INDEX
GO TO
POL00121397
POL00121397
Compliance Team Policy / Process for Performing a Branch
Document Information
Audit
Title Audit Process Manual
Category Standard
Subject Chapter 3 of Audit Process Manual - Performing a
Branch Audit
Version 3.9
Control
Author Audit Process Specialist
Owner Network Risk Manager
Purpose Outlining the preparation, on site and post audit
processes associated with the audit of accounts at
Post Office® branches as well as Compliance testing
(level one and level two tests — commencing Section
6)
Audience Compliance Team
Keywords Audit of Accounts
Privacy level In Confidence
Document Post Office Sans 14
format
Document type I Electronic (MS Word. Doc), Paper,
Review date December 2006
Expiry date Ongoing. Due for review in June 2008 (or for Horizon
NG changes)
Approval
{) ime(:
Business input I Branch Audit Lead Team
Assurance Branch Audit Lead Team
Authorised National Branch Audit Manager Feb
2004
Authorised National Branch Audit Manager Sept
2005
Authorised Network Risk Manager Dec
2006
Version control
POL00121397
POL00121397
Version 1.0 Original process 01/07/0
3
Version 2.0 Revised as a result of annual review. First I 13/01/0
new version a draft for comment 4
Version 2.1 Amendments to layout, punctuation and 14/01/0
referencing details. Some minor changes I 4
to content.
Version 2.2 Further amendments following input from 09/02/0
lead team 4
Version 2.3 Further amendments and additions 19/02/0
following input from National Audit & 4
Inspections Manager
Version 2.4 Changes to Section 10 — Franchise and 23/03/0
Multiple branches 4
Version 2.5 Changes to reflect changes to job titles, 10/06/0
discrepancy reporting, ALARM and CARM, I5
new report template, SVM’s, Paystation,
ATMs and DMBs.
Version 3.0 Revised due to introduction of Branch 12/09/0
Trading 5
Version 3.1 Revised due to change in job titles 07/11/0
5
Version 3.2 Changes to the presentation of the chapter I 21/12/0
— additional appendixes. 5
Version 3.3 Changes to update: ATMs, introduce 16/03/0
branch codes, NBSC hours, planning 5
activities, additional reports, Cats
Version 3.4 Changes to update: P32 changes & ECF 07/04/0
completion guidelines 6
Version 3.5 Changes to update: department 01/07/0
names/contact numbers & additional post 6
audit activity.
Version 3.6 Changes post ODR 25/09/0
6
Version 3.7 Revised to include Compliance Testing 30/12/0
level 2 6
NBSC audit call deleted
ECF completion revised
Change of role names
Update contact points (Appendix K)
Revised text for precautionary suspension
Version 3.8 Hyperlinks added to the index page, giving I 22/01/0
rapid access to each section and appendix; I 7
and inclusion of a hyperlink ‘Top’ after each
section to return to the index page.
2
POL00121397
POL00121397
Version 3.9
Revised to include legal requirement and
new appendix on Auditing Without Horizon
17/05/0
7
POL00121397
POL00121397
INDEX
SECTION 1 PREPARATION ACTIVITIES
Pages 4-6
SECTION 2 PERFORMING A FINANCIAL AUDIT
Pages 7-16
SECTION 3 GUIDELINES FOR COMPLETION OF THE P32
Pages 16 - 22
SECTION4 VERIFICATION OF THE REPORTED FIGURES
Page 23
SECTIONS — REPORTING OF IRREGULARITIES AND
DISCREPANCIES Pages 24-27
SECTION 6 PERFORMING A COMPLIANCE AUDIT
Pages 27 - 29
SECTION 7 CLOSE OF AUDIT MEETING
Page 30
SECTION 8 AUDIT REPORTING FOR STANDARD AUDITS
Pages 30 - 32
SECTION 9 REGULATORY COMPLIANCE REPORTING
Page 33
SECTION 10 POST AUDIT ACTIVITIES Page
33
APPENDIX A IDENTITY VERIFICATION LETTER
Page 34
APPENDIXB CROWN BRANCHES
Pages 35-36
APPENDIX C FRANCHISE AND MULTIPLE BRANCHES
Page 37
APPENDIX D OPEN PLAN AND COMBINATION FORMATS
Page 38
APPENDIXE ATMs Page
39
POL00121397
POL00121397
APPENDIX F SMOKE AND DYE PACKS Page
40
APPENDIX G ACCESS TO THE HORIZON SYSTEM
Page 41
APPENDIXH NAVIGATIONAL PATHS FOR HORIZON REPORTS
Page 42
APPENDIX J DEALING WITH DISCREPANCIES REVEALED AT
AUDIT — Page 43
APPENDIX K CONTACT POINTS & GUIDANCE NOTES
Page 44
APPENDIXL AUDITING WITHOUT HORIZON Page
44
POL00121397
POL00121397
The above sections detail the audit process to be followed at agency,
multiple, franchise branches and Crown branches.
The Network Compliance Audit Manager will allocate a lead Audit Officer as
part of the Audit Plan and Scheduling process. It is the responsibility of this
designated lead Audit Officer to fully prepare the audit, lead the audit on
site, report financial irregularities and subsequently complete the required
post audit activity, including the audit report.
SECTION 1 - PREPARATION ACTIVITIES
Top
1.1 Open the latest version of the electronic Audit of Accounts (P32). Once
opened, the P32 must be saved as the branch code, date, name of branch
and NCAM area, for example, 023323.010105 Wakefield (North) xls — this
will prevent accidental overwriting of the original P32 template and also
allows future changes to be saved, as the original is a “save only” template.
Robbery, burglary, transfer and closure audits should be saved in the same
format but should be pre-fixed with R, B, T or C respectively e.g.
R023323.010105 Wakefield (North) xis.
1.2 Check the Post Office Ltd Intranet site for branch profile details. (There
is also a link incorporated into the P32 planning sheet that can be utilised to
obtain branch data). This will provide data on the branch address and
opening times. In order to access this detail you must be connected to the
intranet. Example of available data below:
POL00121397
POL00121397
-@ a6 ee ee
inal. B]wrdone Neds wesw
capability I
site map astoffice I Legout
meet the teams
our values
mpact
for you
sales recognition
trade up
focus publications
our latest campaigns
Ref
find
ranch database
I hemes 200, [ys aucettce, I[Biop7immn Ys Audtera SLES ico
Raul GOCE M — Gxrvrmine.I seme
Please note: - If a Audit Officer arrives at a branch scheduled to be open
(info detailed on the intranet), but finds it is closed, this must be reported to
the Network Compliance Audit Manager as soon as possible. Do not alert
the Subpostmaster to the fact that you have come to do an audit, as it is
unlikely that access will be given and the surprise element of the audit will
have become compromised.
1.3 Access the Lotus Notes P32 library to examine the previous audit report
and extract all recorded control gaps. The date of the previous audit can be
obtained from the prep data and / or the branch details files. Both these
files are held on the Compliance Team Library.
1.4 Prep data files are placed on the Compliance Team Library to support
the audits included in the plan. It is the responsibility of the Audit Officer to
download and examine the prep data that relates to the audit being
planned. The weekly plan will detail what prep data is to be used fora
specific audit. It will also detail the reason for audit (e.g. the risk indicators
from the audit risk models). Extract all planning data appropriate to the
branch being audited and record the details in the appropriate section of the
planning sheet within the P32. NB. Where there is no prep data available
for a branch, information from all branch details file should be used.
POL00121397
POL00121397
1.5 Obtain the lottery cheque, rod licence serial numbers for on site
verification of stock found at audit. The prep data provides information on
the serial numbers of new stock recently sent to the branch.
1.6 Make / organise travel arrangements. In every case, the most cost
effective mode of travel and most time efficient route must be selected to
travel to the branch in accordance with the current Business Travel
Expenses (BTE) policy. Pool and hire cars should be utilised and, where
feasible scheduled by the Planning in the first instance. However, the Audit
Officer should look to make changes if necessary. Public transport and car
sharing must also be explored.
Please note: - The current BTE policy states that where public transport,
use of a pool car, lease car or a hire car is identified as the most suitable
means of travel, but you choose to use your own car, the business will only
reimburse the category 2 mileage allowance.
1.7 Audit leader to communicate meeting arrangements if more than one
Audit Officer is attending. It is also important that all Audit Officers
attending are aware of their role at the audit. Avoid meeting other Audit
Officers directly outside a branch as this could compromise the surprise
element of a visit. Also, contingency plans should be considered and
discussed at this stage to cover expected actions should problems arise.
For example, where:
e One or more of the team is late arriving
e One or more of the team does not attend (sickness, bad weather)
e The lead Audit Officer does not attend or is late
1.8 For audits commencing after 8.00am the identity card issued to Audit
Officers should be sufficient identification to gain access to a branch. The
Subpostmaster should contact the NBSC to further validate identification
before allowing entry to the secure area.
1.9 For audits commencing prior to 8.00am, a verification letter must be
prepared prior to the audit, Appendix A. This should be presented to the
Subpostmaster together with identity cards on arrival at the branch to be
audited. This should prove sufficient evidence of Audit Officers’ authenticity
to gain admittance. However, if the Subpostmaster requires further
verification the Network Compliance Audit Manager should be contacted on
the mobile number identified within the verification letter. For this reason
the Network Compliance Audit Manager must be notified in advance of the
audit and provided with the details of the Audit Officers attending and their
identity card numbers.
POL00121397
POL00121397
1.10 Complete the planning sheet within the P32. The sheet must be fully
and accurately completed. If planning is not completed prior to the audit, ‘X’
must be inserted in the appropriate box and a valid explanation recorded.
The explanation must be significant for planning not to have been
performed, (simply recording “insufficient time” or similar is not appropriate
at the planning stage).
1.11 Details of compliance tests to be undertaken are detailed in section 6
of this chapter.
1.12 Complete the CAT selection sheet within the P32. The sheet must be
fully completed including:
e Reasons for examining / not examining each compliance test. The
correct abbreviations to be used by selecting from the drop down
menu.
e Total number of all control gaps at last audit
e Summary of all control gaps at last full audit
e Initials of Audit Officer scheduled to perform the compliance test
If for any reason changes occur to your plan whilst on-site, you must detail
any changes in the appropriate column. This, also to include whether or not
a test has been aborted, extended or observations have been made that
result in a further test being carried out.
