POL00458460
POL00458460
@
POST OFFICE LIMITED
STRATEGIC EXECUTIVE GROUP
REPORT
setae Grant Thornton Operational . .
Title: Governance Recommendations Meeting Date: I 3 July 2024
Chrysanthy Pispinis, Chief of Staff
Author: Mark Underwood, LCG Operations Sponsor: Nick Read, CEO
Director
Input Sought: Discussion
SEG is asked to Note the contents of the Operational Governance Recommendations made by
Grant Thornton (GT) and plans for how these will be taken forward within the business. SEG is
asked to note the capacity constraints to deliver the actions, and to provide any steers on the
prioritisation of actions.
Executive Summary
1. GT finalised its report, which assesses the effectiveness of Post Office’s (POL’s) Enterprise
and Operational Governance structures and processes, for the attention of POL Board on 25
June 2024.
2. The report contains a number of strategic recommendations designed to enable POL to
continue its journey towards creating value rather than merely preserving it. Some
recommendations are within POL’s control, while others are subject to Shareholder approval
/ buy-in. Which of these recommendations can / should be taken forward now, at a more
appropriate time in the future, or are disagreed with, will be discussed at the July Board. In
summary, they relate to:
Resetting the relationship with the Shareholder regarding roles, responsibilities and
authority, in order to provide greater clarity on accountability and improve the pace of
decision-making.
Producing a long-term vision and strategy for POL which goes beyond the funding period,
is understood and supported by all stakeholders, and has unifying financial and non-
financial metrics which define the ambition and allow its realisation to be tracked.
With this strategy settled (which would include a long-term ownership model ambition),
that POL explores with its Shareholder the optimal corporate governance structure to
enable effective strategic execution.
3. GT believes that addressing the lack of clear vision on the purpose of POL, objectives and
relationship with the Shareholder, and its influence over the day to day running of the
business, are the most fundamental issues which influence the effectiveness of governance,
clarity on roles and responsibilities and pace of decision-making within POL.
4. The report also includes a series of more tactical recommendations which sit below Board
to take forward. Some are dependant upon the Strategic Review conclusions but others do
not have dependencies and can be taken forward now.
5. Appendix 1 includes a table which sets out GT’s Operational Governance recommendations
along with management's initial view of where ownership sits, and what a reasonable
timeframe is for these actions to be discharged. Please note that, at this stage, these actions
have not been socialised with the proposed owners, not least as the GT report has only just
been finalised and its distribution has been very limited; [owners are being engaged in
parallel to help fine tune and finalise].
6. Broadly speaking, this set of recommendations relate to:
Internal
POL00458460
POL00458460
@
Streamlining the number of Executive level committees, with decisions being taken at
the right level without defaulting to the Executive.
Clearer accountabilities and performance management.
The creation and embedding of new culture, leadership & behaviour frameworks.
Rebuilding trust and confidence in leadership.
Establishing a consistent and effective approach to risk management and internal audit.
7. Meetings will be scheduled with each proposed ‘Action Owner’ to ratify ownership and
understand the extent to which there are any gaps between already planned work and GT’s
Operational Governance recommendations. The action owners might also have better views
on how the recommendations could be discharged.
8. On the whole, management is accepting the majority of GT’s recommendations, and many
are already in train / had been identified as requiring attention.
9. NB: the table in Appendix 1 sets out all the recommendations from GT; many of them
overlap. We have included them all for completeness and so that the read-across on actions
is clear, but they are not all discrete recommendations and a simpler, de-duplicated action
table will be put forward for tracking purposes.
