@
POST OFFICE LIMITED
AUDIT, RISK & COMPLIANCE COMMITTEE REPORT
POL00447925
POL00447925
Title: Policy Update Meeting Date: I 26 January 2021
Jonathan Hill, Director of
Author: Reena Chohan, People and Sponsor: Compliance
. Policy Compliance Manager . Ben Foat, Group General
Counsel
Input Sought: Decision
The Committee is asked to review and approve the Investigations Policy updated policies for
the business to take forward.
Previous Governance Oversight
Risk & Compliance Committee (RCC) 12 January 2021
Executive Summary
This paper provides asummary of changes that have been made to the policies below as part
of their annual review process for the Audit, Risk & Compliance Committee (ARC) to consider.
Questions addressed in this paper
1. Which policies were updated in this annual cycle review?
2. What updates were included and why?
3. What is Compliance’s assurance view of the status / Minimum Controls Standards for each
policy?
Which policies were updated in this annual cycle review?
1. In this review cycle the following policies were revised, reviewed and updated as per the
annual review process.
IRCC by Tim Perkins.
INetwork Director
Policy Last Reviewed Updates IGE Owner (Governance
IApproval Body
Investigations Policy [Sep 2016 jajor amendments to IGroup General IRCC & ARC
jthe existing policy, ICounsel
which has been out of
luse for some time.
[Postmaster Policies X INew Policies \To be discussed in a Retail and IRCC/ARC.
3 separate paper sent to IFranchise
Confidential
POL00447925
POL00447925
@
What updates were included and why?
2. Asummary that identifies the changes and updates to the policies and statements have
been added below:
Investigations Policy:
3. The Investigation Policy has not been updated or been in use for some time. Whilst most
internal investigations are conducted under local, subject-specific policies - such as
disciplinary, or Dignity at Work - it is felt that there should be an overarching policy
dealing with subjects that are not dealt with under such existing local policies.
4. Therefore this is a master Investigations Policy that brings back the principles of
investigations for all other Group Policies that relate to it. Going forward there is going to
be as part of the implementation process an Investigations Group being pulled together,
which will consist of both the relevant Policy Owners where it is intended that they will
review the underlying processes of the policy and the appropriate MI to ensure all
Minimum Control Standards stated within the policy are being met consistently.
5. The former policy has been updated to:
a. Include detail on the processes and on responsibilities.
b. Provide that, where there are existing investigation procedures within other policies,
they should be followed.
c. Define roles and responsibilities more, and specifically to have someone appointed with
overall responsibility for the investigation, i.e., the Commissioning Manager, who is
responsible for establishing terms of reference and identifying the policy, legal and
regulatory requirements of the investigation, including any requirement for an
investigation to be carried out under legal privilege.
d. Equally there would then be an investigator responsible for the actual investigation.
Effectively they have delegated authority through the Commissioning Manager.
e. Included certain aspects as obligatory on the managers, including producing minutes of
interviews and an investigation report.
f. Include minimum control standards
6. Policy Compliance View: As this policy has not been in use for some time the
attestation on the policy performance will need to be made and carried out in the next
annual review - some of the control standards are in place but some will need to be
established soon and are currently under review.
Postmaster Policies:
To be discussed and approved in a separate paper present to the Committee by Tim
Perkins.
7. Approval is being sought for three new postmaster policies to reflect how Post Office will
provide support to postmasters in relation to their branch accounting.
8. The policies are:
« The Network Monitoring and Audit Support policy sets out Post Office’s network
monitoring principles which aim to support postmasters with accounting practices,
prevent postmasters from suffering discrepancies and protect both postmasters and
Post Office from possible losses.
Confidential 2
POL00447925
POL00447925
@
« The Postmaster Account Support policy sets out how Post Office will notify
postmasters pro-actively when an accounting discrepancy has occurred and how it will
offer support to help postmasters understand the reason(s) for any discrepancy. The
policy also sets out how Post Office could deal with the recovery of losses if the loss is
established (following investigation and/or acceptance by the postmaster).
« The Postmaster Accounting Dispute Resolution policy sets out how Post Office
will investigate and resolve accounting disputes raised by postmasters.
9. Four remaining postmaster support policies will be presented to the RCC in March, along
with an overarching postmaster support document that links all the postmaster support
policies and processes.
Assurance
10. Working with the Policy Owner of the Conflicts of Interest Policy we have started to pilot
the assurance process and sample test the policy on a risk basis to review the policy
standard and policy compliance.
11. Compliance is also working with Policy Owners and our subsidiaries to incorporate where
and whom their policies apply to within the business to ensure we have a consistent
approach to the language that is being applied to all policies throughout the Group.
12. The Internal Policy Template which is used by policy owners to draft their policies on, is
currently under review and being amended to reflect current working practices as the
previous one is outdated. The new template will include guidance notes for policy owners
to help assist them in writing their policies. This is to ensure we have a consistent
approach to policies been written and aligned in the same format throughout the Group.
Conclusion
13. We continue to work with Policy Owners and Company Secretariat to ensure we maintain
our policy governance responsibilities and undertake assurance that the polices are
working as expected. This is a key part of the wider Post Office controls work.
Appendices
1. Investigations Policy (Clean)
Confidential 3
POL00447925
POL00447925
@
2. Investigations Policy (Existing Policy)
Please see separate paper for the Postmaster Policies.
Confidential 4