1.13 Also refer to appendixes B, C, D and E of this chapter at the
preparation stage if prep data identifies that the branch to be audited is:
Directly Managed
A franchise or multiple
Open plan or a combination store
An ATM branch
1.14 For Regulatory Compliance Visits
e Prepare electronic CAT and embedded word.doc in advance of visit
i.e. populate relevant areas with branch information.
e Prepare Compliance working paper
e Check Segmentation database and Training databases for further
branch information and confirmation of trained staff re: Reg.
Compliance & Mails Integrity
POL00121397
POL00121397
e Prior to visit ensure that you have copy of current display instructions
and all relevant Ops manuals & training workbooks relating to AML/
FS/Travel Ins/Credit Card / Mails and HomePhone
POL00121397
POL00121397
SECTION 2 —- PERFORMING A FINANCIAL AUDIT
Top
The objective of the financial audit is to determine the value of cash, stock
and vouchers on hand by completing the P32 document, and comparing
this to the system derived balance due to PO figure (using the latest
declared branch trading statement, and reports obtained from the Horizon
system).
The P32 must be completed on-site for all financial audits including
closures, robbery and burglaries, except transfers.
2.1 Gain entry to the branch to be audited. This should be done
immediately upon the Subpostmaster or staffs arrival on site. His/her
access to the counter area and the assets should be avoided without the
presence of an Audit Officer. The Subpostmaster or staff should contact
the NBSC before allowing access and this will mean that Audit Officers will
have to wait outside until their identity has been confirmed by the NBSC.
The Subpostmaster or staff should be advised that he/she should not
access cash, stock or the Horizon system until the Audit Officers have
gained access. In these circumstances, any irregularity should also be
documented and a transaction log obtained from the Horizon system, to
ensure there has been no activity on the system before the Audit Officers
were allowed access. If the Subpostmaster refuses to allow entry to the
premises, explain that the Audit Officers have the right to verify Post Office
Ltd assets and that the Subpostmaster is contractually obliged to allow the
Audit Officers access to do this.
If entry is still refused then advise that it may be necessary to involve the
police to ensure access, and contact the Network Compliance Audit
Manager for further advice and to discuss the situation.
2.2 Before the audit commences, the lead Audit Officer should make
introductions and discuss the audit process with the Subpostmaster,
ensuring that audit requirements are made clear and that the
Subpostmaster is also aware of his/her responsibilities. The discussion will
include:
e The need to identify and produce all cash, stock and vouchers at the
outset of the audit. (It is important that this is stressed to the
Subpostmaster and that the location of all cash stock and vouchers is
identifiable by the Audit Officers, especially if outside the secure
area).
e The importance of the Subpostmaster or stock holder witnessing the
check of cash
POL00121397
POL00121397
e The obtaining of Horizon reports, branch trading statements, ONCH
declarations etc. required for the audit
¢ The initial audit approach e.g. how the cash and stock will be
checked.
The estimated opening time of the branch
Facilities for Audit Officers (e.g. working area, toilets)
The secure accommodation for laptop cases, equipment, handbags
Other aspects of the audit - compliance testing, reconciliation of non-
value stock
e The close of audit meeting and the opportunity for the Subpostmaster
to comment on any findings
Please note: - This list is not meant to be definitive, the discussion may be
extended but the above should be included as a minimum.
2.3 If the audit takes place on a Thursday, following the completion of a
branch trading period, and the branch trading statement has not been fully
completed, the audit should be based on the trial balance figure ensuring
cash and stock have been declared. It is important that the branch is
balanced and rolled over into the next branch trading period and this must
be completed before the Audit Officers leave the branch. The final branch
trading statement can then be completed during the course of the audit.
The following are possible (but not exhaustive) scenarios, where it may be
found that balances are not completed on a Thursday audit following
completion of a branch-trading period:
Single stock branch
Branch should be kept closed until the stock unit is balanced and rolled
over to current branch trading period. The audit can now be commenced
but the Subpostmaster should be asked to produce the final branch trading
statement as soon as possible. Ideally the branch trading statement should
be completed before leaving the branch.
Dual stock branch (OOH — out of hours (lottery) - counter)
If the OOH stock unit has not balanced then check the counter stock whilst
the Subpostmaster balances the lottery stock. Once the lottery stock has
been balanced and rolled over allow the branch to open for business but
again the Subpostmaster should be requested to produce the final branch
trading statement as soon as possible. Ideally the branch trading statement
should be completed before leaving the branch.
Multi stock branch (without out of hours)
The branch should be kept closed until all stocks have been balanced and
rolled over. Once this has been completed, the branch can be allowed to
open for business once the Audit Officers have verified sufficient stocks and
12
POL00121397
POL00121397
the lead Audit Officer is satisfied. The Subpostmaster should be asked to
produce the final balance trading statement as soon as possible, and ideally
this should be completed before the Audit Officers leave the branch.
Multi stock branch (with OOH — out of hours)
Branch should be kept closed until all stock units, including OOH, have
been balanced and rolled over. Once sufficient stocks have been checked
and the lead Audit Officer is satisfied, the branch can be allowed to open for
business. The Subpostmaster should be asked to complete the final
balance trading statement as soon as possible and, ideally, this should be
produced before the Audit Officers leave the branch.
2.4 Checks of cash (and ideally, stock and vouchers) on hand should be
undertaken in the presence of the Subpostmaster or stockholder. The
importance of the Subpostmaster /stockholder witnessing the financial audit
must be stressed to the Subpostmaster. Where this is not possible, or the
Subpostmaster chooses not to be present, then checks must be made in
the presence of another Audit Officer. It is important that any checks are
not made in isolation. Both the Audit Officer and stockholder should
acknowledge the accuracy of the figures following the check.
Please note: - If the branch is equipped with Smoke and Dye notes, please
refer to appendix F.
POL00121397
POL00121397
Access to all cash, stock, vouchers and branch trading statements should
be restricted until they are checked and released by the audit leader.
Where there is only one Audit Officer on site conducting the audit then it is
important that the check of the cash, stock and vouchers is performed in the
presence of the Subpostmaster and this must be stressed at the outset of
the audit.
Please note: - Where a discrepancy is highlighted, the Subpostmaster
and/or another Audit Officer should verify the findings and sign the cash
and/or stock sheet to confirm that the figures to be used as part of the audit
are correct.
2.5 Establish where all Post Office® cash, vouchers and stock are held. As
previously mentioned, only cash and stock produced at the outset of the
audit must be included and access must be restricted during the financial
audit. There may be circumstances where access cannot be gained to
some value items that are to be included in the audit. The following are
examples:
e Over-locked safes
e Locked drawers or stock units
e Keys or key-holder not available
This must be reported to the Network Compliance Audit Manager as soon
as possible for further action and advice. The Network Compliance Audit
Manager will subsequently report the situation to the Contract Advisor and
Investigation Team Manager. Any actions arising from discussions should
be communicated to the lead Audit Officer as soon as possible. The value
of such items should be discounted from the audit. The discrepancy must
be fully explained in the audit report.
Please note: - In the case of an audit at franchise or multiple branches, the
nominee post/office representative should be informed as soon as possible
e.g. at the outset of the audit.
2.6 Determine if any non-standard transactions are performed at the
branch:
Bureau
ATM
SVM
Lottery
Paystation
Again, not a definitive list but any cash and stock relating to non-standard
transactions must be obtained, verified and included in the audit.
14
POL00121397
POL00121397
2.7 If necessary, display a special notice advising the external customers
that the branch is not going to open at the advertised time. The notice
should give details of the approximate time of reopening and alternative
branches that can be used. The NBSC should be telephoned and advised
2.8 Ascertain if the branch operates shared or individual stock units. If
branch operates individual stock units, ensure that access can be gained to
all the cash, stock and vouchers held within the stock units. If full access
cannot be gained, this must be reported to the Network Compliance Audit
Manager without delay.
POL00121397
POL00121397
2.9 Obtain the previous period end branch trading statement. The figures
should not be altered by the Audit Officer in any way or made illegible, as
these may need to be produced at a later date, possibly as evidence in a
court of law. With the exception of franchise / multiple branches, check with
the Subpostmaster whether any discrepancy in the previous branch trading
statement has been physically adjusted e.g. loss made good, surplus
withdrawn. Following the path ‘Desktop » (F2) Reports » (F7) Events Log
> (F2) Balancing, can carry out a check on the Horizon system to confirm
that the made good option was selected.
Please note: - the Subpostmaster is given four options when clearing the
‘local suspense’, and prior to the rolling over into the next branch trading
period:
Remove excess cash
Make Good - Cash
Make Good — Cheque
Settle Centrally - only available for a discrepancy in excess of
£150.00
In the case of franchise / multiple branches the only option will be:
e Assign to Nominee
The Horizon system will not roll over unless local suspense is clear.
Once a Subpostmaster has elected to make good a shortage by way of
either cash or a cheque, this is their declaration to say that the loss has
been made good. Failure to make good losses and submission of an
incorrect declaration should be reported under usual conditions as detailed
under section 5.
Examine the suspense account to determine if anything is being held and, if
so, whether or not it is proper to be included in the audit. The only items
that can be held in the suspense account are:
Remittance shortages
Remittance surpluses
Cash in pouches
Robbery / burglary losses awaiting clearance
Emergency suspense payments (authorised by the NBSC)
Supporting documentation should be on hand to support all entries.
Remittance shortage and surpluses must be authorised by the suspense
account team (reference number obtained), via the NBSC.
16
POL00121397
POL00121397
2.10 The following report printouts must be obtained from the Horizon
system, examined and filed with the working papers in line with the current
retention process:
e Transaction log for the day of the audit (audits commencing before
opening hours - only) - this report must be produced regardless of
whether or not you feel the Horizon terminal has been accessed prior
to audit attendance
¢ Office snapshot
e Balance snapshot for each stock unit - including where the branch
operates an individual stock unit
e Foreign currency holdings
e Outstanding summaries (to verify vouchers / cards on hand):
> Giro deposits / withdrawals
>» NS&l deposits / withdrawals
>» Personal banking deposits and withdrawals (manual
transactions)
>» Green Girocheques
» Redeemed savings stamps (POSS)
Suspense account report
Un-reconciled/outstanding transfers report — for multi stock branches
Transaction corrections outstanding
Transaction corrections processed (this will also show instances
whereby evidence has been requested — entries will be preceded with
an‘E’
e Remittance summary (ins and outs) for the trading period
e Reversal reports — RV and ER (42 days)
e User summary - obtain a list of all users and detail their full names.
