POL00084801
POL00084801
Audit Process Manual
Chapter 3 — Performing a Branch Audit
5.1
audit in all branches.
Outline responsibilities and process to perform an
Network Field Team
March 2011
Stakeholders
Adrian Wales
Martin Felinc
Network Support Manager
Delivery of audit targets
Craig Tuthill
Lee Heil
Risk and Assurance Mgr: Branch Profile
Network Support Performance Mgr: Reporting
Network Support Admin Mgr: Reporting
Responsibilities in change
Author Field Team Leaders - Dave 30/04/2010
Ogleby, Wendy Mahoney &
Linda McLaughlin
Assurance Field Support Change 06/05/2010
Advisor
Authorised Network Field Support
Project Manager
Communication Field Support Change
Advisor
Version control
Ver 4.0 Annual Review All 31/08/0
9
4.1 References to NFS Toolkit replaced with IAll Oct 09
EASE.
4.2 Updated as result of FTL Cascade All Nov 09
4.3 NS&I report removed 8.2. Jan 10
Reminder about declaring cash in empty 8.1
stocks before coming out as requested
by Tony Hills.
4.4 Reference to Operational Publication CR I 3.9 April
Rom removed and Branch Standards 10
booklet added
4.4 Example file name now preceded by P32, 6.7 April
North, South and Central removed 10
4.4 Reference to Toolkit removed 6.12 April
10
4.4 Paragraph re worded for grammar 8.33 April
10
4.4 References to Fraud Team Leader and All April
Fraud Advisor removed and replaced with 10
Security Manager
POL00084801
POL00084801
4 Cash Account removed and replaced with 8.63 April
balance 10
4 Core CATS’s replaced with CAT’s and 11.2 April
DVLA, IPS,AEI added after Government 10
Services
74 Remove Audit Code 475 12.2
4 Revised Core and Outreach Process Appendix I April
E 10
24 Appendix removed Access to Horizon New App April
added H 10
4 Reference to Network Support team now All April
changed to Network Field Team Audit 10
Admin Duty
4 Changes to Stakeholders Stakehol I April
der 10
4 Changes to Author’s Ownership Change April
10
4 Changes to Responsibility Ownership Change April
10
-0 Annual Review All 30/04/1
0
1 Responsibilities in Change updated and 06/05/1
pages numbers in Index realigned. (SL) 0
1 Introduction 3
2 Types of Audit 3
3 Field Advisor role and responsibilies 3
4 Lead Field Advisor Role $
5 Planning 6
6 P32, The CAT Reporting Tool and SharePoint 7
7 On Site Activity 9
8 Financial Assurance Audit (FAA) 10
9 Irregularities 14
10 Financial Assurance Audit (Tier 2) 15
11 Compliance Audit 16
12 Follow-Up Audit 16
13 Close of audit Meeting 17
14 Audit Reporting 17
App A I Crown Office 18
App B Franchise and Multiple Branches 19
App C_ IOpen Plan and Combination Formats 20
App D_ I WHSmith 21
App E I Core and Outreach Branches 23
App F_ I Post Office Essentials 24
App G ATM 25
App H_ I Access to Horizon System 26
POL00084801
POL00084801
Section 1 - INTRODUCTION
1.1 Audit activity takes place because we have stakeholder
requirements to ensure that
we protect, maintain and account for all our assets, both those we
own and those we look after on behalf of our stakeholders. We are
also responsible for ensuring that all our staff and agents operate
their Post Office® branches in accordance with legislative
regulations as well as conforming to our operating licence and to
customer charter standards.
1.2 We will attend all types of branches throughout the year to
verify financial assets on hand and to test regulatory compliance and
business conformance against standards set out in our operations
manuals.
Section 2 - TYPES OF AUDIT
2.1 These are the types of audit
=" Financial Assurance (FAA) and (Tier 2)
= Compliance
=" Follow Up.
2.2 The Financial Assurance Audit (FAA) involves the verification of
cash, selected stock items and vouchers on hand. Items not verified
are deemed to be assured.
2.3 The Financial Assurance Audit (Tier 2) is a comprehensive check
to assess the current trading position of the branch. This will be
carried out if requested by stakeholders or as the result of
escalation by a lead Field Advisor, visiting to complete a lesser
request, resulting in unsatisfactory findings.
2.4 The current financial position of the office is calculated and
recorded by completion of an Excel based file known as a P32 and
comparing this to the Horizon system derived “balance due to PO
figure” using the latest declared branch trading statement, and
reports obtained from the Horizon system.
2.5 The objective of the Compliance Audit is to check that mandatory
business conformance and regulatory compliance controls are operating
as intended: by checking evidence and gaining assurance that the
required controls are in place. Compliance to business policies and
procedures can be tested in conjunction with the Financial assurance
Audit visit or on a separate visit.
2.6 The Follow Up Audit procedure is to establish whether gaps in
regulatory compliance and business conformance have been addressed
from a previous audit visit.
2.7 Details of all audit types are available on EASE- Audits- Audits
Types List. The Network Support Field schedule entry is annotated to
explain to a Field Adviser what type of audit is required and whether
they are to lead or assist.
Section 3 - THE FIELD ADVISOR ROLE AND RESPONSIBILITIES
POL00084801
POL00084801
3.1 The Field Advisor’s role at audit is completely objective and the
reports they produce after the visit must be detailed, accurate and
factual. The Field Advisor’s role is not to speculate on the cause of
the outcome of the audit or the honesty of agents or staff either
overtly or by implication. Anything recorded which is deemed to be of
a subjective nature would undermine any subsequent investigation and
could impact on the ability of investigators to pursue the case.
3.2 Field Advisors should not enter into any discussion or
speculation about why the office has been scheduled for a visit.
3.3 If the audit should end in the precautionary suspension of the
Sub postmaster then the Field Advisor must not apologise or enter
into any discussion as to why a precautionary suspension has been
affected. The Subpostmaster must be referred to their Contracts
Advisor.
3.4 There will be circumstances where an audit visit to an office
leads to an escalation or investigation so it is necessary for the
Field Advisor to be conscious of this from the outset.
3.5 The Field Advisors must take detailed note of all timings and the
course of all events. The actions of those on site and conversations
held may become relevant if there is to be an investigation of mis
conduct or dishonesty. The lead Field Advisor is responsible for
reporting these details.
