FAQs and Useful Information

Compliance Generally

What does "compliance" mean at Western Sydney?

Compliance means meeting the requirements of all relevant laws and University codes of conduct and policies applicable to the University as a whole, and to individual schools and business units. Simply put – it's following the rules in the right spirit.

However at Western Sydney, compliance runs deeper than just following the rules – it means reflecting the University's value of upholding high standards of ethics in line with its Code of Conduct, and its social responsibility commitment to the Greater Western Sydney community.

Who is responsible for compliance?

Compliance is everyone's individual and collective responsibility. All Western Sydney University employees, whether full-time, part-time, or casual (including student employees), are responsible for understanding and following the requirements as applicable to their jobs. Contractors engaged by the University also have the same responsibility.

There are designated "Compliance Representatives" and "Compliance Contacts" who have responsibility of statutory reporting obligations to external bodies (e.g. Human Rights Commission), the translation of the legislative requirements for which their area is responsible into training, policies and procedures, and of assuring of compliance with laws for the University or their business or academic unit/s.

The Compliance Program Unit supports the University by providing guidance and advice on any compliance-related questions.

Why is compliance so important?

Compliance bolsters the University's commitment to integrity and ethics, which in turn supports its staff and students in their operations and wellbeing. Compliance relies on all members of the University community to care.

Non-compliance can have adverse consequences for not just the University's business and operations but also its reputation. In particular, non-compliance with some laws can result in penalties and, in severe cases, fines or imprisonment.

What does the Compliance Policy do?

The Compliance Policy establishes the overarching principles and commitment to action for the University to achieve compliance in all of the University's activities and operations, and across all levels.

It sets the level of responsibility, accountability, and performance required, and the expectations to which actions will be reported and assessed.

In particular, the Policy recognises the need to uphold high standards of integrity to ensure a safe environment for staff and students, which is in line with the University's strategic objectives.

The Compliance Policy is not a stand-alone document, and is supported by other operational policies, operational manual, and processes of the University.

Compliance Management Program

What is the intended purpose of the Compliance Management Program?

By providing guiding principles and practical tools, the Compliance Management Program intends to facilitate operational compliance and risk minimisation within business and academic units. It provides a formal, transparent, and uniform framework for the University and its employees to better assure of operational compliance across its campuses.

How does Western Sydney University know if all areas are being compliant?

The University's Compliance Management Program contains mechanisms that assure compliance in all areas, including:

  • Compliance Oversight – governance through policies, procedures, systems, training and monitoring.
  • Compliance Directory - a centralised list of all relevant Commonwealth and NSW legislation applicable to the University, its units, and schools. It allows for 360 degree communication and monitoring, ensuring awareness and currency.
  • Attestation Process (set to launch) - an annual attestation intending to confirm compliance with relevant legislation and any actual or potential compliance issues in each unit, or school.
  • Non-Compliance Incident Reporting - University business and academic units, as well as students and members of the public, are to report or self-report potential (risks), imminent (threats), or actual (issues) non-fulfilment of particular incidences that affect their own compliance requirements or of another area in University.

Is there a Procedure document and/or training materials on the Compliance Management Program?

The Compliance Operational Manual is a useful document explaining the intricacies of its processes. The Compliance Contacts and Compliance Representatives will find it the most useful. Specific training materials relating to the Program are available on MyCareer Online.

Compliance Behaviours

Isn't compliance something only my manager or the compliance unit should care about?

No. All business units and schools have a legal and ethical obligation to be compliant. We are all affected by legislation by varying degrees; as such we must all individually accept and manage our compliance obligations.

Your manager should support and guide you with any compliance questions you may have. The Compliance Program Unit also provides support to staff as it relates to operating within the University's Compliance Management Program.

There's a law I don't agree with, or never heard of before in my career. I don't have to comply with it, do I?

Compliance with laws is not optional for either the University or its staff. Non-compliance can lead to adverse consequences for both the University and the individuals involved, such as external fines and disciplinary measures. It can also affect the University's reputation.

Contact the Compliance Program Unit for guidance on any concerns.

Will I have to change how I do things in order to achieve compliance?

Probably not. As employees, people already operate within a compliance environment, and attend training, adhere to policies & procedures and report on their activities. In addition, many teams look for changes in the laws, prepare for adverse situations and actively manage emerging risks.

The Compliance Management Program provides a formal and uniform framework for the entire University that more easily assures of the operational compliance already occurring in the University, or individual business and academic units.

The University has a Compliance Policy which outlines what is expected of a Western Sydney University employee when it comes to the University's compliance obligations.

Contact the Compliance Program Unit for guidance on any concerns.

Specific Procedures

How do I comply?

First, be aware of the requirements.

The Compliance Directory catalogues the Commonwealth and NSW legislation requirements relevant to the University and its units /schools. There are certain legal aspects not covered in the Compliance Directory and the schools / units manage them separately such as contractual obligations. The staff need to be aware of these obligations that impact their units or processes or activities.

