16 May 2024 – Lesley Sewell
Hide video Show video
(9.45 am)
Ms Price: Good morning, sir, can you see and hear us?
Sir Wyn Williams: Yes, thank you very much.
Ms Price: May we please call Ms Sewell.
Sir Wyn Williams: Yes.
Lesley Sewell
LESLEY JESSIE SEWELL (sworn).
Questioned by Ms Price
Sir Wyn Williams: Ms Sewell, I appreciate this may be upsetting for you. Ms Price will ask you a number of questions in a proper and sensible manner but if, at any time, you feel you need a break, just let me know, all right?
The Witness: Thank you, sir.
Ms Price: Can you confirm your full name, please, Ms Sewell?
Lesley Sewell: Lesley Jessie Sewell.
Ms Price: Thank you for coming to the Inquiry to assist it in its work. As you know, my name is Emma Price and I ask you questions on behalf of the Inquiry.
You should have in front of you a hard copy of your witness statement; do you have that?
Lesley Sewell: Yes.
Ms Price: It is dated 16 April 2024, and if you could turn to page 41 of that document, please.
Lesley Sewell: Yes.
Ms Price: Is that your signature?
Lesley Sewell: It is.
Ms Price: Are the contents of that statement true to the best of your knowledge and belief?
Lesley Sewell: They are.
Ms Price: That witness statement, for which the reference is WITN00840100 is now in evidence and will be published on the Inquiry’s website in due course?
I’d like to start, please, with your professional background and the roles you held at the Post Office.
Lesley Sewell: Yes.
Ms Price: As you set out in your statement, your bachelor’s degree was applied computing?
Lesley Sewell: That’s right.
Ms Price: You then completed an MBA?
Lesley Sewell: That’s right.
Ms Price: You started your career as a trainee computer operator in Newcastle Polytechnic’s Computing Department; is that right?
Lesley Sewell: I did.
Ms Price: Then from 1985 to 2010 you worked for Northern Rock?
Lesley Sewell: I did.
Ms Price: Is it right that all of your roles at Northern Rock were in IT?
Lesley Sewell: That’s correct.
Ms Price: You started as a Trainee Programmer and your final role was Managing Director of IT?
Lesley Sewell: That’s correct.
Ms Price: You say in your statement that in your 25 years at Northern Rock you led many major IT programmes. What did leading such programmes involve?
Lesley Sewell: So I led programmes for – a good example of that would be full rollout of a workflow solution across the whole of the business. So I would take a leading role in that, in sponsoring them.
Ms Price: Whilst you were at Northern Rock, were you ever involved in overseeing, developing or managing any Electronic Point of Sale systems?
Lesley Sewell: The only systems would have been branch systems.
Ms Price: The same question in relation to accounting systems?
Lesley Sewell: Yes, finance and treasury systems.
Ms Price: You joined the Post Office in April 2010; is that right?
Lesley Sewell: That’s correct.
Ms Price: Your role when you joined was Head of IT and Change?
Lesley Sewell: That’s correct.
Ms Price: Who did you report to in that role?
Lesley Sewell: Mike Young.
Ms Price: Whose position at the time was?
Lesley Sewell: I believe it was Chief Operating Officer.
Ms Price: You say in your statement you were Head of IT until the first or second quarter of 2012 when you were asked to be interim Chief Operating Officer after Mike Young’s departure; is that right?
Lesley Sewell: That’s correct.
Ms Price: Roughly how long did you remain in that interim role?
Lesley Sewell: It was for a very short period. I think probably between three and five months maximum.
Ms Price: When you took up that interim role, did you become part of the Executive Committee?
Lesley Sewell: Yes, I did.
Ms Price: By the end of 2012, you had taken up the role of Chief Information Officer; is that right?
Lesley Sewell: Yes.
Ms Price: Did you remain on the Executive Committee as Chief Information Officer?
Lesley Sewell: I did, until the end of 2014.
Ms Price: What happened at the end of 2014 that meant you were no longer on the Executive Committee?
Lesley Sewell: There was a restructure and we had a Group Executive which was created.
Ms Price: As Chief Information Officer, you were initially reporting to Sue Barton, the Post Office Strategy Director; is that right?
Lesley Sewell: That’s correct.
Ms Price: Until she left at the end of 2013, after which time you were reported to the Chief Financial Officer, Chris Day?
Lesley Sewell: That’s correct.
Ms Price: At paragraph 9 of your statement, you set out a number of additional responsibilities for Information Security, which you took on from late 2013 into 2014, and these included commissioning a Deloitte maturity review to inform the information security operating model?
Lesley Sewell: That’s right.
Ms Price: Was this Deloitte review the Project Zebra review that you have referred to elsewhere in your statement?
Lesley Sewell: No, it wasn’t. It was completely separate.
Ms Price: Okay. Can you help a little bit with what that maturity review involved?
Lesley Sewell: It was basically looking at current responsibilities and scope for information security and looking at what was in place, and determining, on a standard information security maturity model, where Post Office actually sat on that.
Ms Price: You have identified members of your team when you were Chief Information Officer at paragraph 10 of your statement. Could we have that on screen, please. It’s page 6 of the statement. Here you say this:
“As CIO I brought in an experienced IT Programme Lead/Transformation Director, Neil Wilkinson, who was responsible for delivering separation and then more broadly the IT Transformation (procurements and delivery). I also brought in a Chief Technology Officer, Paul Bleasby, who led the architecture team and was the Chief Architect of [Post Office Limited’s] IT systems. He worked closely with third party suppliers (including Fujitsu) and the wider business on developing the IT strategy and delivering aspects of the IT Transformation Programme. I would rely on Paul for technical input. David Hulbert …”
Am I pronouncing that correctly?
Lesley Sewell: That’s correct.
Ms Price: “… was the copied in Head of Service responsible for the day-to-day operations of all the IT services (including Horizon). All directly reported to me, in addition to a Head of Business Relationships, Head of Quality and Standards, Head of Managed Services and Head of Projects.”
Did you have regular meetings with your direct reports?
Lesley Sewell: Yes.
Ms Price: How often would you meet with them?
Lesley Sewell: From memory, I think weekly.
Ms Price: You say in your statement at paragraph 6 that you became Operations Director in addition to Chief Information Officer, following a restructure in early 2015 –
Lesley Sewell: That’s correct.
Ms Price: – and, from that point, you reported to the new Chief Financial Officer, Alisdair Cameron?
Lesley Sewell: Yes.
Ms Price: Whilst reporting to Alisdair Cameron in 2015, you took on the additional responsibility of back office activities for Product and Branch Accounting and HR; is that right?
Lesley Sewell: That’s correct.
Ms Price: You left the Post Office in November 2015, following your resignation in early June 2015?
Lesley Sewell: That’s correct.
Ms Price: Turning, please, to the substance of your roles with the Post Office, you describe your first role, the Head of IT and Change role, at paragraph 7. That’s page 3. You say:
“On joining POL, my understanding was that I had been brought in to oversee the separation from RMG and the resulting IT transformation and to build the IT capability post-separation.”
Further down this paragraph, about five lines up from the bottom, you say this:
“My objective was, with the support of the executives and the Board, to build a holistic IT strategy for separation. Horizon and the relationship with Fujitsu was one part of the overall IT strategy.”
Focusing first on what you were told about Horizon when you took up the Head of IT and Change role in 2010, could we go, please, to paragraph 12 of the statement, that’s page 7. You say here:
“I had no knowledge of Horizon before joining [Post Office Limited] other than at the interview stage being told about key suppliers, including Fujitsu. On joining [Post Office Limited], I learned more detail about Fujitsu building Horizon and that the contract had been in place since the 1990s. I understood Horizon to be the point of sale system at the Post Office counters (SPMs, Crowns and Multiples) which would be used to process and record all transactions performed within a branch. I cannot recall any of the specific details, but during my first few weeks at [Post Office Limited] it is likely that I would have been given a walkthrough of Horizon and it is possible that some high-level architectural presentations regarding Horizon were delivered to me. Beyond this, the only formal training on Horizon I recall was a specific type of training which was limited training on Horizon and more specifically the Post & Go machines.”
At the end of this paragraph you say:
“I would have had a high-level awareness about how the system was architected, however as Head of IT/[Chief Information Officer] I was neither a technical nor a functional expert in Horizon.”
Who was it who briefed you about the history of the Horizon system when you joined the Post Office?
Lesley Sewell: So I believe it would have been Head of Architecture at the time, was David Gray.
Ms Price: Who was it who you the walkthrough of Horizon?
Lesley Sewell: It’s likely to have been him, although I can’t recall any specifics, I’m sorry.
Ms Price: You say at the end of the paragraph you were neither a technical nor a functional expert in Horizon but, as a former programmer with your background in numerous IT roles, would you agree in general terms that you that the relevant expertise to understand technical issues which might and did arise from the operation of the Horizon system?
Lesley Sewell: At a level, yes, but deep, deep technical knowledge, I would not have had that.
Ms Price: In general terms, do you think that the IT function within the Post Office was adequately resourced with staff with appropriate expertise?
Lesley Sewell: When I started, no.
Ms Price: Can you help with why you say no?
Lesley Sewell: It was quite a small operation and they were heavily dependent upon Royal Mail at the time.
Ms Price: Did that change?
Lesley Sewell: It did change over time. It started through the transformation, that was one of the key tenets, to build the capability within that team.
Ms Price: What were the implications of the IT function not being adequately resourced with staff with appropriate expertise?
Lesley Sewell: So the IT function when I joined was very much – I would describe as a change function. So they dealt mainly with change activity and, again, when I started, the operational management of Fujitsu in particular, and the links back into Royal Mail, sat within another part of Mike Young’s area, which was under Andy McLean.
Ms Price: You deal with where the responsibility for the day-to-day operational service management of Horizon and the management of the contractual relationship with Horizon lay at paragraph 8 of your statement. Could we go to that, please. It’s page 4 and you say here:
“Initially, during my tenure as Head of IT and Change the day-to-day operational service management of Horizon and the management of the contractual relationship with Fujitsu was the responsibility of the Managed Services team. Andy McLean …”
McLean?
Lesley Sewell: McLean.
Ms Price: “… led this team and reported into the [Chief Operating Officer] Mike Young. Managed Services at this time was also responsible for the management and oversight of the outsourced business activities and relationships (eg Bank of Ireland/HP/Telephony). As Head of IT and Change, insofar as Horizon was concerned, I had responsibility for any IT change activity (ie introduction of the Post & Go machines). If there were any significant incidents (ie a P1 or P2 as I refer to below at paragraph 18) the IT Team would be involved to support any investigation into the incidents.”
You say you:
“… raised with Mike Young that the responsibility for the operational management and contractual relationship management of the Horizon contact was in the wrong part of [Post Office Limited] and should have been under IT. As I have set out above, if there was a significant incident involving Horizon, the Managed Services team, supported by the separate IT Team, would work together to investigate. The issue with this was that the IT Team did not have full oversight of Horizon (the contractual relationship with Fujitsu and day-to-day management).”
Pausing there, what were the potential repercussions of the IT function not having full oversight of Horizon?
Lesley Sewell: So coming from Northern Rock, where I had full oversight of the operational side, as well as change, this was very different and, certainly, from my perspective, I didn’t have a full view of the whole IT landscape and I didn’t feel at the time that there was sufficient oversight in terms of looking at that particular contract itself.
Ms Price: Were there any specific incidents which led to you forming this view?
Lesley Sewell: I think we’ll probably come to this but certainly the audits.
Ms Price: What aspects of the audits?
Lesley Sewell: 1 – so these are the E&Y audits. The first part, nobody had taken ownership for the audits, which was – I suppose that’s the main point: nobody had actually taken ownership of the audits.
Ms Price: You go on:
“This changed when the Head of Managed Services left in [Quarter 3/Quarter 4] 2011. From that point on, as Head of IT and Change, I took responsibility for Service Management, which included Horizon (the contractual relationship with Fujitsu and day-to-day management).”
So by the third or fourth quarter of 2011, you had responsibility for Service Management and that included the day-to-day management and the contractual relationship management; is that right?
Lesley Sewell: That’s correct.
Ms Price: Prior to this, you had responsibility only for IT change activity and providing support, if there were significant incidents, graded as P1 or P2, which required investigation. You define the P1 and P2 gradings at paragraph 18 of your statement: P1s you say were a complete Horizon network outage; and P2s were technical issues affecting a significant number of branches?
Lesley Sewell: Yes, that’s correct.
Ms Price: Is that right?
Lesley Sewell: Yes.
Ms Price: Looking, please, to paragraph 19 of the statement, towards the bottom of the page, you describe here the process for dealing with technical issues relating to Horizon. You say this:
“Prior to my taking responsibility for Service Management in [Quarter 3/Quarter 4] 2011, it was the responsibilities of the Managed Services team to inform me of these issues and engage with the IT Team. In some cases, these cases these issues would be escalated to the Executive. An incident review would then be carried out by Fujitsu, who would provide a written response to [Post Office Limited]. Any significant issues would be discussed at the operational and executive supplier reviews with Fujitsu. I understood that operational reviews took place between Fujitsu and Service Management every week. I was not involved in these meetings. It is my understanding that executive reviews were not taking place prior to me taking responsibility for Service Management. Once I had taken responsibility, I attended executive meetings either monthly or bimonthly depending on the need with my senior team, a Fujitsu Account Executive, sales Executive and Service Executive.”
You say that:
“… David Hulbert or the Duty Manager would communicate P1s and P2s to all key stakeholders across the business, keeping them updated [and you would assist] in communicating P1s and P2s at executive level, often by text message, telephone call, or in person.”
Should the Chair understand from this paragraph that you did not at any point, when you were Head of IT and Change, attend the weekly operational Service Management review meetings between Fujitsu and the Post Office?
Lesley Sewell: That’s correct, I didn’t.
Ms Price: That’s both before and after taking on responsibility for Service Management?
Lesley Sewell: Yes, that’s correct.
Ms Price: Given your role within the business as Head of IT, do you think you ought to have attended at least some of those meetings, in order to understand the detail of the operation of Horizon, including issues which might be negatively affecting subpostmasters?
Lesley Sewell: Typically, as Head of IT or CIO, you would not attend the weekly meetings and that would be largely because the executive meetings were there if there was anything in particular that would need to be escalated or even escalated outside of those meetings.
Ms Price: As challenges to the integrity of the Horizon system came into greater focus, did you consider attending these meetings personally?
Lesley Sewell: I didn’t, because my priority – this sounds awful – my priorities were very much about separation and I had to trust my team, who were the experts, to escalate anything to me.
Ms Price: Were you personally involved in any investigation into significant incidents?
Lesley Sewell: I wouldn’t say “investigate”. I would be – I would receive incident reviews and, out of those incident reviews there would certainly – and I can’t recall specifics but there would certainly be detailed discussions about those incidents themselves and, certainly, the resolution of those incidents.
Ms Price: Did anyone from the Post Office IT Team have any direct involvement in the investigation of significant incidents?
Lesley Sewell: The Service Management Team would have done.
Ms Price: What part would they play in investigations?
Lesley Sewell: So they would work very closely with Fujitsu on the incidents themselves and, in particular, to understand the detail. I think also – and again, this is just from memory – typically, you would get the architects, the Chief Architect involved in that as well, so that they could understand the low-level detail.
Ms Price: Going, please, to page 7 of the statement and paragraph 14, towards the bottom of the page, you say:
“Around the time I joined [Post Office Limited] in April 2010, I recall that the second iteration of Horizon (HNG-X) was in the process of being rolled out. I understood that the changes were primarily as a result of a cost reduction exercise, a refresh of some of the hardware, and application changes to support [subpostmasters].”
Who was it who explained to you the reasons behind the change to Horizon Online?
Lesley Sewell: I believe that would have been Mike Young and, potentially, as I’ve said previously, the Chief Architect, which was David Gray at the time.
Ms Price: You go on:
“I later understood that there was a level of resilience removed as part of the HNG-X rollout. Previously branches could continue to operate if the branch was unable to connect to the data centre, however HNG-X required the branches to be connected to the data centre to be operational. Coming from a banking background (where branches could continue to transact if they lost connectivity to the [database]) I had concerns about this from an operational resilience perspective (ie customers could not be provided with services if branches lost connectivity).”
You say:
“This issues was addressed in papers to the Board …”
Those two documents you reference there are from 2012, by which time you were the interim Chief Operating Officer; is that right?
Lesley Sewell: That’s right.
Ms Price: Had the concern about operational resilience developed prior to taking up that role, in other words when you were still Head of IT?
Lesley Sewell: It had and, at the time, I’d actually raised it with Mike Young.
Ms Price: Was that before or after you took on responsibility for Horizon system day-to-day operation management?
Lesley Sewell: I can’t recall specifically, I’m sorry.
Ms Price: Did you consider at the time, when you became concerned about operational resilience, whether this feature of Horizon Online, that is branch inability to transact if they lost connectivity to the data centre, had any implications for the accuracy of the branch transactions recorded by the system?
Lesley Sewell: No, I didn’t.
Ms Price: Do you think you should have considered that?
Lesley Sewell: The way that the technology worked – and if a branch couldn’t connect to the data centre because of a material outage, they couldn’t transact.
Ms Price: Moving then to your executive roles, the interim Chief Operating Officer role and then the Chief Information Officer role, accompanied in 2015 by the Operations Director role, what did you understand your accountabilities to the Chief Executive Officer to be?
Lesley Sewell: My accountabilities to the Chief Executive Officer? So I was responsible for – I suppose there was key things that I was responsible for: delivering separation, delivering transformation and the IT service.
