Policy Compliance Framework
Compliance Framework
- Aboriginals and Torres Strait Islanders in Marine Science
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Reputation and Experience
- Celebrating 50 Years
- Academy
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre
- Living on Campus
- Advanced Analytical Centre
- Applying to JCU
- Alumni
- AMHHEC
- JCU Aquaculture Solutions
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Association of Australian University Secretaries
- Australian/NZ Students
- Australian Lions Stinger Research
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- JCU-CSIRO Partnership
- Employability Edge
- Career Ready Plan
- CASE
- Careers at JCU
- Careers and Employability
- Chancellery
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- College of Business, Law and Governance
- College of Healthcare Sciences
- WHOCC for N&M Education and Research
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- Centre for Disaster Solutions
- CSTFA
- Cyber Security Hub
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Discover Nature at JCU
- Research Division
- Services and Resources Division
- Education Division
- Economic Geology Research Centre
- Elite Athletes
- eResearch
- Environmental Research Complex [ERC]
- Estate
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- General Practice and Rural Medicine
- GetReady4Uni
- Give to JCU
- Governance
- Information for JCU Cairns Graduates
- Art of Academic Writing
- Art of Academic Editing
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Engagement
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
- IT Services
- International Schools
- International Students
- Research and Innovation Services
- JCU Eduquarium
- JCU Events
- JCU Global Experience
- JCU Ideas Lab
- JCU Job Ready
- JCU Motorsports
- JCU Prizes
- JCU Sport
- JCU Turtle Health Research
- Language and Culture Research Centre
- CEE
- LearnJCU
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Outstanding Alumni
- Parents and Partners
- Pathways to university
- Planning for your future
- Placements
-
Policy
- Academic Governance
- Academic Management
- Engagement
-
Corporate Governance
- Academic Freedom and Freedom of Speech Policy
- Affiliation of a Residential College Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Business Continuity Policy
- Child Safety Policy
- Code of Conduct – University Council
- Compliance Policy
- Conduct of Council Elections Policy
- Conflicts of Interests Policy – University Council and its Committees
- Controlled and Non-Controlled Entities Policy
- Critical Incident Policy
- Data Governance Policy
- Distinguished Professor Policy
- Domestic and Family Violence Policy
- Emeritus Professor Policy
- Foreign Interference Policy
- General Practice Training Governance Policy
- Incident Management Policy
- Information Privacy Policy
- Legal Services Claims and Litigation Assistance Policy
- Organisational Structure Policy
- Records Management Policy
- Right to Information Policy
- Risk Management Policy
- Social Media Policy
- Staff Code of Conduct
- University Archives - Access
- University Seal Policy
- Visiting Speaker and Event Policy
- Policy Development and Review Policy
- Quality Enhancement Framework
- Reviews of Organisational Units and Thematic Areas - Policy and Procedures
-
Estate and Facility Management
- Advertising on Campus
- Alcohol Consumption on University Property
- Approval of Works to University Buildings and Site Infrastructure
- Authorised Use of University Facilities, Premises and/or Grounds for Non-core Purposes
- Environmental Policy
- High Voltage Access Policy
- Memorial Plaques
- Noise on University Sites
- Pets on Campus
- Real Estate Dealings Policy
- Security Policy
- Space Allocation and Management Policy
- Timetable and Class Registration Policy
- Tree Protection
- Vehicle Fleet Policy
- Weapons Policy
- Adaptive Workplace Policy
-
Financial Management
- Appendices
-
Assets (FMPM 200 - FMPM 399)
- FMPM 200 Overview - Assets & Cash Management
- FMPM 210 Cash
- FMPM 220 Policy - Bank Accounts
- FMPM 230 - Petty Cash Advances
- FMPM 300 Investments
- FMPM 320 Plant and Equipment
- Financial FMPM 322 - Acquisitions of Plant and Equipment
- FMPM 260 Other Advances
- FMPM 330 Non-Capital Assets
- FMPM 280 Official Stores
- FMPM 290 Prepayments
- FMPM 323 - Disposal of Property, Plant and Equipment Procedure
- FMPM 324 Stocktake
- FMPM 350 Intangible Assets
- FMPM 270-2 Accounts Receivable - Student Debtors - Penalties
- FMPM 240 Travel Advances (Students)
- FMPM 330 Non-Capital Assets
- FMPM 270-1 Accounts Receivable
- FMPM 250 - Policy Salary Advances
- Equity (FMPM 500 - FMPM 599)
- Expenses (FMPM 700 - FMPM799)
- Financial Management and Control (FMPM 800 - FMPM 899)
- Further Applications (FMPM 900 - FMPM 999)
- Introduction (FMPM 100 - FMPM 199)
- Liabilities (FMPM 400 - FMPM 499)
- Revenue (FMPM 600 - FMPM 699)
-
Human Resources
- Awards for Excellence Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Community and Indigenous Language Allowance
