Title Audit Process Manual
Subject Chapter 3 — Performing a Branch Audit
Version Control I 4.3
Purpose Outline responsibilities and process to perform an audit
in all branches.
Audience Network Field Team
Next Review date I March 2010
Stakeholders
Stakeholders Name _ I Responsibility
Andy Bayfield
Martin Felinc
Kate Rosenthal
Pat Bursi
Network Support Manager: Delivery of audit targets
Risk and Assurance Mgr: Branch Profile
Network Support Performance Mgr: Reporting
Network Support Admin Mgr: Reporting
Responsibilities in change
Role Job Title(s) Date
Author Mandy Neeson, Wendy Mahoney & I 31/08/2009
Linda McLaughlin
Field Team Leaders
Assurance Kathleen Griffin 31/08/2009
Field Support Manager
Authorised Andy Bayfield 6/10/09 (Sue)
Network Support Manager
Communication Field Support Change Advisor
Version control
Versio I Reason for issue Section Date
n No. No.
Version I Annual Review All 31/08/09
4.0
4.1 References to NFS Toolkit replaced with All Oct 09
EASE.
4.2 Updated as result of FTL Cascade All Nov 09
POL00084287
POL00084287
Index
Section Title Page No.
1 Introduction 3
2 Types of Audit 3
3 Field Advisor role and responsibilies 4
4 Lead Field Advisor Role 5
5 Planning 6
6 P32, The CAT Reporting Tool and SharePoint 7
7 On Site Activity 9
8 Financial Assurance Audit (FAA) 11
9 Irregularities 15
10 Financial Assurance Audit (Tier 2) 17
11 Compliance Audit 18
12 Follow-Up Audit 18
13 Close of audit Meeting 19
14 Audit Reporting 20
App A__I Crown Office 21
App B_I Franchise and Multiple Branches 22
App C__I Open Plan and Combination Formats 23
App D__I WHSmith 24
App E I Outreach Branches 26
App F_ I ATMs 34
App G_I Horizon System 35
App H__I Discrepancy Flowchart 37
POL00084287
POL00084287
POL00084287
POL00084287
Section 1 - INTRODUCTION
1.1 Audit activity takes place because we have stakeholder requirements to ensure that
we protect, maintain and account for all our assets, both those we own and those we look
after on behalf of our stakeholders. We are also responsible for ensuring that all our staff
and agents operate their Post Office® branches in accordance with legislative regulations as
well as conforming to our operating licence and to customer charter standards.
1.2 We will attend all types of branches throughout the year to verify financial assets on
hand and to test regulatory compliance and business conformance against standards set out
in our operations manuals.
Section 2 - TYPES OF AUDIT
2.1 These are the types of audit
= Financial Assurance (FAA) and (Tier 2)
= Compliance
= Follow Up.
2.2 The Financial Assurance Audit (FAA) involves the verification of cash, selected stock
items and vouchers on hand. Items not verified are deemed to be assured.
2.3 The Financial Assurance Audit (Tier 2) is a comprehensive check to assess the current
trading position of the branch. This will be carried out if requested by stakeholders or as the
result of escalation by a lead Field Advisor, visiting to complete a lesser request, resulting in
unsatisfactory findings.
2.4 The current financial position of the office is calculated and recorded by completion of an
Excel based file known as a P32 and comparing this to the Horizon system derived “balance
due to PO figure” using the latest declared branch trading statement, and reports obtained
from the Horizon system.
2.5 The objective of the Compliance Audit is to check that mandatory business conformance
and regulatory compliance controls are operating as intended: by checking evidence and
gaining assurance that the required controls are in place. Compliance to business policies
and procedures can be tested in conjunction with the Financial assurance Audit visit or ona
separate visit.
2.6 The Follow Up Audit procedure is to establish whether gaps in regulatory compliance
and business conformance have been addressed from a previous audit visit.
2.7 Details of all audit types are available on EASE- Audits- Audits Types List. The Network
Support Field schedule entry is annotated to explain to a Field Adviser what type of audit is
required and whether they are to lead or assist.
POL00084287
POL00084287
Section 3 - THE FIELD ADVISOR ROLE AND RESPONSIBILITIES
3.1 The Field Advisor’s role at audit is completely objective and the reports they produce
after the visit must be detailed, accurate and factual. The Field Advisor’s role is not to
speculate on the cause of the outcome of the audit or the honesty of agents or staff either
overtly or by implication. Anything recorded which is deemed to be of a subjective nature
would undermine any subsequent investigation and could impact on the ability of
investigators to pursue the case.
3.2 Field Advisors should not enter into any discussion or speculation about why the office
has been scheduled for a visit.
3.3 If the audit should end in the precautionary suspension of the Sub postmaster then the
Field Advisor must not apologise or enter into any discussion as to why a precautionary
suspension has been affected. The Subpostmaster must be referred to their Contracts
Advisor.
3.4 There will be circumstances where an audit visit to an office leads to an escalation or
investigation so it is necessary for the Field Advisor to be conscious of this from the outset.
3.5 The Field Advisors must take detailed note of all timings and the course of all events.
The actions of those on site and conversations held may become relevant if there is to be an
investigation of mis conduct or dishonesty. The lead Field Advisor is responsible for
reporting these details.
3.6 For full information about the support available from the Contracts Advisor see
Irregularities.
3.7 All Field Advisors must carry their security passes and wear a Post Office® name badge
whilst on site in branches.
3.8 Field Advisors must take their laptops to an audit so the activity is not jeopardised by
laptop failure. General security rules apply. Any bags, laptops or equipment not required on
site should be locked out of sight in a vehicle.
3.9 All Field Advisors working on audit activity must carry with them:
= Acopy of the current display instructions
= Compliance workbook for reference
= The latest edition of the Operational Publications CD Rom
= A supply of Kendata customer satisfaction feedback forms and envelopes. (email
OFS)
= The Network Support Directory of Mobile and Mobex numbers (ref: EASE Audits -
Contacts).
They must also carry a supply of the following items to leave at offices where they are found
to be lacking:
*Travel Insurance Important Notice
*Oral Disclosure Statements
*Data Protection Act Leaflet
*Your Guide to Customer Service
*Suspicious Activity Reporting Form
Note, coin, rem bags, Horizon bar code stickers for non CiT rem.
VVVVVV
*All can be printed from EASE- Handout/Guides
4
POL00084287
POL00084287
(Your Guide to Customer Service Internet print not to be handed out to customers)
3.10 It should be noted that although the Field Advisor will supply these items, this will still
be noted as an audit gap and the Field Advisor must witness the Subpostmaster placing an
order for missing items via Horizon.
3.11 In addition to the aforementioned items the Field Advisor must have the following
paperwork:
= A record of conversation held (ref -EASE — Audits.)
= Awithout prejudice receipt (ref - EASE — Audits)
= Aworkplace Risk Assessment. ( ref - EASE — Admin- Health & Safety- Appendix
Cc)
= An application form for Grapevine ( ref - EASE — Training On Site - Grapevine)
= Paperwork necessary for performing an office transfer (ref - EASE- Audits)
= Paperwork necessary for appointing a temporary Subpostmaster ( ref - EASE —
Intervention - Temp SPMR Security Checks)
3.12 The Field Advisor must carry notices informing the public of temporary closure or
closure (ref — EASE - Audits - Closure Notices).
Section 4 - THE LEAD FIELD ADVISOR ROLE
4.1 The Outlet Field Support schedulers will indicate via the schedule which Field Advisor or
Field Advisors are to carry out the audit visit and who has been allocated the “lead” role.
4.2 It is lead’s responsibility to prepare for the audit, manage activities on site, report
financial irregularities and subsequently complete the audit reports.
4.3 The lead is responsible for the introductory discussions with the Subpostmaster,
providing regular updates and performing the closing meeting.
4.4 The lead is responsible for delegating tasks for example; P32 completion, checking of
display material, checking of bureau, to ensure the audit is run in an orderly manner making
efficient use of the resource available.
