Legislative compliance policy

Version number 1.1 | Version effective 06 December 2021


Legislative compliance policy




This policy outlines the Department of Education’s (the department) approach to complying with obligations under state and federal law (legislative obligations).

Policy statement

The department is committed to complying with legislative duties and obligations. An agreed legislative compliance approach enables the department to promptly identify issues, manage risk and assure accountability. Effective legislative compliance supports good decision-making, and is driven by a compliance culture with controls across key compliance focus areas.

Legislative compliance is managed in accordance with the Legislative compliance framework (the framework) and this policy.



What this means for the department


  • Leaders at all levels demonstrate accountability and promote a culture of compliance.
  • Management is responsible for ensuring teams are aware of compliance obligations and expectations.
  • All staff understand the legislative obligations relevant to their role.
  • Documented processes manage compliance, mitigate compliance risks, and enable reporting of non-compliance.
  • All staff report non-compliance where required and reports are appropriately actioned.


  • All staff are equipped with tools, knowledge and training to understand compliance obligations and maintain a compliance focus.
  • Departmental policies, procedures and other controls are clear and enable good decision-making.
  • Reporting pathways for non-compliance are clear, accessible and understood.
  • Business areas regularly review and self-assess compliance performance to identify improvement opportunities.
  • Business areas with compliance oversight collaborate to share information and learnings for continuous improvement and detection of non-compliance.

Compliance culture

  • Leadership at all levels are committed to building awareness of legislative obligations, improving staff compliance, and encouraging reporting of non-compliance.
  • Staff at all levels demonstrate accountability, integrity and good decision-making.
  • All staff feel equipped and empowered to raise non-compliance.
  • A compliance mindset is apparent across departmental processes, activities and actions.


  • The corporate governance function of the department oversees the department’s legislative compliance framework and approach.
  • Legislative compliance focus areas are audited and controls reviewed for effectiveness.
  • Compliance data is regularly analysed to identify systemic trends and provide insights.
  • There is a commitment to continual review and refinement to strengthen practices and behaviour.


1. Legislative compliance framework and departmental approach

The department has a range of discrete processes and activities, which outline how particular legislative obligations must be managed by the department and its staff. The framework provides oversight of these processes and activities to ensure effectiveness.

A risk-based approach to legislative compliance has been adopted, which concentrates on compliance focus areas aligned to the department’s enterprise risk areas:

  • child and student protection and safety;
  • workplace health and safety;
  • information security (security of confidential and personal information); and
  • fraud and corruption.

Legislative obligations within these compliance focus areas are of significant strategic or operational importance to the department. Consequently, these obligations are prioritised to ensure the processes and controls that support them are robust and effective, and non-compliance reporting pathways are understood, documented and accessible. General legislative obligations are also documented to assist staff and business areas to understand their responsibilities more broadly. Compliance focus areas and general obligations are outlined in the legislative obligations schedule. 

The department’s legislative compliance approach is informed by the Compliance management systems – Guidelines (Australian Standard 19600:2015). The model adopted helps the department and its staff to understand their legislative obligations and when to report non-compliance. By documenting legislative obligations at a departmental level, the framework identifies key risks, assists consistency and supports business areas to improve the rigour and efficacy of controls. Regular analysis of compliance data and the control environment allows the identification of trends and issues, opportunities to build capability and ways to achieve cultural change. The model will be regularly reviewed and refined to ensure continual improvement and a system that is fit-for-purpose.

2. Legislative obligations within and outside the scope of this policy

In scope

The framework encompasses obligations within state and federal legislation. This includes:

  • administered legislation managed by the department (e.g. Education (General Provisions) Act 2006 (Qld));
  • non-administered legislation that applies to the public sector (e.g. Public Service Act 2008 (Qld)); and
  • other legislation that applies to the public sector, but also applies more broadly (e.g. Work Health and Safety Act 2011 (Qld)).

Legislative obligations that are in scope for the department’s model are:

  • mandatory obligations imposed on the department or its staff; or
  • discretionary powers which, if exercised, trigger mandatory obligations for the department or its staff.

