Legal Compliance Procedure

Legal Compliance Procedure

1. The purpose of our procedure

Our procedure sets out the requirements for managing legal compliance at Adelaide University. We take a proactive approach to ensure legal compliance risks are identified and managed within our risk appetite across all areas of operation.

Please read this procedure in conjunction with the [Risk Management and Legal Compliance Policy].

2. Who our procedure applies to

Our procedure applies to all members of the Adelaide University community and its controlled entities.  

[Controlled entities must either adopt this procedure or use it as a basis to adopt a similar procedure to Adelaide University’s reasonable satisfaction, that they have an equivalent and satisfactory approach to legal compliance that is fit for purpose for the controlled entity]. 

3. Responsibilities under this procedure

3.1 Adelaide University Council (Council) and its sub-committees are required to:  

  • provide overall governance and oversight of risk management and legal compliance
  • set the risk appetite for legal compliance.  

3.2 The Executive Leadership is required to:  

  • implement Council’s [Risk Management and Legal Compliance Policy]
  • oversee day-to-day legal compliance management, ensuring appropriate controls are in place
  • report regularly to the Council and Adelaide University’s Audit and Risk Committee on legal compliance and related matters.

3.3 Managers are required to:  

  • identify legal compliance requirements specific to their areas 
  • implement strategies outlined by senior management
  • monitor legal compliance and act immediately where necessary. 

3.4 Members of the Adelaide University community are required to:  

  • maintain an appropriate level of awareness of the laws that affect their day-to-day work
  • proactively report any compliance matter in accordance with the reporting procedures outlined in this procedure.

4. Our Legal Compliance procedure

4.1 How we identify obligations

  • Adelaide University identifies all legal and regulatory compliance requirements that apply to its operations. 
  • These requirements are confirmed through collaboration between Adelaide University Compliance Owners and legal, compliance and operational teams.
  • Adelaide University maintains a comprehensive legislation directory that outlines all relevant laws and regulations, including their tier rating based on the scope of impact and the consequences to the Adelaide University of non-compliance.
  • The legislation directory is available to all staff.
  • Legislative changes are reviewed and monitored regularly to ensure new or updated laws are incorporated.

4.2 How we manage compliance, risks and controls

  • Designated Specialist Officers develop and document mitigation controls or treatments for each assigned legislation. 
  • Legal compliance training is implemented for staff, and awareness is promoted through established communication channels.
  • Changes in compliance obligations and associated risks are communicated promptly to relevant stakeholders. 
  • Business areas continuously monitor the control environment through management reviews and self-assessments.
  • A risk is raised in the Adelaide University risk register for all Tier 1, Tier 2 and Tier 3 legislation.

4.3 How we report and manage breaches

  • The Audit & Compliance team maintains a compliance breach register to record all actual, suspected or near-miss non-compliance with state and Commonwealth legislation.
  • Staff must report potential or actual compliance matters to their Local Area Head (LAH), who then notifies the Audit & Compliance team to record the matter.
  • Staff must also assess whether feedback or complaints—for example, from students, other staff, contractors, external parties or regulators—relate to compliance matters.
  • The LAH manages compliance matters and implements appropriate remedial action plans.

4.4 Our governance reporting  

  • Compliance reports are generated regularly for senior management and governance bodies, outlining the status of key compliance risks, mitigation efforts, and emerging trends.
  • An annual report is submitted to the Audit and Risk Committee, including certification outcomes, findings from other monitoring activities, and an overview of compliance matters.
  • Management certifies that legislative compliance responsibilities have been met and any instances of non-compliance have been communicated within the reporting period. 

4.5 Communicating throughout the compliance process 

  • Relevant stakeholders are informed throughout all stages of the compliance process.
  • Communications plans are developed and implemented for specific compliance obligations, as required.
  • Where guidelines exist for specific obligations, they are referred to as appropriate. 