3.6 For full information about the support available from the
Contracts Advisor see Irregularities.
3.7 All Field Advisors must carry their security passes and wear a
Post Office® name badge whilst on site in branches.
3.8 Field Advisors must take their laptops to an audit so the
activity is not jeopardised by laptop failure. General security rules
apply. Any bags, laptops or equipment not required on site should be
locked out of sight in a vehicle.
3.9 All Field Advisors working on audit activity must carry with
them:
" A copy of the current display instructions
= Compliance workbook for reference
=" The Branch Standards booklet
= A supply of Kendata customer satisfaction feedback forms and
envelopes. (email OFS)
= The Network Support Directory of Mobile and Mobex numbers
(vef: EASE Audits - Contacts).
They must also carry a supply of the following items to leave at
offices where they are found to be lacking:
> *Travel Insurance Important Notice
*Oral Disclosure Statements
*Data Protection Act Leaflet
*Your Guide to Customer Service
*Suspicious Activity Reporting Form
Note, coin, rem bags, Horizon bar code stickers for non
CciT rem.
VVVVVV
POL00084801
POL00084801
*All can be printed from EASE- Handout/Guides
(Your Guide to Customer Service Internet print not to be handed out
to customers)
3.10 It should be noted that although the Field Advisor will supply
these items, this will still be noted as an audit gap and the Field
Advisor must witness the Subpostmaster placing an order for missing
items via Horizon.
3.11 In addition to the aforementioned items the Field Advisor must
have the following paperwork:
*" A record of conversation held (ref -EASE - Audits.)
=" A without prejudice receipt (ref - EASE - Audits)
= A workplace Risk Assessment. ( ref - EASE - Admin- Health &
Safety- Appendix C)
=" An application form for Grapevine ( ref - EASE - Training On
Site - Grapevine)
= Paperwork necessary for performing an office transfer (ref -
EASE- Audits)
=" Paperwork necessary for appointing a temporary Subpostmaster (
ref - EASE - Intervention - Temp SPMR Security Checks)
3.12 The Field Advisor must carry notices informing the public of
temporary closure or closure, to include the nearest MVL issuing
office is applicable. (ref - EASE - Audits - Closure Notices).
Section 4 - THE LEAD FIELD ADVISOR ROLE
4.1 The Outlet Field Support schedulers will indicate via the
schedule which Field Advisor or Field Advisors are to carry out the
audit visit and who has been allocated the “lead” role.
4.2 It is lead’s responsibility to prepare for the audit, manage
activities on site, report financial irregularities and subsequently
complete the audit reports.
4.3 The lead is responsible for the introductory discussions with the
Subpostmaster, providing regular updates and performing the closing
meeting.
4.4 The lead is responsible for delegating tasks for example; P32
completion, checking of display material, checking of bureau, to
ensure the audit is run in an orderly manner making efficient use of
the resource available and minimum disruption to customer service
4.5 The lead is also responsible for the decision to re-open the
branch when sufficient checks have been carried out to provide
assurance that an escalation to Tier 2 or the involvement of the
Contracts Advisor is unlikely. It is desirable to re-open the branch
as quickly as possible to minimise disruption to customer service and
the lead Field Advisor must use their discretion to judge when this
is appropriate. However should subsequent findings indicate that the
situation requires escalation then they have the authority to re-
close the branch, informing NBSC of the current status and the
customers of the alternative branches.
POL00084801
POL00084801
4.6 The lead is responsible for contacting the other Field Advisors
to discuss arrangements and organise travel in accordance with the
current Business Travel Expenses (BTE) policy, arrange a meeting
point and consider contingency arrangements in the event of absence,
sickness, travel or other problems. The meeting time should not
preceed the branch opening time by more than 20 minutes. (ref - EASE
- Audits - Audit Process Manual - Chapter 12 - Continuity Planning)
4.7 The lead must provide the official working papers for use in the
branch. Only the current versions of working papers available on EASE
are acceptable. Working papers for escalation to Tier 2 must be
carried if attending a Financial Assurance Audit, (FAA
4.8 The lead should ensure that when on site the use of mobile phones
is kept to a minimum and phones put on silent/vibrate once the office
has re-opened. Any conversations that must be held from site should
be done so out of earshot of the counter unless this is absolutely
unavoidable. Clerks serving on the counter must be able to converse
with customers without being hampered by conversations taking place
behind the counter.
Section 5 - PLANNING
5.1 The Field Adviser designated “lead” at the audit is responsible
for carrying out the pre visit preparation. The lead must check the
audit type, branch name and code and other details supplied by the
schedulers. Using the available databases on the Intranet i.e. Branch
Finder and Branch Database Snapshot also known as the Configuration
Management Snapshot they can find all the information on the branch.
There is further information including the last date of audit
available through the All Branches Database in the Audit section of
EASE. There is a separate database of branch opening hours available
on EASE too and details of Branch Trading dates to establish when the
branch last rolled onto a new BT period. The lead at the audit uses
these details to populate the P32 audit tool and the CAT Reporting
Tool.
5.2 Whilst accessing these databases the lead auditor must also take
note of what type of office this is for example:
Agency Offices
Crown Office ( ref - additional info Appendix A)
A Franchise or multiple (ref- additional info Appendix B)
Open plan or a combination store (ref - additional info
Appendix C)
e WH Smith (ref - additional info Appendix D)
e Core and Outreach (ref - additional info Appendix F)
e Post Office Essentials
5.3 The type of office will indicate any further preparation
required. Exceptions that relate to specific types of office are
detailed in the appendixes. All this information must be accessed in
addition to the Audit Reports Matrix to determine where the reports
must be sent. ( ref - EASE - Audits - Audit Process Manual - Chapter
8
POL00084801
POL00084801
5.4 The lead Field Advisor must also determine if any non-standard
transactions are performed at the branch as they will need to ensure
that monies associated with these transactions are included in the
audit checks. The outlet should also be able to demonstrate that
these products are being accounted for in the correct manner.
Bureau de change (ref - Section 8.5)
ATM (ref - Appendix )
Lottery (ref - Section 8.6.1 - 8.6.5)
Paystation (ref - Section 8.3.1)
Teller cash dispenser
Combi till ( ref - Appendix C
Postshop
e SVM - cash assured
e Rollercash ( ref ~ Appendix C
There are instructions for dealing with these non standard
transactions in the relevant Counter Operations manuals and Field
Advisors must familiarise themselves with these to be prepared to
check cash and accounting practices at on site activities.
