FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
Re: Seema Misra
2™ Interim Technical expert’s report to the Court prepared by
Charles Alastair McLachlan, a Director of Amsphere Consulting
Ltd.
Staple Hall
87-90 Houndsditch
London EC3A 7AD
England
This report contains 33 pages
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
Contents
I=
INTRODUCTION.
2 PRELIMINARY REPORT OF FINDINGS DURING VISITS TO A SUB
POST OFFICE IN THE MIDLANDS AND WEST BYFLEET
11
3 WHAT HYPOTHESES COULD SUPPORT THE DEFENDANT’S CLAIM
THAT THE HORIZON SYSTEM WAS THE SOURCE OF THE
ACCOUNTING DISCREPANCIES ?.............06 sieseaeeesenteneseeeeeeeee DD
4 WHAT EVIDENCE NEEDS TO BE PROVIDED IN ORDER TO
DETERMINE THE MERITS OF THE DEFENDANT’S CLAIM?.........:000022
Charles McLachlan 1
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1 Introduction
1.1 Instructions
1.1.1. IT am Charles Alastair McLachlan, a Director of Amsphere Consulting
Limited, London, England specialising in information technology consulting.
J have been instructed in this matter by Coomber Rich Solicitors, on behalf of
their client, Seema Misra, (“the Defendant”) to assist the court in this matter
of alleged fraudulent accounting in providing expert evidence on the
questions posed at 1.1.3 hereunder.
1.1.2 The allegations arose from the discrepancy between the transactions as
recorded in the Horizon system provided by Post Office Counters Ltd through
a service agreement with Fujitsu and the cash on hand at the defendant’s Post
Office branch.
1.1.3 I was instructed to visit a sub post office in the Midlands and the sub post
office at West Byfleet to review the operational procedures and IT systems
implemented at the two sites in order to:
a. Understand the basis upon which standard operational procedures would
provide evidence to identify and resolve discrepancies arising from the use
of the Horizon system.
b. Understand the elements of the end-to-end IT architecture which could be
the source of discrepancies as a result of defects in the operation of the
software, hardware, network or integration with 3"¢ party components.
1.2 Qualifications
Charles McLachlan 1
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.1. [have been working in the software industry since my first job at the age of
17 writing software analysing the results from a particle accelerator for the
UK Atomic Energy Authority
1.2.2 I obtained an M.A in Computer Science from Cambridge University
matriculating in 1979
1.2.3. I developed software for environmental control systems for a company on the
Cambridge Science Park while at university.
1.2.4 I was retained by Cambridge University to do undergraduate teaching for
three years.
1.2.5 After University, I worked for the company of the Emeritus Professor of
Computer Science at Imperial College (and founder of IBM UK Hursley
Laboratories), developing PC multi-tasking office automation software. As
the company transitioned to IT consulting, I advised HP on their Unix
Strategy and looked at the potential for hosting Inmos parallel processors in
PC environments. I also built an extensive financial performance analysis
system for the Building Society industry.
1.2.6 In 1987, I became the founding partner of CMJP Associates which delivered
software development services to a wide range of clients using PC and
Client-Server technologies.
Charles McLachlan 2
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
A number of these projects included the development of accounting modules
and work for the Financial Services industry including SG Warburg, GNI (of
the London International Financial Futures Exchange LIFFE).
In 1991 I established a partnership for CMJP Associates to provide expert
advice to the Client Server Centre of Excellence.
In July 1993 I became the founding Technical Director of Infonet Stystems.
Infonet Systems focused on building leading edge object oriented Client-
Server solutions. Its first success was the delivery of a complete front office
trading platform of financial derivatives (repos and bonds) in four weeks.
This was the first NT based client server trading desk in the City of London.
While at Infonet, I developed the Object Oriented Just In Time software
development methodology.
In December 1996, I was recruited by the European headquarters of emerging
internet service provider UUNet (shortly to become part of MCI Worldcom),
to advise on IP billing and customer provisioning systems. A key element of
the assignment was to undertake a critical review of the implementation and
customisation of the GEAC Smartstream ERP solution by Arthur Andersen
Business Consulting.
In August 1997 I was recruited by Arthur Andersen Business Consulting to
provide technology leadership for the new Advanced Technology division.
Over the next five years, I became the international thought leader in the
building of software related services that underpinned the development of
Andersen’s New Media and eBusiness practice. This was recognised by
election to partnership in 2000.