4.5 The lead is also responsible for the decision to re-open the branch when sufficient
checks have been carried out to provide assurance that an escalation to Tier 2 or the
involvement of the Contracts Advisor is unlikely. It is desirable to re-open the branch as
quickly as possible to minimise disruption to customer service and the lead Field Advisor
must use their discretion to judge when this is appropriate. However should subsequent
findings indicate that the situation requires escalation then they have the authority to re-
close the branch, informing NBSC of the current status and the customers of the alternative
branches.
4.6 The lead is responsible for contacting the other Field Advisors to discuss arrangements
and organise travel in accordance with the current Business Travel Expenses (BTE) policy,
arrange a meeting point and consider contingency arrangements in the event of absence,
sickness, travel or other problems. The meeting time should not preceed the branch opening
time by more than 20 minutes. (ref - EASE - Audits - Audit Process Manual - Chapter 12 -
Continuity Planning)
POL00084287
POL00084287
4.7 The lead must provide the official working papers for use in the branch. Only the current
versions of working papers available on EASE are acceptable. Working papers for
escalation to Tier 2 must be carried if attending a Financial Assurance Audit,(FAA)
4.8 The lead should ensure that when on site the use of mobile phones is kept to a minimum
and phones put on silent/vibrate once the office has re-opened. Any conversations that must
be held from site should be done so out of earshot of the counter unless this is absolutely
unavoidable. Clerks serving on the counter must be able to converse with customers without
being hampered by conversations taking place behind the counter.
Section 5 - PLANNING
5.1 The Field Adviser designated “lead” at the audit is responsible for carrying out the pre
visit preparation. The lead must check the audit type, branch name and code and other
details supplied by the schedulers. Using the available databases on the Intranet i.e. Branch
Finder and Branch Database Snapshot also known as the Configuration Management
Snapshot they can find all the information on the branch. There is further information
including the last date of audit available through the All Branches Database in the Audit
section of EASE. There is a separate database of branch opening hours available on EASE
too and details of Branch Trading dates to establish when the branch last rolled onto a new
BT period. The lead at the audit uses these details to populate the P32 audit tool and the
CAT Reporting Tool.
5.2 Whilst accessing these databases the lead auditor must also take note of what type of
office this is for example:
Account managed or centrally supported
Crown Office ( ref — additional info Appendix A)
A Franchise or multiple (ref- additional info Appendix B)
Open plan or a combination store (ref — additional info Appendix C)
WH Smith (ref — additional info Appendix D)
Outreach branch (ref — additional info Appendix F)
5.3 The type of office will indicate any further preparation required. Exceptions that relate to
specific types of office are detailed in the appendixes. All this information must be accessed
in addition to the Audit Reports Matrix to determine where the reports must be sent. ( ref —
EASE — Audits — Audit Process Manual - Chapter 8)
5.4 The lead Field Advisor must also determine if any non-standard transactions are
performed at the branch as they will need to ensure that monies associated with these
transactions are included in the audit checks. The outlet should also be able to demonstrate
that these products are being accounted for in the correct manner.
Bureau de change (ref — Section 8.5)
ATM (ref — Appendix )
Lottery (ref — Section 8.6.1 — 8.6.5)
Paystation (ref — Section 8.3.1)
Teller cash dispenser
Combi till ( ref — Appendix C )
Postshop
POL00084287
POL00084287
¢ SVM -—cash assured
e Rollercash ( ref — Appendix C )
There are instructions for dealing with these non standard transactions in the relevant
Counter Operations manuals and Field Advisors must familiarise themselves with these to be
prepared to check cash and accounting practices at on site activities.
5.5 The lead must also consider any other factors that may impact on the amount of resource
required for audit activity e.g. seasonal variation, Public holidays or local events affecting
cash flow and banking activity.
Section 6 - P32, THE CAT Reporting Tool and SharePoint
6.1 A P32 is an Excel spreadsheet designed to support planning, verification and assurance
of assets and generate the reports required by Financial Assurance Audit activity at all
branches. The lead Field Adviser is responsible for posting all reports to the branch. And
email reports as per Audit report matrix to all stakeholders.
The latest version of the P32 is available from our database. ( ref - EASE —Audits — Audit
Process Manual - Chapter 2.)
6.2 The Compliance Audit Test Reporting Tool, or CAT Reporting Tool, is an Excel
spreadsheet designed to support the planning and testing of regulatory compliance and
business conformance and recording and reporting the results. The Field Adviser uses the
tool to access the lists of Regulatory Compliance and Business Conformance tests required,
record the answers and generate the report and a Compliance Declaration. The lead Field
Advisor is responsible for posting all reports to the branch. And email reports as per audit
report matrix to all stakeholders.
The latest version of the CAT Reporting Tool is available from our database. ( ref - EASE
—Audits — CAT Tools)
6.3 The tools are updated on a monthly basis and the expiry for the tool and last date for
submission is included in the latest Audit Process Update email. These dates must be strictly
adhered to.
6.4 The lead Field Advisor must download a copy of the P32 and the Cat Reporting Tool
direct from EASE for every activity. Local copies should not be saved to avoid use of out
dated versions.
6.5 The current P32 and user instructions can be accessed from our database.
(ref - EASE — Audits- Chapter 2.)
The current CAT Reporting Tool and user instructions can be accessed from our database.
( ref - EASE — Audits — CAT Tools)
6.6 The lead Field Advisor must ensure that they have read and understood the current
versions of the instructions.
6.7 To allocate a P32 or CAT reporting tool to an office open the latest version of the
electronic Audit of Accounts (P32). Once opened, the P32 must be saved as P32, branch
code, date, name of branch and North or South area, for example, 023323.280509 Lenzie
(North).xls — this will prevent accidental overwriting of the original P32 template and also
allows future changes to be saved.
The CAT reporting tool is dealt with in the same way but the file name is preceded by CAT.
The Follow Up Audit is preceded by F.
POL00084287
POL00084287
6.8 When a date of previous audit is given on the all branches database then it is necessary
to enter the database where the previous audit reports are held and carry forward
information on gaps from the previous audit or post transfer visit to ensure they have been
addressed. There is an area on the CAT Reporting Tool “Planning section” where this
information must go. Only audit reports from the preceding three years need be consulted.
6.9 If the office has been subject to transfer since the last audit activity then the gaps
recorded against the previous Spmr can be ignored. However audit gaps recorded during
Post Transfer Activity are relevant.
6.10 All findings from the P32 and Cat Reporting Tool must be submitted via the appropriate
Sharepoint Survey.
6.11 Sharepoint is an on line tool that enables results to be reported and accessed
immediately by the relevant stakeholders. The responses to all SharePoint surveys can be
collated automatically without the P32 and CAT Reporting Tool having to be manually
analysed.
The instructions to complete a SharePoint survey are held on our Toolkit.
( ref - EASE — Audits- SharePoint Links/User Instructions)
6.12 As with the reporting tools it is essential that the lead Field Advisor accesses the
correct SharePoint survey links from our Toolkit. ( ref - EASE — Audits - SharePoint
Links/Instructions)
It is also essential to read and follow the latest version of the instructions.
POL00084287
POL00084287
Section 7 - ON SITE
7.1 Before approaching the branch the lead Field Advisor should take the opportunity to brief
the team on the approach for the visit and clarify all roles and responsibilities.
7.2 The lead Field Advisor must send a text message to the Contracts Advisor to inform them
of the audit activity. The brief text message must include the lead Field Advisor's name, the
office name and branch code. This is to make the Contracts Advisor aware that there may be
calls later in the day regarding irregularities in the office. This is designed to speed up the
resolution of on site issues. If there is no signal for a mobile at the office, no text message
will be sent, and the audit should commence as normal.
7.3 The introduction, by the lead Field Advisor, to the first person arriving on site should be
worded as follows;
“Hello my name is .... from Post Office® Network Support I’m here to carry out an audit of
your branch today — please can you tell me who you are and what your role is here....... ”
7.4 If they are not the Subpostmaster then they must be advised to contact the
Subpostmaster to let them know their branch is being audited and invite them to attend.