This can then be checked by accessing the ‘modify user’ screen and
checking that all entries are current and in the correct format.
e Forty-two day transaction log detailing all transactions over £5000.00
— this will help when carrying out the Regulatory Requirements and
Standards CAT
Please note: - Further reports can be obtained from the Horizon system as
required e.g. branch trading statement reprints, stock adjustment reports,
event logs and further transaction logs for investigation purposes. The
above list is not exhaustive. However, this should be seen as the minimum.
For more information about how access should be obtained to the Horizon
system, please see Appendix G.
Navigational paths to assist with obtaining the above reports can be found
at Appendix H.
17
POL00121397
POL00121397
2.11 Obtain the final cash declaration for the day prior to the audit. The
declaration from the Horizon system, as well as any local record, if
maintained, should be examined, as they will assist with the verification of
the cash on hand. If the branch is unable to produce a cash declaration
then details of the last declaration can be obtained from the event log.
Please note: - The report is obtainable via the event log will give you a total
only and no denominational breakdown.
2.12 Count and record all the cash on hand, in the presence of the
stockholder or Subpostmaster (using standard audit cash input form) and
verify / compare the cash figure to that declared. Remember to count and
include lottery takings (which should be paid in daily), cash from Paystation
transactions and cash held in ATMs, SVM’s, Bureau, Smoke & Dye packs
etc.
It is essential to ensure that all lottery takings and transactions up to
the day before the audit are included in the asset verification. Such
funds could be introduced into the accounts and used to cover a cash
shortfall.
The cash counted at the audit may not agree to the branch cash
declaration, but this may be due to an error when declaring the cash, or the
cash may have been declared prior to the close of business on the previous
working day.
The cash figure detailed on the office snapshot, for single stock branches,
or the balance snapshot for those operating single stock units, can be used
as a further check. For a Thursday am audit, following the completion of a
balance trading period, there is also the possibility that the cash can be
compared to the cash figure on the completed balance trading statement.
It may not be possible to immediately check all the cash on hand at the
branch due to the bulk being secured in a main safe, which may not be due
to open until 9.30am or later. A 40-minute internal cell may also be utilised.
In these cases a decision will have to be made whether or not to allow the
branch to open before this cash has been checked and verified. If in doubt
do not allow the branch to open until all the cash on hand has been counted
and confirmed. Any errors must be investigated and identified to the
Subpostmaster who must be given the opportunity to check and agree any
discrepancies. Any significant discrepancies to be investigated by
reference to, and evaluation of, transaction / event logs obtained from the
Horizon system.
Please note: - With the introduction of flexible planning, branches are now
allowed to declare cash on hand 20-30 minutes prior to closing. The time of
18
POL00121397
POL00121397
the cash declaration must therefore be taken into account when verifying
cash found on hand.
Should the Subpostmaster present cash after the audit has commenced,
and it has been confirmed that all cash has been produced, it must be
excluded from the audit as the audit result is only based on the verification
of the financial assets presented as “on hand” at the outset of the audit.
The cash must be accepted from the Subpostmaster “without prejudice to
investigations or the current branch trading position”, a miscellaneous
receipt issued, and included in Post Office Ltd funds, but not the current
branch trading position. Details of the amount should however be included
in the measures sheet of the P32 and reported in the branch audit report in
section 3 Result of Financial Audit.
The situation must be reported to the Contracts Advisor, Investigation Team
Manager and your line manager, especially if the circumstances are
suspicious and give cause for concern. Keep a written record of all
discussions and the precise words of any admissions by the
Subpostmaster. Mark this as a “True and accurate record of events
on........ ”, and ask the Subpostmaster to sign it, if refused endorse the
statement “refused to sign”.
2.13 Count and record all the value, volume and non-value stock on hand
(standard audit stock input forms must be used). The “working” stock must
be checked first leaving the bulk/main stock to be checked at a later time.
This will allow the branch to open as soon as possible (once sufficient
“working” stock is available for use by the branch staff) provided, of course,
that the cash has been fully and accurately confirmed.
Once all the stock on hand has been counted and recorded, it must be
verified/compared to the Horizon snapshot or the last completed branch
trading statement (Thursday audit - following completion of branch trading
period). Stock on hand must be checked to ensure that it is current and
proper to be held and this should be confirmed with the NBSC, if in doubt.
Obsolete stock must be discounted from the audit, the subsequent shortage
included in the current branch trading position and explained in the audit
report.
Any errors must be investigated and identified to the Subpostmaster, who
must be given the opportunity to check and agree any discrepancies.
POL00121397
POL00121397
Please note: - for branches that operate individual stock units, ensure that
there are no outstanding transfers. Obtaining the respective report from the
Horizon system and ensuring that the transfers reconcile does this.
2.14 Count and record all cheques on hand (standard audit cash input form
to be used) and verify to Horizon snapshot or the last completed branch-
trading statement (Thursday audit - following completion of balance trading
period). Ensure that cheques are examined for validity and that any
“personal” cheques are not on hand including those belonging to staff
members.
If a personal cheque is found, and there is no evidence of a legitimate
transaction to which it relates, contact the Contract Advisor team,
Investigation Team Manager and your line manager immediately. This is
likely to result in the suspension of the Subpostmaster, so keep a written
record of all discussions and the precise wording of any admissions by the
Subpostmaster. Mark this as a “True and accurate record of events
ONL... eee ” and ask the Subpostmaster to sign it, if refused endorse the
statement “refused to sign’.
The personal cheque must be impounded, excluded from the audit result
and a “without prejudice” receipt issued.
2.15 Figures for vouchers already despatched can be obtained from the
Horizon snapshot but all vouchers on hand must be checked and reconciled
to the Horizon snapshot, or final office balance on a Thursday following the
completion of a branch trading period. When checking and listing vouchers,
a daily breakdown of “cheques to processing” and “remittances” must be
recorded for later inclusion in the P32. All the vouchers on hand must be
checked and verified irrespective of the day of the audit. Printouts of
transactions not yet cut-off, therefore still on hand, can be obtained by
accessing the report screen and selecting ‘summaries outstanding’. The
details of the printouts should tie up to vouchers on hand e.g. giro deposits
and withdrawals etc.
Please note: - It is also important that all vouchers on hand are checked for
validity, early encashment and fraud.
2.16 Count and verify foreign currency holdings and confirm to the sterling
equivalent declared on the Horizon snapshot. Verify all currencies on hand
to the bureau stock snapshot. The sterling held in the bureau stock should
be counted as part of the check of cash on hand. Any errors in foreign
currency holdings should be brought to the attention of the Subpostmaster,
who must then be given the opportunity to check and agree the
discrepancies. The errors must also be corrected in the Horizon bureau
stock at the time of the audit. Totals from currencies verified should be
20
POL00121397
POL00121397
documented for later inclusion in the P32. Upon correcting the errors, the
revised sterling equivalent figure should be used in the P32.
2.17 Count and record lottery scratchcards and reconcile to the Horizon
snapshot and local records, if held. (Sales made in the morning before the
audit may have to be taken into account, as the retail side is usually open in
advance of the Post Office® counter). Scratchcards will normally be held
on the retail counter and it may be necessary to physically count the cards
outside the counter area. In this case, care and vigilance must be
exercised at all times. Any cash held on the retail side relating to sales
should be included in the cash on hand verification. If lottery takings are
not to hand, have not been transferred over to the Post Office® counter or
are banked into a personal account, this must be reported to the Contract
Advisor, Investigation Team Manager and line manager.
2.18 Obsolete scratchcards must be discounted from the current branch
trading position and the shortage explained in the audit report. The
scratchcards on hand can be verified by reference to the lottery matrix held
on the Compliance Team Library or by telephoning the NBSC.
08456011022. The Subpostmaster to be advised that any obsolete
scratchcards must be dropped from the cash account and the resultant
shortage made good. This should be actioned at the time of the audit and
detailed in the audit report.
2.19 Obtain the following reports from the lottery terminal and the
Subpostmaster, depending on the type of branch (GVT or OLT):
On line summaries
Instant summaries
Summary Inventory
Pack status reports
Activation receipts
Verify the lottery figures from the daily summaries to the Horizon snapshot
and record, using the standard audit voucher sheet, for later use when
constructing the P32:
Weekly sales
Activations
Prizes paid
De-activations
2.20 Using the summary inventory and pack status reports, confirm and
reconcile the unactivated scratchcards. It should also be confirmed that the
21
POL00121397
POL00121397
scratchcards on sale have all been activated. The pack status reports
identify the status of the cards held:
CONFIRM - Pack is unactivated
ACTIVE - Pack is activated
2.21 Count and verify the contents of the stamp vending machine (SVM).
Please note: - Cash in the SVM should be kept to the absolute minimum;
any excess cash should be removed. The branch should maintain a SVM
quality of service record, detailing instances when the machine has been
out of service, for how long, where there have been discrepancies, and the
value of the discrepancy. It is important that the machine remains
operational at all times.
2.22 Obtain the bar code summary report from the Paystation terminal.
Count all monies accepted in respect of transactions carried out on the
terminal to ensure that they balance to the amount detailed on the report. It
is important that the summary total is entered into the Horizon system as
soon as possible after the bar code is available for scanning. If this is not
done the agent will receive repeated reminders to do so. Failure to comply
with this requirement on a regular basis will cause the Paystation to be
suspended.
Please note: - The maximum amount of Post Office® cash that can be held
on the retail side is £250.00. The total of the bar-code summary and monies
in respect of transactions should be included in the P32.
22
POL00121397
POL00121397
2.23 Examine the system to determine whether there are any outstanding
transaction corrections (TCs) and if so, ask the Subpostmaster of his / her
intentions to process the TCs. In addition to the above, a call must be
made to the Former Agent Debt Team in order to obtain information on the
current ‘debt account’ for the branch. This will include obtaining information
on any pending transaction corrections. This may also involve carrying out
some investigative work to prove the transaction correction is proper to be
raised. Details of any pending transaction corrections should be
documented on working papers and later included on the measures sheet
within the P32.
Please note: - A charge transaction correction will be detailed as ‘INV’ on
the printout whilst a credit transaction correction is detailed as ‘CRM’.
Contact: Former Agent Debt on 01246 542003, postline 5309 2003.