5.5 The lead must also consider any other factors that may impact on
the amount of resource required for audit activity e.g. seasonal
variation, Public holidays or local events affecting cash flow and
banking activity.
Section 6 - P32, THE CAT Reporting Tool and SharePoint
6.1 A P32 is an Excel spreadsheet designed to support planning,
verification and assurance of assets and generate the reports
required by Financial Assurance Audit activity at all branches. The
lead Field Adviser is responsible for posting all reports to the
branch. And email reports as per Audit report matrix to all
stakeholders.
The latest version of the P32 is available from our database. ( ref -—
EASE -Audits - Audit Process Manual - Chapter 2.)
6.2 The Compliance Audit Test Reporting Tool, or CAT & Reporting
Tool, is an Excel spreadsheet designed to support the planning and
testing of regulatory compliance and business conformance and
recording and reporting the results. The Field Adviser uses the tool
to access the lists of Regulatory Compliance and Business Conformance
tests required, record the answers and generate the report and a
Compliance Declaration. The lead Field Advisor is responsible for
posting all reports to the branch. And email reports as per audit
report matrix to all stakeholders.
The latest version of the CAT Reporting Tool is available from our
database. ( ref - EASE -Audits - CAT Tools)
6.3 The tools are updated on a monthly basis and the expiry for the
tool and last date for submission is included in the latest Audit
Process Update email. These dates must be strictly adhered to.
6.4 The lead Field Advisor must download a copy of the P32 and the
Cat Reporting Tool direct from EASE for every activity. Local copies
should not be saved to avoid use of out dated versions.
7
POL00084801
POL00084801
6.5 The current P32 and user instructions can be accessed from our
database.
( Ref - EASE - Audits- Chapter 2.)
The current CAT Reporting Tool and user instructions can be accessed
from our database.
(Ref - EASE - Audits - CAT Tools)
6.6 The lead Field Advisor must ensure that they have read and
understood the current versions of the instructions.
6.7 To allocate a P32 or CAT reporting tool to an office, open the
latest version of the electronic Audit of Accounts (P32). Once
opened, the P32 must be saved as P32, branch code, date, name of
branch, for example, P32 023323.280509 Lenzie .xls - this will
prevent accidental overwriting of the original P32 template and also
allows future changes to be saved. Variances to the format of the
file name are covered in the relevant chapters ( ref - EASE - Audits
- Chapter 2)
The CAT reporting tool is dealt with in the same way but the file
name is preceded by CAT.
The Follow Up Audit is preceded by F.
6.8 When a date of previous audit is given on the all branches
database then it is necessary to enter the database where the
previous audit reports are held and carry forward information on gaps
from the previous audit or post transfer visit to ensure they have
been addressed. There is an area on the CAT Reporting Tool “Planning
section” where this information must go. Only audit reports from the
preceding three years need be consulted.
6.9 If the office has been subject to transfer since the last audit
activity then the gaps recorded against the previous Spmr can be
ignored. However audit gaps recorded during Post Transfer Activity
are relevant.
6.10 All findings from the P32 and Cat Reporting Tool must be
submitted via the appropriate Sharepoint Survey.
6.11 Sharepoint is an on line tool that enables results to be
reported and accessed immediately by the relevant stakeholders. The
responses to all SharePoint surveys can be collated automatically
without the P32 and CAT Reporting Tool having to be manually
analysed.
The instructions to complete a SharePoint survey are held on our
Toolkit.
(Ref - EASE - Audits- SharePoint Links/User Instructions)
6.12 As with the reporting tools it is essential that the lead Field
Advisor accesses the correct SharePoint survey links. (Ref - EASE -
Audits - SharePoint Links/Instructions)
It is also essential to read and follow the latest version of the
instructions.
POL00084801
POL00084801
Section 7 - ON SITE
7.1 Before approaching the branch the lead Field Advisor should take
the opportunity to brief the team on the approach for the visit and
clarify all roles and responsibilities.
7.2 The lead Field Advisor must send a text message to the Contracts
Advisor to inform them of the audit activity. The brief text message
must include the lead Field Advisor’s name, the office name and
branch code. This is to make the Contracts Advisor aware that there
may be calls later in the day regarding irregularities in the office.
This is designed to speed up the resolution of on site issues. If
there is no signal for a mobile at the office, no text message will
be sent, and the audit should commence as normal.
7.3 The introduction, by the lead Field Advisor, to the first person
arriving on site should be worded as follows;
“Hello my name is ... from Post Office® Network Support I’m here to
carry out an audit of your branch today - please can you tell me who
you are and what your role is here......”
7.4 If they are not the Subpostmaster then they must be advised to
contact the Subpostmaster to let them know their branch is being
audited and invite them to attend. Whether the Subpostmaster accepts
or declines to attend the branch, the branch is audited as planned.
Once the initial introduction is carried out then the lead must
introduce each member of their team.
7.5 The Subpostmaster or staff may contact the NBSC before allowing
access and this will mean that Field Advisors may have to wait
outside until their identity has been confirmed by the NBSC and they
have completed their first access procedures. (Contact with NBSC is
not mandatory; Field Advisors may be admitted on verification of
security passes)
7.6 The Subpostmaster or staff should be advised that he/she should
not access cash, stock or the Horizon system until the Field Advisors
have gained access. In these circumstances, any irregularity should
be documented and a transaction log obtained from the Horizon system
to ensure there has been no activity on the system before the Field
Advisors were allowed access.
7.7 If the Subpostmaster or staff refuses to allow entry to the
premises, explain that the Field Advisors have the right to verify
Post Office Ltd assets and that the Subpostmaster is contractually
obliged to allow the Field Advisors access to do this. If access is
denied refer to the Contracts Advisor for advice in the first
instance. It may be necessary to involve the police as a last resort.
7.8 Having gained entry to the building the lead Field Advisor must
phone NBSC to report the closure of the office for audit purposes and
arrange for the notices informing the public of the closure to be
displayed in a prominent position. The details on the poster will
include the names and addresses of alternative offices, nearest MVL
office if applicable and an estimated opening time for the office.