Ms Price: Did you recognise at the time that identifying, analysing and managing risk was a fundamental part of your executive responsibilities?
Lesley Sewell: Sorry, yes, yes.
Ms Price: Would you accept that, in order to discharge your responsibilities in relation to risk, as an executive, you needed to be proactive and curious about possible risk areas?
Lesley Sewell: Yes.
Ms Price: Where you identified a risk in carrying out your executive roles, what were the mechanisms in place for you to raise that risk with the Chief Executive Officer?
Lesley Sewell: So my reporting line was typically through another executive, not directly to the Chief Executive. So if there were any risks I would raise that with my line manager, who changed over time, so that that could get raised through to the Chief Executive.
Ms Price: Do you consider that the culture at the Post Office was supportive of executives reporting concerns about risk to the Chief Executive Officer?
Lesley Sewell: I think it was. I think that, probably latterly, I would say that there was very much – there was a focus on risk. I think when I joined, I don’t believe there was because I asked for a risk register when I joined and I couldn’t – there wasn’t one for IT, which had to be built.
Ms Price: When you took on the role as Chief Information Officer, you became the executive accountable for the contractual relationship with Fujitsu in respect of Horizon; is that right?
Lesley Sewell: Yes, that’s correct.
Ms Price: Which you say at paragraph 9 of your statement included overall oversight of any change activity and provision of operational service from Fujitsu.
Lesley Sewell: Yes.
Ms Price: Do you think your colleagues at executive level relied upon your IT expertise to assist in their own response to issues involving the Horizon system?
Lesley Sewell: I would expect so but also my team as well.
Ms Price: You address discussions about the future use of Horizon at the Post Office at paragraph 66 of your statement. Could we have that on screen, please, it’s page 32. About halfway down the page, you say:
“I took a lead role in any discussions regarding the future use of Horizon at [Post Office Limited] and therefore have a clear recollection about this topic. These discussions took place throughout my tenure and it was a constantly evolving process. As set out above at paragraph 7 I was accountable for [Post Office Limited’s] IT strategy post-separation with approval at executive and Board level. I would have taken in views from all key stakeholders across the business about the IT strategy (including the future use of Horizon) and would have ensured it aligned with [Post Office Limited’s] business strategy. From early on in my tenure, it was clear that the Legal Team had concerns about the Fujitsu contract as it was originally formed in the 1990s and had never been out to public tender. It was therefore difficult to assess its value for money, particularly from a public purse perspective. I also recall concerns from other business stakeholders (ie Marketing and Retail) about how user-friendly Horizon was and the time it took to change when introducing business changes. In addition, technology had moved on significantly since Horizon was introduced. These concerns were continually raised and discussed throughout my tenure.”
Did you consider subpostmasters to be stakeholders when you took up your Head of IT and Change role?
Lesley Sewell: Yes.
Ms Price: How did you obtain their views on the future use of Horizon?
Lesley Sewell: I can’t recall specifically. I would think that – again, I can’t recall specifically. I don’t want to guess.
Ms Price: Well, can you recall at all how their views came to you?
Lesley Sewell: So I know I did take time to visit some of the branches and I think, especially when we had gone into the later strategy, looking at the replacement of Horizon, I can remember – I’ve got a vague memory of pulling together some forum to take in input from the stakeholders, subpostmasters, but I’m really struggling to remember.
Ms Price: Turning, please, to paragraph 72 of the statement, that’s page 36, you say:
“Any reviews of Horizon with regards to security and stability that had taken place over the previous years would have fed into the procurements and were considered.”
With this in mind, I’d like to look, please, at the first review relating to the Horizon system, on which you were sighted when you took up the Head of IT and Change role, and that document is the Rod Ismay report.
You say at paragraph 16 of your statement that you received a copy of this, due to your role as Head of IT, shortly after you started with the Post Office and you were, in fact, copied in to Mr Ismay’s report on 2 August 2010; that’s right, isn’t it?
Lesley Sewell: Yes.
Ms Price: You say it was around this time that you first understood that there were challenges to the integrity of Horizon?
Lesley Sewell: Yes.
Ms Price: Could we have the Ismay Report on screen, please. The reference is POL00026572. We can see here the title “Horizon – Response to Challenges Regarding Systems Integrity”, the date is 2 August 2010. It was sent by Mr Ismay, who was Head of Product and Branch Accounting at the time. Did you understand at the time you received this report that Product and Branch Accounting were involved in recovering apparent shortfalls in accounts from subpostmasters.
Lesley Sewell: I didn’t appreciate that at the time. It was quite early-on in my tenure at the Post Office.
Ms Price: Looking at the “To” list, it’s to Dave Smith, Managing Director; Mike Moores, Finance Director; Mike Young, Chief Technical and Services Officer. You are the third on the copy list, as Head of IT. Did you read the report in full when it was sent to you?
Lesley Sewell: I believe I did.
Ms Price: The introduction reads as follows:
“Post Office Limited has, over the years, had to dismiss and product a number of subpostmasters and Crown staff, following financial losses in branches. A small number of these have made counter claims that they were not guilty of the charges made but that the Horizon system was faulty.
“Various lobby groups have been set up by former subpostmasters and these have at times received national media coverage and, in some cases, have been taken up by local MPs. Most recently, Channel 4 has proposed a news article about this area.
“This paper has been compiled as an objective, internal review of [Post Office Limited’s] processes and controls around branch accounting. It includes an overview of:
“[Post Office Limited’s] control environment and [Post Office Limited’s] response to accounting errors
“IT systems – Horizon versus Horizon Online and resolution of known issues
“Third party perspectives – court judgments, media and audit [and]
“Statistics on branch accounting issues, suspensions and prosecutions.”
Pausing there, at the time, did it strike you as odd that this review, done by someone from within the Post Office, the Head of Product and Branch Accounting, was being described as “objective”?
Lesley Sewell: I can’t remember what I thought at the time.
Ms Price: What was your understanding at the time of why Mr Ismay was preparing this report, rather than a Post Office employee with IT expertise?
Lesley Sewell: I don’t know the answer to that, I’m sorry. I can only guess and assume that it was because Rod had a huge amount of experience across the business and understood the controls that sat around the system. I also – and again, I’m trying to remember and I can’t remember because I wasn’t involved in this part, but I believe – not believe, I think – some of the IT architects might have been included in this, to provide input to it.
Ms Price: What did you understand to be the reason for this report having been produced?
Lesley Sewell: I didn’t know the reason why it was produced.
Ms Price: Before we go to the Executive Summary of the report could we look, please, to page 19 of this document. Under 4(c), “Independent Review and Audit Angles”, we have this:
“[Post Office Limited] has actively considered the merits of an independent review. This has been purely from the perspective that we believe in Horizon but that a review could help give others the same confidence that we have.
“Our decision between IT, Legal, P&BA, Security and Press Office has continued to be that no matter what opinions we obtain, people will still ask ‘what if’ and the defence will always ask questions that require answers beyond the report. Further such a report would only have merit as at the date of creation and would have to be updated at the point at which Horizon or the numerous component platforms were upgraded.”
You had, by this point, been Head of IT for around four months, having taken up the role in April. Were you the IT representative who contributed to the decision not to commission an independent review?
Lesley Sewell: No, I wasn’t.
Ms Price: Do you know who was?
Lesley Sewell: I don’t know who was.
Ms Price: Going over the page, please, first paragraph here reads:
“It is also important to be crystal clear about any review if one were commissioned – any investigation would need to be disclosed in court. Although we would be doing the review to comfort others, any perception that [Post Office Limited] doubts its own systems would mean that all criminal prosecutions would have to be stayed. It would also beg a question for the Court of Appeal over past prosecutions and imprisonments.”
Did you read this part of the report when you received it?
Lesley Sewell: I can’t recall if I did.
Ms Price: Do you recall having any concern about the description here that the investigation would need to be disclosed in court and a worry about that?
Lesley Sewell: I think at this point I didn’t really understand how Post Office was prosecuting subpostmasters because I just – I just didn’t have line of sight of this, and I can’t remember reading this, this detail, at the time.
Ms Price: Going back then, please, to page 1 of the document to the “Executive Summary”. The first three paragraphs say this:
“The allegations to which we are responding follow on from cases where thousands of pounds were missing at audit. We remain satisfied that this money was missing due to theft in the branch – we do not believe the account balances against which the audits were conducted were corrupt.
“[Post Office Limited] has extensive controls spanning systems, processes, training and support. Horizon is robust, but like any system depends on the quality of entries by the users. Horizon Online builds on this and brings benefits to running costs and change management. It is not being done because of any doubt about the integrity of Horizon.
“The integrity of Horizon is founded on its tamper proof logs, its real time back ups and the absence of ‘backdoors’ so that all data entry or acceptance is at branch level and is tagged against the log on ID of the user. This means that ownership of the accounting is truly at branch level.”
Then over the page, please, second paragraph down:
“Accounting errors do happen through user mistakes, but these can be explained and resolved case by case. Systems issues have also arisen but again [Post Office Limited] has been able to explain them and rectify them. Whilst they have affected the availability and functionality of the system, with consequent impacts on customers and clients, they do not bring the integrity of the system into question.”
Then:
“When [Post Office Limited] takes a subpostmaster to court we have strong processes for the compilation of evidence, compassionate factors are borne in mind and we have a high success rate. This does depend on ensuring that the courts focus on the facts of transaction logs and not on speculation about the ‘what ifs’.”
Would you agree that it is quite clear from both the introduction to this report and the last paragraph that I’ve just read out from the executive summary that subpostmasters were being prosecuted and dismissed in reliance on Horizon data, setting aside for a second the question of who was doing the prosecuting?
Lesley Sewell: Yes, that’s how it reads.
Ms Price: You say at paragraph 31 of your statement that you understood from the Ismay Report that Horizon data was being used as part of the supporting evidence in prosecutions and the importance of the integrity of the data; is that right?
Lesley Sewell: Yes.
Ms Price: But you say you do not recall appreciating that Post Office could prosecute individuals itself without referral to external authorities, and you say you didn’t realise that until around the time of the Second Sight review. Looking at that introduction and the penultimate paragraph here, the one I’ve just read out, on the executive summary, on the face of the document, wasn’t it quite clear that, not only were subpostmasters being prosecuted in reliance on Horizon data, they were being prosecuted by the Post Office?
Lesley Sewell: At the time when I’ve read – so I don’t recall thinking that Post Office prosecuted subpostmasters at that time. It was really not until the time of the Second Sight Report that I really started to understand and appreciate it because I just wasn’t close enough to that at this time.
Ms Price: Looking, please, to some of the detail around systems issues which were raised in Mr Ismay’s report, it’s page 3 of the document, please. Under 1(a) “Systems”, the second paragraph in the box says:
“Failures in systems and file transfer do happen, but [Post Office Limited] has controls to detect these. The frequency of file transfer failures has been unacceptably high recently and is a top priority for IT.”
What did you understand by systems and file transfer failures at the time?
Lesley Sewell: I wouldn’t have understood anything about that at the time because that’s an operational issue and that sat within a separate line, which was Andy McLean.
Ms Price: That was Managed Services, was it?
Lesley Sewell: That was Managed Services.
Ms Price: So were you not aware that the frequency of file transfer failures was a top priority for IT, that is your team, at the time?
Lesley Sewell: I wouldn’t have been and the likelihood is, I think it would have all been within the operational side and it says IT but I don’t recall anything to do with this.
Ms Price: Shouldn’t someone have told you that this was a top priority for IT, the frequency of file transfer failures?
Lesley Sewell: If it was – so if someone in my team was dealing with it, yes. But that looks as if it’s an operational issue.
Ms Price: So you read this report. What did you think when you saw that this was a top priority for IT?
Lesley Sewell: I really don’t recall specifically reading this point.
Ms Price: Going, please, to page 6, under the second bullet point there is a heading “IT systems interventions and response to outages/disconnections”, and the bullet point under that reads:
“Incomplete transactions – systems could fail or lines could be disconnected during online banking transactions. This could mean that customer money has changed hands without the system being update or vice versa. IT controls would detect these outages and raise recovery alerts to the branch such that the branch can check and update the accounts if needed. This has been a more frequent issue recently with ‘screen freezes’ and ‘POCA outages’ but recovery instructions have been issued to branches and enable them to deal with any issues.”
Given that this report was being produced in the context of challenges to Horizon integrity, raised in the context of prosecutions of subpostmasters and those prosecutions were said to rely on transaction logs, did this paragraph in the report concern you at all?
Lesley Sewell: I don’t recall reading this in detail. Sorry, I just don’t recall what action I did or didn’t take out of this report.
Ms Price: Was your team asked by Mr Ismay to comment on the impact of the systems issues referred to in the report, on the integrity of the data being produced by the system?
Lesley Sewell: If I recall correctly, David Gray, who was the Chief Architect, he worked closely with Rod Ismay on this report.
Ms Price: Going, please, to page 17 of this document, the section on “Third Party Comment”. Under 4(a) “Court Decisions”, the first two paragraphs read as follows:
“There have been cases, when taken to court by [Post Office Limited], where the defence has claimed that the accounting system Horizon was at fault and that there were incidents such as ‘ghost transactions’ or ‘electrical supply issues’ which have corrupted the Horizon records.
“With 2 notable exceptions, [Post Office Limited] has been able to rebut these assertions by ensuring a focus on the facts of the Horizon transaction logs and a request for the defence to be specific about which transactions they consider to be ‘ghost’ and why.”
One of the notable exceptions is addressed about halfway down this page, point 1, “Cleveleys, (2001)”. It explained:
“… subpostmistress dismissed in 2001 soon after Horizon was introduced. The defence produced a report which showed how Horizon ‘could’ have caused an error and [Post Office Limited] did not have the audit transaction logs to refute the claim.”
Do you recall reading about this reference to a report which showed how Horizon could have caused an error?
Lesley Sewell: I don’t.
Ms Price: That should have worried you, shouldn’t it, as Head of IT, that there was a report out there saying that Horizon could have caused an error?
Lesley Sewell: I think if I recall correctly, at the time of this report, I’m sure I would have had some discussions with the Chief Architect and a lot of these issues were seen as Legacy issues to do with old Horizon. At the time, I just can’t – I’m really struggling to recall this report at the start of – what, three months after I joined. I’m really struggling to remember this in detail. Again, I’d come in just very much to focus on separation and some of these issues in here were operational issues.
Ms Price: You’ve explained how, looking forwards, this would have been seen as a Legacy Horizon issue but, looking backwards for a moment in the context of a report raising challenges to Horizon integrity, did you consider the implications for those who had been prosecuted based on Horizon Legacy data?
Lesley Sewell: At the time, I really didn’t understand. I mean, obviously now, you’d look at it in a different light altogether but, at the time, I didn’t really appreciate the legal process and, from a legal perspective, that wouldn’t be for me to comment.
Ms Price: Going back, please, to the executive summary, page 2, the second paragraph down, which we’ve already read out. The summary in that second paragraph relating to systems issues that they have arisen but, again, Post Office Limited has been able to explain them and rectify them, there’s a very short conclusion:
“Whilst they have affected the availability and functionality of the system with consequent impacts on customers and clients, they do not bring the integrity of the system into question.”
You say in your statement that you took Mr Ismay’s report at face value but, having read the report, given your knowledge and background in IT, were you not concerned to better understand Mr Ismay’s logic and conclusion?
Lesley Sewell: So I can’t comment for what Mr Ismay has said but, from an IT perspective, if there is an issue or a fault, the important points are always to understand what the issue is, rectify the issue, and that would maintain in my mind the integrity of the system. So, as long as you know what it is, you know how to resolve it and you drew the appropriate post-incident reviews and you’ve got full sight of all of the data and the facts, that should retain that.
Ms Price: What questions did you ask and of whom when you read the report?
Lesley Sewell: I really can’t remember. I’m sorry.
Ms Price: Did you consider the processes which were in place to ensure that Product and Branch Accounting, Contract Managers and those involved in criminal investigations and prosecutions, were kept informed about any systems issues which had the potential to impact on transactions data?
Lesley Sewell: So I wouldn’t be able to comment at that time because communication would have been through Service Management.
Ms Price: When you were Head of IT, was there a central repository within the Post Office for information about P1 and P2 incidents, which could be accessed by other departments and teams?
Lesley Sewell: There was a process in place called duty manager, which basically would inform all key stakeholders across the business.
Ms Price: Did anyone tell you, as Head of IT, or later in your executive roles, that the Post Office was bound as a prosecutor to ensure the recording of information of relevance to its prosecutions?
Lesley Sewell: I can’t recall specifically.
Ms Price: Did you have any concept, when you were in any of your roles at the Post Office, that it might be important for the Post Office to record information about IT issues which might affect data upon which it relied to prosecute and take other action?
Lesley Sewell: So, from an IT perspective, we would – it’s business as usual to maintain information about faults and issues and resolution.
Ms Price: Were there established channels through which information might be requested about technical Horizon issues by Post Office lawyers, or was this done on an ad hoc basis?
Lesley Sewell: I’m not sure. Is this – sorry, just to clarify, is this from Fujitsu or is that just from internally within the IT function?
Ms Price: Well, taking it in general terms, and being – well, being specific, lawyers involved in prosecutions, so, initially, Royal Mail Group Legal lawyers and later Post Office lawyers, in terms of information, was there an established way for them to obtain that information –
Lesley Sewell: I don’t –
Ms Price: – from IT about technical Horizon issues?
