ARC(06)4™
37-47
POL00423149
POL00423149
Royal Mail - Strictly Confidential
ROYAL MAIL HOLDINGS plc
(Company no. 4074919)
AUDIT AND RISK COMMITTEE
Minutes of the meeting held at 148 Old Street on 22"" September 2006
Members of the Committee Present:
Helen Weir
John Neill
Margaret Prosser
Apologies:
Bob Wigley
In attendance:
lan Duncan
Frank Schinella
Jonathan Evans
Doug Evans
Mike Moores
Derek Foster
Alison Duncan
Will Rainey
Andrew Poole
Neil Henderson
Jon Allen
Keith Woollard
ARC06/37
(a)
(b)
Non Executive Director, Acting Chair of the Committee
Non Executive Director
Non Executive Director
Non Executive Director
Group Finance Director
Letters Finance Director
Company Secretary
General Counsel
Financial Management & Control Director
Internal Audit & Risk Management Director
Ernst &Young
Ernst &Young
Deputy Company Secretary
Service Integrity Director, RML for ARC06/38(a)
Head of Employee Relations for ARC06/38(g).
Head of Compliance, POL for ARCO6/43
MINUTES OF PREVIOUS MEETING
The minutes of the meeting of the 8" May 2006 were
considered and approved as an accurate record of the
meeting;
the minutes of the meeting of the 6" June 2006 were
considered and approved as an accurate record of the
meeting subject to the second sentence of minute
ARC(06)32(e) being deleted in its entirety and replaced with
the following wording:-
E&Y had initially been concerned by the quality of data in the
costing system but were now comfortable with the current
position given the disclosure in respect of the inherent
limitations of key resource drivers and discussion and
agreement with the Regulator in relation to the actions being
taken by the Company and the treatment in the 2005-06
Regulatory accounts.
22
ARC06/38
(a)
(b)
(c)
(d)
(e)
POL00423149
POL00423149
Royal Mail - Strictly Confidential
STATUS REPORT ARC(06)40
The Committee noted the status of actions from the previous
meetings. In particular:-
ARCO6/11(k) Mail Integrity: in March, the Audit Committee
commented that establishing a mail integrity benchmark with
other postal administrations, especially those in Europe,
would serve a number of purposes. The benchmark itself
would prompt improvements if clearly required, any existing
good or best practice within Royal Mail would become
apparent and, finally, the Business’ leading role in
benchmarking activity would demonstrate a willingness to be
pro-active in identifying improvements. However attempts to
enlist the support of other administrators had proved largely
fruitless, and a major benchmarking exercise as proposed by
CSG was not considered practical. The Committee accepted
this, but asked for Andrew Wilson to continue to pursue the
issue on a bilateral basis with those countries who are
showing an interest;
ARCO06/20(a) POL Losses: the business was continuing to
make steady progress in controlling cash losses, mainly
through improvements in the ability to focus on the areas of
highest risk assisted by better management information. This
was partly due to the completion of the Impact programme;
ARC06/20(e) Revenue protection: there were currently 900
people directed at Mails verification and Revenue Protection
within Operations. Mails verification resource levels had been
maintained despite falling volumes. This was because mails
verification was not directly linked to traffic volumes but was
driven by the number of postings. Falling volumes had not
significantly affected the number of postings. A higher
percentage of checks were being carried out. The level of
resource was a balance that took into account the potential to
sample more customers against the finite time window
available to check mail before Quality of Service was
jeopardised, and space constraints within the buildings to
handle more mail;
ARC06/20(f) Delegated Authorities: current devolved
authorities within Treasury for placing investment were
unlimited up to the extent of liquidity forecasts. Devolved
authority was thus limited only by reference to length of
maturity. A review of the following value and maturity
delegations had been done. No changes were proposed to
the borrowing authorities, which must continue to be limited,
by liquidity need and maturity. The new limits were introduced
from 9 August 2006 and would be further reviewed in
conjunction with the general review of delegated authorities;
ARCO06/20(h) Mail Integrity: measures had been set up and
were now live, as per the action, apart from quarterly loss
23
ACTION
Neil Henderson
ACTION
Jonathan Evans
(f)
(9)
POL00423149
POL00423149
Royal Mail - Strictly Confidential
estimates where the Compliance Director had some
questions over the robustness and risk of potential
Postcomm misinterpretation and misuse. The next step
would be to distil the detailed KPI’s for reporting to the
Holdings Board. The Committee agreed to provide input as to
what the KPI’s would look like. A clear picture of how the
distilled KPI’s would look would be given at the next Audit &
Risk Committee meeting;
ARC06/20(j) Whistleblowing: since January 2005, there had
been thirteen reports received (twelve directly to the
Corporate Security Helpdesk and one via the Crime Stoppers
organisation) concerning suspected immigration/identity
offences and drugs offences. Five of these reports were
about immigration/identity and eight were about drugs.
