Compliance Plan. Contents

Transcription

1

2 Contents INTRODUCTION... 3 POLICY... 4 COMPLIANCE MANAGEMENT... 5 Compliance Governance... 5 Roles and Responsibilities... 6 Culture... 6 Compliance Framework Documentation... 7 Implementation Steps... 8 Procedures Compliance Register Training Records Management REPORTING Breach Management IMPLEMENTATION STATEGIES IMPROVEMENT PLAN VARIATION Page 2

3 INTRODUCTION Compliance is defined as an outcome of an organisation meeting its obligation. Upper Lachlan Shire Council policies and procedures to achieve compliance are designed to integrate into all of Council s operations. Compliance should not be seen as a stand-alone activity, the goal is to align with Council s overall strategic objectives. An effective compliance program will support these objectives. Compliance should, while maintaining its independence, be integrated with the Council s financial, risk, quality, environmental, Work Health and Safety management systems, and its operational requirements and procedures. An effective Council-wide compliance program will result in being able to demonstrate our commitment to compliance with relevant laws, including legislative requirements, industry codes, organisational standards and Council policies, as well as maintaining a standard of good corporate governance, strong ethics and meet community expectations. Our approach to compliance shall be shaped by our core values and accepted corporate governance, ethical and community standards. Failure to embrace the above values at all levels of the Council s operations risk exposing Council to a compliance failure. While Australian Standard AS 3806 (as amended) sets out the principles required for an effective compliance program, the implementation and management of the program will be at Council s management discretion and within available resource capacity relative to the organisation structure of Upper Lachlan Shire Council. Source: adapted from AS Page 3

4 POLICY Upper Lachlan Shire Council s Legislative Compliance Policy was adopted by Council in June This policy defines the Council s vision and objectives for compliance management in accordance with the applicable legislation and AS Compliance Programs (as amended). The Compliance Plan is developed to support the Legislative Compliance Policy and is to enable Council to do as follows:- Identifying applicable legislation, regulations and other instruments as well as compliance obligations which apply to Council s activities; Resourcing of compliance effort and the assignment of responsibilities and accountabilities for ensuring that compliance obligations are met; Provision of awareness and training for relevant staff, Councillors, and other relevant stake holders in the legislative and other compliance requirements that affect them; Establishment of compliance monitoring mechanisms; and Establishment of mechanisms for reporting non-compliance as well as compliance performance. Page 4

5 COMPLIANCE MANAGEMENT Compliance Governance Councillors General Manager Audit and Investment Committee Director F&A Director E&P Director W&O Assets and Risk Coordinator Assets and Risk Coodinator Assets and Risk Coordinator Manager F&A Manager E&P Manager of Works Indirect Reporting lines The Council s ability to conduct effective compliance management is dependent upon having an appropriate compliance management governance structure and welldefined roles and responsibilities. It is important for everyone to be aware of individual and collective compliance management responsibilities. In order for compliance to be effectively managed, it is essential to have people behaving in a way that is consistent with Council s policies. This demands that compliance management is not merely about having a welldefined process but also about facilitating the behavioural change necessary for compliance management to be embedded in all Council s activities. Page 5

6 Roles and Responsibilities The Audit and Investment Committee have the oversight of compliance in Upper Lachlan Shire Council. All Department s reviews and or breaches shall be reported to the Audit and Investment Committee by the Director of Works and Operations. The Audit and Investment Committee are to make recommendations to Upper Lachlan Shire Council and Councillors on significant change to legislative requirements effecting Council. Council s Department Directors are accountable for compliance within their Department and ensuring the Assets and Risks Coordinator has access to review the compliance processes when deemed necessary. The designated Council Compliance Officer (which is the Assets and Risks Coordinator) shall oversee compliance management tasks for the organisation, working with Managers and Directors in each Department to review and develop a continuous improvement process. The Compliance Officer is to develop and report progress of compliance and level of risk involved to the organisation of non compliance. All reports shall be validated by signature of author, and include date prepared and position title held at Council. All reports and recommendations shall be held in Council s corporate records management system TRIM. Culture Upper Lachlan Shire Council culture has developed with changes in local Government over time. The compliance management culture has been passed on via policy and procedure or just the daily practice of question and answers between employees. Each Department of Council has developed its own processes for controlling compliance, the goal of this framework is to formalise a Council wide system of compliance management. Improvements in our culture can be introduced when Departments and individuals questioning the need for change and the benefits of the change, therefore reducing irrelevant bureaucracy, not only for their Department but also the Council as a whole. Department Directors and Managers set the standard of compliance in Council operations. The introduction of a compliance management system will require evidence of how compliance is controlled. Page 6

