Official hearing page

4 June 2024 – Christopher Day

Hide video Show video

(9.45 am)

Ms Hodge: Good morning, sir, can you see and hear us?

Sir Wyn Williams: Yes, I can, thank you very much.

Ms Hodge: Sir, our witness today is Mr Christopher Day.

Sir Wyn Williams: Yes.

Ms Hodge: Please could the witness be sworn.

Christopher Day


Questioned by Ms Hodge

Ms Hodge: Good morning, Mr Day. As you know, my name is Ms Hodge and I will be asking questions on behalf of the Inquiry.

Please could you give your full name.

Christopher Day: Christopher Mark Day.

Ms Hodge: You should have in front of you a hard copy of a witness statement dated 19 April 2024. Do you have that before you?

Christopher Day: I do.

Ms Hodge: That statement should run to 49 pages, including an index of exhibits; is that correct?

Christopher Day: It is.

Ms Hodge: Could I ask you, please, to turn to page 41 of your statement. At the top, there’s a statement of truth and, underneath, a signature; is that your signature?

Christopher Day: It is.

Ms Hodge: Is the content of the statement true to the best of your knowledge and belief?

Christopher Day: It is.

Ms Hodge: Thank you. Mr Day, your statement is now in evidence before the Inquiry. I’m going to ask you some questions about matters arising in your statement but I don’t propose to take you through each and every topic that you address there. Could I ask you, please, to begin by briefly summarising your professional background before you joined Post Office Limited?

Christopher Day: Yes. My finance background started with working at Beecham Plc as a graduate trainee in the Group Treasury Department. I then moved into financial markets with a US investment bank, before joining Diageo, where I had succession of roles in corporate finance and capital markets and then as an international Finance Director in the Netherlands and Germany.

On returning to the UK, I joined the BBC as Group Financial Controller and then I joined Post Office as Chief Financial Officer in August 2011.

Ms Hodge: Thank you. You explain in your statement that you were appointed by and reported into the Chief Executive Officer, Ms Vennells; is that correct?

Christopher Day: That’s correct.

Ms Hodge: You have explained that you were recruited to bring a more commercial focus to the business’s Financial Division; is that right?

Christopher Day: I believe that’s the case, yes.

Ms Hodge: Is that something which you recall Ms Vennells raising with you at the time of your appointment?

Christopher Day: I do. I recall her referring to what she called the “primacy of finance”, which was that she wanted Finance to take a more proactive role in the management of the Post Office, and the context for that was that we were keen to move to a situation where the Post Office broke even and was no longer dependent on public subsidy.

Ms Hodge: How would you describe the financial performance of Post Office Limited when you took on the role of CFO?

Christopher Day: Well, I think it was a large and complex organisation. It was still loss-making at that point. We had various elements of the business that we were working on to increase profitability, one notable one would be the Crown estate, where we had a very clear plan to drive it back to profitability.

Other elements of the estate were sort of large cost centres, effectively, so very limited in terms of the number of sub post offices that we could close, for example.

Ms Hodge: In your statement you describe the focus of your role comprising three principal elements. You’ve identified the first being to drive the financial performance of the business, as you’ve referred, the second being to provide commercial support to the business and, thirdly, to help the Post Office to compete on the provision of Government services, with the aim of creating a business which was no longer dependent upon public subsidy. Those are the three aspects you’ve identified there; is that right?

Christopher Day: Correct.

Ms Hodge: In a nutshell, was your task to support the CEO in her efforts to make the Post Office a more successful business?

Christopher Day: Yes.

Ms Hodge: Could you please describe your working relationship with Ms Vennells?

Christopher Day: We had a close collaborative working relationship and I believe we worked well together. As I say, she was keen to promote the financial discipline of the organisation and that suited me, my purposes, very well. It was good to work for a Chief Executive who had that focus on the numbers and the financial performance.

Ms Hodge: You’ve mentioned it was her desire for finance to take a more proactive role in management. It’s right, isn’t it, that you deputised for Ms Vennells on occasion when she was on annual leave –

Christopher Day: Yes, from time to time I would deputise for her.

Ms Hodge: – and that therefore your role, certainly then, and I think you accept, extended more broadly than simply dealing with financial matters?

Christopher Day: Yes.

Ms Hodge: I’d like to ask you some brief questions about your responsibilities as CFO. Would it be fair to say that there were two principal aspects to that, one of which related to the external financial reporting of the business?

Christopher Day: Yes, that was my primary focus.

Ms Hodge: You’ve explained that it was your duty as CFO to ensure that all of the company’s annual financial statements were true, fair and accurate – is that correct –

Christopher Day: Correct.

Ms Hodge: – and that the independent annual financial audit was conducted properly?

Christopher Day: Correct.

Ms Hodge: During your tenure as CFO, the firm which performed that independent audit of POL was Ernst & Young; is that right?

Christopher Day: It was.

Ms Hodge: The other aspect of your role, so the other principal aspect, related to the day-to-day management of the business’s financial accounting, budgeting and planning; is that right?

Christopher Day: Correct.

Ms Hodge: One area of the business for which you were responsible was the Product and Branch Accounting Division; is that right?

Christopher Day: Yes.

Ms Hodge: You’ve explained in your statement that Product and Branch Accounting performed the back office accounting function of the business; is that right?

Christopher Day: Yes, essentially, it reconciled the client accounts with the customer accounts.

Ms Hodge: It provided you with the aggregated data and information which you needed to produce the Post Office’s annual financial reports?

Christopher Day: Yes.

Ms Hodge: Would it be fair to say that Product and Branch Accounting, therefore, served an essential role in helping you to meet your obligations for financial reporting?

Christopher Day: Yes.

Ms Hodge: During your tenure, the Division was led by Rod Ismay; is that right?

Christopher Day: Correct.

Ms Hodge: In your statement, you say you would have been briefed about the Horizon system by Mr Ismay, or possibly by a member of his team, on your arrival; is that right?

Christopher Day: Yes, I don’t recall precise conversations but I’m sure they would have taken place early in my tenure.

Ms Hodge: I think it’s at paragraph 38 of your statement, please, WITN10000100. It’s on page 12, please, paragraph 38. The penultimate sentence reads:

“As CFO, I was expected to have a general understanding of how [Post Office Limited] accounts for transactions in branches and by product type, for the purpose ultimately ever ensuring the reliability of POL’s financial statements.”

Presumably, at a minimum, you would have understood that Horizon was a point of sale and financial accounting system that was operated and maintained by Fujitsu Services?

Christopher Day: Yes, I would.

Ms Hodge: You would have been aware that the system was used in the Post Office branches to process and record each transaction performed at the counter by a subpostmaster, a manager and assistant, for example?

Christopher Day: Yes, I would.

Ms Hodge: You would have also been aware, I assume, again at a minimum, that those transactions processed and recorded by Horizon were transmitted to Post Office’s back office accounting systems?

Christopher Day: Yes.

Ms Hodge: There, as you’ve said, they would be checked and reconciled against data provided to the Post Office by its clients?

Christopher Day: Correct.

Ms Hodge: Do you recall what you were told, if anything, by Mr Ismay about the contractual relationship between the Post Office and its agents?

Christopher Day: I don’t, I’m afraid.

Ms Hodge: Were you aware at the time that you took on your role that Post Office and branch accounting were responsible for issuing transaction corrections to recover from subpostmasters accounting shortfalls shown by Horizon.

Christopher Day: I believe I would have been aware shortly after joining, either through conversations with Mr Ismay during my induction or having read the now called Ismay Report.

Ms Hodge: I will come on to that in a moment but, before I do, do you recall what you were told about that process of issuing transaction corrections?

Christopher Day: I don’t.

Ms Hodge: It was shortly after you took up your role as CFO that you received an email and attachment from Mr Ismay, relating to challenges to the integrity of Horizon; is that right?

Christopher Day: Correct.

Ms Hodge: Could we, please, first turn up that email, which is at POL00294836. Thank you. So we see there it’s an email from Mr Ismay to you, Mr Day, on 8 September 2011, so relatively shortly after you took up – I think you said August 2011 was when you started in the role of CFO. The subject of the email is “Horizon Challenges”, a report dated 2 August 2010, and the name of the attachment is “Horizon Integrity”. Mr Ismay says:

“Chris – further to my last email, please find attached a report I did last summer for Dave Smith (then MD). It is a long report but that detail was agreed as necessary and I would be grateful if you could read it as context to the update I need to give you.”

Just pausing there, would it be fair to say that this wasn’t simply a report that passed across your desk, it was something Mr Ismay wanted you to read and discuss with you.

Christopher Day: Yes.

Ms Hodge: He goes on to say then, in the third paragraph:

“Mike Granville has had related stakeholder conversations …”

Do you recall Mr Granville’s role?

Christopher Day: I don’t recall his precise role. I think he was involved in a government communications, PR-type role.

Ms Hodge: It goes on to say:

“… and I expect you may have heard references to this area …”

By which he presumably he meant Horizon integrity, would you agree?

Christopher Day: Yes.

Ms Hodge: “… from Kevin, Paula, Susan or Mike.”

So he’s assuming there, is he not, that this is a subject that you would have already discussed with directors of the company, the Chief Executive, General Counsel or Mr Granville?

Christopher Day: That’s what he’s saying, yes.

Ms Hodge: Do you recall whether you did, in fact, discuss the issue of Horizon integrity with any of those individuals named there?

Christopher Day: I have no recollection of discussing it with any of those individuals.

Ms Hodge: Were you concerned to be told, so early in your tenure, that the integrity of the system from which you’d derived your financial accounting data and information, was being challenged?

Christopher Day: My recollection is that the report was shown to me partly from Mr Ismay to describe the role that he was doing and the function of his team, but also clearly to alert me to the fact that there had been challenges to the integrity of the system but, as I understood it, those had all been addressed at the time.

Ms Hodge: So is the answer you weren’t concerned at all?

Christopher Day: I was aware of the challenges. I don’t think I was unduly concerned.

Ms Hodge: You would have known, would you not, that, if the Horizon system lacked financial integrity, then the financial statements for which you were responsible might not be true, fair and –

Christopher Day: Absolutely.

Ms Hodge: In your previous roles, had you ever come across a situation like this before, where users of the business’s accounting system were saying, “We believe it lacks financial integrity”?

Christopher Day: No, I hadn’t.

Ms Hodge: It’s your evidence that, I believe, you have no independent recollection of reading this report; is that correct?

Christopher Day: That’s true. I’m sure I read it but I don’t recall reading it.

Ms Hodge: And you don’t recall whether you had any discussions with Mr Ismay, albeit this email does tend to suggest that he wished to discuss the matter with you?

Christopher Day: I think it’s highly likely that I discussed it with him as part of my induction. I don’t recall the precise conversation.

Ms Hodge: I’d like to explore with you what you thought or would have thought, based on your recollection at the time, about some of the issues that are raised in this report. Please could we bring up a copy of the report at POL00294837. So we see at the top there, as we know, this was a report that Mr Ismay produced for the then Managing Director, Dave Smith. There are various Senior Managers in the organisation who were copied into this report, originally produced just over a year prior. The title of the report is “Response to Challenges Regarding Horizon … Integrity” and the first paragraph reads:

“Post Office Limited has, over the years, had to dismiss and prosecute a number of subpostmasters and Crown staff, following financial losses in branches. A small number of these have made counter claims that they [are] not guilty of the charges made but that the Horizon system was faulty.”

Just pausing there, had you had any prior experience of working for an organisation which prosecuted its staff for financial losses suffered by the business?

Christopher Day: I hadn’t, no.

Ms Hodge: You’ve explained in your statement that you did not know when you first joined the Post Office that it brought private prosecutions against its agents and its staff; is that right?

Christopher Day: Yes, I don’t recall being aware at the time, although I can see it’s indirectly referenced in this report.

Ms Hodge: So, by the time you read this report in early September, you would have been aware of that fact, would you not?

Christopher Day: I think it’s highly likely that I was aware.

Ms Hodge: Knowing that the Post Office brought prosecutions in these circumstances, would that have affected the importance that you attached to the financial integrity of the business’s accounting systems?

Christopher Day: Yes, I think it would.

Ms Hodge: Why?

Christopher Day: But I think – I think my primary focus would have been on whether I, as CFO, could rely on the integrity of the system to verify the accuracy of the financial statements of Post Office. That would have been my primary focus.

Ms Hodge: In terms of wider risk to the business, however, would you have been concerned about the importance of financial integrity, bearing in mind that you knew that the business brought prosecutions in reliance on Horizon data against its agents and employees?

Christopher Day: I don’t know whether I made that specific connection at the time.

Ms Hodge: The report goes on to say in the second paragraph:

“Various lobbying groups have been set up by former subpostmasters and these have at times received national media coverage and in some cases been taken up by local MPs. Most recently, Channel 4 has proposed a news article about this area.”

This suggests, does it not, that concerns about Horizon’s integrity were not isolated to a few disgruntled subpostmasters who’d been convicted but had attracted the attention and support of Members of Parliament and the national media?

Christopher Day: Yes, it does.

Ms Hodge: Do you think that would have registered with you at the time as a significant area of risk for the business?

Christopher Day: I think the context for this would have been a knowledge of the size of the network and the relatively scarce incidents of such matters, but I think, in terms of peripheral vision, yes, I’m sure I would have had an awareness that there had been some media coverage, that there was some reputational risk to the Post Office.

Ms Hodge: If we continue, please, on to the following paragraph, the report defines its purpose there as being to provide:

“… an objective internal review of [Post Office Limited’s] processes and controls around the branch accounting.”

It explains it includes an overview of Post Office’s control environment; its response to accounting errors, which we’ve referred to as transaction corrections; its IT systems, so Horizon versus Horizon Online. Were you aware at this stage as to the existence of different iterations of the system, that is to say an earlier version which had been superseded by Horizon Online?

Christopher Day: I believe I would have known that Horizon Online had replaced Horizon in January 2010. That’s probably the extent of my knowledge at that stage.

Ms Hodge: It refers there to the “resolution of known issues”, under “IT systems”.

Thirdly, third party perspectives comprising court judgments, media and audit.

Then, lastly:

“Statistics on branch accounting issues, suspensions and prosecutions.”

Would you agree that that accurately summarises the focus of the report being on the Post Office’s processes and controls, as opposed to, by contrast, Fujitsu’s processes and controls?

Christopher Day: Yes, I would.

Ms Hodge: What you were not receiving in this report was a very detailed explanation of how Horizon operated at a technical level; is that fair?

Christopher Day: That’s fair.

Ms Hodge: Therefore, to someone without a detailed technical background, it was nonetheless a relatively comprehensible report, was it?

Christopher Day: Sorry?

Ms Hodge: For someone who did not have a detailed technical background in IT matters, what was canvassed in this report was readily understandable to you, was it?

Christopher Day: Broadly, yes, it was.

Ms Hodge: If we can move on, please, to the “Executive Summary”, which is on the second half of this page, it reads, in the first paragraph:

“The allegations to which we are responding follow on from cases where thousands of pounds were missing at audit. We remain satisfied that this money was missing due to theft in the branch – we do not believe the account balances against which the audits were conducted were corrupt.”

Just pausing there, were you told by Mr Ismay, or did you later become aware during your time as CFO, what, if any, enquiries were made by Product and Branch Accounting when an SPM or an employee said, “I simply do not know what has caused the accounting shortfall in the branch accounts. I think the system must be at fault”? So my question is: would you have known what processes were followed by Product and Branch Accounting to investigate the causes of these shortfalls?

Christopher Day: I think I would have had a broad understanding of the processes, in terms of investigating the differences, but I don’t think I would have a detailed understanding of what happened in each particular case.

Ms Hodge: Do you think that’s something you would have enquired about at the time, namely what are we doing as a business to satisfy ourselves that these losses are genuine, bearing in mind what we’re being told by our agents and employees about suspected faults in the system?

Christopher Day: I don’t recall, but my memory is that these were relatively rare occurrences. So I …

Ms Hodge: We’ll come on shortly to look at that issue. If we turn to the second paragraph, please, of the “Executive Summary”, it states:

“[Post Office Limited] has extensive controls spanning systems, processes, training and support. Horizon is robust, but like any system depends on the quality of entries by the users.”

If we just pause there again, would that have struck you at the time that you read this report as an accurate statement, namely that the robustness of Horizon depended on the quality of the entries made by its users?

Christopher Day: I believe it would have done, yes.

Ms Hodge: Would it have occurred to you that the quality of the code and the work undertaken to develop and maintain the system might have been significant factors which affected the robustness of the system?

Christopher Day: I don’t believe I would have had that awareness.

Ms Hodge: Do you think it would have struck you at the time that statements like that betrayed an assumption by the Post Office that any fault, any accounting error, responsibility for any accounting error, must lie with the user?

Christopher Day: I don’t think I would have seen it that way. But I can see now that it could be interpreted that way.

Ms Hodge: From your experience of working with large-scale IT systems, would you have considered that to be an accurate assumption, that any accounting error must be the fault of the user?

Christopher Day: No. I don’t think I would have had that general view.

Ms Hodge: What would your experience have been?

Christopher Day: I think my experience would have been that faults could have arisen for any number of reasons, either user error, problems with software, problems with processing.

Ms Hodge: Do you recall whether you took any steps to challenge the assumption that we see there?

Christopher Day: I don’t recall but I don’t believe I did. I think I read and accepted this report at first sight.

Ms Hodge: If we carry on, please, to the final paragraph on the first page, which reads:

“The integrity of Horizon is founded on its tamper proof logs, its realtime backups and the absence of ‘backdoors’ so that all data entry or acceptance is at branch level and is tagged against the log on ID of the user. This means that ownership of the accounting is truly at branch level.”

On the face of it, what Mr Ismay appears to be identifying here, a variety of security features which underpin his stated confidence in the integrity of Horizon; is that fair?

Christopher Day: Yes.

Ms Hodge: What did you understand Mr Ismay to mean by the “absence of ‘backdoors’”?

Christopher Day: I would have understood this to mean that only the subpostmaster had access directly to their data, that there was no intervention at the centre by Product and Branch Accounting and that the data stood in accordance with what was input in the branch, and that there was no other access to that data, hence the tamper-proof logs.

Ms Hodge: We know, because we’ve discussed it, you were aware that Product and Branch Accounting issued transaction corrections and Mr Ismay deals with these, please, at page 7 of the report. So this is under the heading of “Accounting and control in [Product and Branch Accounting]”. Within the box at the top, the first paragraph reads:

“Central controls over accounting are primarily in the Product and Branch Accounting team but also include activity in cash centres and alerts from our method of payment [processes].”

If we go on, please, to the following page, at page 8, there’s a number of bullet points there, the first one relating to transaction corrections. This is where we see here he gives his explanation about backdoors. It reads:

“… ‘double entry’ adjustments sent to branches for their acceptance [this is his definition of transaction corrections]. There is no ‘backdoor’ to force them into branch accounts. Visibility is key to ensure ownership of the issue and prevent any risk of arguments about ‘backdoors’.”

So that would be consistent, would it not, with your understanding that you’ve stated –

Christopher Day: Yes.

Ms Hodge: – to me just now, essentially, that you’ve been told here that, if and insofar as Product and Branch Accounting issued a transaction correction, it still had to be accepted by the agent in branch –

Christopher Day: Correct.

Ms Hodge: – and, therefore, they retained ultimate control over their accounting data?

Christopher Day: Correct.

Ms Hodge: Please could we return to the executive summary, which is on page 2, now. The second paragraph reads:

“Accounting errors do happen through user mistakes, but these can be explained and resolved case by case.”