POL00458460
POL00458460
Appendix 1
Category GT Recommendation POL Management Comment Timeframe * ‘Owner
1 I Division of Streamline the executive level committees: ‘Agreed . This is an ongoing piece of work over the next 6- 12 I From October 2024 to Chief of Staff
Responsibilities I a) Review DoA, MI, papers and Committee structures. Remove I months. It was originally envisaged the Chief of Staff would lead I March 2025 (and ongoing
duplication of papers across decision making groups. this piece of work but does not currently have capacity to do so I thereafter— Inquiry might
b) Identify subsequent leadership capability and capacity; owing to being asked to provide oversight for business readiness I also make
c) Consider re-orientating some current forums (e.g. H&S I of Phase 7 of the Inquiry. It will not therefore be prioritised until I recommendations in this,
Committee and Pensions Plan Governance Group); Phase 7 of the Inquiry has completed, which also allows time for I space)
d) Further reduce the number of CEO direct reports, with a I the new structures and leadership roles announced to ‘bed in’.
presentation to Board Any business priorities that come out of the Strategic Review (SR)
e) Simplify decision-making structures (to improve approvals, I are also likely to inform the evolution in this area
speed-up decision-making, reduce siloed working, and free up
capability that is currently taken up by producing multiple I The extent to which these changes are made will depend on the
papers). resource allocated to support the CoS (whether budget, CoSec or
f) Review and communicate decision-making protocols and I other support).
accountabilities. 1c) H&S and Pensions removed as subcoms, as has been IDG 2.0;
ongoing action as business priorities evolve.
1d) POL will not be taking forward further reductions at this stage.
Interim COO appointed from 1* July; Interim CFO effective 1" Aug
2 I Division of Embed new Leadership Team with performance based job I In Progress. To be taken forward as part of the ‘Reward and Role_I End September 2024 CPO & People
Responsibilities I descriptions. Review, scheduled to take place by end September 2024 Director -
Services
3 I Division of Implement clear RACI system and focus on performance I In progress. At NomCo on 12" June 2024, KM advised ... and End December 2024 CPO and Talent
Responsibilities I management that she was working on an organisational chart and RACI.” & Capability
Director
RACI [or equivalent] to build on accountabilities and to be
determined
Performance management - TBD by People Team
4_I Division of Review DoA spend approvals to drive relevant decisions being taken I Agreed. Sits within Action 1, though requires Board and From October 2024 to Chief of Staff &
Responsibilities I at the appropriate levels, thereby managing and reducing the I potentially Shareholder / UKGI approvals March 2025 CoSec (as
frequency of simple matters being escalated to Board requires
approvals
Increase delegation thresholds to enable more decision making at beyond exec)
lower levels and more formalization of the decision making
processes.
5 I Division of Design ToR and DoA for committees reporting into SEG, with single I Agreed. Sits within Action 1 From October 2024 to Chief of Staff
Responsibilities I points of accountability. March 2025
1 Years refer to financial year, ending March.
3
Internal
POL00458460
POL00458460
Category GT Recommendation POL Management Comment Timeframe # ‘Owner
6 I Division of Secretariat to provide interim reviews of the revised structures or I Agreed. Dependency is discharging Action 1 From October 2024 Deputy
Responsibilities I consider internal audit reviews to identify root causes of delay with Company
Sub Committees as they develop. Secretary
7 I Strategic Focus I Agree strategic design principle with the Board and establish a I Agreed. Dependency is outcome of the Strategic Review. Once a I H2 2024 Interim CFO and
cadence for progress updates — strategy is signed off, key outcomes, KPIs / balance scorecard can Strategy &
be determined and periodically reported on Transformation
Director
8 I Strategic Focus I Agree cultural /leadership principles, hold each other to account and I Agreed. Forms part of refreshed behaviours, soft launched in Q1, I H2 2024 (progress CPO
role model them. and to be rolled out from July 2024. CPO to confirm how reporting might be further
progress against them will be measured. out
9 I Strategic Focus I Ensure strategic design is supported by a culture framework with I In progress. CPO to confirm culture framework and performance I Hi 2024 CPO
performance management as a key pillar. management form part of the People Plan along with
timeframes
10 I Strategic Focus I Consider a refresh of values and aligning with the culture framework I In progress Already in train, and links to #8 above 2 2024 CPO
and Project Ethos work,
11 I Strategic Focus I Develop and implement a culture dashboard which is reported to I In progress. Draft dashboard is being presented to SEG and July 2024 People Director
SEG and Board regularly. Board in July 2024. This will continue to iterate - Services
12 I Strategic Focus I Create a high level communication plan with key milestones. I Agreed. Should be done as part of communicating the findings I H2 2024 Interim
Consider 3 themes around: from the Strategic Review Corporate
Reset (governance and leadership) Affairs Director
Renew (strategic framework)
Reboot (culture and behaviours)
Highlight expectations and metrics under each.