7.9 Each member of the Field Support team must ensure that they sign
a visitor’s book or log recording their arrival the date and time and
purpose of their visit and their departure
9
POL00084801
POL00084801
7.10 Establish facilities for Field Advisors and where bags and
personal belongings should be stored -Not getting agreement on this
could prove contentious if items are claimed to be missing from the
premises during or after the visit. Some branches have policies in
place which forbid taking handbags, personal cash, food etc into the
counter area. Field Advisers must abide by these policies. If Field
Advisors are concerned about leaving personal items in a different
area or locking them in a vehicle then they are advised not to carry
unnecessary items to audit visits.
7.11 The Field Advisors should not have unwitnessed access to cash
and stock.
Where it is not possible for the Subpostmaster to attend or the
Subpostmaster chooses not to be present, then checks must be made in
the presence of a member of staff. It is important that any checks
are not made in isolation. Both the Field Advisor and stockholder
should acknowledge the accuracy of the figures following the check.
Where a discrepancy is highlighted, the Subpostmaster/ member of
staff/or another Field Advisor should verify the findings and sign
the cash and/or stock sheet to confirm that the figures to be used as
part of the audit are correct.
7.12 The need to identify and produce all cash, stock and vouchers
This must be stressed at the outset and remind the Postmaster/staff
that this could include items kept out with the secure area. Should
the Subpostmaster/ staff present cash after the audit has commenced,
and it has been confirmed that all cash has been produced, it must be
excluded from the audit as the audit result is only based on the
verification of the financial assets presented as “on hand” at the
outset of the audit. The cash must be accepted from the
Subpostmaster “without prejudice to investigations or the current
branch trading position”, a receipt issued, and included in Post
Office Ltd funds, but not the current branch trading position.
Details of the amount should however be included in the Sharepoint
input sheet of the P32 and recorded on Sharepoint.
7.13 Obsolete stock must be discounted from the audit, the subsequent
shortage included in the current branch trading position and
explained in the audit report.
7.14 Other points for the opening discussion should include as a
minimum:
=" The nature of the audit “checking cash and selected stock
items....if necessary we may escalate to a full check if any
irregularity is found..”. The reason behind the use of laptops
and the P32.
=" The course of events, what items will be checked and in what
order.
= The need for access to the Horizon system.
=" The estimated opening time of the branch
= Other aspects of the audit; for example reconciliation of non-
value stock.
= The Compliance Audit which will require the input of the
Subpostmaster and staff.
=" The close of audit meeting and the opportunity for the
Subpostmaster to comment on any findings
10
POL00084801
POL00084801
= The opportunity for the Subpostmaster to fill out a customer
satisfaction feedback form requesting their views on how the
visit was conducted.
Section 8 - FINANCIAL ASSURANCE AUDIT (FAA)
(Tier 2 requires additional procedures details below section 10)
8.1 The Financial Assurance Audit (FAA) involves the checking and
verification of:
=" Cash (ref - Section 8.3.2)
= Cheques (ref - Section 8.3.3)
= ATM cash (ref - Appendix )
=" Currency (ref - Section 8.5)
= Post Office Savings Stamps ( to be removed, will not check
after May 2010) {Spoiled Postage labels from June 2010}
= Lottery Instant scratch cards (ref Section 8.6.1 - 8.6.5
= Self Adhesive stamps 100 x 15
=" Self Adhesive stamps 100x 2n¢4
= Self Adhesive stamps 50 x 15* Large
= Self Adhesive stamps 50 x 2'4 Large
"= MVL
=" Traveller’s cheques
All other stock items will be deemed to be assured.
SVM and Post and Go machines will be assured.
Full unused packs of MVLs may be sampled and assured
Please note All empty stocks, when audited, should have the cash
declared as zero before coming out of the stock unit.
2 Horizon Reports
8.2.1 Ascertain the number and types of stock units on the system.
8.2.2 Ask the Subpostmaster or a member of staff with manager’s
access to create a user ID for the lead Field Advisor to allow them
access to the Horizon system.
See Appendix for Instructions on Accessing the Horizon System and the
different procedure required for audits requested by investigations.
8.2.3 Obtain the previous period end branch trading statement. The
figures should not be altered by the Field Advisor in any way or made
illegible, as these may need to be produced at a later date, possibly
as evidence in a court of law.
8.2.4 The following report printouts must be obtained from the
Horizon system, examined and filed with the working papers in line
with the current retention process: See EASE - Audits - Chapter 3
for Audit Report Paths, See EASE - Audits - Chapter 9 for Retention
of Papers
e Un-reconciled/outstanding transfers report - for multi stock
branches
e Transaction log for the day of the audit (audits commencing
before opening hours - only) - this report must be produced
regardless of whether or not you feel the Horizon terminal has
been accessed prior to audit attendance
e Office snapshot
11
POL00084801
POL00084801
e Balance snapshot for each stock unit - including where the
branch operates an individual stock unit
e Foreign currency holdings
e Outstanding summaries (to verify vouchers / cards on hand):
> Giro deposits / withdrawals
>» Personal banking deposits and withdrawals (manual
transactions)
> Green Girocheques
>» Redeemed savings stamps (POSS)
e Suspense account report
e Transaction corrections outstanding
e Transaction corrections processed (this will also show
instances whereby evidence has been requested - entries will
be preceded with an ‘BE’
e Remittance summary (ins and outs) for the trading period
e Remittance by product summary (ins and outs) for the trading
period
e Reversal reports for 42 days - RV and ER; Reversal
transaction and existing reversal transaction when transaction
code as been used
e Spoiled Postage Label Report ( from June 2010)
8.2.5 Further reports required for Compliance Testing
e User summary - obtain a list of all Horizon users and take
note of their full names. This can then be checked by
accessing the ‘modify user’ screen and checking that all
entries are current and in the correct format.
e Forty-two day transaction log detailing all transactions over
£5000.00 to illustrate transactions where identification data
capture may have been required.
8.2.6. Please note: - Further reports can be obtained from the
Horizon system as required e.g. branch trading statement reprints,
stock adjustment reports, event logs and further transaction logs for
investigation purposes. The above list is not exhaustive. However
this should be seen as the minimum.
8.2.7 If the audit takes place on a Thursday, following the end of a
branch trading period, and the branch trading statement has not been
fully completed, the audit should be based on the trial balance
figure ensuring cash and stock have been declared. The final branch
trading statement can then be completed during the course of the
audit or as soon as practicable, ideally before the Field Advisors
have left the branch.
