The University of Queensland (UQ) operates in a highly regulated environment with a wide range of compliance exposures that includes compliance obligations under Australian (Commonwealth) laws, state and territory laws, international laws, and laws in selected foreign jurisdictions, as well as requirements of professional, statutory, and regulatory bodies.
These compliance exposures are triggered by activities and interests across:
- Core educational offerings and activities (learning and teaching activity)
- Core research and innovation projects and initiatives
- Business (operational) services that support our core business
- Partnerships, collaboration, and commercial pursuits
- Community outreach and philanthropy
- Other domestic and international arrangements.
The University of Queensland’s (UQ, the University) approach to compliance management is supported by three frameworks that comprise by the UQ Governance and Management Framework (UQ GMF), Enterprise Risk Management Framework (ERMF), and Compliance Management Framework.
"The GRC Frameworks"
The UQ GMF establishes core principles and provisions for institutional governance, delegations, accountability, roles and responsibilities, and document control (including policies and procedures).
The ERMF establishes core principles and provisions for assessment and management of risk in accordance with the Risk Appetite Statement (RAS) (PDF, 102 KB).
The ECMF outlines the key principles and elements that support the effective management of UQs compliance obligations. Compliance Obligations may include;
- externally imposed obligations established through laws/legislation, regulations, codes, professional standards, and licensing/certification requirements, and
- internally imposed policy and procedures, contractual obligations that support UQs mission and strategic goals and objectives.
The intersecting GRC frameworks provide a flexible and robust platform that supports the University to meet its compliance commitment and objectives, enabled by our people, systems, and process.
Compliance management adopts a risk based approach that utilises the three lines model to support and enable the effective management of our compliance needs and exposures.