Charles McLachlan 3
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.12 Early identification of the crucial role for Java technologies and ‘just in
time’ business and technology development methods, positioned the
emerging Business Consulting (BC) division for rapid growth on the Internet
wave to become 9th globally by Quarter 3 2001. Achievements during this
period cover:
1.2.13 Major systems delivery projects The software development related service
revenues were the fastest growing area of the fastest growing global
consulting organization between 1997 and 2002. My team delivered marquee
projects for key clients including: launch of Sky.com, TimeOut.com,
myTravel.com, Cendant’s Move.co.uk, pan-European systems for Budget-
Rent-a-Car. I was also engaged as a technical delivery expert for major new
systems types including on-line trading exchanges, high throughput customer
services systems, on-line transaction processing systems and content
management systems.
1.2.14 Solution Development: I provided technology leadership for the development
of key global solutions for BC including: eStrategy, eBusiness, Content
Management, Experience Design, Component Based Development, Business
Architecture, Enterprise Integration, I Datawarehouse, Technical
Architecture, Active Intelligence™, Anti-Money Laundering, Telco Fraud
Protection.
1.2.15 I was the recognized methodology and risk management expert for software
related technology solutions across Andersen.
Charles McLachlan 4
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
1.2.16
1.2.17
1.2.18
1.2.19
1.2.20
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
I worked closely with the Computer Risk Management practice in the
Andersen Audit practice to perform technical due diligence, project risk
reviews and advise on project recovery.
Capability Development One of my key strengths was the recruitment,
training, development and motivation of deeply technical teams to perform
successfully in a ‘Big 4’ consulting environment.
Operating first as the founding director of Andersen’s Global Software
Engineering Centre of Excellence and then as a member of the Global
Advanced Technology Advisory Team, I became one of a small number of
newly appointed partners building the technology integration skills at the
heart of BC’s growth strategy.
I provided technical leadership for the development of the core component
based rapid implementation methodology and acted as the expert for
methodologies built on this foundation including eBusiness, eMarketplace,
Content Management, Datawarehouse, Business Architecture, Enterprise
Integration and Customer Management.
Other achievements include implementation of the first successful
Knowledge Management Capability Maturity Model for the UK practice;
establishing a global virtual community of 2,000 software developers;
developing alliance relationships with BEA, Microsoft, Sun and a variety of
specialist technology providers; sponsorship of Computing for Business MSc
at Imperial College, development of four technology training courses for
global roll-out; delivery of a technology competency model for all
practitioners globally.
Charles McLachlan 5
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.21 Lam currently working as an IT and Technology Risk consultant as a Director
of Amsphere Consulting Limited.
1.2.22 Recent assignments include:
e Advisor to board of advisor to board of interactive satellite broadband
start-up
e Recovery of failing project at Big ‘4’ consulting firm
e Associate editor Butler Group, the IT strategy consulting information
service company.
¢ Design and implementation of delivery risk management system for an
off-shore software development company
e Project delivery for an applications management business
e Report on XML related integration and data quality risk for JP Morgan-
Chase
e Expert witness including cross examination in an ICC Arbitration between
3 national banks and an international provider of banking accounting
software
e Expert witness in a High Court action relating to the quality of software
testing between an international mobile telephone operator and an
established mobile telephony systems integrator.
e Expert advisor in action between Geographical Information Systems
provider and off-shore software development services provider.
Charles McLachlan 6
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.23 Iam a former Director of UCL Consultants (founded by University College
London) which is responsible for providing professional consulting services
from members of UCL.
1.2.24 I ama Partner of the Transformation Development Partnership LLP.
1.2.25 I was appointed Visiting Professor of Software Enterprise at University
College London in 2005.
1.2.26 I have worked with IT organisations of all scales from small businesses to
international global organisations.
1.2.27 I mentor small businesses owners through the Academy for Chief Executives.
1.3. Confidentiality
1.3.1 This report is strictly private and confidential and has been prepared at the
request of Coomber Rich Solicitors on behalf of their client, for the Court.
1.4 Legal and factual issues
1.4.1 This report should not be read as expressing any opinion on factual matters
which depend on disputed testimony of the witnesses of fact, or legal issues.
It, however, inevitably reflects my understanding of the position.
