Skip to content | Change text size
 

Legislative Classification and Reporting Requirements Table

Legislative Classification Reporting Requirement
Tier 1 The legislation relates to:
  • the University's core business operations;
  • the University's strategic directions;
  • health and safety of staff and students.
 1. Immediate notification to Audit and Risk Management of any non-compliance and remedial action to be undertaken.

2. Bi-annual compliance register reporting (March and September) to Audit and Risk Management.

3. Annual Certification (September) to Audit and Risk Management of adequacy of compliance processes to meet compliance obligations.
Tier 2 The legislation relates to:
  • the University’s non-core (support) operations.
1. Immediate notification to Audit and Risk Management of all non-compliance, status and remedial action to be undertaken.

2. Annual compliance register reporting (September) to Audit and Risk Management.

3. Annual Certification (September) to Audit and Risk Management of adequacy of compliance processes to meet compliance obligations.
 
Tier 3 The legislation relates to:
  • the University’s non-core (support) operations where the impact of a breach is anticipated to be minimal.
 1. Immediate notification to Audit and Risk Management of all non-compliance, status and remedial action to be undertaken.

2. Annual Certification (September) to Audit and Risk Management of adequacy of compliance processes to meet compliance obligations.

LCOs should continue to maintain a compliance register to allow them to identify risks attached to the legal obligations at all times.

The following provides further details on the reporting process.

1. Compliance Register

Each Legal Compliance Officer is required to maintain a compliance register relevant to the specific legislation under their responsibility.  The register will hold information about:

  • Obligations as described in legislation, regulation and mandatory codes of practice;
  • Each obligation’s (non-compliance) risk ranking;
  • Remediation plan associated with meeting each of the obligations;
  • Person(s)/committee responsible for managing the remediation plan;
  • Estimated completion date for the remediation plan; and
  • Current status of the remediation plan.

1.1 Non-Compliance Risk Ranking

Non-Compliance risk ranking can either be Critical, High, Medium or Low.  It denotes the current risk of non-compliance the University has with a particular obligation.  The ranking also assists by setting priorities for remedial action.

1.2 Action (Remediation) Plan

A remediation plan is a developed plan of action that, when implemented, will mitigate or minimise a particular non-compliance risk.  A non-compliance risk may have one or a number of remediation plans.  Remediation plan status can be:

  • Not started;
  • Work-in-progress, or
  • Completed.

 2. Risk Assessment

The compliance register should be reviewed, re-assessed and updated when:

  • There is an increase in the number of reported incidences of non-compliance compared to previously reported. This is an indicator that existing control(s), put in place to reduce the risk of non-compliance, are either not working effectively or are inadequate; and/or
  • Audits (internal and/or external) have identified weaknesses in controls or lack of controls which may, potentially, increase the risk of non-compliance; and/or
  • There are amendments to legislation, regulations and/or mandatory codes of practice; and/or
  • Following the implementation of a remediation plan(s).

Legal Compliance Officers, Heads of Departments and their delegates should also review changes to:

  • Procedures that have been implemented to comply with obligations (as described in legislation, regulation and mandatory codes of practice), and/or
  • Policies that have been developed to meet these obligations; and/or
  • Organisation structure in terms of staff movements or changes to responsibilities.

The review will ascertain if existing controls implemented to mitigate or minimise any risks of non-compliance have not been inadvertently removed with these changes.

(Note: It is recommended that, at a minimum, a risk assessment should be conducted at least once a year to ensure non-compliance risk rankings are still appropriate under current conditions.)

3. Notifications and Enquiries

All notifications of non-compliance should be directed via email to compliance

For all legal compliance enquiries: phone 9905 6847 (ext 56847) or 9905 6846 (ext 56846) or email compliance