Whether the Subpostmaster accepts or declines to attend the branch, the branch is audited
as planned. Once the initial introduction is carried out then the lead must introduce each
member of their team.
7.5 The Subpostmaster or staff may contact the NBSC before allowing access and this will
mean that Field Advisors may have to wait outside until their identity has been confirmed by
the NBSC and they have completed their first access procedures. (Contact with NBSC is not
mandatory, Field Advisors may be admitted on verification of security passes)
7.6 The Subpostmaster or staff should be advised that he/she should not access cash, stock
or the Horizon system until the Field Advisors have gained access. In these circumstances,
any irregularity should be documented and a transaction log obtained from the Horizon
system to ensure there has been no activity on the system before the Field Advisors were
allowed access.
7.7 lf the Subpostmaster or staff refuses to allow entry to the premises, explain that the Field
Advisors have the right to verify Post Office Ltd assets and that the Subpostmaster is
contractually obliged to allow the Field Advisors access to do this. If access is denied refer to
the Contracts Advisor for advice in the first instance. It may be necessary to involve the
police as a last resort.
7.8 Having gained entry to the building the lead Field Advisor must phone NBSC to report
the closure of the office for audit purposes and arrange for the notices informing the public of
the closure to be displayed in a prominent position. The details on the poster will include the
names and addresses of alternative offices and an estimated opening time for the office.
7.9 Each member of the Field Support team must ensure that they sign a visitor’s book or log
recording their arrival the date and time and purpose of their visit and their departure
7.10 Establish facilities for Field Advisors and where bags and personal belongings
should be stored —Not getting agreement on this could prove contentious if items are
claimed to be missing from the premises during or after the visit. Some branches have
policies in place which forbid taking handbags, personal cash, food etc into the counter area.
9
POL00084287
POL00084287
Field Advisers must abide by these policies. If Field Advisors are concerned about leaving
personal items in a different area or locking them in a vehicle then they are advised not to
carry unnecessary items to audit visits.
7.11 The Field Advisers should not have unwitnessed access to cash and stock.
Where it is not possible for the Subpostmaster to attend or the Subpostmaster chooses not
to be present, then checks must be made in the presence of a member of staff. It is important
that any checks are not made in isolation. Both the Field Advisor and stockholder should
acknowledge the accuracy of the figures following the check. Where a discrepancy is
highlighted, the Subpostmaster/ member of staff/or another Field Advisor should verify the
findings and sign the cash and/or stock sheet to confirm that the figures to be used as part of
the audit are correct.
7.12 The need to identify and produce all cash, stock and vouchers
This must be stressed at the outset and remind the Postmaster/staff that this could include
items kept out with the secure area. Should the Subpostmaster/ staff present cash after the
audit has commenced, and it has been confirmed that all cash has been produced, it must be
excluded from the audit as the audit result is only based on the verification of the financial
assets presented as “on hand” at the outset of the audit. The cash must be accepted from
the Subpostmaster “without prejudice to investigations or the current branch trading
position”, a receipt issued, and included in Post Office Ltd funds, but not the current branch
trading position. Details of the amount should however be included in the Sharepoint input
sheet of the P32 and recorded on Sharepoint.
7.13 Obsolete stock must be discounted from the audit, the subsequent shortage included in
the current branch trading position and explained in the audit report.
7.14 Other points for the opening discussion should include as a minimum:
= The nature of the audit “checking cash and selected stock items.....if necessary we
may escalate to a full check if any irregularity is found...”. The reason behind the
use of laptops and the P32.
The course of events, what items will be checked and in what order.
The need for access to the Horizon system.
The estimated opening time of the branch
Other aspects of the audit; for example reconciliation of non-value stock.
The Compliance Audit which will require the input of the Subpostmaster and staff.
The close of audit meeting and the opportunity for the Subpostmaster to comment
on any findings
= The opportunity for the Subpostmaster to fill out a customer satisfaction feedback
form requesting their views on how the visit was conducted.
10
POL00084287
POL00084287
Section 8 - FINANCIAL ASSURANCE AUDIT (FAA)
(Tier 2 requires additional procedures details below section 10)
8.1 The Financial Assurance Audit (FAA) involves the checking and verification of:
= Cash (ref — Section 8.3.2)
Cheques (ref — Section 8.3.3)
ATM cash (ref — Appendix )
Currency (ref — Section 8.5)
Post Office Savings Stamps
Lottery Instant scratch cards (ref Section 8.6.1 - 8.6.5)
Self Adhesive stamps 100 x 1*
Self Adhesive stamps 100x 2°
Self Adhesive stamps 50 x 1* Large
Self Adhesive stamps 50 x 2™ Large
MVL
Traveller's cheques
All other stock items will be deemed to be assured.
SVM and Post and Go machines will be assured.
Full unused packs of MVLs may be sampled and assured
Please note:
All empty stocks, when audited, should have the cash declared as zero before coming out of
the stock unit.
8.2 Horizon Reports
8.2.1 Ascertain the number and types of stock units on the system.
8.2.2 Ask the Subpostmaster or a member of staff with manager’s access to create a user ID
for the lead Field Advisor to allow them access to the Horizon system.
See Appendix for Instructions on Accessing the Horizon System and the different procedure
required for audits requested by investigations.
8.2.3 Obtain the previous period end branch trading statement. The figures should not be
altered by the Field Advisor in any way or made illegible, as these may need to be produced
at a later date, possibly as evidence in a court of law.
8.2.4 The following report printouts must be obtained from the Horizon system, examined
and filed with the working papers in line with the current retention process:
See EASE —- Audits - Chapter 3 for Audit Report Paths
See EASE - Audits - Chapter 9 for Retention of Papers
e Un-reconciled/outstanding transfers report — for multi stock branches
e Transaction log for the day of the audit (audits commencing before opening hours -
only) - this report must be produced regardless of whether or not you feel the
Horizon terminal has been accessed prior to audit attendance
e Office snapshot
e Balance snapshot for each stock unit - including where the branch operates an
individual stock unit
e Foreign currency holdings
e Outstanding summaries (to verify vouchers / cards on hand):
> Giro deposits / withdrawals
> Personal banking deposits and withdrawals (manual transactions)
11
POL00084287
POL00084287
> Green Girocheques
> Redeemed savings stamps (POSS)
e Suspense account report
e Transaction corrections outstanding
e Transaction corrections processed (this will also show instances whereby
evidence has been requested — entries will be preceded with an ‘E’
e Remittance summary (ins and outs) for the trading period
e Remittance by product summary (ins and outs) for the trading period
e Reversal reports for 42 days - RV and ER; Reversal transaction and existing
reversal transaction when transaction code as been used
8.2.5 Further reports required for Compliance Testing
e User summary - obtain a list of all Horizon users and take note of their full names.
This can then be checked by accessing the ‘modify user’ screen and checking that
all entries are current and in the correct format.
e Forty-two day transaction log detailing all transactions over £5000.00 to illustrate
transactions where identification data capture may have been required.
8.2.6. Please note: - Further reports can be obtained from the Horizon system as required
e.g. branch trading statement reprints, stock adjustment reports, event logs and further
transaction logs for investigation purposes. The above list is not exhaustive. However, this
should be seen as the minimum.
8.2.7 If the audit takes place on a Thursday, following the end of a branch trading period,
and the branch trading statement has not been fully completed, the audit should be based on
the trial balance figure ensuring cash and stock have been declared. The final branch
trading statement can then be completed during the course of the audit or as soon as
practicable, ideally before the Field Advisors have left the branch.
8.3 Checking Cash, Stock and Vouchers on Hand
8.3.1 For Branches with a Paystation terminal, obtain the bar code summary report from the
Paystation terminal. Count all monies accepted in respect of transactions carried out on the
terminal to ensure that they balance to the amount detailed on the report. It is important that
the summary total is entered into the Horizon system as soon as possible after the bar code
is available for scanning. If this is not done the agent will receive repeated reminders to do
so. Failure to comply with this requirement on a regular basis will cause the Paystation to be
suspended.
Please note: - The maximum amount of Post Office® cash that can be held on the retail side
is £250.00. The total of the bar-code summary and monies in respect of transactions should
be included in the P32.