Charles McLachlan 7
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.5 Sources of information
1.5.1 In preparing my report, I have read and considered the following documents:
a. Summary of facts prepared in accordance with Rule 21.3(1)(b) of the
Criminal Procedure Rules 2005;
b. The Indictment — The Queen v Seema Misra;
c. Witness statement of Keith Noverre 8" January 2009;
d. Witness statement of Elaine Ridge 9" January 2009;
e. Witness statement of Lisa Jane Allen 12" J; anuary 2009;
f. Witness statement of Adrian Morris 6" January 2009;
g Witness statement of Jon Longman 29" May 2009;
h. Witness statement of Javed Salim Bidiwala 13" April 2006
i. The statement under Section 9 of the Criminal Justice Act 1967 of John
Kidd
j. The Audit of Post Office ® West Byfleet branch, FAD 126023 — Action
Plan Appendix A
k. The Witness statement of Andrew Paul Dunks 24 June 2009
1. The exhibits provided running from pages 1-35 insofar as the copies
provided are legible.
m. The systems architecture for the end to end process from Point of Sale
terminal to Electronic Funds Transfer for a leading UK retailer
Charles McLachlan 8
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.6 The scope of my work
1.6.1 report as an expert witness, not as a witness of fact.
1.6.1.1 Ihave reviewed the documentation provided to me.
1.6.1.2 I have not undertaken an operational review of the software solution
Horizon system.
1.6.1.3. I have not had access to any documentation or test data relating to the
Horizon system
1.6.1.4 I have attended a sub post office in the Midlands reporting regular cash
discrepancies, interviewed the sub postmistress, reviewed the operating
procedures in the sub post office and reviewed the capabilities of the
Horizon system.
1.6.1.5 I have attended the sub post office at West Byfleet named in these
proceedings, interviewed one of the attending investigating officers,
reviewed the operating procedures in the sub post office and reviewed the
capabilities of the Horizon system.
Charles McLachlan 9
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.7 Independence
1.7.1 Lhave prepared an independent and objective report addressed to the Court. I
have had no previous involvement with the Defendant. I have no previous
involvement with Coomber Rich Solicitors.
1.7.2. Amsphere’s fees in this case are not dependent on the result of the
proceedings in this matter.
1.8 The structure of my report is as follows:
1.8.1 At Section 2, I report my preliminary findings following the visits to the two
sub post offices.
1.8.2 At Section 3, I reconsider “What hypotheses could support the Defendant’s
claim that the Horizon system was the source of the accounting
discrepancies?”
1.8.3. At Section 4 I reconsider “What evidence needs to be provided in order to
determine the merits of the Defendant’s claim?”
1.8.4 At section 5 my expert’s declaration is recorded.
Charles McLachlan 10
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
2 Preliminary report of findings during visits to a sub post
office in the Midlands and West Byfleet
2.1 Findings during visit to sub post office in the Midlands
2.1.1 Background of sub postmistress
2.1.1.1 The sub postmistress responsible for the sub post office we visited in the
Midlands asked that she retain her anonymity at this stage in the process
because she is very fearful of being suspended. However there are some
relevant details that she was ready to have appear in the report:
2.1.1.2 She has a previous career in banking with a major retail bank and had
previous bank teller experience before moving to export/import credit
products.
2.1.1.3. She is familiar with handling detailed and complex documentation from her
experience at the bank.
2.1.1.4 She has been a sub post mistress for more than 10 years and only took on
the sub post office in order to be able to have her elderly disabled mother
live where she worked and in order to be close to her children as they grew
up.
2.1.1.5 She has been recognised by the Post Office for her bravery in her response
to being shot at by armed robbers on more than one occasion and she
Charles McLachlan i
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
commented to us “why would I steal money from my own business when I
have already demonstrated that I will put my life at risk to protect it?”
2.1.1.6 Her husband and her children are all qualified graduates.
2.1.2 Background to issues at the sub post office
2.1.2.1 The sub post office is operated by a husband and wife team together with
their son.
2.1.2.2. The sub post office has 3 counter terminals which are operated on a shared
stock basis
2.1.2.3. The premises housing the sub post office include a small shop selling a
limited range of envelopes, gift card and other post related accessories. The
lottery terminal is on the shop counter. We were advised that sales in the
shop are between £200-£300 per week compared to a monthly transaction
volume at the post office counter of between £200,000 and £300,000 per
month.
2.1.3 Pattern of discrepancies
2.1.3.1 The sub post mistress explained that her experience is that there are almost
no discrepancies that she has to record against the stock.