Lesley Sewell: The only thing I was aware of – and this came very much later, once I took over the contract – was a process to get data between the lawyers and I think Fujitsu. In terms of faults and issues, I don’t recall anything.
Sir Wyn Williams: Can I just ask, Ms Sewell, we’ve obviously heard a good deal of evidence about the Fujitsu processes for dealing with – I’ll just use the word “defects” – we’ve heard about PEAKs and KELs, et cetera. Did the Post Office always go to Fujitsu – in your experience, obviously you can only speak for the time you were there – but if there was something that occurred with the IT system, was it always “Go to Fujitsu to find the answer”, or did you have your own processes for finding the answer, either first, shall we say, or – well, just never mind about first, did you have your own processes for looking at problems and trying to solve them?
Lesley Sewell: So purely from an IT perspective, because Fujitsu effectively ran the system and they had the IPR, effectively, we would always look to go to Fujitsu.
Sir Wyn Williams: Right.
Lesley Sewell: The team would work together because you would understand what the business impact was, so what’s the business impact, to be able to investigate the cause. But the cause would have to be determined by Fujitsu.
Sir Wyn Williams: All right. So how would you, the Post Office Limited, ensure that relevant documentation about a particular problem which was generated by the Post Office, even if it was only to ask Fujitsu to help, how would you ensure that that documentation would be retained and kept for an appropriate period of time?
Lesley Sewell: I think the only thing I would go back to is the retention policy on documents.
Sir Wyn Williams: Right. So there was a retention policy throughout the period that you were there?
Lesley Sewell: I can’t speak for the whole period that I was there, because, from what I remember, when – and, again, I think this is just a vague memory – when I took over Information Security, that was an area where we did look at, was the retention policy. But I think typically it was something like about seven years, if I – and I’ve seen that in some of the documents that I’ve been provided.
Sir Wyn Williams: Was it the IT Department itself which had a retention policy or was it a policy that applied throughout all departments of the business?
Lesley Sewell: So, typically you would expect, in an organisation – and again, I’m just – I’m trying to remember but, typically, you would have that set – the retention policy wouldn’t necessarily be set by IT. That would typically be set by somebody like Information Security, or the Data Protection Officer of the organisation, and that could be within Royal Mail or Post Office. They would set the policy and then the departments, including IT, should adhere to that policy.
Sir Wyn Williams: Sorry, Ms Price; I may have been trespassing on some of your questions, but –
Ms Price: Not at all, sir.
Sir Wyn Williams: – I was just getting those thoughts out at this time.
Ms Price: We look ad earlier at paragraph 19 of your statement, in which you said that P1s and P2s would be communicated to all key stakeholders across the business. Were the Investigators – that is the Security team, Investigators who were criminally investigating subpostmasters and others – were they considered key stakeholders for those purposes?
Lesley Sewell: I can’t remember specifically but I do think Information Security was included.
Ms Price: Can you recall whether the relevant legal teams, that is the lawyers involved in prosecutions and debt recover recovery, were key stakeholders for this purpose, that is the communication of P1s and P2s?
Lesley Sewell: I can’t recall who was on that list, but what I can say if it was a P1 and if that was communicated to all the execs, that would have included those as well.
Ms Price: Having received Mr Ismay’s report, do you think that you, as Head of IT, should have raised the issue of information flow within the Post Office between the relevant teams and departments?
Lesley Sewell: At – and this is where it’s difficult because, at that time, that responsibility lay – although it was under Mike Young, it lay within Andy McLean’s area.
Ms Price: When you took up the role as Head of IT, did you ask what documentation might be in the Post Office IT Department’s possession to assist with the role of overseeing IT systems?
Lesley Sewell: Yes, I did.
Ms Price: What were you told?
Lesley Sewell: I was given – I don’t believe I was given a lot of documentation at the time.
Ms Price: Were you given, for example, release notes?
Lesley Sewell: No.
Ms Price: Major incident reports?
Lesley Sewell: So the first major incident reports that I would have seen would have been whilst I was CIO.
Ms Price: Did you have any sight of NBSC call records –
Lesley Sewell: No, not at all.
Ms Price: – or Service Management documents?
Lesley Sewell: I would have seen a high-level Service Management so, in terms of service availability but I think that would have been – so probably end of 2011/into 2012, once I took some responsibility.
Ms Price: Do you think that you should have asked to see more documentation in relation to oversight of the IT system, Horizon system?
Lesley Sewell: So, when I wasn’t responsible, I don’t think so. But when I was responsible, I would see documentation and I would see executive summaries. In the role of CIO, you wouldn’t get into that level of detail, unfortunately.
Ms Price: I’d like to turn, please, to Post Office awareness of relevant bugs, errors and defects in Horizon following the Ismay Report, starting, please, with the receipts and payments mismatch bug. Can we have on screen, please, POL00294684. This is an email from Antonio Jamasb on 15 November 2010.
Apologies, it relates to a proposed meeting on 15 November 2010 to discuss a proposal for receipts and payments resolution. The first invited attendee listed was David Hulbert, who was listed as a required attendee. Was Mr Hulbert in your team at that time, November 2010? I know he was later a direct report.
Lesley Sewell: No, he wasn’t. He reported to me some 12 months later.
Ms Price: Also listed was Ian Trundell, was he in the Post Office IT Department?
Lesley Sewell: I think he may have been an architect.
Ms Price: Did he report to you?
Lesley Sewell: No, he didn’t.
Ms Price: The body of the email, if we can scroll down a little please, contains a summary of the problem, explained in the first three paragraphs. It says:
“The aim of the meeting is to discuss the working group proposal: to resolve discrepancies generated by branches following a specific process during the completion of the trading statement.
“Service Delivery recently became aware of an issue whereby if a certain process was followed during completion of the trading statement any discrepancy the branch was carrying, either positive or negative, would ‘drop’ from the Horizon system, but still show within the Credence system.
“Few branches were aware of the issue, but it creates questions around whether the Horizon system can cause losses or gains. However it also highlights positives in our management of the system, because once the issue arose we were able to highlight it, quickly investigated the problem and then ring-fence the issue while ascertaining a fix to stop it recurring, but it doesn’t resolve the issue at branches that already have the issue.”
On the next page, some solutions are set out. We’ll come back to those in due course. Were you aware of this meeting taking place at the time?
Lesley Sewell: No.
Ms Price: We have a note of the meeting, which took place to discuss the issue. Can we have that on screen, please. The reference is FUJ00082110. We do not see Mr Hulbert’s name on the list but we do see Ian Trundell’s name listed next to “IT”, so it appears that he was the representative for IT at this meeting; would you agree?
Lesley Sewell: Yes.
Ms Price: Also present were representatives from Post Office Service Delivery, Post Office Security, Post Office Network, Post Office Finance, and various representatives from Fujitsu. So it would appear that the receipts and payments mismatch bug was known about across these major relevant departments within the Post Office at the time, would you agree?
Lesley Sewell: Yes.
Ms Price: Did Mr Trundell report the outcome of this meeting to you at the time?
Lesley Sewell: I don’t recall him speaking to me about it.
Ms Price: Were you sent this note of the meeting?
Lesley Sewell: I don’t believe so.
Ms Price: I should be clear about that. Were you sent the note of this meeting at the time, in 2010?
Lesley Sewell: I don’t believe that I was.
Ms Price: Could we have on screen, please, POL00029611. You appear to have been involved in the response to the receipts and payments issue in March 2011. The email, starting about halfway down the page, is from Will Russell to you, copied to Andy McLean.
It appears from the sign-off at the bottom that William Russell was a Commercial Adviser in the Post Office Service Delivery Team, and it’s dated 4 March 2011. The subject is “Receipts and payments issue”, and it says:
“Lesley
“Quite a lot of info here but I will outline what we agreed on this issue.
“Word documents attached are the letters going out to branches on Monday. They have been approved by Legal and P&BA (Andy Winn) and SD (Tony J).
“I ran Mike G, Mike Y and Andy M through the detail last week. We have agreed to write off the losses and repay the gains via subpostmaster pay. We have a document from Fujitsu on what happened (see pdf file). This provides audit trail and shows what happened for a branch, as well as events generated and logged by Fujitsu, plus what the branch saw on their reports. I am just awaiting clearance from network (Anita Turner) re how to approach NBSC (propose to finalise that on Monday for 62 branches affected as shown on Excel sheet).
“Matt Hibbard was happy with the process and Fujitsu document, as Rod was off. Andy Mac has taken action from Mike Y to ensure we maintain closer links with P&BA/Rod. Tony J … is already working on issue management and how P&BA raise issues with SD, and this will help SD to formally raise and resolve them with Fujitsu.
“Both Mikes were keen we use this as a positive, eg old Horizon would not have picked this up, yet the logs in Data Centre, and Event alerting meant we picked this up, and can demonstrate through reports what happened. We can generate reports for each branch if challenged.
“We are writing to branches, and following up with call from NBSC/P&BA with walkthrough of the detail as required. We have commitment from Fujitsu to visit any branches to run them through what happened with them. We have had receipt and payments mismatches before, so this is not something new to manage, albeit that this issue was very complicated in how it was reported, and evident to the branch.”
Picking up, first of all, on that last sentence in the penultimate paragraph, “We have had receipts and payments mismatches before”; can you help with what this is referring to?
Lesley Sewell: I don’t know, I’m sorry.
Ms Price: Did you question at the time what it was being referred to here, in terms of past receipts and payments mismatches?
Lesley Sewell: I can’t recall at all.
Ms Price: But it appears that this was not the first time that this type of issue had arisen?
Lesley Sewell: That’s what it appears.
Ms Price: This particular receipts and payments mismatch issue had come up around three months after Mr Ismay’s report and you seem to have been involved in the response by March 2011, so seven months after Mr Ismay’s report. Did this issue cause you to question the conclusions reached by Mr Ismay in his report at all?
Lesley Sewell: I can’t recall that it did, because – I really don’t recall that it did because this was under – this was being managed separately, and Mike Young’s referenced as well, so it wouldn’t have registered as a major issue to me at the time.
Ms Price: This particular issue had been resolved with the affected branches?
Lesley Sewell: Yes.
Ms Price: But did you consider what the implications of this were for other branches or past issues that might have arisen where there may have been action taken against a subpostmaster and others?
Lesley Sewell: I can’t recall if I did or didn’t.
Ms Price: Did you consider whether information relating to this bug should be shared with those involved in dismissals, contract terminations, prosecutions and debt recovery?
Lesley Sewell: I wasn’t close enough to understand what was happening on that side of the business and I think this was a major issue with the different responsibilities between operational management and change.
Ms Price: Did you consider at all whether this cast doubt on the reliability of the Horizon transactions data being used in support of action against subpostmasters and others?
Lesley Sewell: I don’t recall that I would have because it looked as if, on the face of it, the problem had been solved.
Ms Price: This was one of the bugs or defects referred to in the Interim Second Sight Report, wasn’t it?
Lesley Sewell: Yes, it was.
Ms Price: Could we have on screen, please, POL00029618. This is an email chain from June 2013.
Lesley Sewell: Mm-hm.
Ms Price: In it, Ron Warmington is seeking clarification as to whether anyone at Board level was aware of the receipts and payments mismatch bug and, if so, who and when?
Lesley Sewell: Yes.
Ms Price: Your email is at the top.
Lesley Sewell: Yeah.
Ms Price: It’s 25 June 2013 to Simon Baker and Alwen Lyons, and you say this:
“Simon, I don’t know if it went higher than Mike, Andy Mc also managed the service at the time and if I remember correctly Mark Burley was also involved.
“I can’t say whether we said anything to the press.
“Other points – our Board at the time would have been Royal Mail as we didn’t have an independent Board. Paula would have been Network Director at the time with Dave Smith as MD.”
Who was the “Mike” who you’re referring to here?
Lesley Sewell: Mike Young.
Ms Price: “Andy Mc”, was that Andy McLean?
Lesley Sewell: Yes, that’s right.
Ms Price: Mark Burley, what was his role in 2010 to ‘11?
Lesley Sewell: He was heading up the rollout of HNG-X.
Ms Price: When you were involved in the response to the receipts and payments mismatch bug in March 2011, you were Head of IT. Who did you report this issue up to?
Lesley Sewell: The receipts and payments issue?
Ms Price: In March 2011?
Lesley Sewell: March 2011? I didn’t report it up to Mike because Mike was already aware of it, mike Young. So I reported to Mike Young at the time.
Ms Price: Did you report it to anyone else?
Lesley Sewell: I wouldn’t have done because it was – it’s – the reporting line for operational management and management of faults was Andy McLean up to Mike. So Mike was well aware of this fault.
Ms Price: Can you help with your comment here about there not being a Post Office Board at the time, presumably meaning at the time the receipts and payments mismatch bug came to light in 2010?
Lesley Sewell: Yeah, because I think at that time it was prior to separation. So we were still governed by Royal Mail at that time and I wasn’t aware that – and I don’t think we had an independent Board. There was an Executive Team and I think David Smith may have sat on the board at Royal Mail.
Ms Price: Can you help to any greater degree than you have with your comments in this email with how high up the knowledge of the receipts and payments mismatch bug went prior to it being discussed in the context of Second Sight’s work in 2013?
Lesley Sewell: I don’t know. I gave as much information as I had at the time.
Ms Price: Given your knowledge from the Ismay Report that Horizon data was being relied upon to dismiss and prosecute individuals, when you first found out about the receipts and payments mismatch bug or bugs, did you consider discussing the potential wider implications of this with Product and Branch Accounting?
Lesley Sewell: I can’t – I can’t recall if I did because I wasn’t actively involved in this particular fault at the time.
Ms Price: Or anyone from Network?
Lesley Sewell: I really wasn’t involved in this fault at the time.
Ms Price: Sir, I wonder if that might be a convenient moment for the morning break.
Sir Wyn Williams: Yes, by all means. So what time shall we resume?
Ms Price: I think ten minutes takes us to 11.15, please, sir.
Sir Wyn Williams: By my clock, because I want to ensure we have a full ten minutes, it’s 11.07.
Ms Price: Very happy to come back at 11.20, sir.
Sir Wyn Williams: All right, that’s fine, thank you.
Ms Price: Thank you.
(11.07 pm)
(A short break)
(11.20 am)
Ms Price: Hello, sir. Can you still see and hear us?
Sir Wyn Williams: Yes, indeed.
Ms Price: Could we have on screen, please, POL00294852. This is an email chain from September 2011. So at this point, you were still in the Head of IT role. Starting, please, with the first email in this chain, dated 28 September 2011, that’s page 2 of this document, there is an email from Gary Blackburn, just scrolling down, please, who is IT and Change. So was that your team?
Lesley Sewell: Yes.
Ms Price: Scrolling up, please, this is to a number of recipients, including you, Dave Hulbert and Alison Bolsover. The subject is “Camelot – Missing Data in POLSAP”, can you just help with what POLSAP was?
Lesley Sewell: So the – it was Post Office – I don’t remember the technicalities of POLSAP but it was, in technical terms, it was a SAP system.
Ms Price: Mr Blackburn explains the issue in this way under “What has happened”:
“The root cause is still to be determined but P&BA colleagues have identified that there is data missing within POLSAP. The missing relates to multiple rems undertaken on [a number of dates in September]. The affected transactions are when the rem was for the same product, same value and completed on the same day (appears like a duplicate rem). The data is zero value stock data, which is rem in/rem out products such as Camelot scratchcards and MVL tax discs.
“In total we have 71 products that are classed as zero value stock data.”
The “Impact” is:
“Because the data is missing within POLSAP, P&BA have understandably issued transaction corrections to branches that appear to have not conformed to business process.
“309 branches within branch trading group C have received TCs inappropriately.
“90 of those branches have complained to P&BA and explained that they will not be processing the TC.”
Would you agree that Mr Blackburn appears to be identifying a problem where branch transaction data went missing?
Lesley Sewell: I don’t know whether it’s branch transactional data.
Ms Price: Can you help with what it is?
Lesley Sewell: Because the branch transactional data would have been held within Horizon, not POLSAP. So that was my understanding.
Ms Price: Looking down to the “Resolution”:
“Fujitsu are presently working on the identification of the missing data and are devising a plan to get that data into POLSAP.”
This seems to have involved Fujitsu.
Lesley Sewell: Mm-hm.
Ms Price: “At the moment the fix is not expected to be available until the middle of next week …”
It says at the end of this paragraph:
“It was decided by P&BA and myself that we would not communicate this wider at this stage as we do not wish to raise concerns about Horizon integrity.”
Does that help at all with the context for this?
Lesley Sewell: So I can’t remember the issues specifically but Fujitsu hosted POLSAP as well and there was obviously a concern from Rod, as part of this, but when I saw this in the pack, I really struggled to remember this particular incident.
Ms Price: Why would it be related to concerns about Horizon integrity?
Lesley Sewell: So I can only assume, you know, what Gary’s written and obviously from Rod, that – because it’s relating to data. That’s all I can assume.
Ms Price: What did you think about the decision that this was not going to be communicated more widely as they did not wish to raise concerns about Horizon integrity?
Lesley Sewell: So, as an IT person – and I say this throughout my career – it is important to be transparent about issues and I would always advocate that. There may be a point which you want to understand an issue first before you communicate, and I can only assume that’s been the discussion between – because I think this was from Gary, and it references P&BA, so I can only assume that’s Rod as well.
Ms Price: Going back to page 1 of this document, please, and scrolling down a little, please. We can see you forwarding this on to Kevin Lenihan –
Lesley Sewell: Mm-hm.
