POL00085286
POL00085286
IN CONFIDENCE
Post Office Ltd
Network Support Team Policy/Process
Title Audit Process Manual Volume 4
Subject Chapter 01 — Audit Plan & Scheduling
Version Control 9.0
Purpose Outline responsibilities for planning and scheduling,
including the process followed by the Network Support
Admin Team Leader for scheduling audit activity
Audience Network Field Support Team
Next Review date January 2012
Stakeholders
Stakeholders Name Responsibility
Sue Richardson Network Support Project & Standards Mgr: Delivery of
audit targets
Shaun Turner Network Coordination Advisor: Branch Performance
Profile
Sue Richardson Network Field Support Project Mgr: Reporting
Responsibilities in change
Role Job Title(s) Date
Author Lee Heil 10/02/11
Network Support Admin Team Leader
Assurance Network Support Project & Standards 10/02/11
Manager
Authorised Network Support Project & Standards
Manager
Communication Field Support Change Advisor
Version control
Version Reason for issue Section Date
No. No.
Version 1.0 I Original version 03-03-02
Version 2.0 I Updated version following annual review April 2003
Version 2.1 I Changes from feedback from Lead Team Feb 2004
Version 2.2 I Changes from feedback from Lead Team Feb 2004
Version 2.3 I Amendments to reflect changes in roles April 2004
Version 2.4 I Sections 2.1, 2.2 and 2.3 amended to May 2004
reflect current instructions. Section 2.6
amended, following input from audit
managers. Reference to declaration of
interests made in Section 2.5
Version 2.5 I Section 2.4 updated to reflect new risk July 2004
models ALARM and CARM
Version 3.0 I Annual review, including reflection of new Jan 2005
analytical process
Chapter 01 Audit Plan Scheduling v9.doc -1-
POL00085286
POL00085286
IN CONFIDENCE
Version 3.1 I Amendments made following comments at Jan 2005
WTLL Leadership meeting on 18 January
2005.
Version 3.2 I Updated to reflect new roles and job titles Mar 2005
Version 4.0 I Annual Review Mar 2006
Version 5.0 I Annual Review Aug 2007
Version 5.1 I Amended to reflect changes in ownership Feb 2008
of audit planning from 2008/9 Audit Plan
onwards, the move to centralised
scheduling (from Jan 2008) and the
outcome of the new Transfer Process pilot.
Version 5.2 I Section 4.3 added at the request of Alvin Feb 2008
West (NCAM)
Version 6.0 I Updated Section 4.2 only April 2008
Version 6.1 I Font changed to ChevinLight 14 Sept 2008
Version 7.0 I Annual Review All July 2009
Version 8.0 I Annual Review All Jan 2010
Version 9.0 I Annual Review ALL Jan 2011
Index
1 Responsibilities of Network Support Project & 3
Standards Mgr.
2 Responsibilities of Network Performance Data 3
Analyst
3 Responsibilities of Network Support Team Leader 4
4 Auditors Responsibilities 7
Chapter 01 Audit Plan Scheduling v9.doc -2-
POL00085286
POL00085286
IN CONFIDENCE
SECTION 1 —- RESPONSIBILITIES OF NETWORK SUPPORT PROJECT &
STANDARDS MANAGER
1.1 Prepare the Annual Audit Plan in conjunction with, and approval of,
the General Manager Network, designed to meet current risks, deliver
stakeholder requirements, based on resource capacity, and present to
the Risk & Compliance Committee for endorsement. Document to be
ready for deployment before the beginning of the financial year.
1.2 Calendarise the annual audit plan into period targets, paying particular
attention to those periods containing five weeks as opposed to four,
ensuring an even spread of weekly activity.
1.3 Review delivery of the plan on a periodic basis with the Network Support Admin
Team Leader; ensure flexibility in changing plans during the year.
1.4 Ensure that pure random selection methods are used to identify those branches
that need to be audited on a random sample basis.