These numbers do appear to be on the low side, but there
were several reasons for this, with the big reduction in casual
staff a significant reason. However, over the last three years,
P&OD had introduced a range of enhanced recruitment
checks for all staff and this would undoubtedly have weeded
out a number of illegals or those with suspect identities and
discouraged others from following through with their job
applications. For these reasons the number of people in the
Business that might prompt a whistleblowing report was
probably much reduced. We cannot do a direct before and
after comparison because we did not keep separate
whistleblowing reports per se prior to Jan 2005; before this
date, the reports were embedded within criminal investigation
case files. So far as drug abuse is concerned, it was less
clear whether the incidence of whistleblowing reflected the
true position in the Business. Andrew Wilson would be asked
to carry out further benchmarking to determine what levels of
whistleblowing could be expected;
ARCO06/25(b) & (c) Compliance with HR policies: Jon Allen
joined the meeting and provided an assessment of the
exposure, in comparison to anticipated levels, from the risk
that Royal Mail Group did not comply with its statutory or
regulatory obligations and provide tools to support the
business in the ongoing assessment, monitoring and
management of the risk of non compliance with Employment
legislation. He confirmed that a lot of work had been done to
ensure compliance in this area and that monitoring was due
to be put in place by December 2006. He did consider that
the Company was vulnerable on disability in relation toa
failure to make reasonable adjustments, however this issue
was being addressed. He further reported that there was a
risk around the Company's ability to fulfil its obligations in
respect of notifing employees of changes to terms of
employment as the Gazette had previously been used for this
purpose and therefore an alternative method was now
sought. Helen Weir said that the actions outlined seemed
sensible but asked what KPI's were being reported. Jon Allen
said that KPl’s were being developed. Helen Weir also
asked if Jon could give the Committee any data to illustrate
outcomes, such as number of tribunals, cost in £ of tribunal
24
ACTION
Jon Allen
ARCO06/39
ARC06/40
(h)
(a)
(b)
(a)
(b)
(c)
(d)
POL00423149
POL00423149
Royal Mail - Strictly Confidential
decisions, etc — Jon confirmed that he did not have this to
hand;
John Neill said that he found the executive summary
confusing and that it lacked a clear plan of action necessary
to address the issues, and a line of sight from the issues
raised to the actions proposed. He added that proposed
actions should be supported by appropriate metrics to
confirm that the actions being taken had been effective in
addressing the issues. Jon Allen agreed to re draft the report
taking into account the views expressed by the Committee.
SELF ASSESSMENT OF A&R COMMITTEE & TERMS OF
REFERENCE ARC(06)41
The Committee's policy, in line with good standards of
corporate governance, was to review its effectiveness each
year. As with last year’s review, an assessment had been
made of the Committee’s proceedings against the
recommendations of the Smith Review, which formed the
basis of the relevant section of the Combined Code;
overall, the procedures of the Committee were judged to be
compliant with the Code requirements;
the Committee noted and endorsed the conclusions of the
paper.
