WBON0001080
WBON0001080
Private & Confidential — Subject to Legal Privilege - Meeting with Alisdair Cameron 17.05.2017
Suspense Accounts Briefing Note
Background and Context
1. The allegations that have been made in relation to Suspense Accounts (and more generally)
are not particularised. By being able to evidence that, generally speaking, systems work as
they should, the Claimants will need to particularise their complaints.
2. The Claimants' allegation is that POL's suspense accounts have and continue to hold sums
that, if properly accounted for, would explain or offset losses in branches.
3. The Claimants’ allege that:
I. POL operated one or more suspense accounts in which it held unattributed surpluses
including those generated from branch accounts. After a period of 3 years, such
unattributed surpluses were credited to POL’s profits; and
Il. POL thereby stood to benefit and/or did benefit from apparent shortfalls wrongly
attributed to (and recovered from) the Claimants which did not represent real losses
to POL.
4. In order for POL to be able to prepare its defence ahead of the next court hearing on 19
October 2017, Deloitte has been asked to perform the following pieces of work:
Phase 1 - Determine the universe of suspense accounts that are, or have been,
operated by POL (Complete).
Phase 2 - Understand the processes in place that control the operation of these
suspense accounts (10 of the 14 procedures are now complete).
Phase 3 - Test the processes and controls for the ‘most material’ suspense account
(yet to be contracted).
Potential Risks Identified from Phases 1 and 2
5. Risk 1: The number of users that are able to Post to the General Ledger
= 690 users have the required access permissions to be able to post to the General
Ledger. A number of these users work outside of the Finance Team — the exact number
is still being established.
= This increases the potential risk of inappropriate or unauthorised postings to suspense
accounts or releases from suspense accounts.
= There is however a bi-annual user access review. This was last performed in March
2017 and certified these users as appropriate.
= Although the bi-annual user access review control is in place, POL may wish to
consider reviewing the high levels of access to post to the General Ledger, together
with the establishment of BAU controls around granting and revoking access to the
General Ledger.
WBD_000950.000001
WBON0001080
WBON0001080
Private & Confidential — Subject to Legal Privilege - Meeting with Alisdair Cameron 17.05.2017
6. Risk 2: Current levels of probity checking
= The current probity checks do not provide sufficient granularity of audit trail and
operation to provide assurance that they would necessarily highlight the misuse of
suspense accounts reliably. There is no reconciliation of accounts to external sources
to validate balances, which is what Deloitte would expect to see.
= This increases the potential risk of inappropriate or unauthorised postings to suspense
accounts or releases from suspense accounts not being identified by probity checks.
= Consideration should be given, in the light of the allegations and other potential
challenges in the future in relation to suspense accounts, to bolstering the rigour and
audit trail applied to probity checks of suspense accounts, to provide assurance over
the usage of such accounts.
7. Risk 3: The amount of suspense accounts in operation
= 119 accounts have been identified, and validated by POL Finance staff, as being
‘Suspense’ accounts as per the definition provided. 118 are in operation.
= Consideration should be given to clearly identifying and managing the population of
suspense accounts in operation, so appropriate controls can be considered.
WBD_000950.000002