So, again, we see that assumption that all accounting discrepancies are caused by the user, do we not?

Christopher Day: We do.

Ms Hodge: “Systems issues have also arisen but again POL has been able to explain them and rectify them.”

So you’re being given assurance there that, if and insofar as issues have arisen, they have been rectified by the business?

Christopher Day: Correct.

Ms Hodge: “Whilst they have affected the available and functionality of the system, with consequent impacts on customers and clients, they do not bring the integrity of the system into question.”

Now, this paragraph of the report alerted you to system issues, did it not –

Christopher Day: Yes.

Ms Hodge: – that were known to Post Office Limited at the time?

Could we please move forward to the section of the report where these system issues are addressed in more detail. That’s at page 15. This section is entitled “Known IT issues”and Their Non-Applicability to the Allegations Made”. I’d like to ask you, please, some questions about the example given at (b), which is described as “Barcode sticking”. The first paragraph reads:

“A small number of branches have experienced a situation where a customer transaction ([for example] a bill payment) sticks on the details of the preceding transaction. In some cases the branch has spotted it immediately but in some cases it has only come to light when the customer complains that they are being chased for an ‘unpaid’ bill. Incidents go back to 2005.”

So, on the face of it, if we pause there, what’s being described here is an accounting error, namely that a transaction has not been properly processed and recorded by Horizon; would you agree with that?

Christopher Day: Yes.

Ms Hodge: What’s more, contrary to the assertion that’s made in the executive summary, it was not an error caused by the user but by the system itself. That’s right, isn’t it?

Christopher Day: Yes.

Ms Hodge: This paragraph also tells us that the issue dated back to 2005, so this is five years before this report was prepared?

Christopher Day: Correct.

Ms Hodge: If we read on, we can see Mr Ismay’s description of the steps which were taken by Post Office Limited to explain and rectify the problem, as he suggests in his Executive Summary. The second paragraph reads:

“Up to now it had been understood that [this issue] related to a version of scanners where [Post Office Limited] did not know which other branches had the same version. It was not therefore possible to isolate other branches. It was also a rare event on the scanners themselves. It was not a systematic failure with every transaction on the particular scanner.”

If we pause there again, we can see from this paragraph, can we not, that Post Office Limited had originally understood this problem to relate to a piece of hardware, namely the barcode scanner that was used and that supported the Horizon system.

Christopher Day: Yes.

Ms Hodge: It’s also clear that this misunderstanding, as to the source of the problem, had prevailed until shortly before this report was written in August 2010. Is that not clear from the statement “Up to now it has been understood”?

Christopher Day: Yes, you could interpret it that way.

Ms Hodge: Namely between 2005, and we’re now nearly August 2010, when this report is produced, it has been assumed by Post Office Limited that this problem related to a piece of hardware?

I think you agree that that’s –

Christopher Day: Yes, you can interpret it that way, yes.

Ms Hodge: – an acceptable interpretation of that?

In terms of the remedial steps that Post Office said they’ve taken to deal with this issue, you were told here that Post Office didn’t know which branches were affected by what was thought to be this faulty version of the barcode scanner and, as a result, they’d not been able to identify the branches affected by the problem; do you agree with that?

Christopher Day: Yes.

Ms Hodge: So is it not right that you’re essentially being told here that, for a period of nearly five years, Post Office had done nothing to address the underlying problem which was causing this known issue?

Christopher Day: I don’t know if I’m being told that. I think I’m being – I think he’s seeking to differentiate between any errors, which would have been caused by inputting of data in a branch, with broader hardware issues, which he’s asserting did not have any direct bearing on any of the previous legal cases, and that there would be, from time to time, glitches that would happen with the system that would be rectified. I accept that it looks as if this particular one took a long time to be rectified.

Ms Hodge: So if we look, then, at the following paragraph, it confirms that Fujitsu had investigated the issue, that is to say the suspected problem with the hardware, the barcode scanner, and had advised Post Office it’s not a hardware related issue; it’s a Riposte software issue. Were you aware of the function that Riposte served in the Horizon system?

Christopher Day: No.

Ms Hodge: It goes on to state:

“It will cease to be a problem with Horizon Online, as HOL [meaning Horizon Online] does that use Riposte.”

So again we see here, quite some time after the issue first arose, Fujitsu have ultimately diagnosed it as a software fault, not a hardware issue, but they’re not intending to do anything about it because the original Legacy version of Horizon is going to be shortly superseded; is that how you would have read?

Christopher Day: That appears to be the case, yes.

Ms Hodge: Now, what Mr Ismay goes on to tell you is that:

“This issue does not appear to have arisen in any of the legal cases in question and the incidents have been resolved at all branches where it has been noted.”

Now, pausing there, what you were being told is that, where accounting errors had arisen and had been discovered, they had been resolved –

Christopher Day: Yes.

Ms Hodge: – that’s correct, isn’t it? But you’d also been told in the preceding paragraphs that Post Office Limited had not taken steps to identify the branches affected by this problem in the period between 2005 and 2010, had they? They’d not taken active steps to try to identify which branches were affected because they didn’t know which branches had this faulty barcode scanner?

Christopher Day: That would appear to be the case, yes.

Ms Hodge: The Post Office had instead relied upon the branch to spot the problem or a customer to raise a complaint, for example, about an unpaid bill?

Christopher Day: Yes.

Ms Hodge: So a reactive rather than a proactive –

Christopher Day: It looks that way.

Ms Hodge: – response?

Bearing in mind that this fault appears to have persisted for a period of five years, undiagnosed and unresolved in the Horizon system, would you have not entertained the possibility that there would be affected branches where accounting errors hadn’t been detected and adequately resolved; where, for example, a subpostmaster had made it good because they couldn’t work out the underlying cause of the problem –

Christopher Day: I think that’s a possibility.

Ms Hodge: – or had been made to repay?

Christopher Day: But, again, I think Mr Ismay is seeking to draw a differentiation between errors or imbalances generated at the point of sale from issues relating to hardware or software that was no longer used, but I can see from this that there may have – this may have been a relatively widespread issue.

Ms Hodge: It appeared to show, did it not, that there was a software bug in the system which was capable of causing accounting errors because, if a customer complained that their bill hadn’t been paid, then, at some stage in the process, an error had arisen, had it not?

Christopher Day: Yes, it would depend how – you know, the order of magnitude, how many customers and branches were affected.

Ms Hodge: Did you consider that this information was consistent with the confidence being expressed by Mr Ismay in the integrity of the Horizon system?

Christopher Day: I viewed this series of bugs or glitches that had happened historically as beings things which typically happen in a large IT computer system, that they had been addressed – I can see this one took a long time to be addressed – but what I was clearly being asked to accept was that none of these issues had any direct relation to previous legal cases.

Ms Hodge: That appears to be the assumption that was made by Mr Ismay, and that’s what he says in the report, but what I’m testing with you is whether that’s really consistent with what you were being told here because you were being told that Post Office were taking no steps to detect this issue, to proactively resolve it, and Fujitsu weren’t even aware that the software fault existed. So how could you or Mr Ismay possibly be confident that these were isolated cases and they’d all been resolved?

Christopher Day: Well, I think my personal assurance would have been, again, going back to my duties as CFO, was to verify the accuracy of the company’s financial statements and, rightly or wrongly, I would have taken assurance from the fact that Horizon Online had been introduced in 2010 and that this particular issue no longer existed.

Ms Hodge: It didn’t say very much, though, did it, for Post Office’s processes and procedures before you came into post?

Christopher Day: Well, it suggested that there had been issues in the past, which had generally been resolved, and/or Horizon Online had superseded the previous system.

Ms Hodge: The final thing that Mr Ismay says about this particular issue is that, we can see there in the final paragraph and the last sentence:

“This is not considered a systematic integrity issue for Horizon and it should be resolvable from the facts of records in the Horizon transaction logs.”

Would you have agreed with Mr Ismay’s assessment that this was not a systematic integrity issue?

Christopher Day: I think I would have accepted it at face value at the time and I think the reference to the transaction logs presumably means that all of the discrepancies would have been found and could have been found in due course.

Ms Hodge: If the transaction logs still existed?

Christopher Day: Indeed.

Ms Hodge: I’m going to move on now from known IT issues to another part of the report, in which Mr Ismay addressed the option of procuring an independent review or audit of Horizon to respond to the challenges to its integrity. Do you recall that aspect of the –

Christopher Day: Yes.

Ms Hodge: Can we please turn to page 19. Thank you. In the second half of the page 19 we see the heading “4(c) Independent Review and Audit Angles”. The report states:

POL has actively considered the merits of an independent review. This has been purely from the perspective that we believe in Horizon that a review could help give others the same confidence that we have.”

So we see, again, Mr Ismay making a very clear statement of confidence in the integrity of the system; is that fair?

Christopher Day: Yes.

Ms Hodge: He goes on to say:

“Our decision between IT, Legal, [Product and Branch Accounting], Security and Press Office has continued to be that no matter what opinions we obtain, people will still ask ‘what if’ and the defence will always ask questions that require answers beyond the report. Further such a report would only have merit as at the date of creation and would have to be updated at the point at which Horizon or the numerous component platforms were upgraded.”

What this appears to be saying, does it not, is that it simply wouldn’t be worth commissioning an independent review because it would not have the effect of silencing criticisms of Horizon; is that fair?

Christopher Day: Yes.

Ms Hodge: At the time you read the report, would you have considered that a good reason for not procuring an independent review of Horizon?

Christopher Day: I don’t think I would, actually. I mean, I clearly wouldn’t now and I don’t recall in detail reading this paragraph, but I would like to think that I wouldn’t think that this was a suitable reason or series of reasons for not commissioning an independent review.

Ms Hodge: Sorry, I’d just like to clarify that last point you’re saying. You think you wouldn’t have thought –

Christopher Day: Yes, I – clearly, I have a clear view now but, trying to place myself back in 2011 and reading this, although I don’t have a precise recollection of reading it, I would like to think that I would not accept these reasons as a legitimate reason for not commissioning an independent review.

Ms Hodge: The report goes on to say:

“Ernst & Young and Deloittes are both aware of the issue [by which he presumably means the issue about integrity] from the media and we have discussed the pros and cons of reports with them. Both would propose significant caveats and would have limits on their ability to stand in court, therefore we have not pursued this further.”

What Mr Ismay appears to be saying here is that Ernst & Young, POL’s external auditors, and Deloittes, were simply not prepared to sign off on the integrity of Horizon; is that fair, so far as he understood it?

Christopher Day: No, I don’t think I would interpret it that way.

Ms Hodge: How would you have interpreted it?

Christopher Day: I interpret this as saying that both the auditors and Deloitte would be likely to introduce so many caveats that a report might not have much value and might not be able to address all of the questions asked.

Ms Hodge: Isn’t that in the nature of a caveat: that what you’re saying is “I can’t sign this off as having integrity because I simply am not in a position to say one way or the other that it does”? Is that not what the reference to “caveats” is?

Christopher Day: Broadly, yes. It would depend what those caveats were, of course.

Ms Hodge: Did you consider at the time that there was a tension between the absolute confidence which POL was expressing in the integrity of Horizon and the reluctance of its statutory auditors to sign up to that position?

Christopher Day: No, because I had a separate relationship with Ernst & Young and, as I’m sure we’ll come on to discuss, we were working through a series of improvements to the IT control environment. So, set against that knowledge of what I was actually working on, I don’t think this paragraph would have particularly surprised me.

Ms Hodge: As you’ve just alluded to now, the report goes on to explain that the external audit that Ernst & Young perform includes tests of Post Office Limited’s IT and finance control environment but the scope and materiality of those tests mean that Ernst & Young would not give a specific opinion on the systems from this. We shall come on to that topic shortly, this issue of the Post Office’s IT and finance controls, but you were aware from your work with Ernst & Young that those tests were carried out – were you not –

Christopher Day: Yes.

Ms Hodge: – and that Ernst & Young would not express an opinion on the overall integrity of the system due to the relatively high-level nature of the work that they were doing on those controls and processes; is that fair?

Christopher Day: Yes, it is.

Ms Hodge: Before we move on from this report, please, there’s one final paragraph I’d like to address. Could we turn to page 20. So this is following on from the part of Mr Ismay’s exploration of obtaining an independent review and audit. He states:

“It is also important to be crystal clear about any review if one were commissioned – any investigation would need to be disclosed in court. Although we would be doing the review to comfort others, any perception that POL doubts its own systems would mean that all criminal prosecutions would have to be stayed. It would also beg a question for the Court of Appeal over past prosecutions and imprisonments.”

Did it strike you as odd that one of the reasons being advanced by Mr Ismay for not commissioning an independent review would be that it would need to be disclosed in court?

Christopher Day: I don’t recall, it certainly strikes me as odd, having reread the report recently but I don’t recall having thought at the time that this was odd. Again, my primary focus would have been to understand issues that might relate to the integrity of Post Office’s financial data and, regrettably, I don’t think I would have been focusing so much on what might need to be disclosed in court as a result of having an independent review commissioned. I don’t think that would have been uppermost in my thoughts at the time.

Ms Hodge: Do you think you would have been in favour of commissioning such a review when you read this report, bearing in mind the importance of integrity to your functions and the accuracy of the Post Office’s financial statements?

Christopher Day: Do I think then that I would have been? I think I accepted the broad thrust of this report at the time. I don’t think any of the legal or prosecution issues would have influenced me but I think I wrongly took assurance on the integrity of the data for my purposes.

Ms Hodge: You’ve said several times in relation to this report “I accepted, I accepted, I accepted what I was being told”. Now, you’d obviously only been in post for a matter of weeks, you couldn’t be expected to understand or have an awareness of the detail of this report but it was your role to challenge, was it not, where challenge was necessary?

Christopher Day: Yes, and I would set this report into a broad context of a wide induction programme for – taking several months across the whole of the Post Office Network. This is clearly an important part for me to understand what’s happening in Chesterfield. Mr Ismay is telling me there’s a back history here that you need to be aware of, that there have been challenges to the integrity of the system, but I would set that against the context of I’m having parallel conversations with the audit partner from Ernst & Young and getting an independent view from him on the quality of data, the integrity of the system, areas of control weakness that still need to be addressed. So this is an important piece of context but this was not my only reference point, at that stage.

Ms Hodge: No, by no means, but it was something of a red flag, was it not –

Christopher Day: Yes.

Ms Hodge: – issues with the integrity of the system?

Christopher Day: And I’m sure I would have discussed it with the audit partner, bear in mind that at least 50 per cent, 60 per cent of the audit each year was carried out in Chesterfield.

Ms Hodge: Thank you. If we can turn, then, to our next topic which is the annual independent financial audit conducted by Ernst & Young. What I would like to explore with you now, if I may, is your knowledge of those reviews that Ernst & Young conducted on POL’s IT governance and control environment.

You’ve explained in your statement you weren’t in post at the time when Ernst & Young conducted and finalised their audit for the financial year 2010/2011.

Christopher Day: Correct.

Ms Hodge: That’s correct. But the findings of that audit were communicated to you and you discussed them with the audit partner, Angus Grant; is that right?

Christopher Day: Yes, I did.

Ms Hodge: You state that your conversation with Mr Grant was positive, so far as you recall?

Christopher Day: It was. I recall it was a positive conversation. He described a gradual improvement in the overall quality of internal controls. He referenced the fact that there was more work to be done and I think, as we’ll see in the executive summary for the management letter from 2010/11, he referenced some specific areas that he described as refinements, rather than fundamental control deficiencies. So, from my point of view, I wanted to know how bad things were and, frankly, what the chances were of serious management letter points and/or a qualified audit, and he assured me that neither of those was the case.

Ms Hodge: As you’ve just explained, you took assurance from the fact that the audit had not identified issues that would lead to a qualification of the report. That really is the nuclear option, is it not, to qualify the financial statements of a business?

Christopher Day: It is.

Ms Hodge: Therefore, there might be some very serious issues which need to be addressed but which don’t necessarily lead to a qualification?

Christopher Day: That’s true.

Ms Hodge: Could we please bring up the management letter which was produced by Mr Grant in August 2011. It bears the reference POL00030217. Thank you.

On page 2 of this document, please, we have the introductory letter from Mr Grant to Sarah Hall. Do you recall what Ms Hall’s role was?

Christopher Day: She was financial controller.

Ms Hodge: Thank you. It bears the heading, “Internal control matters arising from the 2011 audit”, and it goes on to state in the second paragraph:

“Our review of the company’s systems of internal control is carried out to help us express an opinion on the accounts of the company as a whole. This work is not primarily directed towards the discovery of weaknesses, the detection of fraud or other irregularities (other than those which would influence us in forming that opinion) and should not, therefore, be relied upon to show that no other weaknesses exist or areas require attention. Accordingly, the comments in this letter refer only to those matters which have come to our attention during the course of our normal audit work and do not attempt to indicate all possible improvements that a special review might develop.”

So this really here is one of those significant caveats that we saw discussed in Mr Ismay’s report, which is to say that an audit of this type should never be relied upon as signing off a system as having integrity because its primary function is to look at those areas which might have an impact upon the financial statements but not more holistically at the system; is that fair?

Christopher Day: That’s true. But I would say it’s difficult to imagine – when you look at all the transactions that are covered within the financial statements, it’s difficult to understand exactly how extensive weaknesses could be that would not have any impact at all on the financial statements of the organisation. But I accept that he’s not giving a blanket green light to the Horizon system nor would I have expected him to.

Ms Hodge: I think the point is: is it not so much that weaknesses in the system wouldn’t have an impact on integrity; is it not rather that Ernst & Young are not looking at all aspects of the system, they’re not looking at the code, they’re not looking at, you know, the specifics of the underlying architecture and structure of the system and, therefore, they’re not signing it off overall as robust?

Christopher Day: That’s correct.

Ms Hodge: Notwithstanding that caveat, Ernst & Young had detected deficiencies in POL’s IT environment, had they not?

Christopher Day: They had.

Ms Hodge: If we could turn to the “Executive summary”, please, on page 3. So, in the first paragraph, we see a point you’ve already alluded to, which is that improvements have been made by Post Office Limited, so it reads:

“The finance leadership team at Post Office Limited has implemented and processed improvements throughout the organisation during the past financial year.

“In particular, focussed management action has addressed many of the issues raised in our prior year management letter and led to significant improvements in the overall payroll control environment. The recommendations we have made in this report should be seen as refinements rather than fundamental control deficiencies in comparison.”

So that’s really summarising the point you made earlier as to what you took from this report, improvements had been made, these were refinements now being identified, not fundamental control deficiencies? Is that –

Christopher Day: Correct.

Ms Hodge: Okay. It goes on to state, however:

“The main area we would encourage management focus on in the current year is improving IT governance and control environment.

“Within the IT environment our audit work has again identified weaknesses mainly relating to the control environment operated by POL’s third party IT suppliers”, who were –

Christopher Day: Fujitsu.

Ms Hodge: – so far as you are aware, Fujitsu:

“Our key recommendations can be summarised into the following four areas [fourth of which is to]:

“Strengthen the review of privileged access.”

What did you understand this letter to mean by “privileged access”?

Christopher Day: I think I understood it to be a theoretical possibility that people could access elements of the system. Having been told that there were no backdoors to the system, I would not have believed that this entailed access to the – what I would call the front office, the branch accounts, of Horizon. But I can see that it was a significant finding and a control weakness that would need to be addressed in short order.

Ms Hodge: When you say that you understood it to be only a theoretical possibility, is it your evidence that, in reaching that assumption, you were relying upon what Mr Ismay had told you about the absence of backdoors?

