POL00458035 - Email from Simon Jeffreys to Rachel Scarrabelotti Re: Comments on GT’s report.
POL00458035
POL00458035
Message
From: Simon Jeffrey:
on behalf of Simon Jeffreys{
Sent: 02/05/2024 18:
To: Rachel Scarrabelotti
cc: Benjamin Tidswell H
Subject: Comments on GT's
Rachel,
As requested, below are some comments on GT's report. Happy to discuss if that would be helpful. As
discussed on the board call, I have not done a detailed review, and have focussed on the audit and risk
comments as suggested by Ben.
The detailed analysis from all feedback should be discussed with GT and the report should be rewritten.
Kind regards
Simon
Comments on GT's report.
The report should be shorter
The report should record POL's responses
Frequently the report sets out (lengthy) statements of good/best practice which creates the impression that we
need this to make improvements, very often though we are already doing what is being suggested. Examples
below.
An independent review was carried out when the ARA were being finalised to assess our compliance with the
U.K. Code. That review concluded that we complied with the code. This is at odds with some of the comments
in the report. Johann or Kathryn will have details. P6 and Appendix 5 imply that we do not comply.
P10 risks outside of tolerance are a result of external/historic factors, like funding, reputation and legacy IT.
P10 I don't agree that overall there are the skills gaps listed. I can name directors with relevant experience for
each point.
P11 I cannot question whether these quotes/themes are accurate but I do not believe this is a balanced
representative list
P13 I think this list is exaggerated and misleading. For example, the statements about lack of accountability are
wrong
P14 much of this is wrong, including the statement that the executive are not held to account or provided
guidance
P15 many of these should be green
P15 there are many errors in this summary, it is grossly misleading, for example, C there is a framework of
controls E there are such policies, the workforce is able to raise matters of concern H the NEDs do devote the
time required
P18 again errors, for example, clear objectives for '24
P19 to be updated, there is now a chair
P21 Noms does consider board composition and skills
P22 ARC papers could improve but overhaul’ is too strong a word. Many papers are excellent. There are many
incorrect and misleading statements in this section, for example,
ARC is embedding controls, there is a governance structure over controls and internal audit, and this works,
risks are reported to ARC in accordance with meeting cadence, co chairs of committees does not work well in
practice, there is risk management across the organisation, the separation of Risk and Audit committees has
been considered ...
P23 misleading and incorrect statements. I'm sure Amanda will expand
P26 I do not support the alternative governance model. Separating postmasters and government from the rest of
the board would be a massive backward step
POL-BSFF-137-0000013
POL00458035
POL00458035
Risk should remain a focus of the board/ARC, not be exec only. There is already an exec RCC
P32 chairs are disciplined on time management, and feedback/actions!
A lot of section 5 is incorrect, repetitive and misleading
P56 central risk has been elevated
P56 many ARC papers are data driven, misleading comment
P57 Postmasters are not employees so we need to be cautious about their risk policies
ARC/RCC papers do have a cadence aligned with meetings
There is a formal process for determining risk appetites and tolerances
There is an up to date risk register with appetites and tolerances
P62 I have regular calls with the chair of PO] ARC
P70 these scores look way to low in relation to what actually happens
P85 comprehensive feedback, including a written summary, is given to the board at meetings following ARC
meetings, there is a high level of transparency
Risks are escalated as appropriate to the board between meetings, as is evidenced by the many ad-hoc meetings
and calls. There is extensive liaison with the shareholder about funding!!
Everything in the toolkit re audit, risk and compliance is done. Public disclosures are carefully judged. We
deliberately do not seek excessive ARA disclosures in view of the risk climate.
Sent from Outlook for iOS
POL-BSFF-137-0000013_0001