2.24 Should the Subpostmaster admit any fraudulent activity, he/she should
be immediately advised that the branch will be kept closed if still closed at
the time, or closed forthwith if previously allowed to open for business. The
Contracts Advisor, Investigation Team Manager and your line manager
must be contacted as soon as possible.
As with other scenarios raised in this manual, a written record of the precise
words of the admission and any other discussions must be kept. Mark this
as a “True and accurate record of events On ............... eee ” and ask the
Subpostmaster to sign it, if refused endorse the statement “refused to sign”.
Please note: - In order to maintain objectivity and independence do not
enter into any discussion with the Subpostmaster regarding the admission,
the nature of, or the problems with the fraudulent activity. The audit role is
simply to report the facts and not to make judgements; any discussions with
the Subpostmaster could prejudice later investigations.
2.25 Where the audit is the second of the day and the branch is open for
business then it will not be possible to confirm cash to a branch declaration.
All cash, stock and vouchers must be counted and recorded (using the
standard audit input forms) and confirmed to the Horizon snapshot. It may
be necessary to close the branch for a short period in order to check the
cash, stock and vouchers held at the counter. If this is necessary then a
special notice must be displayed advising customers that the branch is
going to be closed. The notice should give details of the approximate time
of opening and alternative branches.
The NBSC should be telephoned and advised that the branch is to be
temporarily closed (the NBSC should also be contacted when the branch
re-opens). As previously stated, it is important that the location of all cash,
23
POL00121397
POL00121397
stock and vouchers is confirmed as the branch may be open for business
and these items held in a variety of places. The need to produce all cash,
stock and vouchers at the outset of the audit is still important and this must
be stressed to the Subpostmaster. Determine if any non-standard
transactions are performed at the branch (lottery, SVM, bureau, ATM and
Paystation) and remember to include any cash, stock and transactions in
the audit.
24
POL00121397
POL00121397
2.26 Where a branch is currently part of the rural strategy pilot, it is a
requirement for all cash, stock and vouchers proper to the branch code to
be verified. This may involve travelling to a further site to verify these items.
The main branch is referred to as a Core branch, and the areas serviced by
the Core known as ‘Outreach’ sites. A separate stock unit at the branch will
hold all financial assets and information proper to the outreach branches;
therefore it is important that a balance snapshot for the outreach stock unit
is obtained for reference when verifying financial assets to the branch.
SECTION 3 - GUIDELINES FOR COMPLETION OF THE AUDIT OF
ACCOUNTS (P32) Top
The P32 is an Excel spreadsheet, with interlinked sheets. Once fully
completed, the current trading position of a branch is automatically
calculated (subject to other checks).
Only white cells are keyed to. Coloured cells are those with links, formulae
etc. and are protected to stop the formulae being deleted accidentally.
Several cells contain a red triangle in the top right hand corner. This
indicates that there is a guidance comment tagged to the cell, usually a
specific instruction or a reminder. To see the comment, click in the cell
containing the triangle and then hover the cursor over the cell and the
message will appear.
Several of the spreadsheets are quite lengthy so there is a red bold stripe at
certain points of each page to indicate the end of the page.
3.1 Obtain the last completed final branch trading statement and input the
following entries on to the BTS sheet:
Last Branch Trading Statement date
Cash on hand*
Cash awaiting collection*
Suspense*
Other Mop*
For Ex*
Postage Stamp*
Check that the total of these entries equals the total c’fwd figure from the
branch trading statement.
Input the volume stock holdings from the last completed final branch trading
statement onto the reconciliation sheet.
25
POL00121397
POL00121397
Input the above* figures from the office snapshot and suspense account
report obtained at the outset of the audit also onto the BTS sheet.
26
POL00121397
POL00121397
3.2 The standard audit working papers (cash sheet, stock sheets and
voucher sheet) must be fully completed in ink and signed by the completing
Audit Officer. The completed sheets should be supplied to the lead Audit
Officer as soon as possible. All the data obtained and documented, as part
of the financial audit process, can now be input to the P32 worksheet to
determine the current branch trading position.
Please note: - The entries on all working papers must be legible with any
alterations initialled by the correcting person.
Within the P32, there are several spreadsheets and documents that need to
be completed before the P32 is finalised and emailed. The information to
be input to each of the sheets/documents is as follows:
Planning This sheet is completed at the planning stage of the audit.
Details of the audit officers attending, branch and the type
of audit are recorded. It forms a checklist to ensure all
required stages of preparation have been completed.
When the date of audit is keyed in, cell B8 shows whether
the correct version is being used. This is important to
ensure that stock prices, used to construct the balance,
are correct and current.
CATs This sheet lists all compliance tests that could potentially
be carried out at audit and is completed at the planning
stage of the audit. A tick placed in column B indicates
which CAT tests are planned. The CAT sheet is also
used to record any non-compliance uncovered at the
previous audit, which is found by examining previous
audit results/P32.
The drop down box in column C lists reasons for
examining or not examining individual CAT tests at the
audit, for example, PNT means the product or service is
not transacted at the branch.
Cash, Cheques _I This sheet includes a table to record all cash
and remittances I denominations by stock unit for up to 20 individual stock
units (cells G3 to AA21). The stock unit ID is recorded in
cells H3, 13 etc. The total value for each stock unit is then
automatically added and feeds to cells C4 to C22.
The total value of each denomination of cash for the
branch, as detailed on the declaration, is then manually
keyed to cells D4 to D21 and any discrepancy is
automatically calculated in column E. Any shortage
shows in red, bold, and negative.
27
POL00121397
POL00121397
Details of all cheques on hand at the branch are keyed (to
the table in cells B32 to A048) separately for each stock
unit, recording the service for which the cheque was
accepted and the amount.
All cheques processed since the last Branch Trading
period should be recorded in the table in cells B56 to
C90. These are then checked post audit by the MI team
to ensure all have been received and processed at the
processing centre.
Details of any inward and outward cash remittances
require to be recorded. Values verified at audit by MI
require to be recorded by breakdown of amount/date.
However, rems not verified by MI must contain: pouch
numbers, date & total.
Totals of all cheques, on hand or processed, are
automatically calculated and fed to the table in cells B24
to C27.
ip -£5 This sheet is to record each denomination of definitive
stamps by stock unit, recording stock unit details in cells
C4, D4 etc. These are the only stock items that show as
a value on the Branch Trading statement, balance
snapshot etc. The total amount and value for each stamp
is calculated in columns AQ and AR, along with the total
value for each stock unit on line 40.
The miscellaneous section, at the bottom of the table, is
for recording stamps for values that are no longer issued
as stock items, such as 37p stamps. Should there be any
of these on hand the value of the stamp in decimal format
(i.e. 0.37) should be recorded in cells B35 to 39. The
total value then feeds directly to the BTS sheet to
calculate the current trading position.
Stock All stock on hand at branch, for up to 20 individual stock
units (keying stock unit ID on line three), is recorded on
this sheet. All standard stock and common philatelic
items are included, with blank cells to allow the facility to
add some less common items.
Reconciliation For each stock item transacted, details are recorded as
follows:
28
POL00121397
POL00121397
e Column C, From BTS — volume of each stock item
brought forward from the previous Branch Trading
statement
¢ Column D, Rems In — volume of each stock item
delivered since the previous Branch Trading
statement
e Column E, Rems Out — volume of each stock item
returned since the previous Branch Trading
statement
e Column F, Sold — details of all sales of each stock
item from the balance snapshot
e Columns G, H, I, J & M are completed automatically
so the total value of any stock discrepancies is
calculated for the branch. Any shortage appears in
negative, red and bold.
The total value of sales is also calculated and feeds to the
receipts & sales sheet, along with any postal order fees,
which are also calculated automatically.
Prices for standard stock and philatelic items are already
included, hidden within the spreadsheet, and are
calculated automatically. However, there is the facility for
recording non-standard items, where prices have to be
input, such as home help or bus ticket schemes. (To add
non-standard items, go to stock sheet and find the next
appropriate blank, blue cell and type in the details of the
stock item. This will then feed to the reconciliation sheet,
which matches the stock sheet line by line, e.g. cell B214
on the stock sheet would be used to add a non-standard
mini sheet. This will then also appear in cell B214 on the
reconciliation sheet.)
Where a price needs to be manually input, there is an
outlined cell against the stock item in column K.
This sheet also contains tables (line 248 onwards) for
recording details of reconciliations for motor vehicle
licence discs (MVL), Travellers Cheques, rod licences
and electricity tokens.
Foreign The sterling value of any foreign currency should be
Currency calculated manually and recorded in the appropriate cell
on the BTS sheet but this sheet records the value for
29
POL00121397
POL00121397
each unit of currency, to provide a clear audit trail. The
top section includes the more common currencies such
as Euro and American Dollar and there are blank sections
at the bottom of the page for the more unusual
currencies.
Suspense The only items that should be posted to suspense by a
Subpostmaster/officer in charge are remittance shortages
or surpluses, robbery/burglary losses; cash in pouches or
authorised suspense emergency payments. The cash in
pouches figure is a separate item on the snapshot and is
recorded manually on the BTS sheet. However, any
other suspense items are totalled and feed automatically
to the BTS sheet, to be included in the overall trading
position figure.
There is an additional table for recording any items that
are in suspense due to migration. This is a temporary
table until all these items have been cleared and will
eventually be removed.
Receipts and The value of all receipts and sales from the balance
Sales snapshot are recorded in this table. Inward remittances
are fed automatically from other sheets within the P32.
Payments The value of all sales from the balance snapshot is
recorded in this table. Outward remittances and 1p to £5
postage remittances are fed automatically from other
sheets within the P32.
Branch Trading _ I The following details are recorded from the previous
(BTS) branch trading statement to cells C4 to C9 as follows:
e Last Branch Trading Statement date
¢ Cash on hand
Cash awaiting collection (rem pouches already
made up/cash in pouches)
Suspense items
Other MOP (including cheques)
Sterling equivalent of bureau holdings
1p to £5 value postage figure
Items above are then recorded from the balance
snapshot to cells F4 to F9.
Column G (on hand) is fed automatically from other
sheets within the P32 workbook, except for foreign
currency, which needs to be keyed manually.
30
POL00121397
POL00121397
Postage labels I Input sheet for recording postage labels issued and
rejected, by user
Equipment This is where details and serial numbers of any
equipment used to undertake the audit must be recorded.
Documents This is a blank page where any relevant electronic
documents can be embedded within the P32 workbook
(e.g. audit report), along with instructions on how to do
this.
