POL00088893
POL00088893
POSTMASTER SUPPORT
POLICIES
Network Monitoring and Audit
Support Policy
Version —- V1.5
Post Office is determined to reset its relationship with postmasters and has introduced policies that set out
guidelines on how Post Office should support postmasters, specifically for use across twelve areas.
The policies stand on their own but should be reviewed in conjunction with each other. Support teams should
have an awareness of all twelve policies and how they link together.
The twelve Postmaster Support Policies are listed in section 3.2 of this policy and can be found on the hub, here.
INTERNAL Page 1 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
®
1. DEFINITIONS sees o sinsess se ncwisisee sivas otinseisia Santon oiduish evineass oe dessiib on cits xiiviusiso steisuites acs 4
1.1, DO@RMICIOMS ceswns s<aeneis ssasunns stcnstenn aa seamen se cawnuisaenuanvensacennses caseniona senna saceunane tanuninn saene 4
2. Overview
2.1. Introduction by the Policy Owner
2.2. Purpose
2.3. Core Principles
2.4. Application...
2cBi THE RISK s<avsscecsswacnsesowesseseanuvcescnneennssvedissessuiiicasssnvene ne voudansevsuisessucsesabseeeuan seus 7
3. Risk Appetite and Minimum Control Standards .........:scececssseeeeeeeeseneeeseeneeeeenneees 9
3.1. RiSk APPetite...........ccccccccccceceeeeeee ese eeeeeeeeeeeeeeeeeeeeeeeeee ssa AAA HEE EEEE EERE EEAeeHAAaaeeH Eee 9
3.2. Policy Framework ......ssscccccersccecerseenecssenvecseesveessocecesneensecseauneescespoessecseesnooeeas 9
3.3. Who must comply? ..
3.4. Roles and Responsibilities
3.5. Minimum Control Standards wsce.scscssvessssanveescnnieses ceases sa seadwesssnanesssaneaenascnsieseas 12
4. Procedures
4.1 Network Monitoring
4.2 Non-Suspension Monitoring
4.3 Scheduling supportive visits and audits
4.4 Carrying OUt an AUit ...... ec cceeceetseeeeeeeeeeneeeenaeeeeeeeeeeenaeeeeeeeeeeeeneeeeeneeeennee 16
4.5 Contract Advisor INVOIVEMEN........ssscssseesereeenseeessseeesseeessneesssneessnneeeneeeens 17
466 CIOSUPE AUCIRS sisaes ss sanins 06 cnninws 04 avean v4 anes ss cnetone 65 cawame 66 oxets 04 aniieen ca muNmN d bawstins 566 17
4.7 Post Security Incident Audits ........:.ccscsessecsssesscssscensesssssusesssnsessescvssssnssseenses 18
4.8 Reference Materials .........0. ccc eee eee teeee rere 18
4.9 Quality ASSUTANCE ......ceeeseeeeeeeeeeeeeeeeeeeeeeeeeeeeseaeeeeeseeeeeeeeeeeeeeesseaaeeeeeneneeeere® 18
B10. REPO 05 csvinicss cosines ncuiesess s sismat os asinwiloa se ealnein 0 veiinito 4 Vissi gs Hilsion’ oy NOWBIIS Gu ilehIo one 19
5S. Where to go for help .....cccecccccsseeeeeeeeeeeeee cece cece eee e eee e een EEE EEE EE EEE EEE EAs E HAA E EAE EE EERE EEE
5.1 Additional Policies
5.2 How to Raise a Concern
5.3. Who to contact for more information
6. GOVEMMANCE «2. cesses sscevseesscevssres sunsnsasceesee sn censnesssuvivaseceasnescevenees cassenaccumens seesssny see 21
6.1 Governance Responsibilities ..........cccccecceeeseeesseeeeeeeseeeeeeeeeeeeeeesseeasaaneneeseeere® 21
7. CONEIOL ....csscsssensssersereenssrenssstennserensseenesssenessesrssesnessesnseseransserenseerasesennees 22
FL, (POMCY VEPSION o winiccn ss saiinsn ee sittnsn oa eitiiatn an cisnisa os saieisna » aKiasin bu ssuisifm a bluicde at ntaisita a basintasee 22
INTERNAL Page 2 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
ZZ ‘POliSY APPFOVA tras ss qrmntis ss rans 1s dnmorts 5 qemattes « dameie x areata 64 aati se va dae su eB 8 23
COMPANY DEtallS sce ss acces ss semicme cs ammeee os ammo as amu cs aomemn o2 ammo meUERE as MERE ev ammo o amu a 23
INTERNAL Page 3 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
1. Definitions
1.1. Definitions
1. Audit Rationale Document (ARD) - this document sets out the rationale behind
10.
a decision to audit, along with relevant supporting data, and is provided to a
postmaster to explain the reason behind the audit
Audit Reporting Tool (ART) - This is a data capture form used to record the
difference between the actual volume and value of cash, stock and currency in
branch and the volumes and values as shown on Horizon.