Ms Price: – copied to Dave Hulbert and Rod Ismay on 29 September 2011. What was Mr Lenihan’s role?
Lesley Sewell: So Kevin worked within Service Management and he reported directly through to Dave Hulbert. He was located in Chesterfield so he was quite close to Rod Ismay’s area, so it would have been easy for him to pick this up and go into a lot of detail with Rod to understand what the issues were.
Ms Price: You say this:
“Kevin
“I would like you to pick up a piece of work on behalf of Rod and I – Rod has concerns that we are seeing a number of data issues and the perception is that this is getting worse. Can you please work with one of Rod’s team to quantify/qualify what these issues are – I would like to understand if we have any systemic issues.”
What is your concern about this; is this relevant to branch accounts or not?
Lesley Sewell: I can’t remember but if this – and it obviously reference transaction corrections, so there’s obviously a piece of work needed to be done to ensure that the branch transactions were kept up to date and appropriate. So my concern would have been “It looks like a data issue, can we get to the bottom of it, please, and understand what this is”.
Ms Price: It appears, doesn’t it, on the description, as though it is an issue, whatever the issue is –
Lesley Sewell: Mm-hm.
Ms Price: – which has affected branch accounts –
Lesley Sewell: Yes.
Ms Price: – because there are transaction corrections which have been wrongly issued, which need to be reversed. What was your concern about the systemic issues or potential systemic issues?
Lesley Sewell: And again, from an IT perspective, if there’s a material issue with data, you need to understand what that issue is. So systemic, to me, is widespread.
Ms Price: Did this make you question the integrity of Horizon at all?
Lesley Sewell: I can’t remember, sorry.
Ms Price: Could we have on screen, please, POL00142676. Starting please towards the bottom of page 2 of this document, an email from Adrian Baker to you, dated 3 January 2012, and the subject is “Branch feedback”. We can see from top of the next page that Mr Baker was Head of Strategy at the Post Office and his email to you reads:
“Lesley,
“First of all – happy new year!
“Secondly, a quick but if of feedback/question from my time in branch before Christmas. There seems to be a slight glitch with the Quantity function, especially when used with stamps. It seems quite random as to whether the quantity selected follows the user into the next screen when selling loose stamps. Sometimes it does, sometimes not. On occasions the quantity clears back to 1 but then when you select the stamp denomination suddenly remembers the quantity. The feedback from St Peters Street branch is that this is the single most common cause of losses in their branch.
“Can you have one of your team investigate, please?”
Further up the page, please, you forward this on to Dave Hulbert on 5 January 2012, asking one of the team to take a look. Mr Baker was raising a glitch in the quantity function which affecting branch accounts, so causing losses, is how he’s put it; did this cause you any concern?
Lesley Sewell: I don’t recall this email.
Ms Price: Looking at it now, do you connect this at all to concerns or questions about Horizon integrity?
Lesley Sewell: So it could potentially be or it could be a hardware fault but it goes back to, if faults are investigated and if they are dealt with, that retains the integrity in the system.
Ms Price: Could we have on screen, please, POL00096881. This is an email chain from August 2012. It relates to apparent shortfalls at a branch totalling £18,000, over an 18-month period. It was a case which was raised with you by Angela van den Bogerd. Starting, please, on page 5 of this document, this is an email from – if we can just go back a page, please, to the bottom – Contract Admin Team, 2 August 2012, and it’s to Anita Bravata. Someone called Trudy, summarises the position in this way:
“Hi Anita – I rang the PM, Jane, at Semilong [post office] this morning just as an engineer had arrived at her branch. She explained that she has had an ongoing problem with discrepancies at her branch for the last 18 months and you were aware of the situation. She said yesterday on Position 3 there was less than £1,000 working cash. The clerk did a balance snapshot and it was £170 over – she immediately did a printout and it was then showing as £700 under. So she knows there is a fault on the Horizon system. I agreed I would ring her back at 1.00 pm to see what the engineer had found out.
“I have just rang Jane back and she was so happy she said she could cry with relief. The engineer said there is a definite fault on the line – there was a bad noise on the line and this was probably causing a ‘loop’ – he said it may be caused by her PayStation. He has changed the faceplate and the ADCL cable and is hoping this solves the problem. Horizon team will now keep an eye on it and may ring her to tell her to disconnect her PayStation and then send her a new one.
“She has always known that the TCs were not hers but has always settled centrally – a total of approximately £18,000 over the last 18 months – she has even had to cash in her pension to pay these off and now is asking for this money back.
“Can you advise how we go about seeing how much money this lady is due back please.”
Can you go back to page 3 of this document. The email at the top of the page here from Angela van den Bogerd is dated 3 August 2012, and this to Craig Tuthill and Lin Norbury, and she says:
“Lin,
“I have not (to my knowledge) been made aware of this branch previously and their ongoing claims that discrepancies incurred were as a result of the Horizon system. The content of the email chain below has the potential to said hares running before we properly understand what has gone on here and what the potential consequences are. Therefore can I have as a matter of urgency the background on this branch, including the balancing records since the agent was appointed; TCs; NBSC and Horizon helpline logs and all associated correspondence. I will flag this to the JFSA Working Group and in particular raise with Lesley Sewell in relation to the Horizon system.”
Then we can see, at the top of page 2, please, Angela van den Bogerd forwarding this to you, saying she’s left a voicemail also, asking to discuss. Then page 1, please, your email starting in the middle of the page, that’s also dated 3 August 2012, sent to Stephen Long, copied to Angela van den Bogerd, and it says this:
“Stephen
“Can you help with this issue – it is obviously quite sensitive.
“The branch has had issues over a period of months and the engineer has just found a fault on the line. We would like a view on whether or not this type of fault would cause an issue of this nature – as you will see from the email that this is to the tune of £18,000.
“Angela is leading the investigation from Post Office …
“I realise this is probably outside of the usual process but there is a nervousness around this one and the fact that the branch now believe the cause has been found.”
This is forwarded on, scrolling up, please, to Gareth Jenkins by Stephen Long for a view. We can see there he’s being asked to take a look, the matter is sensitive. He says:
“I have a very clear view on Lesley’s question regarding the possibility of a network fault causing such discrepancies over such a long period; however, you have far more knowledge and experience than me. What do you think?”
Were you concerned about the situation which was being brought to your attention, that is £18,000 of apparent shortfalls being reported over 18 months?
Lesley Sewell: Yes, and that’s why I raised it with the Account Executive.
Ms Price: The subpostmaster in this case was convinced that the apparent shortfalls were caused by the system but she had cashed in her pension to settle centrally up to this point. Did this give you any cause for concern in relation to the fact that this subpostmaster had felt it necessary to settle centrally for apparent shortfalls which she was convinced were the fault of the system, not her?
Lesley Sewell: So yes, I would have been concerned about it.
Ms Price: Did you raise that aspect with anyone?
Lesley Sewell: I can’t recall exactly what I did or didn’t because I have looked at this and other documents within the pack, because I couldn’t understand why I’d copied Andy Garner and, unfortunately, I went off to have an operation straight after this, two days later so …
Ms Price: Do you need to take a break?
Lesley Sewell: No, I’m okay. I clearly feel so bad for the subpostmaster.
Sir Wyn Williams: Could you tell me who Stephen Long is?
Lesley Sewell: So Stephen Long was the Account Executive at Fujitsu –
Sir Wyn Williams: Right, I see. It’s not a name I’ve come across, so he’s Fujitsu?
Lesley Sewell: Yes. So I took this very serious – I can see I took this seriously when I read the email in the pack and I escalated it to my senior counterpart at Fujitsu to examine what had gone on here.
Sir Wyn Williams: Well, that was my next question. He had the same kind of seniority at Fujitsu as you had at Post Office, yes?
Lesley Sewell: Yes, he did and my regret with this is I don’t know what happened out of it.
Sir Wyn Williams: Yes, I follow that you have explained that. But thank you for telling me who Mr Long was.
Lesley Sewell: Thank you.
Ms Price: Can we have on screen, please, POL00029641. Starting, please, with page 4 of this document, towards the bottom of the page, there is an email from Gareth Jenkins to you dated 28 June 2013, and Mr Jenkins says:
“Lesley,
“The local suspense problem was first raised as a call on the Horizon Helpdesk by NBSC at 4.51 pm on Monday, 25 February 2013 …
“Problem diagnosed by Thursday, 28 February and a conference call held with [Post Office Limited] to brief them as to the issue and its scope.”
In your email reply above, dated 3 July 2013, you ask for details of this call:
“… I’m interested in the detail and who raised it.”
Then follow some further emails before a timeline is sent by Rodric Williams to you and Rod Ismay, so page 1, please, about halfway down the page. This is copied to Andrew Winn, Hugh Flemington and Simon Baker. We can see from the timeline here, can’t we, that the issue first came to the attention of the Post Office, the first bullet point here, specifically Post Office Finance Service Centre, on 6 February 2012, at the close of a branch trading period; would you agree?
Lesley Sewell: Yes.
Ms Price: The events which followed were these, so:
“The issue raised concerned the £9,799.88 discrepancy at the Willen branch.
“FSC might have proactively contacted [the subpostmaster] given the size of the discrepancy.
“FSC investigated, saw that it looked wrong, and brought the account back to balance (i3 £0) at no cost to the [subpostmaster].
“FSC would have monitored the Willen branch to see what happened the following month.
“Over the next few weeks, as the rest of the branch trading data for the same period was processed, the other 13 branch anomalies were noted.
“Those other branches’ accounts were brought to balance, again at no cost to the subpostmaster.
“This was not perceived to be a significant issue given the small number of branches affected and the small sums involved.”
Then:
“On 6 February 2013 [so a year later] the Willen [subpostmaster] contacted [Post Office Limited] National Business Support Centre to report the same discrepancy in his branch trading as the previous year.”
Over to the top of the next page:
“NBSC passed this on to Fujitsu between 6 and 8 February 2013.
“Fujitsu then notified FSC of the problem on 28 February 2013.
“Fujitsu resolved B14 on 25 April 2013.”
So a full year later, we have this issue being reported by the same subpostmaster to the NBSC. The Post Office knew about the suspense account bug for a full year before Fujitsu was informed about it; is that right?
Lesley Sewell: So they were – Post Office were aware – from what I understand, the FSC were aware of a discrepancy at that particular branch. It wasn’t identified as a fault until a year later. So they weren’t aware that it was a fault.
Ms Price: So they were aware of the impact –
Lesley Sewell: Impact but not that it was a fault, until a year later. It wasn’t found until a year later.
Ms Price: It appears that someone did not regard the issue as significant, given the small number of branches affected. Do you know who it was who made that assessment?
Lesley Sewell: I don’t know who would have made that assessment.
Ms Price: Okay. Is this a reflection of the P2 grading system at the time that something was only graded a P2 – that is a significant incident – if a significant number of branches were affected, or would that not have been being considered by FSC?
Lesley Sewell: No, because – the FSC would not determine whether it was a P1 or a P2. That would come into IT for them to understand what the issue was and what the impact was. As I understand it, FSC had obviously dealt with this – dealt with Willen branch in – forgive me, 2012, yeah? And there was no issue found, so the discrepancy was written off, as I understand it.
Once Willen branch came back a year later and there was more detailed investigation, it was at that point that we understood that there was a fault. I don’t know when IT was involved, at which point. I don’t know whether they were involved when the one branch raised the issue but we were certainly involved, obviously, when there was more branches.
Ms Price: At the time, was there any guidance in place for the FSC as to when they should refer something either to IT within the Post Office or to Fujitsu?
Lesley Sewell: I don’t know the answer to that one, I’m sorry.
Ms Price: Had you been made aware of the suspense account bug before June 2013?
Lesley Sewell: I was made aware of it once we understood it was a fault, so that would have been in 2013.
Ms Price: What was your reaction when you saw this timeline in July 2013?
Lesley Sewell: It wasn’t good. However, I think if you’ve got – if there’s one discrepancy in a big system, that’s hard to find if there was a fault. And it was obviously investigated at the time and they couldn’t find a fault. I think the main concern for me would have been to ensure that the branch was not disadvantaged, which they weren’t.
Ms Price: Given that this had gone unidentified as a bug for a year, did you have any concern that there might have been branches affected that hadn’t been identified?
Lesley Sewell: The resolution, as I understood it, identified all branches that were affected.
Ms Price: That document can come down now. Thank you.
The third bug which was referenced in the Second Sight Interim Report was the Falkirk bug. Do you recall becoming aware of that in the summer of 2023 (sic)?
Lesley Sewell: Only through the Second Sight Report.
Ms Price: The draft briefing note, which was prepared for Paula Vennells on the Second Sight review into Horizon, which was dated 2 July 2013, is a document you refer to at paragraph 18 of your statement, and that deals with this bug, the Falkirk bug. Could we have that on screen, please. The reference is POL00029627.
Page 5 of this document, please. Towards the bottom of the page there is a heading “Other anomalies – ‘Falkirk’”. We’ll come back to the terminology of anomalies in due course but, for now, focusing on the information being provided in this draft briefing, it’s explained:
“We are also aware of a further anomaly in Horizon which was been considered in both criminal and civil Court proceedings the – the ‘Falkirk Anomaly’.
“The Falkirk Anomaly occurred when cash or stock was transferred between stock units. It was resolved in March 2006 and is therefore a different anomaly to either the 14 Branch or 62 Branch Anomaly.”
So those other two were the receipts and payments mismatch bug and the suspense account bug, weren’t they?
Lesley Sewell: Yes.
Ms Price: “The Falkirk Anomaly was the subject of expert evidence in the ‘Misra’ criminal prosecution, where:
“a. the defence expert asserted that its existence demonstrated Horizon had faults which could cause losses, and therefore that possibility could not be excluded in Misra’s case.”
“b. the prosecution expert (Gareth Jenkins from Fujitsu) asserted that it could not have been responsible for the losses because its clearly visible events had not manifested themselves in the branch records, and that it had been fixed more than a year earlier.”
Then it goes on to explain the outcome of the Misra case. It also, at 32, refers to the Falkirk anomaly having been:
“… considered by the High Court in December 2006/January 2007, when a subpostmaster (Lee Castleton) raised it as part of his defence to a debt recovery action for £23,000.
“The court found ‘no evidence’ of the Falkirk Anomaly in [the] branch …”
So, on the basis of the information contained in this document, individuals within the Post Office knew about the Falkirk bug by at least late 2006/early 2007; was that your understanding?
Lesley Sewell: I can only assume that’s correct.
Ms Price: Well, were you involved in creating this draft briefing? It was certainly sent to you?
Lesley Sewell: Yes, part of it. So yes, yeah.
Ms Price: Can you help at all with the work that you did relating to the Second Sight Review, so at this point in summer 2013, with how high up knowledge of the Falkirk bug in 2006/2007 went within the Post Office?
Lesley Sewell: I don’t know.
Ms Price: Can we have on screen, please, POL00105632. There is an email from Alwen Lyons to Paula Vennells, copied to Martin Edwards, Mark Davies and Susan Crichton. It is dated 23 May 2013 and the subject is “James brief”. Just for context there, the James brief, was that referring to Lord Arbuthnot, who was then –
Lesley Sewell: I assume it does, yes.
Ms Price: It reads as follows:
“Paula the only things that is not in the brief for James is our move away from ‘there are no bugs in Horizon’ to ‘there are known bugs in every computer system this size but they are found and put right and no subpostmaster is disadvantaged by them’ it would be good to be able to go on and say ‘or has been wrongfully suspended or prosecuted’.
“I do not think that is a phone call conversation but needs to be aired at some time with James, I would suggest at your meeting.”
I should stress you’re not on the copy list to this email, so you didn’t receive it at the time, but drawing together the evidence from this morning on Post Office knowledge of bugs, errors, defects or issues with the Horizon system, which could affect or might have affected balancing in branch, it seems that, first, individuals within the Post Office knew of the Falkirk bug by at least late 2006/early 2007; would you agree with that?
Lesley Sewell: Yes.
Ms Price: Second, there was Post Office knowledge of at least one receipts and payments mismatch bug by late 2010?
Lesley Sewell: Yes.
Ms Price: You yourself, as Post Office Head of IT, knew about the receipts and payments mismatch bug by at least March 2011?
Lesley Sewell: Yes.
Ms Price: Individuals within the Post Office knew about the effects of the suspense account bug by February 2012, even if the cause was not known at that stage?
Finally, issues relating to glitches in the quantity function affecting branch accounts and large, unexplained shortfalls had been raised with you and others within the Post Office between September 2011 and August 2012?
Lesley Sewell: Yes.
Ms Price: How can it be, therefore, that the public position of the Post Office, up until May 2013, was “There are no bugs in Horizon”?
Lesley Sewell: I don’t know the answer to that because, from my perspective, as an IT professional, I wouldn’t say there were no bugs in any system, because you do – and I call them “faults”, not “bugs” – there are faults in computer systems and it’s important how you deal with them. So when I read this email, I couldn’t understand it.
Ms Price: Were you aware that that was the position being put forward outside of the Post Office up until this point?
Lesley Sewell: I don’t recall what the position was at that time.
Ms Price: Could we have on screen, please, POL00107955. This is page 2 of this document, please. About halfway down the page is the first email in this chain from Mark Davies to Alwen Lyons, Simon Baker, Susan Crichton, Martin Edwards and you, among others. It is dated 2 July 2013 and the subject is “Daily comms call”. Mr Davies asks Nina to set up a daily comms call on the Horizon issue with all those copied and include Portland on it:
“If others need to be involved please can colleagues suggest names.”