- Competency Pay for Tradespersons Policy
- Conflict of Interest Policy
- Early Retirement Policy
- Equal Employment Opportunity
- Honorary Appointments Policy
- Human Resources Policy Glossary
- Market Loading Policy
- Overpayment of Wages Policy
- Performance, Development and Recognition Policy
- Recruitment, Selection and Appointment Policy
- Relocation Assistance Policy
- Remote Working Policy
- Salary Packaging Program Policy
- Special Studies Program Policy
- Supported Wage System (SWS) Policy
- Digital Infrastructure
-
International and Admissions
- Attendance Monitoring Policy - English Language and Foundation Programs
- Enrolment Requirements for International Student Visa-Holders Policy
- Management of Off-Campus Operations, Ventures and Partnerships
- Transfer of International Student Visa Holders to Other Educational Institutions
- US Federal Student Aid-SAP & Return to Title IV Policy
- Admissions Policy
-
Learning and Teaching
- Blended Learning Policy
- Charter of Responsibilities for Academic Quality and Governance
- Coursework Academic Integrity Policy
- English Language and Numeracy Policy
- Graduate Attributes
- Graduate Certificate of Education (Academic Practice) Internal Sponsorship Policy
- Learning Teaching and Assessment Policy
- Policy Glossary
- Review of a Student’s Suitability to Continue a Course Involving Placement
- Student Digital Experience Policy
- Student Evaluation of Subjects and Teaching Policy
- Student Retention Policy
- Research Education
- Research Management
-
Student Matters
- Academic Progression Policy
- Administration of Commonwealth Scholarships Policy
- Attendance Monitoring Policy - English Language and Foundation Programs
- Award Finalisation and Graduation Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Copyright Policy and Procedure
- Coursework Enrolment Policy
- Coursework Scholarships, Grants and Prizes Policy
- Library Use Policy
- Student Code of Conduct
- Student Complaints Policy
- Student Disability Policy
- Student Fee Payments and Refunds Policy
- Student Review and Appeals Policy (effective from 01/01/2023)
- Student Special Circumstances Policy
- Transfer of International Student Visa Holders to Other Educational Institutions
- Student Results Policy
- Work Health and Safety
- Policy search
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco for Staff and Students
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Clinical Psychedelic Research Lab
1. COMMITMENT TO COMPLIANCE
James Cook University (JCU) has a responsibility to identify and comply with range of legislative and regulatory requirements. An effective, organisation-wide compliance management system enables an organization to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes and organisational standards, as well as standards of good corporate governance, best practices, ethics and community expectations (AS ISO 19600:2015 Compliance Management Systems). .
The intent of a robust and integrated system of compliance is to provide assurance to the Vice Chancellor and University Council that the University is actively attentive to its legislative compliance obligations, considering impacts of any consequent changes, and ensuring that these are embedded in practice and procedures across the University.
1.1 Objectives
To achieve the objective of being a compliant organisation, JCU’s Compliance Framework aims to:
- demonstrate a commitment to the highest standards of ethics and compliance with all applicable laws, regulations, rules and policies and promote a culture of compliance;
- promote a culture of frank and open disclosure of compliance breaches without fear of victimisation or unfair treatment;
- document and continuously review and update business processes to ensure they comply with applicable laws and regulations;
- provide employees with training and assistance to become effectively involved in compliance activities to meet their obligations;
- maintain monitoring and reporting systems to identify instances of non-compliance or system failure and to protect the University, its staff and students from deliberate or inadvertent breaches and consequent penalty;
- take prompt action where necessary to address instances of non-compliance or other circumstances that present an unacceptable exposure to legal risk;
- assess compliance against pre-determined objectives and assessment criteria; and
- periodically review the compliance framework to ensure it is consistent with AS 3806 and generally accepted compliance management practice.
2. COMPLIANCE PROGRAM
JCU’s compliance framework comprises a set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving legislative compliance management throughout the organisation. There are several policy and procedural documents, forms and registers which identify and manage JCU’s expectations around ethics and integrity in dealings with staff, students and others prescribed in the Code of Conduct, and the University’s obligations identified by this Compliance Framework.
