Report a compliance breach procedure

a) The supervisor should take immediate, common sense steps to limit or contain the breach. Depending on the nature of the breach, different actions may be required e.g. stop the unauthorised practices; recover any records; suspension of employment in consultation with Human Resources; etc.

b) Do not compromise the ability to investigate the breach. Do not destroy evidence that may be valuable in determining the cause or allow corrective action to be taken.

a) Assess the concerns raised to substantiate if there is an obvious prima facie case that a breach has occurred.

b) Evaluate the risk level in accordance with Risk management policy. In all instances, the breach should be notified to the manager

c) For breaches that are considered significant this may require an Incident Report is completed depending on how critical the incident is.

d) For significant breaches, the manager is to be advised. Relevant members of PEER Construction will be involved as appropriate. The reporting and communication of breaches must be discussed with the manager.

a) If necessary, an investigation should be undertaken. The level of investigative effort should reflect the seriousness of the breach.

b) Investigations should:
• determine the root causes.
• identify whether it was a systemic breach, an isolated incident, or a deliberate act.
• identify appropriate actions to strengthen the control environment and prevent similar breaches from occurring.
• be completed in a timely manner.

c) The investigation outcome should be reported to the manager.

d) All significant breaches should be reported to the manager. Where breaches involve alleged criminal activity, this should be referred to the appropriate law enforcement, PEER Construction or authorities for investigation.

e) Mandatory reporting requirements to Regulators and relevant external bodies should be complied with. Reporting of significant breaches will be discussed and managed by the manager. 

Manager of area where the breach occurred

Manager

Corrective and/or preventative actions will be implemented within agreed timeframes.

a) Where systemic issues are identified, an improvement plan should be developed to address policy and/or process improvement. In addition, the controls listed in the compliance register will be reassessed and strengthened.

b) The appropriate manager should monitor to ensure corrective actions are completed. 

a) A central register of compliance breaches or potential breaches will be maintained in an approved and secure record keeping system, in accordance with the Privacy Act 1988 and the PEER Construction’s Information Management Framework – Governing Policy and associated procedures.

b) The register will include a record of all reported breaches/potential breaches, investigations, corrective actions undertaken, and include breaches referred for external resolution.