PAA Input sheet for detailing all post audit activity and actions
taken.
Measures Input sheet to be completed in full following an audit using
the latest guidelines and the comments included in the
sheet. Please note, the sheet will need to detail the
current branch trading position on the day of the audit, the
current branch trading position minus pending clearance
items as at the time of the audit, and the revised trading
position after a period of 8 weeks which will have given
time for any transaction corrections to be issued. The MI
support will; complete the latter as part of the post audit
checks.
User Summary _I Input sheet to be completed at the audit detailing all
& P356 account holders on the Horizon system. All system
users/branch staff to be detailed on sheet.
CAT tests The results of compliance tests carried out are recorded
in column B. For each test, an “X” is recorded if the test
wasn't undertaken, a “1” if no gaps in controls are
identified and a “6” if high risk.
Upon recording a 6 in column B, details of the control
gaps appear on top of the white boxes on the right hand
side. Any gaps can then be recorded by keying a number
one (equivalent of a tick) in the relevant box.
As each 1 is added, a conformance score is automatically
calculated in column C for each area tested. Line 52 then
gives an overall conformance score for the branch with
the total number of control gaps covered.
31
POL00121397
POL00121397
Please note: - The cheques to EDS (or cheques to Belfast Cash Centre for
NI branches on the remittance sheet) must be entered to the P32 by day
rather than a bulk figure. The data input to these sheets will feed to the
payments sheet and will identify the audit result.
3.3 The current branch trading position will now be identified on the branch
trading sheet (BTS) within the audit of accounts (P32) and this should be
confirmed to the expected result taking into account the following factors:
e Have any forged notes / obsolete stock been discounted?
e Has the previous cash account discrepancy been rectified?
e Have errors been found in cash, stock and vouchers?
32
POL00121397
POL00121397
Please note: - This list is not exhaustive but will reflect the circumstances
found at each individual audit. However, there is a requirement that the
Subpostmaster settles his account upon completion of the branch trading
statement. Therefore, if a declaration has been made that cash has been
added but findings are found to the contrary, this should be seen as cash
inflation and the relevant people notified.
3.4 Should the current branch trading position identify an unexpected large
discrepancy, further investigations must be made before advising the
Subpostmaster.
e Ensure that all input sheets have been totalled correctly
e Check that all amounts on input sheets have been input to the
respective Audit of
Accounts P32 spreadsheet
e Check that there are no omissions on the input sheets - compare
to snapshot
e Confirm that there have been no other input errors to the P32
e Examine the variance in stock levels from the previous branch
trading statement to identify unusual holdings. (Include the
postage breakdown in this check i.e. 1p to£5)
3.5 It is becoming increasingly apparent that, now that the ability to
suppress remittances has effectively been removed, cheques to EDS
figures are being used to conceal fraudulent activity. When performing an
audit, it is extremely important that:
e Any large amounts of cheques claimed as remitted during the
period since the last declared branch-trading statement are
examined against the levels of receipts, figures for the period and,
if necessary, verification against Horizon reports.
e Any large value cheque discovered at the time of the audit is
questioned and compared to the transaction it was claimed to
support
If there is any doubt, then contact the Network Compliance Audit Manager
at the time of the audit.
3.6 Once the current branch trading position has been confirmed, the
Subpostmaster should be informed and an explanation obtained if required.
If no explanation is offered, any discrepancy in excess of £500 must be
reported to the Contract Advisor, Investigation Team Manager and your line
manager.
33
POL00121397
POL00121397
Please note: - The branch trading position could change in the event of
pending transaction corrections being issued or transaction corrections that
later come to light.
3.7 Request that the Subpostmaster adjusts the discrepancy, or seek
proposals for its recovery in the event of a loss.
3.8 It is important that the measures and CATs test sheets are fully and
accurately completed following all audits, using the latest guidelines, with all
boxes completed. It is essential that the information recorded is accurate
and in the correct format e.g. words (correct spelling) or figures otherwise it
will not feed through to the databases utilised by the Admin support team.
The information taken from the P32s is very important and
considerable time and effort is wasted when the measures sheet is not
completed correctly.
34
POL00121397
POL00121397
SECTION 4- VERIFICATION OF REPORTED FIGURES (WHILST ON
SITE) Top
4.1 It has become increasingly clear that some details previously verified
after the audit by a separate duty could in fact be verified on site at the time
of the audit. This means more timely verification and early detection of any
fraudulent activity. The procedures are as follows:
REMITTANCES
e Whilst on site, usually once the branch has opened for business,
provide bulk totals of all inward & outward remittances despatched
to the cash centre appropriate to audit. NB. If any rems cannot be
verified, you may be required to obtain pouch numbers, amounts &
dates of remit
e Admin Support will make contacted at all audits, even where no
remittances have been received at, or despatched from the branch.
This will confirm that there have been no remittances and prevent
suppression
e Admin Support will verify details against the SAPad’s system and
contact the lead Audit Officer, at the branch, to confirm results of
the check
e If remittances are confirmed annotate the post audit activity sheet
(PAA) within the Audit of Accounts (P32) and record the pouch
numbers
e Ifa discrepancy is reported then your line manager must be
contacted immediately with the details
Please note - Ensure that any remittances on site at the branch, prepared
for despatch, are opened and checked at the audit to confirm and verify the
contents.
SUSPENSE ACCOUNTS
it
e Whilst contact the Cash R
[ i ito determine
whether cash in pouches figures are proper to be held
° Mlhilst on.site. contact the Branch Control Team on a
a GRO __to determine whether all remittance discrepancies
are proper to be held
e Inthe case of the above, if a discrepancy is reported then your line
manager must be contacted immediately with the details
35
POL00121397
POL00121397
LOTTERY CHEQUES AND ROD LICENCES
Serial numbers of lottery cheques and rod licences to be obtained from the
prep data prior to the audit and recorded on the planning sheet within the
Audit of Accounts (P32). The details to be confirmed on site at the audit by
examination of the cheques and licences on hand.
If details are confirmed then the planning sheet and the post audit activity
sheet are to be completed to confirm accuracy of the check. Ifa
discrepancy is noted then post audit activity and planning sheets are to be
marked as unconfirmed and your line manager contacted.
36
POL00121397
POL00121397
SECTION 5 — REPORTING IRREGULARITIES AND DISCREPANCIES
Top
5.1 It may be necessary to contact Contract Advisor, Investigation Team
Manager and your NCAM to report findings, errors, discrepancies or
admissions. This should be done at the earliest opportunity. This will allow
discussions to take place and a decision be made whilst the lead Audit
Officer is still on site at the branch and will ensure that the matter is dealt
with quickly and efficiently. Contact should be made via mobile phone, as
this will ensure confidentiality (use Mobex number). The use of the
Subpostmaster’s telephone should be avoided.
5.2 The line manager must be contacted in the following circumstances,
where:
e There is an unexplained discrepancy in excess of £500 (including
outstanding debt as well as trading position found during asset
verification)
There are any irregular or suspicious circumstances
There is an irregular personal cheque on hand
Credit sales are operated
There is an admission of misuse of Post Office Ltd funds or
fraudulent activity
The Subpostmaster refuses to allow access to the premises
e Cash on hand has been inflated or an amount of cash is produced
after the audit has commenced
e Lottery takings are not to hand but banked in personal account
e Transaction corrections have not been actioned to the expected
timescales
e There are discrepancies found in on-site verifications (remittances,
suspense accounts etc.)
e The Subpostmaster has declared that the previous periods
discrepancy has been made good, however findings are to the
contrary
e Ifthe lead Audit Officer has any other concerns or is unsure
e The Subpostmaster cannot make good an audit shortage and is
unable, or unwilling, to put forward proposals
This list is not meant to be exhaustive as there will always be
circumstances that arise that won’t be covered by any list no matter how
long. Regardless of the circumstances, if there is any doubt or concerns,
contact the line manager.
5.3 When contacting the Network Compliance Audit Manager, the following
information may be required for onward cascade:
37
Date of the incident
Time of the incident
The name of the branch
The address of the branch
Postcode
The branch code
Telephone number of the branch
Subpostmasters name
If run by a national multiple - which one
38
POL00121397
POL00121397
POL00121397
POL00121397
Audit leader
Name of Audit Officer revealing findings
The risk type (audit code)
Audit risk priority
Amount of the discrepancy (current branch trading position)
Amounts that make up the suspense account
How the discrepancy was discovered
Name of the contacts and service manager dealing
Name of person dealing in the absence of the contracts and
service manager
Name of the Investigation Team Manager dealing
e Name of person dealing in the absence of the Investigation Team
Manager
e Details of the decision taken by the C&SM (suspension / not
suspension)
Other action taken if not suspended
Location of the assets
Details of the interim (are they related?)
If a shortage, was it made good and how?
5.4 Once a call is received to report a discrepancy or irregularity from the
Audit Officer on site the NCAM will take the following action:
Where the amount is greater than £25K, the Network Compliance
Audit Manager will relay the relevant details to the Head of
Compliance
5.5 Precautionary suspensions
The responsibility for making the decision to suspend is with the
Contracts Advisors or their representative
If the Contracts Advisor is not on site, the responsibility to
communicate the decision to precautionary suspend is with the lead
Auditor Officer
The lead auditor should discuss the way ahead with the Contracts
Advisor i.e. Closure of the branch, transfer etc. and deal with
arranging transport (if required) or the transfer to a new
Subpostmaster
There may be occasions when the Contracts Advisor is on site and
can relay the message to the Subpostmaster. This will be the
exceptional and not expected.
39
POL00121397
POL00121397
5.6 The responsibility for completion of an “Event Capture Form” is with the
lead audit officer.
e The ECF should be completed for all discrepancies over £1000 and
within 48 hours of the audit. If these timescale cannot be met, the
NCAM should be informed so alternative arrangements can be made
for the completion of the ECF.
e The file should be saved as follows:
ECF.BranchCode.Six digitdate.AnytownPO.TeamName. xis for
example
ECF.123456.151206.Birmingham.West.xls.
e The completed ECF should be e-mailed to Investigation Team Post
Office Ltd mailbox, Network Compliance Audit Manager, Compliance
Risk Modeling Manager (Glyn Burrows), Compliance Risk Reporting
Mgr (John Jenkinson), Contracts Advisor and the Investigation Team
leader.
e Incases where the discrepancy exceeds £25K, the Head of
Compliance (Keith Woollard) must also be copied in.
e When completing the form, it is imperative that the following
information is recorded:
Date of the incident
Time of the incident
The name of the branch
The address of the branch
Postcode
The branch code
Telephone number of the branch
Subpostmasters name
If run by a national multiple — which one
Audit leader
Name of Audit Officer revealing findings
The risk type (audit code)
Audit risk priority
Amount of the discrepancy (current branch trading position)
Amounts that make up the suspense account
How the discrepancy was discovered
Name of the contacts and service manager dealing
40
POL00121397
POL00121397
¢ Name of person dealing in the absence of the contracts and
service manager
e Name of the Investigation Team Manager dealing
e Name of person dealing in the absence of the Investigation Team
Manager
e Details of the decision taken by the C&SM (suspension / not
suspension)
Other action taken if not suspended
Location of the assets
Details of the interim (are they related?)