The Compliance Framework has three pillars:
- inform (ensuring staff are aware of their obligations and the legislative changes that may impact their business unit’s activities);
- comply (an annual compliance declaration by obligation owners as identified in the Compliance Register); and
- assure (internal and external audit and review activity) - providing a formal approach to continuous improvement. There will also be regular monitoring and review of the Framework’s performance.
The Framework consists of:
- the Compliance Policy established to identify intent, scope and responsibilities and accountabilities within the University for compliance;
- supporting procedures, forms and registers; and
- the University’s Compliance Register (Obligation Owners will have responsibility for ensuring compliance with particular legislative obligations).
The framework will enable:
- a robust and structured approach to compliance that is appropriate to JCU’s activities and operating environment; and
- an approach consistent with the principles of AS ISO 19600:2015 Compliance Management Systems.
In moving to this Compliance Framework, JCU is reflecting the principles of the Standard within these four key aspects:
- commitment (by the governing body and senior management);
- implementation (responsibilities clearly articulated and assigned);
- monitoring and measuring (performance of the program is monitored and clearly demonstrable); and
- continual improvement.
3. INFORM (Identifying the University’s Legislative Compliance Obligations)
As a large and complex statutory authority, the University has a significant number of compliance obligations, at both the Commonwealth and State level. To ensure that the University can comply with all of its obligations, it is important to identify legislation and other legislative instruments which impose a compliance obligation. These obligations may arise because the University is, for example, an employer, a provider of goods and services, a statutory body or a recipient of Commonwealth funding. Compliance obligations might include:
- reporting requirements (provision of statistics or information);
- requirements for accreditation, registration or licensing;
- complying with timeframes set down by the legislation for performing activities;
- a requirement to provide a specified service or range of services;
- restrictions or limitations on how these services can be offered; and
- financial obligations.
These obligations will be recorded in the University’s Compliance Register to be maintained by the Risk and Compliance Officer within the Office of the Chief of Staff. This Register will map the University’s obligations to business units and Obligation Owners. Identification of the University's statutory obligations, or changes in these obligations, will be an ongoing activity undertaken by the designated Obligation Owners and senior management. This will include Obligation Owners informing other employees of any amendments, initiating updates to the University’s Compliance Register (through the Risk and Compliance Officer), and undertaking any practical steps necessary to ensure compliance with existing, amended and new statutory obligations.
To ensure Obligation Owners and others are informed in a timely manner of Commonwealth and State legislative change across all areas of responsibility by jurisdiction and subject area, a subscription to a legislative alert service will be maintained. Policies, procedures and other documentation which reference legislation will be reviewed on any substantive change, particularly in those areas of actual or potential risk.
Where new or revised legislation creates obligations for the University, a Compliance Action Plan may be required. The template for a Compliance Action Plan is at appendix 1.
4. COMPLY (Management of Compliance)
Obligation Owners will be required to annually sign a Compliance Declaration specific to their area of responsibility which confirms the level of compliance with relevant legislation, provides details of any actual or potential breaches and any action taken, and the outcomes and recommendations in response to legislative change (if any) respective to their obligations. The aim is to proactively identify and report actual/potential breaches in accordance with the Annual Compliance Declaration Procedure..
Where there is non-compliance with a new standard or regulation, a Compliance Action Plan will be developed by the relevant Obligation Owner or at the University level in response with the assistance of the Risk and Compliance Officer, with timeframes and a risk assessment with mitigation strategies (where appropriate). This provides for a better understanding of the non-compliance risk exposure for specific activities rather than having a broad high risk around legislative compliance in general.
4.1 Reporting Incidents of Non-Compliance
Obligation Owners are required to identify and maintain records of all non-compliance incidents or potential breaches within their designated areas. Formal reporting on non-compliance incidents and their management is to be made to the Chief of Staff as and when such incidents occur. The Chief of Staff will advise the Vice Chancellor, Chair of Audit Committee and Chancellor of incidents of significance or notifiable issues. Compliance breaches may be identified through audit activity, self-disclosure, third party complaints, compliance certifications, and review or notification by regulatory agencies and other authorities.
Information received from Obligation Owners during this process is used to advise University Council through Audit Committee of high risk non-compliance incidents or significant compliance trends. Actions may be taken on the basis of this reporting by senior management to clarify any non-compliance which has not been satisfactorily addressed by an organisational area.
A staff member who wishes to report any incident of non-compliance should approach either the relevant designated Obligation Owner if the incident relates to a specific obligation or their manager or supervisor if the incident relates to an operational matter. It is also open to a staff member to make a Public Interest Disclosure in accordance with the relevant procedures, where circumstances warrant.
