POL00423147
POL00423147
Royal Mail - Strictly Confidential
ARC 04/32 TO ARC 04/43
ROYAL MAIL HOLDINGS plc
(Company no. 4074919)
AUDIT AND RISK COMMITTEE
Minutes of the meeting held at 148 Old Street on 7 September 2004
Members of the Committee Present:
Bob Wigley Non Executive Director, Chair of the Committee
John Neill Non Executive Director
In attendance:
Elmar Toime Executive Deputy Chairman
Adam Crozier Chief Executive
Marisa Cassoni Group Finance Director
Jonathan Evans Company Secretary from item ARC04/35(i)
Derek Foster Internal Audit and Risk Management Director
Frank Schinella Director, Financial Management & Control, for ARC 04/25
Martin Gafsen Group Investment Director
David Lindsell Ernst &Young
Earl Sibley Ernst &Young
Graham Halliday Director of Banking & Financial Services for ARC 04/39
Keith Woollard Head of Compliance for ARC 04/39
Andrew Poole Notes
ARC04/32 MINUTES OF THE PREVIOUS MEETING
The Minutes of the meetings of the 24 May 2004 and 9 July
2004 were considered and approved as an accurate record
of the meetings. The minutes of the Corporate Risk
Management Committee meetings held on 13 May and 17
August 2004 were noted. In order to enable the Audit and
Risk Committee to stay informed as to how the CSR
Committee is fulfilling its responsibilities to oversee
compliance with Health and Safety and other associated
legislation minutes of the CSR Governance Committee dated
12 May 2004 and 5 August 2004 were tabled at the
Committee. The Committee noted that RMG’s mail safety
policy had been approved by the Management Board and
was being prepared for launch. The Committee also noted
the proposed oversight role to be undertaken by Internal
Audit in reviewing HS&E functions.
(a) I Adam Crozier referred to the minutes of the CSR
Governance Committee dated 5 August and in particular
paragraph 14.3. He reported that two recent failures of the
safety concurrence process, coupled with a lack of
consultation, had been of concern. A note was being issued
1
(b)
ACTION
Derek Foster
(c)
ACTION
Derek Foster
ARC04/33
ARC04/34
(a)
(b)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
to all operational managers reinforcing compliance with the
process.
It had been agreed that any overdue Internal Audit
recommendations would be reviewed at the Executive Board
with the intention of reverting to the Audit & Risk Committee
with proposals to catch up with implementation. This action
was currently outstanding and would be addressed at the
next meeting.
Bob Wigley referred to the CRMC minutes of the 17 August
where it was noted a risk on the CRS ‘non-compliance with
FSA/ anti money laundering regulations — fines and loss of
banking customers’ had been removed from the Corporate
Risk Scorecard. Bob Wigley asked who had to authorise this
and who ultimately approves the Corporate Risk Scorecard.
This was in light of the control environment being put in place
and also Management's view that the impact of any non-
compliance would not exceed £3 million — the highest level of
penalty previously levied by the FSA. Marisa Cassoni
confirmed that an appropriate risk assessment process was
in place to evaluate risks for inclusion in the Scorecard. _
howeverthe- The Committee were-concerned stressed that
the reputational risk associated with any such breach should
also be included in the risk assessment process. Fhe-Risk-
given-The updated summary of Corporate risks and rationale
will be presented to a future Holdings Board meeting.
STATUS REPORT
The Audit & Risk Committee noted the status of actions from
the meeting held on the 9 July 2004.
AUDIT & RISK COMMITTEE -TERMS OF REFERENCE
AND SELF ASSESSMENT
Committee members had recently completed a
questionnaire, in a format provided by KPMG’ Audit
Committee Institute, giving their views on the effectiveness of
the Committee against a range of criteria. These criteria were
the recommendations of the Smith review of Audit
Committees, which had subsequently been adopted within
the Combined Code on Corporate governance as good
practice. The Committee noted that the procedures of the
Committee (when taken together with changes in procedures
already agreed) were broadly compliant with Code
requirements except in the following respects:-
a more rigorous and systematic approach to the review of
Internal audit will be implemented;
terms of reference for the Committee as approved by the
Board in February 2003 to be amended in response to item
5.19 — the Committee will now agree the audit fee;
ARC04/35
(c)
(d)
(e)
(f)
(9)
(h)
(i)
()
(k)
(a)
(b)
(c)
(d)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
further NED being recruited to have significant, recent and
relevant financial experience;
a report on the Committee’s work to be included in the next
Annual Report and Accounts;
Committee remuneration to be reviewed by the
Remuneration Committee in the light of the increased
workload;
Induction programs for the NED's to be tailor made to suit
their experience;
Committee members to report to the Committee once a year
on the training activity they have undertaken to maintain their
currency;
whistleblowing procedures to be relaunched;
a more informed review of external auditor independence in
future years;
the Company's policy for the employment of former
employees of the external auditor and the provision of non-
audit services would be formally documented.
future Report & Accounts would show how RMG’s policies
ensured external auditor independence.
