POL00141789
POL00141789
M087_POL_017_Performing a Branch Audit v4.2 Nov 09_KS
Audit Process Manual
Chapter 3 - Performing a Branch Audit
44
Outline responsibilities and process to perform an audit in all
branches.
Network Field Team
March 2010
Andy Bayfield
Martin Felinc
Kate Rosenthal
Pat Bursi
Network Support Manager: Delivery of audit targets
Risk and Assurance Mgr: Branch Profile
Network Support Performance Mgr: Reporting
Network Support Admin Mgr: Reporting
Author Mandy Neeson, Wendy Mahoney & 31/08/2009
Linda McLaughlin
Field Team Leaders
Assurance Kathleen Griffin 31/08/2009
Field Support Manager
Authorised Andy Bayfield 6/10/09 (Sue)
Network Support Manager
Communication
Field Support Change Advisor
Version control
Version I Annual Review All 31/08/09
4.0
4a References to NFS Toolkit replaced with EASE. I All Oct 09
4.2 Updated as result of FTL Cascade All Nov 09
POL-0143127
Index
1 Introduction 3
2 Types of Audit 3
3 Field Advisor role and responsibilies 4
4 Lead Field Advisor Role 5
5 Planning 6
6 P32, The CAT Reporting Tool and SharePoint 7
7 On Site Activity 9
8 Financial Assurance Audit (FAA) 11
9 Irregularities 15
10 Financial Assurance Audit (Tier 2) 17
11 Compliance Audit 18
12 Follow-Up Audit 18
13 Close of audit Meeting 19
14 Audit Reporting 20
App A Crown Office 21
App B Franchise and Multiple Branches 22
App C Open Plan and Combination Formats 23
App D WHSmith 24
App E Outreach Branches 26
App F ATMs 34
App G Horizon System 35
App H Discrepancy Flowchart 37
POL00141789
POL00141789
POL-0143127
POL00141789
POL00141789
Section 1 - INTRODUCTION
1.1 Audit activity takes place because we have stakeholder requirements to ensure that
we protect, maintain and account for all our assets, both those we own and those we look after on
behalf of our stakeholders. We are also responsible for ensuring that all our staff and agents
operate their Post Office® branches in accordance with legislative regulations as well as
conforming to our operating licence and to customer charter standards.
1.2 We will attend all types of branches throughout the year to verify financial assets on hand and
to test regulatory compliance and business conformance against standards set out in our
operations manuals.
Section 2 - TYPES OF AUDIT
2.1 These are the types of audit
"Financial Assurance (FAA) and (Tier 2)
= Compliance
= Follow Up.
2.2 The Financial Assurance Audit (FAA) involves the verification of cash, selected stock items and
vouchers on hand. Items not verified are deemed to be assured.
2.3 The Financial Assurance Audit (Tier 2) is a comprehensive check to assess the current trading
position of the branch. This will be carried out if requested by stakeholders or as the result of
escalation by a lead Field Advisor, visiting to complete a lesser request, resulting in unsatisfactory
findings.
2.4 The current financial position of the office is calculated and recorded by completion of an Excel
based file known as a P32 and comparing this to the Horizon system derived “balance due to PO
figure” using the latest declared branch trading statement, and reports obtained from the Horizon
system.
2.5 The objective of the Compliance Audit is to check that mandatory business conformance and
regulatory compliance controls are operating as intended: by checking evidence and gaining
assurance that the required controls are in place. Compliance to business policies and procedures
can be tested in conjunction with the Financial assurance Audit visit or on a separate visit.
2.6 The Follow Up Audit procedure is to establish whether gaps in regulatory compliance and
business conformance have been addressed from a previous audit visit.
2.7 Details of all audit types are available on EASE- Audits- Audits Types List. The Network
Support Field schedule entry is annotated to explain to a Field Adviser what type of audit is
required and whether they are to lead or assist.
POL-0143127
POL00141789
POL00141789
Section 3 - THE FIELD ADVISOR ROLE AND RESPONSIBILITIES
3.1 The Field Advisor's role at audit is completely objective and the reports they produce after the
visit must be detailed, accurate and factual. The Field Advisor's role is not to speculate on the cause
of the outcome of the audit or the honesty of agents or staff either overtly or by implication.
Anything recorded which is deemed to be of a subjective nature would undermine any subsequent
investigation and could impact on the ability of investigators to pursue the case.
3.2 Field Advisors should not enter into any discussion or speculation about why the office has been
scheduled for a visit.
3.3 If the audit should end in the precautionary suspension of the Sub postmaster then the Field
Advisor must not apologise or enter into any discussion as to why a precautionary suspension has
been affected. The Subpostmaster must be referred to their Contracts Advisor.
3.4 There will be circumstances where an audit visit to an office leads to an escalation or
investigation so it is necessary for the Field Advisor to be conscious of this from the outset.
3.5 The Field Advisors must take detailed note of all timings and the course of all events. The
actions of those on site and conversations held may become relevant if there is to be an
investigation of mis conduct or dishonesty. The lead Field Advisor is responsible for reporting these
details.
3.6 For full information about the support available from the Contracts Advisor see Irregularities.
3.7 All Field Advisors must carry their security passes and wear a Post Office® name badge whilst
on site in branches.
3.8 Field Advisors must take their laptops to an audit so the activity is not jeopardised by laptop
failure. General security rules apply. Any bags, laptops or equipment not required on site should be
locked out of sight in a vehicle.
3.9 All Field Advisors working on audit activity must carry with them:
= A copy of the current display instructions
= Compliance workbook for reference
= The latest edition of the Operational Publications CD Rom
= Asupply of Kendata customer satisfaction feedback forms and envelopes. (email OFS)
= The Network Support Directory of Mobile and Mobex numbers (ref: EASE Audits -
Contacts).
They must also carry a supply of the following items to leave at offices where they are found to be
lacking:
*Travel Insurance Important Notice
*Oral Disclosure Statements
*Data Protection Act Leaflet
*Your Guide to Customer Service
*Suspicious Activity Reporting Form
Note, coin, rem bags, Horizon bar code stickers for non CiT rem.
4
VVVVVY
POL-0143127
POL00141789
POL00141789
*All can be printed from EASE- Handout/Guides
(Your Guide to Customer Service Internet print not to be handed out to customers)
3.10 It should be noted that although the Field Advisor will supply these items, this will still be
noted as an audit gap and the Field Advisor must witness the Subpostmaster placing an order for
missing items via Horizon.
3.111 In addition to the aforementioned items the Field Advisor must have the following paperwork:
= Arecord of conversation held (ref -EASE - Audits.)
= A without prejudice receipt (ref - EASE - Audits)
= A workplace Risk Assessment. ( ref - EASE - Admin- Health & Safety- Appendix C)
= An application form for Grapevine ( ref - EASE - Training On Site - Grapevine)
= Paperwork necessary for performing an office transfer (ref - EASE- Audits)
= Paperwork necessary for appointing a temporary Subpostmaster ( ref - EASE -
Intervention - Temp SPMR Security Checks)
3.12 The Field Advisor must carry notices informing the public of temporary closure or closure (ref
- EASE - Audits - Closure Notices).
Section 4 - THE LEAD FIELD ADVISOR ROLE
4.1 The Outlet Field Support schedulers will indicate via the schedule which Field Advisor or Field
Advisors are to carry out the audit visit and who has been allocated the “lead” role.
4.2 It is lead’s responsibility to prepare for the audit, manage activities on site, report financial
irregularities and subsequently complete the audit reports.
4.3 The lead is responsible for the introductory discussions with the Subpostmaster, providing
regular updates and performing the closing meeting.
4.4 The lead is responsible for delegating tasks for example; P32 completion, checking of display
material, checking of bureau, to ensure the audit is run in an orderly manner making efficient use
of the resource available.
