POL00105629
POL00105629
Message
From: Paula Vennells:
on behalf of — Paula Vennells
Sent: 02/03/2013 08:
To:
ce:
Subject:
Goodness - "you may remember..." Is a little mild?!
lam scarred! I remember very vividly the discussions at the RMHB trying to convince Donald and Paul Murray that we
would resolve this with Fujitsu. At least 10% of my grey hairs are down to this one!
So, Iam delighted! Thank you Lesley very much indeed. Please also pass on my appreciation to whoever led in your
team with Fujitsu.
As I was in fairly frequent contact with Duncan at the time, if you don't mind I would like to drop Him a note. Could you
draft me something?
Thank you again - really well done.
Paula
Sent from my iPad
On 1 Mar 2013, at 20:54, "Chris M Day" i
Thanks Lesley - good result. I spoke to Angus Grant today who confirmed that this and IT controls
generally are looking in much better shape than a year ago, and that he's not currently anticipating any
MLPs or further cost overruns - which makes me doubly happy!
Thanks also to Sarah & team for their work in this area.
Chris
Sent from my iPhone
On 1 Mar 2013, at 17:06, "Lesley J Sewell
Paula, Chris, Susan
You may remember some of the challenges we had with the last Management Control
Audit which E&Y completed for Fujitsu and our drive towards a SAS70 (now
International Standard on Assurance Engagements (ISAE 3402)) control framework —
this was a particular challenge and we were committed to get to this outcome as part of
this year’s audit approach.
We agreed, and at Fujitsu’s cost, that they would separately engage Ernst & Young to
endorse their IT controls and to produce an ISAE 3402 report. This provides a
description of their total IT support processes and controls operated in managing the
Post Office Account for Horizon on-line and POLSAP. The good news is that Ernst &
Young have undertaken this review and have endorsed these controls.
POL-0104594
POL00105629
POL00105629
This is very exciting and positive news for the Post Office. In all of the control objectives
tested by Ernst & Young, a total of 65 individual objectives, there was only one deviation
discovered, that required a minor adjustment to a password policy. Which meant the
outcome was a report with no deviations at all in the Fujitsu environment. This was
endorsed independently by Ernst & Young.
This will feed into our annual Management and Control audit for IT , and I met with our
external auditors yesterday who were extremely pleased with the outcome. Our
auditors are now engaging within Post Office to ensure that the compensating and
complimentary controls operated within the Post Office environment are indeed in
place and operating effectively to match those in Fujitsu. This is underway and the field
work is on-going which is due to complete by early March.
Credit needs to be given to Fujitsu who funded this exercise, and whose controls were
tested and passed by Ernst & Young. This is a really positive step for the Post Office as
not only does it show the controls in place for Horizon and POLSAP are of good
standard, it should also reduce the time and cost of future audits.
I have passed Post Office’s thanks to Fujitsu for supporting this activity.
Allin all a very positive outcome.
Regards
Lesley
Lesley J Sewell
Chief Information Officer
<image001.png>
ECIV 9HQ
148 Old Street, LONDON,
lesley.j.sew
postoffice
@postofficene'
<image002.png>
Confidential Information:
This email message is for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorised review, use, disclosure or distribution is prohibited.
If you are not the intended recipient please contact me by reply email and destroy all copies of the
original message.
POL-0104594