Regulatory Compliance
The business student turned up to class - and while waiting for the lecture to begin - thanked the professor for assisting the previous week where the definition and broad-brush risk issues were discussed.
Reiteration
The student asked the professor for an elaboration on the concept of risk in business. The professor reiterated that you cannot do anything about risk unless you first identify it and gave the example of when dealing with a business contract you must before signature first identify and eliminate as much risk as possible because it is very hard to do so later. He said that when any stakeholder becomes aware of a possible risk, it is their responsibility to report the risk to their immediate manager/supervisor/contact. He continued by saying that you should use a written risk register to list and review risks, so risks do not just exist in a manager’s head. He stressed that the risks in the register should be reviewed periodically and that it is imperative that at each Board meeting risk is always on the agenda, that is it is a - ‘standing item’.
The Importance of Categories
The professor then said it was important to be systematic and objective in managing risks and suggested that it is better if the risk register splits risks into different categories and a senior member of staff - who is familiar with that area - be made responsible. He said he wanted to focus this week on regulatory compliance.
Regulatory Compliance
Regulatory compliance is the process of complying with applicable laws, regulations, policies and procedures, standards, and other rules issued by governments. Regulators provide rules and guidelines for organisations to follow. If an organisation is adhering to these rules and guidelines and is not breaking any laws, it is ‘regulatorily compliant’.
The professor stated that his educational institute must be extremely careful with compliance and said that it is a never-ending obligation. He gave the student a few examples from his own organisation, starting with laws such as the ESOS Act, Workplace Health and Safety Act, then HESA and guidelines, TEQSA Threshold Standards, records management, accreditation standards from professional associations (here CPA Australia and others), Higher Education Information Management System deadlines.
The professor said that such compliance was very resource-hungry and time-sensitive but had to be performed in order to continue to operate.
Other Key Categories
Group Colleges Australia (GCA) has a robust risk management system, with seven sections each overseen by a senior person –
- Regulatory Compliance;
- External Market;
- Academic and Student Matters;
- Human Resources;
- Finance and Sustainability;
- Technical;
- Physical Resources.
To make confident business decisions we need to be aware of risk. It is helpful to categorise the risks in the risk register, and a senior member of staff to be responsible for each category. It is important that when any stakeholder becomes aware of a possible risk, it is their responsibility to report the risk to their immediate manager/supervisor/contact.
It is not good enough to identify and assess risk, but one must also treat it, and then later review to see how effective the treatment was. This should all be done using the risk register. To ensure that risk is properly considered, and managed, it is imperative that at each Board meeting risk is a standing item, that is it is an item that is always on the agenda.
Also see – https://www.ubss.edu.au/article/risk-in-education-and-training-a-starting-point/
Associate Professor Cyril Jankoff is Associate Dean, Scholarship at UBSS and a Member of the GCA Compliance Directorate.