12
POL00084287
POL00084287
8.3.2 Cash check - obtain the final cash declaration for the day prior to the audit by
reprinting the last “existing” declaration or obtaining the report via the event log. Where the
audit is carried out later in the day and the branch has been open for business then it will not
be possible to confirm cash to a branch declaration. However the report should still be
obtained and examined for possible inflation of cash.
8.3.3. Cheques - Count and record cheques on hand and verify to Horizon snapshot or the
last completed branch-trading statement (Thursday audit - following completion of balance
trading period). Ensure that cheques are examined for validity and that any “personal”
cheques are not on hand including those belonging to staff members without the correct
annotation and a matching transaction that can be verified through Horizon.
8.3.4 If an irregular personal cheque is found contact the Contract Advisor team, and Fraud
Team Manager. The personal cheque must be impounded, excluded from the audit result
and a “without prejudice” receipt issued.
8.4 Vouchers- All the vouchers on hand must be checked and verified irrespective of the
day of the audit. Printouts of transactions not yet cut-off, therefore still on hand, can be
obtained by accessing the report screen and selecting ‘summaries outstanding’. The details
of the printouts must be checked against the vouchers on hand e.g. giro deposits and
withdrawals etc.
It is also important that all vouchers on hand are checked for validity, early encashment and
fraud.
8.5 Currency - Verify all currencies on hand to the correct name on the bureau stock
snapshot. Any discrepancies must be corrected in the Horizon bureau stock at the time of
the audit. Totals from currencies verified and those deemed assured should be documented
for later inclusion in the P32. Upon correcting the errors, the revised sterling equivalent
figure should be used in the P32.
8.6.1 Lottery - All on line lottery transactions must be accounted for daily. Calculate any
outstanding monies owed to the Post Office and ask the Subpostmaster to make this good. If
the Subpostmaster isn’t able to do this or the lottery is not being accounted for correctly then
see irregularities.
8.6.2 Count and record lottery scratchcards and reconcile to the Horizon snapshot and local
records, if held. Scratchcards will normally be held on the retail counter and it may be
necessary to physically count the cards outside the counter area. Any cash held on the
retail side relating to sales should be included in the cash on hand verification.
8.6.3 The scratchcards on hand can be verified by reference to the lottery matrix held on
EASE — (Audit — Preparation/Information — Useful Guides & Checklists) or by telephoning the
he Subpostmaster must be advised that any value of obsolete
scratchcards will be removed from the cash account and the resultant shortage must be
made good. This should be actioned at the time of the audit and detailed in the audit report.
POL00084287
POL00084287
8.6.4 Obtain the following reports from the lottery terminal and the Subpostmaster,
depending on the type of branch OLT
e Online summaries
e — Instant summaries
e Summary Inventory
e Activation receipts
8.6.5 Using the summary inventory and pack status reports, confirm and reconcile the
unactivated scratchcards. It should also be confirmed that the scratchcards on sale have all
been activated. The pack status reports identify the status of the cards held:
CONFIRM - Pack is unactivated
ACTIVE - Pack is activated
8.7 Network Support Admin Duty - Whilst on site the lead Field Advisor will receive a
phone call from Network Support Admin Duty giving the figure for agent debt and the names
of the staff registered as working in the office. Any staff working in the office not registered
with HR should be reported via the Anomalies Report
8.8 There is no need to hold back and open rem bags awaiting collection if they are due for
despatch the same day as the audit. The reference numbers from the bags must be recorded
and verification sought the following day that the bags have arrived at the Cash Centre by
phoning the Network Support Admin Duty. Any failures should be reported to the Contracts
Advisor and Fraud Team Manager for an Investigation audit to be arranged.
If rem bags have been made up in advance and are not due for despatch on day of audit
they should be opened and contents verified.
14
POL00084287
POL00084287
Section 9 - IRREGULARITIES
9.1 During the course of the audit the Field Advisors may find discrepancies, transaction
corrections, inappropriate items held in suspense, business practices out with the Post
Office® operating instructions and in this situation the irregularity must be discussed with the
Contracts Advisor.
9.2 Central Accounting in Chesterfield - Problems with irregularities involving errors in
accounting, transaction corrections or entries in the suspense account may be progressed
with the help of the appropriate contact. Please see
( ref EASE — Admin — NFS Team Contact Numbers.)
9.3 Support from Contracts Advisor - As part of the preparation for the audit the lead Field
Adviser must have available the contact details for the Contracts Advisor and alternative
Contracts Advisors and the Fraud Team Leader to report findings, errors, discrepancies or
admissions.
9.3.1If intervention is required, or circumstances suggest that they may be required, the
Contracts Advisor should be contacted at the earliest opportunity. This will allow discussions
to take place and any necessary decisions made whilst the lead Field Advisor is still on site
and will ensure that problems are dealt with quickly and efficiently. Contact should be made
via mobile phone, as this will ensure confidentiality (use Mobex number for calls). The use
of the Subpostmaster’s telephone should be avoided.
9.3.2 The Contracts Advisor should be contacted if anything happens during the visit that
would suggest that the agent may be in breach of their contract for example
e There is an unexplained discrepancy in excess of £1,000 (including
outstanding debt as well as trading position found during asset
verification)
There are any irregular or suspicious circumstances
There is an irregular personal cheque on hand
Sales made on a “credit” basis i.e. payment outstanding
There is an admission of misuse of Post Office® Ltd funds or fraudulent
activity
e The Subpostmaster refuses to allow access to the premises or any cash
or stock items
e Cash on hand has been inflated or an amount of cash is produced after
the audit has commenced
Lottery takings are not to hand and/or banked in personal account
Transaction corrections have not been actioned to the expected
timescales
e There are discrepancies found in on-site verifications (remittances,
suspense accounts etc.)
e The Subpostmaster has declared that the previous periods discrepancy
has been made good, however findings are to the contrary
e The Subpostmaster cannot make good an audit shortage and is unable,
or unwilling, to put forward proposals
e Ifthe lead Field Advisor has any other concerns about the branch
15
POL00084287
POL00084287
This list is not meant to be exhaustive. Regardless of the circumstances, if there
is any doubt or concern about the branch or Subpostmaster contact the
Contracts Advisor.
9.3.3 Should the Subpostmaster admit any fraudulent activity, he/she should be advised
immediately that the branch will be kept closed and the Contracts Advisor and Fraud Team
Leader contacted.
Should the Subpostmaster be suspended, there is a possibility that the branch will remain
closed and the assets defunded (ref EASE — Audits — Closure Process - Chapter 5) for
details about branch defund, In this case, a special notice to this effect should be displayed
and NBSC should be contacted to advise them of the situation. If the branch is to remain
closed, the datestamps should be lodged in the safe. Arrangements for the door and safe
keys should be agreed with the Contracts Advisor.
9.3.4 In cases involving suspension, the lead Field Advisor should obtain six periods worth
of branch trading statements, and keep them with the other audit papers for retention at the
central archive in Maidstone. This will assist the Fraud Team should there be legal
repercussions.
Originals should be obtained, but copies (where such facilities exist) are acceptable. Should
there be no statements available, a reprint of the last completed statement must be obtained
from the Horizon system.
If the Subpostmaster objects to their removal, it should be pointed out that the paperwork is
the property of Post Office® Ltd, and if necessary a receipt should be issued.
9.4 Appointing a Temporary Spmr - If the Contracts Advisor decides that the
Subpostmaster is to be precautionary suspended from the office then it may be possible to
appoint a temporary Subpostmaster in his place to ensure continuity of service.
The Contracts Advisor will commence this process with the permission and agreement of the
existing Subpostmaster. The Field Adviser must carry a set of paperwork to carry this out
under the direction of the Temporary Subpostmaster Advisor,
(ref EASE — Intervention — Temporary Spmr Security Checks)
16
POL00084287
POL00084287
Section 10 - PROCEDURES FOR FINANCIAL ASSURANCE AUDIT (TIER 2)
(in addition to aforementioned Financial Assurance Audit (FAA) procedures)
10.1 Obtain the Branch Trading Statement.
10.2 Check all cash, cheques, currency, postage, stock on hand as required for completion
of P32 (Tier 2).