Christopher Day: I can’t – certainly, Mr Ismay’s report would have been in my mind. I can’t recall whether there would have been other references as well. I don’t – that may not have been the only reference point that I had for forming that opinion.

Ms Hodge: Bearing in mind this is identified as one of the four main areas which require management attention, would you not have discussed this with Mr Grant at the time, to test your assumption that it was a purely theoretical possibility?

Christopher Day: I don’t recall whether I discussed these four issues specifically with him at the time. It’s likely that I would have done but I don’t recall the conversation.

Ms Hodge: So are you saying that you think your conversation simply focused on the positive areas of improvement?

Christopher Day: Well, I think that was the wider context – was that things had improved greatly but “There are some areas that you need to continue to improve, together with your IT colleagues and your third-party supplier”, hence the first reference to improving governance of the outsource application management. There’s clearly a criticism there of the way that Post Office was managing the Fujitsu relationship and the degree to which we were taking direct control of the control environment.

Ms Hodge: It’s likely, is it not, that Mr Grant would have discussed each of those four points with you in some detail, no?

Christopher Day: Quite possibly.

Ms Hodge: You simply don’t recall?

Christopher Day: I don’t recall.

Ms Hodge: It might assist if we were to look at the section of the report which addresses this issue, please. Could we turn to page 31. Thank you. So we see the left-hand column bears the heading “Background”, the middle column “Recommendation” and the final column “Management Comment”. In the bottom row, the report reads:

“We reviewed privileged access to IT functions including access to user administration functionality across all in-scope applications and their supporting infrastructure.”

It goes on to say, if we can turn over the page, please, “Our examination revealed”. It deals first with POLSAP, which was the Post Office’s back end accounting system – is that correct – and then goes on to deal with Horizon Next Generation on the following page, please. It states there:

“There are inappropriate system privileges assigned to the APPSUP role and the SYSTEM_MANAGER role on the Oracle database level on the Branch Database Server supporting HNG-X;

“There is [also] inappropriate privileged access at the Oracle database level on the Transaction Processing System server (DAT) supporting HNG-X.”

Would you have understood at the time what was being referred to here, do you think?

Christopher Day: I don’t think I would have had a detailed understanding of it and, clearly, it’s taken on far greater significance since that time. I think I would have viewed this as one of a series of areas of weakness. I would have viewed it as theoretical but something which needed to be addressed and which, in due course, we did take steps to address, both internally and with Fujitsu, over the course of the next 12 months and, indeed, in the financial year – my first financial year 2011/12, significant steps were taken to address each of these and Ernst & Young carried out compensating testing to be able to give themselves the assurance they needed, admittedly for the purpose of verifying the financial statements and the – being able to give us a clear audit.

So yes, looked at in isolation with what we now know, this looks like a very clear message. What we actually did was to gradually close, over the course to of the next 12 to 18 months, all of these loopholes and, in fact, for the financial year which commenced one April 2012, we had ISAE 3402, which is the international standard for accreditation for testing of IT controls, in place at the cost of Fujitsu, so we had effectively closed all of these doors within eight months of me joining the organisation.

Ms Hodge: We’ll come on shortly, Mr Day, to the subsequent audit work and assurance work that you were involved in but, if we could turn, please, to the following page, we can see what Ernst & Young said about the consequences of inappropriate privileges or accesses to the system. So in the left-hand column, under “Background”, we see the last paragraph in the first row reads:

“Unrestricted access to privileged IT functions increases the risk of unauthorised/inappropriate access which may lead to the processing of unauthorised or erroneous transactions.”

On the face of it, these statements indicated, did they not, that Fujitsu staff had the ability to access parts of the Horizon system in a manner which was unauthorised or inappropriate; is that fair?

Christopher Day: That’s my understanding now, I don’t think that was my understanding at the time.

Ms Hodge: It’s right, is it not, that that statement was in direct contradiction to what you’d been told by Mr Ismay about the absence of backdoors into the Horizon system, is it not? If it could lead to the processing of unauthorised or erroneous transactions, it couldn’t possibly be right that subpostmasters had complete ownership of their accounting, could it?

Christopher Day: No, again, I wouldn’t have – I’m sure I would not have interpreted this at the time as being a reference to – even a theoretical reference – to Fujitsu employees being able to access individual branch accounts. This is talking about the Horizon estate as a whole and a perceived weakness relating to the inappropriate use of privileged access authority. It’s a serious matter but I don’t think I – in fact, I’m sure I didn’t relate this back to individual subpostmaster accounts.

Ms Hodge: What do you think you understood it to mean, when it referred to the processing of unauthorised or erroneous transactions?

Christopher Day: Well, just that: that there was a theoretical possibility that –

Ms Hodge: Why was it only theoretical though? This is saying that they have, as a matter of fact, unrestricted access, that they have inappropriate privileged access. So they did have this access. It wasn’t purely theoretical, was it?

Christopher Day: Well, it doesn’t say how many or how many incidences there had been, whether indeed they’d ever been used but it’s showing that there is a control weakness that could give rise, in theory, to unauthorised transactions broadly within the Horizon Online estate. You can read it completely differently now in the knowledge of hindsight, and understand exactly what that could potentially mean in terms of individual branch accounts but, again, it doesn’t speak to the suggestion that that could be done without a subpostmaster’s visibility of such a transaction.

Ms Hodge: Sir, I think that might be a suitable time to take a short break, please, if that’s convenient.

Sir Wyn Williams: All right.

Let me just ask you, Mr Day, isn’t Ms Hodge right when she asks you to remove the word “theoretically” from your answer, in this sense: that unauthorised access, in the way that Ernst & Young are describing, could take place – that wasn’t theory – however, there was no evidence that it had taken place?

Christopher Day: Yes, I would agree with that, sir.

Sir Wyn Williams: Right. Thank you.

Ms Hodge: Thank you, sir. Can we please return at 11.15.

Sir Wyn Williams: Yes, of course.

Ms Hodge: Thank you.

(11.03 am)

(A short break)

(11.15 am)

Ms Hodge: Good morning, sir, can you see and hear us?

Sir Wyn Williams: Yes, thank you.

Ms Hodge: Thank you.

Mr Day, before the break we were looking at the Ernst & Young independent annual audit for the financial year 2010 to 2011 – forgive me, the management letter from that audit.

Christopher Day: Yeah.

Ms Hodge: I’d like to turn, please, to the recommendations which Ernst & Young made to address the weaknesses identified in the IT control environment. This is at POL00030217, if we could start, please, at page 31. Thank you. So we looked, firstly, at the column bearing the title “Background”. We can see the recommendations contained in the middle column, and it states in the final row:

“We recommend that management conducts a review of privileged access to IT functions across all in-scope applications and their supporting infrastructure to determine whether the level of privileged access granted is appropriate.”

It then reads:

“Where access is deemed to be inappropriate, this access should be revoked immediately.”

It goes on to say, please, at page 34, in the top row:

“Management should implement monitoring controls to help ensure that controls operated by the third party service provider [we know to be Fujitsu] are in place and are in operation, for example, monitoring of appropriateness of access to privileged users/profiles.”

Now, so far as you were aware, who within the business would have been responsible for taking these recommendations forward?

Christopher Day: The IT function, the CIO.

Ms Hodge: Would that be in conjunction with finance or in isolation?

Christopher Day: I would have viewed my responsibility as owning the audit overall. Therefore, I would have had an expectation that IT colleagues working in conjunction with Fujitsu would have addressed any IT control issues arising from the prior year management letter, just as I would have expected my own financial accounting reporting team to have been responsible for any specifically financial issues which had arisen. But here we’re talking about IT control issues.

Ms Hodge: The CIO at the time was Lesley Sewell; is that correct?

Christopher Day: Correct.

Ms Hodge: Do you recall receiving a briefing in May 2012 from Ms Sewell, in which she addressed these recommendations?

Christopher Day: I’ve seen that document recently. I don’t recall at the time receiving it.

Ms Hodge: Please could we bring it up. It’s POL00143065. Thank you.

We can see at the top it’s a briefing for the Chief Executive and for you, as Chief Financial Officer, in relation to Post Office IT general controls, and this is in respect of the audit for the financial period 2011/2012. But, as we’ll see, it comments on some of the progress which had been made in relation to the observations in the previous year’s audit.

Christopher Day: Yes.

Ms Hodge: Under the heading “Purpose”, it states that the paper is to provide an update on, firstly:

“Progress made in addressing the observations from the [2011/2012] IT General Controls Audit.

“[Secondly, the] Implementation of an SAS70 (ISAE3402) style report.

“[Thirdly] Observations arising from the 2011/12 audit and the proposed Management Response.”

Just pausing there, you mentioned before the break the implementation of an ISAE 3402 type audit. Can you explain, please, what that was?

Christopher Day: Yeah, this was an internationally recognised standard for assurance engagements relating specifically to the testing of IT control environments. So it was considered a best-in-class certification of the quality of IT controls and from, more or less, the day I started there had been strong encouragement, particularly from the Royal Mail Group Audit Risk and Compliance Committee, that I should seek this accreditation from Fujitsu.

And, as we’ll come on to see, we – in fact, the CIO achieved that for the start of the 2012/13 financial year.

Ms Hodge: In terms of what this report achieved, was it materially different to the tests which Ernst & Young had carried out of the IT control environment for the period 2010 to 2011?

Christopher Day: My understanding is that – well, firstly, it was internationally accredited, it was an industry standard but that, in the intervening year, 2011/12, Ernst & Young had carried out extensive compensating testing, as they called it. I don’t think I knew exactly what that involved but it was sufficient for them to be able to give the same degree of assurance that they would be able to give in subsequent years as a direct reliance on the ISAE 3402.

The point that they made to me, strenuously, was that there was both an efficiency argument here, which is it didn’t make sense for them to be – for us, Post Office, to be paying them to do compensating controls for a third party system and, secondly, that there was a point of principle which was that, surely, Fujitsu, who would have other clients, presumably with similar requirements, should take responsibility, certainly financially, for achieving that accreditation.

Ms Hodge: Just to be clear, the ISAE 3402 style of report would not have been an independent forensic audit of Horizon, that type of audit that had been mooted in Mr Ismay’s report back in 2010?

Christopher Day: No, it wouldn’t, no. This would have been a more efficient and, as I say, more widely recognised way of achieving the aims of having the financial statements be true and fair and accurate. It would not be a widespread assurance on the integrity of the Horizon IT System.

Ms Hodge: Its primary purpose then being to streamline –

Christopher Day: Yes.

Ms Hodge: – those processes?

Christopher Day: Yes. Sorry, could I just add one thing?

Ms Hodge: Please.

Christopher Day: As far as I’m aware though, it did address specifically all of the four issues that had been raised in the ‘10/’11 management letter issue.

Ms Hodge: Including privileged access?

Christopher Day: It included testing of privileged access authority.

Ms Hodge: Under the heading “Background”, please, if we go down, please, to paragraph 2.3, this briefing would have reminded you that the 2010/2011 audit had resulted in a number of actions for Post Office and Fujitsu to address, which it says were concluded by October 2011. Is that consistent with your recollection?

Christopher Day: Yes.

Ms Hodge: It states:

“The implementation of these actions had resulted in significant changes to our processes and to deliver improvements to our IT General Controls.”

It goes on to say:

“Given the timing of this year’s audit (January and February 2012), there was some time for these changes to have embedded. The improvements are evidenced in the findings of the 2011/12 audit where there are no high risk observations within the 7 identified (versus 10 last year) and only 25 specific recommendations (versus over 70 last year).”

Now, appended to the briefing, is a summary of the seven observations which were made as part of the 2011/2012 audit. They’re contained in Appendix B on page 5 of this document, please. So we see here it bears the title, “Summary of 2011/12 Ernst & Young audit recommendations and proposed Management Responses”. So these are fresh recommendations arising from the latest audit of Post Office’s financial statements; is that correct?

Christopher Day: It is.

Ms Hodge: The first of these relates to privileged access. So Ernst & Young appears to repeat the recommendation to Post Office to conduct a review of privileged access for in-scope applications, that being Horizon and POLSAP, the Post Office back end accounting system, so that’s the first recommendation, the second being to revisit the need to grant access to SAP_ALL and SAP_NEW levels. Would you have understood at the time do you think, to what that was referring?

Christopher Day: Yes. Sorry, to the …

Ms Hodge: To SAP_ALL and SAP_NEW –

Christopher Day: Yes, POLSAP, yes, was data extraction from Horizon for – used for further analysis of the financial numbers.

Ms Hodge: Forgive me but, insofar as there was a need to revisit the granting of access at those levels, would you have had a detailed understanding of what that was referring to?

Christopher Day: Yes, I would.

Ms Hodge: What did you understand SAP_ALL and SAP_NEW to entail?

Christopher Day: I’m sorry, I can’t recall that now. But I generally would have recalled being disappointed that this finding came back the following year, having read the earlier briefing note that described all of the actions having been undertaken by October 2011. So –

Ms Hodge: So there was an inconsistency –

Christopher Day: There was an inconsistency –

Ms Hodge: – on the face of it?

Christopher Day: Yes, and this was a disappointment that Ernst & Young felt the need to say that, notwithstanding some management actions have been taken, they felt that this point still stood.

Ms Hodge: So that related both to the conducting a review of privileged access and the other recommendation we looked at before, which was the final one: implementing monitoring controls for third-party suppliers, that being Fujitsu. So this was an outstanding recommendation?

Christopher Day: It was, and this – it was unfortunate that this, what I’d call a sort of transition year, ‘11/’12 – between the findings of the ‘10/’11 report that I inherited and the initiation of the ISAE standard on 1 April 2012, I think we all believed that we had addressed, as well as we could, with manual intervention and working with Fujitsu, all of the issues from the ‘10/’11 management letter. But this one clearly took longer or – and/or we didn’t address it to the satisfaction of Ernst & Young.

Ms Hodge: Now, in the column on the right-hand side, Ms Sewell, the CIO provides a summary of the proposed Post Office Management response and that first bullet point provides a definition of privileged access. She says there:

“Privileged access describes the level of control where the user having this access can perform all or nearly all tasks within the system, eg SAP_ALL provides the capability to process and approve financial transactions within a SAP system. The purpose of SAP_ALL is to enable qualified administration users the capability to maintain the system.”

Now, before the break, you said in your evidence that you understood privileged access to be a purely theoretical possibility. Did this not show that it wasn’t simply theoretical; it was something which was, in fact, used by administration users to maintain the system?

I appreciate this is a reference to SAP, which is the back end system but, insofar as we’re looking at privileged access more broadly, this established, did it not, that it was something that wasn’t simply “could be used” but was, in fact, used?

Christopher Day: It does. I don’t think it would have surprised me or alarmed me that there was access to the SAP system. I think that is very distinctly different from access to the front end Horizon IT System.

Ms Hodge: So, to your mind, because the example given was one relating to SAP, you’re saying that you had understood that to be materially different, that is to say the nature of privileged access to SAP you understood to be materially different to the privileged access that was available in Horizon?

Christopher Day: Absolutely.

Ms Hodge: Thank you.

That deals with privileged access. Do you recall receiving a further report from Angus Grant of Ernst & Young in August 2012?

Christopher Day: Yes.

Ms Hodge: Can that be shown, please. That bears the reference POL00143525.

Forgive me, the second page, please, we see the management – it must be third page, sorry – the management letter addressed to you, Mr Day. I don’t propose to take you through the control themes and observations because we’ve seen those summarised in Ms Sewell’s briefing to you. Do you accept that they are materially – that what you were told by Mr Grant was materially the same as Ms Sewell had summarised to you in her briefing, namely that the recommendations in relation to reviewing privileged access and implementing controls had not yet been carried out?

Christopher Day: Yes. Correct.

Ms Hodge: Thank you. I’d like to move on to a new topic, please. This relates to the actions which you took to report risks relating to Horizon to the Board of Royal Mail Group. In December 2011, a report was submitted in your name to the Audit and Risk Committee of Royal Mail Group, addressing Horizon controls and Post Office’s relationship with Fujitsu; is that correct?

Christopher Day: Correct.

Ms Hodge: This was approximately four months into your tenure as CFO and was before Post Office Limited had formally separated from Royal Mail Group; is that right?

Christopher Day: That’s right.

Ms Hodge: Although the report went out in your name, I think it’s your evidence that you had very limited input into its preparation; is that right?

Christopher Day: Yes, I would have taken responsibility for the contents and, as I think I referenced in my statement, it was a request at a previous Royal Mail Group Audit, Risk and Compliance Committee that I should come with a paper addressing the concerns which I think related to Private Eye, amongst other things, and so – no, I take – I took and I take full responsibility for that paper.

Ms Hodge: Please could we bring up some correspondence relating to the production of that report, which has been disclosed to the Inquiry. That bears the reference POL00295091. Thank you. If we scroll down, please. Thank you. The first email in the chain is from Sarah Hall, who, as we know, was a Financial Controller of Post Office Limited, and she addresses the email firstly to you and then to other Senior Managers in the Post Office.

The subject is “[Royal Mail Group Audit and Risk Committee] paper draft re Horizon – urgent for review by [Thursday] midday”. She explains:

“Dear all,

“The [Royal Mail Group Audit and Risk Committee] requested a paper on the IT controls and Horizon claims. With input from various experts this has now been drafted but is clearly a sensitive area so I attach the draft for your review and comments before it goes to Group for circulation to the ARC.”

So I think, in fairness, as it says there, the original draft put together by others but brought to your attention for review and comment before it was submitted?

Christopher Day: Correct.

Ms Hodge: Could we turn, please, to the draft that was appended to this email, which bears the reference POL00295092. Thank you. So this paper bears the heading “Update on Post Office Limited Horizon Controls and Relationship with Fujitsu”, and it states its purpose to be:

“[To set out] the controls that operate around the Post Office Limited Horizon system, the relationship with Fujitsu and why the Post Office is able to rely on these controls in the light of:

“[Firstly] IT control issues identified at last year’s audit; and

“[Secondly] possible challenges against the integrity of the Horizon platform.”

Overall, stepping back, the purpose of this paper was to give assurance to the Audit and Risk Committee about the integrity of the Horizon system; is that fair?

Christopher Day: Yes.

Ms Hodge: Now, under the heading “Background”, at paragraph 2, the draft report refers to the findings of Ernst & Young’s audit for the financial year 2010 to 2011, so that was the original management letter that you saw shortly after your arrival into post. It said this:

“There were a number of IT [controls] identified during the 2010-11 year end Ernst & Young audit. These were largely centred on Fujitsu and a number of recommendations were included in the management letter following the audit. Unlike other RMG IT suppliers, Fujitsu does not have an SAS70 or equivalent report on its controls and the consequences of this is that EY needs to do full testing of all systems which are integral to the financial results.”

No mention was made here, or anywhere else in the report, of Ernst & Young’s findings that Horizon had inappropriate system privileges which potentially called into question the financial integrity of the system, did it?

Christopher Day: That’s true.

Ms Hodge: When you read this draft report, did that not strike you as a significant omission, namely the failure to acknowledge such a findings by POL’s independent auditors?

Christopher Day: No. I think this paper attempted to paint the whole picture of the relationship with Fujitsu contractually. The issues – it alluded to the issues that had arisen in the 2010/11 audit. I don’t think it would have been necessarily appropriate to go into those in a great deal of detail and, moreover, the issue – the fourth of the four issues identified, which now, of course, we understand to have much greater significance – would not have had that huge a significance at the time.

