ARC (08)4™
36-43
RMG00000001
RMG00000001
Royal Mail — Strictly Confidential
ROYAL MAIL HOLDINGS plc
{Company no. 4074919)
_ AUDIT AND RISK COMMITTEE
Minutes of the meeting held at 148 Old Street on 10th November 2008
Members of the Committee Present:
Helen Welr
Margaret Prosser
Andrew Carr-Locke
Apologies:
Richard Handover
In attendance:
Adam Crozier
Jan Duncan
Jonathan Evans
Doug Evans
Derek Foster
Mike Moores
Will Rainey
Alison Duncan
Anup Sodhi
Andrew Poole
Peter Corbett
Keith Woollard
ARC08/36
a)
(b)
ARC08/37
(a)
Non Executive Director, Chair of the Committee
Non Executive Director
Non Executive Director
Non Executive Director
Chief Executive
Group Finance Director
Company Secretary
General Counsel
Internal Audit & Risk Management Director
Financial Management & Control Director
Ermst &Young
Ernst &Young
Ernst &Young
Deputy Company Secretary
POL Finance Director for ARCO8/41
Head of Compliance POL for ARCO8/41
MINUTES
The minutes of the meeting of the 3° September 2008 were
considered and approved as an accurate record of the
meeting.
The Committee noted the minutes of the GLS Group Audit &
Risk Committee dated 24 October 2008, the minutes of the
Corporate Risk Management Committee dated 6 August
2008 and 4" November 2008.
STATUS REPORT ARC(08)25
The Committee noted the status of actions from the previous
meetings. In particular the Committee noted the following
matters;
ARC08/27(c) Succession Planning: Helen Weir confirmed
that she had raised the issue of Succession planning at the
18
RMG00000001
RMG00000001
ARC08/38
ACTION
Adam Crozier
ARC08/39
(b)
(©)
{a)
(b)
(c)
(d)
{e)
Royal Mail — Strictly Confidential
Holdings Board. Adam Crozier noted that the Group
Executive Team would be reviewing succession later on in
the month and would report back to the Nomination
Committee in December.
ARCO8/28(c) Review of Committee effectiveness: All of the
Non-executive directors would shortly receive an invitation to
participate in the E&Y 2009 programme for NEDs, which
would include amongst other topics IFRS latest
developments, managing risks in major IT projects and
Strategic and Operational risks. A focussed briefing session
on accounting developments would also be provided at the
next A&RC meeting.
ARC08/31(e) IT Control Environment: an update on the IT
control environment would be given at the March 2009
meeting.
INTERNAL AUDIT & RISK MANAGEMENT QUARTERLY
REPORT
Derek Foster introduced a report summarising the activity of
IA&RM for the period August to October 2008. The
Committee noted:-
fifteen IA&RM reports had been issued in the period and the
three reports of most significance were noted as being
Response Services Product (RM Letters), Revenue Leakage
(RM Letters) and Telephony products (POL). The Committee
noted the actions being taken to address the issues raised in
the reports;
the level of not satisfactory assessments for the year to
September 2008 was 29% of total rated reviews compared to
19% in 2007. The proportion of assignments where results
were assessed as High impact from a Group perspective was
9% compared to 10% in the previous year. The increase
reflected increased exposure in specific areas of the Group,
a move into the execution phase of the Transformation
programme and more focussed targeting of problem areas;
the Committee requested that a senior representative of the
Letters Business attend a future Committee meeting to
provide an update on what action had been taken to mitigate
the risks identified in relation to the Response Services
product and on Revenue leakage. The update would include
an explanation of the targets that had been set fo improve
the position together with an update on progress towards
achieving the targets;
the Committee noted the quarterly IA&RM report dated
' November 2008.
E&Y RESULTS ARC(08)27-30
16
RMG00000001
RMG00000001
ACTION
lan Duncan
ARC08/40
(b)
(c)
(d)
(e)
(a)
()
Royal Mail ~ Strictly Confidential
The Committee noted a paper setting out the results of the
half year accelerated audit procedures. Following the
decision not to issue IFRS interim accounts for the half year
ended 28 September 2008 E&Y had not performed a review
on the half year trading statement in accordance with
international Standards on Review Engagements but had
agreed to accelerate certain elements of the 2008-09 year
end audit procedures in areas determined by the Company
and shared the observations arising from that work;
The Committee noted a summary of the results of the work
and which had been discussed with Management on the 15th
October and also at a meeting of the Sub-committee of the
Board on the 16th October 2008;
Doug Evans had raised a new employment tribunal matter in
telation to the WH Smith franchising and how the changes in
employee terms and conditions (TUPE) were handled when
their employment contract was transferred to WH Smith. The
employment tribunal had found that POL had not properly
consulted with relevant employees. Royal-Mail had appealed
against the decision and based on advice from two leading
employment experts believed that the ruling would not stand.
The maximum exposure had been estimated at £22.8 million
based on compensation being paid to all employees in the
Crown Office network. If compensation was only paid to the
employees that had transferred to WH Smith then the figure
would be £3.9 million. No amount had been accrued at the
half year and a formal legal decision was expected in near
future.