10.3 Working papers specific to Tier 2 must be used from the toolkit.
(ref - EASE — Audit — Audit Process Manual — Audit Tools- Working Papers Chapter 2)
10.4 If a Tier 2 audit has been scheduled then in addition to the agent debt and staff names
information the Network Admin Support Duty will also details of figures for rems reported in
the current trading period. If the Financial Assurance Audit (Tier 2) is by escalation then
these figures must be requested by the Field Advisor.
17
POL00084287
POL00084287
Section 11 - COMPLIANCE AUDIT
11.1 Compliance audit tests (CATs) are designed to test that regulatory
compliance and business conformance procedures are operating as intended, by
checking evidence of adherence to the approved systems.
11.2 The Field Advisor's role in compliance auditing is to undertake sufficient
testing to be able to confirm, with reasonable assurance that controls that should
be present in a system are being deployed.
The areas tested are:
e Core CATs (Compliance Audit Tests)
e Government Services
e Procedural Security Inspection
11.3 For current tests and user instructions see CAT reporting tool and user instructions on
our Toolkit.
(ref EASE —- Audits — CAT Tools/Instructions).
Section 12 - Follow Up audit
12.1 Follow up Audits are performed to provide assurance that gaps identified at a previous
Audit have been addressed.
12.2 Follow up audits will be noted on the Schedule as code 475, and the entry will have the
branch code and branch name noted.
12.3 You must access the latest Follow-Up Tool from EASE — CAT Tools/Instructions).
12.4 You must access the latest — User Instructions for Follow-Up Audits as above.
12.5 On site, you will test that all actions have been addressed and gain assurance that
there is evidence to support your findings.
12.6 A cash check must be performed by the Field Advisor attending the branch.
12.7 You will perform a closing meeting, to discuss your findings.
12.8 You will complete the relevant Follow-Up Audit Report, and post a copy to the branch
and copies should be emailed to all stakeholders as per latest Audit Report matrix.
Section 13 - CLOSE OF AUDIT MEETING
18
POL00084287
POL00084287
13.1 Once the financial audit and compliance tests have been completed, the audit findings
will need to be discussed with the Subpostmaster. The following guidelines should be
followed:
e The closing meeting should already have been discussed and planned with the
Subpostmaster as part of the opening meeting at the outset of the audit
e The meeting should be conducted in private whenever possible as some of the
points for discussion may be sensitive
Recognise good working practices in the office
The lead Field Advisor should be familiar with all the findings of all the tests
completed
e When talking through the findings it is important to discuss them in a balanced
way and be able to qualify exactly what is meant. The reason for any actions
should be made clear. It is essential to highlight where the correct procedure is
documented and the importance of adherence to it, by explaining the correct
procedures and clarifying understanding. The lead Field Advisor must highlight the
consequences and impact of failure to comply for the Postmaster/staff and for the
business. Failure could lead to the loss of the Subpostmaster’s contract to provide
products and / or services, and / or financial penalties for Subpostmaster, his staff
and the business
e Following the closing meeting a customer satisfaction feedback form should be left
with the Subpostmaster at the branch — The Postmaster should be encouraged to
complete and return this form.
Section 14 - AUDIT REPORTING
14.1 All standard audit reports are embedded within the P32, CAT Reporting Tool or Follow-
Up Audit Tool.
Please refer to the latest user instructions held on EASE.
Please refer to the current “reporting matrix” held on the
19
POL00084287
POL00084287
(ref - EASE — Audits — Audit Process Manual — Chapter 8)
In the event of a suspension an additional report will be required, (ref - EASE- Audit- Audit
Process Manual - Report Templates)
14.2 The lead Field Advisor must telephone the branch two days after sending the report to
confirm their understanding of the content and highlight their responsibility for the return of
the Declaration of Compliance.
20
POL00084287
POL00084287
CROWN OFFICE APPENDIX A
(Additional information to be used at Crown Branches)
The appropriate working papers specifically for Crown offices must be used.
e Check and verify as a minimum, 50%of the counter stocks. If time and resource allow
then additional counter stocks can be checked
All dormant stocks have to be checked
Any stock held by the Branch Manager (it is advisable for the integrity of the audit to
have a back office duty confirm whether the Branch Manager has a stock allocated to
them rather than accept the Branch Manager's declaration)
¢ Stocks with cash in excess of 25k
If a discrepancy of more than £1000 is discovered, this should be reported to the Crown
Area Manager and Fraud Advisor: There is no need to escalate this to a Tier 2 Audit, or keep
the branch closed for longer than is necessary.
If a discrepancy of £10,000 or more is discovered, the Crown Area Manager and Fraud
Advisor must be notified immediately and the Branch remains closed until a full Audit of
Accounts (Tier 2) can be completed. The branch should be re opened at the earliest
opportunity to minimise disruption to customer service.
21
POL00084287
POL00084287
FRANCHISE AND MULTIPLE BRANCHES. APPENDIX
B
The all branches database will provide details of branches that are of either a franchise or
multiple branch type. The lead Field Advisor should obtain this information at the preparation
stage along with:
e The name of the multiple / franchisee
e The multiple/franchise company contact point e.g. nominee
« The name of the Contract Advisor
The financial audit process outlined in this chapter can be applied to multiple and franchise
branches with the following exceptions:
If highlighted in the Branch Performance Profile model the lead Field Advisor will need to
determine if the procedural security compliance paper needs to be undertaken if the branch
is a franchise. Some franchise branches are self-insured and in these cases the Procedural
Security Inspection tests should not be completed. The self-insured franchise branches can
be identified from the branch details excel spreadsheet, available from EASE. Any major
security weaknesses must be still noted, however, and commented upon in the audit report.
On arrival at the branch, the lead Field Advisor should make the visit known to the store
manager and any local entry procedures must be adhered to. At the beginning of the audit
the lead Field Advisor must telephone the company contact e.g. nominee or post office
representative as soon as possible to advise that an audit is taking place and to invite them
to the closing meeting at the branch. The estimated time of the closing meeting should be
advised and, if the company contact is unable to attend, it must be confirmed that they are
happy for the audit findings to be discussed with the officer in charge on site. In this
situation, the nominee or post office representative must be contacted upon completion of
the audit to relay the findings.
Any irregularities, discrepancies, admissions etc. should be reported to the Contract Advisor.
22
POL00084287
POL00084287
OPEN PLAN AND COMBINATION FORMATS APPENDIX C
A Combination Store is the title given to retail branches that combine other retail business
with Post Office transactions using the same point of sale. The same person will deal with
retail and Post Office transactions, but funds and accounts will be separated.
The financial audit outlined in this chapter can be applied to open plan and combination
branches, but special care must be taken because of the different security arrangements.
To minimise security risk to staff and funds, the following principle applies:
e Under no circumstances should bulk cash be counted in positions which are
exposed to the public
e If the owner of the premises refuses to close to allow for the counting of bulk cash
then contact their Contracts Advisor
e All cash on hand should be counted in a secure back office area (if available) or
prior to the branch opening for business to avoid the problem.
e Cash being moved to a secure area should not exceed the till limit for open plan
working unless the premises are closed
POL00084287
POL00084287
WH Smith Branch APPENDIX D
(Additional information to be used at WH Smith Branches)
e Onarrival at the branch, the lead Field Advisor should make the visit known to the
store manager and any local entry procedures must be adhered to.
e There is no need to contact WH Smith (as we would with any other multiple) as senior
WHS Security & Investigation managers are aware of the audit plan.
e¢ WHS have an insurance waiver, but compliance questions relating to Procedural
Security Inspection should be asked. This is at the request of the Head of Business
Development (WH Smith).
e The closing meeting will take place with the person performing the lead Field Advisor
and the Branch Manager (or their representative at the branch) on the day of the
audit.
