Post Office Ltd Strictly Confidential
RISK AND COMPLIANCE COMMITTEE
06 April 2005 — Meeting Ref'04
Members:
‘Sir Mike Hodgkinson (Chair)
Peter Corbett
‘In Attendance
Rod Ismay:
Martin Ferlinc
Keith Woollard
Michael Dadra
Apologies
lan Anderson
SUMMARY ACTION POINTS
[itEM I ACTION LEAD
0401 Suspensions — what is the: indicative cost of a suspension in I RI
terms of cover pay and overheads?
0402 Sevonoaks to be revisited now.new BM.and,SAM areinplace {MD
I Irrelevant
“[ Turners Hill”—“ensure property. assets a
- How did we get some of the monetary
rent risk/residual risk :
1. MINUTES FROM LAST, MEETING
Meeting
Ref 03 - minutes approved.
Irrelevant :
POL00021417
POL00021417
POL00021417
POL00021417
Post Office Ltd — Strictly Confidential
2. STATUS OF ACTIONS FROM THE PREVIOUS MEETING
ITEM __I ACTION ___ _ STATUS a
0301 Investigate how Subpostmasters appointment and I Ongoing,
suspension/reappointment. process can be improved to reduce I paper to
risk - léssons learnt from Sandbach case. 6 include I board
developing our own ‘internal pool of interim branch managers
from auditors/trainers/DMB-staff —:potential to- widen:scope and
use:Rapid'Deployment team.
0302 Tony Utting to. supply an update to the forum on Turners Hill I Completed
case.
0303 Turners Hill case details to be sent to Bob Wigley. Completed
0304 Ensure that the remaining key controls aré checkéd by year- I Agenda
end. item next
mtg
0305 To confirm what action the Retail line manager for‘Sevenoaks I Completed,
has taken in response to the audit findings and that a planned to
revisit
0308"
Irrelevant I
3. . MATTERS'DISCUSSED AT THE MEETING AND NEW ACTIONS:REQUESTED
The issues discUsséd includéd the following items (which:are. 6xpanded on:as shown):
4.1 Branch control and Audit committee feedback
42 Branch Audit team
4.3. Banking and Financial Services compliance
4.4 Investigation team
4.5 Corporate:risk register
4.6 Information-Systems:security
POL00021417
POL00021417
Post Office Ltd — Strictly Confidential
3.4.1 Branch control and Audit committee feedback
Updates-received from old cases: Turners Hill, Blackwood and Sevonoaks.
New cases discussed Finsbury Park, Putney Bridge and Edgware.
_ Development of the Branch Control forum was'discussed.
Post Officé Saving'Stamps.fralids were discussed.
Discussion: regarding counterfeit'notes:and benefits of‘ultraviolet scanner:was had:
Action 0401.
What is the\indicative cost of'a suspension in terms of cover pay and overheads?
Action 0402
Sevonoaks to.be revisited now new. BM.and.SAM are.in. place.
Action 0404
Turmers Hill — ensure property assets are investigated for recovery
Lariat!
=
a )
©.
4)
<
y)
S
=P
Current fraud risks were discussed around cash cheques, Bureau de Change, PO
_Saving Stamps, fictitious deposit and deposit suppression.
4,
POL00021417
POL00021417
3.4.5 Corporate risk register
‘Reviewed current risk register and discussed any movement of risks and.causes.
Action 0410
How did we get some of the monetary value - revisit using inherent'risk/residual risk.
3.4.6 Information Systems security
Access to Horizon and other IT platforms was. discussed.
POL.web:site:recently received a:number of attacks.
Action 0411
ID theft risk — provide further detail on risks including comparison of brafich versus
call centre channel risks.
‘Action 0412
Bank’ account “theft-& flight” — what sort of accounts:are involved and how is the
money being’stolen?
DATE OF NEXT MEETING
7. July.2005
Sir Mike's: office
Future'agenda:ltem’
Key Controls
DVLA actions from recent. review
ID'theft:and security of personal information
Attendees to include x
Sue Lowther — Head of Information Security