Risk and compliance - what exactly do schools have to do?


This week, we examine the role and responsibilities of proprietors, governors, principals and potentially other senior management of a school (known as Responsible Persons in NSW) in respect of ensuring efficient compliance and risk management practices.

The October update to the NSW registration guidelines attempts to raise the standard by which schools are governed, but falls just short of mandating the highest standards of governance. It does this by stating that the Responsible Persons of a school must have in place and implement policies and procedures that describe their school's:

  • legal compliance process to facilitate the school's compliance with all relevant legislation and reduce any risk of non-compliance; and
  • risk management framework or plan for developing, implementing and reviewing risk management strategies in relation to strategic direction, governance, operations and finance and the associated risk register.

When you distil the clunky wording, you find that whilst formal compliance and risk management programs are not explicitly mandated for schools, it is clear that they are required to have something in place.

This lack of clarity unfortunately extends to the registration standards for 'school systems' as outlined in the Registration Systems and Member Non-government Schools (NSW) Manual (Systems Manual) which simply states that 'systemic non-government schools are required to have policies and procedures in place for the proper governance of the school that are similar to those required for individual non-government schools'.

Despite the lack of clear wording, the new requirements are a positive move towards better governance in schools.

Who are 'Responsible Persons'?

A Responsible Person, in the context of NSW Non-government School regulation, is a statutory term that is defined in the Education Act 1990 (NSW). Each of the following is a Responsible Person:

  • the proprietor of the school (if the proprietor is a natural person);
  • each director of the proprietor of the school (if the proprietor is a corporation);
  • each member of the school's governing body; and
  • the principal of the school.

In addition, section 4.6 of the Systems Manual provides that where the approved authority of a system 'has management responsibilities for member schools 'responsible persons' are also those persons and/or bodies within that system who can direct the principal in relation to aspects of governance and management of the school'.

Because the NSW Registration Manual makes Responsible Persons accountable for the proper governance of the school, and each Responsible Person is now subject to an obligation to do 4 hours of professional development education each year, it is critical that the Responsible Persons of each school are clearly identified.

The Responsible Person concept in NSW is similar to other states, where the directors of the school's proprietor (usually its governing council members or board directors) share responsibility for governance with the executive (usually the principal, bursar, and other senior staff). NSW is, however, the only state which defines such roles in the statute.

What is a compliance program, and why do you need it?

Australia has had a Compliance Standard (AS 3806) since 1998. This standard has recently been superseded by the International Compliance Standard ISO 19600.

Both standards set out in detail the key elements that are required to be implemented by an organisation to ensure that it meets its compliance obligations. These include detailed guidance with respect to commitment of the board and top management, the formulation of a compliance policy, creation of a compliance culture as well as operational issues relating to identification of compliance obligations, monitoring and breach reporting. The ISO 19600 is based upon AS 3806 however extends key principals including:

  1. The relationship between compliance and governance, risk, audit, legal, environment and health and safety.
  2. Clear definition of the scope of the compliance management system i.e. does it include compliance with organisational policies and contractual obligations, as well as legal obligations.
  3. An improvement to the link between risk and compliance, so that compliance risks are clearly identified and effective controls implemented.
  4. The strengthening of principals of transparency and effective management reporting.
  5. The development of a healthy culture of compliance and compliance behaviours.

Non-government schools are heavily regulated. Not only do most schools need to comply with a detailed set of registration guidelines, against which they are assessed at least every 5 years, they are also subject to multiple other legal obligations, not the least being including workplace safety and privacy. These two regulatory regimes have both been recently amended with the regulators being granted 'teeth' to apply to those organisations that don't comply, thus heightening the issue of compliance for schools.

CompliSpace Director, James Field, recently commented that 'many non-government school business managers must feel that they are compliance Olympians, especially those whose schools are subject to multiple regulatory regimes such as those that apply to early childhood education, register training organisations and international students'. Mr Field emphasised that the need for schools to comply continuously with these laws is presenting an increasing challenge for school administrators.

Risk management

Risk management should not be new to schools. Student duty of care, workplace health and safety and the principles of excursion planning, for instance, all require risk assessments to be undertaken. Unfortunately however the term 'risk management' is often used very loosely to describe everyday actions taken to mitigate everyday risks.

For those schools looking to establish a robust risk management system, it is recommended that they look to the international standard - ISO 31000:2009 for guidance. This standard is highly regarded and has been adopted by a broad range of organisation is Australia and internationally. Critically, it sets out a detailed methodology that schools and other organisations can follow to establish a risk management program that works in practice.


Schools should not yet be hitting the panic button, but they should also not be complacent. When registration guidelines are updated in the future, it is likely that higher standards of guidance will be provided, and if educational regulators follow the path of their commercial counterparts (such as ASIC and the ASX), it won't be a surprise that ISO 19600 and ISO 31000 become recommended reading for all school principals and business administrators.

Finally, CompliSpace will be hosting a live Webinar ‘Raising the bar: meeting new standards in school governance’ on 27 February 2015 at 3pm Eastern Daylight Savings Time presented by David Griffiths, Managing Director CompliSpace, to explain further the new governance standards and to answer your questions on how to help you implement robust governance related structures, policies and procedures in your school. For more information and to reserve your webinar seat here click here.


Share this
About the Author


Resources you may like

Changes to the Religious Exemptions Under the Equal Opportunity Act 2010 (Vic)

The Equal Opportunity (Religious Exceptions) Amendment Act 2021 (Vic) (Amendment Act) substantially...

Read More
Limitation Periods and Setting Aside Settlements for Child Sexual Abuse: Royal Commission Review

December 2022 will mark five years since the close of the Royal Commission into Institutional...

Read More
Weekly Wrap: June 23, 2022

The information in the Weekly Wrap is aggregated from other news sources to provide you with news...

Read More

Want School Governance delivered to your inbox weekly?

Sign up today!