Reporting processes are outlined in the Legislative Alerts and Non-Compliance Reporting Procedure.
4.2 Corrective Actions
When a compliance breach is detected it is Management’s responsibility to:
- investigate the circumstances relating to the compliance breach;
- notify the compliance breach to the Obligation Owner;
- ensure that timely and adequate corrective actions are taken to reinstate compliance; and
- provide a copy of the Compliance Action Plan to the Chief of Staff.
Where a significant compliance breach occurs, and based on a risk assessment, a corrective action plan should be developed by Management in consultation with the Obligation Owner. The Obligation Owner will monitor the implementation of the corrective action plan to ensure that compliance is reinstated.
Where an Obligation Owner believes that Management’s response to a compliance breach is not appropriate, the matter should be escalated to the Chief of Staff for resolution.
5. ASSURE (Audit, Monitoring and Review)
The University is responsive to a number of external regulatory agencies for accreditation, certification and registration purposes (including vocational and professional bodies, the Tertiary Education Quality and Standards Authority, and others) and therefore subject to external audit or review, accreditation or self-review and reporting obligations. An assurance map will be compiled to capture these obligations.
The annual Internal Audit Work Plan may also include a rolling compliance audit, using a risk based approach, to assure the Vice Chancellor and Audit Committee that the University is maintaining or working towards compliance, or to assess whether any business improvement implemented to meet legislative change is fit for purpose and meets requirements.
In order to effectively manage compliance obligations, an annual review of compliance processes will be undertaken. This will include:-
- the review and updating of the compliance and risk registers;
- notification of any previously un-reported compliance breaches, issues or complaints; and
- audit of compliance processes, as applicable.
The risk of compliance failure should be reassessed whenever there are:-
- new or changed activities or services;
- changes to the structure or strategy of the University;
- significant external changes; or
- changes to compliance obligations.
5.1 Compliance Performance Reporting
Formal reporting mechanisms on compliance activities include:
- Annual Compliance Declarations by Obligation Owners of compliance with legal, regulatory and other obligations;
- regular reporting, by the Office of the Chief of Staff to Vice Chancellor's Advisory Committee and Audit, Risk and Compliance Committee of Council on major developments, issues and compliance incidents including the status of implementation of corrective action plans;
- provision of an annual, risk-based plan of compliance activities to Audit, Risk and Compliance Committee for review and approval; and
- reviews of the Compliance Policy and the Compliance Framework (to align with reviews of the Risk Management Framework and Policy), including an assessment of their effectiveness and recommendations for improvement.
6. RESPONSIBILITIES FOR COMPLIANCE
The University Council is ultimately responsible for approving the Compliance Framework and Policy, and through Audit Committee oversees the adherence, monitoring and review of the University’s Compliance Framework. Audit Committee is also responsible for reviewing and making recommendations to Council regarding the Compliance Policy.
The Vice Chancellor is responsible for leading a compliance culture across the University through promoting and supporting the Compliance Policy and Framework. Detailed responsibilities for University staff include:
University Executive
The University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Compliance Framework across the organisation, comply with legislative and regulatory requirements within their specific areas of operational responsibility, and ensure that any potential or actual legislative non-compliance has been identified and is being managed appropriately. Specifically:
- remaining aware of the compliance obligations (including monitoring for changes in legislation and regulation) within their areas of control;
- identifying individual staff members requiring training and ensuring their participation as required to ensure ongoing compliance;
- reporting non-compliance or potential non-compliance to the Obligation Owner and the Chief of Staff;
- undertaking corrective actions to compliance breaches in a timely manner;
- certifying compliance for their area of control; and
- encouraging behaviours that create and support compliance and a compliance culture.
Chief of Staff
The Chief of Staff has overall responsibility for the control and coordination of the Compliance Framework and for coordinating the implementation of the compliance process in all areas of the University with compliance responsibilities with the support of the Risk and Compliance Officer. Specifically:
- developing, implementing and ensuring continuous improvement of the Compliance Framework;
- overall coordination of the Compliance Program and ensuring that all responsible areas of the University fulfil their compliance responsibilities;
- identifying, in conjunction with Obligation Owners, compliance requirements and training needs and promoting awareness of compliance obligations;
- maintaining the University’s Compliance Register;
- providing advice to relevant staff and Obligation Owners on new or changed legislation, its content and application to the University where appropriate;
- reporting compliance breaches to management and University Executive and ensuring that appropriate and timely corrective actions are undertaken;
- conducting regular compliance audits; and
- reporting to vice Chancellor's Advisory Committee and Audit, Risk and Compliance Committee of Council.
