ARC(06)15T
01-18
Royal Mail - Strictly Confidential
ROYAL MAIL HOLDINGS plc
(Company no. 4074919)
AUDIT AND RISK COMMITTEE
Minutes of the meeting held at 148 Old Street on 14" March 2006
Members of the Committee Present:
Bob Wigley
John Neill
Margaret Prosser
Helen Weir
In attendance:
Adam Crozier
Frank Schinella
Jonathan Evans
Mike Prince
Derek Foster
Luke March
Andrew Wilson
Neil Henderson
Alison Duncan
Will Rainey
Maggie Mills
Andrew Poole
ARC06/01
(a)
Non Executive Director, Chair of the Committee
Non Executive Director
Non Executive Director
Non Executive Director
Chief Executive
Acting Group Finance Director
Company Secretary
Group Financial Controller, for ARC 06/01-05
Internal Audit & Risk Management Director
Compliance Director, for ARC 06/10
Security Director for ARC 06/ 11
Service Integrity Director for ARC 06/ 11
Ernst &Young
Ernst &Young
Ernst &Young
Deputy Company Secretary
MINUTES OF PREVIOUS MEETING
The minutes of the meeting of the 15" November 2005 were
considered and approved as an accurate record of the
meeting subject to the following paragraphs being revised as
follows:
ARCO05/47(m) - Going Concern: The Committee noted a
paper providing an update on Going Concern since the Royal
Mail Holdings plc Board had been updated on 1 November
2005. The Committee noted a number of events and
information received since the Board on the 1 November
2005. The Directors should now be in a position to confirm
its decision on Going Concern in accordance with the original
Board paper. John Neill said that the business had a number
of valuable assets that could be realised in the event of a
potential breach of covenant, which had been highlighted in
appendix 3 of the paper. Bob Wigley reminded the
Committee that the directors had a duty to minimise the
potential loss to all creditors. Allan Leighton added that,
subject to the circumstances, it was often better to continue
trading in order to achieve this objective. It was noted that the
business cash flow analysis confirmed that the Group
1
POL00423148
POL00423148
ARCO06/02
ARCO06/03
ACTION
All
(b)
(c)
(a)
(b)
(c)
(d)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
remained a Going Concern as at 25 September 2005 and
that Management had Funding available to them sufficient to
stay within the financial covenants during the forecast period;
ARC05/47(n) - The Committee noted an advice letter on
solvency considerations dated the 11 November 2005 from
Maggie Mills, partner at Ernst & Young. The Letter concluded
that the Government was continuing to support the Company,
both in terms of their current lending and in working towards
a solution for the Balance Sheet solvency issues. Maggie
Mills highlighted the issues, which the directors would need to
consider in their review of continuing to trade. These gave
the directors good reason to support them in coming to the
conclusion to continue to trade. It was noted that this matter
needed to be kept under continuous review. The support of
Government was key to the going concern issue and needed
to be kept under close review to enable the Board to react to
changing circumstances;
ARC05/47(q) - the Committee noted that the External
Auditors had reviewed the statements in the accounts and in
the commentary.
STATUS REPORTS ARC(06)01
The Committee noted the status of actions from the meeting
held on the 15th November 2005.
2005 - 06 YEAR END ARC(06)02 — 08
Year-end Timetable: The Committee noted the 2005-06
timetable. The Committee supported the timetable,
particularly to deliver the front section of the accounts to the
April 27 Board meeting. It was agreed that the A&R
Committee must be in a position on the 8'" May to give final
approval;
IFRS: The Committee noted the proposed disclosures and
format of the financial statements of the statutory accounts
for the year ended 26 March 2006. These would be the first
annual accounts prepared in line with International Financial
Reporting Standards (IFRS);
IFRS in subsidiary accounts: the Committee supported the
transition to IFRS in subsidiary accounts subject to the
impact on the accounting restructure and further evaluation
of the impact of any inter company transactions and any
differences identified as part of the Group convergence
exercise;
New OFR: The Committee noted the good work in this area.