Announced Audit- This is a comprehensive assessment of the current trading
position of a Post Office’ branch, and includes the verification of reported levels of
cash, foreign currency (if applicable), stock items and vouchers as well as a
compliance review, to check if mandatory business conformance and regulatory
compliance controls are operating as intended.
Closing Script - This is a script for the Lead Audit and Support Advisor to follow
to ensure the main points are communicated and feedback obtained at the end of
the audit.
Discrepancy - Any difference between (i) the actual cash and stock position of a
branch and (ii) the cash and stock position shown on Horizon as derived from
transactions input by branch staff into the branch's terminals.
Established Gain - An event that causes a positive Discrepancy (i.e. the situation
where the branch has more cash and/or stock than the derived figures for cash
and/or stock on Horizon), which has been investigated by Post Office, or agreed by
the postmaster, and found to be a genuine gain to Post Office.
Established Loss - An event that causes a negative Discrepancy (i.e. the situation
where the branch has less cash and/or stock than the derived figures for cash
and/or stock on Horizon), which has been investigated by Post Office, or agreed by
the postmaster, and found to be a genuine loss to Post Office.
Local Post Office Agreement - These agreements are used in respect of
branches that offer a reduced product set compared to branches governed by a
Mains Post Office Agreement. If you are unclear whether an agreement is a Local
Post Office Agreement, please consult a Contract Advisor.
Main Post Office Agreement - These agreements are used in respect of branches
that offer all core products and services. If you are unclear whether an agreement
is a Main Post Office Agreement, please consult a Contract Advisor.
Reason for Audit Script - This is a script for the Lead Audit and Support Advisor
to follow to ensure the main points are communicated and the postmaster or person
in charge is clear on how the audit will be performed.
‘In this policy, “Post Office” means Post Office Limited.
INTERNAL Page 4 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
11.“Review or Dispute” - This is the option on Horizon which moves a Discrepancy
into the postmaster’s centralised holding account at the end of the Trading Period
or at the end of a financial audit.
12. SPEAR Visit - The aim is to Support, Prevent, Educate, Assure and Resolve any
outstanding issues related to branch accounting. This is a supportive, face to face
visit that is conducted if the Network Monitoring team and the postmaster both
agree that it would be beneficial to encourage accurate accounting in branch.
13.SPSO Agreement —- the Subpostmasters Contract, Community Subpostmasters
Contract, Modified Subpostmasters Contract and the Company Operated Post Office
Contract.
14,Unannounced Audit - The content of an Unnanounced Audit is the same as for
an Announced Audit, but without notifying the postmaster in advance.
Unannounced Audits will be carried out where Post Office cannot determine the
accuracy and integrity of the cash and stock in a branch remotely or through an
announced visit.
INTERNAL Page 5 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
2. Overview
2.1. Introduction by the Policy Owner
The Service and Support Optimisation Director has overall accountability to the Board of
Directors for the design and implementation of controls and to manage risk, assure levels
of cash and stock and reduce discrepancies and losses in the network?. Risk in the network
is an agenda item for the Audit and Risk Committee and the Post Office board is updated
as required.
This policy is a non-contractual document provided for information. It does not form part
of the contract between postmasters? and Post Office.
2.2. Purpose
This Policy has been established to set the minimum operating standards relating to the
management of network monitoring and audit support throughout the Post Office network.
Network monitoring and audit support activity helps to ensure the accuracy of branch
accounting records, relating to cash and stock. It also helps to assure that the integrity of
cash and stock in the Post Office network is maintained. Network monitoring is in place to
identify branches where the integrity and accuracy of cash and stock, for that branch,
could be at risk. This monitoring can then lead to a number of intervention activities
(including audit support) which are designed to identify the risks and help the branch
resolve any associated issues.
This policy explains how branches will be supported with any potential issues identified
through network monitoring and how Post Office will help those branches maintain
accurate records of cash and stock through their branch accounting. Monitoring branch
compliance with accounting processes helps to identify any issues earlier and makes
investigating the root cause of any issues easier for both branches and Post Office.
