Compliance Framework

Western Sydney University’s compliance framework illustrates the relationship between the strategic and operational components of its compliance management program, overarching benchmarks, and compliance risk management.

Please click on the diagram to enlarge image.

The University’s compliance framework is based on three main benchmarks:

• International Standard of ISO 19600;
• University’s objectives as outlined in its Securing Success plan; and
• Good governance principles i.e. endorsement of the Program from its relevant governing body, the Audit and Risk Committee, where the Compliance Program Unit (“CPU”) regularly liaises with the Committee either through specific papers or a dotted reporting line through the University Secretary and General Counsel.

Three lines of responsibility

The Framework and Program operates on the three lines of responsibility.

The success of a framework, and the Program therein, is contingent upon ensuring clear roles and responsibilities across the University.

Please click on the diagram to enlarge image.

The Compliance Policy establishes the overarching principles and commitment to action for the University to achieve compliance. It is also based on ISO 19600 principles, endorsed by the ARC, and is a genuine reflection of the values of the University. It has a strong relationship with other conduct policies, such as the University’s Code of Conduct.

The Compliance Strategic Plan is the 3 year plan of the CPU and describes, at the strategic level, its vision and mission. It is in effect, the document setting out the objectives, priorities, and action of the overall Compliance Management Program of the University, as required under ISO 19600. Its main purpose is to:

• Reinforce the value proposition of compliance to the University (also communicated throughout this Intranet page).
• Link the CPU strategy to the University’s Securing Success strategy plan.
• Details to key priorities and success factors over the 3 year period.

The Compliance Strategic Plan essentially centres on maturing its Program to incorporate all 12 components of a mature compliance model to its highest (and desired) level. The delivery of the Compliance Policy and the strategic plan enhances the University in so far that it positively affects the University’s:

• People including culture;
• Reputation and brand;
• Business process and systems;
• Associated strategic risks of financial, litigation, and political risks; and
• Reduction in potential litigation and fraud by providing sound policies, training, and awareness.

Annual Compliance Plans

Annual compliance plans (also known a compliance business plans) intend to set out the objectives, tasks, and key performance measures of the CPU for the year. It essentially is the practical work plan for the CPU for the next 12 months, what it will do, why, and what success looks like.

It is intended to be linked to the Compliance Strategic Plan, and will mature to include compliance risk assessments and risk treatments.

Policies, training, tools

As part of the framework, the CPU acts as a consultant and business partner to business and academic units across the University in developing policies, procedures, guidelines, training, and other reporting and monitoring tools.

Unlike the overarching compliance policy, which is owned and authored by the CPU, operational compliance policies, such as those addressing privacy, conflicts of interest, behaviour etc, are designed to address specific compliance risks within the University, and owned throughout by different units.

As with operational compliance policies, the CPU also acts as a consultant and business partner on particular procedures, guidelines, and training, which provide detailed operational support to implementing an operational compliance policy. The CPU may also assist in creating clear infographics, diagrams, and flowcharts, to greatly enhance comprehension of a procedure and increase compliance.

While the CPU is primarily involved in mandatory or enterprise-wide training that apply to all staff, and the associated monitoring and reporting, the CPU is available to consult on more niche or targeted training to ensure compliance goals are being met and are linked to / consistent with the mandatory training where relevant.