Bob Wigley asked that consideration be given to providing
KPI's for Mail integrity and improving the KPI’s for Social &
Community. Frank Schinella highlighted the risk disclosures
and asked for any comments to be fed back directly to him;
ACTION
Frank Schinella
(e)
(f)
(9)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
Regulatory Provisions: The Committee noted the position and
agreed that the level of accrual proposed at £47m was
reasonable. However, the Committee highlighted that they
would like to review these in the context of total accruals and
provisions at the year end. John Neill noted that Postcomm's
position may be more punitive than on previous occasions
when they had fined Royal Mail;
Deferred tax: At March 2005 the Group had a UK potential
deferred tax asset of £1.3bn, the bulk of which related to
future tax relief in respect of the deficit correction payments
with respect to the £4bn accounting pension deficit, which
was disclosed in the notes to the accounts as required by UK
reporting standards (FRS17). The Committee noted a paper
providing an update on the extent to which this potential
deferred tax asset was likely to be recognised in the March
2006 accounts where the pension deficit would be recorded
on the face of the balance sheet under International Financial
Reporting Standards (IAS19) and to explain a difference in
view that existed between Deloittes, acting for Government,
and RMG. RMG intended to use the 5-year strategic plan as
the base for recognising deferred tax assets. The reason for
not using a 10-year plan was that this was produced at the
request of Government for their own “valuation” purposes.
The Committee noted the move to a five-year horizon as a
reasonable approach to recognising deferred tax assets in
the statutory accounts. Ernst & Young supported the
approach being proposed;
Going Concern; the Committee noted the update on Going
Concern, based on the 14 February 2006 five year strategic
plan and latest understanding of the outcome of the price
control, and funding negotiations with the shareholder and
pension trustees. This was very much work in progress and
more work would be undertaken but the Committee noted
that for the base case (‘transformation’) including a financing
package the Group and its subsidiaries were a going
concern. The going concern issue revolved around the fact
that HMG had not, as yet, confirmed the financing package
and therefore a paper had been produced assuming, that by
27 April 2006, HMG had still not confirmed the package. The
paper included headroom analysis for downside sensitivities
within the Strategic Plan. Bob Wigley asked, on top of the
analysis provided, for a summary of movement in assets,
profitability, cash flow and debt. Will Rainey also asked for
covenant calculations to be included. Specifically, the
members wanted a separate briefing before the April Board
meeting including Slaughter & May and E&Y's insolvency
teams. E&Y asked whether it was intended to include an
emphasis of matter in the accounts and it was confirmed that
one might be included in the POL accounts but use a note
disclosure in the Group accounts to highlight the POL funding
issue. However, it was recognised that any disclosure must
be relevant to the comfort that the directors would take with
respect to the financing package.
3
ARCO06/04
ARCO06/05
ARCO06/06
(a)
(a)
(b)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
ACCOUNTING FOR PROVISIONS ARC(06)09
The Committee noted a paper asking the Audit and Risk
Committee to endorse the Group policy on accounting for
provisions that would be included in the Group internal policy
manual, Royal Mail Generally Accepted Accounting Practice
(RM GAAP).
the Audit and Risk Committee endorsed the Group policy for
accounting for provisions. John Neill thought the summary
was excellent. Ernst & Young had reviewed the policy and
agreed that it was appropriate for the Group and accorded
with current Accounting Standards. However due to the
subjective nature of restructuring provisions and the unique
circumstances of Royal Mail, E&Y and the Group Financial
Controller would consider the ‘fact patterns’ relevant to each
restructuring programme before concluding on the
appropriate treatment.
E&Y REPORT ARC(06)10
The Committee noted a paper on Audit Independence and
non-audit fees dated 14 March 2006. E&Y were not aware of
any other relationships between member firms of E&Y and
RMH that might reasonably be thought to bear on their
independence or the objectivity of the audit engagement
team. E&Y concluded that the firm was independent within
the meaning of professional and regulatory requirements and
that the objectivity of the audit engagement partners and
audit staff had not been impaired. The Chairman added that
in his view the auditors, if judged by their behaviour, were
clearly independent, and the Committee agreed.