Obligation Owners
Obligation Owners will work closely with the Chief of Staff and will have responsibility for providing guidance and support to all employees; monitoring legislation, regulations and codes for any changes or new statutory requirements; reporting non-compliance issues, whether systemic, recurring or one-off; and ensure that legislative requirements are met within their Divisions. Specifically:
- ensuring that the compliance requirements for their areas of compliance responsibility are identified, understood and documented (in the Compliance and Risk Register where appropriate).
- monitoring identified legislation and regulations for change and ensuring that compliance continues to be maintained, including providing advice to the Risk and Compliance Officer if such change impacts the University’s Compliance Register;
- providing guidance and support to staff on compliance with legislative obligations (including new or changed obligations) relevant to their areas of responsibility;
- monitoring and reporting non-compliance;
- complete the Annual Compliance Declaration; and
- encouraging behaviours that create and support compliance and a compliance culture.
Managers and staff
Commitment must be demonstrated by managers by making themselves fully aware of the University’s legislative obligations within their area of accountability or span of control. All staff are responsible for:
- adherence to the compliance obligations relevant to their position;
- performing their duties in a lawful and safe manner;
- undertaking training as required on compliance activities and initiatives;
- undertaking corrective actions to compliance breaches in a timely manner; and
- reporting and escalating compliance concerns, issues, complaints and failures.
7. SUMMARY OF KEY COMPLIANCE ACTIVITIES
The table below summarises the key actions, reviews and reports required by JCU’s Compliance Framework. It details who is responsible for each activity and the required timing. In dependent review may also be sought to confirm the University’s approach to compliance is consistent with best practice.
Action | Description | Responsibility | Timing |
Review Compliance Policy | Review the currency and effectiveness of JCU’s Compliance Policy | Council to approve on advice of Vice Chancellor and Audit Committee (review to be coordinated by Chief of Staff) | Every two years in August |
Review Compliance Framework | Review the currency and effectiveness of JCU’s Compliance Framework | Audit Committee to consider on advice of Vice Chancellor (coordinated by Chief of Staff) | Every two years in August |
University’s Compliance Register | Identify and review legislative obligations and nomination of Obligation Owners | Vice Chancellor's Advisory Committee to initiate, Audit Committee to review (coordinated by University General Counsel) | Annually in July |
University’s Risk Register | Review current status of Compliance Action Plans, potential or actual breaches and other relevant issues | Vice Chancellor's Advisory Committee (Obligation Owners to coordinate) Audit Risk and Compliance Committee (coordinated by Chief of Staff) | Every 6 months by VCAC and Audit, Risk and Compliance Committee in November |
Compliance Declarations | Review current status of key risks, Risk Treatment Plans, incidents and other relevant issues | Obligation Owners, reported to Vice Chancellor's Advisory Committee and Audit, Risk and Compliance Committee (coordinated by Risk and Compliance Officer) | Annually in November |
Training | Ensure staff are aware of the Compliance Framework, Policy and Procedures and their obligations. | Chief of Staff and Risk and Compliance Officer (Obligation Owners to assist) | Introduction for all new staff at on-line induction with more detailed session for Obligation Owners within three months of commencing. |
Related Policy Instruments
Legislative Alerts and Non-Compliance Reporting Procedure
Appendices
Appendix 1 Compliance Action Plan template
Administration
NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.
Approval Details
Policy Domain | Corporate Governance |
Policy Sponsor | Vice Chancellor |
Approval Authority | Council |
Date for next review | 1/12/2025 |
Revision History
Version | Approval date | Implementation date | Details | Author |
21-1 | 02/12/2021 | 17/12/2021 | Minor revisions to reflect amended policy and new procedures | Chief of Staff |
20-1 | 30/07/2020 | 01/08/2020 | Minor amendments and revisions after internal audit review. | Chief of Staff |
18-1 | 06/12/2018 | 18/01/2019 | Minor amendments to clarify responsibilities regarding completion of annual Compliance Statement, administrative amendments and amendment to review of Compliance Framework from annually to every two years. | Chief of Staff |
16-1 | 08/12/2016 | 16/02/2017 | Revisions to Framework | Chief of Staff |
15-1 | 10/04/2015 | 4/06/2015 | Framework established | Chief of Staff |
Keywords | Compliance, standards of compliance, compliance framework, obligations |
Contact person | Chief of Staff |