FUJ00172048
FUJ00172048
From: Deaton Mike[/O=-EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=DEATONM]
Sent: Fri 02/12/2011 10:22:08 AM (UTC)
To: Godeseth TorsteinI
} Jenkins Gareth
Ce: 4 ; Long Stephenf"
Subject: CONFIDENTIAL: Horizon OnLine Integrity Testing: Proposal
Attachment: KPMG Proposal_HNG-x Data Integrity Assessment vD0034(011211).pdf
Gents,
Please find attached the KPMG response and proposal to our integrity assessment request.
Could I please ask you to review the document in detail with a view to:
1. Ensuring that the desired objectives will be achieved
2. To highlight any areas where that you think may have been overcooked and can be managed
without
I will organise a session for us next week to capture your findings. Please make every effort to attend.
Please do not share this document with anyone else.
Gavin & Stephen —I will aim to consolidate this assessment before the end of next week to provide you with the
team’s recommendation.
FYI, I have also approached our new CPO, Andrew Croston, to provide any guidance as to how we should approach
this.
Regards,
Mike Deaton
Change & Operations Director
Business Operations
Fujitsu
Email mike.deatont co)
Web: http://uk. fujitsu.
A Please consider the environment - do you really need to print this email?
From: Jocson, Erviny.
Sent: 01 December
To: Deaton Mike
Cc: Starnes, Chris
Subject: RE: Horizon OnLine Integrity Testing: Proposal
Hi Mike,
As committed please find attached our draft proposal for your comment/approval, which is in response to your revised
FUJ00172048
FUJ00172048
ToR scope document issued to us on the 25" Nov 2011.
Our approach factors in your feedback below.
Please contact me should you have any questions.
My best,
Ervin
Ervin Jocson
Director
KPMG IT Advisory
Forensics & Risk Consulting
15 Canada Square
London
E14 5GL
Please consider the environment before printing this e-mail
Latest KPMG insights and research
Fraud Barometer January 2011: Click here to read KPMG's latest Fraud Barometer results.
Consumers and Convergence IV: Read KPMG's latest research into internet and mobile trends. Visit
www.KPMG.co.uk/convergence
From: Deaton Mike!____
Sent: 01 December 2011 14:57
To: Jocson, Ervin
Cc: Rahman, Mohammed R (UK); Starnes, Chris; Edge, Lee; Morjaria, Nishad; Howard Ian; Jenkins Gareth GI
Subject: RE: Horizon OnLine Integrity Testing
Ervin,
Apologies for the delay in getting back to you.
We need KPMG to define a set of scenarios taking enough to demonstrate robustness of the overall process.
This may be more than the scenarios that we have defined, but need KPMG to make this recommendation
The objective is to audit the integrity of the overall basket process. Transaction audits should not be
necessary to achieve this.
Regards,
Mike
FUJ00172048
FUJ00172048
Mike Deaton
Change & Operations Director
Business Operations
Fujitsu
Fujitsu, 22 Baker Street, London, W1U 3BW__
Mobile: £7 Internally” j
Email mike.deator, GRO. j
Web: http://uk.fujitsu.com
= Please consider the environment - do you really need to print this email?
From: Jocson, Ervi
Sent: 28 November 2011 10:14
To: Deaton Mike
Cc: Rahman, Mohammed R (UK); Starnes, Chris; Edge, Lee; Morjaria, Nishad
Subject: RE: Horizon OnLine Integrity Testing
HI Mike,
I hope you had a nice weekend. Just as an update - We're aiming to get the proposal back to you by this
Thursday for your review.
We have a few questions in relation to your updated scoping document:
e Section 1.2 — Scope. In shaping our approach, we will define an agreed-upon proceedure for
the audit. To help guide and size the audit, will Fujitsu have a mimimun or maximum number
of prescirbed transaction types to be tested?