Process - Financial
Physical check of cash & cheques
e Counter stocks: - 2 - 3 prioritising in cash value highest while still allowing the branch
to open at the normal time
Main Safe stock unit
Any stock unit showing unusually high cash holdings
Rollercash contents can be assured if branch is open.
Physical check of foreign currency
e Full bureau stock unit only
Physical check of stock
e Main stock only — verify stock items as per Financial Assurance
process (excluding MVL discs)
e Stock items in other stock units where holdings are considered to be high
Full check on a stock unit where a large discrepancy is uncovered.
Process - Compliance
e Questions will be directed towards the BM and ABM in the office and as many counter
staff as practically possible. If the manager is unavailable then a representative of the
manager should be chosen.
e Unlike some self-insured multiple partners, security questions should still be asked.
Contact
24
POL00084287
POL00084287
If there is an issue onsite, i.e. discrepancies over £1000 then there is one main point of
contact, Simon Davies (WH Smith). Any intervention to suspend staff will be actioned by
either Simon or passed onto an appropriate WH Smith manager to deal with. One phone call
from the lead Field Advisor will be sufficient. If Simon is unavailable at the time then either of
the other 2 names below can be contacted.
John Hey — GRO
Audit reports (including Appendix A & B) for WH Smith should be submitted to the
following: :
P32 Duty, John Dutton, Carol A Hill, simon.daviesi
ian.rowleyi” land kevin.hogarth, = GRO :
25
POL00084287
POL00084287
Outreach Branches
Appendix E
(Additional information required at Outreach branches)
This is a new concept to supply small community and rural areas with a counter service. A
Core branch will operate one of a range of outreach options offering a variety of
transactions.
There are four types of outreach branches:
Partnership
Hosted
Mobile
Home Service
PONs=
This document aims to briefly describe each outreach branch type, and identify an effective
audit solution.
Each outreach type is different in function, and therefore could require a different approach
to auditing. Although the risk exposure of cash and stock is strictly limited, there is a variety
of mandatory security procedures put in place which should be tested to ascertain any
degree of negligence by the Subpostmaster or others in the event of a robbery or burglary.
Branch to Branch Remittances
One feature shared by Partner, Hosted and Mobile outreach branches is the ability to make
branch to branch remittances. This means that the Core branch can remit cash and stock
directly to the Outreach and vice-versa; however confirmation of these remittances cannot
reliably be undertaken remotely.
Where an Outreach has remittances recorded on their snapshot, a remittance report must be
produced, detailing the remittances into and out from the Outreach site. On conclusion of the
audit a visit should be made to the Core branch, to confirm the remittances made.
If called upon to close a Partner, Hosted or Mobile outreach site (in conjunction with the
closure of the Core branch), all cash and stock must be remitted in the first instance back to
the Core. The process for doing this is different from the method used by other (non-
outreach) branches, and is described below:
Special ‘Branch to Branch’ labels have been produced for returning cash (P6579), stock
(P6580) and foreign exchange (P6581). The cash, stock or currency should be prepared for
despatch as normal, affixing the appropriate label over the bar code on the appropriate
remittance pouch.
From the desktop menu on Horizon, select:
Transactions (F1)
Remittances (F3)
Out Branch (F8)
Three options will be displayed:
Cash (F1)
Stock (F2)
Currency (F3)
Select the type of remittance you require, and enter the details as normal. When all items
have been entered for the type of remittance being made, touch the ‘Finish’ icon, and scan
26
POL00084287
POL00084287
the appropriate bar code label. A Remittance Out slip will be produced. Repeat for each type
of remittance as required.
Please note that when remitting out cash, a message will be displayed indicating different
procedures for coin; this should be ignored.
For inward remittances, from the desktop, select:
Transactions (F1)
Remittances (F3)
Pouch Delivery (F9)
Scan the barcode of the branch transfer label. A message saying ‘Auto Rem Data cannot be
found’ will be displayed. Press the enter button to continue, and open the pouch. Values
(cash and currency) will need to be entered twice to confirm the amount, with stock items
entered as normal. Sign the advice note and file with the Core branch papers.
Full instructions for branch to branch remittances can be found in Operations Manual
Interim, Issue 1A, dated 7 June 2007.
Partnership
A ‘partnership’ outreach site is operated by an independent party or agent of the Core
Subpostmaster, offering a limited range of standard Post Office services. An area of the
Partner’s own premises (which may be a pub or other retail premises) will be used for
housing portable Horizon equipment and securing overnight cash and stock (for which a size
0 coin container will be provided).
Overnight cash and stock holdings should be limited to a combined value of £6000. The
Core Subpostmaster will deliver fresh cash and stock a maximum of twice a week in a cash
carrying case, and may also remove any surplus items. Surplus cash may also be returned
to the Core branch by Special Delivery. It is possible therefore for value items proper to the
Outreach site to be held at both locations.
All movements of cash and stock between the Core and the Partner will be remitted, as the
Partner branch will operate a completely different branch code. Branch to branch
remittances will therefore be in place.
Working cash should be limited to £600 at all times, with the remainder secured in the
container provided. Opening times will mirror the standard opening times of the Partner,
details of which can be obtained from the online branch locator.
20
POL00084287
POL00084287
The Subpostmaster of the Core will be responsible for producing a trading account at the
Partner branch, and any resulting losses and gains.
Audit Format — Risk Audits
Any risk-based audit will take place on the Partners premises. Establish location and
opening times using ‘Branch Locator’.
Upon arrival a call must be made to the Core Subpostmaster to inform them that an audit is
to take place, and to give them the option to attend if they wish.
All necessary reports required for audit purposes can be generated from the portable
Horizon equipment on site, but as all daily and weekly documentation is retained at the Core
branch; reference may need to be made there if any discrepancy needs to be resolved.
Most, if not all, cash and stock should be on site at the Partner branch. Upon conclusion of
the audit if there is a discrepancy, a visit may be required to the Core branch to verify any
assets of the Partner branch held there. If there is any doubt that assets presented by the
Core are not proper to the Partner, the respective Field Team Manager should be informed,
and a decision on auditing the Core branch needs to be taken.
The standard financial audit process as prescribed in Chapter 3 of the Audit Process Manual
may be followed. As the Post Office site may not be provided with a counter screen, where
possible seek a private area to count any bulk cash.
Compliance testing should be limited to the range of transactions available, remembering
that, other than leaflet distribution, the Partner is not allowed to conduct financial services
transactions.
Audit Format — Robberies/Burglaries
When arranging attendance, the lead auditor should request the Core SPMR to contact the
Partner and inform them of the audit. The Core SPMR should also be asked to attend to
witness the audit.
In all other respects, follow the standard robbery/burglary audit process as contained in
Chapter 6 of the Audit Process Manual.
Audit Format — Transfers/Closures
Where the Core SPMR is transferring or closing, as part of the preparation the SPMR should
be requested to retrieve the portable Horizon equipment from the Partner, together with all
cash and stock in the secure case, for checking and transfer on the day of the
transfer/closure. Ask them to ensure that suspense is clear and all transaction corrections
have been brought to account.
Both the Core and Outreach Horizon systems will need to be balanced, with details of the
new Subpostmaster entered. In addition to a P242 Final Account and P344 Transfer sheet
for the Core, a separate P242 and P344 for the Partner Outreach branch must be completed.
Ensure the secure case and keys are passed to the incoming SPMR and list on form
ARS110.
Hosted
28
POL00084287
POL00084287
Hosted outreach branches differ from the Partnership format in that they are operated
directly by the Subpostmaster (or their employee), although they continue to use third party
premises (such as village halls). A session of service may take place in a number of different
sites, with the cash, stock and portable Horizon equipment being carried to each site ina
private vehicle.
Where different sites are operated, this is known as a cluster. A Core Subpostmaster may
operate more than one cluster, but each cluster will have its own cash, stock and Horizon
equipment and be issued with their own individual branch codes. The code will be unique to
the portable Horizon equipment.
Although the same equipment will be used at each site, and thereby the same code used for
accounting purposes, each site will have a dummy code which will be used by ‘Branch
Locator’ for address and opening times only.
Please be advised that portable Horizon equipment is very heavy (nearly 10Kg) so moving it
is inadvisable without health and safety measures being considered.