4.6 Key compliance roles

  • Legal team: provide legal advice, review contracts, and ensure alignment with industry laws and regulations
  • Audit & Compliance team: coordinate the legal compliance policy and collaborate with stakeholders to ensure effective compliance management
  • Adelaide University Compliance Owners (UCO): ensure compliance with key legal regulations and requirements; guide development of policies, procedures, internal controls and systems for their areas of legislation 
  • Designated Specialist Officers: raise awareness of legal compliance requirements; apply specialist knowledge and an operational understanding of legislative requirements relevant to Adelaide University activities
  • Local Area Head (LAH): work with the Audit & Compliance team to identify applicable legislation; hold operational responsibility for legal compliance in their area
  • Local Compliance Officer (LCO): maintain an operational understanding of compliance requirements in their area.

4.7 Our documentation and record keeping approach

  • All activities that demonstrate legal compliance—including audits, reviews, assessments, controls and corrective actions—are documented in line with this procedure.
  • Clear records are maintained to support accountability.
  • A comprehensive compliance register is created and maintained, capturing all compliance obligations, their current status, responsible individuals and due dates for actions. 

 

4.8 Our continuous improvement strategies

  • Legal compliance policies and procedures are continually improved to respond to changes in legislation and enhance overall compliance performance.
  • Post-incident reviews are conducted following compliance breaches or legal issues to identify root causes and assess response effectiveness.
  • Lessons learned from compliance failures, incidents or audits are documented and used to update relevant policies, procedures and training materials.
  • Legal compliance procedures are regularly benchmarked against industry standards and best practices. 
  • Other opportunities to support the continuous improvement of Adelaide University’s legal compliance practices are actively explored. 

5. Definitions used in our procedure

Please refer to our Adelaide University glossary for a full list of our definitions.

Adelaide University community means a broad range of stakeholders who engage with Adelaide University and includes (but is not limited to) all students, staff, and non-staff members of Adelaide University including alumni, honorary title holders, adjuncts, visiting academics, guest lecturers, volunteers, suppliers and partners who are engaging with and contributing to the work of Adelaide University.

Controlled entity means the entities controlled by Adelaide University within the meaning of Section 50AA of the Corporations Act 2001 (Cth).  

Compliance matter means actual, suspected or near-miss non-compliance with state and commonwealth legislation.

Tier rating means the rating based on scope of impact and the consequences on the Adelaide University of non-compliance. These are assessed for each piece of relevant legislation and reflected in a Tier classification.

Adelaide University risk register means the central repository / database used to store information about Adelaide University’s risks.

6. How our procedure is governed

This procedure is categorised, approved and owned in line with the governance structure of Adelaide University and the offices and officers listed below.

Parent policy

[Risk Management and Legal Compliance Policy]

Policy category

Council

Approving authority

Transition Council/Council

Policy owner 

Deputy Vice Chancellor (Corporate)

Responsible officer

Chief Risk Officer

Effective from

1 January 2026

Review date

[3/4/5 years after date this version is approved, TBC]

Enquiries

Interim Central Policy Unit/[Central Policy Unit]

staff.policy.enquiries@adelaideuni.edu.au

Replaced documents

None

7. Legislation and other documents related to this procedure

Category  

Documents  

Associated policy 

[Risk Management and Legal Compliance Policy] 

Related policy documents  

[Risk Management Procedure] 

Referenced legislation  

Adelaide University Act 2023   
Higher Education Standards Framework (Threshold Standards) 2021

External references  

ISO 31000:2018 Risk management – Principles and Guidelines  

ISO 37301:2021 Compliance management systems – Requirements with guidance for use    

8. History of changes 

Date approved

To section/clauses

Description of change

DD Month Year

N/A

New procedure

At the time of writing, Adelaide University’s organisational structure, position titles, and committee names have not been confirmed. Square brackets [ ] indicate placeholders for these details. Brackets are also used to identify policy elements that are subject to further decision-making or confirmation. These will be updated once final decisions are mad