INTERNAL AUDIT & RISK MANAGEMENT QUARTERLY
REPORT ARC(06)11
Derek Foster introduced a report summarising the activity of
IA&RM for the period November to February 2006. The
Committee noted:-
fourteen reports had been issued in the period and 13
assurance risk ratings had been applied, of these 2 were
rated as satisfactory, 8 were rated as low risk, 1 was not
satisfactory and 2 were critical or high risk. These were the
Costing model and the HR Infinium system;
Costing System: this system provided both costing and
product profitability information. The IA&RM review had
identified a number of significant weaknesses in the control
environment with respect to a key data input into the costing
system; this included ownership and accountabilities, training
and awareness, a lack of performance management and
issues around the reconciliation of authorised Working Duties
to those recorded in RCS. The Committee was concerned to
(c)
ACTION
Frank Schinella
(d)
(e)
ACTION
Frank Schinella
(f)
ACTION
Adam Crozier
(9)
ACTION
Jonathan Evans
ARCO06/07
(a)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
ensure that there was no way in which Postcomm could be
inadvertently given misleading information on which to base
its decisions. Frank Schinella confirmed that the Regulator
was aware of data input issues and accepted that Royal Mail
provided information on a ‘best endeavours’ basis, but
agreed that the controls around the costing system needed to
be more accurate both from a commercial and regulatory
perspective;
an update on the immediate actions and longer-term solution
being taken to resolve the data input issues and how this
information had been disclosed to Postcomm would be
presented to the next meeting of the Committee;
HR Infinium: was a business critical system and
approximately £4 billion of costs had been processed through
the application in 2004/05. The control environment
surrounding the core application was generally robust;
however there was a high risk that Infinium would not
effectively meet future business needs. A business case was
currently being prepared to replace HR Infinium with an
enterprise-wide HR system. An update on progress was
being provided to the next meeting of the Holdings Board;
Credit policy: was owned by Group Treasury and deployed by
Finance Operations. The deployment of the credit policy at
the time of the review was not satisfactory. It was a
requirement of condition 7 of RM’s Licence that the credit
policy was published on the website and that no contractual
arrangements be offered other than those published. It was
agreed that the operation of the Credit Policy Forum would
be formally documented and the membership would be
reviewed. John Neill wanted to see some evidence of
accountability for instances of non-compliance. Frank
Schinella would raise the issue of inconsistent pricing at the
next meeting of the Credit Policy Forum;
in response to a comment from Bob Wigley, Adam Crozier
agreed to consider the level of staffing dedicated to the
deployment of Agency Staffing procedures and on Revenue
Protection Measures;
John Neill reminded the Committee that it had been due to
receive a presentation on compliance with Employment Law.
This item would be included on the agenda for the next
meeting.
UPDATE ON OVERDUE RECOMMENDATIONS ARC(06)12
Derek Foster introduced a paper outlining progress on
overdue audit recommendations as at 3 February 2006. Over
the past year, 312 separate agreed actions had been
completed out of a total of 354 due for completion. 42 actions
were overdue for completion compared to the agreed
timescales;
ACTION
Derek Foster
ARC06/08
ARCO06/09
ACTION
Frank Schinella
ARCO06/10
(b)
(c)
(a)
(b)
(a)
(b)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
Helen Weir said that it was unacceptable that management
were not closing agreed action points on time. Bob Wigley
reminded the Committee that the Group Executive Team had
agreed to review all overdue audit recommendations on a
regular basis. The Committee was also concerned at the
number of actions being presented and requested a method
be devised to prioritise Audit recommendations. Adam
Crozier undertook to ensure that the Group Executive Team
followed up these issues. A further update on the overdue
audit actions would be given to the Committee following
consideration by the Group Executive Team;
the RFID business case was currently being reviewed and
would be brought back to the Holdings Board for approval as
necessary.
INTERNAL AUDIT & RISK MANAGEMENT CHARTER
ARC(06)13
The Committee considered a revised Charter for Royal Mail's
Internal Audit & Risk Management department. The Charter
had been compiled having regard to standards and models
set out by Internal Audit professional standards.
the Charter was substantially unchanged from the prior year.
The only amendment had been to specify already established
practice with regard to the liaison with external audit,
specifically that Terms of Reference for audit assignments,
and copies of audit reports on issue, were shared with the
external auditors;
the Committee approved the proposed IA&RM Charter.
GROUP TREASURY POLICIES ARC(06)14
The Committee noted the paper, which had been prepared to
enable the Committee to conduct an annual review of Group
Treasury Policies. The Group Treasury Policies had been
reviewed by the Committee in March 2005. In order to
maintain tight corporate governance over this sensitive area it
was agreed that the policies would be reviewed on an annual
basis.
Bob Wigley requested clarification on the specific delegations
made by the Group Treasurer. Frank Schinella agreed to
obtain details of delegations within the Treasury function and
revert to the Committee;
the Committee agreed the changes to the Group Treasury
Policies and noted that the review would be notified to the
Holdings Board via the next quarterly Group Treasury Report.
