Being truthful is one of the concepts required by retailers and other organisations who have obligations under Australian Consumer Law.  Being truthful goes alongside ‘a fair go’ for customers as well as honesty and integrity.

Australian Consumer Law prohibits the use of false and misleading statements.  There have been recent reports on a Federal Court hearing involving one of the leading retailers in Australia accused of misleading consumers in relation to the ‘freshness’ of some of their bread products with an indication that a large financial penalty is in the offing; more information (follow the link) is available on the media release on the ACCC website and also the perceived impact of the breach in terms of competitive disadvantage.

Does your organisation implement checks and balances to protect itself from compliance breaches?  Contact us for an initial chat to find out how our health check can assist your business – telephone 1300 602 880 or via our website at

Does your organisation have a social media policy that is rolled out to all employees, including those who do not have access to company computer equipment?  If not, act sooner rather than later and set the culture for your organisation as well as the employer’s stance on anti-bullying and anti-harassment requirements across all employees.  Unacceptable social media messages from one employee to another or public messages that can be construed, amongst other allegations, as defamatory, rumour mongering, vilification, may leave an organisation exposed to culpability even where the social media posts were made off the premises from a personal device.  There has recently been a successful action in Australia (believed to be the first) whereby Christine Mickle, a music teacher, successfully brought an action as a result of comments posted on Twitter that were construed as defamatory; Christine Mickle was awarded a total of $105,000 damages.

How can Compliance Essentials assist with your organisation’s suite of policies and procedures?  Please contact us for an initial discussion on 1300 602 880 or via our website

A recent case of a workplace death serves to demonstrate that high risk matters and the observance of compliance are not something to be put on the list of things to do tomorrow.

Melbourne Water has been handed down a high financial penalty (DPP v Melbourne Water Corporation, 2014)  in respect of the death of a worker (2011) at the Eastern Treatment Plant.  The employee drowned in a sewerage channel, presumed to have fallen through a dislodged grate. The company are reported to have been aware that the grates caused a potential hazard and in his summing up of the case the Judge noted that there had been previous reports concerning the grates which had gone unheeded.

Not diminishing the tragedy of death, but neither did the company pay attention to its obligations to act in accordance with health and safety legislation.  Our message is that it is never too soon to monitor risk and take corrective action at the same time taking into account compliance obligations.

Do you have a concern about risk exposure in any area of your organisation?  Contact us on 1300 602 880 or via our website au to to arrange an initial discussion.


There are indications from the ACNC of concern with regard to a shortfall in fulfilment of compliance obligations amongst organisations in the charity/not for profit sector.  Knowledge gaps can be understandable amongst Boards of Governance comprised of volunteers however  an absence of remuneration for Board members is not synonymous with lack of good governance.  Governance, risk and compliance complement each other as the foundation for not only strong management but also a strong and well-controlled agency that generates confidence in staff, stakeholders and donors in respect of performance and sustainabilty.

Compliance Essentials provides Board mentoring and guidance on governance matters including a review of organisational risk exposure.  Contact us  for an initial chat on 1300 602 880 or via our website

The systems that a business has in place could well reflect the way things have been done over time; the chance is that the systems have grown with the business and may be a bundle of information sources that, objectively, are disjointed and potentially not providing maximum efficiency.  Do your business systems provide satisfactory management reporting tools, do they assist in identifying and measuring areas of risk?

Legacy systems may be ‘comfortable’ albeit sometimes frustrating and maybe time consuming when it comes to pulling together all the information that is regularly required for Board and management purposes.  And, of course, there is the cost of change and the implementation of change to consider.  Replacing a bundle of disjointed systems with one controlled electronic solution not only has the potential to make better use of human resources it is also a way to implement specific controls, get good information to the right desk at the right time and overall improve business performance (not forgetting the bottom line) at the same time Simplifying GRC.

If your business could benefit from a more in depth view of simplifying GRC management please contact us on 1300 602 880 or via our website.

Changes to Australian privacy legislation are effective as of 12 March 2014.  Many organisations will automatically be required to adopt the 13 APP (Australian Privacy Principles) other organisations may voluntarily opt in.  More information, including the powers of the regulator, is available from the website of the Privacy Commissioner

Is your organisation ready for these changes?  Compliance Essentials can assist with compliance with privacy legislation and other compliance needs, contact us

By taking the effort to identify and manage risk an organisation is adding depth to its management techniques.  The founder of a new business takes the initial risk that they have created a sound proposition that will yield the required outcomes.  The owners of a mature business, irrespective of size, need to be aware of threats to the business and determine a way to manage identified risk exposure.

Risk management is not just about keeping workers and visitors safe from harm, although that is an essential part of the risk management framework, it is also about identifying internal and external threats to a business, implementing necessary controls, anticipating future events that may impact on a business.  In anticipating risk from future events positive risks may also be identified; good risk management will see the way that these positive risks could bring potential to the business.

Are you aware of the areas of risk exposure in your organisation?  Contact us for an initial chat

In a recent claim for unfair dismissal brought before the Fair Work Commission the case was found in the employer’s (Linfox) who it seems had clearly set out behavioural expectations in their organisational policies and procedures.

The matter hinged on the employee having a mobile phone switched on during working hours contrary to company policy.  This contravention was one of a collection of non-compliance issues attaching to the employee’s stance on company directives including the refusal to sign a document in relation to social media.

Does your organisation have robust policies and procedures in place?  Compliance Essentials can assist and with other compliance matters for your organisation.  Contact us on 1300 602 880 or via our website


Will your business be affected by imminent changes to Privacy legislation?  If so, now is the time to take action.

On 12 March 2014, significant changes to Australian privacy law come into effect. These changes will regulate how both private (generally with turnover in excess of $3m) and government organisations collect, store and use data.  To find out if these amendments will apply to your organisation check out the OAIC website.

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 to the Privacy Act 1988 extends the number of privacy principles to thirteen.. Organisations that fall within the scope of the principles (APP entities) must comply with these principles, or risk investigation from the regulator and possible penalties. Notably, Principle 8 puts the onus on applicable entities to ensure  the security of trans-border data flow – particular care needs to be taken in relation to use of cloud computing and overseas network providers. There is still time before the amendment comes into effect to ensure that any overseas provider in this respect is aware of your requirements to have in place measures that will comply with the legislation.

Privacy Principle 1 requires that APP entities have privacy processes and a clearly visible privacy policy. Does your business have these in place? Monitoring internal compliance obligations and behaviours of employees, contractors and agents is part of good risk control measures.

Further the principles make it mandatory for organisations to give the option of client-anonymity. Good practice for internet trading and other electronic data collection is to include an opt-out clause when gathering client information. Failure to maintain data integrity or to ensure that information is collected through compliant methods, may present substantial financial and reputational risks.

The obligations of the Act and the Privacy Principles are enforceable by the Australian Information Commissioner (AIC). As part of the legislative amendment, the Commissioner’s regulatory powers have been expanded with powers to investigate perceived breaches. The AIC is empowered to conduct privacy audits of any Australian government body or regulated private organisation; where serious breaches are found, the Commissioner can penalise APP entities up to $1.1 million.

Why expose your business to risk?  For assistance with your compliance and risk management functions contact Compliance Essentials today on 1300 602 880 or via our website