It is one of a set of policies which provide a clear risk and governance framework and
facilitate an effective system of internal controls for the management of risk across Post
Office. Compliance with these policies is essential to Post Office in meeting its business
objectives and to balance the needs of postmasters, customers, clients, and other
stakeholders including our shareholder.
2.3. Core Principles
Under agreements between postmasters and Post Office, postmasters provide products
and services to customers on behalf of Post Office. The cash and stock used to effect those
transactions is owned and funded by Post Office, unless the branch is self-funded.
2 In this policy, “network” means branches not directly managed by Post Office
2 In this policy, “postmaster” refers to the person or entity (which may be a company, sole trader or partnership)
contracted with Post Office and any person acting on the postmaster’s behalf (as applicable).
INTERNAL Page 6 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
Post Office has an obligation to its customers and clients to ensure that all branches are
providing a quality of service and adhering to agreed standards. Post Office is committed
to supporting its postmasters in this process.
e Branch activity is monitored, particularly in relation to accounting of cash and stock,
and data insights will be used to identify branches that are experiencing issues and
to identify potential risks to the cash and stock in a branch.
e Support is offered to branches identified through network monitoring to help
resolve any issues related to branch accounting and mitigate risk in the branch.
Wherever possible, this support will be offered remotely in order to minimise
disruption to the operation of a branch. If on-site support is requested by the
postmaster, this request will be addressed by the Training and Onboarding team.
« Where Post Office cannot determine whether the branch’s cash and stock records
are accurate, audit support will physically attend a branch to carry out a full count
of cash and stock assets. Post Office will provide support to the postmaster when
carrying out the audit.
The guidelines will ensure these practices are carried out in good faith and apply principles
of fairness, transparency, and professionalism (being the underpinning behaviours of Post
Office).
2.4. Application
This Policy is applicable to all postmaster contracts? in the network.
2.5. The Risk
There are a number of risks that the Network Monitoring and Support team help mitigate.
Discrepancies in cash and stock in the network can cause difficulties for postmasters and
customers. Issues identified through network monitoring and/or audit support may
indicate that local branch accounting systems and processes are not robust, although it is
recognised that there may be other reasons for discrepancies, including Post Office’s
accounting system. Some Discrepancies, once investigated, or agreed by the postmaster,
may become Established Losses or Established Gains.
Post Office can recover losses from a postmaster when such losses are caused through
negligence, carelessness or error of the postmaster and Post Office has carried out a
reasonable and fair investigation, as set out in the Postmaster Accounting Dispute
Resolution policy’, as to the cause and reason for the loss and whether it was properly
attributed to the postmaster. Postmasters are also responsible for losses caused by the
negligence, carelessness or error of assistants. Network monitoring by the Network
Monitoring and Support team and the activities carried out by the audit support team are
considered to form part of these investigations.
“In this policy, “postmaster contract” means contracts which relate to those branches not directly managed by
Post Office
5 The Postmaster Accounting Dispute Resolution policy can be found on the hub, here.
INTERNAL Page 7 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
The risks in this area include:
e If network monitoring is not carried out, Post Office may not have visibility of the
accuracy of a branch’s cash and stock records.
e If exceptions are not identified, Post Office may not be able to offer sufficient and
timely support to postmasters in the effective running of their branches.
e If exceptions are not investigated at the point of discovery, Post Office may not
be justified in contacting the postmaster.
e If exceptions are not investigated at the point of discovery, this could cause
irrecoverable balances through Discrepancies and potentially erroneous or
fraudulent transactions not being investigated.
«If identified cash and stock accounting issues are not shared with support teams,
(for example: early warning signs of a branch running into difficulty), additional
support mechanisms may not be put in place promptly.
e If excess levels of cash and stock build up in the network, this may pose a
security risk to individual branches and a funding risk to the business of Post
Office.
e If branches do not complete their daily cash declarations, there is a risk that they
will not identify discrepancies in a timely manner, and they will not be sent the
optimum amount of cash to enable the effective running of their branch.
e If branches do not complete their monthly branch trading statement, neither Post
Office nor the postmaster have visibility of trading position of the branch.
e Non-adherence to the policy could result in financial loss, legal and regulatory
risk, detriment to postmasters and reputational damage to Post Office.
Section 3.5 sets out the minimum control standards that the Post Office has implemented
to control these risks.