Charles McLachlan 12
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
2.1.3.2
2.1.3.3
2.1.3.5
2.1.3.6
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
There are also almost no discrepancies that she has to record against the
physical cash held in the shop.
There are consistently discrepancies arising from the use of debit cards or
post office cash account cards. Not sure I understand what is meant by a
“discrepancy” in this context. My understanding is a discrepancy is where
the system derived value for an item differs from that physically in the
Stock unit and so this only applies to Cash or Stock. The Value of Debit
(and Credit) Cards and POCA Cards is handled as a “Payment” and should
balance with the corresponding “Receipt” recorded for the goods or Service
that they are used for.
The value of discrepancies has increased as the proportionate value of card
use has increased.
If an “Account Payable” or counter credit is entered the Horizon system
assumes that there is a corresponding receipt (either physical cash, debit
card transaction, Post Office Cash Account card transaction or cleared
cheque). True, and this is ascertained during the Settlement process.
The post mistress used to receive discrepancy reports generated by the Post
Office identifying when there was a mismatch between the counter credit
recorded at the counter and the cleared cheque or debit card amounts
reported to them by their correspondent banks or card merchant provider.
She no longer receives these and concludes that the Post Office function
that provided this service is non-operational or insufficiently staffed to
properly reconcile all of the discrepancies. These discrepancies, if left
Charles McLachlan B
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
2.1.3.7
2.1.3.8
2.1.3.9
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
unresolved, could create a liability for the sub postmistress. POL to answer.
(Wouldn’t there be Transaction Corrections now for any such discreancies?)
Tf stock is sold, the Horizon system assumes that there is a corresponding
receipt (either physical cash, debit card transaction, Post Office Cash
Account card transaction). And it requests the User to specify how it is
settled for and accounts for it accordingly.
If at the end of the monthly period there is a discrepancy between the cash
on hand and the credit balance expected by the Horizon system then the
only way to close the period and start a new period is to “make good” the
cash discrepancy and declare that the cash on hand has been brought up to
the expected credit balance. There is no mechanism to record the
discrepancy in a suspense account for subsequent investigation and
resolution. The system imposes a declaration as part of the operating
procedure that the cash is on hand. If the actual reason for the discrepancy
is due to a problem with a non-cash credit (e.g. incorrectly processed card
payment, incorrectly recorded cheque payment) then there is no opportunity
for the sub post mistress to note her concerns on the system. This was the
requirement made by POL of the system.
The sub post mistress demonstrated the following transactions in which the
use of a debit card could result in a discrepancy in the cash account
(physical + debit card/POCA amounts) at the sub post office: Cash and
Plastic are handled separately in the accounts.
2.1.3.10 Account Payable using a Debit Card / POCA card: the customer is seeking
to make a bill payment of council tax using a debit card. The card is
Charles McLachlan 14
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
apparently authorised at the PIN terminal for the required amount. The card
receipt is apparently credited to the sub post office account. The council tax
payment is debited from the sub post office account. However, during the
end to end electronic fund transfer process the fund transfer fails. The
central Post Office account never receives the expected electronic funds. It
is supposed that the end of day process identifies that there is no credit
corresponding to the bill payment and therefore there must be a cash
discrepancy. This needs to be explained more carefully. What exactly was
observed to happen here? The back end settlement between the Merchant
Acquirer and Post Office Ltd is totally separate from the accounting done in
the Local Branch. Provided the Debit Card transaction is Authorised by the
MA, then the Branch Accounts will record the Debit Card payment as the
MoP. However if the MA doesn’t authorise the transaction then an
alternative MoP is required. What action is taken should the MA fail to
honour the authorised payment and whether that results in a TC being sent
to the branch to reclaim the funds is a separate issue outside my knowledge,
but POL should be able to clarify that. Note that such rejections are rare. It
is the responsibility of the clerk to ensure that the Debit Card payment was
successfully authorised by the MA and to check the response received.
Should they not do so and assume it was processed and touch “Fast Cash”
to clear the basket without looking at the screen, then indeed the system
might record a Cash transaction.
In summary, if the Debit Card payment says that it works at the time, then it
is recorded as such in the branch accounts. There is no automatic feedback
into the branch accounts from any subsequent MA rejections.
