• Section 1 - Preamble
• Section 2 - Purpose
• Section 3 - Scope
• Section 4 - Policy 
• Principles
• Objectives
• Compliance Management System
• Obligations Registers
• Compliance Plan
• Policy Framework
• Delegated Authorities
• Fit and Proper Persons Declarations
• Fraud and Corruption
• Academic Assurance Framework
• Comprehensive Reporting Frameworks
• Self-Assurance of Compliance
• Annual Declaration on Compliance
• Quality Assurance
• Work Health and Safety Management
• Disclosures
• Monitoring and Reviewing
• Continual Improvement
• Training
• Section 5 - Roles and Responsibilities
• Section 6 - Non-Compliance

Section 1 - Preamble

(1) Charles Darwin University (‘the University’, ‘CDU’) is committed to having an effective Compliance Management Program (CMP) and demonstrating its commitment to comply with relevant laws, regulatory requirements, industry codes and organisational standards; as well as standards of good governance, generally accepted good practices, ethics and community expectations.

(2) Compliance is a key component of the University’s governance framework and covers both legal, regulatory and policy compliance. Effectively managing compliance obligations supports the long-term success and sustainability of the University.

Section 2 - Purpose

(3) This policy outlines the University’s approach to assuring legal, regulatory and policy obligations are met. The policy outlines the:

1. key principles that guide compliance management within the University, consistent with CDU Values, Strategic Plan and risk appetite; and
2. key components of the University’s CMP.

Section 3 - Scope

(4) This policy applies to all University employees, researchers, volunteers and contractors and encompasses all compliance obligations. 

(5) The scope of this policy includes:

1. mandatory legal and regulatory compliance – with laws, regulations, statutory obligations and contracts; and
2. policy compliance – with University policies and procedures. This is an obligation that is self-imposed by the University.

Section 4 - Policy 

(6) This policy should be read in conjunction with the University’s Obligations Register (in development).

Principles

(7) The University’s CMP reflects the core values of the University and is:

1. appropriate to the University’s structure, financial resources and level of digitisation; as well as the legal, social, cultural, environmental and stakeholder context within which it operates; and
2. based on the principles of integrity, good governance, proportionality, transparency, accountability and sustainability.

Objectives

(8) The University’s CMP is a compliance program that provides visibility into and control over the University’s compliance efforts and is comprised of written documents, functions, processes, controls and tools that help the University to comply with its obligations and minimise compliance risk.

(9) The CMP aims to ensure that the University:

1. meets its legal, regulatory and policy compliance obligations;
2. assures fulfilment of its legal obligations and that its policies, procedures, systems and methods are followed;
3. establishes and undertakes regular audits, reviews and evidence-based self-assessment and other assurance activities to assess and validate compliance with legal and regulatory obligations, systems, policies and procedures;
4. establishes processes for the continuous strengthening of systems, policies and procedures; and
5. detects compliance weaknesses and takes timely corrective action.

Compliance Management System

(10) The key components of the University’s CMP are outlined below.

Obligations Registers

(11) The Obligations Register is a University-wide single source of truth for all the University’s mandatory and voluntary obligations that captures all the relevant information in a simple and logical way; as well as outlining the process for reviewing and updating the obligations register on a regular basis. The Obligations Register is aligned to the Comprehensive Reporting Framework and is in development.

Compliance Plan

(12) Taking a compliance risk-based approach, the Compliance Plan sets out the compliance audits/reviews scheduled to be conducted. The annual Compliance Plan is approved by the Audit, Risk and Compliance Committee.

Policy Framework

(13) The University’s Governance Document Framework governs the development and review of policy and policy related documents to:

1. ensure that they are consistent with the University’s objectives and relevant governing legislation;
2. provide guidance for adherence to the University’s regulatory obligations;
3. ensure that the policy and procedures and are kept current and relevant;
4. define responsibilities for the development, review and implementation of policies; and
5. sets out steps to ensure that policies are effectively implemented and well understood across the University.

Delegated Authorities

(14) The Delegations Policy sets out the principals for the exercising of delegated authorities. The University’s Delegations Register sets out delegations Council or the Vice-Chancellor has conferred on positions within the University. The Delegations Register provides formal authority to Council members, University governing committees and University employees to make decisions on the University’s behalf, e.g., commit the University and/or incur liabilities for the University. The Delegations Policy and Delegations Register ensures:

1. increased accountability of employees and volunteers for their performance;
2. the efficiency and effectiveness of the University's administrative processes;
3. that the appropriate University employee or governing committee have been provided with the level of authority necessary to discharge their responsibilities;
4. that delegated authority is exercised by the most appropriate and best-informed individuals within the University; and
5. responsibility and judgement are exercised across different levels of the University organisational structure.

