The University prioritises both compliance drivers and obligations to ensure its responses (i.e. implementation of control procedures, levels of monitoring, reporting requirements and resource allocation) are proportionate to the risks faced and value-adding.
Compliance drivers will be prioritised based on two elements:
• Classification, and
• Failure/risk rating.
Classification is based on the scope and breadth of impact on the University. The levels are:
University-wide concern. Impacts on reputation and funding.
University-wide requirement. Lower impacts.
Centrally managed, local area(s) requirement.
Local area requirement, managed locally .
Compliance expected, not reportable.
All compliance obligations have a mandatory component and must be addressed. Compliance therefore uses the risk management methodology to assess the obligation, rate the failure/risk of non-compliance and to prioritise the application of its responses.