Second, keep up to date.

High standards of accountability is expected and required from all levels of staff within the University; each individual is responsible and accountable for his or her own awareness and compliance with applicable laws. The University provides training and information on particular laws that apply to the University, and what staff need to do to ensure compliance.

The University Compliance Management Program has an embedded legislative alert subscription that provides information on i) amendments, ii) repeals, iii) subordinate legislation made under and that affect the laws listed on its Compliance Directory. Compliance Representatives and Compliance Contacts are subscribed to alerts affecting their assigned laws, however any University staff may request to be alerted about particular laws by contacting the CPU. Instructions on how to use the alert service once subscribed is found in the “University-only documents” section (staff login required).

How do I use the Compliance Directory?

All University staff and the University community can view the Compliance Directory. It is sorted alphabetically by legislation name, lists the Level assigned, and summarises the purpose of the legislation and its relevance to the University. The Compliance Directory is a live resource, and is regularly monitored and updated. Managers should encourage all staff to access the directory to help drive compliance awareness and behaviour.

How often is the Compliance Directory updated?

The Compliance Program Unit regularly monitors changes to laws to update the Compliance Directory. A formal update is scheduled on at least an annual basis. Designated Compliance Representatives and Compliance Representatives have access to the Directory’s laws for which their area has responsibility of operational compliance and must continuously review their laws and update the Directory when necessary in a timely manner.

The Compliance Program Unit welcomes review and feedback on the Compliance Directory from the University community.

What do the different “levels” of the Compliance Directory mean?

The Compliance Directory is categorised into 4 “levels” comprising of:

  • Level A (“All”): This is assigned to legislation that applies to all activities at the University. These laws are managed by one business or academic unit in the University. Example: Privacy Act.
  • Level B (“Broad”): This is assigned to legislation that applies to broadly occurring activities across more than one business and/or academic unit. These laws are managed jointly, where the management teams regularly consult one another on collective or shared obligations. Example: Education Services for Overseas Students Act.
  • Level C (“Centralised”): This is assigned to legislation that applies to University-wide activities. These laws are managed centrally by one academic or business unit on behalf of the University. Example: Public Finance and Audit Act.
  • Level D (“Decentralised”): This is assigned to legislation that applies to discrete or specialised activities, or to functions not commonly occurring over more than 1 business or academic unit. It includes legislation where it is not necessary to consult on the obligations with another business or academic unit. These laws are managed separately across different business and/or academic units. Example: Health Practitioner Regulation National Law Act.

Compliance Representatives and Compliance Contacts

I have been assigned as a Compliance Representative / Compliance Contact on the Compliance Directory. What does this mean?

Congratulations! Compliance Representatives and contacts are important drivers of Western Sydney University's Compliance Management Program.

Compliance Representatives are senior management members who are responsible for business or academic unit/s, and are assisted by Compliance Contacts who have subject matter expertise in to identify, implement, monitor. Compliance Representatives assure of compliance with legislation obligations for the University or their business or academic unit/s.

The Compliance Management Program outlines specific responsibilities for these two roles.

I have been assigned as a Compliance Representative / Compliance Contact to a law on the Compliance Directory, but I know there is another area who is responsible for some of the obligations. Can you explain?

Some laws cover various aspects which may be a cross-over into different operational areas within the University where each operational area is responsible for particular compliance obligations under the Act. Whether the law is also assigned to another area, or just one, depends on the “Level” assigned to the law (see above FAQ for level definitions). The Level indicates whether these obligations may be:

  1. shared / collective, and requires joint management with others to assure of operational compliance (usually Level B legislation e.g. Education Services for Overseas Students Act);
  2. separate / distinct between multiple Representatives, and does not necessitate consultation with others to assure of compliance (usually Level D legislation e.g. Health Practitioner Regulation National Law Act);
  3. principally consigned to one area that requires consultation, advice, and insight from others who have an adjunct portion of the obligations to assure of operational compliance (usually Level A legislation e.g. Privacy Act); or
  4. consigned to one area who manages them centrally on behalf of the University to assure of operational compliance (usually Level C legislation e.g. Public Finance and Audit Act).

Explanation and training on the operational aspects of assignments will be communicated at a later date.

I am a Compliance Representative / Compliance Contact, and I've heard I may have to complete attestation in the future when this element of the program is launched. What does this attestation intend to involve?

The annual compliance attestation is intended to be completed by Compliance Representatives and Compliance Contacts, which aims to simply provide reasonable assurance that there is no material non-compliance of the assigned laws in their operating areas that could adversely affect the University’s ability to comply with legislative requirements.

The attestation process for Compliance Contacts requires specific detail on key controls, recording and management of compliance incidences, and awareness of compliance requirements.

Who is my area's Compliance Contact or Compliance Representative?

Contact your manager or supervisor, a senior manager in your area, Executive Officer/School Manager, or the Compliance Program Unit.

Note: Not all units or schools, at this stage of the Program, have a designated Compliance Contact or Representative.