ACCOUNTING AND AUDIT
Chairman's Letter: The Committee had received a copy of a
letter dated 23 July from Ernst & Young to the Chairman
setting out the report to Management for 2003-04. The letter
drew attention to a number of matters, which had been
identified during the performance of the audit work and
previously reported to the Audit & Risk Committee as part of
the normal year-end process. The Committee noted:
a number of points had been raised with Management across
all areas however overall nothing had come to the auditors’
attention that brought into question the ability to issue an
unqualified audit opinion, and many points raised were
considered to be of a housekeeping nature;
previously the letter had been submitted to the shareholder,
but that the relationship had changed and this was now
considered to be a matter solely for Management;
there had been a number of low-level instances of non-
compliance in minor areas, for example, bank reconciliations
not correctly performed, which had been signed off as
reviewed. John Neill said that if managers signed off work as
complete then they should be accountable for the accuracy of
ACTION
Derek Foster
Action
Derek Foster
ACTION
Marisa Cassoni
(e)
(f)
(9)
(h)
(h)
(i)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
the information provided. Derek Foster would review this-area-
of non-compliance. actions taken to address these items and
confirm if the issues had been resolved.
Statutory Audit Hours/Fees 2003-04: the final audit hours and
net fees for 2003-04 together with the 64% recovery rate and
highlighted variances to budget were noted. The Audit fees
for 2004-05 would be agreed with E&Y and presented to the
November Audit Committee for approval;
2004-05 Interim Timetable: The Committee noted the
proposed timetable for the production of the Interim Report
for the 2004-05 half year. The Committee agreed the form of
the Ernst & Young Statutory and Regulatory Engagement
Letters and authorised Marisa Cassoni to finalise and sign
the letters;
Accounting Updates for half Year: The Committee noted the
update on provisions, restructuring creditors and other
significant one-off accruals with particular focus on the
proposed £40 million increase in redundancy provision and
potential adjustment to the ‘bags accrual’;
2004-05 Interim Audit Plan: David Lindsell introduced a report
setting out the Audit cycle and Half Year review approach for
2004-05. The Committee noted that the intention would be to
integrate the statutory and regulatory audits to the maximum
extent possible having regard to the different bases of
accounting involved;
IFRS transitional Balance Sheet: The Committee noted the
third paper presented to it on IFRS over the past 9 months
and confirmed the status of Royal Mail’s IFRS conversion
work, reviewing a draft transitional Balance Sheet and Profit
& Loss as at March 2004. The Committee noted the current
status of this work and that IFRS was still evolving and that
therefore work in this area would continue. In the meantime
Bob Wigley would have a detailed session for his own benefit
with Frank Schinella;
Group Investment Policy and Delegated Authorities: two
papers were circulated. The first covered the reserved
powers and delegated authority framework for Royal Mail; the
second addressed a proposed new Group Investment Policy.
The first report was discussed and the Committee noted
several areas where it did not consider the proposals tight
enough. In particular, contract negotiation, fines per case,
staff entertainment per event, corporate hospitality per event,
debt write off's, company credit and levels per customer were
all considered too high. Contract negotiation subsequent to
authority, management consultancy per item, impairment
provisions, debt write off's, Company credit levels,
redundancy payments and recruitment limits were also
considered too high at the top end where it seemed
appropriate for most if not all items to go to the Board. Derek
ACTION
Jonathan Evans
ARC04/36
ARC04/37
()
POL00423147
POL00423147
Royal Mail - Strictly Confidential
Foster agreed to amend as discussed and reissue to the
Committee. The second paper (Group Investment Policy)
had been produced to address weaknesses identified in a
paper presented to the Committee’s meeting on 9" July. a-
idered.the- The Committee asked to
see an analysis of previous projects sizes in order that it
could confirm that the requested approval limits were
appropriate. There was extensive discussion of the proposed
approval process and the Committee felt that it fell well short
of meeting the recommendations previously made by Martin
Gafsen, Group Investment Director. In particular, Bob Wigley
mentioned that on the basis of internal audit reports it was
clear that the Company had a history of being too optimistic
when quantifying potential program benefits and did not
appear to challenge sufficiently the assumptions made in
Investment proposals before they were approved.