4.5 The lead is also responsible for the decision to re-open the branch when sufficient checks have
been carried out to provide assurance that an escalation to Tier 2 or the involvement of the
Contracts Advisor is unlikely. It is desirable to re-open the branch as quickly as possible to minimise
disruption to customer service and the lead Field Advisor must use their discretion to judge when
this is appropriate. However should subsequent findings indicate that the situation requires
escalation then they have the authority to re-close the branch, informing NBSC of the current
status and the customers of the alternative branches.
4.6 The lead is responsible for contacting the other Field Advisors to discuss arrangements and
organise travel in accordance with the current Business Travel Expenses (BTE) policy, arrange a
meeting point and consider contingency arrangements in the event of absence, sickness, travel or
5
POL-0143127
POL00141789
POL00141789
other problems. The meeting time should not preceed the branch opening time by more than 20
minutes. (ref - EASE - Audits - Audit Process Manual - Chapter 12 - Continuity Planning)
4.7 The lead must provide the official working papers for use in the branch. Only the current
versions of working papers available on EASE are acceptable. Working papers for escalation to Tier
2 must be carried if attending a Financial Assurance Audit,(FAA)
4.8 The lead should ensure that when on site the use of mobile phones is kept to a minimum and
phones put on silent/vibrate once the office has re-opened. Any conversations that must be held
from site should be done so out of earshot of the counter unless this is absolutely unavoidable.
Clerks serving on the counter must be able to converse with customers without being hampered by
conversations taking place behind the counter.
Section 5 - PLANNING
5.1 The Field Adviser designated “lead” at the audit is responsible for carrying out the pre visit
preparation. The lead must check the audit type, branch name and code and other details supplied
by the schedulers. Using the available databases on the Intranet i.e. Branch Finder and Branch
Database Snapshot also known as the Configuration Management Snapshot they can find all the
information on the branch. There is further information including the last date of audit available
through the All Branches Database in the Audit section of EASE. There is a separate database of
branch opening hours available on EASE too and details of Branch Trading dates to establish when
the branch last rolled onto a new BT period. The lead at the audit uses these details to populate
the P32 audit tool and the CAT Reporting Tool.
5.2 Whilst accessing these databases the lead auditor must also take note of what type of office
this is for example:
Account managed or centrally supported
Crown Office ( ref - additional info Appendix A)
A Franchise or multiple (ref- additional info Appendix B)
Open plan or a combination store (ref - additional info Appendix C)
WH Smith (ref - additional info Appendix D)
Outreach branch (ref - additional info Appendix F)
5.3 The type of office will indicate any further preparation required. Exceptions that relate to
specific types of office are detailed in the appendixes. All this information must be accessed in
addition to the Audit Reports Matrix to determine where the reports must be sent. ( ref - EASE -
Audits - Audit Process Manual - Chapter 8)
5.4 The lead Field Advisor must also determine if any non-standard transactions are performed at
the branch as they will need to ensure that monies associated with these transactions are included
in the audit checks. The outlet should also be able to demonstrate that these products are being
accounted for in the correct manner.
POL-0143127
POL00141789
POL00141789
Bureau de change (ref - Section 8.5)
ATM (ref - Appendix )
Lottery (ref - Section 8.6.1 - 8.6.5)
Paystation (ref - Section 8.3.1)
Teller cash dispenser
Combi till ( ref - Appendix C )
Postshop
SVM - cash assured
Rollercash ( ref - Appendix C )
There are instructions for dealing with these non standard transactions in the relevant Counter
Operations manuals and Field Advisors must familiarise themselves with these to be prepared to
check cash and accounting practices at on site activities.
5.5 The lead must also consider any other factors that may impact on the amount of resource
required for audit activity e.g. seasonal variation, Public holidays or local events affecting cash flow
and banking activity.
Section 6 - P32, THE CAT Reporting Tool and SharePoint
6.1 A P32 is an Excel spreadsheet designed to support planning, verification and assurance of
assets and generate the reports required by Financial Assurance Audit activity at all branches. The
lead Field Adviser is responsible for posting all reports to the branch. And email reports as per Audit
report matrix to all stakeholders.
The latest version of the P32 is available from our database. ( ref - EASE -Audits - Audit Process
Manual - Chapter 2.)
6.2 The Compliance Audit Test Reporting Tool, or CAT Reporting Tool, is an Excel spreadsheet
designed to support the planning and testing of regulatory compliance and business conformance
and recording and reporting the results. The Field Adviser uses the tool to access the lists of
Regulatory Compliance and Business Conformance tests required, record the answers and generate
the report and a Compliance Declaration. The lead Field Advisor is responsible for posting all
reports to the branch. And email reports as per audit report matrix to all stakeholders.
The latest version of the CAT Reporting Tool is available from our database. ( ref - EASE -Audits -
CAT Tools)
6.3 The tools are updated on a monthly basis and the expiry for the tool and last date for
submission is included in the latest Audit Process Update email. These dates must be strictly
adhered to.
6.4 The lead Field Advisor must download a copy of the P32 and the Cat Reporting Tool direct
from EASE for every activity. Local copies should not be saved to avoid use of out dated versions.
6.5 The current P32 and user instructions can be accessed from our database.
( ref - EASE - Audits- Chapter 2.)
The current CAT Reporting Tool and user instructions can be accessed from our database.
(ref - EASE - Audits - CAT Tools)
POL-0143127
POL00141789
POL00141789
6.6 The lead Field Advisor must ensure that they have read and understood the current versions of
the instructions.
6.7 To allocate a P32 or CAT reporting tool to an office open the latest version of the electronic
Audit of Accounts (P32). Once opened, the P32 must be saved as P32, branch code, date, name of
branch and North or South area, for example, 023323.280509 Lenzie (North).xls - this will prevent
accidental overwriting of the original P32 template and also allows future changes to be saved.
The CAT reporting tool is dealt with in the same way but the file name is preceded by CAT.
The Follow Up Audit is preceded by F.
6.8 When a date of previous audit is given on the all branches database then it is necessary to
enter the database where the previous audit reports are held and carry forward information on
gaps from the previous audit or post transfer visit to ensure they have been addressed. There is an
area on the CAT Reporting Tool “Planning section” where this information must go. Only audit
reports from the preceding three years need be consulted.
6.9 If the office has been subject to transfer since the last audit activity then the gaps recorded
against the previous Spmr can be ignored. However audit gaps recorded during Post Transfer
Activity are relevant.
6.10 All findings from the P32 and Cat Reporting Tool must be submitted via the appropriate
Sharepoint Survey.
6.11 Sharepoint is an on line tool that enables results to be reported and accessed immediately by
the relevant stakeholders. The responses to all SharePoint surveys can be collated automatically
without the P32 and CAT Reporting Tool having to be manually analysed.
The instructions to complete a SharePoint survey are held on our Toolkit.
(ref - EASE - Audits- SharePoint Links/User Instructions)
6.12 As with the reporting tools it is essential that the lead Field Advisor accesses the correct
SharePoint survey links from our Toolkit. ( ref - EASE - Audits - SharePoint Links/Instructions)
It is also essential to read and follow the latest version of the instructions.
POL-0143127
POL00141789
POL00141789
Section 7 - ON SITE
7.1 Before approaching the branch the lead Field Advisor should take the opportunity to brief the
team on the approach for the visit and clarify all roles and responsibilities.
7.2 The lead Field Advisor must send a text message to the Contracts Advisor to inform them of
the audit activity. The brief text message must include the lead Field Advisor’s name, the office
name and branch code. This is to make the Contracts Advisor aware that there may be calls later in
the day regarding irregularities in the office. This is designed to speed up the resolution of on site
issues. If there is no signal for a mobile at the office, no text message will be sent, and the audit
should commence as normal.
7.3 The introduction, by the lead Field Advisor, to the first person arriving on site should be worded
as follows;
“Hello my name is .... from Post Office® Network Support /'m here to carry out an audit of your
branch today - please can you tell me who you are and what your role /s here.......”
7.4 If they are not the Subpostmaster then they must be advised to contact the Subpostmaster to
let them know their branch is being audited and invite them to attend. Whether the Subpostmaster
accepts or declines to attend the branch, the branch is audited as planned. Once the initial
introduction is carried out then the lead must introduce each member of their team.
