PEER CONSTRUCTIONS INTRANET

Report a compliance breach procedure

PEER Construction has implemented a Compliance Management Framework – Governing Policy. This framework outlines PEER Construction’s commitment to maintain and improve the framework and processes. PEER Construction will allocate appropriate resources to the implementation, and continuous improvement of its Compliance Management Framework.

Purpose

The purpose of this procedure is to provide direction and information for employees who are reporting a compliance breach.

Identification and notification

The required steps and actions to be followed for reporting and investigating compliance breaches, or potential breaches, are detailed below:

1. Initial identification and notification
Procedure Responsibility Timeframe

a) Employees should notify their supervisor or appropriate supervisor of the breach or potential breach.

b) If an employee feels they are unable to discuss the breach with their supervisor, they should contact the manager.

c) Breaches or potential breaches can be reported anonymously.

d) Upon receiving notification of a breach or potential breach, the supervisor should notify the manager by telephone or email.

Employee who notices the breach or potential breach / failure

Supervisor / manager

Immediately or as soon as practicable.
2. Breach containment
Procedure Responsibility Timeframe

a) The supervisor should take immediate, common sense steps to limit or contain the breach. Depending on the nature of the breach, different actions may be required e.g. stop the unauthorised practices; recover any records; suspension of employment in consultation with Human Resources; etc.

b) Do not compromise the ability to investigate the breach. Do not destroy evidence that may be valuable in determining the cause or allow corrective action to be taken.

Supervisor / manager Immediately or as soon as practicable.
3. Breach assessment and escalation
Procedure Responsibility Timeframe

a) Assess the concerns raised to substantiate if there is an obvious prima facie case that a breach has occurred.

b) Evaluate the risk level in accordance with Risk management policy. In all instances, the breach should be notified to the manager

c) For breaches that are considered significant this may require an Incident Report is completed depending on how critical the incident is.

d) For significant breaches, the manager is to be advised. Relevant members of PEER Construction will be involved as appropriate. The reporting and communication of breaches must be discussed with the manager.

Manager Immediately or as soon as practicable.
4. Investigation and reporting
Procedure Responsibility Timeframe

a) If necessary, an investigation should be undertaken. The level of investigative effort should reflect the seriousness of the breach.

b) Investigations should:
• determine the root causes.
• identify whether it was a systemic breach, an isolated incident, or a deliberate act.
• identify appropriate actions to strengthen the control environment and prevent similar breaches from occurring.
• be completed in a timely manner.

c) The investigation outcome should be reported to the manager.

d) All significant breaches should be reported to the manager. Where breaches involve alleged criminal activity, this should be referred to the appropriate law enforcement, PEER Construction or authorities for investigation.

e) Mandatory reporting requirements to Regulators and relevant external bodies should be complied with. Reporting of significant breaches will be discussed and managed by the manager. 

Manager of area where the breach occurred

Manager

 

Commence investigation immediately after the breach has been assessed and contained.
5. Implementation of corrective action
Procedure Responsibility Timeframe

Corrective and/or preventative actions will be implemented within agreed timeframes.

a) Where systemic issues are identified, an improvement plan should be developed to address policy and/or process improvement. In addition, the controls listed in the compliance register will be reassessed and strengthened.

b) The appropriate manager should monitor to ensure corrective actions are completed. 

Manager of area where the breach occurred As recommended or agreed.
6. Breach recording/register
Procedure Responsibility Timeframe

a) A central register of compliance breaches or potential breaches will be maintained in an approved and secure record keeping system, in accordance with the Privacy Act 1988 and the PEER Construction’s Information Management Framework – Governing Policy and associated procedures.

b) The register will include a record of all reported breaches/potential breaches, investigations, corrective actions undertaken, and include breaches referred for external resolution. 

Manager Continuously
Compliance monitor and review

Compliance performance should be monitored annually as part of the annual compliance process, and throughout the year. This can be done with:

  • external audits
  • self-assessment checklists
  • internal audits
  • incident report
  • complaints register.

When a non-compliance(s) is identified an email must be sent to management detailing the non-compliance(s), what legislation was breached and what actions should be taken to rectify the non-compliance(s). You must also prioritise the actions you choose in order of importance.

Fair Work Act 2009
Privacy Act 1988
Code of conduct and ethics policy
Compliance policy

Version 1.0 – Last updated 19/2/2022