So I don’t think this was in any way hiding the detail of what Ernst & Young had found. I think it’s an attempt to summarise the fact that there had been issues, they largely related to Fujitsu, they were being worked through, and the backdrop to – as I mentioned before, to this discussion at the Royal Mail Group ARC was a previous lobbying for me and others to get Fujitsu to assure their system.

So that’s largely the question that we were – the exam question that we were trying to answer in this paper. It wasn’t to give the Royal Mail Group Audit Committee an absolutely full, blow-by-blow explanation of everything that had come up in the ‘10/’11 Ernst & Young audit.

Ms Hodge: I’m not suggesting that you would have been expected to go into that level of detail but the context of this report was, was it not, that claims were being made about Horizon’s lack of financial integrity, and you’ve been asked by the committee to provide a report addressing those claims; that’s correct, isn’t it?

Christopher Day: Broadly yes, but –

Ms Hodge: Sorry –

Christopher Day: It’s all of those issues that were itemised in the 2010/11 Ernst & Young management letter and the solution was seen as the earliest possible adoption of SAS70 or equivalent.

Ms Hodge: You accepted earlier that a SAS70 report was not going to provide complete assurance on the Horizon system because it was simply going to streamline the process of testing the IT controls. So that in and of itself wasn’t an answer to claims about Horizon’s integrity, was it?

Christopher Day: It wasn’t an all encompassing answer; it was an answer to the question: can we depend on Horizon to provide accurate financial data, bearing in mind the Royal Mail Audit, Risk and Compliance Committee was engaged in making sure that the – primarily, that the financial accounts were accurate.

Ms Hodge: The one issue in Ernst & Young’s management letter which did go directly to the financial integrity of Horizon was privileged access, was it not?

Christopher Day: I think I would agree with that in hindsight. I don’t –

Ms Hodge: Yet –

Christopher Day: – think I had that understanding at the time.

Ms Hodge: But that, that one issue, was not mentioned in this report?

Christopher Day: No, simply that I don’t think it had particular resonance. I don’t think we saw, if you like, the first three points of those four summary points that Ernst & Young had made as distinct from the fourth point being the privileged access point. That’s taken on far greater significance since those days.

Ms Hodge: Some of this paper draws very heavily on Mr Ismay’s original report of August 2010 –

Christopher Day: Yes.

Ms Hodge: – would you agree with that?

Christopher Day: Yes.

Ms Hodge: What it doesn’t contain is any reference to the known IT issues that Mr Ismay mentioned in that report; do you accept that?

Christopher Day: I do accept that.

Ms Hodge: Why is that?

Christopher Day: Because, as I said earlier, I don’t think those were – I think there were two categories of bug or anomaly: the ones generated at the terminal through input errors, potentially; or the more, shall I say, customer – ones which impacted customers more, and that subcategory that Mr Ismay referred to in his note around screen freezes, incomplete transactions, subpostmasters not sure whether a transaction had gone through or not, the barcode sticking, these were, in my view – and I believe others’ view – these were routine problems that would get resolved from time to time and that would have an impact on customers, and that was a large focus at the time.

But I don’t think they’re things which would naturally have lent themselves to a review with the Royal Mail Group Audit Committee about concerns around Horizon generally.

Ms Hodge: Was the purpose of this report simply to identify all the positive control measures that were in place but not to actually give a full warts and all assessment of the true position; is that really where we ended up with this report, do you think?

Christopher Day: No, I think at the time I viewed this as – I accept the point that this is heavily, heavily influenced by the earlier Ismay Report and, indeed, Mr Ismay had a large input into compiling this report but, equally, I placed reliance on the objectivity of my Financial Controller, who was a very good Financial Controller, to critically evaluate that information, and I think that this – I certainly thought and I still think, that this presented a fairly fair and balanced view of the situation.

It comprises reference to expectations of Fujitsu, acknowledgement that we don’t have the right certification in place, acknowledgement that there have been challenges to the integrity of Horizon, and an intention to – a clear pathway to show what we’re going to do about it.

Ms Hodge: Please could we return to the email correspondence of 30 November 2011. Thank you. We can see there in the top half of the page Mr Ismay’s response to Ms Hall’s original email enclosing the draft. He writes, and you’re copied in – not copied, forgive me, one of the addressees of the email. His first comment in relation to paragraph 1, he requests that a sentence be added:

“… along the following lines ‘The IT control issues identified during the audit did not question the integrity of accounting data in the system. Rather, they were recommendations about the documentation and authorisation of changes to systems and about opportunities for streamlined assurance’.”

Pausing there, did that strike you as an accurate statement of the findings which Ernst & Young had made in their 2010/11 audit?

Christopher Day: At the time, yes.

Ms Hodge: And now?

Christopher Day: Less so now, given what we now know about Horizon.

Ms Hodge: Given what we now know about Horizon or, more specifically, about privileged access?

Christopher Day: Yes.

Ms Hodge: Mr Ismay goes on to say:

“The rationale for this [that is to say for requesting that amendment] is that for purposes of ongoing [Royal Mail Group] Criminal Prosecution activity, Rob Wilson ([the Royal Mail Group] Head of Criminal Law) has advised that were that not the case then current prosecutions would have to be stayed. It is important to make clear [Ernst & Young] did not challenge the integrity of accounting data in the system.”

Again, we see here a very clear concern being expressed by Mr Ismay that any challenge to the integrity, financial integrity, of Horizon would undermine the safety of Post Office’s private prosecutions; do you agree with that?

Christopher Day: I would have – as I said earlier, my primary focus would have been on the first half of this paragraph and the last line because I’d have been considering the impact on the veracity of our financial statements. I mean, rereading this – I don’t recall reading this at the time but rereading this recently, I’m shocked at the rationale that’s given and I don’t understand – to me, it’s a non sequitur anyway.

Either the data has integrity for accounting and reporting purposes or it doesn’t and the last thing that would have been on my mind would have been linking it to previous criminal cases, or – and/or staying prosecutions. I can’t understand why those two things would have been drawn together.

Ms Hodge: Thank you. I’d like to address another topic with you, which concerns the response to Second Sight’s Interim Report.

Sir, with your permission, I propose to deal with this topic and then see where we are. It may be that we can take a slightly earlier break for lunch but, rather than taking another morning break, sir, unless you –

Sir Wyn Williams: Oh no, you deal with it in whichever way you think appropriate, Ms Hodge.

Ms Hodge: Thank you, sir. You say in your statement that you don’t recall having any direct involvement in the instruction of Second Sight or the day-to-day management of their work; is that correct?

Christopher Day: That’s correct.

Ms Hodge: Given your oversight of Product and Branch Accounting, which – to which you referred earlier, do you think you ought to have been involved in the engagement of Second Sight as forensic accountants who would be looking at cases handled by that division?

Christopher Day: Not necessarily. Yes, they would have been looking at historic allegations about the Horizon system. I would have expected to have been kept briefed on progress. I would not have expected to have been involved in their work more closely than that and, indeed, I was, I was kept briefed, I believe, from time to time.

Ms Hodge: As a member of the Board, you received updates in relation to Second Sight’s investigation; is that correct?

Christopher Day: Yes.

Ms Hodge: These culminated in a Board meeting on 1 July 2013, in which the Board received an update from the Chief Executive, shortly before the Interim Report was finalised and circulated to interested parties; is that right?

Christopher Day: That’s right.

Ms Hodge: Please could we look at the minutes of that meeting on 1 July, they bear the reference POL00021515. We can see there from those present – you’re the last named under those “Present” – in attendance were the Chairman and Chief Executive, Non-Executive Directors and other directors of the company.

If we scroll down, please, the first item on the agenda was Horizon, and it states:

“The CEO apologised for the short notice in keeping the Board updated but explained that issues had arisen over the last couple of days. She gave an update on the Horizon review which was being undertaken by Second Sight and their Interim Report which was to be presented at a meeting of MPs on 8 July. The investigation to date had found no systemic issues with the Horizon computer system but had highlighted areas for improvement in support areas such as training.”

You state in your evidence that the Board – by which, presumably, you meant you as well – had felt reassured by this update, particularly by the suggestion that there were no systemic issues in the system; is that correct?

Christopher Day: That’s correct.

Ms Hodge: Ms Vennells, however, went on to explain, under subparagraph (b):

“… like any large computer system, [Horizon] would occasionally have anomalies and two were [known] over recent years. The Business had dealt with these anomalies to ensure no subpostmaster was out of pocket and these anomalies had not affected any of the cases which Second Sight had reviewed. Second Sight had been told of these anomalies and they would include them in their report.”

At the time of this update, did you know to what Ms Vennells was referring by “these two anomalies”?

Christopher Day: I didn’t, no.

Ms Hodge: It would have been apparent to you, would it not, from the update that you received that they related to accounting errors in the system?

Christopher Day: (No audible answer)

Ms Hodge: Would you have gleaned that from the suggestion that they’d been dealt with to ensure that no subpostmaster was out of pocket?

Christopher Day: I don’t think I gleaned it from this update but I gleaned it on reading the Second Sight Report a short while later.

Ms Hodge: When you read the Second Sight Report, you discovered, I think you say, the existence of those two bugs, the receipts and payments mismatch bug and the local suspense account bug; is that correct?

Christopher Day: It is, yes.

Ms Hodge: Bearing in mind that you had oversight of the division that was responsible for identifying any alleged accounting errors arising from those bugs, did it surprise you to learn this for the first time from, I suppose, firstly, Ms Vennells’ update but the detail from Second Sight’s Report?

Christopher Day: Yes, it did.

Ms Hodge: Did it concern you that these anomalies were known to the business but had not been previously brought to your attention as CFO?

Christopher Day: I can’t remember if it concerned me. I was surprised and I remember being assured and you can see through the Second Sight Report that Post Office had assured them that these bugs had been rectified and there’d been no detriment to any subpostmasters but I regret that I didn’t take any closer action, follow-up action, to understand why I had not known about these earlier.

Ms Hodge: So at the time, then, would you have been concerned that this discovery called into question the accuracy and reliability of the reporting lines to you as CFO? Are you saying only with hindsight?

Christopher Day: I think with hindsight, certainly.

I can’t recall having been alarmed but I’m not sure now – knowing what I know now, I think I should have been alarmed. I should have been concerned but I don’t think I was at the time. I think I took, unfortunately, assurance that these matters were in the past, had been remediated, had been dealt with, and I probably put them into that category of relatively routine things which go wrong with an IT system and get fixed. Sorry, I don’t think I made a connection to how on earth can I rely on my financial data if these two things have happened in the past without my knowledge? I don’t think I made that connection.

Ms Hodge: Did you take any steps after these anomalies, these bugs, were bought to your attention, to assure yourself that any accounting errors caused by them had, in fact, been identified and remedied?

Christopher Day: I don’t recall but I think it’s unlikely that I did. I don’t –

Ms Hodge: Why is that?

Christopher Day: Well, I have no recollection of making any specific intervention. As I say, I think I would have – I think on the basis of what I read in the Second Sight Report I would have been surprised to learn about them. Then maybe slightly perturbed that they had been divulged by Post Office, apparently to Second Sight, so slightly perturbed that I wasn’t part of that disclosure process. But, in terms of my primary focus of does this give me cause for concern about the accuracy of my financial statements, no, it wouldn’t have done.

You know, looking at the number of cases and looking at the order of magnitude, I’m afraid I would have simply been applying a materiality filter to that.

Ms Hodge: Which is to say that the value of any accounting shortfall would not have been sufficiently high to register with you as a significant risk at a business level?

Christopher Day: Well, yes, twofold: firstly, I was assured they’d been remediated and that no subpostmaster was out of pocket because, clearly, they could have been material sums for an individual subpostmaster but then, with my CFO hat on, you know, do these make me concerned that I’ve misstated my accounts? No.

Ms Hodge: Thank you. On the following page, the minutes of the meeting record that:

“The [CFO] was concerned that the report from the independent forensic accountants was not as factual as expected and could lead to loose language at the MP meeting.”

Christopher Day: CEO.

Ms Hodge: Sorry, the CEO, forgive me. At subparagraph (d):

“The Board asked the Business to challenge Second Sight to ensure changes were made to the report where possible and asked the Business to prepare their communication to combat any inaccuracies.”

Can you explain, please, the reference in the minutes to the Board asking POL to challenge Second Sight to ensure that changes were made to the report?

Christopher Day: I don’t recall the specific – this specific part of the conversation but my general recollection is that there was a disappointment with the lack of evidence-based findings. You referenced earlier the periodic updates from the CEO through the course of the Second Sight investigation, which were broadly that there was nothing systemically wrong with the system but that some of the language used was quite emotive, some of the examples seemed to be anecdotal and not evidence based and that was the general feeling from that meeting.

So I think that’s the context for the board seeking to challenge Second Sight where appropriate to be more specific, to try to draw out themes, particularly, my interest being in can we find things which are more widespread, that there might be something we can do about, and to reduce the degree of perceived anecdotal or lack of evidence-based findings. That’s the general sense but I don’t have a specific memory of the conversation.

Ms Hodge: Between the date of this meeting on 1 July and the next meeting of the Board on the 16th, Ms Vennells provided several updates to the Board via email; do you recall that?

Christopher Day: I know that a lot happened in those two weeks and I don’t recall everything that happened but, through this Inquiry process, I’ve been able to piece together quite a lot of what I think happened, such that, as I’m sure we’ll come on to discuss, the tone of the 16 July Board meeting was really markedly different from that of 1 July.

Ms Hodge: I’d like to explore with you a little bit why that might be. Now, one of the risks which Ms Vennells identified in her emails to the Board related to the reopening of past prosecutions brought by Post Office as a result of Second Sight’s findings. Do you recall that risk being raised?

Christopher Day: I don’t. I’ve seen the – seen a document, which – from Ms Vennells, which was updating the board on the progress of meetings with, I believe, James, now Lord, Arbuthnot and other MPs, and I think it was in that document, which is broadly positive in terms of the findings and the discussion with MPs, but references, I think, Lord Arbuthnot’s concern or determination that we should go back and look at previous prosecutions as a bit of a frustration for Ms Vennells. So I – but I’ve seen that recently. I don’t recall having read that note at the time.

Ms Hodge: Can we please turn up your statement at WITN10000100, please, at page 24, please, paragraph 69. Thank you. You’re referring here – perhaps if we go back a page just to place that in context, sorry. Thank you.

You were asked questions in your Rule 9 Request about financial and reputational risk and you refer here to an email from Ms Vennells dated 6 July, in which, in advance of the publication of the Interim Report, she identified one of the main reputational and potentially financial risks arising from the review relates to possible attempts to reopen past prosecutions based on the findings. Now, you say:

“I do not remember this being discussed by the Board but I do not believe this was a significant financial concern. My recollection is that we believed only a small number of historic cases would be affected, leading to a limited number of possible compensation claims, which, from a POL financial reporting perspective, would be immaterial in quantum.”

Now, it might be suggested that here you’re trying to downplay somewhat the significance of the risks relating to the reopening of past criminal cases; would that be fair?

Christopher Day: No.

Ms Hodge: You do, however, dismiss the financial risk as being one that’s really immaterial to you as CFO, in terms of its quantum?

Christopher Day: That was my perception at the time and the context would be the Second Sight Report. So I had not made the direct connection, nor had I been party to the conversation with MPs, and the determination to include past prosecutions in the findings. Perhaps – my perhaps naive view at the time was that there would be a small number of people who might need to be compensated but that was, in my mind, in relation to the findings of the Second Sight Report, primarily around poor support and training to subpostmasters.

Ms Hodge: This wasn’t the first time that someone within Post Office had raised a concern about the reopening of criminal prosecutions with you, was it?

Christopher Day: Remind me?

Ms Hodge: In Mr Ismay’s original report to you, he specifically addresses the risk of reopening cases if Horizon is found not to have integrity. We saw that raised again in the email of November 2011, so was this not something of which you were aware, a perception of a greater risk to the business, possibly an existential threat, even?

Christopher Day: No, it wasn’t and, indeed, there’s a two-year hiatus between those two references – a three-year hiatus in one case and two years in the second case – of those connections you just attempted to make. So no, they absolutely would not have been in my thought and, therefore, I would not have written in my statement that I thought we were only dealing with a small number of compensation cases at this stage.

Ms Hodge: Second Sight’s Interim Report was addressed again at the Board meeting on the 16th, as you have referenced already. I think you recall – is it fair to say you do recall that meeting, the tone of it, now?

Christopher Day: Yes.

Ms Hodge: Please can we bring up the minutes of that meeting. Those are at POL00021516. Thank you. It’s at page 6, please, where we see Second Sight’s Interim Report was discussed. Thank you. So, in the first paragraph, by way of update:

“The CEO explained that although Second Sight’s report had been challenging it had highlighted some positive things as well as improvement opportunities. The Business had been praised in Parliament for setting up the independent review; the proportionality of the tiny number of cases had been emphasised …”

That’s a point that you’ve, in fairness, raised a few times:

“… and no systemic issues had been found with the Horizon computer system. However there were cultural issues which had to be addressed to improve the support we gave to subpostmasters. The CEO stressed this was now a catalyst to make changes in the Business.”

The section I want to ask you about is (b), please, where it reads:

“The Board were concerned that the review opened the Business up to claims for wrongful prosecution.”

Now, in your statement you say, about this minute – we don’t need to bring it up unless you wish to see it – but it reads:

“I do not recall who made that comment that led to the minute [that I’ve just cited]. I don’t recall what the specific basis for this concern was.”

Again, it might be suggested that, in your evidence, you’re seeking to distance yourself from the seriousness and significance of the concerns that are being voiced at this stage as to the implications that Second Sight’s findings had for Post Office’s past criminal convictions; is that fair?

Christopher Day: No. Could I add a little more?

Ms Hodge: Please.

Christopher Day: My – having not been involved in the Second Sight work, really at all, my views were informed by the periodic updates provided generally by the CEO, occasionally by the General Counsel. So I think the summary in the minutes under (b) is exactly what my understanding would have been at the time. I’ve been able to, through this Inquiry process and on receipt, fairly recently, of other documents, to understand a little bit more of the background to why you can see reported under (c) the Board felt that the business had not managed the assignment well, and then, if we come on to talk about the requests of me to look into the insurance situation, why I can now understand, but didn’t at the time, the Board had that specific concern about potentially being – opening ourselves up to claims of wrongful prosecution.

So, sorry, that’s a very long answer but, in terms of the core document, the Second Sight Review itself, and my reading of this minute, which is the only thing I had until recently, I did not have a perception that either of those had, in themselves, opened us up to claims of possible wrongful prosecution.

Ms Hodge: I’d just like to test with you a little bit, Mr Day, what you did know, from what we’ve discussed so far today. You knew, upon reading Second Sight’s Report that it had identified two faults in Horizon Online, which we’ve mentioned, the two bugs; that much you accept, yes?

Christopher Day: Yes.

Ms Hodge: You also knew from Ms Vennells’ update that those faults had caused accounting errors which had had to be rectified; that’s correct, isn’t it?

Christopher Day: Well, I knew that from the reading the Second Sight Report, yes.

Ms Hodge: Either the report or the update?

Christopher Day: Yes.

Ms Hodge: You would have appreciated at the time, would you not, that the existence of such faults potentially called into question the integrity of Horizon’s financial accounting? You were alive to that risk, surely?

Christopher Day: Potentially.

Ms Hodge: You would also have appreciated, would you not, that POL’s knowledge of these faults called into question the confidence which it stated in Horizon’s integrity?

Christopher Day: Yes.

Ms Hodge: You were aware from the regular updates that the Board received from Ms Crichton, General Counsel, that POL was still bringing prosecutions and recovering assets from subpostmasters and employees in reliance on Horizon data. You knew that, did you not?