SECTION 2 —- RESPONSIBILITIES OF NETWORK PERFORMANCE DATA ANALYST
2.1 Manage production of the Financial Branch Performance Profile, being a ranked
list of all branches in the network (together with relevant planning information), in
respect of identified financial and compliance/conformance risks.
2.2 The Financial Branch Performance Profile measures branch performance by
scoring them against the following areas
Declared vs Predicted ONCH figures
Declared vs Generated ONCH figures
Cash Rises at Branch Trading period end
Annual cash tracker
Foreign Overnight Cash Holdings
Calls from P & BA to request branch clear cheques on hand figures
Other Postage Holdings
Known current branch debt
Camelot Scratchcard holdings
2.3 Each branch is scored against the each of those areas on a range of 0 to 10,
where a higher score represents poorer performance/higher risk. The branch is
then given an aggregated score across all the measures and this then gives the
branch an overall score and ranking.
2.4 The Financial Branch Performance Profile (FBPP) will be produced by the
Network Performance Data Analyst.
2.5 Provide a measure of data assurance on the FBPP before issuing it.
Chapter 01 Audit Plan Scheduling v9.doc -3-
POL00085286
POL00085286
IN CONFIDENCE
2.6 Issue the latest Financial Branch Performance Profile on a monthly cycle. A new
FBPP should be provided to the Network Support Team Leader every period,
during the third week after period end.
2.7. Ensure that the indicators used in the Branch Performance Profile are periodically
reviewed, to ensure that key risks are covered, and that new data streams are
considered. This will be done (at least) quarterly and changes will be
communicated to all recipients
2.8 Provide details of suitable branches to the Network Support Admin Team Leader
to deal with specific themes or to test the value of new risk indicators
SECTION 3 - NETWORK SUPPORT ADMIN TEAM LEADER RESPONSIBILITIES
3.1 Prepare weekly audit schedules, designed to meet the period target in order to
achieve the annual audit plan, identifying sufficient resource from the field team.
Using the Financial Branch Performance Profile as the basis for the weekly plan,
those branches displaying higher risk scores should be given priority over
branches with lower risk scores.
The priority order for audit activity is given below:
e Transfers/Closures (type 5/10/15/30/35 )
Robberies/Burglaries (type 20/25)
Special requests (type 200)
Risk driven audits from the FBPP (type 100)
Follow up activity (type 550)
Random audits (type 150)
Compliance audits (type 400/500)
3.2. If insufficient resource is available from the field team or any other circumstance
arises that endangers achievement of the audit plan, and there is little scope for
catching up at a later date, the matter should be discussed with the Network
Support Project & Standards Manager.
3.4. Schedule robbery and burglary audits as required, on the day of the incident,
where possible. In the first instance, Field Advisors who have no other activity on
the NFS schedule should be used as resource for these incidents, as in most
cases this will provide a speedier response. Alternatively an audit or other
activity may need to be curtailed in order to attend. If an incident is reported in
the afternoon, consideration should be given to arranging attendance for the
following day.
3.5 All special audit requests should be sent via the relevant NSA HoBD area inbox
where it will be picked up by the Network Intervention team in Maidstone who will
record on SharePoint and advise by email to the Network Support Admin that an
audit is required.
Chapter 01 Audit Plan Scheduling v9.doc -4-
POL00085286
POL00085286
IN CONFIDENCE
3.6 Branches that have been audited and the Field Support Advisor has returned a
compliance SharePoint entry detailing that a follow up is required form the basis of
type 550 follow up activity. Branches highlighted should have a follow up visit
planned within three to 6 months of the original audit.
3.7 Random audits are a selected subset of branches which are chosen at the outset
of the financial year and should be planned for audit over the course of the year.
The branches are selected by Network Support Admin Team Leader using pure
random selection and are used to provide a baseline measure of risk in the
network (which also helps to test the effectiveness of the Financial Branch
Performance Profile at identifying risk).