COMPLIANCE REPORT ARC(06)15
ACTION
Luke March
ARCO6/11
(a)
(b)
(c)
(a)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
Luke March updated the Committee on the progress on
Postcomm’s investigations into Royal Mail activity, and on
other developments within the remit of the Compliance Unit
since the last compliance report to the Audit Committee in
November 2005. A similar update had been given to the
Holdings Board in February 2006.
the last few months had been disappointing with regards to
the outcome of Postcomm’s recent decisions. However the
compliance unit continued to make positive progress with
business units with regards to establishing a framework and
way of working on compliance issues and it was clear from
recent experience that compliance awareness was starting to
grow throughout the commercial side of the business. The
challenge for 06/07 was to ensure it permeated through the
wider organisation;
however Postcomm'’s recently expressed objectives for 06/07
indicated intense scrutiny of any commercial initiative
launched by Royal Mail, and the business must expect
significant levels of Postcomm information requests and
investigations, either on their own initiative or generated by
competitor complaints;
the Committee noted that a large number of information
requests had been received by the Company each month.
Bob Wigley asked what progress had been made on his
suggestion to formalise the process and policies for
transmission of information to Postcomm — to include
appropriate sign off from legal, finance and the business. Bob
Wigley referred to his email of 14 November 2005 requesting
detailed recommendations on this and observed that not
withstanding that three months had passed, no such
recommendations had been presented. This was
unacceptable. Bob Wigley reiterated the substantial risks
RMG could run if incomplete or inaccurate information was
provided to Postcomm, even if inadvertently, and how this
could be exacerbated in the absence of formal policies and
processes rigorously applied. Bob Wigley reminded the
Committee of the issues recently raised at Severn Trent.
suggested that it might be appropriate to have one point of
contact for these requests. Bob Wigley suggested that it
might be appropriate to have one point of contact for these
requests. Adam Crozier agreed that a formal process was
required and Luke March would return to the Committee with
detailed proposals on how information would be managed for
the next meeting.
MAIL INTEGRITY UPDATE ARC(06)16
The Committee noted the progress made in developing and
deploying an integrated, business-wide Mail Integrity (Ml)
plan.
significant progress had been made over the last few
(b)
(c)
(d)
(e)
(f)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
months, and a comprehensive action plan was in place which
responded to the areas for improvement identified in the
Postcomm report and draft enforcement order, as well as
encompassing actions required from the implementation of
the new MI Code of Practice, which now formed an integral
element of condition 8 of the Postcomm Licence. All policies
and procedures had been reviewed and were in force, and
compliant contracts with Reed and Manpower had been
signed. The focus of the plan was now moving away from
reviewing and deploying policies and procedures to ensuring
compliance down the line;
in August 2005, the Audit and Risk Committee had
commissioned the Control Risks Group (CRG) to conduct an
independent and high-level review to assess Royal Mail’s
mail integrity procedures against its obligations as set out in
its Operating Licence. The Committee noted a status report
against each of the report's recommendations;
CRG found that Royal Mail's security policies and procedures
mainly reflected best practice and that there was visible
commitment by management to continuous improvement. In
addition, the Business dedicated considerable resources to
protecting the mail and had in place many good improvement
initiatives. However there were areas where improvements
could be made. In particular, there should have been greater
visibility between “processes and action groups for
initiatives”. In other words there should have been clearer
evidence of an effective process connecting policies and
standards to improvement activities identified through
effective mail integrity performance management. This
observation echoes the Postcomm general finding that the
Business “failed properly to co-ordinate loss prevention
management activities”;
the business had been working to establish a framework
(policies, procedures and processes) to ensure compliance
with a new version of Licence Condition 8 (Mail Integrity).
Helen Weir asked who was responsible for compliance on
Mail Integrity. In response it was made clear that Luke March
was responsible for the process i.e. checking that the
business was compliant whilst Tom Melvin, Operations
Director was responsible for Mail Integrity. Luke March
confirmed that he was content with the level of resource
available to Internal Audit to meet the proposed work plan.