7 Compliance Framework Documentation Compliance Management Legislation and Regulation Audit and Investment Committee Report Compliance Plan Standards,Codes Guidelines Risk Management Policy Register Procedures

8 Implementation Steps Critical steps in the development of Upper Lachlan Shire Council compliance management system:- Step 1: Identify areas of compliance By the implementation of a Compliance Register to provided a central point to record all legislative and regulative instruments, relative to Council. Standards and guidelines shall be added with improvement of the compliance management and implementation of the Compliance Register. Step 2: Allocate responsibilities The Compliance Register identifies which Council Department is impacted by the legislation and the Manager who is nominated to oversee the compliance of the legislation on behalf of Council. A consultative process is adopted to ensure the correct allocation of responsibility is applied in the Compliance Register. The Compliance Officer shall answer the following set of questions and then discuss with the relevant Departmental Manager. Questions 1. Has this legislation been correctly allocated? 2. If NO, who should report on this? 3. If YES, do you comply? YES NO 4. If NO, what is your strategy for ensuring compliance 5. If yes, what are the compliance requirements? Information need to know about this only What is the risk of non-compliance 6. How do you know if you comply? 7. Are there any other legislative requirements in your area? 8. Are there any other polices/plans that currently exists that should be referenced? 9. Are there any other policies/plans that do not exist that should be written? 10. How do you keep up to date with changes in legislations?

9 Step 3: Assess the area of compliance in terms of priority and risk Implementing of compliance management practices is a simple three (3) category system which will be used in the interim as follows:- Category A: Council wide concern and high-risk associated with noncompliance. Category B: Council wide concern and mild risk associated with noncompliance. Category C: Local level concern, low risk to Council as a whole. As continuous improvements develop in the compliance management system and Council progresses their organisational risk management systems a more defined risk matrix shall be developed, on consequence and likelihood. Step 4: Inform and educate employees All staff will participate in an overview presentation on legislative compliance management as part of Council s induction training program. Step 5: Continuous monitoring and review Reporting to the Audit and Investment Committee shall be the responsibility of the Director Works and Operations. Feedback from each Department shall be to monitor implementation and levels of compliances. Key Performance Indicators (KPI) shall be developed by each Department and adopted by the Audit and Investment Committee. The KPI s on compliance shall be communicated to the Director of Works and Operations. Suggested KPI s include:- Actions implemented; Risk level; Changes to instruments. Step 6: Improvement Page 9 Audit and Investment Committee shall oversee the improvement programme for compliance at Upper Lachlan Shire Council. Recommended areas for improvement may include assessment by audit, self review, changes implemented by individual Departmental Managers.

10 Procedures Upper Lachlan Shire Council will develop procedures setting a minimum standard to integrate and report compliance management by each Council Department. Each procedure shall have a minimum of the following sections:- Scope Definitions Responsibility Process / workflow Risk Records References Review Serious breaches in compliance shall be reported quarterly to MANEX meetings. Compliance Register The Compliance Register is setup to help with Steps 1 and 2 in identifying areas of compliance and allocating responsibility:- The aim of the register is to provide all staff with an awareness and understanding of legislations that are relevant to their functions. The aim is to be proactive in allocating accountability with regards to legislative compliance. The Compliance Register is an excel spreadsheet broken down into the following:- Name of the Act; Corresponding Regulation; The purpose of the Act; Relevance to Council with reference to specific sections; Corresponding Council policies, plans and publications, including plans that may be needed to ensure proper compliance to specific instruments; The Department impacted by the Act; The relevant Manager responsible for overseeing the compliance of the Act. Extra tab can be added to the register to include more detail on specific Acts, Regulation, Directives, Codes or Standards. Corresponding Council policies, plans and publications shall be reviewed by the responsible Manager detailing that Council is meeting its obligations. Page 10