13 I Strategic Focus I Prioritise fully developed idea for submission to DBT/the shareholder I Agreed. Outcome of the Strategic Review is required first. 2 2024 Strategy &
with a timeline, during annual strategy days. Transformation
Director
14 I Strategic Focus I There is a need for better prioritisation of forums, work and projects I Agreed. Forms part of action 1 and requires the outcome from I From October 2024 Chief of Staff
based upon strategic importance and risk. the Strategic Review first.
15 I Leadership Urgently address Executive succession planning, including ED&I I In progress Complete in terms of NomCo
Capacity & principles, with input from NomCo and SEG. Interim COO appointed. Interim CFO and Interim GC (Inquiry) Deputy CEO departure;
Succession appointed, starting July 2024. ongoing review required
Planning
16 I Leadership Consider potential strategic skill gaps (e.g. transformation I Agreed. We consider this action should be focused on strategic I End March 2025 and CPO
Capacity & management) and succession, potentially introducing a COO role. _I skills gap review, to be led by CPO. Interim COO has already been I ongoing
Succession introduced, Post St, more permanent roles might become more
Planning Deputy CEO departure to be urgently addressed; apparent
Consider COO recruitment focus
POL00458460
POL00458460
Category GT Recommendation POL Management Comment Timeframe * ‘Owner
17 I Leadership Seek clarity from the shareholder on the CFO role and its impact on I In progress. Interim CFO joins POL on 1 August 2024. Role as TJuly 2024 CEO
Capacity & board resolutions and interim candidates. Board Director TBC
Succession
Planning
18 I Leadership Develop a skills matrix for the LT and job descriptions with I Agreed. Extension of Action 3 TBC pending Action 3 TBC pending
Capacity & performance metrics aligned to the DoA and governance structure Action 3
Succession review being undertaken below SEG.
Planning
19 I Leadership Implement wider SEG and leadership training / communication plan I Agreed. Forms part of Actions 1 & 12, post completion of the From October 2024 Chief of Staff,
Capacity & regarding this refresh covering purpose, meeting discipline, MI I Strategic Review Talent &
Succession formats and accountability. Capability
Planning Director, &
SEG to communicate its collective purpose and individual roles in Interim
addition to working more effectively as a cohesive leadership unit. I Metrics of success TBC Now and ongoing Corporate
Focus on building a culture of trust, transparency and open Affairs Director
communication, whilst ensuring that leadership is aligned with the SEG
organisation's goals and values.
Rebuild trust and confidence in the SEG — leadership cohesion / line
of one; Group agenda; decision-making; open communication;
collaboration and shared learning; and showcasing the new I Metrics of success TBC Now and ongoing
Behaviours
20 I Leadership Review the recruitment process, addressing concerns and enhancing I In progress. Forms part of the People Plan and EDI strategy 2 2024 CPO
Capacity & consistency around ED&l.
Succession
Planning Ensure there is a structured approach to promotions and that skills
or competency frameworks are used with levels set for each cadre,
set requirements for interview panels and mandatory ED& training.
21 I Leadership Establish clear policies and processes for people management, I Agreed. Forms part of Actions 8, 9, 10 & 11 2 2024 CPO
Capacity & including job description accountabilities and performance
Succession management procedures.