Charles McLachlan 15
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
2.1.3.11 Debit Card/POCA withdrawal: the customer is seeking to receive an over
the counter payment of cash from their debit card or POCA facility. As
above [2.1.3.10] the card is apparently authorised but in fact the fund
transfer fails at some point and the sub post office account is debited with
the cash at the counter terminal but this is not recorded centrally against a
debit card fund transfer. There is therefore an apparent cash shortfall in the
till. The Horizon system only prints a receipt for the customer; there is no
debit voucher for the counter staff to place in their till. At the end of the
day or the end of the week it is not possible to physically reconcile the cash
payments with debit vouchers. There are clear messages to the clerk
indicating whether or not any Banking or Debit Card transactions was
authorised. As above there is no subsequent automatic correction due to
any subsequent failures. I accept that there is no Branch Receipt produced
for paper reconciliation purposes. We were specifically requested not to
produce one by POL.
2.1.3.12 In either of the two cases above [2.1.3.10], [2.1.3.11] the electronic funds
transfer mechanism duplicates the fund transfer. This could result in the
expected credit balance at the sub post office being higher than it actually is.
The sub post mistress will be expected to make good this discrepancy with
cash. Sorry, but I don’t understand the point being made.
2.1.4 Operating procedures
2.1.41
We discussed the operating procedures implemented at the sub post office
in the Midlands in great detail with the sub postmistress. In my opinion, she
demonstrated the trained eye for detail and procedure that I would expect
from somebody with her professional experience.
Charles McLachlan 16
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
2.1.4.2 She demonstrated a range of features of the Horizon system that showed
how stock and cash were tightly connected across the system and how the
system had built-in mechanisms to link stock sales with cash receipt.
2.1.4.3 She also demonstrated the weaknesses of the system in relation to the use of
the debit card/POCA terminal:
e the lack of counter vouchers, This was a specific POL request
¢ the requirement to record some debit terminal transactions as cash
receipts, This may need to be explored further. I’m not aware of
any such requirement other that in the area of Refunds.
e the delays in the system at busy periods, Again I’m not sure what
the relevance of this is. My understanding is that the response
time for online trasanctions is very good
e the lack of certainty as to whether a transaction completes when
there is a break in network connectivity There should be clear
messages in all cases as to whether the clerk should assume the
transaction was succeful or not. In the case of a comms failure the
assumptions should always be that the transaction has failed.
Recovery processes will allow this to be confirmed afterwards.
2.1.5 Capabilities of Horizon
2.1.5.1 Horizon terminals are capable of working in on-line and off-line mode.
Charles McLachlan 17
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
2.1.5.2
2.1.5.3
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
The terminals are required to be left on overnight in order to permit two
way data transmission and software updates.
All of the facilities of Horizon are available in off-line mode except
debit/POCA transactions and access to information from the DVLC
required to issue vehicle licences. There are other exceptions now.
The Horizon system sells postal services, provides foreign exchange,
supports receipts of cash, cheque and debit card/POCA for Accounts
Payable services and supports payment of cash from debit card/POCA
accounts. Also other banking online services for A&L and via Link
2.2 Findings during visit to sub post office at West Byfleet
2.2.1
2.21.1
2.2.1.2
Operating procedures
I was able to confirm my understanding of the operating procedures from
my visit to the sub post office in the Midlands.
It was clear that there is no standard operating procedure to reconcile
counter credits with the actual amounts recorded. This could give rise to a
range of discrepancies which the sub post mistress would rely on the Post
Office to identify and reconcile. If the Post Office failed to do so then
overstated amounts could give rise to a deficit at the sub post office which
the sub post mistress would be required to make good with cash. Again I’m
not sure what is meant here. POL should comment on their processes.
Charles McLachlan 18
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
2.2.2 Capabilities of Horizon
2.2.2.1
The West Byfleet sub post office is set up to operate with each counter
having a separate stock. Although this assists with stock control and
ensures that stock discrepancies can be localised, it does not provide any
assistance in management of discrepancies in debit/POCA receipts (no
vouchers are automatically printed) or Accounts Payable and counter credit
discrepancies (standard operating procedures do not reconcile these on a
daily basis). Again for POL to respond.
2.2.3. Approach of investigating officers to system issues
2.2.3.1
2.2.3.2
2.2.3.3
2.2.3.4
On our visit to West Byfleet, we had an opportunity to raise some questions
with one of the investigating officers that attended on the day of the audit
that gave rise to these proceedings.
He made it clear that it was Post Office policy that investigating officers
should never consider systems problems as relevant to their enquiries.