E&Y had performed an analysis of debtors at GLS. The
overall level of debt had increased from Euros 233m in March
2008 to Euros 242 million at September 2008. This was in
part due to the additional two working days in the September
accounting month but also due to an increase in the ageing
profile of debtors following the recent economic downturn. lan
Duncan agreed to keep the debtors position under review.
The Committee noted the report and thanked E&Y for their
heip in finalising the half year trading statement.
INVESTMENT APPRAISAL LESSONS LEARNED FROM
TRACKED + ARC (08)31
The June 2008 Holdings Board had re-authorised £67m
investment in Tracked +, an increase of £22m from the initial
approval in 2007. The Committee noted a paper setting out
the lessons learnt from the Investment Appraisal process and
the actions identified to address the issues identified;
a number of actions had been, or were being, put in place
that would address the lessons learnt from Tracked + and _
these included taking a firm stand on not allowing projects to
progress for approval if investment appraisal had not been ©
17
RMG00000001
_-RMG00000001
{c)
ARC08/41
{a)
(b)
(c)
(d)
(e)
Royal Mail — Strictly Confidential
independently engaged in line with the process, undertaking
a refresh the investment policy, alignment of the Letters
investment process to allow sufficient time for challenge,
inclusion of project governance in the investment template
and obtaining robust and unconditional concurrences for all
business cases,
The Committee noted the lessons learnt from the Tracked +
investment Appraisal process and the actions that had been,
or were being, put in place.
POL RISK & COMPLIANCE REPORT — ARC (08)40
Atits last meeting, the Committee had reviewed a summary
of the report to POL’s Risk & Compliance Committee and
requested that POL senior management attend this meeting
to report on the key issues. The Committee noted a paper
providing an update on the issues of most concern including
FSA compliance, Telephony and Cash losses;
ESA Compliance: in August POL had commissioned Deloitte
and Touche to undertake a review of POL'’s financial services
compliance arrangements, including its approach to the
FSA's Treating Customers Fairly (TCF) theme. They had now
presented their findings to the POL ET and an
implementation plan for their recommendations would be
approved at the POL ET on 10th November 2008;
the implementation plan would address all the issues raised
and target the earliest possible implementation dates. At a
minimum POL would implement measures to meet its TCF
requirements and reduce its reliance on the Bank of Ireland.
There were some judgemental areas where POL would seek
to exceed the minimum requirements for an authorised
representative without necessarily aspiring in the immediate
term to the level required for a fully authorised company;
Telephony: BT Wholesale (BTW) had failed to meet our
expectations in delivering a fully managed telecoms service.
As well as damaging our brand and our sub postmasters’
confidence in promoting our telecoms products, failure by
BTW had meant that POL were in breach of Ofcom
requirements in relation to publication of Quality of Service
measures and accuracy of call metering and billing. POL had
reorganised the team to ensure that BTW were managed
more effectively and were agreeing with BTW action plans to
address the remaining problems. POL would be pursuing
redress from BTW for failure to meet SLAs and for any lost
income from billing failures;
Losses: POL's forecast for losses from controls and
compliance failures for 08/09 was £17.25m. This was broadly
in line with previous years and in our plan for this year, but
within that losses through physical crime (robberies etc) were
down whilst the discovery of sub postmaster fraud had
18
RMG00000001
~--v~-FM'GO0000001
Royal Mail ~ Strictly Confidential
: increased;
— {f) I The POL Network Efficiency Programme had been
' established in response to the recognised need to achieve a
step change across all aspects of branch conformance and
compliance. Key elements of the 08/09 activity - undertaken
with a view to a significant improvement in performance
during 09/10 included the introduction of
* aclear standard index of conformance and
compliance throughout the business; and.
_¢ arevised tough but fair consequences policy;
{g) The Committee noted that the POL directors had been
ACTION individually approved by the FSA under the compliance
Peter Corbett regime. POL were asked to provide a report on the level of
4 ' FSA Regulatory expertise within the business;
(h) The Committee noted the report and requested Senior
Management to attend future meetings of the Committee to
present an update on the issues identified by the Deloitte
report, including a mapping of the Regulatory requirements,
and an explanation of the plans/targets that had been put in
ACTION place to address the issues. The Committee would also be
Peter Corbett looking for assurance that the business was making
i significant progress in Goring with the issues identified in the
report. —
ARCO8/42 ANY OTHER BUSINESS
(a) tan Duncan tabled a paper outlining improvements to the risk
performance process. The Committee noted that the Group
Executive Team were now much more involved in reviewing
the top 20 major risks facing the business, in addition the
GET reviewed one corporate risk at each of its monthly
meetings;
(b) dn order to enhance the Boards confidence in the risk
process the following steps would be implemented:
* as well as the inclusion of the Group Risk profile in
the ARC papers, summaries would be provided on the
risk reviews carried out at the GET and at the Risk
Committee;
_® the Chair of the Audit & Risk Committee and the
Group Finance Director would review the Corporate
Risk Profile annually with the Board;
i * the Board would continue to fraview major finance -
risks as part of the process to approve the strategic
Plan and annual budget, :
' {c) ‘The Committee endorsed the steps cane taken to enhance _
I the Boards I confidence in t in the risk a eet I :
ia
RMG00000001
RMG00000001
pe