INTERNAL Page 8 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
3. Risk Appetite and Minimum Control
Standards
3.1. Risk Appetite
Risk appetite is the extent to which the Post Office will accept that a risk might happen in
pursuit of day-to-day business transactions. It therefore defines the boundaries of activity
and levels of exposure that Post Office is willing and able to tolerate.
Post Office takes its legal and regulatory responsibilities seriously and consequently has:
e Averse risk appetite to corporate non-compliance with legal and statutory
obligations.
e Averse risk appetite for financial crime to occur within any part of the
organisation.
« Averse risk appetite in relation to unethical behaviour by Post Office staff.
e Averse risk appetite to litigation.
e Cautious risk appetite for inefficient or ineffective processes that result in: lost
time, duplicated effort, and increased risk of financial loss or errors in any part of
its business or core processes.
The Post Office acknowledges, however, that in certain scenarios, even after extensive
controls have been implemented, a process may still sit outside the agreed Risk Appetite.
In this situation, a risk exception waiver will be required pursuant to the Exemption Process
details of which can be found here.
3.2. Policy Framework
This policy is part of a framework of postmaster support policies that has been established
to set the minimum operating standards relating to the management of our postmaster
contract risks throughout the business in line with Post Office’s risk appetite. The
framework includes the following policies:
e Postmaster Onboarding
« Postmaster Training
e Postmaster Complaint Handling
e Network Monitoring and Audit Support (this policy)
* Network Cash and Stock Management
* Network Transaction Corrections
e Postmaster Account Support
INTERNAL Page 9 of 23 Network Monitoring and Audit Support
Policy V1.5
3.3
POL00088893
POL00088893
Postmaster Accounting Dispute Resolution
Postmaster Contract Performance
Postmaster Contract Suspension
Postmaster Contract Termination
Postmaster Termination Decision Review
. Who must comply?
Compliance with this Policy is mandatory for all Post Office employees® who perform
network monitoring and audit activities.
Where non-compliance with this policy by Post Office employees is identified by Post Office,
Post Office will carry out an investigation. Where it is identified that an instance of non-
compliance is caused through wilful disregard or negligence, this this will be investigated
in accordance with the Group Investigations Policy.
3.4
. Roles and Responsibilities
Service and Support Optimisation Director - is the policy owner, who must
comply with the governance responsiblities set out at section 6.1.
Senior Manager, Network Monitoring and Support - is accountable for the
deployment of this policy and the support of the team that manages network
monitoring and audit support. This role is also responsible for regularly reviewing
the effectiveness of this policy and for drafting any amendments that may be
required.
Network Monitoring Team Manager - will lead a team of Network Monitoring
Analysts in identifying branches with potential accounting issues using a risk based
data model.
Network Monitoring Analysts - will carry out desk-based investigations into
branch accounts using branch data to identify potential accounting issues. They
will work with postmasters to review any identified issues, explain potential areas
of concern, and agree with the postmaster solutions to any issues found ways to
remedy the situation.
Area Audit and Support Managers - will lead a team of Audit and Support
Advisors in planning for and deploying audit support activity, including making
phone calls and visiting Post Office branches in accordance with the standards set
out in this policy. Area Audit and Support Managers are responsible for the quality
assurance of these activities.
Audit and Support Advisors - will plan for and deploy audit support activity.
During the audit they will verify of assets in a Post Office branch and produce a
© In this Policy “employee” means permanent staff, temporary including agency staff, contractors, consultants
and anyone else working for or on behalf of Post Office and, for clarity, does not include postmasters or
postmasters’ staff.
INTERNAL Page 10 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
factual, detailed and accurate account of the audit (including areas identified for
improvement) to provide to the postmaster.
e Casework Support - this is the team that are responsible for scheduling visits
and audits to branches, updating the Audit and Support Advisors on their schedule
and providing points of contact. All cases are administered on MS Dynamics 365.
INTERNAL Page 11 of 23 Network Monitoring and Audit Support
Policy V1.5
3.5. Minimum Control Standards
POL00088893
POL00088893
A minimum control standard is an activity which must be in place in order to manage the risks, so they remain within the defined Risk
Appetite statements (as set out at section 3.1). There must be mechanisms in place within each business unit to demonstrate
compliance. The minimum control standards can cover a range of control types, i.e. directive, detective, corrective and preventive which
are required to ensure risks are managed to an acceptable level and within the defined Risk Appetite.
The table below sets out the relationships between identified risks and the required minimum control standards in consideration of Post
Office’s Risk Appetite.