Christopher Day: Yes, I would have known that, yes.

Ms Hodge: Did those matters, taken together, not provide sufficient reason to be concerned that POL might face claims of wrongful prosecution?

Christopher Day: They might have been but they weren’t in my mind at the time. So if I look at the Second Sight Report and the periodic updates that I was receiving, it was that there were no systemic issues with the system. There were the four spot reviews identified, which – particularly SR05 – would have been of concern but these were, as I understood it, work in progress. More work needed to be done by both Second Sight and Post Office to establish exactly the veracity of these particular claims or issues.

So, no, I don’t think – I mean, I genuinely was surprised by the comment in the minutes that, on the basis of what I understood and had been party to, we had opened ourselves up to claims of wrongful prosecution, and that’s why I say I don’t know – I’m not saying it didn’t happen. Clearly, it was expressed by somebody on the Board but I don’t know who that was or in what context.

Ms Hodge: As you’ve acknowledged, the Board was sufficiently concerned, was it not, about this issue that it asked you to investigate the insurance position and to ensure that Royal Mail Group and Post Office Limited notified their insurers of the review’s findings?

Christopher Day: Yes.

Ms Hodge: We can see the action for that on page 7, please – thank you:

“The CFO was asked what the insurance position was. He promised the Board a note on this. He was also asked to ensure that both RMG and the Business’s insurers were given notice of the review findings.”

Now, do you recall what action you took to comply with that instruction?

Christopher Day: I don’t recall the note, whether I wrote a note or not. I did take action to ensure that both Royal Mail Group and Post Office’s insurers or their brokers were given notice of the findings, and the reason that Royal Mail Group were involved is that one of the policies, the Directors’ and Officers’ policy, was actually still part of Royal Mail, it was in a six-year run-off period since 2012, so we shared responsibility for that. So I would have had to have reported it to Royal Mail Group.

I don’t think I did it personally. I think I did it through a direct report of mine who looked after insurance.

Ms Hodge: I wonder, please, if we could turn to POL00108035. Thank you. This appears to be your first update on this matter, so if we could scroll, please, to the bottom of the document, where the email chain starts. Thank you. That’s the bottom of the email. So if we could please just get to the top of that first message. Thank you. So this is dated 19 July 2013, addressed to Alwen Lyons, Company Secretary, it reads:

“Dear All

“On Tuesday the Board asked for information on three things this week:

“A paper on Transitional Support Services with Fujitsu which we agreed would be considered by corresponded.

“The impact of the Financial Services Junction insurance changes, and the continued Transitional Support from Fujitsu, on the strategic plan and bottom line (including the P&L [profit and loss, presumably] and cash flow changes).

“[Thirdly] The impact on Horizon/Second Sight on our insurance cover.

“The first two points are covered by the attached and the final one is explained by Chris below.”

It reads:


“We discussed what impact the current Horizon issues might have on our insurance on which we are advised by our insurance broker, Miller. Their view is that whilst other insurance policies may be impacted the most likely one is D&O …”

You’ve just explained that was a reference to the –

Christopher Day: Directors’ and officers’.

Ms Hodge: Thank you.

“… this had the added complication as it is the only policy we share with [Royal Mail] and was shared by their broker, JLT.”

Do you recall who that’s a reference …

Christopher Day: Yes, I don’t recall what it stands for.

Ms Hodge: “The excess on this policy varies under different criteria but the main one is £25,000 on each and every claim. A meeting is being set up with JLT and Miller to ensure they are fully briefed on the issues before JLT engage with the insurer.”

Thank you, that’s your first update. We see the issue of insurance arises again, however, and you produce a paper to the Board in March 2014. This is POL00027430. This is entitled “Insurance issues arising from the Complaints and Mediation Scheme”:

“The purpose of this paper is to set out the insurance-related issues for the Complaints and Mediation Scheme and is an update to the paper committed to the Board reading room in December 2013.”

In terms of the nature of the risks identified, you describe these at paragraph 3, please:

“So far [circa] 150 applications have been received of which only about a third have been worked through so the assessment below is based on our estimation of the issues. It is possible, but unlikely, that the pattern of cases might develop in a way that chases this assessment.”

So, pausing there, this is, of course, a reference to the establishment of the Complaint Review and Mediation Scheme – that’s correct –

Christopher Day: Yes.

Ms Hodge: – and the number of applications received by that scheme for compensation –

Christopher Day: Yes.

Ms Hodge: – arising in connection with faults in Horizon?

Christopher Day: Arising from the findings of Second Sight Report.

Ms Hodge: Now, earlier on, you, in your evidence, emphasised the very small number of cases which affected your assessment of materiality. By this stage, Post Office had received 150 applications. Had that changed your assessment –

Christopher Day: Yes.

Ms Hodge: – of the seriousness and significance of this issue?

Christopher Day: Yes, I still felt – we still felt, that we were dealing with compensation but, clearly, through the course of the second half of 2013 and into 2014, the number of applications and the size of some of the compensation requests, however one might attempt to scale them, were orders of magnitude bigger than we had originally envisaged or imagined as a direct result of the Second Sight Review back in July 2013.

So, yes, this absolutely was now material. It was not just material to me financially; it was taking up a huge amount of management time across the organisation.

Ms Hodge: Now, so far as your assessment was concerned, the making of payments under the scheme would not attract insurance covering; is that correct?

Christopher Day: Yeah, I think my developing understanding of the insurance position was – and I’m talking here about professional indemnity, rather than D&O insurance – that compensation, if defined as goodwill, in relation, for example, to Post Office having poorly supported or trained subpostmasters, failed to provide them with the requisite tools to do the job properly, could lead to compensation claims which would not be covered by PI insurance, ie PI insurance, as I understood it, would be limited – cover would be limited to issues for which Post Office was legally liable.

Ms Hodge: That is to say for which they had a legal obligation to pay –

Christopher Day: Yes.

Ms Hodge: – compensation. Now, one of the aspects of the concerns of the Board is not simply the business’s liable but it was the individual liability of directors; is that correct?

Christopher Day: It is.

Ms Hodge: Did you personally have a concern yourself?

Christopher Day: I don’t recall having a concern and, going back through all of the documentation, it’s clear that there were lots of different conversations around insurance, both at the Board and outside of the Board, and different non-execs expressing concern about the lack of clarity that I had provided on insurance, and it’s difficult to work out from where each person was coming, whether it was on behalf of the organisation, in terms of professional indemnity cover, or whether it was on behalf of themselves in terms of possible breaches of directors’ duties or errors through the D&O mechanism.

It wasn’t entirely clear where all of these different challenges and questions were coming from.

Ms Hodge: What was your perception at the time as to where the focus lay, as between the Board’s interest in their own exposure and the exposure of the business?

Christopher Day: My recollection is that the very first conversations were around D&O, and I think that’s – but I have to caveat that with I didn’t have a full and detailed understanding of exactly which policies might apply in which circumstances but, if I go back to the very beginning of the conversation, which is that Board meeting of 16 July, my very clear understanding was we were talking about potential compensation and, therefore, I don’t think it would have been in my mind that D&O was the appropriate cover. But I can’t speak for others.

Ms Hodge: Thank you, sir. That brings me to the end of that topic. I wonder whether, if you would be content if we take an early lunch break and return at 1.30 to finish my questions for Mr Day and then to hand over to recognised legal representatives?

Sir Wyn Williams: Yes, by all means. So as you have suggested, we will adjourn now and resume at 1.30.

Ms Hodge: Thank you, sir.

(12.26 pm)

(The Short Adjournment)

(1.30 pm)

Ms Hodge: Good afternoon, sir, can you hear and see us?

Sir Wyn Williams: I can, thank you.

Ms Hodge: Thank you.

Mr Day, good afternoon. The next topic I’d just like to deal with, please, is the Horizon Desktop Review carried out by Deloitte. Now, as part of actions arising from Second Sight’s findings, the Post Office commissioned a review by Deloitte into the integrity of Horizon; is that correct?

Christopher Day: That’s correct.

Ms Hodge: This report became known as the Horizon Desktop Review of Assurance Sources and Key Control Features but, before we turn to that report, I would like to ask you some questions about the reasons why it was commissioned.

Now, just by way of background POL had instructed Linklaters LLP to advise on the business’s potential liability to claims from subpostmasters who had wrongly been held accountable for shortfalls shown by Horizon; is that right?

Christopher Day: That’s correct.

Ms Hodge: Linklaters had identified, in its advice to the Post Office Board, that there did not exist an objective report which addressed the use and reliability of Horizon; is that right?

Christopher Day: Correct.

Ms Hodge: The Board therefore decided that it would instruct Deloitte to produce such a report; is that a fair summary?

Christopher Day: Yes.

Ms Hodge: Now, if we could look, please, at the minutes of the Board meeting on 30 April 2014, these are at POL00021524. Thank you.

So these are the minutes of the meeting on 30 April. We can see at page 6, please, the discussion of the Deloitte report into Horizon.

Now, just pausing there, I think it’s right to say that you didn’t lead on this work as such; it was led by the CIO, Lesley Sewell; is that correct?

Christopher Day: Correct, and Chris Aujard, the General Counsel.

Ms Hodge: The then General Counsel?

Christopher Day: Yeah.

Ms Hodge: So the extent of your involvement was insofar as you received updates as a member of the Board and were shown a copy of the report; is that correct?

Christopher Day: Correct.

Ms Hodge: So this confirms that the Board welcomed Lesley Sewell, Chief Information Officer. She wasn’t a regular attender at the Board; is that correct?

Christopher Day: Correct.

Ms Hodge: She dealt with matters as and when she needed to, and Gareth James, a partner at Deloitte, then welcomed to the meeting, and Chris Aujard, the General Counsel, also rejoined the meeting:

“The Chairman thanked Gareth James for his draft report and explained that there were a number of people who were sceptical about Horizon. The Board were concerned to know the truth about the reliability of the system. Deloitte’s views would need to be expressed in such a way that they would persuade reasonable lay people.”

Does that accurately summarise your understanding as to what was being sought from Deloitte at this stage?

Christopher Day: Yes, it does.

Ms Hodge: Essentially, a report that would show others or prove to others that POL was right to have confidence in the system?

Christopher Day: Yes, although I think somewhere else it says in the minutes that the Chair expressed a view that it would be beneficial to have a positive view of the integrity of Horizon, if that be the case. So it wasn’t completely one sided and lacking objectivity.

Ms Hodge: We see at subparagraph (c), Ms Sewell explained that:

“… the first piece of work that Deloitte had been asked to undertake was to give assurance that the control framework, including the security and processes for changes in the system, were robust from an IT perspective.”

Pausing there again, what Ms Sewell is describing there, is she not, is an activity that is similar to what had been carried out by Ernst & Young as part of their financial audit but here perhaps with a particular focus, a more direct focus, on the Horizon system? Broadly speaking, they were covering the same areas, that is to say the control framework, security and processes for change; would you agree with that?

Christopher Day: Broadly but I don’t think that’s the same as saying that they were simply being asked to replicate what Ernst & Young were doing.

Ms Hodge: No, indeed. I didn’t mean to imply that at all but rather that the matters being canvassed by Deloitte would cover an area that had already been investigated –

Christopher Day: Yes.

Ms Hodge: – by Ernst & Young, of which you were aware and which had been reported to you?

Christopher Day: Correct.

Ms Hodge: So it goes on at subparagraph (d) to confirm that Gareth James, the partner at Deloitte – so we know, forgive me, by this stage, a draft report is in existence. So some provisional findings, it seems, have been made at this point:

“[Mr] James reported that all the work to date showed that the system had strong areas of control and that its testing and implementation were in line with best practice.”

However, he goes on to say:

“Work was still needed to assure the controls and access at the Finance Service Centre.”

Now, if we go on to (e) please:

“Chris Aujard [the General Counsel] explained that several of the subpostmasters who were challenging Horizon had made allegations about ‘phantom’ transactions which were non-traceable.”

What did you understand Mr Aujard to mean by “phantom transactions”?

Christopher Day: I don’t think I had an understanding at that time of what he meant. Rereading the documentation recently, I’ve noticed, all the way back to the Rod Ismay report there’s a reference to allegations of ghost transactions, which I had not previously picked up. But back in 2014, I think this would have been a surprise to me that he was asking such a specific question of Deloitte.

Ms Hodge: Would you have understood that issue to relate to the question of privileged access and whether or not transactions could be inserted without a subpostmaster’s authority or approval?

Christopher Day: I would now make that association. I don’t think I did at the time.

Ms Hodge: Mr Aujard said:

“Assurance from Deloitte about the integrity of the system records logs would be very valuable.”

So clearly a hope and expectation that Deloitte will ultimately give the Board the assurance that it’s seeking.

Christopher Day: Yes.

Ms Hodge: Now, a copy of the report was shared with you; is that correct, at the time – forgive me, after this meeting in April, a copy of Deloitte’s review was shared with you?

Christopher Day: I believe it was.

Ms Hodge: Can we please just look at what you say in your statement about your reaction to reading the report. That’s at WITN10000100, please, at page 34, paragraph 108. Thank you. Now, I think you make the point that the copy that’s been shared with you is marked as a draft, dated 23 May 2014. You don’t believe you’ve been shown final versions –

Christopher Day: Correct.

Ms Hodge: – or a final version of the report or of the briefing document supporting it?

Christopher Day: Correct.

Ms Hodge: But you do say that, on receipt of the reports, this is the fourth line from the bottom:

“… I can recall a sense of general disappointment by the Board. I cannot recall my views at the time, but looking at it now I think that Deloitte’s report was far too caveated and failed to reach any definitive conclusions on the reliability of the Horizon IT System.”

Now, what I’d like to do, please, is look at the report with you and some of the conclusions which it did reach. Please could we bring up the report which bears the reference POL00028062. Thank you.

Now, just to orientate ourselves a bit, please can we turn to page 3, where we find the “Executive Summary”. This provides the outline of the “Context” for the assurance work which Deloitte had undertaken. It reads:

“As outlined to us by the Post Office Limited litigation team, ‘POL is responding to allegations from subpostmasters that the “Horizon” IT System used to record transactions in POL branches is defective and that the processes associated with it are inadequate ([for example] that it may be the source and/or cause of branch losses). POL is committed to ensuring and demonstrating that the current Horizon system is robust and operates with integrity, within an appropriate control framework’.”

It goes on to confirm:

“POL is confident that Horizon and its associated control activities deliver a robust processing environment through three mechanisms: POL have designed features directly into Horizon to exert control; POL operates IT management over Horizon; and POL have implemented controls into and around the business processes making use of Horizon. Collectively these three approaches of inherent systems design, ongoing systems management and business process control are designed to deliver a Horizon processing environment which operates with integrity.”

A little further down, it confirms:

“Deloitte has been appointed to:

“[Firstly] consider whether this Assurance Work appropriately covers key risks relating to the integrity of the processing environment;

“to extract from the assurance work an initial schedule of the Horizon Features;

“to raise questions for potential improvements in the assurance provision.”

Now, what I’d like to do, please, is move forward to the observations that were made in the report, the detail of which we can find at section 6 of the report, please, page 29. Now, we see here a section of the report entitled “Matters for Consideration”:

“In this section we set out our key matters for management consideration, further to the work we have performed above.

“We have structured this section as follows:

“[Firstly] Key matters for Consideration, by Risk Area …

“Factors to Consider in Formulating an Action Plan; and

“Proposed Action Plan.”

Now – thank you – if we scroll down a little, we see the column on the left-hand side relating to “Risk Area”, the column in the middle defining the “Key Matters for Consideration” and the column on the right-hand side, the “Nature of Assurance Work”. Now on, page 30 please, this is the fourth area of risk identified and – please, if we could scroll down to subparagraph (4), thank you – these relate to risks identified confirming system usage and, over the page, on page 31, we’re starting first with subparagraph (e). This raises a point which we discussed this morning, Mr Day, of Mr Ismay’s report. It provides:

“Proactive monitoring of key System Usage Risks: The current assurance environment appears to be ‘reactive’ in nature, with exceptions in processing triggering diagnostic and remediation activity only when reported. It would appear that no use is being made of the Audit Store, for proactive monitoring of unusual or exceptional system events potentially worthy of further investigation and action.”

Now, bearing in mind what you’d repeatedly been told or reassured about the business’s efforts to rectify and remedy any accounting shortfalls created by software faults, were you not concerned to read here that there was no proactive monitoring of events in the system, which could potentially cause such errors and shortfalls?

Christopher Day: I don’t recall this specific finding. I have a better recollection, I think, of the short form report, which I believe came to the Board. I’m not sure this full 56-page –

Ms Hodge: This is the assurance review, which I think you, in your evidence, say that you read.

Christopher Day: Okay.

Ms Hodge: Is that correct? Do you recall reading the report, the review?

Christopher Day: I will have read it. I don’t recall this individual point or, indeed, relating it back to the earlier issues. I’m not exactly sure what the question is.

Ms Hodge: Forgive me, the point I’m making here is what Deloitte are flagging is a reactive approach being taken to the diagnosis and remediation of problems in the system, and that was consistent with what we saw, was it not, in Mr Ismay’s report about the barcoding?

Christopher Day: Oh, I beg your pardon.

Ms Hodge: – fault.

Christopher Day: I hadn’t made that association but I can see why you’re saying that now. Yes.

Ms Hodge: Now, you may not recall, or indeed you may not have read the next paragraph, but I would like to ask you about subparagraph (f), relating to hardware controls over the audit store. This reads:

“The Centera EMC devices used to host Audit Store data have not been configured in the most secure EC+ configuration. As a result, system administrators on these boxes may be able to process changes to the data stored within the Audit Store, if other alternative software controls around digital seals, and key management are not adequately segregated from Centera box administration staff. Privileged access to the cryptographic solution around digital signatures, and publicly available formulas on MD5 hashed digital seals would potentially allow privileged users at Fujitsu to delete a legitimate sealed file, and [replace it] with a ‘fake’ file in an undetectable manner.”

Do you have any recollection of reading that at the time?

Christopher Day: I don’t but I can quite see its significance now.

Ms Hodge: If you had read it, do you think you would have made the connection between this and the concerns which were earlier articulated about access to the system?

Christopher Day: I would like to think I would, although, as I say, I will have received this report and read it, I do recall colleagues saying that this was unwieldy and not written in plain English and that was why I think Chris Aujard was asked to ask Deloittes to write a shorter form, easier to understand, report, which I believe was then taken to the Board. And that one had some very specific management actions coming out of it, relating – two particularly, one to do with balancing transactions and one to do with integrity of the audit store. But the point above it in (e), I don’t recall – I don’t recall that one.

Ms Hodge: What you seem to be suggesting, Mr Day, was this was far too lengthy a report for you to consider in all its detail but you, of course, were experienced in dealing with lengthy reports. We had the management letter from Ernst & Young with some detailed audit considerations. Did you not treat this report in the same way as you would –

Christopher Day: Yeah, to be clear, it wasn’t myself that said this was unwieldy and unusable, although I might have concurred with that view. I think it came from one of the other people on the Board who said we need something easier to understand, more concise and with a cover note, which I believe was drafted by Mr Aujard. So I think the form in which it came eventually to the Board, although there is very little – there appears to be very little documentation relating to this period, I believe was more like a six or eight-page document, much more concise and, as I say, specified two areas that I recall we then took management actions to address.