Fit and Proper Persons Declarations

(15) The University ensures that anyone with control or influence over its management or direction is deemed fit and proper. Such individuals must complete a Fit and Proper Person declaration, which is required for submission to the relevant regulatory body. This process is necessary to maintain the University's registration as a provider of international, vocational, and higher education in accordance with the following:

1. Tertiary Education Quality and Standards Agency Act 2011 (TEQSA Act);
2. Education Services for Overseas Students Act 2000 (the ESOS Act); and
3. National Vocational Education and Training Regulator (Compliance Standards for NVR Registered Training Organisations and Fit and Proper Person Requirements) Instrument 2025 (RTO Compliance Standards 2025), and National Vocational Education and Training Regulator (Outcome Standards for NVR Registered Training Organisations) Instrument 2025 (RTO Outcome Standards 2025).

Fraud and Corruption

Fraud and Corruption Policy

(16) The Fraud and Corruption Control Policy outlines the University’s legislative requirements regarding fraud and corruption and establishes the principles by which all University employees and members of the University community shall work to prevent, control and respond to incidents of fraud and corruption.

Fraud and Corruption Framework

(17) The Fraud and Corruption Framework includes the Fraud and Corruption Control Policy and the following documents:

1. Whistleblower Reporting (Improper Conduct) Procedure; 
2. Charles Darwin University and Union Enterprise Agreement 2022;
3. Charles Darwin University – Student Conduct By Laws;
4. Code of Conduct - Students;
5. Code of Conduct - Employees;
6. Conflicts of Interest Policy and Conflicts of Interest Procedure;
7. Gifts and Benefits Policy;
8. Responsible Conduct of Research Policy; and
9. Responsible Conduct of Research Procedure.

Academic Assurance Framework

(18) The Australian Skills Quality Authority (ASQA) and Tertiary Education Quality and Standards Agency (TEQSA) place significant emphasis on effective and continuous self-assurance as part of the University’s operations. This approach to regulation requires the University to take responsibility for assessing its performance and practices for ongoing compliance against the:

1. VET Quality Framework, comprising:
   1. RTO Compliance Standards 2025;
   2. RTO Outcome Standards 2025;
   3. RTO Credential Policy 2025;
   4. Financial Viability Risk Assessment Requirements 2021
   5. Data Provision Requirements 2020;
   6. Australian Qualifications Framework 2013;
2. Higher Education Standards Framework (Threshold Standards) 2021;
3. Education Services for Overseas Students Act 2000 (ESOS);
4. English Language Intensive Courses for Overseas Students (ELICOS) Standards 2018;
5. Commonwealth Register of Institutions and Courses for Overseas Students (CRICOS);
6. National Code of Practice for Providers of Education and Training to Overseas Students 2018; 
7. National Standards for Foundation Programs 2021;
8. Australian Code for the Responsible Conduct of Research;
9. NHMRC Statement on Ethical Conduct in Human Research; and
10. Australian code for the care and use of animals for scientific purposes. 

(19) The University’s self- assessment against the national standards for Vocational Education and Training (VET) and Higher Education (HE) sits within the University's overall approach to risk management.

Comprehensive Reporting Frameworks

(20) The Comprehensive Reporting Frameworks (CRF) map the University’s regulatory reporting requirements against the RTO Compliance Standards 2025, Higher Education Standards Framework (Threshold Standards) 2021 and against internal committee reporting requirements. The CRFs are updated and enhanced as necessary to ensure continued alignment with the Standards for Registered Training Organisations (RTOs) 2015, the National Code 2018 and the Higher Education Standards Framework (Threshold Standards) 2021, and to ensure committee reporting is consistent and structured.

Self-Assurance of Compliance

(21) The University’s annual cycle of self-assurance provides:

1. increased visibility of regulatory risk, which is reported to the Academic Board, the Audit, Risk and Compliance Committee and Council in line with the University’s Comprehensive Reporting Frameworks; and
2. evidence-based information to inform governance committees oversight and discussion of regulatory risk mitigation.

(22) Self-assessment findings inform actions to mitigate or return to compliance and are the basis of reporting to Council on regulatory risk and compliance with ASQA and TEQSA requirements, as well as the Annual Declaration on Compliance for submission to ASQA. The findings are also used to:

1. develop and document the University’s compliance risk profile against the regulatory standards;
2. inform the University’s internal audit plan and compliance plan; and
3. report on the findings of internal audits and compliance reviews to the relevant governance committees.

Annual Declaration on Compliance

(23)  The University must submit an annual declaration on compliance. This declaration is informed by an evidence based self-assessment. Where non-compliance is identified through the self-assessment, the University describes the findings and rectifications taken or to be taken in its annual declaration.