He agreed that the Horizon system provided no paper record of debit/POCA
vouchers and therefore that a sub postmaster/mistress would not be able to
produce any evidence that a customer had received a receipt for a
debit/POCA transaction. This info is available in the Audit data which can
be supplied as evidence
He accepted that the Horizon system, as supplied, which the sub post
master/mistress was required to use under contract, did not provide the
Charles McLachlan 19
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
facility for the sub post master/mistress to reconcile discrepancies that
might arise in the operation of the system. This is down to POI
requirements.
2.2.3.5 He accepted that there was no Post Office requirement that he should
understand the operation of the Horizon system in order to properly conduct
his investigations.
Charles McLachlan 20
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
3 What hypotheses could support the Defendant’s claim
that the Horizon system was the source of the accounting
discrepancies?
3.1
3.1.1
3.2
3.2.1
Background
Accounting systems are usually designed around a ‘double entry’ booking
keeping principle. The double entry book keeping principle means that for
every entry into the system there is an equal and opposite entry that should
maintain the ‘balance’ between the accounts. Horizon follows this principle.
So, for example, if somebody at the till sells a stamp for £1 paid in cash then
the stock account would be reduced by £1 value of stock and the cash on
hand account would be increased by £1 — overall the balance between the
accounts would be unchanged. Horizon does this.
As part of the process of financial control, it would be normal for the value of
stamps to be physically counted and recorded (stock value) and the value of
cash on hand physically counted and recorded (cash value) and these two
values compared (‘reconciled’) to what is recorded in the accounting system.
This is required as part of the Stock Unit Balancing process which should
happen at least once per month and can be done as often as required. In
particular Cash should be Declared (and variances checked) daily.
Hypothetical issues with the Horizon system
The User Interface gives rise to incorrect data entry: poor user experience
design and inadequately user experience testing can give rise to poor data
Charles McLachlan 21
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
3.2.2
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
entry quality. In cases that users are working under pressure, insufficiently
trained or are using a system presented in a language different from their first
language the problems of data entry can be exacerbated. I’m not sure what is
meant by UI gives rise to oor data entry. Training matters are down to POL.
The Horizon system fails to properly process transactions: accounting
systems are usually carefully designed to ensure that accounts balance after
each “double entry” transaction. In particular, a database technology referred
to as ‘two-phase’ commit is used to ensure that either both entries or neither
entry is recorded on the system. Horizon does properly process transactions
and does ensure that double entries are always both committed atomically.
There is no need for a 2 phase commit as such in the branch accounts, but the
design of the interfaces to both the MA and POCA ensure that the view of the
transaction as recorded in the Branch is the “correct” view and other systems
are adjusted (if necessary) to match this view through various reconciliation
processes.
3.3. Comments on Hypothetical issues following site visits
3.3.1
There are opportunities for incorrect data entry (e.g. entry of £2,000 for a
cash credit rather than £200) to give rise to discrepancies in cash recorded on
Horizon versus cash held at the till. The sub post office relies on the
consistent, accurate and timely resolution of these discrepancies by the Post
Office and the operators of the Horizon system. The sub post master/mistress
has no standard operating procedure or local record that protects them from
the failure of the Post Office or the operators of the Horizon system to deal
with the discrepancies. Perversely, the Post Office and the operators of the
Horizon system have no incentive to resolve discrepancies that appear as cash
Charles McLachlan 2
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
3.3.2
3.3.3
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
losses at the post office counter because the sub post office contract makes
the sub post master/mistress personally liable. I agree that the system just
records what the user enters, but there is little that can be done to resolve that.
However when cash is deposited messages are displayed requiring the Clerk
to check the amount deposited which should minimise such errors.
The Horizon system does not appear to be a single monolithic mainframe
based system with computer terminals with no independent processing
capability. Rather the architecture relies on a number of inter dependent
units: the individuals nodes (counter terminals) at the sub post office each
with its own processing unit with an attached keyboard, touch screen, barcode
scanner, debit card authorisation PIN terminal and printer and a network
router to the wider Horizon system. Each of these components could give
rise to faults that result in discrepancies: either due to problems within the
components or due to problems from interaction between the components. I
accept that currently Horizon does depend on data recorded and held on the
local system which is then replicated to other cunters and the central system.
However I am unclear why this is considered to be a fault.
