What boards should be asking about compliance and funding risk

Boards and executives of funded organisations carry oversight responsibility for compliance and funding integrity. This does not mean managing day-to-day operational detail. It does mean ensuring the organisation has clear systems, reliable information, and confidence in how obligations are being met.

The most effective boards ask practical, structured questions that give visibility without creating unnecessary burden. The questions below are designed to support informed discussion and help boards feel assured that funding and compliance risks are being managed appropriately.

Core questions boards should be asking

Workforce compliance

  • Do we have a clear, current register of staff and volunteers showing required checks, training and qualifications?
  • How do we track when clearances, visas, registrations or training need renewal?
  • Who is responsible for maintaining workforce compliance records, and how often are they reviewed?
  • Are onboarding and induction processes consistent across all programs and sites?
  • If we were asked for workforce evidence tomorrow, could we produce it quickly?

Funding and reporting

  • What reporting obligations apply to each funding stream we receive?
  • Do we have a central calendar or system tracking reporting deadlines and requirements?
  • Who signs off on reports before submission, and how is accuracy checked?
  • Are program outputs and outcomes supported by verifiable data?
  • Have there been any recent variations to funding agreements or reporting expectations?

Documentation and evidence

  • Where are key compliance and program records stored?
  • Are documents organised in a way that someone unfamiliar with the program could follow?
  • How do we ensure documents are complete, up to date and accessible when needed?
  • Is there a consistent approach to file naming, storage and retention?
  • Do we periodically test whether evidence can be located quickly?

Audit readiness

  • When was our last internal or external audit or review?
  • What were the key findings and have they been addressed?
  • Do we maintain an “audit-ready” set of core documents?
  • If a funder requested information with short notice, how prepared would we be?
  • Who coordinates audit responses and information gathering?

Risk visibility

  • What compliance or funding risks are currently on our risk register?
  • Are there any areas where documentation or processes are still being strengthened?
  • How are emerging risks identified and escalated to the board?
  • Do we receive regular, structured compliance updates?
  • Are there any known gaps we are actively working to close?

Internal oversight

  • Is there a clear internal owner for compliance oversight?
  • How often does management review compliance systems and records?
  • Do we have simple reporting to the board that highlights status and risks?
  • Are policies and procedures current and being followed in practice?
  • Do staff know where to go if they are unsure about compliance requirements?

What good answers look like

Directors do not need operational detail. They should expect to hear that:

  • Systems and registers are in place and regularly maintained
  • Responsibilities are clearly assigned
  • Documentation is organised and accessible
  • Reporting timelines are tracked and met
  • Internal reviews occur periodically
  • Any known gaps are visible and being addressed

Clear, concise answers usually indicate that processes are structured and understood. Confidence should come from consistency rather than complexity.

Warning signs boards should notice

Most compliance risks emerge gradually rather than suddenly. Boards may wish to pay attention if they hear:

  • “We’re still pulling that information together” for routine records
  • Uncertainty about who owns compliance oversight
  • Reports being prepared close to deadlines without internal review
  • Difficulty locating documents during discussions
  • Repeated delays in updating registers or policies
  • Limited visibility of compliance status between meetings

These indicators do not necessarily mean serious problems, but they can signal that systems may need strengthening or clarification.

Closing reassurance

Strong compliance systems reduce pressure on staff, support funding relationships and provide confidence to boards and executives. Oversight is most effective when it is calm, structured and focused on visibility rather than volume.

By asking practical questions and expecting clear answers, boards can feel assured that obligations are being managed and that the organisation is well placed to continue delivering funded programs with confidence.

Contact

If your organisation would benefit from greater confidence around audits, reporting, or funding compliance, we welcome an initial discussion.

Email: contact@fundingcomplianceoffice.com.au