Derek Foster stressed that while he had ensured that the
Internal Audit Plan had a very significant focus on Licence
issues, this Plan was not part of the regular ongoing
monitoring and would vary year on year. Work was
continuing to complete the exercise within Licence
Compliance to map out the Licence conditions, equivalent
processes, and related sources of monitoring and assurance;
Bob Wigley questioned why CRG had concluded security
ACTION
Neil Henderson
ACTION
Andrew Wilson
ACTION
Andrew Wilson
ACTION
Andrew Wilson
ARCO06/12
(9)
(h)
(i)
()
(k)
POL00423148
POL00423148
Royal Mail - Strictly Confidential
activity was not sufficiently targeted. Neil Henderson
confirmed that a risk based approach was being taken on
Mail Integrity and that he was working closely with the
security team to identify gaps. The Mail Integrity Working
Group draws on information related to Mail Integrity from
across the business and develops a risk register to identify
areas of significant risk. The Mail Integrity Working Group
then develops and deploys action plans to mitigate these
risks. All of these Plans are reviewed and endorsed by The
Mail Integrity Working Group;
the code of practice policies and procedures had been
implemented and focus was now being given to
demonstrating compliance before Postcomm resumed close
scrutiny. Internal Audit would undertake an independent
review of Mail Integrity during 2006-07;
Neil Henderson said that overall there had been some very
encouraging signs with all areas in Operations responding
positively to the changes however there was a long way to
go. John Neill said that it was encouraging but that a lot
depended on culture and willingness and asked if the culture
had changed. Andrew Wilson replied that following the
introduction of Single Daily Delivery everyone was aware that
things were being done differently and that change
throughout the organisation was happening but that this
would need to be sustained. Bob Wigley asked for
Management to consider which statistics on Mail Integrity
would be presented to the Committee at its next and
subsequent meetings to enable it to demonstrate and monitor
progress;
Bob Wigley turned to the findings of the Control Risks Group
and in particular CRG 5 — and agreed that Andrew Wilson
and Derek Foster would discuss options for the design and
introduction of a tool for assessing cost per equivalent saving
for security investment;
CRG9 — opportunities for RM to invest in mail reception
facilities for high risk customers delivery locations would be
taken forward as part of the Delivery Review;
CRG10 — a benchmark for mail protection measures with
other Postal Operators would be developed, as this would
help the business to understand differences in operating
procedures and facilitate the acquisition of comparison loss
figures with other operators.
INTERNAL AUDIT & RISK MANAGEMENT
DEPARTMENTAL PLAN ARC(06)17
The Committee noted a paper setting out the proposed
Internal Audit & Risk Management Departmental Plan for
2006/07. John Neill asked if the plan included a focus on
Licence compliance matters and was assured that the Plan
ARCO06/13
ACTION (a)
Andrew Wilson
ARCO06/14
ARCO6/15
ARCO06/16
(a)
ARCO06/17
(a)
ACTION
Keith Woollard
ARCO06/18
POL00423148
POL00423148
Royal Mail - Strictly Confidential
did.
WHISTLE BLOWING REPORT ARC(06)18
The Committee noted a statistical breakdown of reports by
crime category for the whole of the calendar year 2005. It
also showed the breakdown of reports received as between
the in-house Corporate Security Helpdesk and the external
Crimestoppers organisation. The same information was
provided for the first two months of 2006 and included brief
details of investigations and their outcomes for each listed
incident.
the Committee asked for further work to be undertaken to
identify themes or patterns from the data held and for regular
reports to be made to the Committee, perhaps in a more
summarised form but that all Whistleblowing activity to be
reported to the Committee regularly.
2006 SCHEDULE OF BUSINESS ARC(06)19
The Committee noted the schedule of business for 2006.
CRMC MINUTES ARC(06)20
The Committee noted the Corporate Risk Management
Committee minutes for 2 February 2006.
POL IMPACT PROJECT UPDATE ARC(06)21
The Committee noted the paper updating the Audit & Risk
Committee on the status of the Impact Programme as it
neared completion, and to highlight the actions being taken
to clear out legacy issues and satisfy the external auditors
that the new Post Office Ltd Finance System (POLFS) would
robustly support the year end balance sheet.
the Audit & Risk Committee noted the current status and the
actions being taken to resolve open issues in time for the
year-end close.
FINANCIAL SERVICES COMPLIANCE REPORT
ARC(06)22
The Committee noted the Financial Services Compliance
report for March 2006.
a note would be provided on the action being taken to
address the regulatory risk of operating as an ‘arranger’
rather than as a mere ‘introducer’.
DATE OF NEXT MEETING
The Committee noted that the date of the next meeting of the
Committee was Monday 8" May 2006.
10
POL00423148
POL00423148
Royal Mail - Strictly Confidential
11