different levels of the University organisational structure.

Fraud and Corruption

Fraud and Corruption Policy

(16) The Fraud and Corruption Control Policy outlines the University’s legislative requirements regarding fraud and corruption and establishes the principles by which all University staff and members of the University community shall work to prevent, control and respond to incidents of fraud and corruption.

Fraud and Corruption Framework

(17) The Fraud and Corruption Framework includes the Fraud and Corruption Control Policy and the following documents, which detail how fraud may be reported:

  1. Enterprise Agreement;
  2. Charles Darwin University – Student Conduct By Laws;
  3. Code of Conduct - Staff;
  4. Conflicts of Interest Policy and Conflicts of Interest Procedure;
  5. Gifts and Benefits Policy;
  6. Responsible Conduct of Research Policy;
  7. Responsible Conduct of Research Policy and Responsible Conduct of Research Procedure; and
  8. Whistleblower Reporting (Improper Conduct) Procedure.

Academic Assurance Framework

(18) The Australian Skills Quality Authority (ASQA) and Tertiary Education Quality and Standards Agency (TEQSA) place significant emphasis on effective and continuous self-assurance as part of the University’s operations. This approach to regulation requires the University to take responsibility for assessing its performance and practices for ongoing compliance against the:

  1. VET Quality Framework
  2. Standards for Registered Training Organisations (RTOs) 2015;
  3. Fit and Proper Person Requirements
  4. Financial Viability Risk Assessment Requirements
  5. Data Provision Requirements;
  6. Australian Qualifications Framework 2013;
  7. Higher Education Standards Framework (Threshold Standards) 2021;
  8. Education Services for Overseas Students Act 2000 (ESOS);
  9. English Language Intensive Courses for Overseas Students (ELICOS) Standards 2018;
  10. Commonwealth Register of Institutions and Courses for Overseas Students (CRICOS);
  11. National Code of Practice for Providers of Education and Training to Overseas Students 2018; and
  12. National Standards for Foundation Programs.

(19) The University’s self- assessment against the national standards for Vocational Education and Training (VET) and Higher Education (HE) sits within the University's overall approach to risk management.

Comprehensive Reporting Framework

(20) The Comprehensive Reporting Framework (CRF) maps the University’s regulatory reporting requirements against the Standards for Registered Training Organisations (RTOs) 2015 and Higher Education Standards Framework (Threshold Standards) 2021. The CRF is updated and enhanced as necessary to ensure continued alignment with the Higher Education Standards Framework (Threshold Standards) 2021.

Self-Assurance of Compliance

(21) The University’s self-assurance process provides:

  1. increased visibility of regulatory risk, which is reported to the Academic Board, Audit, Risk and Compliance Committee and Council in line with the University’s Comprehensive Reporting Framework; and
  2. evidence-based information to inform governance committees oversight and discussion of regulatory risk mitigation; and
  3. opportunities to use the self-assessment model to apply for ASQA delegation.

(22) The University’s self-assurance process for VET and HE courses involves reference groups of staff who use the University’s customised self-assessment tool to evaluate the University’s performance against the Standards for Registered Training Organisations (RTOs) 2015 and the Higher Education Standards Framework (Threshold Standards) 2021 and identify areas for rectification and improvement. The reference groups are assigned domain groupings for the Higher Education Standards Framework (Threshold Standards) 2021 and chapter groupings for VET. Groups comprise of senior staff, their nominees and staff with specialist expertise.

(23) The findings from the self-assessment inform reporting to Council on regulatory risk and compliance with ASQA and TEQSA requirements; as well as the Annual Declaration on Compliance for submission to ASQA. The findings are also used to:

  1. develop and document the University’s compliance risk profile against the regulatory standards;
  2. inform the University’s Internal Audit Plan and Compliance Plan; and
  3. report on the findings of internal audits and compliance reviews to the relevant governance committees.

Annual Declaration on Compliance

(24) As an RTO, the University must submit an online Annual Declaration on Compliance to ASQA before 31 March each year. This declaration is informed by an evidence based self-assessment. Where non-compliance is identified through the self-assessment, the University describes the findings and rectifications taken or to be taken in its annual declaration.

Quality Assurance

(25) Education Strategy provides quality assurance and enhancement of quality student-centred educational products and services in alignment with the University’s Strategic Plan and the Transformative Teaching and Learning Strategic Core Plan 2022-2025 to ensure:

  1. educational compliance with the Higher Education Standards Framework (Threshold Standards) 2021, VET Quality Framework 2013, CRICOS and the National Standards for Foundation Programs;
  2. an agreed institutional strategy to guide the development and evaluation of an integrated quality assurance and enhancement system for the design, development, delivery and compliance of all accredited and non-accredited units and courses; and
  3. deployment of the quality systems and service solutions that support quality curriculum design, teaching and assessment and ensure compliance with regulatory requirements and legislation.