Furthermore the Company had a weak record of project
accountability. These issues had not been addressed in the
revised Investment policy put forward for approval: they
needed to be addressed before the matter could be
considered further by the Committee. The Investment -policy
and delegations would be reviewed in the light of the
Committee’s comments and re-submitted to the Committee
for further consideration;
Bob Wigley suggested that given the number of on-going
regulatory investigations and potential investigations facing
the Company, that an on-going tracker report should be
provided covering all on-going Regulatory processes. It was
suggested that this could be incorporated into the Company
Secretary's report.
WHISTLE BLOWING RELAUNCH
Andrew Wilson provided an oral update on the proposed re-
launch of the Whistleblowing arrangements. The plan was to
provide a secure and confidential facility for people in the
organisation to report suspected crime. The initiative would
be in partnership with Crimestoppers and operated by the
Police. The telephone number for reporting would be well
publicised throughout the business in a forthcoming
campaign. The existing contact details for the Corporate
Security helpdesk would remain available — giving
whistleblowers a choice of routes, internal and external. Bob
Wigley requested that the Audit & Risk Committee be
updated at each meeting on the nature and resolution of calls
made to the helplines. Andrew Wilson would provide an
update for inclusion in the regular audit report and would also
revert to the Committee, if necessary, if he felt any
constraints were being placed on his ability to tackle crime
effectively.
INTERNAL AUDIT & RISK MANANAGEMENT QUARTERLY
REPORT
(a)
(b)
(c)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
Derek Foster introduced the Internal Audit & Risk
Management quarterly report for the period June to August
2004. The Committee noted the report and: -
the challenge was to complete the business transformation,
while maintaining control of business as usual processes
(including assuring achievement of quality of service targets),
controlling costs and protecting business reputation. There
was considerable activity underway in the business to make
this happen. The Committee noted:- the Royal Mail KPI and
selected control indicator schedule. — the program risk log
prepared by internal audit to ensure the organisation
embedded learning from previous projects in new ones — the
progress on implementing POL’s new Impact program and
Internal Audit conclusion that an effective management
methodology is being tailored to minimise the risk of failure to
deliver expected benefits — Internal Auditor plan to provide
protection against excessive costs and other negative
impacts from the Bulk Compensation Scheme - Internal
Audit’s conclusions relating to new controls to provide
protection against excessive costs of deployment and loss of
benefits due to headcount reductions - proposals to mitigate
the payroll gap — proposals to enhance the process of people
leaving the business — support from Internal Audit to ensure
risks in the end to end revenue management system were
effectively managed — the reduction in cash losses —
proposed improvements in business planning — an action
plan to deal with issues identified on a Times Newspaper
contract — progress on business continuity planning;
while the level of financial control in the business remained
stable the effectiveness of the broader business controls
remained a concern IA&RM had completed 19 assignments
in the period. Of the five assignments for which ratings had
been issued, three were rated as ‘limited’ or ‘no assurance;
the audit report highlighted issues with Single Daily Delivery,
and_Quality of Service, and purchasing. In addition to noting
outstanding action on 6 of 23 agreed action plans, in relation
to Single Daily Delivery — the report concluded that it was
possible for an office to achieve a consolidated bonus without
delivering all of its targeted cost savings. On Quality of
Service, issues were noted with the adequacy and
appropriateness of process and guidelines, the suitability of
structures and resource constraints, the effective use of MIS
and the consistency of data. In purchasing, there was
potential for non-compliance with PPL and competition law in
addition to a series of weaknesses in adherence to
procedures. Bob Wigley and John Neill expressed
disappointment and surprise that the SDD action plan
previously agreed and reviewed by the Committee with
Management at an earlier special meeting had not been fully
implemented. They observed that Quality of Service was a
top priority for Senior Management. They commented on
purchasing, that non-compliance with the law could not be
6
(d)
(e)
ACTION
Derek-
FosterJonathan
Evans
ARC04/38
(a)
ARC04/39
(a)
(b)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
tolerated.
the report also recommended that the business prepare a
comprehensive action plan to address the action items
highlighted in section 4.2 of the report in connection with
compliance with the licence conditions. Bob Wigley observed
that non-compliance with the Licence and the Law generally
was not tolerable and it was unacceptable that a plan put in
place to address issues previously identified did not
comprehensively address those issues. Bob Wigley
requested that this recommended action plan should be
reviewed at the next special meeting of the Audit & Risk
Committee;
Bob Wigley asked that a special meeting of the Audit & Risk
Committee be arranged to receive presentations from
Operational Management on Single Daily Delivery, Quality of
Service, Purchasing processes and the Licence compliance
action plan preferably before the next Board meeting.
