ARC.(08)2"°
13.< 25
POL00396455
POL00396455
Royal Mail — Strictly Confidential
ROYAL MAIL HOLDINGS pic
(Company no. 4074919)
AUDIT AND RISK COMMITTEE
Minutes of the.meeting held at'148 Old 'Street'on 7" May'2008
Members of the Committee Present:
Helen Weir
Richard, Handover
Margaret Prosser
In.attendance:
Adam Crozier
lan.Duncan
Jonathan Evans
Doug Evans
Derek'Foster
Mike Moores
Sarah Hall
Alison Duncan
Will Rainey
Anup Sodhi
Andrew Poole
ARC08/13
ARCO08/14
ACTION
Derek:Foster
(a)
(b)
(a)
(b)
Non Executive Director, Chair of the Committee
Non Executive Director
Non Executive Director
Chief Executive
Group Finance Director
Company Secretary
General Counsel
Internal Audit & Risk.Management Director
Financial Management & Control Director
Chief Accountant
Ernst ,&Young
Ernst &Young
‘Ernst &Young
Deputy:Company Secretary
MINUTES
The minutes of the meeting of the 6" March 2008 were
considered and approved as.an accurate record of the
meeting;
the minutes of the-GLS.Audit'& Risk Committee dated 4"
March 2008.were noted.
STATUS REPORT ARC(08)14
The Committee:noted the:status.of-actions from:the previous
meetings. In particular:-
ARC08/03(m).GLS Risk Assessment: lan Duncan reported
that'the GLS:Audit.Committee had‘met on:the 30" April.
Siiccession:was one of'the key'issues for the business and
was under active consideration.by GLS. This was an area of
concern and Helen Weir said that she would report on this
matter atthe Holdings Board;
ARC08/07(c) Tax issues::the Committee noted the progress
in recruiting for-a.new Tax Director:‘and that temporary
resource was being sought to strengthen the department. An
9
ACTION
Derek Foster
ARCO08/15
(c)
(a)
(b)
(c)
{d)
(
(g)
POL00396455
POL00396455
Royal Mail — Strictly Confidential.
update would be given on the Tax department Control
Environment at the September meeting;.
ARC08/11(b)IA&RM Questionnaire: responses to.the
questionnaire were being collated.and the results would be
shared with the Committee at the next meeting.
2007--08'YEAREND = ARC(08)15-- 16
Group Accounts: the. Committee ‘noted the draft Press
release; Preliminary Statement:and set of Royal Mail
‘Holdings: plc-Group Accounts: including the:draft‘Chairman
and Chief Executive's Statement, draft Annual Review;
Directors’ Report, Directors' Remuneration Report; Operating
and Financial, Review-and parent company:aécounts;
Briefing Book: the Committee further ‘noted the Briefing Book -
providing an analysis of performance against prior year‘and
the balance:sheet movements’ year-on-year. The-analysis”
had ‘been provided'to’facilitate:understanding of the nuribers
disclosed in the Accounts. An-analysis.of performance
against budget for the year had been presented to the:Board
if the scorecard process for March 2008: There had been no
movements in‘operating profit:since that présentation;
the-Audit and Risk Committee feviewed the-Accounts for
2007-08.and_endorsed the Accounts:for approval by the
Board; ‘
Letters of Representation ‘ the.Committee agreed the content
of the Letters of Representation ' included in. the Ernst &
Young ‘reportforissué to the’ uditors.on'behalf‘of the Board
and delegated authority 9 the Board Sub Committee to-sign
the letter;
E&Y ‘Report: the @ Committee: noted the}audit,results'report for
the year ended 30"-March 2008. In particular Will Rainey
asked thatthe. preliminary statement be clearly marked as
unaudited. The-Audit work had been accelerated to ensure
‘that the ‘primary:stafements and:all notes’to.the:accounts that
‘tied into.the primary‘statements were.completed by the 7th
May. The ability to:accelerate the publication of the Group's
annual.results had been supported by a strong financial close
process including:a:Hard P4111: close that had been‘well
executed by the business;
E&Y confirmed that they concurred with the. directors’
conclusion that'both the-RMH Group and,RMG:accounts
should continue to bes prepared on a going: concern’ basis.
E&Y furthér:confirmed that it would be appropriate'to remove
the emphasis of matter statement fromthe POL accounts;
on the basis of the work:undertaken:so far E&Y confirmed
that they had not identified anything which would lead them to
believe that they would not:be. able to issue an unqualified.