Then the email above this, towards the bottom of page 1, from Nina Arnott to those on the last circulation list, along with a few others, including Rodric Williams, this is also dated 2 July 2013, and she says:
“No problem Mark.
“I appreciate it’s tricky with everyone’s busy diaries. But in order to manage this reputational issue most effectively, our top priority will be to ensure everyone can attend one conference call a day for the next four working days, to ensure there is one forum for important decision making about our communications approach, as publication date draws near.”
The publication being referred to here, is that the publication of the Second Sight Interim Report?
Lesley Sewell: I believe it is.
Ms Price: You then reply above, suggesting that Ms Arnott fixes this for the best time and you manage around it –
Lesley Sewell: Mm-hm.
Ms Price: – and we can see a reply to you there from Nina.
What was your role in relation to the formulation of the Post Office’s public communications strategy about Horizon’s integrity?
Lesley Sewell: So, I can’t remember what involvement I had or didn’t have at this stage, and I’ve looked at this email and I can’t remember the meetings at the time. My input would have been in terms of commenting on drafts or documents. That’s the best I can – I can’t – I don’t even recall that, to be fair. That’s what I would have done.
Ms Price: Could we have on screen, please, POL00341348. Starting, please, towards the bottom of page 1. It is an email from Simon Baker to you and Alwen Lyons, copied to Simon Baker himself. It is dated 28 June 2013 and the subject is “Summary of Receipts Payments problems”. In his email he sets out a timeline of events and then, at the top of page 2, please, under “Problem Description”, there is this:
“The problem occurs as part of the process of moving discrepancies into local suspense.
“There was a bug introduced as part of HNG, that in certain circumstances meant that discrepancies were not properly cleared to local suspense.”
Going up, then, to the top of the first page of this document, please, you reply on 29 June 2013 saying this, two lines down:
“Can we change the reference from Bug to fault.”
Before I ask you about that, I’d like to look at just one more document from the day before, and that’s on 28 June 2013. Could we have on screen, please, POL00296821. This is an email from Alwen Lyons to Mark Davies, Hugh Flemington and you, copied to Rodric Williams and Jarnail Singh, dated 28 June 2022, Subject “14 Bug – Wall”. Alwen Lyons says:
“Can we call bugs incidents from now on please.
“Thanks
“Alwen.”
This appears to be a response from an email from Mark Davies below, on the same day, which says:
“Can we change the way we are referring to this please as a matter of urgency?”
Was this correspondence on 28 June why you suggested changing the reference from “bug” to “fault” in your email on 29 June?
Lesley Sewell: I don’t know. All I can see is that my whole career I’ve talked about “faults” and “issues”. I’ve never used the word “bugs”.
Ms Price: Could we have on screen, please, POL00380985. This is an email from Mark Davies to Paula Vennells, dated 2 July 2013, and it’s copied to you, among others, and the subject is “Computer ‘?’s”. Mr Davies is responding to an email from Ms Vennells of the same date, just below, which says:
“My engineer/computer literate husband sent the following reply to the question:
“‘What is a non-emotive word for computer bugs, glitches, defects that happen as a matter of course?’
“Answer:
“‘Exception or anomaly. You can also say conditional exception/anomaly which only manifests itself under unforeseen circumstances’.”
Mr Davies responds above stating:
“I like exception [very] much.
“Very helpful.”
What did you understand the concern to be about using the term “bug”?
Lesley Sewell: I really didn’t understand the concern about using the word “bug” or “fault” because that’s what they were.
Ms Price: Did you understand this to be driven by a desire to minimise the seriousness of identified bugs by using different language?
Lesley Sewell: It appears that way.
Ms Price: At the time, was that something that occurred to you or not?
Lesley Sewell: At the time, I thought it was – I just thought it was mad.
Ms Price: Why do you say that?
Lesley Sewell: Because they were faults, they weren’t – I wouldn’t have classed them as anomalies and, yes, it changed the way in which we had to respond and communicate about them, but they were faults.
Ms Price: Could we have on screen, please, POL00145100. This is an email from you to Martin Edwards, subject line “JA meeting brief”. Again, is that now Lord Arbuthnot?
Lesley Sewell: Yes.
Ms Price: There’s a reference to a meeting brief for Paula Vennells ahead of that meeting, and you say this:
“Martin
“Just to be clear on the anomalies – these were not undiscovered issues, we brought them to [Second Sight’s] attention for completeness. Also, when Susan and I were crafting the briefing we were careful in our wording as these were associated with potential losses to [subpostmasters] in their trading statements. This was so that we could differentiate from other issues – a good example is the PIN pads issue we had 3 years ago which did get some publicity in the press. In addition, Rod is reviewing another issue he raised with us on Friday – although he believes it did not affect [subpostmasters] – I’ve asked him to double check.
“We need to be careful in our comms not to indicate that we do not have anomalies or exceptions as that is not the case – it’s the context which is important and in this case the fact that they could and did affect trading statements.”
So just to understand the issues and separate them out in this, it appears that, by this point, you’ve adopted the terminology of “anomalies” or “exception”. Was that because of the correspondence we’ve just been to?
Lesley Sewell: That’s because we were asked to do that.
Ms Price: Of course.
Lesley Sewell: But, within IT, I would have talked about – still talked about “faults”.
Ms Price: So separately from the question of terminology, you appear here to be drawing the distinction between relevant bugs or faults, or whatever you want to term them, and ones you considered not to be relevant –
Lesley Sewell: Yes.
Ms Price: – is that right?
Lesley Sewell: Yes, that’s right.
Ms Price: Can you explain which ones you thought were relevant?
Lesley Sewell: Which ones were relevant?
Ms Price: So you’ve explained here – you’ve made a reference to the ones that could and did affect trading statements. So was that the point you were trying to make?
Lesley Sewell: That’s – yes, I was trying to make it really clear that they did affect subpostmasters’ trading statements and this was with regard to the receipts and payments and the suspense fault, effectively.
Ms Price: Could we have on screen, please, POL –
Sir Wyn Williams: Before we do, sorry – I may be chasing a hare here, which is unnecessary but bear with me – there’s been what I think at the moment some conflict in the evidence about exactly who it was drew the attention of Second Sight to these other – to adopt your word, Ms Sewell – faults. You write in this email “We brought them to SS attention for completeness”.
When you used the word “we”, can you remember who you were referring to then?
Lesley Sewell: I think IT did.
Sir Wyn Williams: So you think someone in the IT Department of the Post Office –
Lesley Sewell: Yes.
Sir Wyn Williams: – was the person or persons who actually alerted Second Sight to these bugs or faults?
Lesley Sewell: Yes, I do.
Sir Wyn Williams: Fine, all right.
Lesley Sewell: And, sorry –
Sir Wyn Williams: All right, that’s fine.
Sorry about that but, as you know, Ms Price, there’s been – not a degree of debate but uncertainty about who said what to whom on this.
Ms Price: Of course, sir.
Could we have on screen, please, POL00189880. I appreciate, Ms Sewell, this is a document that has been provided to you very recently, only this morning. Have you had a chance to read through this and the other two linked documents?
Lesley Sewell: Very briefly.
Ms Price: We’ll take it fairly slowly, then. This is an email dated 2 July 2013 from Mark Davies, Communications Director, to you and others, and it encloses a draft statement and it’s called “Draft Press”, so it appears that it was a draft press statement; is that right?
Lesley Sewell: Yes.
Ms Price: Going to the attachment, POL00189881, we can see there:
“Confidential
“DRAFT Post Office statement on Horizon system.”
This contains reference to the receipts and payments mismatch bug and the suspense account bug, three paragraphs up, please, from the bottom of the page. We see there the reference in that paragraph, three paragraphs up, to the 62 and the 14 branches affected. The next paragraph underneath that says this:
“In the first of these cases, 17 subpostmasters were adversely affected – and later reimbursed – to a total cost of £xxx (with the highest payment being £115). In the second set of cases, the total impact was xxx.
“The accounting anomalies in these cases were picked up by the Horizon system, Post Office proactively informed subpostmasters and any losses – however minor – were reversed.”
That reference to the accounting anomalies being picked up by the Horizon system, that’s not correct, is it, that both anomalies were picked up by the Horizon system? Because the suspense account bug was not recognised as a bug and reported to Fujitsu by the Post Office for a year after its effects were first reported; would you agree with that?
Lesley Sewell: Yes, I would.
Ms Price: You provided comments on this draft statement. Could we have on screen, please, POL00296993. We can see here an email from Ruth Barker, on the same day, 2 July 2013:
“Here’s the amended statement which I think incorporates all comments and amends received so far.”
It’s to you and others.
Scrolling down to the email below, please, a little further down, please, in the middle of the page there we have an email from you, dated 2 July, to Nina Arnott, Ruth Barker and others about the draft statement, and you say:
“Nina
“Simon and I have gone through the detail with Ruth – she has our comments.”
Then scrolling back up to the version of the draft, which incorporates your comments, the fifth paragraph in the amended draft, starting “The Horizon system”, the last sentence in that says “This evidence included”, and there’s a reference there to the provision of information to Second Sight. After that:
“The evidence included details two sets of transaction anomalies – one impacting 62 of the Post Office’s 11,800 branches between March and October 2010 and the other affecting 14 branches with respect to accounting entries in 2010/11.
“In the first of these cases, 17 subpostmasters were adversely affected – and later reimbursed – to a total cost of £xxx pounds … In the second set of cases the total impact was xxx. When the accounting anomalies in these cases were picked up by the Horizon system, the Post Office proactively informed subpostmasters and any losses, however minor, were reversed.”
So the change here seems to be to “when the accounting anomalies were picked up” in place of “the anomalies were picked up by the Horizon system”; was that a change you made to the wording?
Lesley Sewell: So having just seen this, this morning, I didn’t – I couldn’t recall seeing this at the time. I obviously did see it but I can’t remember this.
Ms Price: Do you see the problem that that still seems to be incorrect –
Lesley Sewell: Yes.
Ms Price: – based on what we know about the suspense account bug?
Lesley Sewell: Yes.
Ms Price: Is that something that you should have corrected at the time?
Lesley Sewell: I can’t remember reading it and I can’t remember the document, so I’m struggling with this, and I would have relied heavily on Simon, as well, to help me as part of this, because he was pulling together all the detail on – a lot of the detail on these particular faults.
Ms Price: It’s an important point, isn’t it, because, if a bug can go unrecognised for a year, a bug which causes accounting discrepancies, the Post Office, which dismisses, prosecutes and seeks to recover debt from individuals on the basis of Horizon accounting data, might go on to take action against individuals wrongly before the bug is discovered as such, mightn’t it?
Lesley Sewell: It is an important point but I would never intentionally leave anything out. I just wouldn’t, sorry.
Ms Price: Okay, do you want to take a break?
Lesley Sewell: No, I’m fine.
Sir Wyn Williams: We’re about due our second break.
Ms Price: We are, sir. I was just going to suggest that we might want to take our break there.
Sir Wyn Williams: Yes, we’ll take ten minutes now so we’ll return at 12.25.
Ms Price: Thank you, sir.
(12.16 pm)
(A short break)
(12.26 pm)
Ms Price: Hello, sir.
Sir Wyn Williams: Hi.
Ms Price: Ms Sewell, just before we go back to the documents, in answer to a question from the Chair earlier, you said you thought that someone from IT told Second Sight about the bugs. Can you help at all with who from IT that was?
Lesley Sewell: I think – I think it was Simon Baker.
Ms Price: Could we have back on screen, please, the document we were just looking at, POL00296993. Just looking at the draft, scrolling down a bit, please, the first paragraph on the page:
“An interim review into concerns around the accuracy of the accounting programme used in Post Office branches has concluded there are no systemic issues inherent within the computer system.”
The point about Second Sight confirming that there were no systemic issues in the computer system is a point that you raise at paragraph 49 of your statement, and I’d just like to explore that, please. That document can come down. Thank you.
I’d just like to explore that, please, from an IT perspective. In the context of bugs or defects affecting a computer system, isn’t any bug or defect inherently systemic, in that all branches are on the same software, even if all branches are not affected by a bug?
Lesley Sewell: So how I would look at it from an IT perspective, systemic would affect everybody. So it would be quite widespread. You do have, in all systems – and I’ve seen it throughout my career, where you can have a fault, which will affect just small number of – I mean, in this case it’s branches or accounts. You know, if I think about my banking background. So systemic to me is widespread.
Ms Price: Referring to the lack of a systemic issue, using your definition of systemic there, it doesn’t engage, does it, with the underlying point here that there were bugs which could cause accounting discrepancies. One of the bugs referred to in the Second Sight Report went unrecognised, as such, for a year. There might well be other bugs in a system of this size and scale which occur; would you agree with those propositions so far?
Lesley Sewell: Yes.
Ms Price: In those circumstances, how could Post Office say that its reliance on transaction data produced by Horizon to dismiss, to prosecute, to seek to recover debt from people had not caused the apparent losses, which were the subject of challenge? We’ve seen in a number of places quite bold statements that the Horizon system had not caused the apparent losses which were the subject of Horizon challenges.
Lesley Sewell: Yes.
Ms Price: How was Post Office in a position to say that?
Lesley Sewell: So – and I’ll go back just from an IT perspective, for any fault or issue that is raised, through whatever means it’s raised, the important point to maintain the integrity of the data is to be able to identify and rectify it. Now, that doesn’t deal with potential issues that you can’t see because you’re looking for something that you can’t actually see. But it’s important and, in these cases, these particular faults, even though one took a year to deal with, it was identified and it was corrected and the original issue with the suspense one for the subpostmaster – Willen, I think it was – the appropriate process control kicked in, because it can’t just be about the system; it’s got to be about the process, as well.
Ms Price: Well, in that case, the Financial Services Centre had looked at it and spotted that something wasn’t right. But do you recognise that there might be other cases which were or weren’t on the radar of Financial Services, where there were apparent shortfalls which weren’t on Fujitsu’s radar, which weren’t on anyone’s radar?
Lesley Sewell: That could have been a possibility but that then leads on to how you check for the integrity of the data, and I don’t know whether we’ll come on to that a little bit later but that goes on to, well, how do you – what are the checks and balances in place as that data goes from the terminal to the data centre itself and the database.
Ms Price: In the context of prosecutions, you will be aware of audit data requests that may have been made in support of some prosecutions.
Lesley Sewell: Mm-hm.
Ms Price: But were you aware that there were other prosecutions where no audit data was ever requested from Fujitsu?
Lesley Sewell: Not to my knowledge.
Ms Price: I’d like to move, please, to the question of Gareth Jenkins and the evidence he gave in support of prosecutions bought by the Post Office. Could we have on screen, please, FUJ00156869. This is an email from Harvey Michael, commercial director and solicitor at Fujitsu, to someone called Helen Lamb, and it’s dated 18 September 2013. The subject here is “Summary of meeting with Post Office”, and there is a list of attendees and your name is on the list as attending.
Lesley Sewell: Mm-hm.
Ms Price: Having a look down the table that summarises that meeting, do you recall being at that meeting?
Lesley Sewell: I’m sorry, I don’t.
Ms Price: Going to point 7 from the summary, please, page 2, we have this:
“[Post Office Limited’s] criminal barrister from Cartwright King solicitors has flagged a discrepancy between the evidence given in court and the information provided as part of the Second Sight audit. This could mean that the relevant Expert is ‘tainted’.”
Then in the next column we have:
“I disagree that the expert is ‘tainted’ but ultimately there is little point challenging it as we agree it may be a sensible time to transition to a new expert to ensure continuity of service.”
Then there’s an “Action”:
“SC to determine whether she can share the report with Fujitsu.”
You appear to have been told at this meeting that Post Office’s criminal barrister from Cartwright King had formed the view that the expert – and that is Gareth Jenkins – was tainted because of a discrepancy between the evidence he’d given in court and the information provided to Second Sight. Were you aware at the time that this was Gareth Jenkins?
Lesley Sewell: Yes, I was.
Ms Price: So you were aware of this opinion that had been given by the barrister from Cartwright King?
Lesley Sewell: I was aware probably from Sue Crichton. I can’t remember – I don’t recall seeing any legal review that was done but I was certainly aware from Susan.
Ms Price: Did this concern you at the time?
Lesley Sewell: Yes, it would have concerned me at the time. I can’t remember what the concerns were exactly but it would have been about – because, as I understood it, he hadn’t disclosed all of the faults that he was aware of. I think that was the material issue.
Ms Price: Did anyone at this meeting – and I recognise that you’re struggling to recall the meeting in particular – but did anyone from Fujitsu express concern about this?
Lesley Sewell: I can’t remember.
Ms Price: Could we have on screen, please, FUJ00117284. This is a “Business Review” of the Post Office Account dated 17 April 2015. Going to page 3, please, under “Customer Satisfaction” that bottom left box, on the left-hand side, if we can zoom in a little, please. You see the last bullet point here is:
“Gareth Jenkins recognised by Lesley Sewell for impeccable service and individual contribution.”
So is this the same Gareth Jenkins who had been described as a “tainted” expert in that meeting we’ve just looked at?
Lesley Sewell: It will be.
Ms Price: Had it not negatively impacted upon your assessment of him?
Lesley Sewell: So any – just by way of background, with calling out individuals for any particular positive contribution to Post Office, it’s highly likely – and I can assume that the Inquiry will be able to find something that was given to me – to call Gareth out for a particular reason.
Ms Price: Can you recall what that was now?
Lesley Sewell: No, I really don’t and I can’t actually recall. I think this was about 2015, was it? What month was it, again? Sorry.
Ms Price: April, I think.