Cash and stock is remitted between the Core branch and the Hosted cluster, so again,
branch to branch remittances will be in place.
All items are transported in a secure case to each Hosted site and returned for overnight
storage to the Core branch. Cases will normally have a £6000 limit, but certain clusters may
be issued with a £15000 limit case. No value items should be left at the Hosted site
overnight.
The Subpostmaster of the Core will be responsible for producing a trading account for each
cluster at the Core branch, and any resulting losses and gains.
Audit Format — Risk Audits
As each site has a unique branch code, its location and times of opening can be found via
the intranet ‘Branch Locator’. However as these are dummy branch codes for location and
opening times only, the sites are actually operated using mobile Horizon equipment with it’s
own branch code (when part of a cluster).
Where a risk is identified with the cluster code, we need to identify the location of the
equipment at any given time. Once known, an audit can be scheduled at a time when the
equipment (and thereby the cash and stock) is back at the Core branch. No cash or stock
should be held at the Hosted site.
This will provide a secure location from which to conduct the audit, and will assist with the
verification of the remittances.
Follow the standard audit process as laid down in the Audit Process Manual.
29
POL00084287
POL00084287
Audit Format — Robberies/Burglaries
Burglaries will affect both the Core and Outreach as all cash and stock for the Outreach
should be held on site at the Core branch. If it is confirmed that Outreach cash or stock has
been stolen in the burglary, a separate audit will need to be undertaken on both the Core
and Outreach, with the overall loss being apportioned appropriately.
In the event of a robbery on a Hosted site, the Subpostmaster or his employee (whoever is
operating the cluster) should be requested to return to the Core branch for an audit.
In both instances the standard robbery/burglary process should be followed.
Audit Format — Transfers/Closures
Where the Core SPMR is transferring or closing, as part of the preparation the SPMR should
be requested to ensure the portable Horizon equipment for the Hosted site, together with all
cash and stock is available for checking and transfer. Ask them to ensure that suspense is
clear and all transaction corrections have been brought to account.
Both the Core and Outreach Horizon systems will need to be balanced, with details of the
new Subpostmaster entered. In addition to a P242 Final Account and P344 Transfer sheet
for the Core, a separate P242 and P344 for the Hosted Outreach branch must be completed.
Ensure the secure case and keys are passed to the incoming SPMR and list on form
ARS110.
Mobile
A mobile van is a third option for Outreach sites. The van is specially adapted for use as a
Post Office, allowing customers to enter and conduct transactions inside. The van may be
operated by either the Core SPMR or his registered assistant.
The Mobile travels to designated places in defined communities to operate a session of
service, and offers all the transactions offered by the Core branch, together with a small
selection of retail items from the SPMR private business. A mobile phone must be provided
by the Subpostmaster for use in emergencies.
The vehicles remain the property of Post Office Ltd at all times, and are subject to strict
conditions of usage. A cash carrying case is also supplied for carrying cash and stock
to/from the Core branch and the Mobile, which contains a four minute delayed cash
compartment. Fuel for the vehicle is paid for by the SPMR, for which there is no
reimbursement.
Vans are fitted with fixed Horizon equipment with unique branch codes from the Core
branch. Again, branch to branch remittances will be in place. Maximum disposable cash that
may be carried in the van is limited to £15,000, and should be bundled in £500 units. There
is a secure compartment fitted to the vehicle for holding the cash case.
At close of business, the van is returned to the Core branch, where all cash and stock is
removed for storage in the safe overnight. The van itself is plugged in to a remote power
supply and ISDN line overnight for polling and recharging.
Audit Format — Risk Audits
Where possible, an audit of a Mobile should be scheduled to take place at the Core branch
at a time when it can be verified that the Mobile is not itself scheduled to make its rounds. If
already departed, contact should be made with the van by mobile phone to request its return.
30
POL00084287
POL00084287
Print out a snapshot using the Horizon terminal inside the van. Obtain other relevant
paperwork from the SPMR and verify assets inside the Core branch. Once verified with no
significant discrepancies, the Mobile may be loaded up and allowed to depart. Care should
be taken to ensure that only cash and stock relevant to the Mobile is presented. If there is
any doubt, a full audit of the Core branch must also take place before the Mobile leaves.
Audit Format — Robberies/Burglaries
If the Mobile is hijacked, procedures described in ‘Auditing Without Access to Horizon’
should be followed.
In the event of a robbery, the Mobile should be requested to return to the Core branch after
any Police activity has ceased to enable an audit to be carried out.
In all other respects, follow the standard robbery/burglary audit process as contained in
Chapter 6 of the Audit Process Manual.
Audit Format — Transfers/Closures
Request the outgoing SPMR to ensure the Mobile is returned to the Core branch in time for
the transfer/closure activity to take place, with cash and stock removed to the secure area.
Balance both the Core and Mobile branches (audit resource may need to be increased,
depending on the combined bth figure), rolling both into the next trading period or balance
period as appropriate.
Add/remove both incoming and outgoing Subpostmaster’s access to both sets of Horizon
equipment, and complete a P242 Final Account and P344 Transfer form for each branch
code.
Ensure the Mobile van, cash carrying case, all relevant keys, together with log books and
maintenance records are transferred to the incoming SPMR and are recorded on the
ARS110 form.
Home Service
A Home Service is run by a Core branch providing a limited range of Post Office services to
registered customers within a strictly defined area.
For a customer to use this service, they must be registered with the Core branch and live in
the defined area served by the Outreach. Completed registration forms will be held at the
Core branch.
Orders may be placed by the registered customers by phone to the Core branch, where the
orders are recorded onto an order form (in duplicate) and made up. The order may then
either be:
e sent by post (certain prepaid items only (no cash), minimum value £10)
e delivered to the customers home (again, minimum £10)
e taken to an agreed ‘drop-in’ centre
All fulfilled orders must be transported using a secure case (£2000 limit). Certain ‘on
demand’ products may also be taken for sale ad-hoc, together with a small cash float. Upon
delivery, the customer will sign the order form and be given the duplicate copy. The top copy
is retained.
31
POL00084287
POL00084287
All transactions will be processed through a separate stock unit on the Core branch Horizon
system, once payment has been received from the customer. Note that for this type of
Outreach, there is no separate branch code; it is simply a separate stock unit on the Horizon
system of the Core branch.
Audit Format — Risk Audits
As this Outreach model does not have a separate branch code, any audit will be determined
from the risks affecting the Core branch, and any resulting audit will take place at the Core
branch.
Once on site, establish whether a Home Service is scheduled for that day, and the likely time
of departure (or return if already departed). If one is scheduled, make this a priority for
checking. Print off a balance snapshot for the Home Service stock unit and verify the items
held. If items are stored in the secure case, be aware that there is a four minute time delay
on the cash compartment.
If already departed before commencement of the audit, any cash/stock removed for the
Home Service is not on site and cannot be included in the audit. Any resulting shortage on
the Home Service stock unit should be below the £2000 maximum limit.
If the case is returned before the end of the audit, verify the contents to the discrepancy
derived. If it is not returned and the result requires escalation, inform the Contracts Advisor
that a Home Service is operated and that the result is affected by the discrepancy on the
Home Service stock unit.
In all other respects, follow the standard audit process as contained in Chapter 3 of the Audit
Process Manual.
Audit Format — Robberies/Burglaries
If a robbery occurs on the Home Service case whilst away from the Core branch, and it is
confirmed that all necessary transfers have taken place between the Core and Home Service
stock units, then discretion may be used to audit only the Home Service unit (or waive it if
below £1000).
In all other respects, follow the standard robbery/burglary audit process as contained in
Chapter 6 of the Audit Process Manual.
32
POL00084287
POL00084287
Audit Format — Transfers/Closures
No change from standard process. Ensure the case, keys and customer registration forms
are passed to the incoming SPMR and listed on form ARS110.