If a shortage, was it made good and how?
DO NOT APOLOGISE NOR ENTER INTO DISCUSSION AS TO WHY A
SUSPENSION HAS BEEN AFFECTED - REFER THE SUBPOSTMASTER
TO THE CONTRACT ADVISOR.
41
POL00121397
POL00121397
5.6 Should the Subpostmaster be suspended, there is a possibility that the
branch will remain closed and the assets defunded (please refer to the
Closure chapter of the Audit Process Manual for details about the defund of
a branch). In this case, a special notice to this effect should be displayed
and NBSC should be contacted to advise them of the situation. If the
branch is to remain closed, the door and safe keys will need to be secured
once the Audit Officers have left the branch.
In all cases, the Contract Advisor (or a team member) should be requested
to attend the branch before the Audit Officers leave, to take responsibility
for the alarms and keys. If this is not possible, as a last resort, the alarms
will be changed and set and the keys taken away by the lead Audit Officer.
This will, however, merely be a temporary measure and the keys and alarm
codes should be transferred to the Contracts Advisors at the earliest
opportunity. This arrangement should be discussed and organised prior to
the lead Audit Officer leaving the branch.
Appendix J should be used a quick reference guide for dealing with
discrepancies.
5.7 In cases involving suspension, the lead auditor should obtain up to six
periods worth of branch trading statements, and keep them with the other
audit papers for retention at the central archive in Chesterfield. This will
assist the Legal Services team, should the case go to court.
Ideally originals should be obtained, but copies (where such facilities exist)
are acceptable. Should there be no statements available, a reprint of the
last completed statement may be obtained from the Horizon system.
If the SPMR objects to the removal, it should be pointed out that the
paperwork is the property of Post Office Ltd, and if necessary a
miscellaneous receipt may be issued.
SECTION 6- PERFORMING A COMPLIANCE AUDIT
Top
Internal control relates to the whole system of controls and co-ordinated
measures designed to safeguard the assets and to maintain accurate and
reliable records. The importance of internal control to the Audit Officer
arises from the need to be certain that information produced is soundly
based and possibilities of deliberate or accidental errors are reduced.
Internal audit’s primary function is therefore to appraise the effectiveness of
internal control by confirming compliance with documented Business
process and procedures.
42
POL00121397
POL00121397
6.1 The concept of compliance auditing is based on the assumption that the
laid down mandatory business procedures or regulatory controls are in
operation. Compliance audit tests (CATs) are designed to test that controls
are operating as intended, by checking evidence of adherence to the
approved systems.
6.2 The Audit Officer's role in compliance auditing is to undertake sufficient
testing to be able to confirm, with reasonable assurance that controls that
should be present in a system are being deployed.
6.3 The scope of all standard audits (unless notified otherwise) is as
follows: -
A financial audit
Core compliance tests (at agency branches only)
Verification of ACC declarations (at Crown branches only)
Confirmation that actions from the previous audit report have been
attended to
The core compliance tests are as follows: -
Regulatory Requirements
Financial Controls
Information Security
Procedural Security (Top 10, 20 or 30 — Branch Details refers)
CAT on the month - as notified in Network Risk and Process
update
6.4 Performing the test - CATs should be undertaken in accordance with
the detailed instructions provided for each question. Where a ‘No’ answer
is given, the Audit Officer should discuss the matter with the Subpostmaster
to establish whether or not there are any extenuating circumstances
contributing to non-compliance with the laid down procedure.
6.5 The record and results of each test should be documented on the
standard CAT working paper. Details and results of each test performed
should be recorded against the appropriate question reference number
under the conclusion. The test record should identify the population from
which the sample has been selected together with the level and period of
the sample.
6.6 The Audit Officer completing the working paper CAT should print and
sign their name in the box provided at the top of the paper. The lead Audit
Officer must also sign the CAT and note the comments and
recommendations on his/her report.
43
POL00121397
POL00121397
6.7 Extended tests - In normal circumstances, CATs based on the
suggested minimum sampling levels will provide sufficient evidence upon
which to base conclusions. The level of sampling may be extended in
certain circumstances and at the Audit Officer’s discretion, depending on
the significance of findings and materiality of control gaps identified.
Sufficient evidence should always be obtained to enable appropriate action
to be taken to close the control gaps. If weaknesses are revealed in a small
sample (e.g. one or two week’s records) examine a further period to
establish the extent of any concern.
6.8 Where the test sample reveals no transactions have been completed
e.g. Travel Insurance or Foreign Exchange, either the sample period should
be extended to cover a sales period or the test should be simulated (i.e. ask
the auditee how they would account for it or what forms they would use
etc.)
6.9 Audit observation - If a compliance test is not selected at the planning
stage and a gap in control is revealed while on audit (e.g. stock
management - obsolete stock on hand) the CAT sheet within the Audit of
Accounts (P32) should detail the areas examined and that is was
completed ‘due to audit observation’. The planning sheet should not be
amended.
6.10 Aborted tests - If tests are aborted (e.g. due to robbery/burglary,
prolonged time on the financial audit, suspension of agent or lack of
time), column ‘H’ on the CAT sheet within the Audit of Accounts (P32)
should detail the reason for not performing the test. The remainder of the
planning should not be changed.
6.11 Conclusions - A summary and evaluation of findings for each area
reviewed should be included on the CAT under ‘conclusions’: -
e Detail control gaps and strengths found;
e Evaluate the significance on non compliance with key controls;
outline corrective action required
6.12 OVERVIEW OF REGULATORY COMPLIANCE TESTING (Level
Two)
44
POL00121397
POL00121397
e Arrive unannounced at branch during opening hours
e Explain nature of visit to Manager/OIC
e Conduct compliance testing with Manager/OIC and as many staff as
practicably possible
Please note: - The most up to date compliance tests, that should be used
on audit, are available on the Compliance Team Lotus Notes Library, both
level one and level two tests.
45
POL00121397
POL00121397
SECTION 7 —- CLOSE OF AUDIT MEETING
Top
7.1 Once the financial audit and compliance tests have been completed, the
audit findings will need to be discussed with the Subpostmaster. The
following guidelines should be followed:
e The closing meeting should already have been discussed and
planned with the Subpostmaster as part of the opening meeting at
the outset of the audit
e The meeting should be conducted in private whenever possible as
some of the points for discussion may be sensitive
e The lead Audit Officer should be familiar with all the findings of
each test completed
e When talking through the findings it is important to discuss them in
a balanced way and be able to qualify exactly what is meant. The
reason for any actions should be made clear. The consequences
and impact of not complying should be communicated; however
“because it is in the rules” is not an acceptable explanation. It is
useful to point out where the correct procedure is documented and
the importance of adherence to it
e The lead Audit Officer should look to influence the Subpostmaster
whenever possible — including providing a copy of an action plan
so that the Subpostmaster knows what to expect, in addition to
selling the benefits of conformance and the impacts of non-
conformance
e All the Subpostmaster’s comments or requests should be
documented and incorporated into the management summary
section of the branch audit report
e Allow the Subpostmaster time for questions
e Following the closing meeting a customer satisfaction feedback
form should be left with the Subpostmaster at the branch — again
try to influence the Subpostmaster to complete the form and outline
the benefits to him/her e.g. possible improvements to auditing etc.
SECTION 8 — AUDIT REPORTING FOR STANDARD AUDITS
Top
8.1 Following an audit, the separate ‘stand alone’ audit report must be
completed. To note there are a number of audit report templates as follows:
e Report A - Should be used for all routine audits of agency branches
(Standard Audit)
46
POL00121397
POL00121397
Report B - Should be used for all routine audits of Crown branches
(Standard Audit)
Report C - Should be used for Compliance Only audits, where Bank
of Ireland UKFS are present
Report D - Should be used when a decision has been taken to
suspend the Subpostmaster from their role
8.2 Once the audit has been completed it is important that a clear,
concise and objective report of findings is written and communicated to
all appropriate recipients. The report template should be completed as
follows:
Open the latest audit report template and save in the same format as
the relevant P32. Details should include the Branch code; date and
branch name e.g. 023323.010105 Wakefield.xis it should also have
the correct NCAM area and branch type details added, e.g.
023323.010105.Wakefield (Community North)(North).
Enter the following details to the front sheet of the report:
To whom report is addressed & job title (drop down selection)
From whom report is being sent & job title (drop down selection)
Details of who the report is being copied (drop down selection)
Date of issue of the report (correct format being 01 January 2006)
Post Office name & Branch code
Date of visit (correct format being ‘day’ 01 January 2006)
Who the actions were agreed with
Name and contact details of your line manager
The control gaps found at the audit should be reported to the action plan at
Appendix A and B in the audit report. It is also important to detail, within the
management summary section, all the areas covered as part of the audit,
and where non-conformance was identified.
8.3 The management summary should be completed, in full paragraphs,
detailing the following:
The result of the financial audit — current branch trading position and
any known differences (e.g. outstanding debt not yet collected,
transaction corrections not yet processed)
The areas tested
The areas where there is conformance e.g. controls deployed
A sentence to indicate which gaps have not been actioned since the
last visit, and how they can be identified e.g. actions highlighted in
47
POL00121397
POL00121397
bold within the action plan are those that have been reported
previously however no action taken.
e Any other info that is critical to the report e.g. failure to comply with
regulatory requirements (Anti-Money Laundering and Financial
Services), poor security of financial assets (including value of funds at
risk etc), generic use of the Horizon system etc.
e Any failings not covered by compliance testing, such as lottery
transactions not being accounted for daily.
e In addition it should be used to balance the report and identify any
good working
e There is no requirement to mention previous gaps that have now
been actioned
e The report reflects the discussions held with the Subpostmaster at the
close of audit meeting and does not raise any new or unexpected
recommendation
When completed the report must be subject to a check of both the
spelling and punctuation.