¢ — Section 1.3 - Deliverables: For clarity, Fujitsu have specified the delivery of an ‘ audit report’ that
may be submitted in court to demonstrate adequacy of the controls in place. As discussed at our
scoping meeting, we can provide litigation support, particularly of the nature in the scope of your
requirements. However as external auditors we are restricted from providing expert witness servi
particularly where there is a quantum aspect that results in us actually self auditing such material
values through the external audit.
ices,
e Section 3.0 —for clarity, we interpret these scenarios as the ‘test scenarios’ that may occur
stand-alone or in combinations, in which transaction audits need to be validated against.
this correct?
Is
In our proposal response we will outline an approach in terms of two iterations of deliverables. This will enable
us to expedite the initial findings audit report for Fujitsu ‘ONLY’ review and action. With the second iteration
reflecting your comments/feedback that will be subject to final risk review by KPMG such that the final rel
can be relied-upon.
Many thanks,
Ervin
Ervin Jocson
Director
KPMG IT Advisory
Forensics & Risk Consulting
15 Canada Square
London
E145GL
lease
FUJ00172048
FUJ00172048
Please consider the environment before printing this e-mail
Latest KPMG insights and research
Fraud Barometer January 2011: Click here to read KPMG's latest Fraud Barometer results.
Consumers and Convergence IV: Read KPMG’s latest research into internet and mobile trends.
Visit www.KPMG.co.uk/convergence
From: Deaton Mike:
Sent: 25 November 2011 09:51
To: Jocson, Ervin
Subject: Horizon OnLine Integrity Testing
Ervin,
Please find attached our revised scoping document for your review. I trust this covers
everything you need, but please call out if you believe there is anything missing.
I have asked Tim Healy to organise countersignature to the NDA and will have this across to
you early next week.
Do you have any view of timescales as to when you think you might provide your proposal,
Regards,
Mike Deaton
Change & Operations Director
Business Operations
Fujitsu
Fujitsu, 22 Baker Street, London, W1U 3BW
Mobile:
Email
Web: http://uk. fujitst
wv Please consider the environment - do you really need to print this email?
This email has been sent from KPMG LLP, a UK limited liability
partnership (which is a subsidiary of KPMG Europe LLP),
from KPMG Europe LLP, from one of the companies within KPMG LLPs
control (which include KPMG Audit Plc,
KPMG United Kingdom Plc and KPMG UK Limited) or from KPMG Resource
Centre Private Limited, together "KPMG".
FUJ00172048
FUJ00172048
KPMG Europe LLP does not provide services to clients. None of KPMG
Europe LLPs subsidiaries have any authority to obligate
or bind KPMG Europe LLP. This email is confidential and may be
legally privileged. It is intended solely for the addressee.
Access to this email by anyone else is unauthorised. If you are not
the addressee or an intended recipient or have not
agreed with us the terms on which you are receiving this email any
disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on the contents of this
email or its attachments, is at your own risk,prohibited
and may be unlawful, and to the fullest extent permitted by law KPMG
accepts no responsibility or liability to you.
When addressed to our clients any opinions or advice contained in
this email or its attachments are subject to the terms and
conditions expressed in the governing KPMG client engagement letter.
Anything in this email or its attachments which
does not relate to KPMG's official business is neither given nor
endorsed by KPMG.
KPMG Europe LLP, registered in England No 0C324045
Registered office: 15 Canada Square, London, E14 5GL
KPMG United Kingdom PLC, registered in England No 03513178
Registered office: 15 Canada Square, London, E14 5GL
KPMG UK Limited, registered in England No 3580549
Registered office: 15 Canada Square, London, E14 5GL
KPMG LLP, registered in England No 0C301540
Registered office: 15 Canada Square, London, E14 5GL
KPMG Audit Plc, registered in England No 3110745
Registered office: 15 Canada Square, London, E14 5GL
Unless otherwise stated, this email has been sent from Fujitsu Services Limited, from Fujitsu (FTS)
Limited, or from Fujitsu Telecommunications Europe Limited, together "Fujitsu".
This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence
and may be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended
or that it is virus-free.
Fujitsu Services Limited, registered in England No 96056, registered office 22 Baker Street, London
WI1U 3BW.
Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22 Baker Street, London
WI1U 3BW.
Fujitsu Telecommunications Europe Limited, registered in England No 2548187, registered office
Solihull Parkway, Birmingham Business Park, Birmingham, B37 7YU.