Further Points/Problems Identified
1. As Hosted sites have dummy codes but are serviced by a cluster Horizon equipment
with its own code, how does that sit with the risk model? Theoretically as the only
code used for accounting purposes is the cluster code, only that could possibly have
arisk based audit, but if the dummy codes are entered on the risk model as well,
could these be selected on a random audit? If so, we will actually be auditing the
cluster, not the dummy.
2. The above has highlighted a need for us to have a database indicating:
e Core Branches
e Outreach branches each operates
e Location/code of each Outreach
e Mobile rounds (specifically times and days of leaving/return)
ATMs APPENDIX F
There are 5 different ATM types on site at branches.
The different types of machines in the network are:
33
POL00084287
POL00084287
e PO maintained — this machine holds between £50k— £250k and is funded by a
remittance received at the branch. The transactions are reported through the
branch trading statement
Fully Serviced — this machine type is totally maintained by Securicor
Self-fill: Retail cash — this machine is funded from private cash and under no
circumstances must Post Office funds be utilised. This is considered misuse of
funds and should be reported to the Contracts Advisor
Self-fill: PO cash — this machines hold £1k - £3k and are funded from PO funds
Self fill surcharge — this machine holds a maximum of £2k, funded by PO funds.
Funds must be only PO, i.e. NOT £1000 retail, £1000 PO. NB: All funds must be
removed and secured in approved safe overnight.
There are consequently only 3 machine types that would need to be verified as part of the
audit process. Although it is not possible to open any of the ATMs whilst the branch is open
for business (if access is not via the secure area), consideration should be given to checking
the contents of the ATMs before the branch is allowed to open. If the branch (or the retail
side) is already open for business when the audit commences then they should be closed for
a short period whilst the ATM contents are checked.
If, however, it is not possible to perform a physical check of the ATM during the audit then
sufficient reports should be obtained from the ATM to provide assurance that funds are on
hand within the ATM. This should be subsequently fully documented in the audit report, and
reported to the Contracts Advisor at the time of the audit.
The obtaining of ATM reports should not be considered a replacement for physically
checking the actual contents of the machine. It should be used as a temporary measure to
carry on with the audit until such time (during a quieter period of the day as mentioned
above) when the branch can be closed for a short period to perform the physical verification.
In extreme circumstances when the ATM is unable to be accessed, 4 weeks entries for ATM
withdrawals should be checked to ascertain whether or not stated holdings are reasonable.
All instances whereby the ATM cannot be accessed must be reported to the Contracts
Advisors.
34
POL00084287
POL00084287
ACCESS TO THE HORIZON SYSTEM APPENDIX G
It will be necessary as part of an audit to gain access to the Horizon system at the branch
being audited. There will also be times when different levels of access will be required and
the following should be adopted:
Standard Audits
Field Advisors can be added to the system as a user in order to print the necessary reports
or the reports can be requested from, and produced by, the Subpostmaster. Where the
Subpostmaster supplies the reports, a Field Advisor should remain in attendance whilst the
reports are produced. If the audit subsequently identifies a financial irregularity a ZAUD99*
one-shot password (OSP) should be obtained for further use of the system. Any extra users
can then be added to the system, if required, from the ZAUD99 user ID.
Audits at the request of the Investigation Team
It is important at these audit types that we do not jeopardise future court cases or
prosecutions by ensuring we have followed proper access procedures to the Horizon system.
A ZAUD99* (OSP) should therefore be obtained for access to the system and this to be
obtained on site in the secure area. Once logged on as ZAUD99 user it can then be used to
create other users on the system in order to later assist with the production of
transaction/event logs.
*If the audit is a contract and service concern or investigation request then the ZAUD99 level
of access will be required. The NBSC must be contacted as soon as possible after the start
the audit to commence the process for obtaining this type of access. As previously stated,
do not attempt to log on to or gain access to the Horizon system until this one-shot password
has been obtained. Any delays or problems in obtaining a one-shot password must be
reported to the Field Team Leader.
Please note: - If users have been added to the system during the course of an audit
remember to delete them from the system at the conclusion of the audit before leaving the
branch.
35
POL00084287
POL00084287
APPENDIX G
I) Elle Edt view Insert Format Tools Data Window Help
(OSM SRY BAS O-- ISTAN MB -Oljaw/MialIr ©
I Postofficesans -2-Ip7 ule eB RIOx, II S- o-Aa-_]
I EaI Bela aI
Ao = =) 14
2 i © Tet G TT s THT 1 TsT K [eT —
ee = Stage] Stage? ‘Stase3 ‘Staged ‘Stages Stages =
in Toseerp I 2]eamcons I estmncionng Se [prose
=p [al Otice mapahor [Besinap [> [FS oir baencng Lp [Force pan Lorri 1
zs
1 [_o[enecncta waste mere ton one oeheat) [Duoop [>] Fe Ropers I [Fe orient [Fe uncconcicatonaee [rari ]
[$a] view Stock Uns [Bscitop[b [FT Administration —[ [FI Stock Unk [oI Fa view Stock Uans Lo [view tot ony ]
[I
Eye [prem ]
[a I
[pte T] Oxtctending sommarioo [peainop [6 [Fa Stock batoncing [b [Fi6 Semmaricr TL [Print sommarics for aired I > [Fa Prine 1
[I
feseel ST Sespence eecomtranore [Seainap D5 [FS Repos To Fe oi waa LP [eit Sucpance sccount ——[ 6 [Fa Bre =
[ 2
[gr I t[tencioninnt@) __DeK-Aom azo) [Dwonon I [Ferepere [>] FoTreenon tog [o]rovunten ese I >) rntaede [>] ritasas
bis Care: i [Desktop I b[F2 Reports [> [2 Office daily LPT Fa Rime in (daily) LOT Fa Print ]
[as ( Rem Om [Becitop 1 IF Reports Le [Fe orice oom Lo [Fa Roms ont (ani) Lol Ferm ]
I 3) Cis] Rerenatrepone [Beaitop [> [F2 Reports Lb [FS Trenssction tog DTFimea. [bea = repost tor BV LP [Fi continwe
Fs
[oe]
[eg [reson noc a oamaceRerentrenare) _Dwomon I *[F2Repons [>] Fe Reprmne [>Iresueass [rriesisasaan =)
™
7” See Sa [[resvesmme (BEES [rear
*
eye [o]rtere npsn [Pl edectpated [fe conte
[oe
c= og fit required by investigations) Desktop I > IF2 Reporte > TFT event Log > TY All events » I F2Batoncing + Srceuereneed
ex
[ Stock adjustments [Desktop I > [F2 Reports [> [FS Transaction log Lo TFiimode [> [Stock adjustments (+) & repest for stock adjuctments(-) I > [F16 continue
(> di \Sheeti { sheet2 £ Sheet3 =
[~ ICaps [ i i fe)
SE SHIPS 15:34
joc - Microsoft Word)
Ready
RsertII HO HS wi
POL00084287
POL00084287
Dealing with discrepancies over £1k revealed at audit or admittance. (Except Crown Branches)
Appendix H
Discrepancy < £1k Discrepancy > £1k Misuse of funds admitted
Lead Field Advisor to report findings to the
Are there ‘any financial Contracts Advisor, Investigation Team Manager,
irregularities or suspicious I __-__» Audit Planner and Team Leader. For National
circumstances? Yes Multiple branches the Lead Auditor should also
7 contact the National Multiple Team for amounts
> £5K
No
Contracts Contracts Advisor [Contracts Advisor makes} Contracts Advisor
Seek proposals to make Advisor makes a decision to a decision to makes the decision
good audit discrepancy makes a Ig */close the branch and I precautionary suspend »I NOT to precautionary
decision to de-fund subpostmaster and suspend
keep the subpestimaster—
branch Yes Ye
Document findings and closed Audit Leader de- Audit leader adjusts Audit Leader to
proposals in the audit pending funds branch and horizon accordingly to complete audit as
report. E-Mail the audit interview prepares final reflect the true cash and normal including CAT’sI
report to the relevant account stock figures in the if time available
bodies branch and prepares for
ae
Yes
Secure all cash, stock and none
value items in safe obtain safe keysI
and change alarm codes, if branch
to be kept closed or transferred at aI
later date