Lesley Sewell: Right, okay.
Ms Price: Yes.
Lesley Sewell: I really don’t know.
Ms Price: Moving, please, to what has been termed “Remote access”, we looked earlier this morning at a meeting note of a meeting in 2010, at which the receipts and payments mismatch bug and potential solutions for dealing with it were discussed. Could we have that back on screen, please. It’s FUJ00081945. This is the meeting at which Mr Trundell from your team, or from IT, was in attendance.
Lesley Sewell: Mm-hm.
Ms Price: Going to page 3, please. Under “Solution One” – we see that:
“There are three potential solutions to apply to the impacted branches, the group’s recommendation is that solution two should be progressed.”
One of the solutions being considered was “Solution One”:
“… Alter the Horizon branch figure at the counter to show the discrepancy. Fujitsu would have to manually write an entry value to the local branch account.
“Impact – When the branch comes to complete next trading period they would have a discrepancy, which they would have to bring to account.
“Risk – This has significant data integrity concerns and could lead to questions of ‘tampering’ with the branch system and could generate questions around how the discrepancy was caused. This solution could have moral implications of Post Office changing branch data without informing the branch.”
Did Mr Trundell, or anyone else at this meeting or involved in discussions about this at the time, report back to you that this was being contemplated?
Lesley Sewell: I don’t believe so.
Ms Price: This makes clear, doesn’t it, that Fujitsu could insert data into the branch account without the branch’s knowledge or approval?
Lesley Sewell: Yes, it does.
Ms Price: Was that fact drawn to your attention at the time?
Lesley Sewell: I don’t believe it was.
Ms Price: Should it have been?
Lesley Sewell: Because I wasn’t dealing with the issue itself, um – so there’s two parts to this. I wasn’t dealing with the issue. I think, given what we know now and at the time, it should have bubbled up and it should have gone all the way up to Mike Young.
Ms Price: But as Head of IT, as you were at the time, is this not a material piece of information of which you should have been aware?
Lesley Sewell: This was an operational incident that was being dealt with through a different line and, at the time I joined, my role was largely changed. It wasn’t dealing with these issues. And Ian Trundell – it’s likely Ian would be there just to support, with the reporting line going separately through Andy into Mike.
Ms Price: Setting aside the proposed solution, which we know wasn’t, in fact, the solution which was recommended or adopted, the fact of the ability of Fujitsu to take the step that was being proposed, wasn’t that something you should have been told about as Head of IT?
Lesley Sewell: Probably, yes.
Ms Price: Could we have on screen, please, POL00141531. Going to page 2 of this document, please. Towards the bottom of the page is an email from Simon Baker to Steve Beddoe, copied to you. It is dated 22 May 2013, the subject is “Branch database – support team changes”, and it reads as follows:
“Steve
“Fujitsu tell me that very very occasionally the support team are required to make updates directly to the branch database (presumably to fix support problems).
“And that when such a change is required, it is signed off by [Post Office Limited] using the Service Desk.
“Are you aware of this process? And if so, how do I get a log of all such requests.
“Thanks, Simon.”
The email above is to Antonio Jamasb from Simon Baker, 24 May 2013. Antonio Jamasb was the person who sent the meeting invite to the 2010 receipts and payments mismatch bug meeting, wasn’t he, and he attended that meeting?
Lesley Sewell: Yes.
Ms Price: You’re copied in here, and it says:
“Tony
“I know you are still working on this. As I am out next week, can you keep Lesley in the loop as you get a clear picture on the processes we use to approve changes to live data, and a list of the times this has happened.
“Also, Lesley is in Dearne and Chesterfield on Thursday, if you are there she would appreciate a quick conversation with you on this subject.”
So you were being told in this email chain that Fujitsu occasionally, or very, very occasionally, made updates directly to the branch database. Could we have on screen, please, FUJ00087027. This is an email from 4 June 2013. That appears, from the context and the email below, to be the American format for dates because we see the email below is 4 June. So, going up, please, to that top email. You provide comment here on providing Second Sight with answers to their questions about remote access at the Bracknell site. Do you remember that issue?
Lesley Sewell: I do.
Ms Price: The questions being asked are set out further down this email chain, page 2, please, Ian Henderson’s email of 3 June. There are a series of questions that are set out there and then this, in the penultimate paragraph underneath those:
“Please note that we’re not really interested in what the procedures manual says about any of this. We need to look at whether it would be possible for a rogue employee to do what is alleged and what log files would be generated to record that activity. Please note that I have now been provided with a second batch of employee email and I may find the other emails that are potentially relevant to this matter.”
You were aware at this time, weren’t you, of the importance of this issue to the integrity of the Horizon audit data?
Lesley Sewell: Yes, I was.
Ms Price: Could we have on screen, please POL00296795. This is an email from Andrew Winn to you and others, dated 28 June 2013. It provides a summary of the history of the receipts and payments mismatch issue. Attached to Mr Winn’s email was the note of the 2010 receipts and payments mismatch meeting, at which the possible solution of Fujitsu altering the branch data was discussed.
When this was sent to you, would you have read the attachments, the attached meeting note?
Lesley Sewell: I don’t know whether I would have read them. So I can’t remember the document that I saw in the pack, it didn’t spring any – bring back any memories or anything, so I can’t remember it.
Ms Price: You mean the 2010 meeting note?
Lesley Sewell: Yes, the one you showed me earlier, yeah.
Ms Price: Quite apart from the note of that meeting, you’d been made aware, by this point, of the fact that very, very occasionally Fujitsu would alter branch data, hadn’t you, in that earlier email we looked at?
Lesley Sewell: So the earlier email we looked at and, again, I can’t recall having a discussion with Tony or seeing the output from that email. It does reference data being changed on the databases. But I don’t know what that was and whether it was transactional data or just – you know, you can make general support changes on a database.
So I really don’t know and I couldn’t find anything in the documentation that was provided to see what the output of that was. I struggle to find anything.
Ms Price: That document can come down now. Thank you.
Sir Wyn Williams: When you say you struggle to find anything, just so I’m clear, are you talking about your struggle now, having read what’s been sent to you –
Lesley Sewell: Yeah.
Sir Wyn Williams: – or struggle then, so to speak?
Lesley Sewell: No, I struggle to see, from the documentation that was provided by the Inquiry, Sir Wyn, to see what the output of that was. But the only point I will add is that, from the Inquiry notes that were sent, because this was such a material issue, there was a meeting pulled together with Second Sight to discuss this particular point and I was obviously in attendance at that meeting, and so was Fujitsu.
Sir Wyn Williams: Hang on a minute. So there was a meeting in or about the end of June/early July, is that when we’re talking about, 2013?
Lesley Sewell: Yes, that’s correct.
Ms Price: Sir, there is a note of that meeting.
Sir Wyn Williams: Yes, fine. I just wanted to be clear what the witness was saying, that’s all. Thank you.
Ms Price: The note of the 2010 meeting on receipts and payments mismatch, from that note, it appears that Fujitsu was being upfront about the fact that it could alter branch data in the way that was being proposed; would you agree, having read that note now?
Lesley Sewell: It does but I would counter that with the number of times that I and others asked about branch data and we were consistently given the same message: that it was not possible.
Ms Price: Could we have on screen, please, the Second Sight Interim Report, that’s POL00099063. Going to page 12, please. This is dealing with spot review SR5, relating to the Bracknell site allegation. Reference is made at paragraph 1.4 to an assurance given in a letter to Alan Bates in 2010, signed by Edward Davey MP, that there is:
“… no remote access to the system or to any individual branch terminals which would allow the accounting records to be manipulated in any way.”
So that’s the quote underneath there.
Over the page at 13, please, at 1.10(b), 1.10 said “This review has shown”, and at (b):
“An email sent to a number of [Post Office Limited] employees in April 2011, including a member of the Testing team in Bracknell, included the following comment:
“‘Although it is rarely done it is possible to journal from branch cash accounts. There are possible P&BA concerns about how this would be perceived and how disputes would be resolved’.”
Then at 1.11:
“‘P&BA’ refers to ‘Product and Branch Accounting’, which is a team within [Post Office Limited] that is responsible for the back office accounting system.”
At 1.12:
“[Post Office Limited] has told Second Sight that the comment noted above describes a method of altering cash balances in the back office accounting system, not Horizon. We note however that any changes to branch cash account balances in this way would be subsequently processed in Horizon using the transaction correction process. This would be notified to [subpostmasters] and requires their consent in order for the TC to be processed. The TC process typically runs on an overnight basis and is necessary to ensure that the back office accounting system remains synchronised with the Horizon system.”
At 13:
“Second Sight notes that this method of ultimately adjusting branch cash accounts in Horizon is similar, but not identical to, what was described by the [subpostmaster], albeit in an indirect rather than a direct way. We have subsequently been told that none of the [Post Office Limited] employees working in Bracknell in 2008 had access to the back office accounting system.”
So Second Sight’s understanding was clearly that the only way that branch cash accounts could be adjusted was through the back office accounting system of transaction corrections, which would be notified to subpostmasters and required their consent; would you agree?
Lesley Sewell: Yes.
Ms Price: The email we looked at from May, relating to the very, very occasional intervention of Fujitsu, did you understand that to mean that Fujitsu could alter the branch accounts? Now, I know you’ve drawn a distinction between fixing bugs but I just want to be clear about this: before Second Sight published in July, were you aware that Fujitsu employees, not P&BA, had the ability to alter branch accounts?
Lesley Sewell: To the best of my recollection, I didn’t think that was the case, that wasn’t until the Deloitte report, which was a year later.
Ms Price: Could we have on screen, please, POL00108538. About halfway down the page is an email from James Davidson from Fujitsu, and this is dated 17 April 2014. It is sent to Rodric Williams. The subject is “Strictly Private & Confidential – Subject to Privilege”. Mr Davidson is providing responses to a series of questions which had been posed by Rodric Williams.
Going over the page, please, to question 2, the question is:
“Can Fujitsu change branch transaction data without a subpostmaster being aware of the change?”
The answer is:
“Once created, branch transaction data cannot be changed, only additional data can be inserted. If this is required, the additional transactions would be visible on the trading statements but would not require acknowledgement/approval by a subpostmaster, the approval is given by Post Office via the change process. In response to a previous query Fujitsu checked last year when this was done on Horizon Online and we found only one occurrence in March 2010 which was early in the pilot for Horizon Online and was covered by an appropriate change request from Post Office and an auditable log. For Old Horizon, a detailed examination of archived data would have to be undertaken to look into this across the lifetime of use. This would be a significant and complex exercise to undertake and discussed previously with Post Office but discounted as too costly and impractical.”
Were you aware of this information in April 2014, at the time that this email was sent?
Lesley Sewell: It was a – I think – so the Deloitte report was April/May and, at that point, it became very clear to me that Fujitsu had actually inserted a transaction into a Branch Trading statement. I wasn’t –
Ms Price: I will come on to the Deloitte report in a moment, which is May 2014. The information here from Fujitsu, directly from Mr Davidson, did anyone raise that with you in April 2014?
Lesley Sewell: I don’t recall it being raised with me and, if it had been raised with me, I wouldn’t intentionally not share that sort of information because it’s quite important.
Ms Price: This is another document, isn’t it, which suggests that Fujitsu was being upfront about what was and wasn’t possible, in relation to changing branch transaction data; would you agree?
Lesley Sewell: Yes, it is.
Ms Price: In May 2014, the Project Zebra draft report for discussion was produced. You say at paragraph 53 of your statement that you were heavily involved in Project Zebra; is that right?
Lesley Sewell: Yes, I was.
Ms Price: Ahead of the publication of the report, the work being done by Deloitte was discussed at a Post Office Limited Board meeting on 30 April 2014. Could we have the minutes of that meeting on screen, please.
I promise, sir, this will be brief before lunch.
The reference is POL00150285.
You see here the minutes, 30 April 2014, Post Office Limited Board meeting and, on the first page, we can see you were in attendance, scrolling down a bit, please, as Chief Information Officer to address a particular issue, so “(minute 14/55)”, and then going, please, to page 6 of this document, the heading “Horizon – Deloitte Report”, and at (a):
“The Board welcomed Lesley Sewell, Chief Information Officer, and Gareth James, partner, Deloitte, to the meeting. Chris Aujard also rejoined the meeting.”
Then at (c) to (e), the minutes say this:
“Lesley Sewell explained that the first piece of work Deloitte had been asked to undertake was to give assurance that the control framework including the security and processes for changes in the system, were robust from an IT perspective.
“Gareth James reported that all of the work to date showed that the system had strong areas of control and that its testing and implementation were in line with best practice. Work was still needed to assure the controls and access at the Finance Service Centre.”
At (e):
“Chris Aujard explained that several of the subpostmasters who were challenging Horizon had made allegations about ‘phantom’ transactions which were non-traceable. Assurance from Deloitte about the integrity of the system records logs would be very valuable.”
Were the discussions summarised here at (c) to (e) referring to work on remote access or not?
Lesley Sewell: I think (e) in particular, yes.
Ms Price: Sir, if that’s a convenient moment, I suggest we might want to break for lunch now.
Sir Wyn Williams: All right. Well, just one more question from me.
A little while ago, you told me that you were consistently being told that remote access was not possible but I wasn’t clear whether the persons telling you that that was the case were Post Office personnel or Fujitsu personnel, or both.
Lesley Sewell: It was both.
Sir Wyn Williams: It was both. Those were in direct conversations?
Lesley Sewell: From what I recall, yes. So, on one side, Post Office, the Architects Team, and I think there’s documentation in the Inquiry pack, where you can see emails where I’ve been given consistent messaging as well.
Sir Wyn Williams: Given that you didn’t begin at the Post Office until – I think it’s April 2010, just so I can be clear, was this in the period between April 2010 and the publication of the Second Sight Interim Report or was it a wider period, even than that, in the sense that it went beyond the date of the publication of the Second Sight Report?
Lesley Sewell: So, to the best of my recollection, I think it went beyond the Second Sight Report because we were trying hard to get to the bottom of the Bracknell issue with the testing.
Sir Wyn Williams: Yes, all right. What time shall we start again, Ms Price?
Ms Price: 2.00, sir. It’s only just past 1.00 now.
Sir Wyn Williams: Yes, fine. 2.00.
Ms Price: Thank you.
(1.04 pm)
(The Short Adjournment)
Ms Price: 2.00 pm)
Ms Price: Hello, sir, can you still see and hear us?
Sir Wyn Williams: Yes, I can, thank you.
Ms Price: Ms Sewell, before lunch we had just looked at the board minutes from 30 April 2014 meeting and the expectation that was expressed at that board meeting was that Deloitte would be providing assurance about the integrity of the system records logs, and that was in the context of subpostmasters challenging Horizon. You and Mr Aujard had been heavily involved in the Deloitte work on Project Zebra, hadn’t you?
Lesley Sewell: Yes.
Ms Price: You read the report when it was delivered?
Lesley Sewell: Yes.
Ms Price: Can we have the report on screen, please. The reference is POL00107160. We can see the title on the front “Horizon: Desktop Review of Assurance Sources and Key Control Features”. Scrolling down a bit, “Draft for discussion”, and the date, 23 May 2014.
Going to page 31 of this document, please. We have here under (f) – under this area “Key matters for consideration” – “Hardware controls over the audit store”. It says this:
“The Centera EMC devices used to host audit store data have not been configured in the most secure EC+ configuration. As a result, system administrators on these boxes may be on able to process changes to the data stored within the audit store, if other alternative software controls around digital seals, and key management are not adequately segregated from Centera box administration staff. Privileged access to the cryptographic solution around digital signatures, and publicly available formulas on MD5 hashed digital seals would potentially allow privileged users at Fujitsu to delete a legitimate sealed file, and replacement with a ‘fake’ file in an undetectable manner.”
What did you think when you saw that Fujitsu could delete a legitimate sealed file and replace it with a fake file in an undetectable manner?
Lesley Sewell: So, to the best of my recollection, I would have talked to Deloitte about this particular finding and, to go through it, it was a theoretical possibility, because you would have had to have – this was about the administrators who looked after us after the hardware itself and the administrators who would look after the database itself, coupled with being able to digitally seal and provide the MD5#, so you would have had to have a number of people to collude in this.
The other point at this point in time, and I do vaguely remember this, was my surprise at being able to do that because my understanding had always been that – and I think I’ve covered this in my witness statement – that it was a WORM solution, so it was Write Once Read Many times. So there was nothing you could do with that audit store once it was – once a transaction had been applied to it.
Ms Price: So this was something that you had hitherto thought not possible?
Lesley Sewell: Yes, that’s right.
Ms Price: Then, under (g) the first bullet:
“Branch database: We observed the following in relation to the branch database being:
“A method for posting ‘balancing transactions’ was observed from technical documentation which allows for posting of additional transactions centrally without the requirement for these transactions to be accepted by subpostmasters (as ‘transaction acknowledgements’ and ‘transaction corrections’ require). Whilst an audit trail is asserted to be in place over these functions, evidence of testing of these features is not available …”
Then at the third bullet point:
“For ‘balancing transactions’, ‘transaction acknowledgements’, and ‘transaction corrections’ we did not identify controls to routinely monitor all centrally initiated transactions to verify that they are all initiated and actioned through known and governed processes, or controls to reconcile and check data source which underpin current period transactional reporting for subpostmasters to the Audit Store record of such activity.”
Then at the bottom:
“Controls that would detect when a person with authorised privileged access used such access to send a ‘fake’ basket into the digital signing process could not be evidenced to exist.”
Again, what did you think when you read those aspects of this report?