(26) The Director CDU Global and the Associate Director International Operations are responsible for ensuring educational compliance with the Education Services for Overseas Students Act 2000.

CDU Compliance and Assurance Monitoring Survey

(27) The quarterly Compliance and Assurance Monitoring Survey (the Survey) enables the identification of areas for improvement and to raise any issues with the Governance team. The Survey takes an ‘exception’ based approach to evaluating the effectiveness of CDU’s internal controls and compliance programs. The Survey questions are focused on areas that are role relevant and are aligned with the Obligations Register. Survey responses are collated for reporting to the Audit, Risk and Compliance Committee for discussion and follow up, as necessary.

Work Health and Safety Management

(28) The Work Health and Safety Policy outlines the University’s approach and activities for providing, so far as is reasonably practical, a safe, supportive, protective and healthy working and learning environment by ensuring that health and safety management is a key priority in all areas of planning, resourcing, implementation, measurement and review within our places of work.

Disclosures

(29) The University maintains a record of all reported non-compliance incidents or breaches. These are reported through the University’s online e-forms. The online e-forms cover Conflicts of Interest and Gifts and Benefits, Fraud, Corruption and Improper Conduct and Data and/or Privacy Breaches.

(30) These registers enable the University to maintain a record of reported instances of non-compliance, the reasons for the non-compliance, its severity and treatment plans to reduce the risk of the breach recurring.

(31) There are other areas within the University who are capturing and managing breaches according to agreed policies and procedures. As such, the University’s breach reporting system requires that breaches captured and managed within the relevant area must be reported via the relevant online e-form, or escalated to the University Secretary at governance@cdu.edu.au.

Monitoring and Reviewing

(32) All Managers must to be familiar with the compliance obligations within their area of functional responsibility and ensure that:

  1. there are adequate internal controls in place to continually monitor and review compliance with those obligations; and
  2. any internal control weaknesses or gaps, or instances of actual or potential non-compliance, are promptly identified, reported where relevant and where possible resolved.

(33) This includes ensuring that:

  1. risk ratings remain accurate; and
  2. internal controls remain appropriate and effective, notwithstanding any changes in the operational or regulatory environments.

(34) Regular reporting on compliance with mandatory and voluntary obligations is provided to the Academic Board, Audit, Risk and Compliance Committee and the University Council in line with their respective committee business schedules.

Continual Improvement

(35) The University will continually assess and seek to improve the suitability, adequacy and effectiveness of the CMP by:

  1. keeping abreast of compliance good practice;
  2. reviewing the CMP at least every two years to ensure currency, including by identifying opportunities for improvement; and
  3. encouraging staff to provide feedback on the CMP to the Director Risk and Assurance.

Training

(36) All Managers are responsible for promoting understanding and awareness and ongoing reinforcement of compliance obligations within their area of functional responsibility.

(37) Training on compliance obligations is delivered on a regular basis and includes staff induction, annual refresher training, or adhoc training on specific areas of compliance risk, including fraud and corruption, privacy, conflicts of interest, contracts, etc.

Top of Page

Section 5 - Roles and Responsibilities

(38) The roles and their key compliance management responsibilities are:

  1. University Council: Responsible for regularly approving, reviewing and monitoring the frameworks, and registers for systems of accountability and compliance.
  2. Audit, Risk and Compliance Committee: Responsible for reviewing:
    1. the internal processes for determining and managing key compliance risk areas, particularly compliance with laws, regulations, standards and best practice guidelines;
    2. the effectiveness of, and the extent of compliance with, internal plans, policies and procedures; and
    3. management processes for ensuring and monitoring compliance with laws, regulations and other legal requirements.
  3. Academic Board: Responsible for monitoring compliance with, and effectiveness of academic governing documents.
  4. Vice-Chancellor: Responsible for:
    1. all compliance matters and is accountable to Council for compliance across the whole of the University; and
    2. promoting a culture committed to lawful and ethical behaviour.
  5. Senior Executive Team: Accountable for and implement the compliance management framework within their areas of responsibility. Responsible for:
    1. establishing a strong set of compliance values, which are embedded in the University culture;
    2. establishing, supporting and promoting continual improvement of the CMP;
    3. communicating the importance of an effective CMP;
    4. ensuring that the commitment to compliance is maintained and that non-compliance and non-compliant behaviour are dealt with appropriately;
    5. providing adequate and appropriate resources to ensure requisite people, process and systems capabilities are in place to manage, evaluate, maintain and the CMP and performance outcomes, including nominated compliance management contacts with subject matter expertise who have significant operational control and delegated authority;
    6. ensuring that the responsibilities and authorities for relevant compliance roles are assigned and communicated;
    7. providing information, advice and assurance about compliance management for their areas of accountability;
    8. ensuring that effective and timely compliance reporting is in place; and
    9. being measured against key compliance performance measures and outcomes.
  6. Vice-Chancellor's Advisory Committee: Responsible and accountable to the Vice-Chancellor for:
    1. management of their area’s compliance obligations and compliance reporting;
    2. promoting a culture of compliance within their area of responsibility and managing implementation activities in accordance with the CMP;
    3. assisting with the organisation and coordination of risk assessments, internal audits and compliance reviews that involve their area of responsibility;
    4. identifying and arranging for the provision of appropriate staff training that may be needed to improve or ensure compliance within their area of responsibility;
    5. actively monitor compliance risks and report and respond to compliance breaches; and
    6. collaborating with the Director Risk and Assurance to maintain an effective and current CMP and cooperating with requests for information.
  7. University Secretary: Responsible and accountable to the Vice-Chancellor to oversee:
    1. implementation of the CMP across the University;
    2. the Obligations Register; and
    3. the annual and ongoing compliance reporting to the Academic Board, Audit, Risk and Compliance Committee and the University Council.
  8. Educational Quality and Excellence: Responsible for oversight of educational compliance through the Pro Vice-Chancellor Education Strategy in relation to the:
    1. Higher Education Standards Framework (Threshold Standards) 2021;
    2. VET Quality Framework;
    3. Commonwealth Register of Institutions and Courses for Overseas Students (CRICOS); and
    4. National Standards for Foundation Programs.
  9. CDU Global: Responsible for the oversight of compliance through the Vice-President Global and External Relations in relation to the Education Services for Overseas Students Act 2000.
  10. Director Risk and Assurance Responsible for:
    1. oversight of an annual program of compliance and risk management activity, and
    2. developing and maintaining this Framework document, Obligations Register and Compliance Plan;
    3. preparing risk and compliance reporting to the Audit, Risk and Compliance Committee; and
    4. providing advice and support to owners of compliance obligations (as identified in the Obligations Register) to effectively implement internal controls for the management of compliance obligations.
  11. All Managers: Responsible and accountable for:
    1. operating with approved strategies, this Framework and University policies;
    2. developing and implementing effective processes and internal controls that ensure compliance obligations and risks are appropriately identified, assessed, managed and communicated;
    3. ensuring internal controls are adequate, maintained, monitored and assessed to mitigate compliance issues or breaches;
    4. complying with and being seen to comply with compliance obligations;
    5. actively promoting and ensuring staff are aware of their compliance obligations;
    6. integrating compliance performance into staff performance appraisals, e.g., KPIs and behaviours;
    7. attending and supporting compliance training activities and direct staff to meet training requirements;
    8. promoting a culture where staff feel able to raise compliance issues, incidents and/or breaches and supporting the timely resolution of these through the provision of adequate resources; and
    9. managing, monitoring and reporting on the implementation of adequate and sustainable corrective actions aimed to ensure the University meets its compliance obligations.
  12. All Staff: Individually responsible and accountable for:
    1. their actions as members of the CDU community;
    2. ensuring they are aware of and comply with the compliance obligations applicable to their role and that their actions are consistent with University policies;
    3. undertake all mandatory training; and
    4. report any compliance (legal, regulatory or policy) issues or breaches in a timely fashion.
  13. Internal Audit: Responsible for evaluating the adequacy and effectiveness of the CMP established to ensure compliance with University policies, procedures and associated documents, and legal and regulatory obligations, which could have a significant impact on the University.
  14. Contractors and Volunteers: Responsible for:
    1. ensuring they make themselves aware of the compliance obligations applicable to their role at the University and that their actions are consistent with University policies; and
    2. undertake compliance training as requested and conduct themselves in accordance with the specific terms of engagement.
Top of Page

Section 6 - Non-compliance

(39) Non-compliance with Governance Documents is considered a breach of the Code of Conduct - Staff or the Code of Conduct - Students and is treated seriously by the University. Reports of concerns about non-compliance will be managed in accordance with the applicable disciplinary procedures.

(40) All staff members have an individual responsibility to raise any suspicion, allegation or report of fraud or corruption in accordance with the Fraud and Corruption Control Policy and Whistleblower Reporting (Improper Conduct) Procedure.