7.5 The Subpostmaster or staff may contact the NBSC before allowing access and this will mean
that Field Advisors may have to wait outside until their identity has been confirmed by the NBSC
and they have completed their first access procedures. (Contact with NBSC is not mandatory, Field
Advisors may be admitted on verification of security passes)
7.6 The Subpostmaster or staff should be advised that he/she should not access cash, stock or the
Horizon system until the Field Advisors have gained access. In these circumstances, any irregularity
should be documented and a transaction log obtained from the Horizon system to ensure there has
been no activity on the system before the Field Advisors were allowed access.
7.7 \f the Subpostmaster or staff refuses to allow entry to the premises, explain that the Field
Advisors have the right to verify Post Office Ltd assets and that the Subpostmaster is contractually
obliged to allow the Field Advisors access to do this. If access is denied refer to the Contracts
Advisor for advice in the first instance. It may be necessary to involve the police as a last resort.
7.8 Having gained entry to the building the lead Field Advisor must phone NBSC to report the
closure of the office for audit purposes and arrange for the notices informing the public of the
closure to be displayed in a prominent position. The details on the poster will include the names
and addresses of alternative offices and an estimated opening time for the office.
7.9 Each member of the Field Support team must ensure that they sign a visitor's book or log
recording their arrival the date and time and purpose of their visit and their departure
POL-0143127
POL00141789
POL00141789
7.10 Establish facilities for Field Advisors and where bags and personal belongings should be
stored -Not getting agreement on this could prove contentious if items are claimed to be missing
from the premises during or after the visit. Some branches have policies in place which forbid
taking handbags, personal cash, food etc into the counter area. Field Advisers must abide by these
policies. If Field Advisors are concerned about leaving personal items in a different area or locking
them in a vehicle then they are advised not to carry unnecessary items to audit visits.
7.11 The Field Advisers should not have unwitnessed access to cash and stock.
Where it is not possible for the Subpostmaster to attend or the Subpostmaster chooses not to be
present, then checks must be made in the presence of a member of staff. It is important that any
checks are not made in isolation. Both the Field Advisor and stockholder should acknowledge the
accuracy of the figures following the check. Where a discrepancy is highlighted, the Subpostmaster/
member of staff/or another Field Advisor should verify the findings and sign the cash and/or stock
sheet to confirm that the figures to be used as part of the audit are correct.
7.12 The need to identify and produce all cash, stock and vouchers
This must be stressed at the outset and remind the Postmaster/staff that this could include iterns
kept out with the secure area. Should the Subpostmaster/ staff present cash after the audit has
commenced, and it has been confirmed that all cash has been produced, it must be excluded from
the audit as the audit result is only based on the verification of the financial assets presented as “on
hand” at the outset of the audit. The cash must be accepted from the Subpostmaster “without
prejudice to investigations or the current branch trading position”, a receipt issued, and included in
Post Office Ltd funds, but not the current branch trading position. Details of the amount should
however be included in the Sharepoint input sheet of the P32 and recorded on Sharepoint.
7.13 Obsolete stock must be discounted from the audit, the subsequent shortage included in the
current branch trading position and explained in the audit report.
7.14 Other points for the opening discussion should include as a minimum:
= The nature of the audit “checking cash and selected stock items...../f necessary we may
escalate to a full check if any irregularity is found...” The reason behind the use of
laptops and the P32.
= The course of events, what items will be checked and in what order.
= The need for access to the Horizon system.
= The estimated opening time of the branch
= Other aspects of the audit; for example reconciliation of non-value stock.
= The Compliance Audit which will require the input of the Subpostmaster and staff.
= The close of audit meeting and the opportunity for the Subpostmaster to comment on
any findings
= The opportunity for the Subpostmaster to fill out a customer satisfaction feedback form
requesting their views on how the visit was conducted.
10
POL-0143127
POL00141789
POL00141789
Section 8 - FINANCIAL ASSURANCE AUDIT (FAA)
(Tier 2 requires additional procedures details below section 10)
8.1 The Financial Assurance Audit (FAA) involves the checking and verification of:
"Cash (ref - Section 8.3.2)
= Cheques (ref - Section 8.3.3)
= ATM cash (ref - Appendix )
= Currency (ref - Section 8.5)
= Post Office Savings Stamps
= Lottery Instant scratch cards (ref Section 8.6.1 - 8.6.5)
= Self Adhesive stamps 100 x 1*
= Self Adhesive stamps 100x 2™
= Self Adhesive stamps 50 x 1* Large
= Self Adhesive stamps 50 x 2™ Large
= MVL
= Traveller's cheques
All other stock items will be deemed to be assured.
SVM and Post and Go machines will be assured.
Full unused packs of MVLs may be sampled and assured
8.2 Horizon Reports
8.2.1 Ascertain the number and types of stock units on the system.
8.2.2 Ask the Subpostmaster or a member of staff with manager's access to create a user ID for
the lead Field Advisor to allow them access to the Horizon system.
See Appendix for Instructions on Accessing the Horizon System and the different procedure
required for audits requested by investigations.
8.2.3 Obtain the previous period end branch trading statement. The figures should not be altered
by the Field Advisor in any way or made illegible, as these may need to be produced at a later date,
possibly as evidence in a court of law.
8.2.4 The following report printouts must be obtained from the Horizon system, examined and filed
with the working papers in line with the current retention process:
See EASE - Audits - Chapter 3 for Audit Report Paths
See EASE - Audits - Chapter 9 for Retention of Papers
e Un-reconciled/outstanding transfers report - for multi stock branches
e Transaction log for the day of the audit (audits commencing before opening hours -
only) - this report must be produced regardless of whether or not you feel the Horizon
terminal has been accessed prior to audit attendance
e Office snapshot
e Balance snapshot for each stock unit - including where the branch operates an
individual stock unit
e Foreign currency holdings
¢ Outstanding summaries (to verify vouchers / cards on hand):
> Giro deposits / withdrawals
11
POL-0143127
POL00141789
POL00141789
NS&I deposits / withdrawals
Personal banking deposits and withdrawals (manual transactions)
Green Girocheques
> Redeemed savings stamps (POSS)
e Suspense account report
¢ Transaction corrections outstanding
e Transaction corrections processed (this will also show instances whereby evidence has
been requested - entries will be preceded with an ‘E’”
e Remittance summary (ins and outs) for the trading period
e Remittance by product summary (ins and outs) for the trading period
e Reversal reports for 42 days - RV and ER; Reversal transaction and existing reversal
transaction when transaction code as been used
VVYN
8.2.5 Further reports required for Compliance Testing
e User summary - obtain a list of all Horizon users and take note of their full names. This
can then be checked by accessing the ‘modify user’ screen and checking that all entries
are current and in the correct format.
e Forty-two day transaction log detailing all transactions over £5000.00 to illustrate
transactions where identification data capture may have been required.
8.2.6. Please note: - Further reports can be obtained from the Horizon system as required e.g.
branch trading statement reprints, stock adjustment reports, event logs and further transaction
logs for investigation purposes. The above list is not exhaustive. However, this should be seen as
the minimum.
8.2.7 If the audit takes place on a Thursday, following the end of a branch trading period, and the
branch trading statement has not been fully completed, the audit should be based on the trial
balance figure ensuring cash and stock have been declared. The final branch trading statement can
then be completed during the course of the audit or as soon as practicable, ideally before the Field
Advisors have left the branch.
8.3 Checking Cash, Stock and Vouchers on Hand
8.3.1 For Branches with a Paystation terminal, obtain the bar code summary report from the
Paystation terminal. Count all monies accepted in respect of transactions carried out on the
terminal to ensure that they balance to the amount detailed on the report. It is important that the
summary total is entered into the Horizon system as soon as possible after the bar code is available
for scanning. If this is not done the agent will receive repeated reminders to do so. Failure to
comply with this requirement on a regular basis will cause the Paystation to be suspended.