8.4 The current branch trading position (full breakdown) and any other
details relating to the financial audit must be outlined in the section named
‘result of financial audit’. Suspense account details and the situation
regarding the audit discrepancy must also be reported e.g. proposals to
make good losses etc.
8.5 Section 4 should be completed detailing the branch name, Branch code
and date the audit was carried out.
8.6 The Action Plan should be completed ensuring that:
e The branch name and Branch code are entered
e Headings for areas tested input
¢ All relevant control gaps included in the action plan — this should
be done by highlighting the required control gap from within the
excel actions template and copying to the action plan
e No alterations are made to the standardised control gaps/actions
e Page breaks are inserted to align the actions within the table
Please note: - The actions should be listed on two appendices. Appendix
A is to list non-compliance to CAT 11 (regulatory matters). All other areas of
non-conformance should be listed on Appendix B.
8.7 Upon completion save the report and e-mail with the P32 to P32file
lotus notes address.
48
POL00121397
POL00121397
8.8 Reports completed in respect of audits carried out at the National
Multiple companies should bi iled to the nominee and the multiples e-
mail address: multiples ~ j
PLEASE NOTE; THE REPORT IS AN IMPORTANT OUTPUT OF AN
AUDIT AND AS SUCH IT IS VITALLY IMPORTANT THAT IT IS WELL
WRITTEN, BALANCED AND CLEARLY DOCUMENTS THE AUDIT
FINDINGS.
8.9 There is an extra report template within the P32. This should be used in
cases where: -
e There is extra information, not detailed in the normal report that
might be useful to other parties e.g. Contracts Advisor,
Investigation Team Manager etc.
e The audit is a concern of the Contracts Advisor or is an
investigation team request
This report once completed should be detached and saved to the C drive
and subsequently emailed to the appropriate recipients — IT SHOULD NOT
BE SENT TO THE SUBPOSTMASTER.
Please note: - Whatever the audit type there should always be a completed
report included with the P32, even in cases where the Subpostmaster is
suspended e.g. report to the Subpostmaster detailing findings at the
branch, and the additional report to the Contracts Advisor and Investigation
Team Manager.
Timescales for reports
All audit reports (standard and extra reports) should be completed, at a
minimum, within five working days of the activity having taken place.
However, every effort should be made to produce an extra report at the
earliest opportunity (before the five days) to contract advisors. All extra
reports must be sent by e-mail to the respective area office, and copied to
the Investigation Team Manager.
8.10 The audit report contains a compliance certificate statement. This is
completed by the Subpostmaster and returned to Admin Support within 14
days. Upon receipt, the details annotated on the certificate should be input
to adatabase. Where there are exceptions, these are escalated to the
Network Compliance Audit Manager who contacts the branch direct to
discuss the report and point out the impact of non-conformance. A copy of
the exceptions should be sent to the Outlet Intervention Team for the
attention of the respective audit officer.
49
POL00121397
POL00121397
Admin Support is responsible for chasing up any non-returns of compliance
certificates. In the event of no response after a reminder, the failure should
be sent to the relevant area office.
SECTION 9 —-REGULATORY COMPLIANCE REPORTING
Top
e For Regulatory Compliance Testing the embedded report template
(included in the excel sheet) should be used
¢ Crown offices receive report via e mail and also have a
acknowledgement doc. attached - this must be sent back to POL
Compliance mailbox within 3 weeks
e All other branches have hardcopy of report issued by admin support
e Allreports are sent to POL Compliance e mail address for admin/MI
collation etc
e Reports are also copied to BDMs, Outlet Intervention teams for
reference and follow up activity as required.
SECTION 10 -POST AUDIT ACTIVITIES
Top
9.1 Following the audit, the lead Audit Officer should complete the following
activities:
e Ensure the P32 is fully completed including all documents and
sheets (working papers) NB: planning sheet must be re-visited to
record number of gaps from the last audit still outstanding & any
changes to the plan
e Ensure an audit report or reports are fully completed
e Ensure the measures and conformance sheets, in particular, are
fully and properly completed
e¢ Complete the post audit activity sheet
e Save and password protect the P32 and the audit report in the
correct format e.g. 023323.010105 Wakefield (North).xls
e Save and password protect a copy of the extra report to the C drive
e E-mail the P32 and the audit report in a zip file e.g. 023323.010105
Wakefield (North) to e-mail address: P32 File, requesting a return
receipt, which must be retained for sixty days. This provides
confirmation that the P32 has been received. If you wish, the audit
report can be embedded within the Audit of Accounts (P32)
e Email a copy of the audit report to the area intervention office, FAO
the Contracts Advisors. For franchise and multiple branches a
50
POL00121397
POL00121397
report should go direct to the nominee or representative
responsible for Post Office® operations by email
e Email a copy of the extra report to the Contract Advisor,
Investigation Team Manager, your line manager and the Network
Compliance Audit Manager. In cases where a discrepancy
exceeds £25k copy in the Head of Compliance. In cases of
discrepancies exceeding £5k and the amount has been posted to
late account, then the Agent Debt team are required to be copied
in.
e Admin support will verify the cheques to PC values
51
POL00121397
POL00121397
APPENDIX A
www.postoffice.co.uk
Mr A Postmaster
Subpostmaster
1234 East Road
CHESTERFIELD
S49 1PF
31/10/2002
Dear Mr/Mrs Subpostmaster
BRANCH NAME BRANCH CODE
This letter is to confirm that this Post Office® branch is to be audited today.
The following Audit Officers will be attending this Post Office® branch:
NAME OF AUDIT OFFICER PASSCARD NUMBER
All Audit Officers will have an official Post Office Ltd pass card with a
photograph on. Itis imperative that these are thoroughly checked before
admittance is allowed.
If you are still in any doubt about the authenticity of the Audit Officers, you
POL00121397
POL00121397
Keith Woollard
Head of Compliance
Post Office Ltd
Finance
53
POL00121397
POL00121397
CROWN BRANCHES APPENDIX B
Top
The resource levels for an audit of a directly managed branch are outlined
in Chapter 2, Audit Plan and Scheduling, within the Audit Process Manual.
The comments in this section assume a routine audit with the minimum
level of staff attending and do not include activities for special follow up
visits prompted by the submission of the annual certificate of compliance.
This is contained in Chapter 8, Annual Certificate of Compliance (ACC).
The purpose of routine audits of Crown branches is to provide assurance
those assets, declared in the branch trading statement, are in existence. It
is not the purpose to reconcile every item of cash or stock or to find
corresponding discrepancies for the staff, particularly if the audit is ona
Thursday, following completion of the branch trading statement. Given that
it is not possible (or cost effective) to verify every penny at the branch,
without disrupting counter operations, the focus of the audit is on high value
items. With this in mind, the following approach to the selection of stocks to
be audited should be followed:
Cash held in ATMs (see note 1)
Main cash (see note 2)
Any individual stock declaring more than £25k in cash (see note 3)
Any individual stock with abnormal levels of stock declared (see
note 3)
e Any stock held solely by the branch manager. For the integrity of
the audit, it is best to ask a back office duty to confirm whether or
not the BM holds a stock rather rely on the BM’s own declaration.
(See note 3)
Note 1: ATMs that are accessible from with a public area are a priority for
checking while the branch is closed. If this is not possible, as a minimum,
obtain the ATM readings and assess the reasonableness of holdings —
compared to previous holdings and average ATM withdrawals. If there are
any concerns, the lead Audit Officer will need to make a judgment as to
whether to keep the branch closed (while the ATM is counted) or to return
(at an undisclosed time at the end of the business day). The concerns may
be mitigated if the ATM is held and counted by two individuals or of it is
rotated regularly. Conversely, any concerns may be increased in the ATM
has been held by one individual for a length of time without rotation or
supervisory check.
Note 2: The main cash is usually not accessible until 15 minutes after
opening the branch. This will allow for the audit to concentrate on counter
stocks. However, the main cash safe should be observed so that early
access is not allowed.
54
POL00121397
POL00121397
Note 3: For the purposes of assurance, the financial audit of an individual
stock should check all cash (sterling and foreign currency), any unusable
notes and cheques on hand. In addition, the Audit Officer checking the
stock should assess the reasonableness of high value stock figures
declared and, if concerned, should validate those figures.
55
POL00121397
POL00121397
The main role of the lead Audit Officer at an audit of a directly managed
branch is:
To interact with branch staff, especially the branch manager and
particularly at the beginning of the audit
To identify which stocks require checking at audit and assigning
work to Audit Officers, in priority order, so as to minimise any
disruption to the general public
To facilitate the audit by obtaining key information (e.g. cash
declarations, Horizon reports etc) for attending Audit Officers.
Observe any transactions between staff (especially main cash) that
may affect the audits of selected stocks and reconciling any
transfers since the last declared balance
To obtain the last declared annual certificate of compliance and
test compliance to the key controls
To verbally conclude the findings of the audit to the branch
manager (or nominated deputy) and ensure that the final written
report is in line with the verbal closing meeting
The main role of an Audit Officer at an audit of a directly managed branch
is:
To audit stocks, assigned by the lead Audit Officer, in line with
notes 1-3 above
To advise stock holders what items have been checked (and what
has not) and the findings of these checks
Alert the lead Audit Officer to any concerns revealed (from audit
findings or observations)
Please note; the limits, as regards values and numbers of stocks, for
checking may change at the discretion of the lead audit officer.
Where there are cheques on hand at a DMB audit then there is a
requirement to record:
The value
Service accepted for
Name of the drawer — check these to the names of members of
staff at the branch
Any irregularities / discrepancies found at the audit should be reported to
the lead Audit Officer, who in turn should take the necessary steps to report
it to the Network Compliance Audit Manager (responsible for findings) and
Investigation Team Manager.
56
POL00121397
POL00121397
POL00121397
POL00121397
Top
FRANCHISE AND MULTIPLE BRANCHES
APPENDIX C
The prep data will provide details of branches that are of either a franchise
or multiple types. The lead Audit Officer should obtain this information at
the preparation stage along with:
e The name of the multiple / franchisee
e The multiple/franchise company contact point e.g. nominee
e The name of the Contract Advisor
The financial audit process outlined in this chapter can be applied to
multiple and franchise branches with the following exceptions:
If highlighted in the FARM model the lead Audit Officer will need to
determine if the procedural security compliance paper needs to be
undertaken if the branch is a franchise. Some franchise branches are self-
insured and in these cases the security paper should not be completed.
