Compliance Policy

Print Friendly and PDFPrint Friendly


This Policy establishes that JCU will meet all its obligations under applicable laws, regulations, relevant codes of practice and other corporate compliance documents adopted by the Council or University Executive.  This Policy is underpinned by and to be read in conjunction with the James Cook University Compliance Framework, Staff and Council Codes of Conduct and their subsequent procedures.


This policy applies to all members of Council, Staff, Students, and Affiliates of James Cook University (JCU or the University) while engaged in activities undertaken as part of their study, research and, work, with JCU. The policy extends to wherever that activity takes place. Every director, manager, officer, contractor and agent of JCU has a responsibility to uphold the University’s values and to actively participate in improving standards of compliance.


Except as otherwise specified in this Policy, the meaning of terms in this Policy are as per the Policy Glossary.

AffiliateIs a person (other than a Staff member or Student, including HDR candidates) who is affiliated with JCU by letter of appointment or invitation to work, research or study at the University for a particular activity and typically for a prescribed timeframe and who is bound to comply with the University’s policies during that period (for example, volunteers, visiting scholars and adjunct appointees).


A statement of recommended practice developed internally by the University or externally by another body (may be mandatory or voluntary).


Adhering to the requirements of laws, industry and organisational standards and codes, principles of good governance and accepted community and ethical standards.

Compliance failure

An act or an omission whereby the University does not meet its compliance obligations, processes or behavioural obligations.

Legal risk

The potential for financial loss or reputational damage if the University fails to be aware of and implement legislative or regulatory requirements that could impact operations, results in a breach of compliance, or through action or inaction gives rise to potential litigation against the organisation, its staff or students.


A requirement specified by laws, regulations, codes or organisational standards.

Obligation Owner

Staff appointed as being responsible for compliance with particular legislation.


1. Commitment

1.1   The University is committed to ensuring that it complies with all applicable laws and regulations, and that it strives to meet the requirements of those standards and codes of practice that apply to its day-to-day activities and responsibilities. The establishment of the JCU Compliance Framework is underpinned by integrity and high ethical standards and provides a comprehensive, integrated and effective compliance program that is consistent with AS ISO 19600:2015 Compliance management systems (based on AS3806:2006 Compliance Programs) and generally accepted compliance management practice.

2. Objectives

2.1   The University’s Compliance Framework:

  • demonstrates a commitment to the highest standards of ethics and compliance with all applicable laws, regulations, rules and policies and promote a culture of compliance;
  • promotes a culture of frank and open disclosure of compliance breaches without fear of victimisation or unfair treatment;
  • documents and continuously reviews and updates business processes to ensure they comply with applicable laws and regulations;
  • provides employees with training and assistance to become effectively involved in compliance activities to meet their obligations;
  • maintains monitoring and reporting systems to identify instances of non-compliance or system failure and to protect the University, its staff and students from deliberate or inadvertent breaches and consequent penalty;
  • takes prompt action where necessary to address instances of non-compliance or other circumstances that present an unacceptable exposure to legal risk; and,
  • assesses compliance against predetermined objectives and assessment criteria.

3. Compliance Framework

3.1   JCU’s compliance framework is a set of components that provides the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving legislative compliance management throughout the organisation.

3.2   The Compliance Framework has three pillars:

  • inform (ensuring staff are aware of their obligations and the legislative changes that may impact their business units/activities);
  • comply (an annual Compliance Declaration by obligation owners as identified in the Compliance Register); and
  • assure (internal and external audit and review activity).

The Framework outlines a formal approach to continuous improvement. The ongoing performance of the Framework will be monitored and reviewed. The monitor and review mechanisms are:

  • this Policy;
  • supporting procedures and forms and registers that complement the Risk Management Framework and Plan and the Code of Conduct (such as fraud prevention, managing conflicts of interest, and breach reporting); and
  • the University’s Compliance Register  (a Responsible Officer will be appointed for each obligation and will be accountable for compliance with designated obligations).

3.3   The framework will enable:

  • a robust, structured and risk based approach to compliance that is appropriate to JCU’s activities and operating environment; and
  • an approach consistent with the principles of ISO 19600:2015 Compliance management systems.

4. Responsibilities

4.1  Council. Council is ultimately responsible for approving the Compliance Policy.

4.2  Audit, Risk and Committee. The Audit, Risk and Compliance Committee is responsible for:

  • monitoring and reviewing the University’s Compliance Framework in accordance with the Committee’s Charter, and
  • reviewing and making recommendations to Council regarding the Compliance Policy.

4.3 Vice Chancellor. The Vice Chancellor is responsible for leading a compliance culture across the University through promoting and supporting the Compliance Policy and Framework.

4.4  University Executive. The University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Compliance Framework across the organisation, compliance with legislative and regulatory requirements within their specific areas of operational responsibility, and ensuring that any potential or actual legislative non-compliances are identified and appropriately managed.

4.5 Chief of Staff. The Chief of Staff has overall responsibility for the control and coordination of the Compliance Framework and for coordinating the implementation of the compliance process across the University, supported by the Risk and Compliance Officer.

4.6 Obligation Owners. Obligation Owners will work closely with the Risk and Compliance Officer with the Chief of Staff office and will have responsibility for: providing guidance and support to all employees; monitoring legislation, regulations and codes for any changes or new statutory requirements; reporting non-compliance issues, whether systemic, recurring or one-off; and ensuring that legislative requirements are met within their Divisions.

4.7 Managers and Staff. Managers must demonstrate their commitment to compliance by making themselves fully aware of the University’s legal and other obligations within their area of accountability or span of control. All staff are responsible for adherence to the compliance obligations relevant to their position; performing their duties in a lawful and safe manner; undertaking training in accordance with the compliance program; and  reporting and escalating compliance concerns, issues, complaints and failures.

Related policy instruments

Annual Compliance Declaration Procedure

Annual TEQSA Compliance Health Check Procedure

Code of Conduct - Council

Code of Conduct - Staff

Compliance Framework

Complaints about the Vice Chancellor Procedure

Conflict of Interest Policy

Fraud and Corruption Procedure

Legislative Alerts and Non-Compliance Reporting Procedure

Public Interest Disclosure Procedure

Risk Management Policy

Risk Management Framework and Plan

Related documents and legislation

AS/ISO 19600:2015 Compliance Management Systems

Australian Standard 3806:2006 Compliance Programs


NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.

Approval Details

Policy DomainCorporate Governance
Policy Sub-domainRisk, Assurance, Regulatory and Compliance

Policy Custodian

Vice Chancellor

Approval Authority


Date for next Major Review


Revision History


Approval date

Approved by

Implementation date



21-102/12/2021Council17/12/2021Minor policy revisionChief of Staff
20-130/07/2020 01/08/2020Minor amendments after scheduled policy revision. Clarification of Scope and addition of definition of ‘Affiliate’Chief of Staff
18-106/12/2018 18/01/2019Scheduled policy review resulting in minor amendments to reflect changed title of Committee and clarify roles required to complete Compliance Declaration.Chief of Staff





Policy revision

Chief of Staff





Policy Establishment

Chief of Staff


Compliance, standards of compliance, compliance framework, obligations

Contact personChief of Staff