POL00061734 - Post Office Audit report at Ibstock branch 2004 VP06 0405 - Susan Rudkin Case Study
Evidence on official site
POL00061734
POL00061734
IN CONFIDENCE
To: From: cc:
Mr Rudkin Paul Field Paul Hemley
Subpostmaster Inspector Retail Line Manager
Date: 24/09/2004
Audit of Post Office® Ibstock branch, FAD 223217
An audit of the above branch was undertaken on Wednesday 22 September 2004
by Paul Field. This audit covered asset verification, audit of accounts and testing
compliance with a range of Business processes and procedures and regulatory
requirements.
The following page details the range of areas that can be tested at audit. The
tests performed at this audit were selected to reflect current Business priorities
and in response to current branch performance data.
Appendix A contains a more comprehensive report detailing our findings and
recommendations for your information and attention. Any control gaps in bold
were noted on a previous audit and had not been actioned at the time of our most
recent visit. Please note the reference numbers preceding the control gaps are for
our internal use only.
Please retain this report for your information. Appendix B is a compliance
certificate that you must complete, sign and return, in the envelope
provided, to confirm you have understood all the points made.
At the audit, you were given a questionnaire to provide feedback on the audit
process. If there is anything else you wish to bring to our attention please feel free
to write your comments on the reverse of this questionnai
Senior Inspector, Craig Thompson on telephone n
H GRO I
All the auditors would like to thank Mr Rudkin and Sue for their assistance and
hospitality throughout the audit.
Inspector
Report VP06 0405
POL00061734
POL00061734
Area Tested Controls _ Controls Controls
Deployed I Not Deployec Not Deployer}
(Low Risk)
Procedural Security
Horizon System Controls
a Risk)
Cash Account
Stock Management
Cash Management
Post Office® Card Account
I On-line Banking
Debit Cards
Regulatory Requirements - Money Laundering
Regulatory Requirements — financial services
Royal Mail
Franking Machines
Alliance & Leicester Banking
Personal Banking
National Savings
National Lottery
Littlewoods Scratchcards
HERE CECEEE RCE Cth
{ Bureau De Change
Foreign Exchange Service
~
:
Moneygram
Travel Insurance
Department of Work and Pensions
Motor Vehicle Licences
Environment Agency
UK Passport Service
I Utility Schemes
Local Transport Scheme
Self Fill ATMs
oO
LE Top up
Ll
=
LJ
Inspectors can only comment on the areas examined during their visit. !t should
not be assumed that untested processes have satisfactory controls in place.
Report VP06 0405
Audit of Post Office® Ibstock branch
Asset Verification
A full check of cash, stock and vouchers revealed a shortage of £1528.87, which
is broken down as follows:
Net shortage declared week no. 25 128.75
Difference at audit 1400.12
Comments and Recommendations:
Rod licences and milk tokens reconciled to declared office figures.
An error occurred in week 10 for £1200 that was entered to suspense account
week 11 that was cleared in week 25 by 2*£600 error notices.
Balance for week 11 was £1109.48 short due to an unknown error. It was agreed
with Paul Hemley that £1000 would be posted to the suspense account for 6
weeks. The remaining audit shortage of £528.87 was made good by cheque on
completion of the audit.
The suspense account team was contacted on audit and a reference number of
Q13519818 was allocated to the shortage.
Procedural Security
Your security procedures were examined in line with the Security Counts Book
and the following was found:
Control Gaps ~ High Risk
PSo1 * opening procedures are not adhered to
PSO6 + cash/stock/value items is/are not adequately secured at lunchtimes
and/or overnight
Control Gaps - Low Risk
PS52 + _~— a visitors book is not maintained
Comments and Recommendations:
Opening procedures are not fully adhered to.
The telephone is to be checked prior to entering the shop/secure area. Security
counts page 02-03 refers.
Cash and stock is not at risk during opening procedures but end of day
procedures are not adhered to.
All cash and stock is to be secured in the safe whenever the office is closed.
Cash and stock is afforded adequate security.
By discussion inward/outward remittances are correctly dealt with and mail
deliveries/collections and parcels/packets are carried out correctly.
Correct procedures are not followed regarding the admittance of visitors.
Please maintain a visitors book. Security counts page 07 refers.