The self-insured franchise branches can be identified from the branch
details excel spreadsheet. Any major security weaknesses must be still
noted, however, and commented upon in the audit report.
On arrival at the branch, the lead Audit Officer should make the visit known
to the store manager and any local entry procedures must be adhered to.
At the beginning of the audit the lead Audit Officer must telephone the
company contact e.g. nominee or post office representative as soon as
possible to advise that an audit is taking place and to invite them to the
closing meeting at the branch. The estimated time of the closing meeting
should be advised and, if the company contact is unable to attend, it must
be confirmed that they are happy for the audit findings to be discussed with
the officer in charge on site. In this situation, the nominee or post office
representative must be contacted upon completion of the audit to relay the
findings.
Any irregularities, discrepancies, admissions etc. should be reported to the
Network Compliance Audit Manager. The Network Compliance Audit
Manager must be sent a copy of the respective audit report.
58
POL00121397
POL00121397
Top
OPEN PLAN AND COMBINATION FORMATS
APPENDIX D
Open plan branches are those without a physical screen barrier between
the customer and the person serving.
A Combination Store is the title given to retail branches that combine other
retail business with Post Office transactions using the same point of sale.
The same person will deal with private and Post Office transactions, but
funds and accounts will be separated.
The financial audit outlined in this chapter can be applied to open plan and
combination branches, but special care must be taken because of the
different security arrangements.
To minimise security risk to staff and funds, the following principle applies:
e Under no circumstances should bulk cash be counted in positions
which are exposed to the public
e All cash on hand should be counted in a secure back office area (if
available) or prior to the branch opening for business to avoid the
problem.
59
POL00121397
POL00121397
Top
ATMs
APPENDIX E
There are 5 different ATM types on site at branches in the network and this
will be identified in the prep data for the branch audited
The different types of machines in the network are:
e PO maintained — this machine holds between £50k — £250k and is
funded by a remittance received at the branch. The transactions
are reported through the branch trading statement
e Fully Serviced — this machine type is totally maintained by
Securicor
¢ Self-fill: Retail cash — this machine is funded from private cash and
under no circumstances must Post Office funds be utilised. This is
considered misuse of funds and should be reported to the Network
Compliance Audit Manager
¢ Self-fill: PO cash — this machines hold £1k - £3k and are funded
from PO funds
e Self —fill surcharge — this machine holds a maximum of £2k, funded
by PO funds. Funds must be only PO, i.e. NOT £1000 retail,
£1000 PO. NB: All funds must be removed and secured in
approved safe overnight.
There are consequently only 3 machine types that would need to be verified
as part of the audit process. Although it is not possible to open any of the
ATMs whilst the branch is open for business (if access is not via the secure
area), consideration should be given to checking the contents of the ATMs
before the branch is allowed to open. If the branch (or the retail side) is
already open for business when the audit commences then they should be
closed for a short period whilst the ATM contents are checked.
If, however, it is not possible to perform a physical check of the ATM during
the audit then sufficient reports should be obtained from the ATM to provide
assurance that funds are on hand within the ATM. This should be
subsequently fully documented in the audit report, and reported to the
Network Compliance Audit Manager at the time of the audit.
The obtaining of ATM reports should not be considered a replacement for
physically checking the actual contents of the machine. It should be used
as a temporary measure to carry on with the audit until such time (during a
quieter period of the day as mentioned above) when the branch can be
closed for a short period to perform the physical verification.
60
POL00121397
POL00121397
In extreme circumstances when the ATM is unable to be accessed, 4
weeks entries for ATM withdrawals should be checked to ascertain whether
or not stated holdings are reasonable. All instances whereby the ATM
cannot be accessed must be reported to the Network Compliance Audit
Manager and the Contracts Advisors.
61
POL00121397
POL00121397
SMOKE AND DYE PACKS
APPENDIX F
There are a large number of branches that are supplied with smoke and
dye packs as a security item. £20 notes surround the packs and these
notes must be included in the branch cash declaration and must be counted
as part of the financial audit.
The following guidelines apply:
£20 notes surrounding ECA Dyepacks
Two types of ECA Dyepacks found at Post Offices:
The ECA 16E/1 Dyepack (maxi-pack):
2 genuine £20 notes stuck to both sides of the
IECA 16E/1 Dyepack (£80 in total)
The ECA 16E/1 Dyepack is housed within a Bank of England dummy
bundle with 2 genuine £20 notes stuck either side — a total of 4 £20 notes
(£80). ECA 16E/1 Dyepacks and surrounding £20 notes are often
contained within a transparent PO Giro note-bag.
The ECA Smokenote™ (thin-pack):
‘Smokenote ‘Pocket’ showing position of ‘invisible’ tape
i Les
zi:
- a Alt
fn oo oo
ISmokenote™ is housed between 2 stuck £20 notes with a further
8 or 10 £20 notes placed around the Smokenote™, with one
The ECA Smokenote™ is contained within its own package. The
Smokenote™ package is concealed between 2 stuck £20 notes. A further
8 loose £20 notes are placed around the pack, one folded over the top and
held together with an elastic band. (£200 in total) ECA Smokenotes™ and
surrounding £20 notes are often contained within a transparent PO Giro
note-bag.
62
POL00121397
POL00121397
Smoke and dye packs are surrounded by real £20 notes and if a number of
packs are on hand at a branch this could amount to a considerable value. It
is therefore important that the smoke and dye packs are opened and
verified at the audit to confirm that:
e The surrounding £20 notes are real
e The surrounding £20 notes are all on hand and are accurately
declared
The branch should have a record (receipt) for the smoke and dye
notes. The record will detail the full value and the serial numbers of
all notes within the pack.
63
POL00121397
POL00121397
Top
ACCESS TO THE HORIZON SYSTEM
APPENDIX G
It will be necessary as part of an audit to gain access to the Horizon system
at the branch being audited. There will also be times when different levels
of access will be required and the following should be adopted:
Standard Audits
Audit Officers can be added to the system as a user in order to print the
necessary reports or the reports can be requested from, and produced by,
the Subpostmaster. Where the Subpostmaster supplies the reports, an
Audit Officer should remain in attendance whilst the reports are produced.
If the audit subsequently identifies a financial irregularity a ZAUD99 one-
shot password (OSP) should be obtained for further use of the system. Any
extra users can then be added to the system, if required, from the ZAUD99
user ID.
Audits at the request of the Investigation Team
It is important at these audit types that we do not jeopardise future court
cases or prosecutions by ensuring we have followed proper access
procedures to the Horizon system. A ZAUD99 (OSP) should therefore be
obtained for access to the system and this to be obtained on site in the
secure area. Once logged on as ZAUD99 user it can then be used to
create other users on the system in order to later assist with the production
of transaction/event logs.
If the audit is a contract and service concern or investigation request then
the ZAUD939 level of access will be required. The NBSC must be contacted
as soon as possible after the start the audit to commence the process for
obtaining this type of access. As previously stated, do not attempt to log on
to or gain access to the Horizon system until this one-shot password has
been obtained. Any delays or problems in obtaining a one-shot password
must be reported to the Network Compliance Audit Manager following the
audit.
Please note: - If users have been added to the system during the course of
an audit remember to delete them from the system at the conclusion of the
audit before leaving the branch.
64
POL00121397
POL00121397
APPENDIX H
2] Office cnapshor [Bscktop I [FS Office balancing I bl Office snapshot LOT Fa Print ]
a] View Stock Units [Desitop [> [F? Administration Ib] FI Stoch Units LP TFS View Stock Units [> [view fist ont ]
T][Outetanding summaries [Becktop I > [Fa Stock balancing I > [F16 Summariez I dT TF a Prine ]
B[ User summar; [Desktop T > [F2 Reports Lo Tri event tog [2 TF%4 User summary Lo TFs Print i}
‘S][Suspance sccount raport [Bscktop [> [F2 Reports LP TFe Difice woah TL? [Fit Suspense secount TPT Fa Prine ]
Ti] Remittance in [Gscktop T+ [FS Reporte [+ TF2 Sifice dail Le TFs Reme in (asily) TTF a Prine ]
TS I Reveresl reports [Gesktop I + [F2 Reports Lo [FS Tranzaction log LOT Fit mode LO TER = repost for RY L> TRIG continue 5
Event log {if required by investigations) Desktop I >I r2 Repors >I Prevent Log > Trt attevente > IF2 Balancing » I Enter dates from ond
20] Stock adjustments [Desktop [> [F2 Reports [> TFS Transaction log Lo TFitMode [> [stock adjustments (+} & repeat for stock adjustments} I > [F16 continue Pa
[Branch Audit Report 4 v1,5.doc - Microsoft Word
@workspa...I Bi}s.Audto,.. I GyProcesse...I telJeranch A..]][lMicroso.. W]s.audts....
Vs
POL00121397
POL00121397
APPENDIX J — Dealing with discrepancies revealed at audit (Note: ECF to be completed for discrepancies over
£1000 only)
Discrepancy < £500.
ES
Are there any financial
irregularities or
suspicious
I 0
Top
Discrepancy > £500.
.
Is the discrepancy due to an
authorised amount in the suspense
— i
Audit Officer to report findings to the
Contracts Advisors, Investigation Team
Yes Manager and line manager.
For National Multiple branches the Audit
Officer should contact the Network
Misuse of funds admitted.
Contracts
Contracts Advisors Audit Officer to
Seek proposals to make Advisors makes a makes a decision notI —>I contact Network
good audit discrepancy. decision to close to suspend and the Compliance Audit
the branch. amount exceeds Na Manager
I I I Yes I
Document findings and Network
proposals in the audit
report. E-Mail the audit
report FAO the
Contracts Advisors via
the Outlet Intervention
Contracts Advisors to have
Audit Officer the decision endorsed.
prepares final £5K - £10K Buddy CSA
account
£10K - £25K National
Contracts Mgr
>£25K Head of Business
Compliance Audit
Manager to ensure
escalation process
has been followed.
67
POL00121397
POL00121397
APPENDIX K
Top
ia
AUD CONTACT~z
oc
APPENDIX L
Auditing Without
Access to Horizon.zip
68
POL00121397
POL00121397