10
ARCO8/16
ARCO08/17
(i)
0)
(a)
(b)
_ ©)
(a)
POL00396455
POL00396455
Royal Mail -.Strictly Confidential
audit:report‘in respect:of'the Group financial statements and
related notes;
Tax:.Alison Duncan noted the.issues that had arisen in
relation to VAT and to the-changes of personnel within the
tax department — this had.meant that a high level of attention
had been given to:this-area: The.Group would bolster the
capability in the:tax department especially with regard to\VAT
by the’use of temporary consultants. E&Y noted that'this was
a critical area‘for'the business-and acknowledged that the
right course-oftaction had:been taken, to deal'with the’issues;
IT audit: following the challenges experienced in performing
the.IT‘aldit‘in.prior years, the.audit: process.was greatly.
improved,as the:ownership for managing third party
suppliers‘and delivery of audit information was much clearer
and individuals were more.accountable. The:most significant
finding had been the unlimited:access to the.SAP system by
third party programmers. The findings were consistent with
the broad:themes and challenges in relation to the Group's IT
environment:presented.to an earlier meeting of the
Committee;
POL: dué-+to the current demands arising-from‘Funding;and
the Government Review the POL close process at'the centre
had not .impréved-to the same degree.as Chesterfield. This
was an area that was:currently being reviewed by POL
management;
2007-08. Non:aidit fees: the Committee’noted a.summary of
the non-audit'services provided by Ernst & Young:during the
last-financial year.
INTERNAL. AUDIT & RISK’ MANAGEMENT QUARTERLY
REPORT —ARC(08)17
Derek Foster ‘introduced a report summarising the.activity of
IA&RM for the-period March 2008 to April 2008. The
Committee noted:+
twenty-one reports had been issued in the period with 9rated
as not satisfactory.or medium risk. The.number of agreed
recommendations overdue for completion had.decreased
from 10% at January 2008 to 6%:in February 2008;,
the Committee inoted.the:quarterly [A&RM report dated May
2008. -
INTERNAL AUDIT & RISK MANAGEMENT PLAN
ARC(08)18
Derek Foster introduced a paper setting out the proposed
Internal Audit & Risk Management Department Plan for
‘2008/09;
11
ACTION
Derek Foster
ARC08/18
ARCO8/19
(b)
(c)
(d).
(a)
(b)
{c)
(d)
(a)
POL00396455
POL00396455
Royal; Mail — Strictly Confidential
the plan.had been prepared using a risk-based approach to
identify key business areas of.coverage. It focused on
specific areas of concern expressed by senior management
and the,Board. The approach also.took into consideration
the Group Risk Profile; the results of the:rolling Risk-and
Control Self Assessment process (RCSA) undertaken’by. the
business units; key aréas:of,Sighificant change, businéss
areas:which had not been subject:to review for some time
and Tesults-of previous intemal audit reviews. In:addition,
both Postcomm’s Forward Work Plan 2008-11 and:the Audit
Director Roundtable.2008 Audit Plan Hot Spots had been
considered-when preparing the plan;
the: Committee asked that:the reporting of-audit activity
- against’Plan include the: activity. covered by the ‘GLS Audit
team. The:talent management work Would cover'the entire
Group and not only the Letters:business. Adam Crozier‘said
thiat Internal Audit Would accelérate.the audit work’in relation
to the Network Reinvention programme;
the Committee approved the Internal Audit & Risk
Management:Department:Plan for 2008/09.
ANNUAL COMPLIANCE'REPORT ARC:(08)19
The Committee. noted a report covering the compliance unit.
activity throughout the 2007: / 2008 financial year;
inevitably Royal Mail Letters was and would remain the key
focus:of the regulatory framework with Postcomm likely to
increase’ their activity, throughout the:current Price:Control. It;
would.therefore be important 'that the.current restructure.
activity was managed very carefully to.ensure.it:did fot raise
unnecessary licence risks;
although this has been a challenging year the:Compliance
Director had’no feason to:doubt management's commitment
to:compliance, and was broadly'satisfied with the:progress
carried, out in.Royal Mail in 2007/2008. The.current >
Compliance Team: headcount:of 7 was unlikely.to be.
sufficient in 2008/2009;
the Committee noted the contents of the. report and-:thanked
Luke March for his report.