Ms Hodge: Now, I fully take the point you make, which is that subparagraph (f) is not phrased in language that would necessarily be readily understandable to someone without technical knowledge but, if we look, please, at subparagraph (g) which references the branch database it says this:

“We observed the following in relation to the branch database being:

“[Firstly] A method for posting ‘Balancing Transactions’ was observed from technical documentation which allows for posting of additional transactions centrally without the requirement for these transactions to be accepted by subpostmasters ([either] as ‘Transaction Acknowledgements’ and [Transaction Corrections] require). Whilst an audit trail is asserted to be in place over these functions, evidence of testing of these features is not available …”

Did that not show, Mr Day, that there were backdoors into Horizon?

Christopher Day: I think, reading this recently, absolutely. It says that. I didn’t make any reference to it in my statement and I had no recollection of this being a major alarm at the time, and I don’t know why that is. As I say, the only documentation I’ve been provided with that helps me to piece together what might have happened, although it’s not a direct recollection, is management actions relating to the Deloitte report and I think it’s a paper by Chris Aujard entitled “Zebra Actions” or “Actions relating to Zebra and the Deloitte report”.

And, having reread that, I can see that there are two specific actions that IT – the IT function took. One was to test for the actual usage of these balancing transactions, like had it ever actually happened, other than the one incident in 2010 that had been referred to by Deloitte; and the other was – I forget the exact wording – to do with testing the integrity of audit store access. And when I reread that document recently, that sounded familiar, rather than anything that I’d read in this original report.

So I think that was the distillation – I think there was a shorter form of this that may or may not have been discussed at the Board. I couldn’t find it in any board minutes that it had been discussed but presumably it must have been.

Then there were a series of management actions coming out of the Chris Aujard paper, and then the trail seems to go cold in the last few months that I was at Post Office as to exactly whether those actions were followed up and in what time scale.

Ms Hodge: Thank you. I think, so far as you’ve covered, that’s your recollection of how the organisation responded –

Christopher Day: Yes.

Ms Hodge: – to the Deloitte report but that’s really the extent of how you can help us in that regard; is that correct?

Christopher Day: Yes, I mean – just to expand, I mean, unfortunately, regrettably, I did not connect – I don’t recall connecting at the time the balancing transaction point to the earlier points. It may be – may be self-evident now but I think, had we as a Board had that presence of mind to think “Oh, my goodness, privileged access, wasn’t that a problem in the past, even though it’s been remediated”, I don’t think we put those together. Certainly, I didn’t put those together.

Ms Hodge: Thank you. There’s one point I’d like to clarify with you, please, in your statement. I’m just moving on from the Deloitte report, this relates to a comment you make in your statement about the advice which POL received from Simon Clarke. That’s at WITN10000100, please. Page 27, please, paragraph 85. So you say here:

“I have been shown the following legal advice provided to POL”, and you list four pieces of legal advice: Simon Clarke’s Advice of 15 July 2013; his advice of 2 August 2013; Brian Altman KC’s Advice of 2 August 2013; and his further advice of 15 October 2013.

At paragraph 86, you say:

“I have no recollection of reading any of the Advice. I do not recall any specific discussions by the Board or briefings to the Board about any of the Advice.”

You then say at paragraph 87, this is what I wish to clarify:

“I have been asked whether I had any prior knowledge of the factual allegations set out in paragraphs 3 and 5 of the Simon Clarke Advice dated 2 August 2013. I did not.”

Now, those paragraphs relate to allegations that evidence relating to known issues with Horizon had been destroyed; is that correct?

Christopher Day: Correct.

Ms Hodge: When you say you had no prior knowledge, do you mean prior to reading the Advice dated 2 August 2013?

Christopher Day: I don’t believe I read the Advice at all. I’ve only read the Advice in the last few months.

Ms Hodge: That’s what I wanted to ask you, really. When did you first read the Advice?

Christopher Day: During the course of this Inquiry and, for whatever reason, however strange it may seem, I did not read any of those four advices and I’m as sure as I can be that I didn’t receive them.

Ms Hodge: Thank you, Mr Day. I don’t have any further questions but if you could remain there, please, there will be some questions from the legal representatives and from the Chair, maybe.

Questioned by Sir Wyn Williams

Sir Wyn Williams: Well, can I just ask, can we just go back to paragraph 108 of the witness statement, so that I can clarify in my own head what it means. It’s page 34 of WITN10000100. That’s it.

Now, Mr Day, just so I can be clear, the document that Ms Hodge took you to is the document you referred to in the first sentence of paragraph 108, yes?

Christopher Day: It is, yes.

Sir Wyn Williams: Then you make reference in the latter part of it to a second document and you give the reference, and is that the briefing document which was referred to as coming to you after the whole of the report?

Christopher Day: I believe it is sir, yes.

Sir Wyn Williams: Right. Fine. Now, that paragraph reads to me as if you are accepting that the Board actually received both those documents and I want to be clear that that’s what you intend to say. If you just read it quietly to yourself, and then …

Christopher Day: Yeah.

Sir Wyn Williams: Forget the draft point for the moment, whether they’re the draft or final version, to me, your paragraph reads as if the Board received both documents?

Christopher Day: I think – I can’t be completely sure that the whole of the Board received the full long document because I can’t recall who it was who said “This is not in a form that is acceptable for the Board”. It may have been the Chair or somebody else, I don’t think it was myself. So it’s possible, sir, that it didn’t come in its entirety to the full Board.

It would have come to some of the Board and been rejected as not fit for purpose. I can’t recall the – I had thought that both documents had come to the Board but the minutes don’t help me to be sure on that point. I’m –

Sir Wyn Williams: So is the true state of your – I don’t want to put words into your mouth. Are you saying this: that the second document referred to in paragraph 108 ending 069 reference, that was presented to the Board, so as far as you can remember, and, by “the Board”, all the persons who constitute the Board?

Christopher Day: Precisely, sir, but I haven’t seen the minutes which prove that to be the case. But I –

Sir Wyn Williams: No, but that’s your understanding –

Christopher Day: Yes, it is. It is.

Sir Wyn Williams: Right. So far as the first document is concerned, ending 062, your understanding is that some members of the Board, including you, received that document?

Christopher Day: Yes.

Sir Wyn Williams: Fine. You go on to say in paragraph 108, after identifying them:

“I can recall a sense of general disappointment by the Board. I cannot recall my views at the time, but looking at it now I think the Deloitte’s report was far too caveated and failed to reach any definitive conclusions on the reliability of [Horizon].”

So am I to understand from that, that your personal view is that the report which you received did not demonstrate conclusively, or even on balance of probability, that Horizon was robust because there were no sufficient definitive conclusions about that?

Christopher Day: Yes, that’s true, sir.

Sir Wyn Williams: Right.

Christopher Day: To be clear, I think we’re talking very much – I’m talking very much here about the shorter form report with a cover note from Mr Aujard.

Sir Wyn Williams: Right, okay. Again, sorry to cut across you but so my thought processes are clear: so of the document which you’re satisfied from memory went to the Board was a disappointment to the Board because it, in effect, didn’t reach definitive conclusions?

Christopher Day: Correct. We felt we were two years on, no further forward. We’d had a disappointing outcome in terms of trying to verify the integrity of the Horizon system from the Second Sight experience which had taken two years. We’d then, albeit rather belatedly, realised that we didn’t have a truly objective report on Horizon and this was our attempt to do that, and we find ourselves three or four months later with a report which essentially says the same things again: that the system is broadly reliable but we haven’t been able to test X, Y or Z. We couldn’t – we didn’t have documentation, sufficient documentation going back far enough for us to be able to fully test it.

By the time one had worked through the caveats, one was not left with anything that, in my personal view, took us any further forward.

Sir Wyn Williams: Right. Then, finally, and then I’ll hand over. So far as what I’ll call the long or the complete version is concerned, the document ending 062, which might be difficult for someone like me to understand, ought not to have been difficult or unduly difficult to understand for those members of the Post Office teams who had the relevant technical expertise; is that fair?

Christopher Day: That is fair.

Sir Wyn Williams: Right. So will there have been persons who received the full report who should have understood what it was saying?

Christopher Day: Yes, that would follow.

Sir Wyn Williams: Yes, and from memory, who would those persons have been, Mr Day?

Christopher Day: Well, it would have been the IT function, IT security, the CIO, working in conjunction with the General Counsel, who was custodian of this report but clearly not an IT expert himself.

Sir Wyn Williams: Right. So by name: Ms Sewell –

Christopher Day: Yes.

Sir Wyn Williams: – and obviously Mr Aujard?

Christopher Day: Yeah.

Sir Wyn Williams: The most senior people, yes?

Christopher Day: Yeah, another name appears in the documentation that I was only reacquainted with very recently, a lady called Julie George, who was, I think, IT security person reporting in to Ms Sewell.

Sir Wyn Williams: Fine. Thank you very much.

Right, who wants to ask further questions?

Mr Henry: Mr Stein and I would like to ask further questions.

Sir Wyn Williams: Have you agreed which one of you is going first?

Mr Henry: I think Mr Stein has agreed that I should go first, sir.

Sir Wyn Williams: Right. Carry on then, Mr Henry.

Questioned by Mr Henry

Mr Henry: Good afternoon Mr Day?

Christopher Day: Good afternoon.

Mr Henry: Could I ask you, please, to be shown a document POL00333330, and this is an Audit and Risk Committee document, 20 January 2014. You were in attendance together with Ms Vennells, Ms Lyons and also Mr Aujard was in the chair.

Can we go to page 5 of 79, please. We can see that there is, 4.1, “Allegations relating to the integrity of the Horizon system”, Chris Aujard is described as being the owner of this matter on the Executive Committee, and it reads:

“There is a risk that allegations relating to the integrity of the Horizon system, if not contained, could raise wider questions over the robustness of our core systems and our ability to operate, damaging (amongst other matters) current partnerships, new areas of expansion and public and government confidence.”

Then there is reference to:

“Sparrow has established governance in place including proactive risk and issue management, with blockers to issue resolution escalated through to the programme board. Risks, Assumptions, Issues and Dependencies [RAID analysis] workshops are held monthly by the programme team and attended by the Risk Business Partner.”

Who was the Risk Business Partner?

Christopher Day: I’m not completely sure but I think it may have been David Mason.

Mr Henry: Who is he?

Christopher Day: He worked in, I believe, the Internal Audit and Risk Team. I think he’s named on the first page of this document.

Mr Henry: Thank you. So far as bow-tie status is concerned, bow-tie was a sort of risk management tool, but it’s already determined to be an issue, so no bow-tie document is being produced?

Christopher Day: That’s what it says here, yes.

Mr Henry: So that was January 2014. Now, the last annual reports and financial statements that you signed, before you resigned in January 2015, they were signed off by you and Ms Vennells on 25 June 2014, and I want to take you now to another document, which is POL00026716. You’re familiar with this because this is the annual report and accounts, isn’t it?

Christopher Day: Yes.

Mr Henry: Yes. These are important documents, are they not? They are required by statute?

Christopher Day: Extremely important, yes.

Mr Henry: Extremely important and, obviously, you want to give a true and fair view, an accurate view, of the business, don’t you?

Christopher Day: Correct.

Mr Henry: Right. Well, we know from the document that I initially took you to, the ARC document from January 2014, that there was concern about risks which could – relating to the integrity of the Horizon system – raise wider questions over the robustness of core systems, et cetera, et cetera?

Christopher Day: Yes.

Mr Henry: Now, I just want to ask you to go to one extract of this document. Could we go, please, to page 42 of 116. Can you see there “Engagement risk”, and beneath “Engagement risk” – and if we could just scroll up very, very briefly – we’ve got “Regulatory & compliance”, but I want to concentrate on “Engagement risk”. The only reference, I suggest, to the risk identified in the ARC meeting six months before, the risk, in other words quotation, that “allegations relating to the integrity of Horizon, et cetera, et cetera” is this as follows, and it reads:

“The support of our staff and subpostmasters and engagement with them during this significant time of change is key to the successful delivery of our strategy. Withdrawal or lack of support from our staff or subpostmasters, whether driven by concerns over existing programmes and initiatives or historic cases, could cause delays in the Post Office transformation programmes and limit our ability to meet business objectives.”

If we then go into the next column, it talks about:

“Failure to comply with regulation could result in fines, adverse outcomes for our customers and significant damage to the Post Office brand.”

That’s under Regulatory & Compliance. Sorry, go up to “Engagement risk”:

“Lack of support from staff and subpostmasters would jeopardise our ability to meet our strategic goals [et cetera, et cetera] reduced reliance on government subsidy.”

Then the next column:

“We maintain a fluid and comprehensive engagement programme with unions, staff and subpostmasters. These include regular meetings with the National Federation of SubPostmasters, the Communication Workers Union and Unite senior management briefings to staff [et cetera, et cetera]. We have a people plan aimed at addressing staff motivation and skill needs. This includes development of new leadership and reward frameworks and increased focus of recruitment and training. We have created a Branch Support Programme and planned further initiatives.”

If I were to suggest to you that engagement risk, those three columns, reading from left to right, are very carefully worded and delphic, what would you say?

Christopher Day: Well, the first thing I would say, in terms of my duties as a CFO and responsible for the annual report and accounts, is that, at no stage, did we seek to diminish or cover up the ongoing concerns that there were around Horizon, if that’s what you’re alluding to. But this would not be the point in the report and accounts to make reference. The auditors would – were kept abreast at all times of the findings of the Second Sight review. They reviewed the possibility at all times for contingent liabilities and/or provisions that would need to be made so –

Mr Henry: Really?

Christopher Day: Yeah. So my focus would very much on I need to disclose as much as possible to the auditors so that they can make a qualified judgement on whether they need to recommend creating a contingent liability or a provision. So that would be the hard technical answer to the question, rather than, you know, I wouldn’t seek to bury it in this text here.

Mr Henry: Okay. I mean, before we move on, you say, you know, that the auditors were kept fully informed about provisions for liabilities; you recall that?

Christopher Day: Absolutely. We had a conversation each year. I mean, it’s part of – it’s part of the sign-off process. You’re asked a very direct question about your knowledge of fraud, your knowledge of anything anomalistic, any ongoing potential legal issues across the business, and I think you’ll see from the report and accounts each year a progression of statements from the audit partner starting back in, I think, 2011/12 where mention is made of allegations about the Horizon system, through to 20 – my last year 2013/14, where there’s a much longer statement, which talks about discussions with management, which talks about ongoing investigations. At this point we do not recommend, or management, rather, do not feel it’s appropriate to put a contingent reliable in place and we concur with this you, but we will continue to monitor it.

So, from my perspective, my duty of care was to make sure that the auditors had all the information such that all of this could be divulged in the accounts at the appropriate place.

Mr Henry: But you’ve just said, and you said that you distinctly recall that, you know, the auditors were being made aware of provisions for liabilities and, presumably, that would also be, of course, the impact of any integrity issues on Horizon?

Christopher Day: Well, the two were interrelated, clearly.

Mr Henry: Of course. Could we go, please, to POL00099203. Yes, thank you so much. So this from Ms Vennells to Sarah Hall, and you know who Sarah Hall was, don’t you?

Christopher Day: Yes.

Mr Henry: Who was she?

Christopher Day: Financial Controller, who reported to me.

Mr Henry: The Financial Controller. Goes to all of the big names: Alwen Lyons, Mark Davies, you, of course, Ms Crichton. Can we go to page 3, and page 3, there is a reference to:

“… the Senior Manager confirmed that they agree with our view that there should be no provision”, about the Horizon report.

I wonder if we can locate that on the page. Yes. Do you see that?

“… the Senior Manager confirmed that they agree with our view that there should be no provision.”

That was in the context of the Horizon report.

Christopher Day: Correct.

Mr Henry: Do you see that? Also, at page 4, if we could go to page 4, that we have:

“As expected they asked about the impact on the accounts and I have assured him that we believe there is no impact.”

That was the consistent message: no impact, no provision needs to be made.

Christopher Day: That was management’s view but EY, of course, would exercise complete independent thought and evaluate, and that would have been referred from the senior management – the Senior Manager to the partner. They would not simply accept our assertion that there’s nothing to put in the accounts.

Mr Henry: But the fact is, and I return – we don’t need to put it back up on screen – when I was asking about delphic, there’s no mention in the ARA that you signed off in June 2014 of the risk of historic miscarriages of justice, is there?

Christopher Day: I didn’t see any, no.

Mr Henry: No, there isn’t. There’s no mention of impending civil litigation or the risk of impending civil litigation either. The JFSA aren’t even mentioned once.

Mr Day, this really was going into ultra defensive mode, wasn’t it? It was trying to contain, keep the lid on the problems with Horizon integrity, wasn’t it?

Christopher Day: I don’t believe it was. I mean, the 2013 accounts, bear in mind, would have been signed almost exactly simultaneous with the Second Sight Report and, bear in mind, that was an Interim Report, there was still a lot more work to be done, and the key finding was that there were no systemic issues with the system found at that point in time.

So I’m absolutely confident that what we said in the 2012/13 accounts was completely justifiable. I’m slightly less clear on the ‘13/’14 points but I’m recalling that the Mediation Scheme was still running, albeit it was at a much higher level of claims and compensation claims at that point. So I think you may have a stronger point for the ‘13/’14 accounts, but I can’t remember the exact wording of what was said about the contingent reliability there.

But the only other thing I would say is that the experience of the organisation at that time, I accept we know differently now, was that we’d been through this relatively difficult period of not strong enough IT controls, we’d come through that, we’d successfully closed all the doors, admittedly, in retrospect, I wish we’d looked back at what might have happened before we closed those doors. But that was the context for feeling that we were making progress forwards and that, albeit the Mediation Scheme was much bigger and had taken much longer to complete than we originally envisaged, we were getting towards the end of the process. That was the context of the feeling in the middle of 2014.

Mr Henry: Forgive me but wasn’t the mediation process a sham?

Christopher Day: No, I don’t think so at all.

Mr Henry: Anyway, let’s go to POL00021525 and this, as we can see, is minutes of a Board meeting held on 21 May 2014. So just tying this in with the answer you gave to my last question, the Board must be feeling more confident now, they think they’re making progress, et cetera, et cetera; do you agree?

Christopher Day: Yes, this will have been before the accounts were finalised but, yes.

Mr Henry: So why is it, then, that the Board is allergic and hypersensitive to the inclusion of Project Sparrow in the report and the determination that it should be excluded?

Christopher Day: Sorry, from which report? From the report and accounts?

Mr Henry: Yes. I want to take you, please, now to page 6 of 14, which will give you context for this. 6 of 14 at letter (f). So “Annual Report and Accounts”, letter (f):

“The Board discussed the inclusion of Sparrow in the report and agreed that it should be excluded. However, the business agreed that it would be appropriate to include a paragraph in the CEO overview to explain the size of the enterprise risk and the major transformation programmes being undertaken, referring back to the risks already highlighted in the CFO report.

“Action: Mark Davies.”

Mr Davies, your comms man, why is he being given this responsibility in connection with the annual report and accounts, in relation to Project Sparrow, which is dealing with the risks of Horizon litigation, both civil and criminal?

Christopher Day: Well, firstly, he would be responsible for drafting all of the elements of the annual report and accounts that weren’t my direct responsibility. So the financial statements would be my responsibility and the rest of it would be, initially, Mark Davies’ responsibility, reporting in to the Chair and Chief Exec. I can’t answer why Sparrow at this point was seen to be more in the, I guess, discursive part of the report and accounts and, therefore, included within the CEO overview, but the only thing I can think is that, as I mentioned before, because we hadn’t – or the auditors had decided not to put in a financial contingent liability or provision, it was seen as more of a general risk, than a specific financial risk.

Mr Henry: Can you help, but the paragraph in the CEO overview to explain the size of the enterprise risk and the major transformation, that all got lost in the wash, didn’t it?