ACCOUNTING UPDATE ARC(06)42- 45
Fines and Compensation update: the Committee noted the
proposed amount for regulatory accruals for fines and
compensation at the half year assuming that no further facts
emerged or progress made in respect of the appeals. The
Committee agreed that the provision of £45 million for fines
and judicial review was appropriate;
UK GAAP accounting policies: the Audit and Risk Committee
(ARC) had agreed in May to the continued application of
UKGAAP in the preparation of the ultimate parent and UK
subsidiary accounts. The impact of International Financial
Reporting Standards (IFRS) on the relevant accounts had
now been reviewed for compatibility with UKGAAP. The
Committee noted changes to the Group's UKGAAP
accounting policies and estimates to provide alignment with
IFRS where permitted, for the purposes of production of the
ultimate parent company accounts and the accounts of the
UK subsidiaries;
UKGAAP net assets and profit for the parent & UK
subsidiaries were now closely aligned to IFRS and the more
onerous IFRS disclosures had been avoided;
Interim Report: the Audit & Risk Committee noted the
proposed format for the half-year accounts for the period
25
ACTION
Jonathan Evans
ACTION
E&Y
(e)
(f)
(9)
(h)
(i)
()
(k)
POL00423149
POL00423149
Royal Mail - Strictly Confidential
ending on 24 September 2006. The accounts followed
International Financial Reporting Standards (IFRS) as used
in preparing the Royal Mail Holdings accounts in the year to
26 March 2006. In addition, the Committee further noted
various financial accounting developments and issues
relating to the first half of the financial year;
the Audit & Risk Committee approved the format and
timetable for the Interim Report and the re-scheduling of the
ARC to post agreement with Government. Will Rainey
observed that if agreement had been reached with
Government on funding that the business may wish to report
on the POL position at the half-year. He also asked what the
fall back position would be if no agreement had been
reached. Frank Schinella said that the business was
reviewing the manage for cash case and preparing all
options. The Committee agreed to meet before the Board on
the 5" December;
noted the accounting treatment for Share in Success
payments, redundancy and Romec Services Limited; and
noted the developments in accounting standards and the
likely impact on the Royal Mail financial statements in future
years;
E&Y Audit Report & Fees 2007: Will Rainey introduced a
report dated 22 September 2006 providing information
regarding the overall audit approach for the year ending 25
March 2007. The Committee noted that E&Y would be taking
a risk-based approach in accordance with the E&Y global
audit methodology and international standards on auditing
(UK and Ireland). This approach would be tailored to each
business unit/reporting subsidiary allowing E&Y to adopt the
most efficient approach for each business. The methodology,
as far as it could, would also be used as the framework to
plan and execute the Regulation audit;
initial 2006-07 cost budgets had been discussed with
business unit management and Group Finance and specific
areas for target efficiencies agreed. The detail underlying
cost budgets had not yet been discussed with lan Duncan
and it was anticipated that this exercise would be completed
over the next few weeks and the final agreed audit cost and
fee position would be presented to the Audit & Risk
Committee in November 2006;
Alison Duncan confirmed that E&Y would assess how the
Company complied with the Licence. John Neill said that the
Committee would be unable to rely on E&Y in this respect
and that it would look to the Company to provide the
necessary assurances;
John Neil said that he was encouraged by the work
undertaken on fraud. He asked E&Y if they had any
26
ACTION
E&Y
(I)
(m)
ACTION
lan Duncan/
E&Y
(n)
ACTION
E&Y
ARCO06/41
ARCO06/42
POL00423149
POL00423149
Royal Mail - Strictly Confidential
techniques which allowed them to come to a logical
conclusion. Will Rainey said that the approach was to talk to
team members in the business to obtain an informed view of
the softer aspects of the environment. Alison Duncan added
that E&Y were introducing more unpredictability into the audit
process. John Neill asked for a short paper outlining the
approach being taken to tackle fraud;
John Neill also asked if there were ways to help determine
the ethical “health” of the Company. Derek Foster confirmed
that an ethical audit was included in the IA&RM plan for the
year and that IA&RM had benchmarked with Australia Post to
help understand ways of approaching such a review;
Helen Weir said that she had been surprised that the audit
fees had been higher than that approved by the Committee
and said that any increase in fees should have been referred
to the Committee for approval;
the Committee noted the additional requirement for
companies that have a statutory audit for periods
commencing on or after 1 April 2005, and specify that the
directors report must contain a statement regarding
disclosure of information to auditors. Will Rainey agreed to
provide the Company with some recent legal advice on this
issue. John Neill expressed his concern at the onerous
nature of the requirement. The changes impact both
executive and non-executive directors. Directors and the
Company will need to exercise judgement when assessing
the potential impact of this new guidance. In particular the
directors will need to consider whether the Company’s
current processes are sufficient to meet the new
requirements and whether sufficient evidence exists to
support the explicit statement required in the directors report.
lan Duncan said that the best approach would be to agree a
number of steps with the Auditors and agreed to develop a
proposal for the next meeting. E&Y were asked to propose
the necessary steps to ensure that the requirement was met;
E&Y had been contacted by the National Audit Office in
connection with the audit of the Whole of Government
Accounts for the 2005/06 year. Helen Weir said that it would
be helpful to have an update on this activity at some point.