Risk Area Description of Risk Minimum Control Standards Who is When
responsible
Network If network monitoring is not «The risk model that sits behind the Senior Manager, Daily
Monitoring carried out, Post Office may Network Monitoring report is updated Network Monitoring
not have visibility of the regularly. and Support
accuracy of a branch’s cash
and stock records. e Network monitoring report is viewed for Senior Manager, Daily
exceptions. Network Monitoring
If exceptions are not and Support
identified, Post Office may not
be able to offer sufficient and
timely support to postmasters
in the effective running of
their branches.
Exception If exceptions are not e Desktop investigation takes place, Senior Manager, Upon
investigation investigated at the point of including a wider review of accounting Network Monitoring I identification of
discovery, Post Office may activity in the branch. and Support an exception
not be justified in contacting
the postmaster.
INTERNAL
Page 12 of 23 Network Monitoring and Audit Support Policy V1.5
POL00088893
POL00088893
If exceptions are not
investigated at the point of
discovery, this could cause
irrecoverable balances
through Discrepancies and
potentially erroneous or
fraudulent transactions not
being investigated.
Postmaster
Support
If identified cash and stock
accounting issues are not
shared with support teams,
(for example: early warning
signs of a branch running into
difficulty), additional support
mechanisms may not be put
in place promptly.
« Communicate with the Business Support
Managers, in the first 6 months of the
term of a postmaster’s contract, and the
Area Managers thereafter, to advise them
that extra support may be required.
Senior Manager,
Network Monitoring
and Support
Upon
identification of
an exception
Excess cash
If excess levels of cash and
Any excess cash and stock counted as part of
Senior Manager,
During a SPEAR
compliance of
branch
their daily cash declarations,
there is a risk that they will
branches that have not declared cash for
more than 10 consecutive days, and
and stock stock build up in the network, I a SPEAR visit or Audit will be sent back to Network Monitoring I or Audit visit
this may pose a security risk I the Cash Centre or Swindon Stock Centre. and Support
to individual branches and a
funding risk to the business
of Post Office.
Non- If branches do not complete I. 4 daily report is created to show Senior Network Daily
Monitoring and
Support Manager
obligations not identify discrepancies in a Network Monitoring contact the branch to
timely manner, and they will offer support.
not be sent the optimum
INTERNAL. Page 13 of 23 Network Monitoring and Audit Support Policy V1.5
POL00088893
POL00088893
amount of cash to enable the
effective running of their
branch.
If branches do not complete
their monthly branch trading
statement, neither Post Office
nor the postmaster have
visibility of trading position of
the branch.
A daily report is created to show
branches that have not produced a
branch trading statement in the last 60
days, and Network Monitoring contact the
branch to offer support.
Senior Network
Monitoring and
Support Manager
Daily
Policy non- Non-adherence to the policy The Branch Reconciliation Team will be Senior Network Once approved
adherence could result in financial loss, provided with training on this policy. Monitoring and and annually
legal and regulatory risk, Support Manager thereafter (or
detriment to postmasters and sooner in the
reputational damage to Post event of
Office. material
changes to the
policy)
The Senior Network Monitoring and Senior Network Daily
Support Manager is accountable for Monitoring and
ensuring that they and their team adhere I Support Manager
to the policy, as it applies to their area.
The policy should be reviewed and Senior Network As required (but
updated as required. Monitoring and reviewed at
Support Manager least annually)
INTERNAL Page 14 of 23
Network Monitoring and Audit Support Policy V1.5
POL00088893
POL00088893
4. Procedures
4.1 Network Monitoring
The Network Monitoring team carry out network monitoring using a risk-based model. The
model ranks the branches in order of risk so that the team can ascertain which branches
are the most ‘at risk’ and investigate them as a priority.
The scoring rankings in the model are re-calculated on a weekly basis and the Network
Monitoring team refresh the data used by the model on a daily basis. The model can be
used to ‘search’ for an individual branch and it allows the analyst to ‘deep dive’ and review
potential trends and patterns in the data with respect to that branch. The analyst can
build a picture from the data to aid understanding of the accounting systems and processes
at the branch before raising any issues or concerns with the relevant postmaster.
Where an accounting issue is identified, the Network Monitoring team will, wherever
possible and appropriate, contact the postmaster with a view to helping the postmaster to
rectify that issue. This support may be provided through a telephone call, the arrangement
of a SPEAR visit by a member of the Audit and Support team and, occasionally, through
an Announced Audit or an Unannounced Audit. A combination of these support options
may be deployed.
The Network Monitoring team will produce an Audit Rationale Document at this stage of
the investigation in circumstances where an audit is required. This document is sent to the
relevant Audit and Support Advisor.