8.3 Checking Cash, Stock and Vouchers on Hand
8.3.1 For Branches with a Paystation terminal, obtain the bar code
summary report from the Paystation terminal. Count all monies
accepted in respect of transactions carried out on the terminal to
ensure that they balance to the amount detailed on the report. It is
important that the summary total is entered into the Horizon system
as soon as possible after the bar code is available for scanning. If
this is not done the agent will receive repeated reminders to do so.
Failure to comply with this requirement on a regular basis will cause
the Paystation to be suspended.
Please note: - The maximum amount of Post Office® cash that can be
held on the retail side is £250.00. The total of the bar-code summary
and monies in respect of transactions should be included in the P32.
12
POL00084801
POL00084801
8.3.2 Cash check - obtain the final cash declaration for the day
prior to the audit by reprinting the last “existing” declaration or
obtaining the report via the event log. Where the audit is carried
out later in the day and the branch has been open for business then
it will not be possible to confirm cash to a branch declaration.
However the report should still be obtained and examined for possible
inflation of cash.
8.3.3. Cheques -. Count and record cheques on hand and verify to the
Horizon snapshot or the branch trading statement if the branch
trading period has been completed. Ensure that cheques are examined
for validity and that any “personal” cheques are not on hand,
including those belonging to staff members, without the correct
annotation and a matching transaction that can be verified through
Horizon.
8.3.4 If an irregular personal cheque is found contact the Contract
Advisor team, and Security Manager. The personal cheque must be
impounded, excluded from the audit result and a “without prejudice”
receipt issued.
8.4 Vouchers- All the vouchers on hand must be checked and verified
irrespective of the day of the audit. Printouts of transactions not
yet cut-off, therefore still on hand, can be obtained by accessing
the report screen and selecting ‘summaries outstanding’. The details
of the printouts must be checked against the vouchers on hand e.g.
giro deposits and withdrawals etc.
It is also important that all vouchers on hand are checked for
validity, early encashment and fraud.
8.5 Currency - Verify all currencies on hand to the correct name on
the bureau stock snapshot. Any discrepancies must be corrected in the
Horizon bureau stock at the time of the audit. Totals from
currencies verified and those deemed assured should be documented for
later inclusion in the P32. Upon correcting the errors, the revised
sterling equivalent figure should be used in the P32.
8.6.1 Lottery - All on line lottery transactions must be accounted
for daily. Calculate any outstanding monies owed to the Post Office
and ask the Subpostmaster to make this good. If the Subpostmaster
isn’t able to do this or the lottery is not being accounted for
correctly then see irregularities.
8.6.2 Count and record lottery scratchcards and reconcile to the
Horizon snapshot and local records, if held. Scratchcards will
normally be held on the retail counter and it may be necessary to
physically count the cards outside the counter area. Any cash held
on the retail side relating to sales should be included in the cash
on hand verification.
8.6.3 The scratchcards on hand can be verified by reference to the
lottery matrix held on EASE - (Audit - Preparation/Information -
Useful Guides & Checklists) or by telephoning the NBSC 08456011022.
The Subpostmaster must be advised that any value of obsolete
scratchcards will be removed from the balance and the resultant
shortage must be made good. This should be actioned at the time of
the audit and detailed in the audit report.
13
POL00084801
POL00084801
8.6.4 Obtain the following reports from the lottery terminal and the
Subpostmaster, depending on the type of branch OLT
On line summaries
Instant summaries
Summary Inventory
Activation receipts
8.6.5 Using the summary inventory and pack status reports, confirm
and reconcile the unactivated scratchcards. It should also be
confirmed that the scratchcards on sale have all been activated. The
pack status reports identify the status of the cards held:
CONFIRM - Pack is unactivated
ACTIVE - Pack is activated
8.7 Outlet Field Support Audit Admin Duty - Whilst on site the lead
Field Advisor will receive a phone call from the Outlet Field Support
Audit Admin duty giving the figure for agent debt and the names of
the staff registered as working in the office. (In the advent of a
Tier 2 duty the Admin Duty will phone the Lead to verify Rem
figures)Any staff working in the office not registered with HR should
be reported via the Anomalies Report
8.8 There is no need to hold back and open rem bags awaiting
collection if they are due for despatch the same day as the audit.
The reference numbers from the bags must be recorded and verification
sought the following day that the bags have arrived at the Cash
Centre by phoning the Outlet Field Support Audit Admin Duty. Any
failures should be reported to the Contracts Advisor and Security
Manager for an Investigation audit to be arranged.
If rem bags have been made up in advance and are not due for despatch
on day of audit they should be opened and contents verified.
Section 9 - IRREGULARITIES
9.1 During the course of the audit the Field Advisors may find
discrepancies, transaction corrections, inappropriate items held in
suspense, business practices out with the Post Office® operating
instructions and in this situation the irregularity must be discussed
with the Contracts Advisor.
9.2 Central Accounting in Chesterfield - Problems with irregularities
involving errors in accounting, transaction corrections or entries in
the suspense account may be progressed with the help of the
appropriate contact. Please see
( ref EASE - Admin - NFS Team Contact Numbers.)
9.3 Support from Contracts Advisor - As part of the preparation for
the audit the lead Field Adviser must have available the contact
details for the Contracts Advisor and alternative Contracts Advisors
and the Security Manager to report findings, errors, discrepancies or
admissions.
9.3.1If intervention is required, or circumstances suggest that they
may be required, the Contracts Advisor should be contacted at the
earliest opportunity. This will allow discussions to take place and
any necessary decisions made whilst the lead Field Advisor is still
14
POL00084801
POL00084801
on site and will ensure that problems are dealt with quickly and
efficiently. Contact should be made via mobile phone, as this will
ensure confidentiality (use Mobex number for calls). The use of the
Subpostmaster’s telephone should be avoided.