Lesley Sewell: So this one was more material for me because it actually demonstrated that a transaction had been inserted into the branch database and, forgive me, because – so I’m trying to recollect from the papers that I was given as part of the Inquiry – and – and it was, it was around the balancing transaction, that was the material point because I didn’t think – I didn’t think it was possible.
Ms Price: This report established, did it not, that something that Second Sight had been assured could not be done could actually be done.
Lesley Sewell: That’s correct.
Ms Price: Knowing the importance of the issue to the integrity of Horizon audit data and given your involvement in dealing with Second Sight, did you not think it was important to bring this to their attention?
Lesley Sewell: So, at the time, the business had, or Post Office had, a separate – it was a separate organisational structure to deal with Second Sight and the person who was on that organisational structure who was party to this was Chris Aujard. So, whilst I didn’t directly tell Second Sight of this, I would have thought rightly, it would have gone through that structure.
Ms Price: Did you seek to identify any assurance work which needed to be completed in response to the report?
Lesley Sewell: So – and I have a real gap with what happened after the Deloitte report and largely because I haven’t had that much information provided by the Inquiry, and the second half of that year was very heavy for me, in terms of what was happening with separation and Fujitsu, as an exiting supplier. From memory – and these are very vague memories – I do remember the escalation(?) – I think that Information Security were heavily involved in this, in terms of actions, and I’ve seen reference to a meeting that I potentially attended, as well, at that point.
But I have a real gap in terms of what did or didn’t happen after that. I’m really sorry.
Ms Price: Do you recall who, within the Post Office, you discussed the Deloitte report with?
Lesley Sewell: Yes, I do. So I definitely spoke to Chris Aujard and Paula Vennells.
Ms Price: Could we have on screen, please, POL00031409. This was the Project Zebra Action Summary. We can see there the date, 12 June 2014. The author is James Rees; reviewer Emma McGinn; review and sign off, Julie George. Do you recall those individuals?
Lesley Sewell: So I do recall Julie because I recruited Julie.
Ms Price: What was Julie’s role?
Lesley Sewell: She was Head of Information Security.
Ms Price: In essence, this is a document dealing with what the organisation needed to do to meet the Deloitte concerns; that’s right, isn’t it?
Lesley Sewell: Yes, it is.
Ms Price: If we go to page 6, please, and paragraph 4.2.2. This is “Data Logging”. It says:
“One point raised in the report was that it was possible for someone with privileged access to delete data from specific areas of Horizon. This is always a risk with individuals using admin or power user accounts and is a persistent risk, one that needs to be catered for in almost any organisation.
“Due to the sensitive nature of the information contained in the databases, monitoring of those databases should be put in place using technology to detect and record deletions and administrative changes to the databases. If possible, alerts should also be generated for mass deletions and high level risk changes to database schemas.
“Recommended remediation:
“The solution currently in place may be able to undertake the level of logging required within the Horizon solution. It is recommended that the current logging and logs are reviewed on a daily basis.
“This needs to be investigated further and the options on how to handle this defined through the risk management process and based on the solutions already in place or ones that could be procured to handle this.”
It’s plain from this document, isn’t it, that these people in the Post Office understood that data could be deleted, and that would not be immediately apparent to the Post Office, let alone postmasters?
Lesley Sewell: As part of the output from the Deloitte review.
Ms Price: I’m talking in general terms, from this document engaging with the Deloitte review.
Lesley Sewell: Sorry, I’ve –
Ms Price: It’s my fault. I’ll repeat the question.
Lesley Sewell: Oh, sorry.
Ms Price: Looking at this document, which is engaging with the Deloitte report, and we’ve been to the relevant paragraphs in that, certainly the people who were named on the front of the report understood that data could be deleted, and that wouldn’t be immediately apparent to the Post Office or postmasters.
Lesley Sewell: So how I’ve read that, since I’ve just received it, was that this was related to the audit file, the Deloitte report.
Ms Price: Okay.
Lesley Sewell: If you wouldn’t mind just – so I could re-read it –
Ms Price: Yes, we can scroll back up.
Lesley Sewell: If you wouldn’t mind because this document I did just receive recently.
Ms Price: Of course. If you scroll down to the bottom of page 6, we’re looking for 4.2.2. So the point here being addressed is the one raised in the report, that it was possible for someone with privileged access to delete data from specific areas of Horizon.
So my question is: looking at that, which is engaging with that aspect of the review, at least the individuals, on the face of this summary document, were aware of this fact at this point, that it was for someone with privileged access to delete data from specific areas of Horizon?
Lesley Sewell: So that’s how it reads.
Ms Price: Did you see this document in 2014?
Lesley Sewell: I can’t recall seeing it. As I’ve said, I’ve got a real memory gap between the Deloitte report and into 2015. I’ve just got a real gap – gap there and it’s largely because of probably everything else that was under way at the time.
Ms Price: Could we have on screen, please, POL00346958. This is an email from Julie George, whose name was on the review and sign off for that report we’ve just looked at. It’s dated 17 June 2014 and it’s to Rod Ismay, David Mason, Malcolm Zack, copied to Gina Gould. She says this, and is attaching Zebra Action Summary version 0.3:
“Hello all,
“I have tried to call you Rod – attached a Draft Summary of actions arising from Deloittes recent piece of work on the Horizon systems.
“Clearly there is no blame attached anywhere, and this morning’s meeting with Chris Day, Chris Aujard, Lesley and Malcolm – focused on what we would need to put in place as an organisation to address overall assurance on all critical systems, starting with Horizon from 1 April.
“Detailing appropriate industry standards and controls our business should be following against a risk based priority mechanism.
“Rod we would be happy to come to Chesterfield, however it would be better (more cost effective) if we could have a morning or afternoon in the next week or so at Old Street.
“We 4 will need to be comfortable that we have a plan going forward including indicative costs of undertaking for Risk and Compliance Committee on 21 July.
“We will need to engage with the ExCo members attached to verify and agree to support prior to the committee meeting.”
Then asking Gina to arrange a meeting between Rod, Dave, Malcolm and her.
So it appears from this that you had, that morning, been at a meeting to discuss this with, among others, Chris Aujard. Does that help with you are recollection of involvement at this stage?
Lesley Sewell: So I must have been at a meeting but I’m really struggling to remember it.
Ms Price: Can you help at all with whether the recommendations were implemented by 1 April the following year?
Lesley Sewell: I’m sorry, I can’t.
Ms Price: That document can come down now. Thank you.
In 2015, Paula Vennells was seeking assistance on remote access in advance of her attendance before the Select Committee; do you recall that?
Lesley Sewell: I vaguely recall it.
Ms Price: Could we have on screen, please, POL00029812. Looking first, please, at page 5 – scrolling down, please – we have an email from Paula Vennells, 30 January 2015, 7.29 in the morning, and this is to Mark Davies and to you, subject “Urgent: Accessing Horizon”. She says this:
“Dear both, your help please in answers and in phrasing those answers, in prep for the [Select Committee]:
“1) ‘is it possible to access the system remotely? We are told it is’.
“What is the true answer? I hope it is that we know this is not possible and that we are able to explain why that is. I need to say no it is not possible and that we are sure of this because of xxx and that we know this because we have had the system assured.
“2) ‘you have said this is such a vital system to the Post Office, what testing do you do and how often? When was the last time?’”
Then underneath this:
“Lesley, I need the facts on these – I know we have discussed before but I haven’t got the answer front of mind – too many facts to hold in my head! But this is an important one and I want to be sure I do have it. And then Mark, to phrase the facts into answers, plus a line to take the conversation back up a level – ie to one of our narrative boxes/rocks.”
“Thanks, Paula.”
The answers to those questions are set out in the emails which are further up in this email chain. So if we can just go through them. The one above, this is from Kevin Lenihan, 30 January, to Pete Newsome:
“Pete,
“My phone call earlier today refers.
“I need some urgent information as per Paula’s note please.”
Then above:
“Mark,
“As discussed, can you hook up with Kevin to review what answers have already been provided to Second Sight as this should form the Post Office response.”
Then up again, we have an email here from Mark Underwood to James Davidson, copied to Kevin Lenihan, and he says – apologies, if we can just scroll down, please, to the bottom of this email.
Going back up again. There’s no sign off there. Who was Mark Underwood?
Lesley Sewell: I don’t know who Mark Underwood was.
Ms Price: He says:
“Hi Kevin my proposed answer to the first question below (it can be sent in its entirely to Mel and she can pick and choose). Though this will need to be signed off by James as accurate [so James Davidson].
“In terms of second question, I cannot find anything on the testing carried out. It could very well have been sent to one of my predecessors but I cannot find it anywhere.”
Then “In terms of [question] 1:
“This question often phrased by applicants and Second Sight is:
“‘Can Post Office remotely access Horizon?’”
The answer:
“Phrasing the question in this way does not address the issue that is of concern to Second Sight and applicants. It refers generically to ‘Horizon’ but more particularly is about the transaction data recorded by Horizon. Also, the word ‘access’ means the ability to read transaction data without editing it – Post Office/Fujitsu has always been able to access transaction data however it is the alleged capacity of Post Office/Fujitsu to edit transaction data that appears to be of concern. Finally, it has always been known that Post Office can post additional, correcting transactions to a branch’s accounts but only in ways that are visible to subpostmasters (ie transaction corrections and transaction acknowledgements) – it is the potential for any hidden method of editing data that is of concern.
“Can Post Office or Fujitsu edit transaction data without the knowledge of a subpostmaster?
“Post Office confirms that neither it nor Fujitsu can edit transaction data without the knowledge of a subpostmaster.
“There is no functionality in Horizon for either a branch, Post Office or Fujitsu to edit, manipulate or remove a transaction once it has been recorded in a branch’s accounts.
“The following safeguards are in place to prevent such occurrences:
“Transmission of baskets of transaction data between Horizon terminals in branches and the Post Office data centre is cryptographically protected through the use of digital signatures.
“Baskets must net to nil before transmission. This means that the total value of the basket is nil and therefore the correct amount of payments, goods and services has been recorded in the basket. Baskets that do not net to nil will be rejected by the Horizon terminal before transmission to the Post Office data centre.
“Baskets of transactions are either recorded in full or discarded in full – no partial baskets can be recorded to the audit store.
“All baskets are given sequential numbers … when sent from a Horizon terminal. This allows Horizon to run a check at the data centre for missing baskets … or additional baskets that would cause duplicate numbers …
“All transaction data in the audit store is digitally sealed – these seals would show evidence of tampering if anyone, either inadvertently, intentionally or maliciously, tried to change the data within a sealed record.”
Then:
“Automated daily checks are undertaken on JSNs (looking for missing/duplicate baskets) and on the digital seals (looking for evidence of tampering).”
Going down, please. Then we go back up to the email above this.
Kevin Lenihan then sends this to Mark Underwood, James Davidson, Melanie Corfield, also on 30 January 2015. This provides bullets in relation to question 2. Just going up again, please. Then we have this from Kevin Lenihan and this is the final answer in an email from Kevin Lenihan to Mark Underwood, Melanie Corfield, copied to Pete Newsome, Dave Hulbert, you, Dave King, Julie George, James Davidson. It says, “Update [Question 1]: URGENT ACTION: Accessing horizon”:
“Mark/Mel,
“James has had a look at your answer to [Question 1]. And thinks there’s too much detail for Paula – this was written for a different type of audience. He has captured the same points but in a more appropriate format:
“He states:
“Having looked again at the request from Paula, it appears that the fundamentals around this question (remote access) are not understood. I suggest that Paula is briefed along the lines of the following.
“1) No transaction data is held locally in any branch. Transactions are complete and stored in a central database and copies of all data is sent to a secure audit database.
“2) Subpostmasters directly manage user access and password setting locally so system access (to create transactions) are limited to approved local personnel only who are responsible for setting their own passwords. Users are only created following an approval process. All subsequent transactions are recorded against the ID used to log on to the system.
Once a transaction has been completed, there is no functionality (by design) for transactions to be edited or amended. Each transaction given is a unique number and ‘wrapped’ in a digital encryption seal to protect if its integrity. All transactions are then posted to a secure and segregated audit server.”
Then fourth:
“On approval, there is the functionality to add additional transactions which will be visible and have a unique identifier in the audit trail. This is extremely rare and only been used once since Go Live of the system in 2010 (March 2010).
“5) Support staff have the ability to review event logs and monitor, in real time, the availability of the system infrastructure as part of standard service management processes.
“6) Overall, system access is tightly controlled by industry standard ‘role based access’ protocols and assured independently in annual audits for ISO 27001, Ernst & Young for IAS 3402 and as part of PCI audits.”
Then at the bottom:
“Mel/Mark – I’ll assume that you are okay with this final position, unless I hear differently. James has advised that he is contactable over the weekend …”
So going up to the top, please, we can see this was copied to you. On reading this email and knowing what you knew at the time from the Deloitte report, do you think that this information being provided was accurate?
Lesley Sewell: The point around the balancing transaction, I understood it as being accurate.
Ms Price: Well, let’s have a look at which point you’re referring to. Scrolling down, please.
Lesley Sewell: So it’s point 4.
Ms Price: So number 3:
“Once a transaction has been completed, there is no functionality (by design) for transactions to be edited or amended”, et cetera.
Then there’s the fourth point, which is an exception, in effect:
“On approval, there is functionality to add transactions which will be visible and have a unique identifier in the audit trail … extremely rare …”
There is no mention here, is there, of the ability to delete transactions, for example, casting your mind back to the points we read about in the report?
Lesley Sewell: There isn’t and I can remember, and I can see in the documents I was provided with, that – and so, from the Deloitte report to January, I have a real gap, because I can’t remember what the actions were taken, and that’s with deep regret from my perspective.
The action – I actually asked Julie George, who was the Head of Information Security, because I can see from the emails that I’ve been provided with, I wanted to make sure that it was accurate information and I wasn’t close enough at that time, because of everything else that was going on, and it was a particularly difficult time for me. I wanted to make sure that it was accurate, the information that was being provided.
I can’t remember the point about the deletion and it’s with regret, if I have forgot it. But I had asked the experts, who were close to this on a day-to-day basis, to provide the necessary information. So I felt as if I had acted correctly in doing that. Sorry.
Ms Price: Of course. Do you want to take a break?
Lesley Sewell: No, I’m fine. It’s okay.
Ms Price: If we can scroll up to the top, please, of this document. Just for completeness, we can see Melanie Corfield there, Friday, 30 January – scrolling down a bit, please, so we can see:
“Thanks again to everyone. This all provides the reassurance needed for Paula in my view re any [questions] that come up on this. If we get more queries on any aspect I will let you know.”
That email seems, doesn’t it, as though Ms Corfield has read the email below, at least to provide the reassurance that Paula Vennells was seeking in that original email, ie “No, this is not possible because”; would you agree?
Lesley Sewell: That’s what it appears.
Ms Price: Then the top email, Dave Hulbert, who is Head of IT Services by this point:
“Kev
“Good outcome and thanks for pulling all of this together. Really appreciated.”
That’s to him and to you.
Again, for completeness, we could have on screen please POL00162308. Scrolling down, please, so we can see the email below, we can see that’s the email we’ve just been through the detail of from Kevin Lenihan, looking at the answer to question 1, just scrolling down so we can see that. Then going back up, please, to the top, that then appears to be forwarded by you to Mark Davies, do you see that, on Friday, 30 January?
Lesley Sewell: Yes.
Ms Price: There are no comments on that from you. Did it occur to you at the time that this was inaccurate in any way?
Lesley Sewell: My point of reference at this point or the last point of reference was the balancing transaction, and I can’t recall actually reading that – I must have read it if I’ve sent it on, but I can’t – reading it now, it’s in there the balancing transaction. It probably should have been clearer.
Ms Price: Sir, those are all the questions that I have for Ms Sewell. There are some questions from Core Participants. I wonder if we might take the afternoon break early at that point, just so that I can establish who and in what order, and time estimates.
Sir Wyn Williams: Yes, by all means. That sounds fine.
Ms Price: Sir, if we can take 15 minutes now, sir, we are not pressed for time, coming back at 2.50, please.
Sir Wyn Williams: Yes, fine.
Ms Price: Thank you.
(2.34 pm)
(A short break)
(2.50 pm)
Ms Price: Hello, sir.
Sir Wyn Williams: Hello.
Ms Price: We have questions from Ms Page and from Mr Moloney. Ms Page will be no more than 30 minutes and Mr Moloney will be no more than 10 minutes.
Sir Wyn Williams: All right.
Ms Price: Thank you, sir.
Questioned by Ms Page
Ms Page: Thank you. Ms Sewell, would you say that there were cliques within the Vennells/Perkins management regime?
Lesley Sewell: Sorry, I didn’t catch that.
Ms Page: Would you say that there were cliques within the management regime under Ms Vennells and Ms Perkins’ leadership?
Lesley Sewell: Cliques, as in?
Ms Page: Were there people who were in favour, people who then fell out of favour?
Lesley Sewell: I’m – sorry, apologies. I’m just trying to think to answer your question. I don’t know whether I would call them cliques but there was – certainly you would have different groups of people who would come together.
Ms Page: You describe in your witness statement at paragraph 73 – and I don’t need to take you to it – how you fell out of favour, if you like, and how you felt you were isolated and unable to do your job. Now, I don’t want to distress you unnecessarily but that’s how things –
Lesley Sewell: Sorry, that particular period was very difficult for me and it still is very difficult. So I’m really sorry that I’m getting upset about it.
Ms Page: Don’t worry. Don’t worry.
