POL00026719 - Post Office, Minutes of a meeting of the Audit, Risk and Compliance Committee
Evidence on official site
POLARC(5 (2)
15/13 - 15/17
POL00026719
POL00026719
Strictly Confidential
POST OFFICE LIMITED
(Company no. 2154540)
(the Company)
Minutes of a meeting of the AUDIT, RISK AND COMPLIANCE COMMITTEE
Present:
Alasdair Marnoch
Neil McCausland
Tim Franklin
In attendance:
Alisdair Cameron
Jane MacLeod
Alwen Lyons.
POLARC
15/13
POLARC
15114
ACTION:
Gc
ACTION:
Gc
ACTION:
Gc
(a)
(a)
(b)
()
(d)
e)
held at 13.50pm on 25 March 2015
at 20 Finsbury Street, London EC2Y 9AQ
Chairman of the Committee
Senior Independent Director
Non-Executive Director
Chief Financial Officer (CFO)
General Counsel (GC)
Company Secretary
INTRODUCTION
A quorum being present, the Chairman of the Committee opened the
meeting and welcomed those present.
INTERNAL AUDIT PLAN 2015/16
The Chairman introduced the Internal Audit Plan for 2015/16 and asked
Members of the ARC if they had any comments or questions.
The Committee asked for the following clarifications:
e What was the scope of the data protection work and did this include
cyber security? The Business was asked to explain how this review
would be undertaken.
« Was the current FS review being undertaken by PwC included in the
17 per cent allocated to FS in the plan?
* How would the 12 un-resourced elements of the plan be completed
and would there be a problem if the work was not undertaken?
« What was the difference between top’ and ‘high’ priority?
« Was there enough resource and capability in the Business
Transformation assurance plan?
* Did the Towers Procurement review cover all IT including Front and
Back Office?
The Committee asked that the Anti-Money Laundering and Common Digital
Platform reviews be given higher priority in the plan to ensure they were
completed in 2015/16.
The GC explained that Julie George, Head of Information Security, worked
closely with external consultants to provide assurance for the Business
which was outside the audit plan, it was agreed that the GC would send a
note to the ARC to confirm how this assurance was fulfilled.
Page 1 of 2
POLARC
15/15
POLARC
15/16
POLARC
15/17
(e)
(a)
(b)
(c)
(a)
POL00026719
POL00026719
Strictly Confidential
The Committee discussed the embedding of risk within the Business
Transformation programme and was pleased that the programme budget
contained significant funding for external assurance.
The CFO explained that the big IT transformation programme also included
budget for assurance and that this did not appear in the Internal Audit plan.
The Business would ensure that this was undertaken by qualified and
heavy hitting external resource.
Taking into account the discussion, the Committee approved the Internal
Audit Plan for 2015/16.
HEAD OF AUDIT AND RISK
The GC reported that Arnout Van Der Veer had resigned as interim Head of
Audit and Risk. The Business had identified a candidate, Mike Morley-
Fletcher, for the permanent role who would hopefully join the Business at
the beginning of July. He was an excellent candidate with experience as an
auditor with EY and was currently working for John Lewis.
The Committee asked if he was aware of the challenges in the Business
and the less than mature risk framework. The GC assured the Committee
that he was well aware of the challenges.
The GC explained that to cover the vacancy, Steve Miller had agreed to
extend his interim contract as Head of Risk and Garry Hootton would
continue to run the internal audit function, but working to the GC as direct
reports. The GC would continue to use PwC to review the internal audit
function and there was the possibility that Mike Morley-Fletcher would be
available for one day a week.
The ARC supported the proposed plan.
DATE OF NEXT MEETING
The next meeting would take place on the 20" May 2015.
CLOSE
There being no further business, the meeting was declared closed at 14.30
pm.
Page 2 of 2