ITCONTROL ENVIRONMENT REVIEW —ARC(08)20
A presentation:was provided‘in‘response ‘to the:request,from
the Committee foliowing’their. meeting,in March asking for an
assessment of the current IT control environment: In
response to this request, PwC had been commissionéd to
provide:an indication of the:existing IT control environment
using existing Control reports, anda benchmark report
against other large‘UK Consumer Products and Service
Companies;
12
ACTION
Robin Dargue
ARC08/20
ARCO08/21
ACTION
Derek.Foster
ARC08/22
(b)
(c)
)
(b)
(c)
(a)
(b)
(a)
POL00396455
POL00396455
Royal Mail — Strictly Confidential
there were several.key-areas, where the Company
anticipated that improvements Would be.achieved through
work that was progressing as part'of. improvements in the
Service Delivery and Business’ Partnering particularly in IT
performance management; Desktop/laptop security, changes
to existing systems, Service-Delivery, IT project management
and third party management;
the Committee noted the work.in progress and acknowledged
that!firm conclusions could not be made*about the contro!
environment until the IT strategy had developed further. The
Committee.requested that:Robin Dargue update'the
Committeeat the Septémber meeting.
BUSINESS:CONTINUITY UPDATE’ ARC (08)21
The Committee was updated on.the:status of Business
Continuity within‘Royal:Mail:and onthe programme to
develop. Business Continuity capability further;
to. meet these'requirements Royal Mail.had in place-a
Business Continuity policy, framework:and deployment
guidelines that.were maintained by the-Group Business
Protection Manager. Deployment was via Business Unit and
Support Function Business Continuity leads who ensure that
each Business Unit considers their business critical activities
and that plans are prepared to mitigate the impact of
disruptions to these activities;
the Committee noted the update.
POST OFFICE LIMITED COMPLIANCE REPORT
ARC(08)22
The Audit & Risk Committee:noted the: Compliance report for
May:2008; .
the Committee agreed that Financial Services:needed a
higher profile ‘and therefore the POL compliance report that
was regularly presented to the.Risk Committee’ would come
to-the Audit*&& Risk Committee for noting.
REVIEW OF GROUP TREASURY COUNTERPARTY
LIMITS ARC(08)23
The Audit & Risk Committee noted a.paper informing the
Committee of the recent review of the counterparty limits
conducted by Group’ Treasury and approved.by the Group
Finance Director: Although the annual review.of bank
counterparty limits would not normally ‘be notified to the
Committee, it was thought that in the light of the present
climate-of the credit markets the Committee:would want to be
aware of the actions taken;
13
ARC08/23
ARC08/24
. ARCO8/25
(a)
(b)
(a)
(b)
(c)
‘@)
POL00396455
POL00396455
Royal Mail — Strictly Confidential
the Committee noted the review of counterparty limits.
ASSESSMENT OF RISK MANAGEMENT AND INTERNAL
CONTROL:SYSTEMS ARC(08)24
The Audit &.Risk’Committee noted’ that'under Principle.C:2 of
the’ Combined Code, the Royal Mail Holdings Board (the
Board) was required to establish a sound system of-risk
management and internal.control to safeguard:Shareholder’s
investment and the Group's assets. The system.should
provide Teasonable but not absolute assurance that the
Group would not be hindered ‘in:achieving its business
objectives;
the Committee noted that when:concluding on whether there
af:appropriate and ongoing process for the
ication, evaluation and management of'significant risks
facing the:Group; that-the procéss had beeén.in. place for the
year under review and up to the date:of approval of the.
> (Annual: Report and Accounts; that'reports.and other outputs
generated through: the process had been:regularly reviewed
by the Board;:and that it accorded with the Revised Guidance
for’Diréctors on the Combined Code.
ANY:OTHER BUSINESS
Regulatory Accounts: the Audit & Risk Committee noted a
paper providing an outline of the process for the production
and publication of the 2007-08 regulatory ‘financial
statements. The. Committee was:asked to approve-the
proposed year’end process, and to:agree that.the Chair of
‘the-Audit and Risk Committee, in conjunction with the: Group
Finance‘Director, approve’ the final tegulatory fi financial
statements'on behalf of the Committee;
the:Holdings ‘Board would be:asked'to delegate authority to a
sub committee of Adam Crozier‘and lan Duncan to approve
and'sign-the final regulatory financial statéments. The
- Committee noted and agreed the proposed process for the
production and publication. of the 2007-08 regulatory financial
statements; and
the;Committee agreed that.the Chair ofthe Audit:and Risk
Committee, in conjunction with the Group Finance Director,
would approve the final regulatory financial’statements:and
the Letter of Representation on.behalf of the Committee;
ianDuncan confirmed that the Audit & Risk‘Committee
‘teééting previously, scheduled to.be held on’the 4" June 2008
was no,tonger required:
DATE OF NEXT MEETING
The date of the next meeting of the. Committee was
Wedriesday. 3” September 2008.
14