Please note: - The maximum amount of Post Office® cash that can be held on the retail side is
£250.00. The total of the bar-code summary and monies in respect of transactions should be
included in the P32.
12
POL-0143127
POL00141789
POL00141789
8.3.2 Cash check - obtain the final cash declaration for the day prior to the audit by reprinting the
last “existing” declaration or obtaining the report via the event log. Where the audit is carried out
later in the day and the branch has been open for business then it will not be possible to confirm
cash to a branch declaration. However the report should still be obtained and examined for possible
inflation of cash.
8.3.3. Cheques - Count and record cheques on hand and verify to Horizon snapshot or the last
completed branch-trading statement (Thursday audit - following completion of balance trading
period). Ensure that cheques are examined for validity and that any “personal” cheques are not on
hand including those belonging to staff members without the correct annotation and a matching
transaction that can be verified through Horizon.
8.3.4 If an irregular personal cheque is found contact the Contract Advisor team, and Fraud Team
Manager. The personal cheque must be impounded, excluded from the audit result and a “without
prejudice” receipt issued.
8.4 Vouchers- All the vouchers on hand must be checked and verified irrespective of the day of the
audit. Printouts of transactions not yet cut-off, therefore still on hand, can be obtained by
accessing the report screen and selecting ‘summaries outstanding’. The details of the printouts
must be checked against the vouchers on hand e.g. giro deposits and withdrawals etc.
It is also important that all vouchers on hand are checked for validity, early encashment and fraud.
8.5 Currency - Verify all currencies on hand to the correct name on the bureau stock snapshot.
Any discrepancies must be corrected in the Horizon bureau stock at the time of the audit. Totals
from currencies verified and those deemed assured should be documented for later inclusion in the
P32. Upon correcting the errors, the revised sterling equivalent figure should be used in the P32.
8.6.1 Lottery - All on line lottery transactions must be accounted for daily. Calculate any
outstanding monies owed to the Post Office and ask the Subpostmaster to make this good. If the
Subpostmaster isn’t able to do this or the lottery is not being accounted for correctly then see
irregularities.
8.6.2 Count and record lottery scratchcards and reconcile to the Horizon snapshot and local
records, if held. Scratchcards will normally be held on the retail counter and it may be necessary to
physically count the cards outside the counter area. Any cash held on the retail side relating to
sales should be included in the cash on hand verification.
8.6.3 The scratchcards on hand can be verified by reference to the lottery matrix held on EASE -
(Audit - Preparation/Information - Useful Guides & Checklists) or by telephoning the NBSC
08456011022. The Subpostmaster must be advised that any value of obsolete scratchcards will
be removed from the cash account and the resultant shortage must be made good. This should be
actioned at the time of the audit and detailed in the audit report.
13
POL-0143127
POL00141789
POL00141789
8.6.4 Obtain the following reports from the lottery terminal and the Subpostmaster, depending on
the type of branch OLT
e — On line summaries
e — Instant summaries
e = Summary Inventory
e Activation receipts
8.6.5 Using the summary inventory and pack status reports, confirm and reconcile the unactivated
scratchcards. It should also be confirmed that the scratchcards on sale have all been activated.
The pack status reports identify the status of the cards held:
CONFIRM - Pack is unactivated
ACTIVE - Pack is activated
8.7 Network Support Admin Duty - Whilst on site the lead Field Advisor will receive a phone call
from Network Support Admin Duty giving the figure for agent debt and the names of the staff
registered as working in the office. Any staff working in the office not registered with HR should be
reported via the Anomalies Report
8.8 There is no need to hold back and open rem bags awaiting collection if they are due for
despatch the same day as the audit. The reference numbers from the bags must be recorded and
verification sought the following day that the bags have arrived at the Cash Centre by phoning the
Network Support Admin Duty. Any failures should be reported to the Contracts Advisor and Fraud
Team Manager for an Investigation audit to be arranged.
If rem bags have been made up in advance and are not due for despatch on day of audit they
should be opened and contents verified.
14
POL-0143127
POL00141789
POL00141789
Section 9 - IRREGULARITIES
9.1 During the course of the audit the Field Advisors may find discrepancies, transaction
corrections, inappropriate items held in suspense, business practices out with the Post Office®
operating instructions and in this situation the irregularity must be discussed with the Contracts
Advisor.
9.2 Central Accounting in Chesterfield - Problems with irregularities involving errors in accounting,
transaction corrections or entries in the suspense account may be progressed with the help of the
appropriate contact. Please see
(ref EASE - Admin - NFS Team Contact Numbers.)
9.3 Support from Contracts Advisor - As part of the preparation for the audit the lead Field
Adviser must have available the contact details for the Contracts Advisor and alternative Contracts
Advisors and the Fraud Team Leader to report findings, errors, discrepancies or admissions.
9.3.1/f intervention is required, or circumstances suggest that they may be required, the Contracts
Advisor should be contacted at the earliest opportunity. This will allow discussions to take place and
any necessary decisions made whilst the lead Field Advisor is still on site and will ensure that
problems are dealt with quickly and efficiently. Contact should be made via mobile phone, as this
will ensure confidentiality (use Mobex number for calls). The use of the Subpostmaster’s telephone
should be avoided.
9.3.2 The Contracts Advisor should be contacted if anything happens during the visit that would
suggest that the agent may be in breach of their contract for example
e There is an unexplained discrepancy in excess of £1,000 (including
outstanding debt as well as trading position found during asset
verification)
There are any irregular or suspicious circumstances
There is an irregular personal cheque on hand
Sales made on a “credit” basis i.e. payment outstanding
There is an admission of misuse of Post Office® Ltd funds or
fraudulent activity
e The Subpostmaster refuses to allow access to the premises or any
cash or stock items
e Cash on hand has been inflated or an amount of cash is produced
after the audit has commenced
Lottery takings are not to hand and/or banked in personal account
Transaction corrections have not been actioned to the expected
timescales
e There are discrepancies found in on-site verifications (remittances,
suspense accounts etc.)
e The Subpostmaster has declared that the previous periods
discrepancy has been made good, however findings are to the contrary
e The Subpostmaster cannot make good an audit shortage and is
unable, or unwilling, to put forward proposals
15
POL-0143127
POL00141789
POL00141789
e If the lead Field Advisor has any other concerns about the branch
This list is not meant to be exhaustive. Regardless of the circumstances, if
there is any doubt or concern about the branch or Subpostmaster contact the
Contracts Advisor.
9.3.3 Should the Subpostmaster admit any fraudulent activity, he/she should be advised
immediately that the branch will be kept closed and the Contracts Advisor and Fraud Team Leader
contacted.
Should the Subpostmaster be suspended, there is a possibility that the branch will remain closed
and the assets defunded (ref EASE - Audits - Closure Process - Chapter 5) for details about branch
defund, In this case, a special notice to this effect should be displayed and NBSC should be
contacted to advise them of the situation. If the branch is to remain closed, the datestamps should
be lodged in the safe. Arrangements for the door and safe keys should be agreed with the
Contracts Advisor.
9.3.4 In cases involving suspension, the lead Field Advisor should obtain six periods worth of branch
trading statements, and keep them with the other audit papers for retention at the central archive
in Maidstone. This will assist the Fraud Team should there be legal repercussions.
Originals should be obtained, but copies (where such facilities exist) are acceptable. Should there be
no statements available, a reprint of the last completed statement must be obtained from the
Horizon system.
If the Subpostmaster objects to their removal, it should be pointed out that the paperwork is the
property of Post Office® Ltd, and if necessary a receipt should be issued.
9.4 Appointing a Temporary Spmr - If the Contracts Advisor decides that the Subpostmaster is to
be precautionary suspended from the office then it may be possible to appoint a temporary
Subpostmaster in his place to ensure continuity of service.