9.3.2 The Contracts Advisor should be contacted if anything happens
during the visit that would suggest that the agent may be in breach
of their contract for example
e There is an unexplained discrepancy in excess of £1,000
(including outstanding debt as well as trading position found
during asset verification)
There are any irregular or suspicious circumstances
There is an irregular personal cheque on hand
Sales made on a “credit” basis i.e. payment outstanding
There is an admission of misuse of Post Office® Ltd funds or
fraudulent activity
e The Subpostmaster refuses to allow access to the premises or
any cash or stock items
e Cash on hand has been inflated or an amount of cash is
produced after the audit has commenced
e Lottery takings are not to hand and/or banked in personal
account
e Transaction corrections have not been actioned to the expected
timescales
e There are discrepancies found in on-site verifications
(remittances, suspense accounts etc.)
e The Subpostmaster has declared that the previous periods
discrepancy has been made good, however findings are to the
contrary
e The Subpostmaster cannot make good an audit shortage and is
unable, or unwilling, to put forward proposals
e If the lead Field Advisor has any other concerns about the
branch
This list is not meant to be exhaustive. Regardless of the
circumstances, if there is any doubt or concern about the branch
or Subpostmaster contacts the Contracts Advisor.
9.3.3 Should the Subpostmaster admit any fraudulent activity, he/she
should be advised immediately that the branch will be kept closed and
the Contracts Advisor and Security Manager contacted.
Should the Subpostmaster be suspended, there is a possibility that
the branch will remain closed and the assets defunded (ref EASE -
Audits - Closure Process - Chapter 5) for details about branch
defund, In this case, a special notice to this effect should be
displayed and NBSC should be contacted to advise them of the
situation. If the branch is to remain closed, the datestamps should
be lodged in the safe. Arrangements for the door and safe keys should
be agreed with the Contracts Advisor.
9.3.4 In cases involving suspension, the lead Field Advisor should
obtain six periods worth of branch trading statements, and keep them
with the other audit papers for retention at the central archive in
15
POL00084801
POL00084801
Maidstone. This will assist the Fraud Team should there be legal
repercussions.
Originals should be obtained, but copies (where such facilities
exist) are acceptable. Should there be no statements available, a
reprint of the last completed statement must be obtained from the
Horizon system.
If the Subpostmaster objects to their removal, it should be pointed
out that the paperwork is the property of Post Office® Ltd, and if
necessary a receipt should be issued.
9.4 Appointing a Temporary Spmr - If the Contracts Advisor decides
that the Subpostmaster is to be precautionary suspended from the
office then it may be possible to appoint a temporary Subpostmaster
in his place to ensure continuity of service.
The Contracts Advisor will commence this process with the permission
and agreement of the existing Subpostmaster. The Field Adviser must
carry a set of paperwork to carry this out under the direction of the
Temporary Subpostmaster Advisor 01622 777023
(ref EASE - Intervention - Temporary Spmr Security Checks
Section 10 - PROCEDURES FOR FINANCIAL ASSURANCE AUDIT (TIER 2)
(in addition to aforementioned Financial Assurance Audit (FAA)
procedures)
10.1 Obtain the Branch Trading Statement.
10.2 Check all cash, cheques, currency, postage, stock on hand as
required for completion of P32 (Tier 2).
10.3 Working papers specific to Tier 2 must be used from the toolkit.
(ref - EASE - Audit - Audit Process Manual - Audit Tools- Working
Papers Chapter 2)
10.4 If a Tier 2 audit has been scheduled then in addition to the
agent debt and staff names information the Outlet Field Support Audit
Admin Duty will also details of figures for rems reported in the
current trading period. If the Financial Assurance Audit (Tier 2) is
by escalation then these figures must be requested by the Field
Advisor.
Section 11 - COMPLIANCE AUDIT
11.1 Compliance audit tests (CATs) are designed to test that
regulatory compliance and business conformance procedures are
operating as intended, by checking evidence of adherence to the
approved systems.
11.2 The Field Advisor’s role in compliance auditing is to undertake
sufficient testing to be able to confirm, with reasonable assurance
that controls that should be present in a system are being deployed.
The areas tested are:
e CAT’s (Compliance Audit Tests)
e Government Services (DVLA, IPS, AEI)
e Procedural Security Inspection
.
11.3 For current tests and user instructions see CAT reporting tool
and user instructions on our Toolkit. ( ref EASE- Audits-CAT
Tools/Instructions
16
POL00084801
POL00084801
Section 12 - FOLLOW UP AUDIT
12.1 Follow up Audits are performed to provide assurance that gaps
identified at a previous Audit have been addressed.
12.2 Follow up audits will be noted on the Schedule, and the entry
will have the branch code and branch name noted.
12.3 You must access the latest Follow-Up Tool and instructions from
EASE - CAT Tools/Instructions).
12.4 On site, you will test that all actions have been addressed and
gain assurance that there is evidence to support your findings.
12.5 A cash check must be performed by the Field Advisor attending
the branch.
12.6 You will perform a closing meeting, to discuss your findings.
12.7 You will complete the relevant Follow-Up Audit Report, and post
a copy to the branch and copies should be emailed to all stakeholders
as per latest Audit Report matrix.
17
POL00084801
POL00084801
Section 13 - CLOSE OF AUDIT MEETING
13.1 Once the financial audit and compliance tests have been
completed, the audit findings will need to be discussed with the
Subpostmaster. The following guidelines should be followed:
e The closing meeting should already have been discussed and
planned with the Subpostmaster as part of the opening meeting
at the outset of the audit
e The meeting should be conducted in private whenever possible
as some of the points for discussion may be sensitive
e Recognise good working practices in the office
e The lead Field Advisor should be familiar with all the
findings of all the tests completed
e When talking through the findings it is important to discuss
them in a balanced way and be able to qualify exactly what is
meant. The reason for any actions should be made clear. It is
essential to highlight where the correct procedure is
documented and the importance of adherence to it, by
explaining the correct procedures and clarifying
understanding. The lead Field Advisor must highlight the
consequences and impact of failure to comply for the
Postmaster/staff and for the business. Failure could lead to
the loss of the Subpostmaster’s contract to provide products
and / or services, and / or financial penalties for
Subpostmaster, his staff and the business
e Following the closing meeting a customer satisfaction feedback
form should be left with the Subpostmaster at the branch - The
Postmaster should be encouraged to complete and return this
form.
Section 14 - AUDIT REPORTING
14.1 All standard audit reports are embedded within the P32, CAT
Reporting Tool or Follow-Up Audit Tool.
Please refer to the latest user instructions held on EASE.