SUMMARY OF KEY ASSURANCE ACTIVITY RESULTS
A report was presented which was designed to assist the
Audit & Risk Committee in its objective of understanding the
key control issues and sources of assurance in the business.
Within the ‘business as usual’ the Company had specialist
Assurance Providers to protect assets and revenue streams
and to help ensure compliance with operational standards.
The summary of key assurance activity results for September
2004 was noted.
Adam Crozier said that Revenue Collection, Billing and
Docket management were real issues for the business and
had impacted adversely on Quality of Service. A project was
now in place to identify and resolve all of these issues.
FINANCIAL SERVICES REGULATION
Graham Halliday and Keith Woollard introduced papers on
Anti-Money Laundering and Regulation of the Distribution of
General Insurance Products by Post Office Limited. The
Committee noted:-
the improvements generated following a formal warning from
Her Majesty's Customs and Excise (HMCE) about failure by
Post Office Limited to comply with statutory anti-money
laundering regulations;
negotiations continued with the Bank of Ireland on the terms
for inclusion of the travel insurance business within the
Appointed Representative agreement. The Bank of Ireland
had suggested that the administration of the product be
transferred from the present provider to the Bank of Ireland
ACTION
Graham Halliday
ARC04/40
ACTION
Jonathan Evans
ARCO04/41
(c)
(d)
(e)
(a)
(b)
(a)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
with value being given up in recognition of the regulatory risk
involved. Post Office Limited had rejected the proposal and
agreement on reward for risk was being sought;
Bob Wigley asked whether online compliance training for
staff had been considered. Graham Halliday said that it had
been examined but discounted because the branch network
did not have access to the technology and consequently
other methods were being considered e.g. telephone training
which incorporated many of the track and cost benefits of
online training;
The Committee sought assurance that sufficient
consideration had been given to protecting the business from
the potential adverse publicity of mis-selling of financial
products. Graham Halliday confirmed that whilst the FSA
regulatory requirements would be met, for example by the
inclusion of appropriate wording in sales literature, there was
detailed work ongoing with the objective of brand protection;
that an on-going Financial Services compliance report would
be produced for the Committee covering all products and
activity for each meeting.
DIRECTOR EXPENSES & RELATED PARTY
TRANSACTIONS
A paper had been circulated setting out the process for the
approval of directors’ expenses. Royal Mail Group had
recently been subject to an audit by the Inland Revenue to
establish compliance with the PAYE taxation legislation,
which had not yet reported.
The Audit & Risk Committee noted the expense policy, the
summary of personal expenditure form, the Corporate HSBC
account summary form and the summary of Audit
Recommendations;
In response to a question from Bob Wigley, Jonathan Evans
confirmed that car use was compliant with the Company
policy and that the policy was under review by the
Remuneration Committee. Bob Wigley requested a summary
of expenses by category by director.
IA&RM RESOURCING AND PLAN FULFILMENT
In line with the Smith guidance on best Audit Committee
practice, a note was tabled addressing the status of
resourcing in IA&RM, its implications for plan fulfilment, and
the adequacy of the training budget to meet the standards
expected of a professional department.
Derek Foster confirmed that recruitment effort was underway
with the objective of restoring the department to budgeted
head count and no impediments including pay levels were
8
ARC04/42
ARC04/43
(b)
(c)
POL00423147
POL00423147
Royal Mail - Strictly Confidential
preventing him making progress. In the meanwhile, steps had
been taken to ensure that the audit plan would be delivered
in full using contract and temporary staff to top up where
necessary;
the budget allocation was adequate to meet the training
requirements of the department.
Bob Wigley questioned the need for specialist skills training
e.g. IT and Treasury and received satisfactory responses
from Derek Foster.
REVIEW FINANCIAL PERSONNEL SUCCESSION
PLANNING
Marisa Cassoni tabled a paper setting out the proposed
succession plan for the Finance department. David Lindsell
remarked that there had been a clear improvement in the
ability of staff over the last couple of years. Marisa Cassoni
confirmed in response to a question from John Neill that she
was comfortable with the level of skill in the Finance function
while retaining some concerns about the quality of staff lower
down the organisation especially in the area of ‘decision
support’. Marisa Cassoni said that there would be need to
bring in some skills into this area in order to fill the gap.
DATE OF NEXT MEETING
The Audit & Risk Committee noted that the date of the next
scheduled meeting of the Audit & Risk Committee was
Tuesday 16 November 2004.