The Network Monitoring team will open a case on the case management system (Microsoft
Dynamics 365) for each desktop investigation. They will populate the case with any all
actions that are taken in relation to that case, including phone calls made to the
postmaster and the record and results of any visits made.
4.2 Non-Suspension Monitoring
The Network Monitoring team carry out continued monitoring of any issues identified
following a non-suspension decision by a Contract Advisor over a defined period of time,
with any further or escalating issues being flagged to the Contract Advisor.
4.3 Scheduling supportive visits and audits
The Casework team are responsible for scheduling visits and audits to branches. They will
schedule these visits at the earliest opportunity based on the priority of the visit and the
resources required to carry out the visit. At least two auditors will be scheduled to attend
a full audit (whether an Unannounced Audit or an Announced Audit).
In order to complete a full verification, it is necessary to close a Post Office branch for the
duration of the audit. As a result, it is essential in order to expedite the process and cause
minimum disruption to postmaster and their customers that Post Office use the optimum
number of auditors. Factors that may inform the number of auditors required, for a full
INTERNAL Page 15 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
verification audit, are the cash holdings in the branch at the time of the visit, whether the
branch has an ATM machine and whether the branch holds foreign currency.
In the case of SPEAR visits and Announced Audits (including closure audits and transfer
audits), the Casework Team will book the visit, and the auditor will contact the branch in
advance and will check with the postmaster that the scheduled date is suitable, contacting
the Casework team to amend where necessary.
Where an Unannounced Audit is being conducted but the postmaster is not on site, the
auditor will try to contact the postmaster and invite them to attend the audit. If the
postmaster is willing to attend, the lead auditor will allow a reasonable time for them to
arrive at the branch and attend the audit. If the lead auditor is uncertain as to what is a
reasonable amount of time, they can discuss this with their Area Audit and Support
Manager. The postmaster can nominate a staff member to represent the postmaster during
the audit or visit or the postmaster may be represented by its partner or director if it is a
partnership or company.
4.4 Carrying out an Audit
A lead auditor will attend each audit. Lead auditors are responsible for preparing for the
audit, managing the audit and completing the final audit report. The lead auditor will liaise
with the postmaster or the postmaster’s representative throughout the visit. They will
engage in a discussion with the postmaster or representative following completion of the
Reason for Audit Script. As a minimum, the lead auditor will go through the Audit Rationale
Document with the postmaster or representative and explain any discrepancies that have
been identified and the accounting processes behind them.
The lead auditor will explain why the Audit Reporting Tool (ART) is used as an independent
verification tool. They will: (i) talk through the relevant event history; (ii) establish where
all the assets are held in branch; (iii) explain why they need to access the Horizon Online
system at the branch; and (iv) encourage questions throughout the process.
The lead auditor will provide regular updates throughout the audit and perform the closing
meeting, during which they will explain the result and findings, in doing so following the
Closing Script. The lead auditor will delegate necessary tasks to the other auditors in
attendance, making the most efficient use of resources to ensure that there is minimum
disruption to the branch and its customers.
The lead auditor will print various reports from the Horizon Online system so that the audit
team can understand the value of the cash, stock and foreign currency being held in
branch. These reports are detailed in the Audit Chapter 03, available on the Knowledge
Centre. The lead auditor will conduct a physical count of the same and will manually record
both sets of figures. They will repeat this process for each stock unit and then calculate
the totals for the branch. A second auditor will repeat this process and check the figures
generated, and the audit team will invite the postmaster or representative to check the
figures independently.
The auditors will prepare any excess cash and or stock or obsolete stock for removal from
the branch once it has been counted and verified.
The figures from the cash and stock count sheets will be transferred onto the Audit
Reporting Tool at the audit. A final copy of the report will be emailed to the
INTERNAL Page 16 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
postmaster/branch. The lead auditor will retain the manual records of the cash and stock
counts for a period of 60 days.
The auditors will discuss any discrepancy found at audit with the postmaster or
representative in order to ascertain their understanding behind it. If they are uncertain
about the reason for the discrepancy, or wish to dispute it, the auditor will arrange for the
discrepancy to be moved to the centralised holding account, so that the postmaster or
representative can instigate an investigation.
4.5 Contract Advisor Involvement
On the day of the audit to ensure that a postmaster gets the necessary support an auditor
will contact a Contract Advisor, if:
e the discrepancy is over £2000, and the postmaster is on a Local Post Office
Agreement or a SPSO Agreement; or
e the discrepancy is over £5000, and the postmaster is on a Main Post Office
Agreement.