The Contracts Advisor will commence this process with the permission and agreement of the
existing Subpostmaster. The Field Adviser must carry a_set_of paperwork to carry this out under the
direction of the Temporary Subpostmaster Advisor
(ref EASE - Intervention - Temporary Spmr Security Checks)
16
POL-0143127
POL00141789
POL00141789
Section 10 - PROCEDURES FOR FINANCIAL ASSURANCE AUDIT (TIER 2)
(in addition to aforementioned Financial Assurance Audit (FAA) procedures)
10.1 Obtain the Branch Trading Statement.
10.2 Check all cash, cheques, currency, postage, stock on hand as required for completion of P32
(Tier 2).
10.3 Working papers specific to Tier 2 must be used from the toolkit.
(ref - EASE - Audit - Audit Process Manual - Audit Tools- Working Papers Chapter 2)
10.4 If a Tier 2 audit has been scheduled then in addition to the agent debt and staff names
information the Network Admin Support Duty will also details of figures for rems reported in the
current trading period. If the Financial Assurance Audit (Tier 2) is by escalation then these figures
must be requested by the Field Advisor.
17
POL-0143127
POL00141789
POL00141789
Section 11 - COMPLIANCE AUDIT
11.1 Compliance audit tests (CATs) are designed to test that regulatory
compliance and business conformance procedures are operating as intended,
by checking evidence of adherence to the approved systems.
11.2 The Field Advisor’s role in compliance auditing is to undertake sufficient
testing to be able to confirm, with reasonable assurance that controls that
should be present in a system are being deployed.
The areas tested are:
¢ Core CATs (Compliance Audit Tests)
e Government Services
e Procedural Security Inspection
11.3 For current tests and user instructions see CAT reporting tool and user instructions on our
Toolkit.
(ref EASE - Audits - CAT Tools/Instructions).
Section 12 - Follow Up audit
12.1 Follow up Audits are performed to provide assurance that gaps identified at a previous Audit
have been addressed.
12.2 Follow up audits will be noted on the Schedule as code 475, and the entry will have the
branch code and branch name noted.
12.3 You must access the latest Follow-Up Tool from EASE - CAT Tools/Instructions).
12.4 You must access the latest - User Instructions for Follow-Up Audits as above.
12.5 On site, you will test that all actions have been addressed and gain assurance that there is
evidence to support your findings.
12.6 A cash check must be performed by the Field Advisor attending the branch.
12.7 You will perform a closing meeting, to discuss your findings.
12.8 You will complete the relevant Follow-Up Audit Report, and post a copy to the branch and
copies should be emailed to all stakeholders as per latest Audit Report matrix.
18
POL-0143127
POL00141789
POL00141789
Section 13 - CLOSE OF AUDIT MEETING
13.1 Once the financial audit and compliance tests have been completed, the audit findings will
need to be discussed with the Subpostmaster. The following guidelines should be followed:
The closing meeting should already have been discussed and planned with the
Subpostmaster as part of the opening meeting at the outset of the audit
The meeting should be conducted in private whenever possible as some of the points for
discussion may be sensitive
Recognise good working practices in the office
The lead Field Advisor should be familiar with all the findings of all the tests completed
When talking through the findings it is important to discuss them in a balanced way and
be able to qualify exactly what is meant. The reason for any actions should be made
clear. It is essential to highlight where the correct procedure is documented and the
importance of adherence to it, by explaining the correct procedures and clarifying
understanding. The lead Field Advisor must highlight the consequences and impact of
failure to comply for the Postmaster/staff and for the business. Failure could lead to the
loss of the Subpostmaster’s contract to provide products and / or services, and / or
financial penalties for Subpostmaster, his staff and the business
Following the closing meeting a customer satisfaction feedback form should be left with
the Subpostmaster at the branch - The Postmaster should be encouraged to complete
and return this form.
19
POL-0143127
POL00141789
POL00141789
Section 14 - AUDIT REPORTING
14.1 All standard audit reports are embedded within the P32, CAT Reporting Tool or Follow-Up
Audit Tool.
Please refer to the latest user instructions held on EASE.
Please refer to the current “reporting matrix” held on the
(ref - EASE - Audits - Audit Process Manual - Chapter 8)
In the event of a suspension an additional report will be required, (ref - EASE- Audit- Audit Process
Manual - Report Templates)
14.2 The lead Field Advisor must telephone the branch two days after sending the report to
confirm their understanding of the content and highlight their responsibility for the return of the
Declaration of Compliance.
20
POL-0143127
POL00141789
POL00141789
CROWN OFFICE APPENDIX A
(Additional information to be used at Crown Branches)
The appropriate working papers specifically for Crown offices must be used.
e Check and verify as a minimum, 50%of the counter stocks. If time and resource allow then
additional counter stocks can be checked
e All dormant stocks have to be checked
e Any stock held by the Branch Manager (it is advisable for the integrity of the audit to have a
back office duty confirm whether the Branch Manager has a stock allocated to them rather
than accept the Branch Manager's declaration)
e Stocks with cash in excess of 25k
If a discrepancy of more than £1000 is discovered, this should be reported to the Crown Area
Manager and Fraud Advisor: There is no need to escalate this to a Tier 2 Audit, or keep the branch
closed for longer than is necessary.
If a discrepancy of £10,000 or more is discovered, the Crown Area Manager and Fraud Advisor
must be notified immediately and the Branch remains closed until a full Audit of Accounts (Tier 2)
can be completed. The branch should be re opened at the earliest opportunity to minimise
disruption to customer service.
21
POL-0143127
POL00141789
POL00141789
FRANCHISE AND MULTIPLE BRANCHES APPENDIX B
The all branches database will provide details of branches that are of either a franchise or multiple
branch type. The lead Field Advisor should obtain this information at the preparation stage along
with:
e The name of the multiple / franchisee
e The multiple/franchise company contact point e.g. nominee
e The name of the Contract Advisor
The financial audit process outlined in this chapter can be applied to multiple and franchise
branches with the following exceptions:
If highlighted in the Branch Performance Profile model the lead Field Advisor will need to determine
if the procedural security compliance paper needs to be undertaken if the branch is a franchise.
Some franchise branches are self-insured and in these cases the Procedural Security Inspection
tests should not be completed. The self-insured franchise branches can be identified from the
branch details excel spreadsheet, available from EASE. Any major security weaknesses must be still
noted, however, and commented upon in the audit report.
On arrival at the branch, the lead Field Advisor should make the visit known to the store manager
and any local entry procedures must be adhered to. At the beginning of the audit the lead Field
Advisor must telephone the company contact e.g. nominee or post office representative as soon as
possible to advise that an audit is taking place and to invite them to the closing meeting at the
branch. The estimated time of the closing meeting should be advised and, if the company contact
is unable to attend, it must be confirmed that they are happy for the audit findings to be discussed
with the officer in charge on site. In this situation, the nominee or post office representative must
be contacted upon completion of the audit to relay the findings.
Any irregularities, discrepancies, admissions etc. should be reported to the Contract Advisor.
22
POL-0143127
POL00141789
POL00141789
OPEN PLAN AND COMBINATION FORMATS APPENDIX C
A Combination Store is the title given to retail branches that combine other retail business with
Post Office transactions using the same point of sale. The same person will deal with retail and
Post Office transactions, but funds and accounts will be separated.
The financial audit outlined in this chapter can be applied to open plan and combination branches,
but special care must be taken because of the different security arrangements.
To minimise security risk to staff and funds, the following principle applies:
e Under no circumstances should bulk cash be counted in positions which are exposed to
the public
e If the owner of the premises refuses to close to allow for the counting of bulk cash then
contact their Contracts Advisor
e Allcash on hand should be counted in a secure back office area (if available) or prior to
the branch opening for business to avoid the problem.
e Cash being moved to a secure area should not exceed the till limit for open plan working
unless the premises are closed
23
POL-0143127
POL00141789
POL00141789
WH Smith Branch APPENDIX D
(Additional information to be used at WH Smith Branches)
¢ On arrival at the branch, the lead Field Advisor should make the visit known to the store
manager and any local entry procedures must be adhered to.
¢ There is no need to contact WH Smith (as we would with any other multiple) as senior WHS.