Quality Assurance

(24) Teaching and Learning Connect provides quality assurance and enhancement of quality student-centred educational products and services in alignment with the University’s Strategic Plan and the Transformative Teaching and Learning Core Plan 2022-2026 to ensure:

1. educational compliance with the Higher Education Standards Framework (Threshold Standards) 2021, VET Quality Framework 2013, CRICOS, ELICOS and the National Standards for Foundation Programs 2021;
2. an agreed institutional strategy to guide the development and evaluation of an integrated quality assurance and enhancement system for the design, development, delivery and compliance of all accredited and non-accredited units and courses; and
3. deployment of the quality systems and service solutions that support quality curriculum design, teaching and assessment and ensure compliance with regulatory requirements and legislation.

Work Health and Safety Management

(25) The Work Health and Safety Policy outlines the University’s approach and activities for providing, so far as is reasonably practical, a safe, supportive, protective and healthy working and learning environment by ensuring that health and safety management is a key priority in all areas of planning, resourcing, implementation, measurement and review within our places of work.

Disclosures

(26) The University maintains a record of all reported non-compliance incidents or breaches. These are reported through e-forms or directly to the appropriate officer. Details on how to make a report are provided in the relevant document:

1. Privacy and Confidentiality Policy.
2. Fraud and Corruption Control Policy.
3. Gifts and Benefits Policy.
4. Conflicts of Interest Policy and Conflicts of Interest Procedure.
5. Whistleblower Reporting (Improper Conduct) Procedure.

(27) These registers enable the University to maintain a record of reported instances of non-compliance, the reasons for the non-compliance, its severity and treatment plans to reduce the risk of the breach recurring.

(28) Other areas of the University capture and manage breaches according to agreed governance documents. As such, the University’s breach reporting system requires that breaches captured and managed within the relevant area must be reported via the relevant online e-form, or escalated to the Vice-President Governance and University Secretary at governance@cdu.edu.au.

Monitoring and Reviewing

(29) All managers must be familiar with the compliance obligations within their area of functional responsibility and ensure that:

1. there are adequate internal controls in place to continually monitor and review compliance with those obligations; and
2. any internal control weaknesses or gaps, or instances of actual or potential non-compliance, are promptly identified, reported where relevant and where possible resolved.

(30) This includes ensuring that:

1. risk ratings remain accurate; and
2. internal controls remain appropriate and effective, notwithstanding any changes in the operational or regulatory environments.

(31) Regular reporting on compliance with mandatory and voluntary obligations is provided to the Academic Board, the Audit, Risk and Compliance Committee, the Finance and Infrastructure Development Committee and the University Council in line with their respective committee reporting frameworks.

Continual Improvement

(32) The University will continually assess and seek to improve the suitability, adequacy and effectiveness of the CMP by:

1. keeping abreast of compliance good practice;
2. reviewing the CMP at least every two years to ensure currency, including by identifying opportunities for improvement; and
3. encouraging employees to provide feedback on the CMP to the Director Risk and Assurance.

Training

(33) All Managers are responsible for promoting understanding and awareness and ongoing reinforcement of compliance obligations within their area of functional responsibility.

(34) Training on compliance obligations is delivered on a regular basis and includes employee induction, annual refresher training, or adhoc training on specific areas of compliance risk, including but not limited to fraud and corruption, privacy, conflicts of interest and contract management.

Section 5 - Roles and Responsibilities

(35) The roles and their key compliance management responsibilities are:

1. University Council is responsible for regularly approving, reviewing and monitoring the frameworks, and registers for systems of accountability and compliance.
2. Audit, Risk and Compliance Committee is responsible for reviewing:
   1. the internal processes for determining and managing key compliance risk areas, particularly compliance with laws, regulations, standards and best practice guidelines;
   2. the effectiveness of, and the extent of compliance with, internal plans, policies and procedures; and
   3. management processes for ensuring and monitoring compliance with laws, regulations and other legal requirements.
3. Academic Board is responsible for monitoring compliance with, and effectiveness of academic governing documents, including:
   1. maintaining oversight, monitor and improve the University’s academic quality assurance framework;
   2. disseminate best and innovative practice in teaching, learning, research and research training; and
   3. oversee the accreditation and registration of units and courses.
4. The Vice-Chancellor is responsible for:
   1. all compliance matters and is accountable to Council for compliance across the whole of the University; and
   2. promoting a culture committed to lawful and ethical behaviour.
5. The Senior Executive Team is accountable for implementing the compliance management framework within their areas of responsibility, which includes:
   1. establishing a strong set of compliance values, which are embedded in the University culture;
   2. establishing, supporting and promoting continual improvement of the CMP, ensuring that the commitment to compliance is maintained and that non-compliance and non-compliant behaviour is addressed;
   3. providing adequate and appropriate resources to ensure requisite people, process and systems capabilities are in place to manage, evaluate, maintain and the CMP and performance outcomes, including nominated compliance management contacts with subject matter expertise who have significant operational control and delegated authority;
   4. ensuring that the responsibilities and authorities for relevant compliance roles are assigned and communicated;
   5. ensuring that effective and timely compliance reporting is in place; and
   6. being measured against key compliance performance measures and outcomes.
6. The Vice-Chancellor's Advisory Committee is responsible and accountable to the Vice-Chancellor for:
   1. promoting a culture of compliance within their area of responsibility and managing implementation activities in accordance with the CMP;
   2. assisting with the organisation and coordination of risk assessments, internal audits and compliance reviews that involve their area of responsibility;
   3. identifying and arranging for the provision of appropriate employee training that may be needed to improve or ensure compliance within their area of responsibility;
   4. actively monitor compliance risks and report and respond to compliance breaches; and
   5. collaborating with the Director Risk and Assurance and the relevant SET member to maintain an effective and current CMP and cooperating with requests for information.
7. The Vice-President Governance and University Secretary is responsible and accountable to the Vice-Chancellor to oversee:
   1. implementation of the CMP across the University;
   2. the Obligations Register (in development); and
   3. the annual and ongoing compliance reporting to the Academic Board, Audit, Risk and Compliance Committee and the University Council.
8. Teaching and Learning Connect is responsible for oversight of educational compliance through the Provost in relation to the:
   1. Higher Education Standards Framework (Threshold Standards) 2021;
   2. VET Quality Framework;
   3. Commonwealth Register of Institutions and Courses for Overseas Students (CRICOS);
   4. National Standards for Foundation Programs 2021; and
   5. ELICOS Standards.
9. CDU Global, led by the Vice-President Global and External Relations is responsible for the oversight of compliance with the Education Services for Overseas Students Act 2000.
10. The Director Risk and Assurance is responsible for:
    1. oversight of an annual program of compliance and risk management activity, and
    2. developing and maintaining this Framework document, Obligations Register and Compliance Plan;
    3. preparing risk and compliance reporting to the Audit, Risk and Compliance Committee; and
    4. providing advice and support to owners of compliance obligations (as identified in the Obligations Register) to effectively implement internal controls for the management of compliance obligations.
11. All Managers are responsible and accountable for:
    1. operating with approved strategies, this Framework and University policies;
    2. developing and implementing effective processes and internal controls that ensure compliance obligations and risks are appropriately identified, assessed, managed and communicated;
    3. promoting a culture where employees can raise compliance issues, incidents and/or breaches and supporting the timely resolution of these through the provision of adequate resources; 
    4. ensuring internal controls are adequate, maintained, monitored and assessed to mitigate compliance issues or breaches;
    5. modelling compliant practice and behaviour;
    6. actively promoting and ensuring employees are aware of their compliance obligations;
    7. integrating compliance performance into employee performance appraisals, e.g., KPIs and behaviours;
    8. attending and supporting compliance training activities and directing employees to meet training requirements; and
    9. managing, monitoring and reporting on the implementation of adequate and sustainable corrective actions aimed to ensure the University meets its compliance obligations.
12. All employees are individually responsible and accountable for:
    1. their actions as members of the CDU community;
    2. ensuring they are aware of and comply with the compliance obligations applicable to their role and that their actions are consistent with University policies;
    3. undertaking all mandatory training; and
    4. reporting any compliance issues or breaches in a timely fashion.
13. Internal Audit are responsible for evaluating the adequacy and effectiveness of the CMP established to ensure compliance with University policies, procedures and associated documents, and legal and regulatory obligations, which could have a significant impact on the University.
14. Contractors and Volunteers are responsible for:
    1. ensuring they make themselves aware of the compliance obligations applicable to their role at the University and that their actions are consistent with University policies; and
    2. undertaking compliance training as requested and conduct themselves in accordance with the specific terms of engagement.

Section 6 - Non-Compliance

(36) Non-compliance with Governance Documents is considered a breach of the Code of Conduct - Employees or the Code of Conduct – Students, as applicable, and is treated seriously by the University. Reports of concerns about non-compliance will be managed in accordance with the applicable disciplinary procedures outlined in the Charles Darwin University and Union Enterprise Agreement 2022 and the Code of Conduct – Students.

(37) Complaints may be raised in accordance with the Complaints and Grievance Policy and Procedure - Employees and Complaints Policy - Students.

(38) All employees have an individual responsibility to raise any suspicion, allegation or report of fraud or corruption in accordance with the Fraud and Corruption Control Policy and Whistleblower Reporting (Improper Conduct) Procedure.