All I’m trying to get clear about is that that was an example, perhaps, of the way sometimes people would get the cold shoulder and find themselves on the outside; is that fair?
Lesley Sewell: Well, I did feel on the outside at that point.
Sir Wyn Williams: Can I ask you just approximately from when you felt on the outside, just so I can have some idea of it. I don’t need the details of it, just –
Lesley Sewell: It was probably late 2014.
Sir Wyn Williams: Right. Thank you.
Ms Page: Now, you also described earlier today how you effectively fell in with using the word “anomaly” even though, in your own words, that was a “mad” word to use and the correct word was “fault”?
Lesley Sewell: Yes, that is correct.
Ms Page: Do you think that’s the sort of thing that happens in a management environment where people have to curry favour, people have to get on the right side of those above them?
Lesley Sewell: So I didn’t do that to curry favour. That was a direction that we were asked to take. So it wasn’t about myself trying to curry favour.
Ms Page: All right. You also told us that no one had taken ownership of the 2011 EY audit, which had various actions following. So that’s the first of two topics that I want to take you to overall. Just to refresh, that audit in 2011, it exposed some problems around keeping track of who could access what within the Horizon system?
Lesley Sewell: Yes.
Ms Page: The EY management letter said:
“This may lead to the processing of erroneous or unauthorised transactions.”
Lesley Sewell: Yes.
Ms Page: All right. Now, in January of the following year of 2012, there was an RMG Internal Audit report, which picked up on some of the actions from that; do you remember that?
Lesley Sewell: Yes, because I requested it.
Ms Page: You actually requested that, did you?
Lesley Sewell: Yes, I did.
Ms Page: Well, that’s helpful to know. All right, let’s have a look at that. That’s POL00030217. When we get there I want to start, first of all, by going to page 7 where we see the names –
Oh, sorry, I’ve given the wrong reference, POL00029114. I’m so sorry. That’s the management letter but we don’t actually need to go to that. So if we scoot down to page 7, we’ll see the names of those who received this report.
We can see on the left, these are the POL names: Susan Crichton, Christopher Day, Kevin Gilliland, Andy J Jones – that’s probably a relatively new name for the Inquiry – Neil Lecky-Thompson, you, Paula Vennells – at that point Managing Director, so this is pre-separation, isn’t it – and Mike Young, Chief Operating Officer.
Now, am I right in saying that, on the right-hand side, those are RMG names: Derek K Foster, Internal Audit; Moya Greene, Chief Executive of RMG; is that right?
Lesley Sewell: So I recognise some of those names but not all of them.
Ms Page: Am I right in saying Moya Greene, Chief Executive of RMG rather than POL.
Lesley Sewell: Yes.
Ms Page: Then we’ve also got Chief Financial Officer, Chief of Staff, Head of Risk, and then Ernst & Young themselves, of course –
Lesley Sewell: Yes.
Ms Page: – the people who had written the audit and management letter. All right, so those are the recipients.
If we could perhaps have a look first at page 9., what we see is the heading “Appendix B – Update on Actions Arising from 2011 E&Y Audit”. So that’s pretty clear of what’s going on there: that’s a summary of what E&Y had recommended; am I right?
Lesley Sewell: Yes.
Ms Page: What we see on the right-hand side is the status of the actions?
Lesley Sewell: Yes.
Ms Page: We’ve got “Substantial progress made” or “Further work required” against each of them.
Lesley Sewell: Yes.
Ms Page: Is that fair?
Lesley Sewell: Yes.
Ms Page: All right. If we now go back, please, to page 3, we don’t need to read all of this page at all but what we can see is there’s a sort of a summary of key findings and, in the bottom half, “E&Y Management Letter”, is the heading and then, if we look down towards the single line paragraph below that, it says:
“The findings, summarised in Appendix B on page 9 [which is what we’ve just looked at], have been shared with E&Y and reflect our assessment as at the end of January 2012.”
Then we see below that, a line “Management Response”:
“We agree with this report and its findings, and will act to progress the action within the agreed timescales.”
That’s your response, your management response?
Lesley Sewell: Yes.
Ms Page: All right. So there we are, January 2012, and all the actions either say, “Substantial progress made” or “Further work required”; all right?
Lesley Sewell: Yeah.
Ms Page: Now, what I want to do is go forward a little bit to May 2012 and to a briefing paper and the paper reference POL00143075. At the top there, we can see it says it’s a “Briefing for Paula Vennells (Chief Executive) and Chris Day (chief Financial Officer)”, and it’s about the “Post Office IT General Controls, Ernst & Young Audit 2011/12”.
Now, bearing in mind, of course, that Paula Vennells was one of the recipients of that RMG Internal Audit report that we’ve just looked at –
Lesley Sewell: Yes.
Ms Page: – if we just confirm, if you’d like me to – or maybe you don’t need me to. If we see at page 3 that’s got your name at the end and the date is 2012 on that paper; do you remember doing this?
Lesley Sewell: Well, I’ve just received this in the last few days.
Ms Page: Oh, I see.
Lesley Sewell: Yeah.
Ms Page: So does it ring any bells? Did it ring any bells when you read it in the last few days?
Lesley Sewell: It didn’t but I was absolutely involved in it. I couldn’t remember the detail.
Ms Page: What I want to take you to is a bit of an anomaly because, if we look on page 3 and if we look specifically – I’m so sorry, page 2, paragraph 3.4. So if we just look at paragraph 3.4, it refers to that Royal Mail Group audit and it says:
“Through an independent Royal Mail Group audit conducted on the Post Office systems (November 2011), it was agreed that all actions had been completed as planned. Two actions had minor activities still to be completed, which were addressed by December 2011.”
So that’s at odds, isn’t it, with what we just looked at, which said that everything was still pretty much outstanding in January 2012. Have you got anything to help us understand that anomaly?
Lesley Sewell: So I don’t but I can see in the appendix it included of the observations.
Ms Page: It does indeed. We’ll go down to that because that is also rather odd. If we go down, please, to page 4, appendix A, “Summary status of the 2010/11 audit observations – as agreed with the RMG independent audit in November 2011”.
Now, I hope you’ll take it from me that everything below that, the finding numbers, the E&Y ratings, the summary of actions, is the same as the appendix to the RMG audit but you’ll see there, on the right-hand side, instead of those words “Substantial progress made” or “Further work required”, where “Substantial progress” was the wording, it’s now just the colour green, and where “Further work was required”, it’s now just the colour yellow, and so that rather obscures, doesn’t it, that there was still plenty of work to be done in January 2012?
Lesley Sewell: So I don’t – I really don’t recall that and I think it’s unusual for it not just to be lifted.
Ms Page: Was this briefing something that Ms Vennells asked for, do you think?
Lesley Sewell: I have some vague memory of Chris asking for it but, again, I’ve got nothing to substantiate that. It’s very vague.
Ms Page: This was the month after Post Office had separated from Royal Mail Group and there was an ARC meeting, the first ever ARC meeting, in this same month.
Lesley Sewell: Right.
Ms Page: Do you think you got the message that loose ends had to be tidied up? That something needed to be done to make it seem like everything had been actioned when it hadn’t?
Lesley Sewell: No, I don’t recall anything of that nature. I think, just by way of context, the ‘11/’12 audit was a difficult audit because the ‘11, or ‘10/’11 audit reported late, and so actions were put in place throughout that year. So some actions were completed part way through a year, not for a full year, and it wasn’t until the following year that you actually saw the impact of all of the actions, completed actions, taking effect.
Ms Page: Would you accept that it was important for POL, at this point when it was separating, to get a grip? As you said yourself, somebody needed to take ownership of the actions, didn’t they?
Lesley Sewell: Absolutely, and I’ve said that in my witness statement.
Ms Page: Also in your witness statement you refer at paragraph 79 – and I will take you to this, please – at page 40, to a call that you had with Ms Vennells in 2021. That was requested by her and you took some notes, didn’t you?
Lesley Sewell: That’s correct.
Ms Page: That’s 12 April 2021?
Lesley Sewell: Yes.
Ms Page: Now, I won’t read out the whole of the paragraph. If we see there’s a line there:
“Paula contacted me again on 12 April 2021 via text message requesting a call. We spoke for longer … and I made a file note”, and I’ll take you to that shortly.
You say that there are a few things that perhaps seem to be the issues. First of all, it’s about the Project Zebra Deloitte report and then, if we scroll down a little bit, there’s a reference to your note saying, “PV got jumpy”, and that seemed to be in relation to the Deloitte report. But it then says, “I can see reference in my notes to the EY audits”.
So if we just go to your notes, please, it’s WITN00840103, and if we go to page 2, please. We can see in that first rectangular box that you’ve drawn “EY audited controls” and then a bit further down we’ve got:
“2012/2013 – no material.
“Overall control environment not sufficient general IT controls.”
So, evidently, part of this conversation was about this period, wasn’t it, when you had done the work to get the RMG Internal Audit, you had taken control and taken ownership. Can you tell us anything about what Ms Vennells wanted to say to you about all of that in this call?
Lesley Sewell: I can’t remember specifically about the detail of what was discussed. I can vaguely remember the discussion around the ISA 342 (sic), and getting to that position and, again, I had no material, so I had nothing to refer to, and I think there was reference to a number of issues which had come out of the earlier audits, but I can’t remember any detail other than that. I’m sorry.
Ms Page: You felt sufficiently uncomfortable, after that, to actually block Ms Vennells; is that right?
Lesley Sewell: Yes, I did.
Ms Page: If I can move, please, to the second topic that I wanted to ask you about. This is about your investigations – that sounds more formal perhaps than it is – you looking into the receipts and payments mismatch bug in 2013 when POL was responding to the Second Sight Interim Report, and I ask these questions specifically on behalf of my client Seema Misra, whose name I’m sure you know. I want to explore the information you may have heard about whether that bug was disclosed in her trial. All right?
First of all, I want to go to POL00371710. If we scroll all the way down on this chain when we get there, please. That first email in the chain is from Gareth Jenkins to you, providing you with his witness statement in the Misra case and he explains a little bit about it, and it’s evident that he’s talking about a different bug that was disclosed during that case. We’ve come to know it as either the Falkirk bug or the Callendar Square bug. He says he’s happy to dig out anything more and he says the key point is Horizon did have bugs discussed in court but POL won the case.
If we go up a bit, please, to the next email – sorry, just to confirm, that’s on 28 June. You forward that to Alwen Lyons, Martin Edwards and Mark Davies. Mark Davies, we can see, picks up on it:
“This is massively important.
“Is there also a possibility that all incidents – 14 and [16] [that’s the two bugs] – have been referenced in court?”
The 64 is the receipts and payments mismatch bug, isn’t it?
Lesley Sewell: Yes.
Ms Page: So if we go a little bit further up, Alwen Lyons says, “14 unlikely”:
“Hugh, can we check, or is it quicker to ask Gareth, Lesley.”
So I think that’s a question to you, really?
Lesley Sewell: Yes.
Ms Page: Then you respond “Will ask FJ”, and that’s on 28 June. That’s a Friday.
If we go to the next email, it’s POL00137323, page 1. We only need to look at your email on page 1. This is on the Monday following that Friday, which is 1 July and it’s at 12.57. You say to Hugh Flemington, Alwen Lyons, Simon Baker and Rodric Williams:
“I asked the question of FJ if either …”
I won’t take you to it, I hope you’ll take it from me, you’re meaning either of the two bugs:
“… had been referenced in any of the cases, regarding these two issues – the answer is no.”
Do you know who you asked at Fujitsu?
Lesley Sewell: I don’t but I do want to say I feel so deeply about all of the subpostmasters and your client, in particular.
Ms Page: I know you’re doing what you can, so –
Lesley Sewell: But I can’t remember who I asked in Fujitsu.
Ms Page: Did you have a direct relationship with Gareth Jenkins?
Lesley Sewell: No, I didn’t.
Ms Page: So when he sent you that email with his witness statement from that case attached, was that unusual?
Lesley Sewell: It was very unusual and I think I’ve said that in my witness statement.
Ms Page: So you don’t think – I’m just speculating, maybe I shouldn’t: do you think you would have contacted Gareth Jenkins to ask him?
Lesley Sewell: I really don’t know because my main contacts at Fujitsu were the Account Executives. It was rare that I would talk to people under the Account Executives.
Ms Page: Well, let’s then just look at a different email from very much the same time, which may shed a little further light, POL00060587. We can see that Mr Flemington seems to have been at his kids’ school sports day or something but, if we go down, there’s an email from him slightly earlier in the day. So not a dissimilar time to the one that we’ve just looked at from you, 13.16 on 1 July, and you are copied in along with a crowd of people but also including Jarnail Singh.
I just want to look at one particular bit, which is actually over on the next page. This is “High level points for the Board”, and if we go to the bullet point in the middle of the page with four blank bullet points under it and there’s the final one in square brackets, which begins “One”, so all I want to look at is that one:
“One of the two defects has already been discussed in a court case (Misra) – being confirmed.”
Now, we know that, in fact, it wasn’t but what I’m interested in is where that might have come from, where that suggestion that it was raised in the Misra case might have come from. Before I take you to anything else, have you got any free memory of where that might have come from?
Lesley Sewell: I don’t, I’m sorry.
Ms Page: Well, then there’s one other thing that I want to raise, just to see if it jogs any memories. We have another email chain – and I don’t need to take you to it but I’ll give the reference, it’s POL00098797 – and at page 2 of that, it’s clear that you and Mr Ismay had been tasked together, on 28 June, so on the Friday, to look into both the bugs. So do you remember that you were working with Mr Ismay on that?
Lesley Sewell: I’ve seen, in the bundle that I have, that there was some emails which shows we were trying to find out more information.
Ms Page: Did Mr Ismay appear to you to have a reasonable understanding about the receipts and payments mismatch bug?
Lesley Sewell: I can’t remember. I can’t remember if he did or didn’t, but I would be surprised if he didn’t.
Ms Page: Well, certainly, there’s evidence that shows that he was at that meeting that Ms Price took you to earlier, in November 2010, when the three solutions were being discussed –
Lesley Sewell: Yes.
Ms Page: – so that does tally up. We also know that he was playing close attention to the Seema Misra trial.
Was it Mr Ismay who suggested that the receipts and payments mismatch bug might have been revealed in the Misra trial?
Lesley Sewell: I don’t know. I really don’t know.
Ms Page: What about Mr Singh? Did he say anything to you about the Seema Misra trial or the receipts and payments mismatch bug?
Lesley Sewell: I don’t believe I had any dealings with Mr Singh.
Ms Page: You didn’t?
Lesley Sewell: No.
Ms Page: You don’t know him very well?
Lesley Sewell: No. I know he’s been copied on some emails but I didn’t have any dealings with him.
Ms Page: So it wouldn’t have been him who said anything like that, at least not to you?
Lesley Sewell: I can’t – not to me.
Ms Page: All right. Well, thank you, Ms Sewell. Those are my questions.
The Witness: Thank you.
Sir Wyn Williams: Thank you Ms Page.
Mr Moloney?
Mr Moloney: Thank you, sir.
Questioned by Mr Moloney
Mr Moloney: Ms Sewell, you worked closely with Chris Aujard on Project Zebra, the Deloitte report?
Lesley Sewell: Yes.
Mr Moloney: It appears that you were present at a morning meeting with him, referred to in the email from Julie George attaching the Zebra Action Summary that Ms Price has recently asked you about?
Lesley Sewell: Yes.
Mr Moloney: Ms Price asked you about whether you informed Second Sight about the ability of Fujitsu to delete transactions in an undetectable way, and you said that it would have been for Mr Aujard to inform Second Sight?
Lesley Sewell: That’s largely because there was – as I’ve said, and the Inquiry will know, there was a Project Sparrow set up, and I was not part of that, so the line would’ve been through –
Mr Moloney: A different stream –
Lesley Sewell: Yes.
Mr Moloney: – and it would have been Mr Aujard, rather than you?
Lesley Sewell: Yes.
Mr Moloney: When I asked questions of Mr Aujard, I asked him about the Zebra Action Summary and the meeting you and he had with Julie George and others, just as you’ve just been asked by Ms Price.
Lesley Sewell: Yes.
Mr Moloney: I asked him whether or not he informed Second Sight about the contents of the Deloitte report and the Zebra Action Summary. He said, in response:
“The sense from those that were reviewing the Deloitte report was not that this was a critical or significant matter and I don’t know why that is the case. Clearly, the matter was considered and discussed by numerous people internally. It could be – and I don’t want to speculate but it could be – that there were no persons with the requisite access rights and that was the reason or there could be other reasons for it.”
Now, I appreciate this is a difficult time for your memory, your memory is not great around that time, but do you remember you, or any of your department, saying to Mr Aujard that there were no persons with the requisite access?
Lesley Sewell: No.
Mr Moloney: Do you remember you or any of your department saying to Mr Aujard that this was not a critical or significant matter?
Lesley Sewell: Not that I recall.
Mr Moloney: Thank you very much.
Sir Wyn Williams: Is that it, Ms Price?
Ms Price: Yes, sir, it is.
Sir Wyn Williams: Well, Ms Sewell, thank you very much for making your witness statement and thank you very much for coming to give evidence in person before the Inquiry. I’m grateful to you for participating in that way.
The Witness: Thank you.
Sir Wyn Williams: Right. So we’ll adjourn until tomorrow morning when we have Mr Cameron; is that correct?
Ms Price: That’s correct, sir.
Sir Wyn Williams: Fine.
Ms Price: Thank you.
(3.19 pm)
(The hearing adjourned until 9.45 am the following day)