Security & Investigation managers are aware of the audit plan.
e WHS have an insurance waiver, but compliance questions relating to Procedural Security
Inspection should be asked. This is at the request of the Head of Business Development (WH
Smith).
e The closing meeting will take place with the person performing the lead Field Advisor and
the Branch Manager (or their representative at the branch) on the day of the audit.
Process - Financial
Physical check of cash & cheques
e Counter stocks: - 2 - 3 prioritising in cash value highest while still allowing the branch to
open at the normal time
e Main Safe stock unit
e Any stock unit showing unusually high cash holdings
e Rollercash contents can be assured if branch is open.
Physical check of foreign currency
e Full bureau stock unit only
Physical check of stock
e Main stock only - verify stock items as per Financial Assurance
process (excluding MVL discs)
e Stock items in other stock units where holdings are considered to be high
Full check on a stock unit where a large discrepancy is uncovered.
Process - Compliance
e Questions will be directed towards the BM and ABM in the office and as many counter staff
as practically possible. If the manager is unavailable then a representative of the manager
should be chosen.
e Unlike some self-insured multiple partners, security questions should still be asked.
24
POL-0143127
POL00141789
POL00141789
Contact
If there is an issue onsite, i.e. discrepancies over £1000 then there is one main point of contact,
Simon Davies (WH Smith). Any intervention to suspend staff will be actioned by either Simon or
passed onto an appropriate WH Smith manager to deal with. One phone call from the lead Field
Advisor will be sufficient. If Simon is unavailable at the time then either of the other 2 names below
can be contacted.
Simon Davies -!
Or
Steve Hall -!~ GRO
John Hey - (.
Audit reports (including Appendix A & B) for WH Smith should be submitted to the following:
LA Hill, simon.davies . ] ian.rowley¢ I
25
POL-0143127
POL00141789
POL00141789
Outreach Branches
Appendix E
(Additional information required at Outreach branches)
This is a new concept to supply small community and rural areas with a counter service. A Core
branch will operate one of a range of outreach options offering a variety of transactions.
There are four types of outreach branches:
Partnership
Hosted
Mobile
Home Service
FWNE
This document aims to briefly describe each outreach branch type, and identify an effective audit
solution.
Each outreach type is different in function, and therefore could require a different approach to
auditing. Although the risk exposure of cash and stock is strictly limited, there is a variety of
mandatory security procedures put in place which should be tested to ascertain any degree of
negligence by the Subpostmaster or others in the event of a robbery or burglary.
Branch to Branch Remittances
One feature shared by Partner, Hosted and Mobile outreach branches is the ability to make branch
to branch remittances. This means that the Core branch can remit cash and stock directly to the
Outreach and vice-versa; however confirmation of these remittances cannot reliably be undertaken
remotely.
Where an Outreach has remittances recorded on their snapshot, a remittance report must be
produced, detailing the remittances into and out from the Outreach site. On conclusion of the audit
a visit should be made to the Core branch, to confirm the remittances made.
If called upon to close a Partner, Hosted or Mobile outreach site (in conjunction with the closure of
the Core branch), all cash and stock must be remitted in the first instance back to the Core. The
process for doing this is different from the method used by other (non-outreach) branches, and is
described below:
Special ‘Branch to Branch’ labels have been produced for returning cash (P6579), stock (P6580)
and foreign exchange (P6581). The cash, stock or currency should be prepared for despatch as
normal, affixing the appropriate label over the bar code on the appropriate remittance pouch.
From the desktop menu on Horizon, select:
Transactions (F1)
Remittances (F3)
Out Branch (F8)
Three options will be displayed:
Cash (F1)
Stock (F2)
26
POL-0143127
POL00141789
POL00141789
Currency (F3)
Select the type of remittance you require, and enter the details as normal. When all items have
been entered for the type of remittance being made, touch the ‘Finish’ icon, and scan the
appropriate bar code label. A Remittance Out slip will be produced. Repeat for each type of
remittance as required.
Please note that when remitting out cash, a message will be displayed indicating different
procedures for coin; this should be ignored.
For inward remittances, from the desktop, select:
Transactions (F1)
Remittances (F3)
Pouch Delivery (F9)
Scan the barcode of the branch transfer label. A message saying ‘Auto Rem Data cannot be found’
will be displayed. Press the enter button to continue, and open the pouch. Values (cash and
currency) will need to be entered twice to confirm the amount, with stock items entered as normal.
Sign the advice note and file with the Core branch papers.
Full instructions for branch to branch remittances can be found in Operations Manual Interim, Issue
1A, dated 7 June 2007.
Partnership
A ‘partnership’ outreach site is operated by an independent party or agent of the Core
Subpostmaster, offering a limited range of standard Post Office services. An area of the Partner's
own premises (which may be a pub or other retail premises) will be used for housing portable
Horizon equipment and securing overnight cash and stock (for which a size 0 coin container will be
provided).
Overnight cash and stock holdings should be limited to a combined value of £6000. The Core
Subpostmaster will deliver fresh cash and stock a maximum of twice a week in a cash carrying
case, and may also remove any surplus items. Surplus cash may also be returned to the Core
branch by Special Delivery. It is possible therefore for value items proper to the Outreach site to be
held at both locations.
All movements of cash and stock between the Core and the Partner will be remitted, as the Partner
branch will operate a completely different branch code. Branch to branch remittances will therefore
be in place.
Working cash should be limited to £600 at all times, with the remainder secured in the container
provided. Opening times will mirror the standard opening times of the Partner, details of which can
be obtained from the online branch locator.
27
POL-0143127
POL00141789
POL00141789
The Subpostmaster of the Core will be responsible for producing a trading account at the Partner
branch, and any resulting losses and gains.
Audit Format - Risk Audits
Any risk-based audit will take place on the Partners premises. Establish location and opening times
using ‘Branch Locator’.
Upon arrival a call must be made to the Core Subpostmaster to inform them that an audit is to
take place, and to give them the option to attend if they wish.
All necessary reports required for audit purposes can be generated from the portable Horizon
equipment on site, but as all daily and weekly documentation is retained at the Core branch;
reference may need to be made there if any discrepancy needs to be resolved.
Most, if not all, cash and stock should be on site at the Partner branch. Upon conclusion of the
audit if there is a discrepancy, a visit may be required to the Core branch to verify any assets of the
Partner branch held there. If there is any doubt that assets presented by the Core are not proper to
the Partner, the respective Field Team Manager should be informed, and a decision on auditing the
Core branch needs to be taken.
The standard financial audit process as prescribed in Chapter 3 of the Audit Process Manual may
be followed. As the Post Office site may not be provided with a counter screen, where possible seek
a private area to count any bulk cash.
Compliance testing should be limited to the range of transactions available, remembering that,
other than leaflet distribution, the Partner is not allowed to conduct financial services transactions.
Audit Format - Robberies/Burglaries
When arranging attendance, the lead auditor should request the Core SPMR to contact the Partner
and inform them of the audit. The Core SPMR should also be asked to attend to witness the audit.
In all other respects, follow the standard robbery/burglary audit process as contained in Chapter 6
of the Audit Process Manual.
Audit Format - Transfers/Closures
Where the Core SPMR is transferring or closing, as part of the preparation the SPMR should be
requested to retrieve the portable Horizon equipment from the Partner, together with all cash and
stock in the secure case, for checking and transfer on the day of the transfer/closure. Ask them to
ensure that suspense is clear and all transaction corrections have been brought to account.
Both the Core and Outreach Horizon systems will need to be balanced, with details of the new
Subpostmaster entered. In addition to a P242 Final Account and P344 Transfer sheet for the Core,
a separate P242 and P344 for the Partner Outreach branch must be completed.
Ensure the secure case and keys are passed to the incoming SPMR and list on form ARS110.
28
POL-0143127
POL00141789
POL00141789
Hosted
Hosted outreach branches differ from the Partnership format in that they are operated directly by
the Subpostmaster (or their employee), although they continue to use third party premises (such as
village halls). A session of service may take place in a number of different sites, with the cash, stock
and portable Horizon equipment being carried to each site in a private vehicle.