3.8 The following should be considered when scheduling:
Annual leave commitments
Current excess flexible hours
Declaration of interests, detailing any auditor’s conflict of interests with the
branches due to be audited
Balance of leading audits and assisting at audits
Sufficient administrative time to be allocated to ensure that all reports are
submitted within 5 working days of the audit and all P32s are sent to the P32 File
by no later than noon on the Monday after period in which the branch was
audited
e Where possible, lead auditors are not the same person who led the last audit of
the branch
e Attendance by a Team Leader to be focused on Crowns or high risk branches
likely to lead to a suspension (e.g. investigation audits or specially requested
audits)
e Audit plans from our business partners (e.g. Bank of Ireland) should also be
taken into consideration to ensure there is no clash of activity.
3.9 There is no precise formula for determining appropriate resource levels for audit
activity, and different types of activity may require fewer auditors than others.
There are also regional differences; for example Scottish law requires financial
irregularities to be witnessed by a second person, irrespective of the size of the
branch. As a general rule, the following attached spreadsheet gives approximate
recommended resource levels for risk based financial auditing (audit types 100,
150 and 200), for all currently open branches in the network (as at 24/06/09).
Resource levels stated are based around BTH’s, number of stock units and
counter positions. Several branches are at this present time unable to be
accurately assessed for resource and show #N/A. If selected for audit, these
branches should be resourced using other known factors.
%)
C:\Documents and
Settings\lee. heil\My C
For transfers, closures, robberies and burglaries, resource levels should follow the
above table, but branches requiring 3 or more auditors should have the resource
reduced to a maximum of 3. Compliance audits and follow up visits should only
ever be conducted by one auditor.
Chapter 01 Audit Plan Scheduling v9.doc -5-
eeceeeee
3.10
3.11
POL00085286
POL00085286
IN CONFIDENCE
Various other factors may influence actual resource, so the table above should not
be considered definitive. Factors include:
Cash holdings (i.e. amount of cash likely to be presented to the auditor to count
before the branch can open), or presence of an ATM
Additional cash holdings e.g. due to bank holiday funding etc.
Previous audit history indicates a well organised office
The ability to perform a second audit on the same day (if required)
Accommodation for auditors at the branch
Branch format e.g. combi-store
Possible late finish which may impact on following days activity
Any other known factors
Prepare period returns of actual audits undertaken for submission to the Network
Support Project & Standards Manager. These to show progress towards audit
targets for both period end and cumulatively.
Weekly reports should be compiled on a Friday or Monday for submission to the
Network Support Project & Standards Manager. The report should contain
details of actual activity that took place in the week just ended together with
cancellations (and reason for cancellation) and a summary of planned activity for
the following week. Pivot tables need to be inserted showing the number of
audits taking place against audit type for both planned and actual activity. See
attached example:
cl
S:\Network Support
‘Admin\Audit\MI Repo
3.12
A plan of activity for the week ahead should also be forwarded to the Contracts
Advisors and to the Network Support Projects & Standards Manager
Chapter 01 Audit Plan Scheduling v9.doc -6-
POL00085286
POL00085286
IN CONFIDENCE
SECTION 4 — AUDITORS’ RESPONSIBILITIES
41
42
4.3
44
To perform the audit activity as designated by the Network Support Admin Team.
Designated lead auditors from the field team must ensure that their line manager
and Network Support Admin Team is aware of any circumstance that either
prevents or is likely to prevent an audit taking place, which may require it to be
rescheduled for a later time. Such communication must be made as soon as
practicable. Circumstances may include:
Sickness
Car breakdown
Weather
Travel disruption (strike action/accidents etc.)
Consideration may be given to redirect a team to a nearby alternative branch, or
to perform other (intervention) activity so that costs already incurred are not
wasted.
Audits identifying shortages or other circumstances which involve the Contracts
Advisor, and result in a suspension must be notified to the Network Support
Team Leader so that the additional activity can be properly accredited.
Post Transfer Visits which occasion a full compliance audit may be conducted by
either a Field Team Leader. The scheduling of these falls to Network Support
Scheduling & Admin Team.
Chapter 01 Audit Plan Scheduling v9.doc -7T-