Please refer to the current “reporting matrix” held on the
(ref - EASE - Audits - Audit Process Manual - Chapter 8)
In the event of a suspension an additional report will be required,
(ref - EASE- Audit- Audit Process Manual - Report Templates)
14.2 The lead Field Advisor must telephone the branch two days after
sending the report to confirm their understanding of the content and
highlight their responsibility for the return of the Declaration of
Compliance.
18
POL00084801
POL00084801
CROWN OFFICE APPENDIX A
(Additional information to be used at Crown Branches)
The appropriate working papers specifically for Crown offices must be
used.
e Check and verify as a minimum, 50%0f the counter stocks. If time
and resource allow then additional counter stocks can be checked
e All dormant stocks have to be checked
e Any stock held by the Branch Manager (it is advisable for the
integrity of the audit to have a back office duty confirm
whether the Branch Manager has a stock allocated to them rather
than accept the Branch Manager’s declaration)
e Stocks with cash in excess of 25k
If a discrepancy of more than £1000 is discovered, this should be
reported to the Crown Area Manager and Security Manager: There is no
need to escalate this to a Tier 2 Audit, or keep the branch closed
for longer than is necessary.
If a discrepancy of £10,000 or more is discovered, the Crown Area
Manager and the Security Manager must be notified immediately and the
Branch remains closed until a full Audit of Accounts (Tier 2) can be
completed. The branch should be re opened at the earliest opportunity
to minimise disruption to customer service.
19
POL00084801
POL00084801
FRANCHISE AND MULTIPLE BRANCHES APPENDIX
B
The all branches database will provide details of branches that are
of either a franchise or multiple branch type. The lead Field Advisor
should obtain this information at the preparation stage along with:
e The name of the multiple / franchisee
e The multiple/franchise company contact point e.g. nominee
e The name of the Contract Advisor
The financial audit process outlined in this chapter can be applied
to multiple and franchise branches with the following exceptions:
If highlighted in the Branch Performance Profile model the lead Field
Advisor will need to determine if the procedural security compliance
paper needs to be undertaken if the branch is a franchise. Some
franchise branches are self-insured and in these cases the Procedural
Security Inspection tests should not be completed. The self-insured
franchise branches can be identified from the branch details excel
spreadsheet, available from EASE. Any major security weaknesses must
be still noted, however, and commented upon in the audit report.
On arrival at the branch, the lead Field Advisor should make the
visit known to the store manager and any local entry procedures must
be adhered to. At the beginning of the audit the lead Field Advisor
must telephone the company contact e.g. nominee or post office
representative as soon as possible to advise that an audit is taking
place and to invite them to the closing meeting at the branch. The
estimated time of the closing meeting should be advised and, if the
company contact is unable to attend, it must be confirmed that they
are happy for the audit findings to be discussed with the officer in
charge on site. In this situation, the nominee or post office
representative must be contacted upon completion of the audit to
relay the findings.
Any irregularities, discrepancies, admissions etc. should be reported
to the Contract Advisor.
20
POL00084801
POL00084801
OPEN PLAN AND COMBINATION FORMATS APPENDIX C
A Combination Store is the title given to retail branches that
combine other retail business with Post Office transactions using the
same point of sale. The same person will deal with retail and Post
Office transactions, but funds and accounts will be separated.
The financial audit outlined in this chapter can be applied to open
plan and combination branches, but special care must be taken because
of the different security arrangements.
To minimise security risk to staff and funds, the following principle
applies:
e Under no circumstances should bulk cash be counted in
positions which are exposed to the public
e If the owner of the premises refuses to close to allow for the
counting of bulk cash then contact their Contracts Advisor
e All cash on hand should be counted in a secure back office
area (if available) or prior to the branch opening for
business to avoid the problem.
* Cash being moved to a secure area should not exceed the till
limit for open plan working unless the premises are closed
21
POL00084801
POL00084801
WH Smith Branch APPENDIX
D
(Additional information to be used at WH Smith Branches)
e On arrival at the branch, the lead Field Advisor should make the
visit known to the store manager and any local entry procedures
must be adhered to.
e There is no need to contact WH Smith (as we would with any other
multiple) as senior WHS Security & Investigation managers are
aware of the audit plan.
e WHS have an insurance waiver, but compliance questions relating
to Procedural Security Inspection should be asked. This is at
the request of the Head of Business Development (WH Smith).
e The closing meeting will take place with the person performing
the lead Field Advisor and the Branch Manager (or their
representative at the branch) on the day of the audit.
Process - Financial
Physical check of cash & cheques
e Counter stocks: - 2 - 3 prioritising in cash value highest while
still allowing the branch to open at the normal time
e Main Safe stock unit
e Any stock unit showing unusually high cash holdings
e Rollercash contents can be assured if branch is open.
Physical check of foreign currency
e Full bureau stock unit only
Physical check of stock
e Main stock only - verify stock items as per Financial Assurance
process (excluding MVL discs)
e Stock items in other stock units where holdings are considered
to be high
Full check on a stock unit where a large discrepancy is uncovered.
Process - Compliance
e® Questions will be directed towards the BM and ABM in the office
and as many counter staff as practically possible. If the
manager is unavailable then a representative of the manager
should be chosen.
e Unlike some self-insured multiple partners, security questions
should still be asked.
22
POL00084801
POL00084801
Contact
If there is an issue onsite, i.e. discrepancies over £1000 then there
is one main point of contact, Simon Davies (WH Smith). Any
intervention to suspend staff will be actioned by either Simon or
passed onto an appropriate WH Smith manager to deal with. One phone
call from the lead Field Advisor will be sufficient. If Simon is
unavailable at the time then either of the other 2 names below can be
contacted.
Simon Davies -
Or
Steve Hall
John Hey —
23
POL00084801
POL00084801
CORE & OUTREACH BRANCHES
APPENDIX E
(Additional information required at Core & Outreach branches)
This is a new concept to supply small community and rural areas with
a counter service. A Core branch will operate one of a range of
outreach options offering a variety of transactions.
There are four types of outreach branches:
. Partnership
- Hosted
. Mobile
. Home Service
BWNE
The attachments on Ease at Chapter 3 contain all the relevant
information you require.