Where different sites are operated, this is known as a cluster. A Core Subpostmaster may operate
more than one cluster, but each cluster will have its own cash, stock and Horizon equipment and be
issued with their own individual branch codes. The code will be unique to the portable Horizon
equipment.
Although the same equipment will be used at each site, and thereby the same code used for
accounting purposes, each site will have a dummy code which will be used by ‘Branch Locator’ for
address and opening times only.
Please be advised that portable Horizon equipment is very heavy (nearly 10Kg) so moving it is
inadvisable without health and safety measures being considered.
Cash and stock is remitted between the Core branch and the Hosted cluster, so again, branch to
branch remittances will be in place.
All items are transported in a secure case to each Hosted site and returned for overnight storage to
the Core branch. Cases will normally have a £6000 limit, but certain clusters may be issued with a
£15000 limit case. No value items should be left at the Hosted site overnight.
The Subpostmaster of the Core will be responsible for producing a trading account for each cluster
at the Core branch, and any resulting losses and gains.
Audit Format - Risk Audits
As each site has a unique branch code, its location and times of opening can be found via the
intranet ‘Branch Locator’. However as these are dummy branch codes for location and opening
times only, the sites are actually operated using mobile Horizon equipment with it’s own branch
code (when part of a cluster).
Where a risk is identified with the cluster code, we need to identify the location of the equipment at
any given time. Once known, an audit can be scheduled at a time when the equipment (and thereby
the cash and stock) is back at the Core branch. No cash or stock should be held at the Hosted site.
This will provide a secure location from which to conduct the audit, and will assist with the
verification of the remittances.
Follow the standard audit process as laid down in the Audit Process Manual.
29
POL-0143127
POL00141789
POL00141789
Audit Format - Robberies/Burglaries
Burglaries will affect both the Core and Outreach as all cash and stock for the Outreach should be
held on site at the Core branch. If it is confirmed that Outreach cash or stock has been stolen in the
burglary, a separate audit will need to be undertaken on both the Core and Outreach, with the
overall loss being apportioned appropriately.
In the event of a robbery on a Hosted site, the Subpostmaster or his employee (whoever is
operating the cluster) should be requested to return to the Core branch for an audit.
In both instances the standard robbery/burglary process should be followed.
Audit Format - Transfers/Closures
Where the Core SPMR is transferring or closing, as part of the preparation the SPMR should be
requested to ensure the portable Horizon equipment for the Hosted site, together with all cash and
stock is available for checking and transfer. Ask them to ensure that suspense is clear and all
transaction corrections have been brought to account.
Both the Core and Outreach Horizon systems will need to be balanced, with details of the new
Subpostmaster entered. In addition to a P242 Final Account and P344 Transfer sheet for the Core,
a separate P242 and P344 for the Hosted Outreach branch must be completed.
Ensure the secure case and keys are passed to the incoming SPMR and list on form ARS110.
Mobile
A mobile van is a third option for Outreach sites. The van is specially adapted for use as a Post
Office, allowing customers to enter and conduct transactions inside. The van may be operated by
either the Core SPMR or his registered assistant.
The Mobile travels to designated places in defined communities to operate a session of service, and
offers all the transactions offered by the Core branch, together with a small selection of retail items
from the SPMR private business. A mobile phone must be provided by the Subpostmaster for use
in emergencies.
The vehicles remain the property of Post Office Ltd at all times, and are subject to strict conditions
of usage. A cash carrying case is also supplied for carrying cash and stock to/from the Core branch
and the Mobile, which contains a four minute delayed cash compartment. Fuel for the vehicle is
paid for by the SPMR, for which there is no reimbursement.
Vans are fitted with fixed Horizon equipment with unique branch codes from the Core branch.
Again, branch to branch remittances will be in place. Maximum disposable cash that may be carried
in the van is limited to £15,000, and should be bundled in £500 units. There is a secure
compartment fitted to the vehicle for holding the cash case.
At close of business, the van is returned to the Core branch, where all cash and stock is removed
for storage in the safe overnight. The van itself is plugged in to a remote power supply and ISDN
line overnight for polling and recharging.
30
POL-0143127
POL00141789
POL00141789
Audit Format - Risk Audits
Where possible, an audit of a Mobile should be scheduled to take place at the Core branch at a time
when it can be verified that the Mobile is not itself scheduled to make its rounds. If already
departed, contact should be made with the van by mobile phone to request its return.
Print out a snapshot using the Horizon terminal inside the van. Obtain other relevant paperwork
from the SPMR and verify assets inside the Core branch. Once verified with no significant
discrepancies, the Mobile may be loaded up and allowed to depart. Care should be taken to ensure
that only cash and stock relevant to the Mobile is presented. If there is any doubt, a full audit of the
Core branch must also take place before the Mobile leaves.
Audit Format - Robberies/Burglaries
If the Mobile is hijacked, procedures described in ‘Auditing Without Access to Horizon’ should be
followed.
In the event of a robbery, the Mobile should be requested to return to the Core branch after any
Police activity has ceased to enable an audit to be carried out.
In all other respects, follow the standard robbery/burglary audit process as contained in Chapter 6
of the Audit Process Manual.
Audit Format - Transfers/Closures
Request the outgoing SPMR to ensure the Mobile is returned to the Core branch in time for the
transfer/closure activity to take place, with cash and stock removed to the secure area.
Balance both the Core and Mobile branches (audit resource may need to be increased, depending
on the combined bth figure), rolling both into the next trading period or balance period as
appropriate.
Add/remove both incoming and outgoing Subpostmaster’s access to both sets of Horizon
equipment, and complete a P242 Final Account and P344 Transfer form for each branch code.
Ensure the Mobile van, cash carrying case, all relevant keys, together with log books and
maintenance records are transferred to the incoming SPMR and are recorded on the ARS110 form.
Home Service
A Home Service is run by a Core branch providing a limited range of Post Office services to
registered customers within a strictly defined area.
For a customer to use this service, they must be registered with the Core branch and live in the
defined area served by the Outreach. Completed registration forms will be held at the Core branch.
Orders may be placed by the registered customers by phone to the Core branch, where the orders
are recorded onto an order form (in duplicate) and made up. The order may then either be:
¢ sent by post (certain prepaid items only (no cash), minimum value £10)
e delivered to the customers home (again, minimum £10)
e taken to an agreed ‘drop-in’ centre
31
POL-0143127
POL00141789
POL00141789
All fulfilled orders must be transported using a secure case (£2000 limit). Certain ‘on demand’
products may also be taken for sale ad-hoc, together with a small cash float. Upon delivery, the
customer will sign the order form and be given the duplicate copy. The top copy is retained.
All transactions will be processed through a separate stock unit on the Core branch Horizon system,
once payment has been received from the customer. Note that for this type of Outreach, there is no
separate branch code; it is simply a separate stock unit on the Horizon system of the Core branch.
Audit Format - Risk Audits
As this Outreach model does not have a separate branch code, any audit will be determined from
the risks affecting the Core branch, and any resulting audit will take place at the Core branch.
Once on site, establish whether a Home Service is scheduled for that day, and the likely time of
departure (or return if already departed). If one is scheduled, make this a priority for checking. Print
off a balance snapshot for the Home Service stock unit and verify the items held. If items are stored
in the secure case, be aware that there is a four minute time delay on the cash compartment.
If already departed before commencement of the audit, any cash/stock removed for the Home
Service is not on site and cannot be included in the audit. Any resulting shortage on the Home
Service stock unit should be below the £2000 maximum limit.
If the case is returned before the end of the audit, verify the contents to the discrepancy derived. If
it is not returned and the result requires escalation, inform the Contracts Advisor that a Home
Service is operated and that the result is affected by the discrepancy on the Home Service stock
unit.
In all other respects, follow the standard audit process as contained in Chapter 3 of the Audit
Process Manual.
Audit Format - Robberies/Burglaries
If a robbery occurs on the Home Service case whilst away from the Core branch, and it is confirmed
that all necessary transfers have taken place between the Core and Home Service stock units, then
discretion may be used to audit only the Home Service unit (or waive it if below £1000).
