Bulletin Board - Document Comments

Bulletin Board - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will receive a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments, take a note of where you up to and return later to make a further submission.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

  5. If you would like a copy of the comments you made via the Bulletin Board, please email policy@rmit.edu.au and specify which document you provided feedback on and a copy of your submission will be emailed to you.

 

Compliance Policy

Section 1 - Purpose

(1) This policy affirms RMIT’s commitment to compliance management and outlines the framework and objectives for managing compliance obligations. It promotes a positive compliance culture that fosters ethical conduct and supports good governance and operational excellence at RMIT.

(2) The process for identifying, monitoring and reporting on compliance management is detailed in the Compliance Procedure and Compliance Breach Management Procedure, both of which are to be read in conjunction with this policy.

Top of Page

Section 2 - Overview

(3) RMIT is subject to a wide range of compliance obligations, including compliance requirements under applicable laws, regulations, standards, codes of practice, and compliance commitments made by RMIT.

(4) Compliance management involves identifying, implementing, assessing and reviewing compliance with obligations. To effectively address the pace of change in an evolving regulatory environment, compliance management is continuous and timely. This approach supports decision-making and management practices, and integrates with the RMIT risk management framework.

(5) This policy outlines:

  1. the RMIT Group approach to compliance management to promote a compliance culture that enables RMIT to achieve its strategic, operational and commercial objectives, and
  2. the responsibilities of RMIT, its staff, researchers, affiliates, contractors and volunteers in managing compliance obligations. 
Top of Page

Section 3 - Scope

(6) Throughout this policy and its associated policy resources, RMIT means the RMIT Group. The RMIT Group is defined as RMIT University and its controlled entities (e.g. RMIT Vietnam, RMIT Europe, RMIT Online and RMIT University Pathways – formerly known as RMIT Training).

(7) This policy applies to all staff, researchers, affiliates, contractors and volunteers of the RMIT Group. All members of the RMIT community are responsible for understanding and fulfilling compliance obligations.

Top of Page

Section 4 - Policy

Principles

(8) RMIT is committed to:

  1. complying with relevant legislation to operate safely and pragmatically, uphold its reputation, and avoid legal consequences
  2. effective oversight of legislative obligations through clearly defined ownership of compliance obligations
  3. a risk-informed approach to compliance management
  4. conducting regular assessments to identify controls and gaps to ensure that RMIT fulfills its legislative obligations
  5. monitoring activities to ensure adherence to policies and compliance with regulatory and legislative requirements
  6. reporting regularly to the Vice-Chancellor’s Executive Meeting and the Audit and Risk Management Committee, and providing key information on breaches, identified compliance gaps, rectification strategies and compliance attestations
  7. requiring all staff to report compliance breaches to managers and Legislative Owners
  8. providing staff with relevant compliance education training programs and ready access to breach reporting systems
  9. maintaining the Compliance Policy, which is driven by continuous improvement and awareness of compliance obligations across all operating areas and locations to ensure alignment with best practices.

(9) RMIT’s Compliance Policy is driven by continuous improvement and awareness of compliance obligations across all operating areas and locations.

(10) RMIT’s Compliance Policy is informed by governance structures and instruments including but not limited to:

  1. Royal Melbourne Institute of Technology Act 2010
  2. University statutes and regulations, such as RMIT Statute No.1
  3. Audit and general governance functions
  4. Code of Conduct
  5. Delegations of Authority Policy
  6. Risk Management Policy
  7. Corporate Social Responsibility Framework
  8. Anti-Corruption and Fraud Prevention Policy.

Responsibilities

(11) The Audit and Risk Management Committee assists the RMIT University Council in discharging its responsibilities to the RMIT Group by monitoring compliance with laws, regulations and the Code of Conduct.

(12) Members of the Vice-Chancellor's Executive:

  1. are designated as Accountable Officers, responsible for implementing the Compliance Policy within their areas of responsibility
  2. assign appropriate resources to manage compliance obligations, including appointing Legislative Owners with subject matter expertise, who have significant operational control and delegated authority
  3. provide information, advice and assurance about compliance management in their areas of accountability.

(13) The Executive Director, Governance, Legal and Strategic Operations is responsible for the Compliance Policy and its associated procedures and resources.

(14) The Central Compliance team:

  1. develops and maintains the Compliance Policy, associated procedures and resources
  2. advises and supports compliance management contacts to effectively implement controls for the management of compliance obligations
  3. provides oversight of compliance requirements with a centralised Legislative Obligations Register and provides access to tools and resources to help stakeholders understand and respond to changes in compliance requirements
  4. retains a record of identified or suspected breaches and outcomes on the RMIT Compliance Breach Register
  5. monitors and facilitates regular reporting to governance bodies and management committees, and external agencies where required.

(15) Legislative Owners and Legislative Specialists:

  1. promote a culture of compliance within their business area or function and manage implementation activities in accordance with the Compliance Policy
  2. actively monitor compliance risks and respond to identified and suspected compliance breaches in line with the Compliance Breach Management Procedure
  3. collaborate with the Central Compliance team to maintain an effective and current Compliance Policy and cooperate with requests for information.