Christopher Day: I admit, it looks slightly unusual in that, by this stage, it was a material financial risk, but there is a context that the other major transformations that were going on, the Network Transformation Programme, the IT Transformation Programme, by this stage, there was even a third one, which was called a Business Transformation Programme which was about taking huge amounts of cost out at the centre, I think this is an attempt to try to put together all of these big ongoing financial costs and risks, but I accept that, at face value, it looks slightly odd to lump Sparrow in with those.

Mr Henry: It’s all part of sleight of hand, “léger de main”, isn’t it. It’s to put the best possible gloss on the situation without actually revealing the unvarnished truth?

Christopher Day: No, not my recollection at all.

Mr Henry: I’m going to have to deal with matters shortly now because there’s a technical problem with uploading certain of the documents but I want to put to you the straight contradiction. We’ve seen documents that suggest that the Board were concerned about their personal liability in relation to this, and you were of course tasked with dealing with the insurance position both in respect of professional indemnity and Directors’ and Officers’ insurance?

Christopher Day: Correct.

Mr Henry: Right. Disclosure to the insurer was made but there was no reference to this in the annual reports and accounts. Can you explain why that was?

Christopher Day: I’m not sure why you would expect there to be.

Mr Henry: Well, if it was a matter of such importance – and not necessarily the act of reporting to the insurer but the matter upon which your duty, as you saw it, arose that you had a duty to inform your insurers – why wasn’t that matter given greater prominence, which is, of course, the potential existence of bugs, errors and defects and also the conduct of Mr Gareth Jenkins?

Sir Wyn Williams: Well, I don’t think he can answer the latter part of that question unless you are challenging his evidence that he had no idea of the Clarke Advice.

Mr Henry: I do have a document that might be relevant to that, sir.

Sir Wyn Williams: Right.

Mr Henry: I am anxious, I don’t want to be unfair to you, Mr Day, but, I mean, do you see the – we’ll go to the documents straightaway but do you see what I’m getting at? If it’s so important that you have to notify your insurers, why isn’t the risk that necessitated that disclosure to your insurers properly reflected in the ARA?

Christopher Day: Yes, I understand the point. I don’t know. I don’t equate the two. It was a – it was good governance to inform the broker, you’ve seen the list of emails around – I think it was unfortunate phrase “not scaring the horses”, there was a concern that if you didn’t inform the broker in – as soon as you were aware of a possible reliability: (a) you might not be covered; (b) you might suffer much higher premia in the future.

Although it clearly was a material risk, I don’t think the fact of needing to report it to our broker had a bearing on what I would show in the annual report and accounts.

Mr Henry: Right.

Mr Day, thank you. May I just mention something to you, sir?

Sir Wyn Williams: Yes.

Mr Henry: I was hoping to take it without going to the documents, which are yet to be uploaded but I think in fairness, because I’m not going to be suggesting to this witness that he is lying but that he may have forgotten something, and –

Sir Wyn Williams: Just a second, Mr Henry.

Could the document on screen come down so I can see Mr Henry clearly. Thank you. That’s better.

Yes, sorry, Mr Henry.

Mr Henry: I’m so sorry to trouble you with this, sir, but unfortunately there are three documents which can only be uploaded if we have a short break and –

Sir Wyn Williams: Well, it is – how long are you going to be, Mr Stein?

Mr Stein: Sir, I think in the region of 12 to 15 minutes.

Sir Wyn Williams: Let’s have our 12 to 15 minutes of Mr Stein, if you don’t mind, Mr Henry, then the documents can be uploaded in the short break, and then you can conclude. How about that?

Mr Henry: I’m very grateful to you, sir. Thank you so much.

Sir Wyn Williams: Fine. Over to you, Mr Stein.

Questioned by Mr Stein

Mr Stein: Thank you, sir.

Mr Day, I’ve a series of questions which relate to the way that financial matters were dealt with within the Post Office, which hopefully you’ll be able to help with. You came to the Post Office from the BBC where you worked as Group Financial Controller for what, six years –

Christopher Day: Yes.

Mr Stein: – BBC, yeah? Then, for the last period of time at the BBC, you were then working as acting Chief Financial Officer; is that right?

Christopher Day: Not the last period of time but an interim period in 2008.

Mr Stein: Right. So you had some experience of that and then you joined the Post Office and, essentially, your duties as Chief Financial Officer remained the same for your three-year period; is that right?

Christopher Day: Correct.

Mr Stein: I think you described those duties within your statement – paragraph 16, sir, for your note – day-to-day, you say this: that you were responsible for financial accounting, management and statutory reporting, budgeting, financial planning – forgive me for shortening this, but you go on, essentially, to say all aspects of financial matters within the Post Office; do you agree?

Christopher Day: Correct.

Mr Stein: Right, okay.

Now, a couple of weeks ago I asked a number of questions of Mr Cameron that related to the way that shortfalls were dealt with within branch accounts; okay?

Christopher Day: Yeah.

Mr Stein: Now, those questions were about the issue which was where the Horizon system would identify, correctly or incorrectly, that there was a shortfall within a branch account, how that was accounted for within the Post Office systems, okay? All right.

So let’s try and – and stop me when I go wrong with this, okay? So let’s try and work out what actually happened. Branches, as you are aware from the history of this matter, would be told by the Horizon system that there’s a shortfall on occasions and the branch manager and staff were then encouraged – I use that as a neutral expression – to then pay to cover the shortfall; you’re aware of that?

Christopher Day: Well, via a transaction correction.

Mr Stein: Right. Well, let’s start right at the beginning. Do you agree that, on occasions, the Horizon system would suggest there’s a shortfall, in other words that the branch needed to pay a sum of money to correct, to balance, the system?

Christopher Day: If there was a discrepancy between the cash that had been paid in, for example, and the amount that had been put into the – input into the system and that that didn’t correspond with the client’s understanding of the transaction, that could happen.

Mr Stein: Right. Well, Mr Day, you must have been following this matter because it’s been part of the Inquiry now and, indeed, history of this for quite some time subpostmasters; being confronted with a suggested shortfall in their accounts; you must be aware of that?

Christopher Day: That’s a possibility. I understand that, yes.

Mr Stein: What do you mean a possibility? Many, many subpostmasters say it actually happened. It’s not just a possibility, Mr Day.

Christopher Day: Yes, but I – yes, okay.

Mr Stein: Okay.

Christopher Day: Yeah.

Mr Stein: So we’ve got that as our starting point. Now, the technical bits that I need your help on our these: we know from Mr Cameron’s evidence that that situation, that the debit amount, the shortfall amount, that debit was held as an amount owed by the postmaster; do you agree with his evidence on that?

Christopher Day: Yes.

Mr Stein: Right. Now, next bit. Do you agree to hold a debit against a subpostmaster would require a credit to be posted to the POL Post Office financial accounts?

Christopher Day: Not necessarily.

Mr Stein: Right. Why not?

Christopher Day: Because, as I understood it, mismatches would be investigated. They wouldn’t automatically put through as a debit to the postmaster and a credit to the Post Office. It wouldn’t work that way. The two sides of the transaction would be – attempt to be married up, where they didn’t marry up completely, they would be investigated. That would either result in a transaction correction, transaction adjustment, which the subpostmaster would have full visibility of, or it – in far more cases, as I understand it and understood it, far more cases, there would be a credit balance in the suspense account, which would result from the client company having demanded less of a – having expected less from a transaction than the subpostmaster had input at their end, ie the vast majority of credit balances would relate to discrepancies between Post Office at the centre and clients, rather than subpostmasters.

But I don’t discount the possibility, clearly, that a balance could exist there from a subpostmaster.

Mr Stein: Right. You are aware of the evidence from subpostmasters, Mrs O’Dell provided a good example. On checking the records of the helpline, she was being told that there’s a shortfall. She said, “It’s not my fault, nothing to do with me, I don’t know what’s going wrong”, she said that repeatedly and she was told basically “Pay up, it’s your duty”. Are you aware of such evidence as that?

Christopher Day: I’m aware of such evidence. I actually think it’s regrettable that the onus was on the subpostmaster to prove that – through evidence, that it was not their fault. I think that’s very unfortunate.

Mr Stein: Unfortunate may be a slight understatement; do you agree?

Christopher Day: I do.

Mr Stein: Right. Okay. So in the situation that we’ve just described, I’ve used Mrs O’Dell as my example, she’s being told there’s a shortfall for X sum of money, she’s got to pay up, okay? Now, in that crude situation, which was real for her and existed for many subpostmasters and mistresses, do you agree that that would mean that there was a debit against the subpostmaster/mistress’s branch and that that would require a credit to be posted within the Post Office financial accounts, in other words to make the balance? It’s a double entry bookkeeping system –

Christopher Day: I get the – double entry. I think the – I don’t think it’s as final as that. I think it would have been in the suspense account for the Post Office pending resolution, pending investigation. And, again, my view, my direct experience of suspense accounts would have been very much from the top down materiality. I accept that I wouldn’t have had visibility of sums which could be material to individual subpostmasters.

Mr Stein: Right, okay. Well, let’s just put aside suspense accounts for a moment because we went through that with Mr Cameron, who described them as a red herring, okay? So let’s just go with our crude example, all right? So what I’m after is this: we know that on occasions subpostmasters were confronted with shortfalls. Those shortfalls weren’t identified to any individual transaction such as stamps. They were just told: there’s money owing to Horizon, okay? Just stay with that for a moment.

Money was then paid in by a branch manager or mistress or employee at the branch and that money went into the accounts. You’re with me so far?

Christopher Day: Yes.

Mr Stein: Right. Now, the bank underwriting Post Office was the Bank of Ireland, correct?

Christopher Day: Yes.

Mr Stein: Right. So the actual money paid in through either a cash injection into the system or digital transaction, actually went to the Bank of Ireland; do you agree?

Christopher Day: I’m not sure about that.

Mr Stein: Eventually, it would go to the Bank of Ireland. Surely? They’re the bank that underwrites it. I’d be surprised if they went anywhere else.

Christopher Day: Okay.

Mr Stein: Well, Mr –

Christopher Day: No, that wasn’t my recollection but –

Mr Stein: Where did it go? Did it go into bonuses? What happened to it?

Christopher Day: You may be right.

Mr Stein: Well, quite.

Christopher Day: But I come back to the point, which is, it wouldn’t automatically – I think I know where you’re going with this and it isn’t as simple as debit the subpostmaster for an account that they don’t – for an amount that they don’t actually owe, credit central Post Office. There would have been a fundamental mismatch in the – in some part of the transaction that would need to have been investigated.

Mr Stein: Right. Sorry, Mr Day –

Christopher Day: And that’s why I come back to suspense accounts because that’s the only place it would go pending final accounting determination of treatment. It doesn’t automatically go into either the Bank of Ireland or the Post Office’s back pocket. That’s not the way it would work. It would be an unreconciled item that would be investigated. And what I’ve shared with you is unfortunately, I was not close enough to seeing those individual balances, which I absolutely now understand were material for individual subpostmasters.

My view of suspense accounts was “Tell me, Financial Controller, or Ernst & Young, if there’s anything material that I need to be aware of”, and that’s not just size; that’s anomalies, that’s things which have been there for too long and haven’t been resolved. And that would have been my check and balance that things were working correctly.

Now on a smaller scale, the team in Chesterfield, Rod Ismay’s team, would have been routinely, every day, every week, reconciling all of the individual transactions which would throw up exceptions that they would investigate and, in the vast majority of cases, would either write off the balance or process a transaction correction which a subpostmaster would then have the ability to accept or reject. And, just to repeat myself, my regret is that it’s clear – and I think it came up in somebody else’s evidence – that the onus unfortunately was it was asymmetric, it was very much on the subpostmaster to prove that they had not made a mistake and I think that’s regrettable.

Mr Stein: Or another way of looking at that, Mr Day, is that the only choice they really had was to accept, in other words, accept that they owed the money, when they may well not have done, if it’s a Horizon error/defect?

Christopher Day: Well, I would hope that wasn’t the case.

Mr Stein: Mr Day, you seem to be referring to this as though these things didn’t happen, and you’re aware of the High Court judgment, you’re aware that this went to the Criminal Court of Appeal, where there have been findings consistently that what I’ve described actually happened to a lot of subpostmasters. Do you reject all of that?

Christopher Day: No.

Mr Stein: Right, okay. Now, what we’re tying to find out is what happened to subpostmasters’ money. Where did it go through the accounting systems? Do I get, from your evidence, that you don’t really know? You cannot tell me that it went into a specific account or part of the accounts with a specific name to it; is that what you’re trying to tell me?

Christopher Day: I’m not saying I don’t know, I’m saying it would have gone into a suspense account. It wouldn’t have automatically gone into the consolidated Post Office Accounts. So it would have required reconciliation, investigation.

Mr Stein: You’re saying lots of “would have”, you don’t understand though the detail of what actually happened or not. That’s down to Mr Ismay’s team –

Christopher Day: Well, I –

Mr Stein: Okay –

Christopher Day: I’m piecing together what I now understand from other people’s evidence and from documentation that, at the time, because I had no reason to be that close to it, I would not have known.

Mr Stein: Right. Let’s try it really crudely. There’s a debit on the system for a branch, through an alleged shortfall. Yes? You’re saying there’s some sort of system Mr Ismay is operating it with his team at a micro level that should be looking into this. Lots of questions about that, that’s not your part of the system, okay? Right. Now where within the accounts, you saying, are you, the suspense accounts again? Are you saying there’s a suspense accounts with debit, the alleged shortfall, somewhere being referenced within it? Are you saying that?

Christopher Day: That’s the only conclusion I can reach.

Mr Stein: So you don’t know the answer to the question? You’re saying this is your best guess; is that right?

Christopher Day: Yes.

Mr Stein: All right, well, I think I’ve taken that about as far as I can.

Can I then deal with one other matter. Mr Cameron referred to the fact that if a postmaster had not paid up within about 60 days what the Post Office considered a debt, then it was written off to the profit and loss account; is that right or is that wrong?

Christopher Day: I don’t recollect. I don’t recollect the time period.

Mr Stein: Right. Well, that’s what he said. If such time period had existed, would you have expected there to be a policy, a rule or procedure, which set out the 60-day write-off policy?

Christopher Day: Yes, I expect there would have been a policy. I don’t know who in the organisation would have been responsible for making those decisions. It may have been Rod Ismay’s team in Chesterfield. Had it been a larger amount, it might have been escalated to the Financial Controller in London, possibly even to myself.

Mr Stein: Right, bringing all these things together, so you’re suggesting Chesterfield, Mr Ismay’s team dealing with these matters, looking at corrections, looking at investigating matters, all of these things you supposed happened, all of that to transactional system going on within the Post Office Accounts, was that the subject of reporting back up to you as the Chief Financial Officer? In other words, were you cited on the comings and goings of these transactions, what’s happening, or not: a report an update, something?

Christopher Day: Only by exception.

Mr Stein: Only by exception: just briefly explain that?

Christopher Day: Only by exception in terms of something which could not be resolved between my Financial Accounting Team in London and Rod Ismay’s Finance Service Centre, and I don’t recall – that may have happened a very small number of times.

Mr Stein: So what you mean by exception is something they regarded as exceptional might then be kicked upstairs for you to –

Christopher Day: Yeah, and that could either be by size but it would be very unusual for something very material, sizewise, to not be – to not have a clear genesis and resolution. Perhaps more likely would be I might be asked to write off things which had been hanging around for too long.

Mr Stein: At the time when you were in your three years as the Chief Financial Officer at Post Office, were you aware that, as you and I have discussed, the onus was being put on subpostmasters to pay up in the way that you and I have discussed?

Christopher Day: No, I regret I wasn’t aware of that.

Mr Stein: When did you become aware?

Christopher Day: Through this Inquiry.

Mr Stein: Thank you, Mr Day.

Sir Wyn Williams: Right. We’ll now have a short break of – well, let’s say 3.00 so that, if there are any difficulties with uploading the documents, we have a bit of time to do it, and then Mr Henry can ask his questions on the newly uploaded documents. All right?

Ms Hodge: Thank you, sir.

(2.45 pm)

(A short break)

(3.00 pm)

Ms Hodge: Welcome back, sir, can you see and hear me?

Sir Wyn Williams: Yes, thank you, yes.

Ms Hodge: Sir, we have some further questions from Mr Henry who will be followed by Mr Moloney –

Sir Wyn Williams: Yes.

Ms Hodge: – just to alert you to the fact that Mr Moloney will also be asking some questions. I think we have resolved the issues in relation to documents, so I’ll hand you over to Mr Henry.

Sir Wyn Williams: Right, Mr Henry.

Further Questioned by Mr Henry

Mr Henry: Thank you, sir, and thank you to my learned friend, Ms Hodge, I’m very grateful.

Mr Day, you remember the July 2013 Board, don’t you?

Christopher Day: 16 July, yes.

Mr Henry: You have a recollection of that. The Board were concerned about claims for wrongful prosecution, weren’t they?

Christopher Day: It appears so from the minutes, yes.

Mr Henry: Do you have an independent recollection of that or are you just now going on the papers?

Christopher Day: I don’t have an independent recollection. I’m going on the papers and I’ve pieced together other papers that I’ve seen more recently.

Mr Henry: I see. Can I ask for this to be put on the screen very briefly – you’re not copied in to it but you’re referred to in it – it’s POL00164253. Thank you so much. If we could just blow it up a little bit. Yes. This is from Belinda Crowe/Cortes-Martin to Rodric Williams, Mr Singh, Charles Colquhoun and Chris Aujard:

“I now have the actual action from the Board. Copying Charles as he will need to assist with this, and also get signed off through Chris Day.”

That’s to do with insurance, isn’t it?

Christopher Day: I believe it is, yes.

Mr Henry: Yes. The subject is, however, “Enquiry re: Current Prosecutions”, and then the following, in bold:

“The Board asked for a note from the General Counsel explaining who was named in past prosecutions and the liability for the Business and individual Board members. The note should also include information on both [professional indemnity] and D&O insurance cover.”

Can you just help us, please: “who was named in past prosecutions”; was that, as it were, the Board saying that they wanted to have a list of everybody who’d been prosecuted?

Christopher Day: Well, I note, first of all, this is five months later. This is December 2013.

Mr Henry: Yes.

Christopher Day: So I don’t understand the direct link from the – that you made to the 16 July 2013 Board. A lot of things will have happened between those two dates.

Mr Henry: So –

Christopher Day: Sorry, and I don’t understand, at first glance, why they’re asking about specifically named people in prosecutions but I have to believe that things had moved on a long way since that 16 July Board meeting.

Mr Henry: I see. I mean, who was named, I mean, that could be, for example, a list of who had been prosecuted, could it not?

Christopher Day: Possibly.

Mr Henry: It could be, of course, who was on the hook for liability although that is dealt with separately, and the liability for the business and individual board members.

Christopher Day: Could it not also refer to Post Office versus Royal Mail Group?

Mr Henry: Exactly. Could be that as well. But I want to just ask you please to consider this: if you were going to advise the Board and take ownership of notification and reporting on this very, very important issue, you ought to have been apprised of all of the relevant facts, ought you not?

Christopher Day: As it relates to potential insurance claims, absolutely.

Mr Henry: That, of course, would include the issue raised by the Clarke Advice, if not the Clarke Advice itself, but certainly the issue raised within it, namely the fatally undermined credibility of a witness who had acted as an expert for the Post Office in prosecutions and had brought the Post Office’s duties into disrepute.