Planning
Address culture of reluctance to make decisions due to fear of
scrutiny / getting it wrong, lack of clear accountability, micro-
management and poor management of underperformance
22 I Risk RCC: In progress with Interim General Counsel (BAU). For the I End September2024 GRCARA
Papers which go to RCC should be tailored before they go to I successful candidate for the Group Risk, Compliance, Assurance & Director
ARC. Detailed Mi and risk reporting should be elevated for the
POL00458460
POL00458460
Category
GT Recommendation
POL Management Comment
Timeframe *
Owner
needs of ARC, with data bespoke for each Committee so as to
drive a different type of conversation.
Ensure there is appropriate debate regarding specific KRis,
related root causes and risk appetite
Re-consider the list of regular attendees to ensure the right
balance between breadth or representation and focus of
discussions.
Some aggregate reporting from Subsidiaries.
Audit Director to take forward upon their appointment. Subject
to capacity
23
Risk
Risk Culture:
There is a lack of importance attributed to risk management
across all levels, including the top executive layer. This has led
to conservative risk appetite and tolerances, resulting in risks
being reported outside of appetite on a continuous basis.
Elevate the importance of risk management at all levels and
foster a more balanced approach to risk.
Substantial risk management training should be undertaken
across all levels of POL with a focus of setting a tone from the
top. Top executives should give more prominence to risk
management in their daily responsibilities and decision making
processes, utilizing individual risk reporting to drive informed
decision making.
The central risk function should be given more prominence
across the business with leadership from the CEO to highlight,
the importance of risk in strategic decision making, identifying
opportunities and optimizing the use of capital.
Once the overall strategy is agreed upon, the risk strategy
should be aligned and reflected in more appropriate risk
appetite statements and risk tolerances in line with strategic
objectives. A more holistic risk assessment should be
undertaken to ensure that all pertinent risks are captured in the
risk universe.
The risk strategy should play a central role in performance
management, the appraisal process and outlining the required
behaviours
Integrate risk considerations into day-to-day operations and
strategic planning
Agreed. For the successful candidate for the Group Risk,
Compliance, Assurance & Audit Director to take forward upon
their appointment. Also needs to be fed into the SR, and people
plan/ training
H2 2024
GRCAR&A
Director
Talent
Capability
Director
and
&
24
Risk
Address the risk averse culture at POL. Shift the ownership of risk into
the business and way from the 2LoD. The roles and responsibilities
of the 2LoD vs the business should be more clearly defined.
Agreed. For the successful candidate for the Group Risk,
Compliance, Assurance & Audit Director to take forward upon
their appointment.
H2 2024
GRCA&A
Director
POL00458460
POL00458460
Category GT Recommendation POL Management Comment Timeframe * Owner
25 I Risk Elevate the risk function to provide a more prominent role across I Agreed. For the successful candidate for the Group Risk, H2 2024 GRCA&A
the business to emphasize the importance of risk in strategic decision I Compliance, Assurance & Audit Director to take forward upon Director
making. Revisit the newly introduced changes in reporting lines I their appointment.
regarding the risk function. Consider whether the Head of Risk or a
new CRO role should be created which reports directly into the CEO. I At this stage, this role will report into the Interim CFO, not CEO
26 I Risk The remit of postmasters’ responsibilities should include managing I To be considered further by the business . For the successful 2 2024 GRCABA
risks as with the rest of the 1LoD. This should be made clear in the I candidate for the Group Risk, Compliance, Assurance & Audit Director and
relevant risk documentation and through training. Invest time in L&D I Director to take forward upon their appointment. Retail
programmes to ensure employees in subsidiaries and Postmasters, Operations
as well as the rest of POL are aware of risk management training. Director
27 ‘I Risk Give more prominence to risk management in executing daily I Agreed. Key in this action is how do we demonstrate/how do I H2 2024 GRCABA
responsibilities. Individual risk reporting should be used as a driver I we know when the position has improved? Director
for decision making — subsidiaries and Postmasters should be
included.