The requirement to contact a Contract Advisor is two-fold (and not connected to recovery
of the discrepancy):
* An assessment of the situation is needed to be taken in line with the Postmaster
Contract Suspension Policy” and a decision taken whether there is a requirement
to suspend the agreement; and
e if suspension is not deemed appropriate the Contract Advisor may be required to
ensure that any further activity (including support for the postmaster) is
undertaken.
Where the postmaster is on a Local Post Office Agreement or a SPSO Agreement and the
discrepancy is under £2000 or where the postmaster is on a Main Post Office Agreement
and the discrepancy is under £5000 and over £1000, the Contract Advisor will review the
audit reports. This is to establish whether there is further activity required to support the
postmaster or address contract breaches that may have been identified and, if so, ensure
that this is followed up with the postmaster.
4.6 Closure Audits
The case management team will agree a date with the outgoing postmaster for the closure
audit to take place. A closure audit is carried out when a postmaster contract is terminated
by either party. The outgoing postmaster will be contacted by the Audit and Support
Advisor no more than 5 working days after they have notified Post Office of the planned
closure. The Audit and Support Advisor will check if there are any unresolved accounting
issues and, if there are, they will work with the postmaster or its representative to aim to
have these rectified by the time of closure. Audit and Support Advisor will ask the outgoing
postmaster to reduce the holdings of cash and stock at the branch and return any excess
cash and stock to Post Office prior to the date of closure.
7 The Postmaster Contract Suspension Policy can be found on the hub, here.
INTERNAL Page 17 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
All cash and stock will be prepared, by the branch, for despatch on the day of audit for its
subsequent removal from the branch and a full final balance of the accounts will be
completed. The auditors will discuss any discrepancy found at audit with the postmaster
or the postmaster’s representative in order to ascertain the postmaster or representative's
understanding behind it. If the postmaster or representative is uncertain about the reason
for the discrepancy, or wishes to dispute it, the auditor will arrange for the discrepancy to
be moved into the centralised holding account and the postmaster/representative can
instigate an investigation.
4.7 Post Security Incident Audits
In the event of a security incident, such as a robbery or burglary, an auditor will conduct
a security incident audit at the branch if the loss is valued at more than £1000.
Post security incident audits will be scheduled as soon as is practicable following the
incident to ensure that the postmaster is properly supported. The audit’s purpose is to
ascertain the cash and stock holdings in the branch immediately after the incident. The
audit process is the same as a full audit, but any discrepancies recorded at these audits
will be posted to the Robbery & Burglary suspense account.
4.8 Reference Materials
All written materials relevant to audits, including the instructions on how to complete an
audit and relevant scripts, are stored in the Knowledge Centre SharePoint which is
accessible to all Audit and Support Advisors and Managers. These are reviewed annually
as a minimum.
4.9 Quality Assurance
The Area Audit and Support Managers are responsible for quality assuring audit activities.
Each Audit and Support Advisor will have a minimum of one audit quality assured by an
Area Audit and Support Manager per quarter. Area Audit and Support Managers perform
monthly monitoring of phone call activity between postmasters being audited and Audit
and Support Advisors.
The Senior Manager, Network Monitoring and Support is responsible for ensuring that the
Area Audit and Support Manager for each team conducts the Quality Assurance Review
(QAR) exercise on the Audit and Support Advisors in their own area.
When observing an audit, the Area Audit and Support Manager will attend in person and
will review the manner in which the audit is carried out, including engagement with the
postmaster and adherence to the process. They will then complete an observational
Quality Assurance Review form and use it to provide feedback to the auditor as soon as
possible after the audit. The Area Audit and Support Manager will also check the audit
paperwork, such as the count sheets and report generated figures.
The Quality Assurance reviews are spot checked by the Senior Manager, Network
Monitoring and Support.
INTERNAL Page 18 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
4.10 Reporting
Post Office create reports to show how the Post Office network is preforming against
agreed cash and stock accounting practices. The reports which are generated daily include:
Number of branches making daily cash declarations;
Number of branches completing regular branch accounting;
Number of branches not up to date with branch accounting deadlines; and
Amount of cash in the network.
In addition, reporting is carried out on a monthly basis to give visibility of team
performance. The reports which are generated monthly include:
Number of branches monitored within a period;
Number of branches contacted by phone;
Number of supportive visits conducted;
Number of audits completed by type; and
Value and volume of discrepancies recorded at audit.