Within the central Horizon system that is not directly visible to the counter
operators I would expect there to be a set of inter-operating components that
could give rise to malfunctions and discrepancies. In particular, the end to
end dialogue between the counter terminal, the card authorisation terminal,
the network, the core Horizon system, the electronic funds transfer
component, the authorising merchant service and the central post office
branch accounting system is a long running transaction with multiple points
of possible failure. Agreed that this is complex. However the key point is
that the end result as seen at the counter is what is displayed to the clerk and
Charles McLachlan 2B
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
3.3.4
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
what goes into the accounts. Any hypothetical corruption (and I’m not aware
of any issues in that way) in other systems should not result in any
discrepancies at the Branch. In particular should no response be received,
then the clerk will be advised of this and it must be assumed that the
transaction failed.
Complex systems of this nature rarely have sufficient capability built in to
deal with all possible failure points and discrepancies are very likely to arise
which require manual intervention based on the reconciliation of paper and
electronic logs at different points in the system. When the end to end system
does not provide the counter staff with access to paper or electronic logs at
the point of use then it is impossible for them to identify whether there is a
system fault or operator problem. There are full logs, but I agree that they are
not all made directly available to the end user. I suspect that this is trune in
any complex system. There are mechanism by which details of individual
transactions can be printed off from the system if there is some uncertainty
via the “Transaction Log” Reports.
Charles McLachlan 24
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
4 What evidence needs to be provided in order to
determine the merits of the Defendant’s claim?
4.1 Errors in operator data entry are not properly reconciled by the Post Office
finance function or by the Horizon system.
4.1.1 The first problem with the provision of evidence is that the Horizon system
does not automatically provide a paper voucher for retention at the post office
counter when funds are withdrawn using a debit card or Post Office Cash
Account card. Therefore the sub post office has no mechanism for
reconciling the result of downstream processing by the Horizon system and
the Post Office with what occurred at the sub post office counter either at the
time or when discrepancies are identified at the end of the weekly trading
period. In effect, the Horizon system makes it impossible for the sub post
office to demonstrate an error occurred in the downstream processing. This is
down to Post Office Ltd.
4.1.2 The second problem with the provision of evidence is that the Horizon
system does not automatically provide a paper voucher for retention at the
post office counter when funds are credited to the sub post office account as
part of a bill payment (Accounts Payable) as a result of a withdrawal using a
debit card or Post Office Cash Account card. Therefore the sub post office
has no mechanism for reconciling the result of downstream processing by the
Horizon system and the Post Office with what occurred at the sub post office
counter either at the time or when discrepancies are identified at the end of
the weekly trading period. In effect, the Horizon system makes it impossible
for the sub post office to demonstrate an error occurred in the downstream
processing. Again this is down to POL.
Charles McLachlan 25
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
4.1.3 The third problem with the provision of evidence is that the standard
operating procedure for post office counter clerks does not include the
reconciliation of bill payment or counter credit slips with the individual
amounts recorded by the counter clerk onto Horizon. In effect, this standard
operation procedure makes it impossible for the sub post office to identify
any failures by the Post Office or the Horizon system in identifying or dealing
with discrepancies arising from incorrect data entry. Again down to POL
Processes.
4.1.4 The investigations identified below will assist in determining whether such
evidence is available.
4.2 The Operation of the System gives rise to incorrect data entry
4.2.1 There are two elements to this possible cause
e The sub post office staff and, in particular, the sub post master/mistress is not
trained in the proper operating procedures to deal with maintaining an
auditable contemporaneous record that would protect their reputations in the
event that faults in the Horizon system or operator error resulted in
discrepancies between the actual cash position and the centrally recorded
cash position. Horizon does maintain a full audit of what is recorded which
can be made available to POL. I am also aware of at least one case where
this information has been made available directly to a Defence Accountant.
e The sub post office staff are not properly trained in the use of the Horizon
system. This is down to POL.
Charles McLachlan 26
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
4.2.2
4.2.3
424
4.2.5
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
In order to understand to what extent sub post office staff are trained in the
necessary operating procedures, it would be necessary to review the course
material provided for counter staff and sub post masters/mistresses and to
review the training and assessment processes implemented by the Post Office.
Finally, it would be necessary to review to what extent the necessary
operating procedures could feasibly be adopted and were in fact adopted in
general operating practice and in the case of Seema Misra in particular. For
POL to respond.
In order to identify whether Horizon system training is a possible cause, it
would be necessary in the first instance to sit alongside a user operating in
normal Post Office conditions that had only recently completed the standard
systems training and who represented the kind of user engaged by the
Defendant. For POL to respond.
