Does your school need a dedicated risk or compliance manager?


Independent schools appear to be evenly split in deciding whether to have a dedicated risk or compliance manager.

In the most recent School Governance survey, in response to the question “Does your school have a dedicated risk or compliance officer?”, 53% of respondees said “No” and 47% “Yes”.

In addressing this question, it is probably wise to start out by acknowledging the fundamental differences between the corporate governance disciplines of Risk Management on the one hand and Compliance on the other.  We will also highlight common misconceptions with respect to the role of a “Risk Manager”.

Let's keep this simple:

  • Risk Management involves looking into the future, identifying events that may impact your school (either positively or negatively), assessing them in terms of the likelihood an event will occur and the potential impact of the event if it were to occur, and finally putting into place either controls or a plan to treat the risk.

Risk Management can either be managed at an enterprise (whole of school) level (Enterprise Risk Management), or the principles can be applied to specific functional areas, most commonly workplace heath and safety (WHS) and the management of a school’s duty of care to students.

Perhaps the most common misconception when discussing risk within schools, is to confuse the role of risk in managing workplace health and safety with the more expansive discipline of Enterprise Risk Management. It is therefore common for schools to confuse the role of an Enterprise Risk Manager with the role of a Workplace Health and Safety Risk Manager.

Compliance is all about a school doing what it is supposed to do.

Compliance is typically managed at three levels:

  • Legal & regulatory compliance - All non-government schools are required to comply with a complex matrix of Federal and State or Territory based laws. The most recent Western Australian Registration Guidelines, published on 10 February, provide a list of at least five new laws that non-government schools are required to comply with. The latest most significant piece of legislation to affect Australian schools was the introduction of new Privacy Laws on 12 March 2014. Refer to the CompliSpace Privacy Webinar and Whitepaper for further information.
  • Organisational compliance - Ensuring compliance with a school’s own internal policies and procedures.
  • Contractual compliance - Ensuring both the school and any other party complies with obligations contained in commercial contracts.

Whilst the disciplines of Risk Management and Compliance are quite distinct, they are also very closely integrated. In our experience, whilst Compliance can live without Risk Management (e.g. did we lodge our BAS Statement), Risk Management can not live without Compliance. The reason for this, is that the management of risk requires the monitoring of risk controls and treatment plans. This monitoring is usually undertaken through the Compliance function.

The key to answering the question as to whether your school needs a dedicated risk or compliance officer, is largely dependent upon the nature of your internal governance infrastructure and in particular, whether or not your school is utilising technology (properly!!) to manage these key disciplines.

Certainly, if you take a “throw people at the problem” approach to the management of your risk and compliance functions, depending on the size, nature and complexity of your school, you may need a full time person committed to this role. In fact, to do it properly, you may need more than one person.

On the other hand if you take the smart approach and utilise technology, both to manage your internal policies and procedures and your risk and compliance obligations, you will find that you will be able to manage your risk and compliance functions much more efficiently, with far less people committed to managing the administration of the risk and compliance processes.

If you think in pictures it looks something like this:

Share this
About the Author


CompliSpace delivers industry leading SaaS solutions for High Impact Organisations in Highly Regulated Industries to ensure they meet their GRC obligations.

Resources you may like

Changes to the Religious Exemptions Under the Equal Opportunity Act 2010 (Vic)

The Equal Opportunity (Religious Exceptions) Amendment Act 2021 (Vic) (Amendment Act) substantially...

Read More
Limitation Periods and Setting Aside Settlements for Child Sexual Abuse: Royal Commission Review

December 2022 will mark five years since the close of the Royal Commission into Institutional...

Read More
Weekly Wrap: June 23, 2022

The information in the Weekly Wrap is aggregated from other news sources to provide you with news...

Read More

Want School Governance delivered to your inbox weekly?

Sign up today!