Out of scope

Legislative obligations about the department’s role as a regulator are not in scope for the department’s legislative compliance approach, as these obligations are managed in accordance with distinct frameworks and systems. Excluded regulatory functions include:

  • regulation of the early childhood sector;
  • workplace-related inspection and regulation within Workplace Health and Safety Queensland, the Electrical Safety Office, and the Workers’ Compensation Regulator;
  • accreditation functions related to the Non State Schools Accreditation Board, home education, and registered providers of courses or exchange programs for international students.

The department’s legislative compliance approach also does not extend to non-legislative obligations or quasi-legal obligations, such as those derived from common law, contract, codes of practice, or directives. These obligations follow different processes and protocols.

Although certain obligations are out of scope, departmental employees performing those functions must still meet all obligations imposed on them in their capacity as public servants.

3. Meeting legislative obligations and reporting non-compliance

The legislative obligations schedule outlines legislation with associated obligations on the department or its staff. Staff at all levels must comply with obligations relevant to their position and duties. If a departmental policy or procedure states how legislative obligations are to be met or actioned, staff must ensure they comply, as compliance with policies and procedures is mandatory.

If staff identify actual or suspected non-compliance with legislative obligations, this must be reported where required and as soon as practicable. If an established reporting pathway exists for an obligation (e.g. iRefer), non-compliance must be reported through this pathway. If there is no established compliance pathway, or the pathway is unknown, staff should report to their principal, supervisor or manager, who must promptly action the report and mange any impacts arising from the non-compliance. The legislative obligations schedule outlines where non-compliance should be reported for compliance focus areas only.

4. Compliance processes, controls and managing non-compliance

Business areas with compliance oversight must ensure documented processes exist to enable staff and the department to meet their legislative obligations. For obligations within compliance focus areas, business areas must ensure:

  • a policy and/or procedure is in place that explains how the obligation or groups of obligations are discharged, what constitutes non-compliance, and how non-compliance is to be reported and actioned;
  • other controls are in place and are regularly reviewed and maintained for effectiveness; and
  • instances of non-compliance are reviewed to understand why it occurred and to adjust systems, processes and controls to avoid repetition.

5. Monitoring and review

To provide visibility and oversight of compliance trends, issues and opportunities for improvement across the department, Strategy and Performance Branch will request data about compliance focus areas from the relevant business area to facilitate a report on trends and issues to Strategic Governance Committees, the Audit and Risk Management Committee, and the Executive Management Board. The report will inform activities, such as risk management, policy and procedure review, and strategic and operational planning.

Strategy and Performance Branch oversees the department’s legislative compliance framework and approach. This includes:

  • maintaining the legislative obligations schedule;
  • analysing trends and issues;
  • coordinating capability self-assessment processes and conducting capability reviews and monitoring; and
  • supporting business units to strengthen their compliance processes and controls.

Internal audits will also be conducted periodically to examine the effectiveness of the compliance management framework and approach, or its components.




Compliance focus area

Legislative obligations of significant strategic or operational concern that relate to enterprise risk areas. These obligations are prioritised within the legislative compliance framework to prevent non-compliance and mitigate compliance risks. The legislative obligations schedule contains these compliance focus areas.


An existing strategy used to maintain or modify a risk. Controls may include any process, policy or practice and are an ongoing function of the business.

Corporate governance function

Staff within the Strategy and Performance Branch with coordination responsibility for the legislative compliance framework.

General obligations

Legislative obligations that impose requirements on the department, but are not prioritised within the compliance management system. The legislative obligations schedule contains these general obligations.

Legislative compliance framework

The framework sets the overarching system used by the department to understand, manage and assure its compliance with legislative obligations. It is supported by this policy, as well as various elements, such as data analysis, capability reviews, improving controls, and cultural reform.


Non-compliance involves a breach of, or failure to comply with, a legislative obligation by the department or its staff. Non-compliance can arise due to an act, or a failure to act.

Reporting pathway

The channel through which non-compliance with a legislative obligation should be reported. The legislative obligations schedule contains information about where to report non-compliance for obligations within the department’s compliance focus areas. 


Staff includes employees and contractors at all levels of the department, including the Director-General.

Strategic Governance Committees

Includes the Child and Student Protection Committee, DoE Health, Safety and Wellbeing Committee, Information Security Governance Committee, and Fraud and Corruption Control Committee.



  • Nil

Other resources

Superseded versions

Previous seven years shown. Minor version updates not included.

1.0 Legislative compliance policy

Review date

12 July 2026
Attribution CC BY