INTERNAL Page 19 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
5. Where to go for help
5.1 Additional Policies
This Policy is one of a set of policies. The full set of policies can be found on the SharePoint
Hub under Postmaster Support Policies.
5.2 How to Raise a Concern
Any postmaster (whether a limited company, partnership, limited liability partnership or
an individual), any postmaster’s staff or any Post Office Employee who suspects that there
is a breach of this Policy should report this without any undue delay.
If a postmaster or the postmaster’s staff are unable to raise the matter with the area
manager of the relevant branch or if a Post Office Employee is unable to speak to her or
his line manager, any person can bring it to Post Office’s attention independently and can
use the Whistleblowing channels for this purpose. Any person can raise concerns
anonymously, although disclosing as much information as possible helps ensure Post Office
can conduct a thorough investigation.
For more details about how and where to raise concerns, please refer to the current
Whistleblowing Policy which can be found on The Hub under Post Office Key Policies,
accessed here.
5.3 Who to contact for more information
If you need further information about this policy or wish to report an issue in relation to
this policy, please contact the Service and Support Optimisation Director, Tim Perkins, by
emailing {
INTERNAL Page 20 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
6. Governance
6.1 Governance Responsibilities
The Policy sponsor, responsible for overseeing this Policy is the Retail and Franchise
Network Director of Post Office Limited.
The Policy owner is the Service and Support Optimisation Director who is responsible for
ensuring that the Senior Manager, Network Monitoring and Support conducts an annual
review of this Policy and tests compliance across the Post Office. Additionally, the Service
and Support Optimisation Director, the Senior Manager, Network Monitoring and Support
and their team are responsible for providing appropriate and timely reporting to the Risk
and Compliance Committee.
The Audit and Risk Committee are responsible for approving the Policy and overseeing
compliance.
The Board is responsible for setting the Post Office’s risk appetite.
INTERNAL Page 21 of 23 Network Monitoring and Audit Support
Policy V1.5
POL00088893
POL00088893
7. Control
7.1 Policy Version
Date Version I Updated I Change Details
by
1 October 2020 0.1 Alison Draft Version
Clark
8" October 2020 0.2 Tim Revised draft
Perkins
8 December 2020 I 0.3 Jo Milton Revised draft - updated definitions and job
roles
15" December 0.4 Jo Milton Footnotes added
2020
26" January 2021 1.0 Jo Milton I Final Version approved by ARC
29" March 2021 1.1 Alison J Annual review
Clark
2.3, 2.5, 3.4, 4.5, 4.6, 4.7, 4.9 expansion on
existing content
Section 3 -Added in Risk Appetite Statements
3.1, added in Policy Framework 3.2, added in
“Who must comply” 3.3, added in Minimum
Control Standards 3.5
Alignment to other postmaster support policies
26" April 2021 1.2 Jo Milton Text amendments following internal and
external legal review
4 May 2021 1.3 Jo Milton Risk appetite amendment
13% May 2021 1.4 Jo Milton Replacement of “settled centrally” language
Rewording of section 4.4 (penultimate para)
25% May 2021 15 Jo Milton Added linked policy statement to front page
Added reference to the Group Investigations
Policy to section 3.3 Who Must Comply?
Updated link to section 5.1
Added footnotes to link to other policies
referred to in this policy.
INTERNAL Page 22 of 23 Network Monitoring and Audit Support
Policy V1.5
7.2 Policy A
pproval
POL00088893
POL00088893
Oversight Committee: Risk and Compliance Committee and Audit and Risk Committee
Committee Date Approved
POL R&CC 12% January 2021
POL ARC 26" January 2021
POL R&CC
POL ARC
Policy Sponsor:
Policy Author:
Next review:
Company Details
Retail and Franchise Network Director
Service and Support Optimisation Director
Senior Manager, Network Monitoring and Support
31 MAR 2022
Post Office Limited and Post Office Management Services Limited are registered in England and Wales. Registered numbers
2154540 and 08459718 respectively. Registered Office: Finsbury Dials, 20 Finsbury Street, London EC2Y 9AQ.
Post Office Management Services Limited is authorised and regulated by the Financial Conduct Authority (FCA), FRN 630318. Its
Information Commissioners Office registration number is ZA090S85.
Post Office Limited is authorised and regulated by Her Majesty's Revenue and Customs (HMRC), REF 12137104. Its Information
Commissioners Office registration number is 24866081
INTERNAL
Page 23 of 23 Network Monitoring and Audit Support
Policy V1.5