11 Training All Training shall be recorded by the Human Resources section as per policy Staff Training Policy and Training Plan (as amended). Managers shall nominate employees for specific training as deemed necessary to meet compliance obligations. A compliance management overview presentation shall be made available to all Managers that are identified in the Compliance Register as a responsible officer. Records Management TRIM is Council corporate records management system. For Help with any record management issue contact the Records Management Coordinator. All records shall be maintained in accordance with Council s Records Management Policy (as amended). All documentation related to a determination of Council shall be filed to TRIM. All e- mails requesting information of Council shall be filed to TRIM and allocated to an assignee for processing. Each document has the function for running notes, with the ability to document changes and revisions. Compliance records shall be denoted in each procedure development for departmental process. The Compliance Register shall be held in TRIM and updated in to a new document each reporting quarter. The last file shall be finalised in TRIM to secure the information, a super copy is made to the document, change the document title to next quarter and save. The new copy will can be updated until end of the reporting quarter. Other documents that will be recorded into TRIM include, but are not limited to:- Change management requests, Compliance breach reports; Compliance management reports to Audit and Investment Committee; Recommendations from Audit and Investment Committee; Training records; and Training Matrix. Page 11

12 REPORTING Requirement for reporting shall be determined by the Audit and Investment Committee; including as follows:- Level of compliance; Recommendations; Changes to legislation or regulation and effect to Council; Compliance process issues and effect; and KPI s for compliance management. Breach Management Each Council Department shall implement a form used either as a hard copy or e- mail version for reporting breaches in compliance with any legislative, regulative, code, standard or guideline referenced in the Compliance Register. A breach may be reported by a finding in a review or audit. A reported breach shall be risk assessed for importance and consequence to Council. The Manager of each Department, in consultation with the Compliance Officer, shall recommend treatment for restoring compliance to the instrument. Breaches shall have a suggested treatment plan and/or change management request provided by the Compliance Officer. Implementation of all corrective actions shall be approved by a level of delegation to ensure negative effects are not produced in other areas or Departments. Page 12

13 IMPLEMENTATION STATEGIES No Strategy Desired Outcome 1. Engage a consultant to review compliance Document a current position requirements and Council position on compliance management in Council 2. Development of a policy on Legislative Compliance Management 3. Once policy is adopted review Legislative Compliance Policy 4. Development and presentation of Council compliance program to all stakeholders 5. Development and implementation of Council Compliance Plan 6. Have stakeholder review Compliance Register and comment of contents 7. Implement compliance management in Council Departments Commitment by Council to implementation of Compliance management Samples of complexity in approaches use to implement compliance management organisational wide Overview of training approach Adoption by Council Audit and Investment Committee What legislation and regulation Council has to comply with and who is responsible officer Allocation of responsibilities and accountabilities in each Department 8. Develop a reporting process Used to report level of implementation and compliance 9. Link organisational risk management processes Build a risk profile that include compliance risk to Council 10. Develop change management process of use in council, review risk, documents effected, legislative requirements Develop culture of questioning need for change / benefit of change, ensure consultation Page 13

14 IMPROVEMENT PLAN Upper Lachlan Shire Council has a number of improvement processes that require integrations. Each Council Department need to ask:- How will Council improve compliance process? What are the triggers identifying the need to improve? How is the recommendation to be recorded? Who is the authorising authority? Implement Integrated Planning and Reporting processes and requirements. Use information from Statewide Mutual Ltd RMAP Risk Management Action Plan and implement the Audit and Investment Committee program actions. VARIATION That Council reserves the right to vary the terms and conditions of this Plan to ensure it meets the requirements of the relevant legislation. Page 14