24
POL00084801
POL00084801
POST OFFICE ESSENTIALS
APPENDIX F
Post Office essentials - Retailer Cash Funded - Audit Process
Post Office essential offices can all be identified by the second set
of three digits in their Branch code which will be --- 458
Normal audit procedures apply throughout the audit but if a
discrepancy is found further information is required as the Operator
provides their own cash to run the Post Office
Discrepancy over £1000
Contact Ann Wilde at Chesterfield, Current Agents Debt, Postline:
i STD Phone: { GRO I
Anne will be able to confirm whether the Operator is owed money by
the Post Office or owes money to the Post Office in settlement of
money that they have loaned to operate the office.
When this has been confirmed please contact the Contracts Manager and
inform them of the situation. They will make the decision to suspend
if appropriate.
Defund of Post Office essential
If, as a result of the call to Agents Debt, the money in the office
is due to the Post Office, and needs to be returned it will need to
be accounted for as follows:
Loan Withdrawn from PO - on Horizon
Send cash by Special Delivery to:
Ann Wilde
Agents Debt
Post Office Ltd -Finance
Second Floor West Wing,
1 Future Walk
West Bars
Chesterfield $49 1PF
25
POL00084801
POL00084801
ATMs APPENDIX G
There are 5 different ATM types on site at branches.
The different types of machines in the network are:
e PO maintained - this machine holds between £50k- £250k and is
funded by a remittance received at the branch. The
transactions are reported through the branch trading statement
e Fully Serviced - this machine type is totally maintained by
Securicor
e Self-fill: Retail cash - this machine is funded from private
cash and under no circumstances must Post Office funds be
utilised. This is considered misuse of funds and should be
reported to the Contracts Advisor
e Self-fill: PO cash - this machines hold £1k - £3k and are
funded from PO funds
e Self -fill surcharge - this machine holds a maximum of £2k,
funded by PO funds. Funds must be only PO, i.e. NOT £1000
retail, £1000 PO. NB: All funds must be removed and secured
in approved safe overnight.
There are consequently only 3 machine types that would need to be
verified as part of the audit process. Although it is not possible
to open any of the ATMs whilst the branch is open for business (if
access is not via the secure area), consideration should be given to
checking the contents of the ATMs before the branch is allowed to
open. If the branch (or the retail side) is already open for
business when the audit commences then they should be closed for a
short period whilst the ATM contents are checked.
If, however, it is not possible to perform a physical check of the
ATM during the audit then sufficient reports should be obtained from
the ATM to provide assurance that funds are on hand within the ATM.
This should be subsequently fully documented in the audit report, and
reported to the Contracts Advisor at the time of the audit.
The obtaining of ATM reports should not be considered a replacement
for physically checking the actual contents of the machine. It
should be used as a temporary measure to carry on with the audit
until such time (during a quieter period of the day as mentioned
above) when the branch can be closed for a short period to perform
the physical verification.
In extreme circumstances when the ATM is unable to be accessed, 4
weeks entries for ATM withdrawals should be checked to ascertain
whether or not stated holdings are reasonable. All instances whereby
the ATM cannot be accessed must be reported to the Contracts
Advisors.
26
POL00084801
POL00084801
ACCESS TO THE HORIZON SYSTEM APPENDIX H
It will be necessary as part of an audit to gain access to the
Horizon system at the branch being audited. There will also be times
when different levels of access will be required and the following
should be adopted:
Standard Audits
Field Advisors can be added to the system as a user in order to print
the necessary reports or the reports can be requested from, and
produced by, the Subpostmaster. Where the Subpostmaster supplies the
reports, a Field Advisor should remain in attendance whilst the
reports are produced. If the audit subsequently identifies a
financial irregularity a ZAUD99* one-shot password (OSP) should be
obtained for further use of the system. Any extra users can then be
added to the system, if required, from the ZAUD99 user ID.
Audits at the request of the Investigation Team
It is important at these audit types that we do not jeopardise future
court cases or prosecutions by ensuring we have followed proper
access procedures to the Horizon system. A ZAUD99* (OSP) should
therefore be obtained for access to the system and this to be
obtained on site in the secure area. Once logged on as ZAUD99 user
it can then be used to create other users on the system in order to
later assist with the production of transaction/event logs.
*If the audit is a contract and service concern or investigation
request then the ZAUD99 level of access will be required. The NBSC
must be contacted as soon as possible after the start the audit to
commence the process for obtaining this type of access. As
previously stated, do not attempt to log on to or gain access to the
Horizon system until this one-shot password has been obtained. Any
delays or problems in obtaining a one-shot password must be reported
to the Field Team Leader.
Please note: - If users have been added to the system during the
course of an audit remember to delete them from the system at the
conclusion of the audit before leaving the branch.
If the branch has migrated to HOL, you will need to refer to the HOL
report printing guide Jan 10 version 1 on Chapter 3
27
9 Microsoft Excel - Paths for printouts ¥3.xIs
POL00084801
POL00084801
Sinaas
2] Office snapchot [Bscktop I b [FS Office Balancing I » [Fi Office snapshot TTF 4 Print, J
W[Wiew Stock Unies [iccktop [ ) [Fi Administration [> [Fi Stach Units LO TFa view Stock Unies Lo [wiew in ont ]
T[Ourstanding summaries [Desktop I [Fa Stock balancing I » [Fie Summaries [? [Print summaries For all listed I > [F4 Print ]
“SUzer cummar [Desktop I > [F2 Reporte Lo Tri event tog L? [Fa Ucer cummar, LO TFS Print ]
til Remittonce tn [Desktop T > [F2 Reports [> [Fe Office dail [> [Fs Rema in (daily) TOT Fs Print J
2] Remittance Out [Beck [PT F2 Reporte [> TF 2 Office dail [TFS Rame out (daily) [OT Fa Print ]
I
BS] Revercal reports [Desktop T > [F2 Reporte Le? [FS Trancsction log Lo Tri Meds LO TER repeat for RV > [Fie continue
[p]Fiersrepen
13] Event log [if required by investigations)
Desktop I >I F2 Reports » [Fr event Log
> Trt alt events
>I F2Bstoncing
» [Enter dates From and
investigations eg. noe
I Gelso saasimente
[Becktop [> [F2 Reports [o[ratrencsctionieg
Lo TFimede
[+ [toch sdjuctmante (+) & repent for ctoch adjuctmante (-)
[+ TFi€ continue
Branch Audit Report & v1.5.doc - Microsoft WordI
I pronch A JSMicroso.. Rays Audio. [
28
cf