(1) This Policy establishes Victoria University’s (VU’s) commitment to legal and regulatory compliance through the implementation of a compliance management framework and accountability structure. (2) The primary purpose of the compliance management framework is to provide clear accountability and responsibility for Key Compliance Obligations and to ensure the appropriate identification, allocation, reporting and oversight of University wide compliance controls. (3) The framework supports the delivery of quality academic outcomes and student and staff experience and is critical to maintaining a positive reputation for VU and its people. (4) HESF: 6.2 Corporate Monitoring and Accountability - Standards 6.2.1. a. and 6.2.1.k. (5) Standards for RTOs: Standard 7.1 and Standards 8.5 and 8.6 (6) This Policy applies to: (7) Compliance: Adhering to Relevant laws and regulations that apply to the University. (8) Compliance Register: The list of Relevant laws and regulations that have been identified by the University and allocated to accountable and responsible staff members. This list is recorded in the University’s compliance system and displayed on the University intranet. (9) Controls: The existing actions, activities or procedures that support compliance with Relevant laws and regulations. Controls may include policies and procedures, process documents (such as standard operating procedures and manuals) and education and awareness training. (10) Improvement Plan: Agreed actions that will be taken to achieve compliance with a Key Compliance Obligation. (11) Key Compliance Obligations: Obligations set out in Relevant laws and regulations that, if not complied with, could result in a Material Non-Compliance. (12) Material Non-Compliance: Any breach that has the potential to: (13) Relevant laws and regulations: Acts, regulations and other legislative instruments, educational codes and standards that the University is required to apply (not including industry or professional body standards relating to course accreditation). (14) As a public body and dual sector university, VU operates within a complex legal and regulatory environment. The University’s broad activities include teaching and learning, research, partnerships and commercial activities, at a local, state, national and international level. (15) VU is committed to a positive culture of compliance and the effective integration of controls within daily operations. Effective compliance management is integral to good governance and the University’s reputation and standing. Compliant practices ensure the University’s sustainability and support the achievement of strategic and operational goals. (16) As stated in the Victoria University Risk Appetite Statement the University has no appetite for any Material Non-Compliance. (17) The University’s Compliance Management Framework is based upon Australian Standard ISO 37301:2023. (18) The framework is underpinned by the following principles: (19) VU’s compliance management framework comprises: (20) The University adopts three lines of defence to manage compliance: (21) Compliance - Policy Development Procedure (22) Compliance - Regulatory Reporting ProcedureCompliance Management Policy
Section 1 - Summary
Section 2 - TEQSA/ASQA/ESOS Alignment
Section 3 - Scope
Top of PageSection 4 - Definitions
Section 5 - Policy Statement
Compliance Management Framework
Compliance Management Principles
Principle
Demonstrated by
Positive culture of compliance
- A culture where identifying and managing compliance is accepted as everyone’s responsibility and is acknowledged as a driver of quality outcomes.
- Excellence in corporate governance with accountability, awareness and a positive attitude to compliance management.
- Active support of the compliance management by the University Council, Audit and Risk Committee, Academic Board and Vice Chancellor’s Group.
Accountability
- Clear accountability and responsibility for Relevant laws and regulations, Key Compliance Obligations and Improvement Plans.
Transparency
- Transparency and oversight to the University Council, Audit and Risk Committee, Academic Board, the Vice Chancellor’s Group and senior management that Key Compliance Obligations are being effectively managed.
Risk based
- Prioritisation, resource allocation and investment in compliance related activities are informed by risk analysis.
Embedded compliance management
- All operational areas understand their responsibility for compliance management and their oversight of controls in every day practice.
- Enterprise wide compliance oversight that identifies, allocates and reports on University wide compliance management.
Three Lines of Defence
Line
Role
Key duties
First Line – Management and Internal Controls
Vice Chancellor’s Group, senior management
- Identify, implement and manage compliance obligations in daily operations.
- Develop policies, procedures and controls to manage compliance.
- Conduct education and awareness training in areas of responsibility to encourage behaviours that support compliance.
- Notify the Director Risk and Compliance of breaches within their portfolio and the remedial actions taken.
- Identify, develop and implement Improvement Plans to achieve compliance where appropriate.
Second Line – oversight
Risk and Compliance function
- Develop and implement the compliance management framework.
- Manage the identification, articulation and allocation of Key Compliance Obligations across the University.
- Provide alerts on changes to legal and regulatory requirements.
- Provide advice and support to the operational areas responsible for implementing controls and Improvement Plans.
- Coordinate monitoring, measuring and reporting on Key Compliance Obligations to the Vice Chancellor’s Group; Audit and Risk Committee; and the University Council.
- Escalate breach reporting to appropriate bodies and provide advice and support on remedial activities and Improvement Plans.
Third Line - assurance
Internal Audit
- Undertake independent review of internal controls as part of the internal audit program.
- Provide assurance to the University Council and Audit and Risk Committee on the application and appropriateness of the University’s frameworks for managing compliance and include as part of the rolling 3 year Internal Audit Plan.
- Provide assurance to the University Council and Compliance, Audit and Risk Committee that significant legal or regulatory issues are recognised and adequately addressed.Section 6 - Procedures
View Document
This is the current version of this document. To view historic versions, click on the 'Historic Versions' tab above.