28 I Risk Formalise Risk Appetite and Thresholds. Undertake a holistic review I Agreed. For the successful candidate for the Group Risk, H2 2024 GRCA&A
to introduce a more structured, formal approach to setting risk I Compliance, Assurance & Audit Director to take forward upon Director
appetite, tolerances, and thresholds. Update the risk register to I their appointment.
clearly stipulate existing / updated risk thresholds. When setting the
risk tolerances, risk thresholds which refer to the specific levels of
risk that will trigger a response or action should be established
29 I Risk Encourage a balanced approach to risk taking and decision making, I Agreed. Dependent upon the review of Risk Appetite Statements I H2 2024 TBC
where employees feel empowered to propose innovative and noted within Action 28. SEG to give steers on how we turn this
commercially courageous options without fear of immediate into an action,
rejection.
30 I Risk Review and clarify policies. Ensure that the policies are clearly ‘Agreed. For the successful candidate for the Group Risk, 2 2024 GRCABA
understood and enforced, addressing any ambiguity and perceived I Compliance, Assurance & Audit Director to take forward upon Director
behaviours that hinder effective performance management. The their appointment.
risk management documentation should clearly feature the role of
the central risk team as providing independent challenge to the
business. Both the risk management policy and risk management
guidelines should be updated to reflect this aspect.
31 I Risk Clarify Postmasters’ role in risk management. Postmasters should be I [duplicate of #26, see above] 2 2024 GRCABA
explicitly defined as having a critical role in ensuring that risks are Director
managed, similar to the 1LoD. This should be made clear within the
remit of their responsibilities and all relevant risk documentation.
32 I Risk The frequency of reporting should vary according to the needs of I Agreed. For the successful candidate for the Group Risk, H2 2024 GRCARA
stakeholders. Reporting to the ARC should align with its’ meeting I Compliance, Assurance & Audit Director to take forward upon Director
cadence, reporting to executive forums should be monthly, and I their appointment.
reporting to individual members of SEG should occur on a weekly
basis or as often as needed.
POL00458460
POL00458460
Category
GT Recommendation
POL Management Comment
Timeframe * Owner
33
Risk
The Risk Management guidelines should correctly refer to the Risk
glossary as “Risk taxonomy”. The term “risk taxonomy” typically
refers oa system of categorizing and organizing risks that an
organisation faces, as opposed to definitions of the risk terms used
within documentation.
‘Agreed. For the successful candidate for the Group Risk,
Compliance, Assurance & Audit Director to take forward upon
their appointment.
H2 2024 GRCA&A
Director
34
Risk
Internal Audit and Control environment:
Ensure regular updates to the ARC on Audit Plan progress and
changes to reflect evolving risk priorities.
Conduct a thorough review of the effectiveness and practical
adherence to the Internal Controls Framework
Provide relevant training to ensure that all stakeholders
understand and adhere to the controls in practice.
Accelerate efforts to ensure the controls framework is
effectively embedded across the organisation.
Improve the alignment of risk and internal audit arrangements
at POL and its subsidiaries and Postmaster
Establish a consistent and effective approach to risk
management and internal audit across all entities within
POL to cover in particular, Subsidiaries and Postmasters
Implement a more formal approach to aggregate reporting
‘on risk management and internal audit activities across all
entities to ensure a comprehensive oversight by the RCC
and ARC.
Develop a strategy to include the subsidiaries and
Postmasters in the Internal Audit plan, tailoring audit
activities to the specific needs and risk of each entity.
Establish a formal governance structure that oversees risk
management and internal audit arrangements across all
subsidiaries and Postmasters, with clear reporting lines and
escalation procedures to ensure consistent oversight.
Invest in training and development programmes to ensure
that employees in the subsidiaries and Postmasters (as well
as the rest of POL) are aware of the policies and procedures
related to risk management and internal audit, equipping
them with the necessary skills and knowledge to effectively
manage risks.
‘Agreed. For the successful candidate for the Group Risk,
Compliance, Assurance & Audit Director to take forward upon
their appointment, and determine deadlines for each of the sub-
set actions listed
GRCARA
Director
H2 2024
35
General
Consider the proposal for an Implementation Committee or re-
purposing the IDG to spearhead the reform effort.
Needs to be included as part of #1 (and following SR)