Reporting Non-Compliance Incidences

What is non-compliance?

Non-compliance incidents include potential and actual issues that do not fulfil the University's compliance requirements or cause behaviours that do not conform to the compliance culture. Non-compliance can involve an individual's own actions/omissions or the actions/omissions of someone else at the University.

Potential non-compliance incidents means any potential non-fulfilment of the University's compliance requirements i.e. the incident may happen but has not yet happened. Example: A unit doesn’t have any processes developed or implemented to maintain security for its records (particularly sensitive records) stored in and being moved between office areas of different campuses.

Actual non-compliance incidents means a breach of the University's compliance requirements i.e. the incident has happened. Example: A record containing personal information is accessed without the proper authorisation.

What if there is an incident of non-compliance?

Most instances of non-compliance tend to be unintentional oversights that can be quickly corrected.The University's Compliance Management Program is designed to ensure all staff can readily access the support and advice to determine whether or not they are in compliance.

In all cases of non-compliance incidences (whether potential, imminent, or actual), a strategy to resolve the issue should be developed between the designated Compliance Representative/s, managers, and the Compliance Program Unit. In some cases, you may need to call on additional resources, such as the Offices of the General Counsel and Audit and Risk Assessment, to obtain specialist advice and guidance.

Why should I report non-compliance incidences?

Reporting compliance incidences play an extremely important role in the University's Compliance Management Program at every step of the process.

First, reporting a compliance incident ensures adequate attention, accountability, and corrective action is taken before it becomes more serious. It also ensures transparency within the University and enables collective responsibility among the different teams.

Second, the University may have a legal obligation to report a compliance incident to an external agency e.g. Independent Commission Against Corruption.

Third, it facilitates good and centralised record keeping. Compliance incidences can take time to resolve, and retention of information may assist the University, especially if other support services or resources need to be involved. The documentation also helps the University demonstrate the actions and intentions to adequately manage the incident.

Fourth, it can help resolve similar compliance incidences for future staff, prevent duplication, and ensure efficiency. No compliance incident is too big or too small to report, and every report is important!

Lastly, it mitigates / reduces of any future disputes or penalties as the University will be able to demonstrate a genuine effort to rectify the incident in a timely manner.

How do I report non-compliance incidences?

Western Sydney University encourages questions and good faith reporting on compliance incidences through

- Your supervisor or manager

- Compliance Representative or Compliance Contact

- Compliance Program Unit via the central web-based Non-Compliance Incident Reporting Register

Early identification and reporting can help to prevent a small problem from becoming bigger, facilitates prompt resolution, and perhaps even avert a disaster.

The opportunity for questions and reporting is a cornerstone of a successful compliance management program.

Is there a Non-Compliance Incident Reporting Register?

Yes. University staff and the university community (i.e. students and members of the public) can report non-compliance incidences online via the central Non-Compliance Incident Reporting Register. More information on the Register, what types of incidences should be reported, and the link to the Register is found on the Non-Compliance Incident Reporting page.

Useful Compliance Program Unit documents

Compliance Policy

The Compliance Policy establishes the overarching principles and commitment to action for the University to achieve compliance in all of the University's activities and operations, and across all levels.

Compliance Management Program

The Compliance Operational Manual explains the intricacies of its processes (Compliance Directory, Non-Compliance Incident Reporting Register etc). Compliance Contacts and Compliance Representatives will find it the most useful.

Training Materials

Specific training materials relating to the Program are available on MyCareer Online.


Useful Information

Australian Competition and Consumer Commission (ACCC)

The ACCC is an independent Commonwealth statutory authority whose role is to enforce the Competition and Consumer Act 2010 and a range of additional legislation, promoting competition, fair trading and regulating national infrastructure for the benefit of all Australians.

Independent Commission Against Corruption (ICAC)

The ICAC's principal functions are set out in the Independent Commission Against Corruption Act 1988. In summary, they are:
  • to investigate and expose corrupt conduct in the NSW public sector
  • to actively prevent corruption through advice and assistance, and
  • to educate the NSW community and public sector about corruption and its effects.

The jurisdiction of the ICAC extends to all NSW public sector agencies (except the NSW Police Force) and employees, including government departments, local councils, members of Parliament, ministers, the judiciary and the governor. The ICAC's jurisdiction also extends to those performing public official functions.

GRC Institute

GRCI's mission is to be the preeminent body for compliance and enterprise risk management professionals across the Asia Pacific region.

GRCI provides leadership and advocacy on behalf of its members, with a strong focus on the development of their expertise in business governance practices that support the achievement of their organisation's objectives.

National Commission of Audit

The National Commission of Audit was established by the Australian Government as an independent body to review and report on the performance, functions and roles of the Commonwealth government. Accordingly, the Commission of Audit ('the Commission') has a broad remit to examine the scope for efficiency and productivity improvements across all areas of Commonwealth expenditure, and to make recommendations to achieve savings sufficient to deliver a surplus of 1 per cent of GDP prior to 2023-24.