Report VP06 0405
POL00061734
POL00061734
Appendix A
By discussion and observation keys are afforded security and alarms are correctly
maintained and the counter screen/doors/fittings are correctly fitted and
maintained.
Lottery cash and scratchcards are afforded adequate security. Hostage policy
procedures are known and followed and the current security poster is displayed
Horizon System Controls
Controls relating to the use of the Horizon system were examined, in line with the
Horizon System User Guide (HSUG). The following was found:
Control gaps - High Risk
H04 + staff were not aware of action to take in the event of an unauthorised log
on attempt
Comments and Recommendations:
User accounts and the Horizon equipment are adequately maintained and the
Horizon equipment is protected against accidental damage.
Access to the system is not adequately maintained.
All staff are to be made aware of how to report illegal/failed log on attempts. The
Helpline is to be contacted by the member of staff concerned and follow their
instructions.
Cash Account
Counters Operations Manual - Cash Account, Balancing & Preparation refers.
The daily documentation for week 26 and weekly cash account documentation for
weeks 18 to 25 was examined and all controls were correctly deployed.
Comments:
Daily summaries and weekly cash accounts are adequately maintained and
completed at the required frequency.
Only authorised entries would be made in unclaimed payments and uncharged
receipts.
Of the 20 transaction reversals completed within the last two weeks all had been
adequately controlled.
Post Office® Card Account
Counters Operations Manual — On-line banking Post Office® card account refers
The card account procedures were examined and our findings were as
follows:/the relevant controls were found to be in place.
Control Gaps - High Risk
POCA18 « cards were held beyond their retention period.
Control Gaps -Low Risk
POCAO02 ¢ envelopes were not dated in pencil on the top right hand side
Report VP06 0405
POL00061734
POL00061734
POL00061734
POL00061734
Appendix A
Comments and Recommendations:
Correct procedures have been followed when issuing new cards but not when
receiving new cards and retaining cards.
All envelopes containing new cards are to be pencil dated on receipt and cards
are to be retained for 26 weeks after which they are to be destroyed as per
instructions.
By discussion as no transactions completed the procedure for reporting and
retained fraudulent cards/documents are known and would be followed.
On-line Banking
Counters Operations Manual — On-line Banking refers
The on-line banking procedures were examined and the relevant controls were
found to be in place.
Comments:
There are sufficient forms available and the correct completion and retention
procedures are known and would be followed.
Debit Cards
Counters Operations Manual — Debit Cards refers.
The debit card transaction procedures were examined and our findings were as
follows:
Control Gap - Low Risk
DCO8 =~ there was an inadequate supply of reward forms on hand
Comments and Recommendations:
There are sufficient biank forms on hand in case of a system breakdown. Services
which cannot be accepted as payment by debit card are known. Correct
completion and retention procedures are known and followed. Retained cards
would not be held in accordance with current instructions.
Please obtain reward claim forms from Swindon stores.
Regulatory Controls Report — Anti Money Laundering Procedures
it is important that all staff employed by you to carry out transactions on behalf of
Post Office Ltd, are fully trained in our anti money laundering processes and
understand their personal liabilities under UK legislation. The Anti Money
Laundering Training Workbook, OL46 and Training Focus Special are designed to
help you do this.
Key anti money laundering controls have been tested and the findings will be
communicated to the Anti Money Laundering Team for appropriate action where
necessary. Our findings were as follows:
Report VP06 0405
POL00061734
POL00061734
Appendix A
Control Gaps — High Risk
RRO2 the branch training record was not on hand/fully completed
Comments:
Training record P6388 to be obtained from RM Logistics, Swindon. It is your
responsibility to ensure that all staff receive training and acknowledge receipt by
signing the training record.
MVLs
Counters Operations Manual - DVLA refers.
All MVLs on hand were examined along with the MVL serial numbers, the
reconciliations for weeks 19 to 25 and all controls were correctly deployed.
Comments:
Records relating to the receipt, return and retention of Mvis are accurately
maintained.
Branch Mvl reconciliations are adequately maintained.
E Top up
Workaid week 31 refers
The E Top up procedures were examined and the following was found:
Control Gaps - Low Risk
ET04 = €_ incorrect refund procedure followed
Comments and Recommendations:
T Mobile do not allow refunds whilst the other 4 providers only allow refunds within
10 minutes of the original transaction.
Report VP06 0405