John, it sounds like you are assuming they don't monitor the traffic at all at your location. Even if your traffic doesn't go through the VPN to the head office, your local router could and probably very well is monitored too.
I manage quite a few networks, all of which use site-to-site VPN in some form or another. The VPN network's traffic get monitored just the same as the local networks traffic. Just walking you through - Why would I drive to a remote location to do work on all the routers, when I can remote in to all?
Someone for your office set that VPN up between your office and the remote and is maintaining those routers VPN and anything else associated with the routers even if you don't "see" them.
Anything and everything going through a company owned network/router is logged (no local "eaves dropping" software required). What they do with the logs (review them, store for later, ditch them, etc.) is unknown but it should be assumed it is reviewed and kept, and conduct yourself as such. Regardless if you signed anything about use, it's still all the company's property.
As just one example: Right now one client with multiple locations is using OpenDNS - which is configured into the routers via using the OpenDNS dns addresses. All the PCs point to their local gateway for DNS so it's transparent to them. I and the management at corporate can just pull up the account on OpenDNS on any browser and can review everyone's traffic for all the sites.
Recently I was asked to pull all the traffic on someone who was about to be, and was terminated. All that info was compiled into the report to backup the assertion that this person became "ineffective". No IT policy saying they couldn't surf the web, just that they should be working and that's proof enough they weren't. I personally would block these things, but this company preferred the "give them enough rope to hang themselves with" approach.
Good thread here:
»do company servers know where you've been?