In all other respects, follow the standard robbery/burglary audit process as contained in Chapter 6
of the Audit Process Manual.
32
POL-0143127
POL00141789
POL00141789
Audit Format - Transfers/Closures
No change from standard process. Ensure the case, keys and customer registration forms are
passed to the incoming SPMR and listed on form ARS110.
Further Points/Problems Identified
1. As Hosted sites have dummy codes but are serviced by a cluster Horizon equipment with its
own code, how does that sit with the risk model? Theoretically as the only code used for
accounting purposes is the cluster code, only that could possibly have a risk based audit, but
if the dummy codes are entered on the risk model as well, could these be selected on a
random audit? If so, we will actually be auditing the cluster, not the dummy.
2. The above has highlighted a need for us to have a database indicating:
Core Branches
Outreach branches each operates
Location/code of each Outreach
Mobile rounds (specifically times and days of leaving/return)
eceee
ATMs APPENDIX F
33
POL-0143127
POL00141789
POL00141789
There are 5 different ATM types on site at branches.
The different types of machines in the network are:
e PO maintained - this machine holds between £50k- £250k and is funded by a
remittance received at the branch. The transactions are reported through the branch
trading statement
e Fully Serviced - this machine type is totally maintained by Securicor
e Self-fill: Retail cash - this machine is funded from private cash and under no
circumstances must Post Office funds be utilised. This is considered misuse of funds
and should be reported to the Contracts Advisor
¢ Self-fill: PO cash - this machines hold £1k - £3k and are funded from PO funds
e Self -fill surcharge - this machine holds a maximum of £2k, funded by PO funds. Funds
must be only PO, i.e. NOT £1000 retail, £1000 PO. NB: All funds must be removed and
secured in approved safe overnight.
There are consequently only 3 machine types that would need to be verified as part of the audit
process. Although it is not possible to open any of the ATMs whilst the branch is open for business
(if access is not via the secure area), consideration should be given to checking the contents of the
ATMs before the branch is allowed to open. If the branch (or the retail side) is already open for
business when the audit commences then they should be closed for a short period whilst the ATM
contents are checked.
If, however, it is not possible to perform a physical check of the ATM during the audit then sufficient
reports should be obtained from the ATM to provide assurance that funds are on hand within the
ATM. This should be subsequently fully documented in the audit report, and reported to the
Contracts Advisor at the time of the audit.
The obtaining of ATM reports should not be considered a replacement for physically checking the
actual contents of the machine. It should be used as a temporary measure to carry on with the
audit until such time (during a quieter period of the day as mentioned above) when the branch can
be closed for a short period to perform the physical verification.
In extreme circumstances when the ATM is unable to be accessed, 4 weeks entries for ATM
withdrawals should be checked to ascertain whether or not stated holdings are reasonable. All
instances whereby the ATM cannot be accessed must be reported to the Contracts Advisors.
34
POL-0143127
POL00141789
POL00141789
ACCESS TO THE HORIZON SYSTEM APPENDIX G
It will be necessary as part of an audit to gain access to the Horizon system at the branch being
audited. There will also be times when different levels of access will be required and the following
should be adopted:
Standard Audits
Field Advisors can be added to the system as a user in order to print the necessary reports or the
reports can be requested from, and produced by, the Subpostmaster. Where the Subpostmaster
supplies the reports, a Field Advisor should remain in attendance whilst the reports are produced.
If the audit subsequently identifies a financial irregularity a ZAUD99* one-shot password (OSP)
should be obtained for further use of the system. Any extra users can then be added to the
system, if required, from the ZAUD99 user ID.
Audits at the request of the Investigation Team
It is important at these audit types that we do not jeopardise future court cases or prosecutions by
ensuring we have followed proper access procedures to the Horizon system. A ZAUD99* (OSP)
should therefore be obtained for access to the system and this to be obtained on site in the secure
area. Once logged on as ZAUD99 user it can then be used to create other users on the system in
order to later assist with the production of transaction/event logs.
*If the audit is a contract and service concern or investigation request then the ZAUD99 level of
access will be required. The NBSC must be contacted as soon as possible after the start the audit
to commence the process for obtaining this type of access. As previously stated, do not attempt to
log on to or gain access to the Horizon system until this one-shot password has been obtained.
Any delays or problems in obtaining a one-shot password must be reported to the Field Team
Leader.
Please note: - If users have been added to the system during the course of an audit remember to
delete them from the system at the conclusion of the audit before leaving the branch.
35
POL-0143127
icrosoft Excel
aths for printouts ¥3.xis
POL00141789
POL00141789
PPENDIX G
2] Dice snapahat [Deaitop [> [Fo Office bolencing [> [Fiaifice snopanot Lo Tra Prine J
“(Ca Wiew Stock Unies [Bestop I > [Ft Administration I» [Fi Stock Unita LO] Fa view Stock Unite [Lo [wicw fit ont ]
3] Bstance cnaphot (if more than one ctock unit} [Decker I + [Fa stock batancing I » [Fs Balance cnapchor [> [rs Prine ]
6] Foreign currency holdings (if ranzacted) [Deckop I + [F2 Repors [2 [Fr comer Osity [? [Fis Foreign Currency [Fe Prin
T[Owsnndiag summaries [Besitop 0 [Fa steak batancing [0 [FI Summaries [Lb [et sarnmavias Yor a iatea [6 [Fa Prt ]
Soe comms [Sacieeg Lb [FS Ropar [olFitvantes Le Fia Ucar sommary Lo lee Fre 1
S][ Seapence cecoust apart [ees [Fo Repan [Lp [reaiiecwean [LP] Fitspece account Lo Trarim 1
I Remiencs Te [Becitop Lb [Fo Rapanie [Lo [Fe Gites da 1d ERENCE) Lo LFa rine 1
W2[ emittance Got [Besitop [> [F2Repans [Lora ote dai LOTS Roms out tay) Lo [Fa Prine ]
“(Ci [Revarzat repens [Sacitsp [> TFa Repone [oT FSTrencscion oa Le Fiiied [PER apent for BY [oF ie continve
14] Tronzsction corrections outstanding [Dscmop [> [Fe Reports [> [Fis ouctensing wancsctionrsports I > [Fa Print I
a Stack adjustments
[Beainap
Lo TFE Rep:
Lo [Fiimode
[Lo [Stack sajuarmen
Prapeat for stock adjustments E)
Lo [Fi continve
Fra
[Branch Audit Report A v1.
Gi }oranch A. ][S[Microso... A]3.Audte,.. I
36
doc - Microsoft Word]
POL-0143127
POL00141789
POL00141789
Dealing with discrepancies over £1k revealed at audit or admittance. (Except Crown Branches) Appendix H
Discrepancy < £1k Discrepancy > £1k Misuse of funds admitted
Lead Field Advisor to report findings to the
Are there any financial Contracts Advisor, Investigation Team Manager,
irregularities or suspicious I—————————»I_ Audit Planner and Team Leader. For National
circumstances? Yes Multiple branches the Lead Auditor should also
contact the National Multiple Team for amounts >
£5K
No 4
Contracts Contracts Advisor Contracts Advisor makes a Contracts Advisor makes
Seek proposals to make good Advisor makes a decision to decision to precautionary the decision NOT to
audit discrepancy makes a *I close the branch and >I suspend subpostmaster >) precautionary suspend
decision to No de-fund No and transfer branch No subpostmaster
keep the
I branch Yes Yes I
Document findings and closed Audit Leader de- Audit leader adjusts Audit Leader to completeI
proposals in the audit report. pending funds branch and horizon accordingly to laudit as normal includingI
E-Mail the audit report to the interview prepares final reflect the true cash and CAT'’s if time available
relevant bodies account stock figures in the branch
and prepares for transfer
Yes
Secure all cash, stock and none value
items in safe obtain safe keys and
change alarm codes, if branch to be
kept closed or transferred at a later
date
37
POL-0143127