I’m very grateful for some clarification. It should be “in whose name was past prosecutions brought”. So I think, therefore, it is a toss-up between RMG and POL. So ignore what I was exploring with you about a list of potential defendants; it looks as if the email – and I’m very grateful for this to be drawn to our attention on behalf of Ms Vennells – but it looks to be the question in whose name the prosecution was brought.

But leaving that aside, do you accept that you ought to have been properly advised about Mr Gareth Jenkins’ position, in order to properly advise the Board as to risk and also to give proper and full notification to the insurers?

Christopher Day: I haven’t considered that. To the best of my knowledge, the only time I or my team were involved in liaising with the insurers was directly after the receipt of the Second Sight Report, in July 2013. I don’t – I’m not saying it didn’t happen but I don’t recall any subsequent updates to our brokers or insurers.

Mr Henry: But I’m asking you as to whether you ought to have been, not whether you were or not, but whether you accept that, in order to advise the Board properly as to risk and also to fulfil your obligations because they had been delegated and deputed to you, so far as notification to your insurers, you ought to have been apprised of all material risks?

Christopher Day: Possibly, but I, on reading this, I see that it splits between a legal view and an insurance view. I accept that the two are interrelated.

Mr Henry: Did you notify RMG’s insurers?

Christopher Day: I believe so, yes.

Mr Henry: You did. Okay. Let’s move on, then, please, to POL00021991. This is an email from a Mr Andrew Parsons. Did you ever come across Mr Parsons?

Christopher Day: I’ve only known the name through the Inquiry.

Mr Henry: Only through the Inquiry. So POL00021991, and David Oliver to a number of people, including Belinda Cortes-Martin and could we scroll up, please. It’s 12 March 2014 and, if we concentrate on number 3, “Insurances risks note”:

“This note had the dual purpose of advising the board (its contents were later reflected in a board paper) and acting as notification to [the Post Office’s] insurers – hence why this doesn’t look like a traditional piece of legal advice.”

Now, I want to show you that document now, the one that is referred to as an “insurances risk note” because of the dual purpose and the fact that it states that its contents were later reflected in a board paper so could we go, please, to POL00021996, please.

What I’m going to suggest to you is that, on the presumption that this did go before the Board in one form or other, as indicated by Mr Parsons, then you would have been apprised of the problem with Mr Jenkins. Could we go, please, to – you can see it’s called Horizon Risks. Could we go to page 2, please, and there we see, “Risks to Post Office: Prosecutions & Convictions”, and this, of course, would be materially important and of interest to the Board, would it not?

Christopher Day: Yes, if it went to the Board, yes.

Mr Henry: Yes. I omit the first paragraph but I concentrate on the second:

“In particular, the expert evidence of one Post Office witness, Dr Gareth Jenkins of Fujitsu, may have failed to disclose certain historic problems in the Horizon system. Under the criminal prosecution guidelines, Post Office has an obligation to disclose (even retrospectively) this previously undisclosed information to subpostmasters’ defence counsel. Post Office is required to make these retrospective disclosures where the additional information (ie Dr Jenkins’ knowledge of historic, but now resolved, problems with Horizon) may have undermined a prosecution case or assisted with an accused’s defence.”

“Civil Risks” is then mentioned:

“Although the law firm Shoosmiths threatened to bring a group action against the Post Office for problems in the Horizon system, this did not materialise.”

I omit words:

“Nothing has been heard from Shoosmiths in the last 12 months. However, it is understood that Shoosmiths has around 120 subpostmasters on a register of possible claimants, though as yet no further attempts at litigation have be threatened.”

“Criminal/Civil crossover claims”, can we go up, please. You agree that all of this is highly relevant for the Board’s consideration, isn’t it?

Christopher Day: Absolutely.

Mr Henry: Yes. Could we just scroll up, please, further, “D&O Risks”, “At a meeting with senior representatives of [Justice for Subpostmasters Alliance]”, again, reference to a potential claim against directors of the Post Office; do you see that?

Christopher Day: Yeah.

Mr Henry: Then scrolling up, please, “Summary”:

“Post Office is in a highly contentious situation and therefore finds itself open to litigation from a number of different sources. It is also quite possible that Post Office’s directors and officers may find themselves caught up in this litigation, even though at present a claim against an officer or director would not appear to have any merit.”

It is dated 15 August 2013.

I mean, isn’t that clear now, sir, that you must have been apprised of the Gareth Jenkins issue?

Christopher Day: I have no recollection of that. I’ve no recollection of this document, and I’d like to see where it was discussed in the Board minutes.

Mr Henry: Certainly, it has been referred to by Mr Parsons as having been submitted to the Board or for the Board’s purpose, the dual purpose, and then formed the basis of a paper to the Board but this doesn’t jog your memory at all?

Christopher Day: Absolutely not. I would be as sure as I can be that I’ve not seen this document before. I did not commission it. I would go further and say until this Inquiry, I didn’t even know the name of the expert witness.

Mr Henry: So can I just help you, who else was dealing with insurance, apart from you, where – was Alasdair Marnoch, one of the Non-Executive Directors, also dealing with it?

Christopher Day: I think I may be able to help there. I think there is a reference in the document, just going back in time, you’ll recall my somewhat unimpressive attempts to address the various NEDs’ questions about insurance. I think when you get to about March 2014 – I think I’ve got the date right – there’s a request – it clearly goes to the legal – the Legal Team to look at it and I think, at that point – I’m not saying it was taken out of my hands but I think it took on a completely different dimension.

Now, I’m just speculating now but that’s the last document which I saw relating to insurance.

Mr Henry: Now, you mention there that it appeared to have been taken out of your hands. You mentioned earlier in your evidence when you were being asked questions by Counsel to the Inquiry, Ms Hodge, that, in respect of the Deloitte matter, you felt that the audit trail, so far as things that you had wanted instigated, had gone cold. Do you feel a concern now that there may have been, as it were, an inner or an outer circle and that certain members of the Board would not have been apprised of this risk?

Christopher Day: No, I’m not saying that.

Mr Henry: You’re not saying that? So you’re not saying that this was being kept from you?

Christopher Day: Well, there’s a separate point around legal advice, generally, which is I think we’re all – you’ve seen other people’s evidence to the effect we don’t understand why we weren’t given the advice, sometimes didn’t know it existed. I didn’t approve budgets to sign off what looks to have been quite expensive pieces of legal advice. That’s a general point.

On this specific, I would be very surprised if this had come to the Board in this form, because I – it would certainly have been familiar to me if it had.

Mr Henry: Well, if not you, then who is responsible for managing this issue?

Christopher Day: Well, it can only be a small group of people who were clearly taking this forward, which was Mr Aujard and Ms Crowe. I don’t know who else they were working in concert with but I’m as sure as I can be that this advice did not come in this form to the Board. I stand to be corrected if you can find a minute.

Mr Henry: This is before Mr Aujard arrives because it’s dated 15 August?

Christopher Day: I beg your pardon, Ms Crichton.

Mr Henry: But, I mean, Ms Crowe wouldn’t act of her own volition on something of this importance. I mean, who at a Board level is going to be accountable and take ownership for this? Because, obviously, if the board was apprised of Mr Jenkins’ alleged misfeasance or wrongdoing, then a number of things flow but I’m only going to concentrate, for this purpose, on the ARA, that ought to have gone into the annual report and accounts, a matter of that gravity.

Sir Wyn Williams: Well, I think, Mr Henry – I don’t want to stop you, because this is quite an important document, but we have had evidence from Ms Crowe, as she was, and I don’t believe this document was put to her. I’m not criticising anybody because I’m rather assuming it’s a document that has surfaced comparatively recently, although I may be wrong about that.

We’ve also got Ms Perkins coming tomorrow and we have Mr Parsons coming next week or the week after. Now, on the basis that we accept, for these purposes, that what Mr Day is saying is accurate, that he personally had not seen this document at all, so far as he can remember, I think this line of questioning should be put much more pertinently to Ms Perkins and/or Mr Parsons and, for that matter, even though she’s already given evidence, Ms Crowe.

Mr Henry: Well, thank you, sir. I’m sorry for the oversight, so far as Ms Crowe.

Sir Wyn Williams: No, no, I’m not blaming anybody. I’m just saying these things happen in an inquiry and I think – I may be wrong – but it’s the first time I’ve seen this document in public in this Inquiry for certain.

Mr Henry: Well, I will take your steer, sir, and I will ask Mr Day no further questions.

Sir Wyn Williams: Fine. Just before we – in case I am wrong about that, I won’t ask Ms Hodge because she’s only recently returned but I think Mr Blake is still there.

Is my understanding about this correct, Mr Blake?

Mr Blake: Yes, sir, although in terms of how long we’ve had this document for, I can’t assist with that.

Sir Wyn Williams: No, but am I right in thinking that it hasn’t surfaced, so far as you can recall, in any questioning of witnesses to date?

Mr Blake: I think that’s correct.

Sir Wyn Williams: Does anybody in the room – I’m now inviting anybody to contradict me, if they think that I’ve got that wrong and we have seen it before.

Mr Blake: No, we think this is the first time. I can say for certain that I know that it is in Rule 10 requests for witnesses in the coming weeks.

Sir Wyn Williams: Right. Fine. Then I think I will allow you to accept my steer, Mr Henry.

Mr Henry: Thank you, sir.

Sir Wyn Williams: Mr Moloney.

Questioned by Mr Moloney

Mr Moloney: Thank you, sir.

Mr Day, I just want to ask you about the 2014 Deloitte report, if I may.

With the Deloitte report, Post Office wanted to get to the bottom of any questions around the integrity of the Horizon system; is that right?

Christopher Day: Correct.

Mr Moloney: Yeah, and I think you said that the Board was disappointed with the Deloitte report because it didn’t seem to take things much further forward than things that had been before it?

Christopher Day: Correct.

Mr Moloney: We now know that the Deloitte report showed that audit data could be deleted and replaced in an undetectable manner. Inevitably, Post Office had to deal internally with the implications of the Deloitte report.

Christopher Day: Yes.

Mr Moloney: You’ve mentioned to the Chair, I think it was just before the break, about the name of Julie George has come to your attention recently and you think that she might have been in charge of security around IT?

Christopher Day: Yes, that’s a document I’ve seen only very recently and also in others’ evidence.

Mr Moloney: Might I take you to that document –

Christopher Day: Yes.

Mr Moloney: – which is reviewed and signed off by Julie George and it’s POL00031409. That’s POL00031409 and, as you say, it’s been brought up before, which is the Zebra Action Summary. We can see that this is dated 12 June 2014, and the Deloitte report was, I think, either 23 or 24 May, it was late May, in any event, wasn’t it. We see that the authors here are James Rees and Emma McGinn and this is signed off by Julie George. If we go to page 2 of this report please under “Introduction”, we can see that:

“This document is in response to the Zebra review and highlights specific areas regarding the Horizon solution, outlined in Deloitte’s report, which suggested controls Post Office could implement to mitigate the areas the project highlighted.”

So it is, it’s about essentially internally actioning what Deloittes identified in the report.

If we go to page 6, please, we see 4.2.2, under remediation items, which start at paragraph 4, 4.2.2, which is “Data Logging”, and reads that:

“One point raised in the report was that it was possible for someone with privileged access to delete data from specific areas-off Horizon. This is always a risk with individuals using admin or power user accounts and is a persistent risk, one that needs to be catered for in almost any organisation.

“Due to the sensitive nature of the information contained in the databases, monitoring of those databases should be put in place using technology to detect and record deletions and administrative changes to the databases. If possible, alerts should also be generated for mass deletions and high level risk changes to database [schemes].”

The “Recommended remediation” was:

“The solution currently in place may be able to undertake the level of logging required within the Horizon solution. It is recommended that the current logging and logs are reviewed on a daily basis.

“This needs to be investigated further and the options on how to handle this defined through the risk management process and based on the solutions already in place or ones that could be procured to handle this.”

So this section of the report explains that there are no controls over this, absolute controls over this, and Post Office will need to do daily checks in order to make sure there had been no, as it were, phantom transactions or deletions, and so on. This is about deletion of data by people with sufficiently privileged access, here.

Did you see the report at or about the time of its creation, Mr Day; can you remember?

Christopher Day: I saw this document for the first time last week.

Mr Moloney: I see. May I take you, please, to an email that Julie George sent, and I think you saw this email –

Christopher Day: Yes.

Mr Moloney: – and if I could ask you about this, which is POL00346958. That’s POL00346958.

This is from Julie George on 17 June 2014, it’s to Rod Ismay, David Mason, Malcolm Zack and Gina Gould and it attaches the Zebra Action Summary Version 3, which we looked at just now, and it reads:

“Hello all,

“I have tried to call you Rod [Rod Ismay, obviously, in this context] – attached a Draft Summary of actions arising from Deloittes recent piece of work on the Horizon systems [confirming that it’s a Zebra Action Summary, to all intents and purposes].

“Clearly there is no blame attached anywhere [it continues] and this morning’s meeting with Chris Day, Chris Aujard, Lesley and Malcolm – focused on what we would need to put in place as an organisation to address overall assurance on all critical systems, starting with Horizon from 1 April.”

So it is plain that at that morning there’d been a meeting between you, Julie George, Chris Aujard, Lesley Sewell and Malcolm; in that context, would that be Malcolm Zack?

Christopher Day: Head of Internal Audit.

Mr Moloney: Head of?

Christopher Day: Internal audit.

Mr Moloney: Thank you. So there’s been that meeting that morning, but are you saying that you didn’t see the Zebra Action Summary at that meeting?

Christopher Day: I am as sure as I can be that I hadn’t seen the Zebra Action Summary but what I do think I was familiar with was a different paper which was authored by Chris Aujard, which was actions – Zebra actions arising from Deloitte’s findings would – I spoke about it this morning and, having read the documentation recently, the key points on that related to testing whether balancing transactions had, in fact, ever taken place beyond the one that was specified in 2010 and, secondly, something around the audit store integrity of testing around the audit store.

Those were the two things which sprang to mind. This email I saw recently, and it did jog a memory because I think I probably only met Julie George once, and so when I saw this, yeah, I had a vague recollection of a meeting, so that suggested that we did congregate – the key people who were capable of taking forward the management actions coming from Deloitte, did meet and do something – initiate a series of actions.

What’s missing is what on earth happened afterwards with any of those actions.

Mr Moloney: Quite, and can I come back to what on earth happened in a moment and just perhaps test your memory slightly, if I may, as to whether or not you might have seen this report but also ask you, first of all, about the additional document drafted by Mr Aujard. Do you have a clear recollection of this document, that, as it were distilled aspects of the Deloitte report?

Christopher Day: I don’t have a recollection at the time. I – that’s a document which I think I received in my Rule 9 bundle.

Mr Moloney: Okay.

Christopher Day: So I have become familiar with it.

Mr Moloney: Yeah.

Christopher Day: But, as I say, it’s conspicuous along with this email as being the only documents that we have to substantiate what happened post-Deloitte. I don’t know where the Deloitte review itself went, I don’t know where the instruction with Deloitte went. It’s – unfortunately I don’t recall anything and I have no documentation.

Mr Moloney: Just to test your memory, if I may, to see how sure you are about not seeing this document, obviously this email from Julie George circulates the Zebra Action Summary and speaks of how she has tried that day to call Rod, Rod Ismay, and then, in the following paragraph, says that:

“Clearly there is no blame attached anywhere, and this morning’s meeting with Chris Day, Chris Aujard, Lesley and Malcolm – focused on what we would need to put in place as an organisation to address overall assurance on all critical systems, starting with Horizon from 1 April.”

Would you not think that, if you were having that meeting and you were Chief Financial Officer, Mr Day, Chris Aujard, General Counsel, Lesley Sewell, CIO – Chief Information Officer – and Malcolm Zack, Head of Internal Audit, with Julie George, who was the Head of IT Security, so far as you can recollect, that if this document was available and been circulated just later that day, to these people who appeared to be members of ExCo, would it not surprise you if that document had not been dealt with in your meeting that morning?

Christopher Day: Not necessarily, no.

Mr Moloney: Right.

Christopher Day: I mean, I have only the vaguest memory of the meeting. I imagine it was quite a difficult meeting. I can see from the people who were there, that it would have been a serious meeting, which is what are we going to do about this but I do not recall us going through that document. And just the style and the font and the addressees of that document, I’m sure I’d recognise it if I’d seen it before.

Mr Moloney: Right. So can I take this from it: that you had a meeting that morning which focused on what you would need to put in place as an organisation to address overall assurance on all the critical systems, starting from 1 April, but you think that this document was not – you’re sure that this document was not, as it were, produced to you in that meeting?

Christopher Day: Yes, because the – as sure as I can be. The other document that I’ve referred to, the Chris Aujard paper, when I read it, felt much more familiar. So it’s possible that that was a document we reviewed or that we didn’t review any document.

Mr Moloney: Then just, finally –

Christopher Day: Sorry, just to say it would be rather strange for all these people to meet and just pore over a document. I think it would be much more likely to be a discursive meeting around the broad findings of Deloitte at that point and the actions that are going to be taken, and I think I’ve seen elsewhere, possibly Ms Sewell’s evidence, that a series of actions were undertaken for which she took functional responsibility but with the aim of delivering them by the end of the financial year, 31 March 2015. That’s – when I saw her evidence, that felt familiar but that’s all, really.

Mr Moloney: Yeah. Just to round it off, then, essentially, so far as you’re concerned, from hereon in, then, as you told the Chair, responsibility for actioning what was necessary passed to Lesley Sewell, Chris Aujard and Julie George, so far as you were concerned?

Christopher Day: Yes, to be precise, it would be functionally Lesley Sewell but Chris Aujard was taking responsibility, as you saw, throughout the whole Project Zebra, of pulling the whole thing together. So it would be principally those two, and I’m less clear on exactly what Julie George’s role was. I think she’d only just joined the organisation. As I say, I think this was almost certainly the one and only time I met her, so I’m not sure how involved she was in taking the actions forward but, primarily, it would be Lesley and the IT Team and Chris Aujard and the Legal Team.

Mr Moloney: Thank you very much, Mr Day. That’s all I ask.

Sir Wyn Williams: Thank you very much.

Is that it, Ms Hodge? No.

Ms Hodge: Two matters, please. Firstly, I believe that Mr Day may wish to say something. Is there anything you wish to say, Mr Day, which hasn’t already been covered in –

Christopher Day: Well, it seems rather late now but I would like to say that I am extremely sorry for the devastating impact the Horizon scandal has had on so many subpostmasters and their families and it’s extremely regrettable.

Ms Hodge: Thank you, Mr Day.

Sir, there’s one final matter I think Mr Blake would like to raise.

Sir Wyn Williams: Yes.

Mr Blake: Thank you, sir. I can assist a little further on the Bond Dickinson document. It exists on our systems with a different URN as well, that’s POL00193585 and it was a document, in fact, that I took Alwen Lyons to –

Sir Wyn Williams: Right.

Mr Blake: – and the question was whether she recalled the document and she didn’t recall that particular document.

Sir Wyn Williams: So it has surfaced but only to be the subject of non-evidence, if I can put it in that way?

Mr Blake: Exactly, 21 May 2024.

Sir Wyn Williams: Thank you very much, Mr Blake. Thank you.

Right. Well, Mr Day, thank you very much for making a witness statement and for appearing today. I’m grateful to you for your participation in the Inquiry.

So we will adjourn now and resume at 9.45 tomorrow when I believe Ms Perkins is due to give evidence.

Ms Hodge: Yes, sir. Thank you.

Sir Wyn Williams: Thank you very much, everybody.

(3.36 pm)

(The hearing adjourned until 9.45 am the following day)