DELEGATED AUTHORITIES
lan Duncan confirmed that the item on Delegated Authorities
would be deferred to a later date.
INTERNAL AUDIT & RISK MANAGEMENT QUARTERLY
REPORT ARC(06)46
Derek Foster introduced a report summarising the activity of
IA&RM for the period May to August 2006. The Committee
noted:-
27
ACTION
Derek Foster
ARC06/43
(a)
(b)
(c)
(a)
(b)
(c)
POL00423149
POL00423149
Royal Mail - Strictly Confidential
twenty reports had been issued in the period and 13
assurance risk ratings had been applied, of these only one
was rated as satisfactory, seven were rated as low risk, and
three were not satisfactory. Of the two follow up reviews one
was rated as partially implemented and one was rated as fully
implemented;
overall, the Group’s risk profile was showing an increasing
risk in certain areas. This reflected the scale of change
required under the transformation programme, the increasing
competition, and increased uncertainty following the
Government's deferral of a decision regarding share scheme
proposals that underpin the financial restructuring package;
the Audit & Risk Committee noted the Internal Audit & Risk
Management report dated September 2006, and requested
that management be asked to attend the next meeting of the
Committee to address concerns on the deployment of
manpower tools, Operational controls, compliance with
regulation & competition law and USO compliance.
POL FINANCIAL SERVICES COMPLIANCE REPORT
ARC(06)47
The Committee noted the POL Financial Services
Compliance report dated September 2006.
previous reports had covered only financial services and anti-
money laundering regulation, but to ensure that the
Committee was given a fuller picture of the regulatory risks,
we will now also report on risks and issues arising from
Ofcom’s regulation of the Post Office® HomePhone service;
Ofcom had conducted an enquiry into whether or not they
should undertake a formal investigation into allegations of
mis-selling of the HomePhone service in Post Office
branches. This followed media coverage of mis-selling
complaints, a complaint to Ofcom from BT and a sharp
increase in the number of consumer complaints received
direct by Ofcom. Many complainants alleged that they only
agreed to have information concerning the service sent to
them, but that they had then been notified that their phone
service was to be transferred; or they said that they had had
no contact at all with the Post Office before receiving such a
notification. Our own monitoring had shown a significant
increase in cancellations alleging mis-selling in May, June
and July;
Helen Weir referred to the compliance, monitoring and
enforcement activity and in particular the audit results for
branch anti money laundering and financial services
compliance. The Committee felt that targets of less than
100% could send the wrong message. John Neill said that
the impact on Regulation and on brand values could be
28
ACTION
Keith Woollard
(d)
ACTION
Jan Duncan
ARCO06/44
ARCO06/45
ARCO06/46
ACTION (a)
Jonathan Evans
(b)
ARCO06/47
Royal Mail - Strictly Confidential
significant, however the Committee noted that for areas of
concern the consequence was that products were not sold.
Keith Woollard was asked to provide some benchmarking
data on compliance targets;
Helen Weir noted the position on sales compliance but was
concerned that the business appeared to be moving to a
position of ‘arranger’ and questioned whether the business
POL00423149
POL00423149
had obtained a mandate for this. lan Duncan agreed to follow
this up with Allan Cook and clarify the strategy.
DIRECTOR EXPENSES AND RELATED PARTY
TRANSACTIONS
ARC(06)48
The Committee noted schedules providing a summary of the
executive directors expenses incurred during 2005-06 and
the current year to date. In line with the Committee’s request,
the schedules provided details of individual expenses of £500
or higher.
AUDIT & RISK COMMITTEE DATES 2007
ARC(06)49
The Committee noted a schedule of Committee meeting
dates for 2007.
ANY OTHER BUSINESS
Helen Weir asked for an update on how effective the new
Postcomm information policy had been. Mike Prince would be
asked to report back at the next meeting of the Committee.
Helen Weir thanked Alison Duncai
DATE OF NEXT MEETING
The Committee noted that the date of the next meeting of the
Committee was Tuesday 1*t November 2006.
29