If there is a pattern of incorrect data entry then it would be necessary to
conduct a detailed examination of the kinds of incorrect data entry that occur
and the implications for failure of accounting. Not sure exactly what is meant
here. I’m aware of work within POL to explore errors in data entry and to
come up with ways to reduce them.
There are two available technologies that could assist in examining cases of
incorrect data entry:
e Screen capture technology installed on the user terminal that keeps a
record of every key press/screen press and the associated screen shot. This
is not practical. However the Audit trail that Horizon maintains does
provide a fairly comprehensive record of what has happened.
Charles McLachlan 27
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
¢ Digital camera recording equipment positioned to have a clear view of the
screen continuously recording the screen as it responds to operator entry
This is clearly possible. A similar technique has also been used to
benchmark system response times.
4.3. The Horizon system fails to properly process transactions
43.2
In order to identify whether this is a possible cause, it would be necessary in
the first instance to examine the operations in normal Post Office conditions
where there is an experience by the branch manager of what they believe to
be incorrect transaction processing.
Further, if there is prima facie evidence of incorrect transaction processing, it
would be necessary to review the technical documentation of the Horizon
system and interview key individuals responsible for the system within the
Fujitsu team in order to understand the potential source of the incorrect
transaction processing. From my understanding of comparable retail systems
architectures there are a large number of potential points of failure which
could give rise to the kind of discrepancies reported by Seema Misra and the
sub post mistress in the Midlands. In particular, I have reviewed the
architecture for a national retailer and identified a series of possible failure
points which are currently addressed by testing, review of error logs and
reconciliation of discrepancy reports. See Exhibit “Point of Sale — Electronic
Funds Transfer architecture”. I don’t see the relevance of this diagram. It is
nothing like what Horizon does. We could if necessary provide some
documentation and information on Horizon. However I am confident that
Charles McLachlan 28
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
4.3.3
43.4
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
there is not a system problem and the issues are due to incorrect actions
(whether deliberately or accidentally) by the user.
Based on the review of the technical documentation, it should be possible to
identify and examine the various electronic log files maintained by different
components of the systems architecture that are required by the Electronic
Mastercard Visa (EMV) standard or for Payment Card Industry (PCI)
compliance. These are probably available. (I’m not sure how long they are
held and they will probably have had details of Cards Obfuscated for Security
reasons as required by PCI.)
If the potential source of the incorrect transaction processing can be identified
then it would be helpful to be able to reproduce the problems under controlled
test conditions in a consistent and reproducible manner. This would require
the assistance of Fujitsu in providing access to the test environments
maintained in support of the Horizon system. Again this is possible.
Charles McLachlan 29
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
5 My duties to the Court
5.1L understand that my overriding duty is to the Court, both in preparing reports
and in giving oral evidence. I have complied and will continue to comply with
that duty.
5.2 I have set out in my report what I understand from those instructing me to be
the questions in respect of which my opinions as an expert are required.
5.3 I have done my best, in preparing this report, to be accurate and complete. I
have mentioned all matters that I regard as relevant to the opinions I have
expressed. All of the matters on which I have expressed an opinion lie within
my field of expertise.
5.4 I have drawn to the attention of the Court to all matters, of which I am aware,
which might adversely affect my opinion.
5.5 Wherever I have no personal knowledge, I have indicated the source of factual
information.
5.6 I have not included anything in this report that has been suggested to me by
anyone, including the lawyers instructing me, without forming my own
independent view of the matter.
5.7 Where in my view, there is a range of reasonable opinion, I have indicated the
extent of that range in the report.
Charles McLachlan 30
FUJ00122678
FUJ00122678
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
5.8 At the time of signing the report I consider it to be complete and accurate. I
will notify those instructing me if, for any reason, I subsequently consider that
the report requires any correction or qualification.
5.9 I understand that this report will be the evidence that I will give under oath,
subject to any correction or qualification I may make before swearing to its
veracity.
5.10 I have included in this report a statement setting out the substance of all facts
and instructions given to me, which are material to the opinions expressed in
this report or upon which those opinions are based.
5.11 I confirm that insofar as the facts stated in my report are within my own
knowledge I have made clear which they are, and I believe them to be true, and
the opinions that I have expressed represent my true and complete professional
opinion.
Charles McLachlan
Amsphere Consulting Ltd
Staple Hall
87-90 Houndsditch
London, EC3A 3AD
England
Thursday, 19 November 2009
Charles McLachlan 31