POL00060449
POL00060449
IN CONFIDENCE
To: From: cc:
Mr Michael Rudkin Paul Field Jane X Bailey
Subpostmaster Audit Officer Branch Development
Manager
Date: 11 December
2006
Audit of Post Office® Ibstock branch, Branch Code 223217.
Section 1 - Introduction
An audit of the above branch was led by myself on Thursday 7"
December 2006. The purpose of this audit was to verify financial assets
due to the Post Office® and confirm compliance with a range of Business
processes, procedures and regulatory requirements.
Section 2 provides a management summary, including the financial audit
result.
Section 3 details a breakdown of the result of the financial audit.
Section 4 is a compliance certificate, which should be completed, signed
and returned (in the addressed envelope provided) by , to confirm you
have understood all the actions required for attention. Please do not
return the report, as this needs to be kept at your branch for
reference.
Appendix A details the areas of non-compliance to regulatory matters and
Appendix B details areas of non-conformance identified during tests of
selected policy and procedures. Both appendices include the actions
agreed with yourself during the closing meeting.
At the audit, you were given a questionnaire to provide feedback on the
audit process. If there is anything else you would like to a to our
GRO
POL00060449
POL00060449
Section 2 - Management Summary
The financial audit revealed a current trading position of £ 94.34 short,
subject to a reconciliation of some figures (undertaken after the audit). A
breakdown of this figure, including any pending transactions corrections
or losses being settled centrally, can be found in section 3.
Based on sample tests, observation and discussion during our audit visit,
we can provide assurance that controls are deployed correctly to comply
with procedures in the areas of Financial Controls.
Actions to address the areas identified were agreed with yourself_in the
areas of Regulatory Requirements and Standards, Information Security
and Procedural Security.
It is important that Training Records for Regulatory Requirements and
Standards are obtained and completed, and kept on site as part of this
requirement.
It is also your responsibility to ensure that each member of your team,
including yourself, are fully aware of Financial Services Authority
requirements in respect of our Travel Insurance product, and all our other
financial goods and services, and that they fully comply with the
regulations at all times in the course of their work.
Actions that were detailed in the previous audit still require attention.
These are highlighted in bold text in the appendices
Section 3 - Result of the Financial Audit
Financial assets to the value of £ were physically verified compared to the
amount due to Post Office® of £.
The difference between these figures is broken down as follows:
£ 58.24 - Identified as a difference in cash figures
£ 36.10 -_ Identified as a difference in stock figures
£ 9434 - Total shortage
Comments:
The shortage was made good at the time of the audit.
POL00060449
POL00060449
Section 4 —- Compliance Certificate Statement from Post Office®
Ibstock branch, Branch Code 223217, NCAM area West.
I have read and understood the report relating to the audit carried out on
07/12/2006.
e There were no actions recommended to implement *
e All actions recommended have been implemented *
e I have implemented all of the actions recommended in the report
with the following exceptions *
(* Delete as applicable)
Action Reason why this has not been implemented:
No.
Datestamp and Branch Code -
Branch Name (please print)
POL00060449
POL00060449
Date
Name Signed
POL00060449
POL00060449
APPENDIX A
Audit of Post Office® Ibstock branch, Branch Code 223217 - Action Plan
The following table details areas of non-compliance to regulatory issues and details actions agreed at the closing meeting.
Area / Non compliance Impact of non-compliance Reference Action Required
Action number I identified
Post Office
Home Phone
1. Agent is unable to Re ee
The branch training demonstrate competence of article 7 & Ensure that all member of staff are
record for HomePhone staff for Home Phone. This Training have completed the Homephone
Code of Practice was not I could also result in a Focus training workbook and the Horizon
on hand/fully completed. I financial penalty being Special 11 receipts retained.
imposed Post Office Ltd
July 2006
POL00060449
POL00060449
APPENDIX B
Audit of Post Office® Ibstock branch, Branch Code 223217 - Action Plan
The following table details areas of non-conformance identified during tests of selected areas at audit and details actions
agreed at the closing meeting
Area/ Action I Non conformance Impact of non-conformance I Reference Action Required
number identified
Information
Security
2. Staff were not aware of .
action to take in the Potential for fraudulent use I HSUG Ensure atten Helin ised I
event of an of the Horizon system Office are ‘temp f a at be port de
unauthorised log on should a password admin —- on attempts must be reported to
attempt to the Horizon I become compromised. section 1.4 the NBSC (National Business
system Support Centre
3. Horizon system user Potential for fraudulent
accounts for staff on transactions to be carried out I HSUG Office
leave or other periods of I without knowledge of the admin — eneure ane tet ae unts for staff
extended absence had user should the password be I section 7 .
not been disabled. known.
Procedural
Security
4.
F Smoke &
The correct procedures Potential oss of Post Office Dye User Ensure that the correct procedures
are not followed for incident, for which the agent Guide - are followed for smoke and dye
smoke and dye packs. 4 Security equipment.
could be held liable.
operations
POL00060449
POL00060449
manual,
subsection
9.7, pages
42 - 43
National Lottery cash
and/or scratchcards
is/are not afforded
adequate security.
Potential loss of Post Office
Ltd funds in the event of an
incident, for which the agent
could be held liable.
Security
operations
manual,
subsection
8, page 24
Ensure that national lottery cash
and scratchcards are afforded
adequate security.