(16) All staff and researchers remain individually accountable for their actions as members of the RMIT Group community, bound by the Code of Conduct and relevant enterprise agreements. They have a responsibility to:

  1. ensure that they are aware of the compliance obligations applicable to their role and that their actions are consistent with RMIT policies
  2. undertake mandatory compliance training
  3. report and escalate compliance concerns and suspected breaches to their manager or supervisor in line with the Compliance Breach Management Procedure.

(17) Contractors and volunteers have a responsibility to:

  1. ensure that they are aware of the compliance obligations applicable to their role at RMIT and that their actions are consistent with RMIT policies
  2. undertake compliance training as requested and conduct themselves in accordance with the specific terms of engagement.

Assurance

(18) Regular reporting on significant breaches, trends, systemic issues, and the level of compliance across the RMIT Group is provided to the RMIT University Council and Audit and Risk Management Committee. This provides reasonable assurance that:

  1. Ownership of compliance obligations is clearly defined and understood to enable effective oversight and management.
  2. Operations are grounded in an effective compliance management approach integrated with the Risk Management Framework, enabling RMIT to identify, assess, manage, monitor and report on compliance obligations.
  3. Compliance breaches are proactively identified and prompt corrective action is taken in line with the Compliance Breach Management Procedure, and potentially disciplinary action for members of the RMIT Group who breach compliance obligations.

(19) To ensure appropriate visibility, oversight and governance of compliance management, the Central Compliance team coordinates biannual reporting to VCEM and ARMC, with input from Legislative Owners and Legislative Specialists. When in-depth discussions on specific legislation are required, Legislative Owners will lead these discussions at relevant governance meetings.

(20) The Education Regulation, Compliance and Assurance (ERCA) team:

  1. provides enterprise-wide advice on all education regulatory activities related to RMIT’s registration as an Australian University and multi-sector provider, acting as the principal contact with TEQSA, the Australian Higher Education Regulator
  2. reports periodically to the Academic Board, ARMC and University Council, and other governance bodies on education and regulatory compliance matters.

(21) The Internal Audit team:

  1. undertakes internal audits with due consideration of compliance obligations that are relevant to the scope of the audits
  2. reports periodically to ARMC and at times to VCEM and other governance bodies (e.g. Academic Board), where required, on the results of internal audits performed.

Compliance

(22) The Central Compliance team monitors compliance with this policy and reports on breaches to internal governance bodies, as required, in accordance with the Compliance Breach Management Procedure.

(23) Breaches of this policy by a staff member are managed in accordance with the Code of Conduct and the Compliance Breach Management Procedure as appropriate.

Review

(24) This policy is maintained by the Central Compliance team and is reviewed every five years in accordance with the Policy Governance Framework.

(25) Periodic reviews will align with ISO 37301:2021 Intentional Standard for Compliance Management.

Top of Page

Section 5 - Procedures and Resources

(26) Compliance Procedure

(27) Compliance Breach Management Procedure

(28) Compliance Escalation Guide.

Top of Page

Section 6 - Definitions

(Note: Commonly defined terms are in the RMIT Policy Glossary. Any defined terms below are specific to this policy).
Accountable Officer A member of the VCE or a specified legislative or regulatory delegate who is accountable for resourcing and nominating Legislative Owners and Legislative Specialists.
Breach A failure to meet the clauses, principles, or requirements of legislative obligations or RMIT policies. Significant or material breaches may be reportable to an external agency or regulator. See also: Material breach.
Compliance Meeting all requirements of laws, regulations, statutes, standards and policies. 
Compliance attestation process A verification process undertaken by Accountable Officers (members of the Vice-Chancellor's Executive), where they attest to the effectiveness of internal controls and compliance or non-compliance with obligations that are relevant to their areas of operation throughout RMIT.
Compliance Breach Register A record of Breaches of RMIT’s compliance obligations. The Compliance Breach Register is managed by Central Compliance via the RMIT University Organisational Breach Reporting Form.
Compliance management The coordinated institutional approach to identifying, assessing, managing, monitoring, and reporting compliance obligations, risks and performance across the RMIT Group.
Compliance obligation Refers to any legal, regulatory, contractual or internal requirement that RMIT must adhere to. This includes obligations arising from legislation, regulations, standards, codes of practice, and internal policies that govern RMIT’s operations and activities and ensures that RMIT meets its responsibilities to staff, students, government bodies and the broader community.
Legislative Owner Legislative Owners are senior officers responsible for compliance with specific obligations and provide leadership to ensure requirements are met. They are accountable for guiding the implementation of compliance processes, systems and controls within their area, as well as implementing compliance action plans. Additionally, they are responsible for nominating legislative specialists for the Central Compliance team to liaise with, and provide the annual attestation for compliance for their area of business.
Legislative Specialist Subject-matter experts with operational knowledge of how specific legislation or Acts apply to RMIT. They support the legislative owner in implementing the Compliance Policy, provide advice about specific legislation, and are responsible for facilitating or undertaking assessments against obligations.
Material breach A severe and significant breach, in terms of scale and/or regulatory requirements, or with implications for safety and security, and/or legal requirements. See also: Breach.