WITN04600102
WITN04600102
ICL Horizon System Audit Manuel Ref: IA/MAN/oo5
Version: 1.0
Pothway (CSR+) Date: 20/12/00
Document Title: Horizon System Audit Manual (CSR+)
Document Type: Manual
Abstract: This manual describes the Horizon Operational,
Operational Support and Commercial systems and data
flows in sufficient detail to enable members of the Horizon
Audit Community to understand them for audit purposes.
It also addresses the appropriate Criteria of Requirements
697, 699, 816 and 829 insofar as it provides information
relating to the composition of and access to the ‘audit trail’
as defined in those Requirements and its admissibility for
PACE certification.
Status: Approved
Distribution: Martyn Bennett Chris Paynter (POIA)
Richard Laking Library
Author: Brian Mooney/Jan Holmes/Anthony Brown
Comments to: Anthony Brown
Comments by: 29't December 2000
COMMERCIAL IN CONFIDENCE Page 1 of 91
© 2000 ICL Pathway Ltd
WITN04600102
WITN04600102
ICL Horizow Systew Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
O Dotwment cowtrot
0.1 Document history
On 21/04/00 Initial draft based on IA/MAN/oo04 version for CSR plus changes for CSR+
0.2 10/05/00 Following work to define EPOSS and LFS data flows.
03 21/07/00 _I Following review by Brian Mooney
1.0 20/12/00 I Version 1.0 for approval
0.2 Approvel authoritiey
M. Bennett Quality Director
0.3 Associated documenty
BE
il CR/FSP/006 3-0 Audit Trail Functional Specification Pathway
[2] SD/DES/u5, 1.0 Audit Data Storage & Retrieval HLD (CSR+) Pathway
Bl SD/DES/116 1.0 ‘Audit Data Extraction & Filter HLD (CSR+) Pathway
{4] IA/SPE/ou 1.0 OBCS Audit Trail Specification (CSR+) Pathway
[5] TA/SPE/o12 10 APS Audit Trail Specification (CSR+) Pathway
[6] TA/SPE/013, 10 EPOSS Audit Trail Specification (CSR+) Pathway
(7] TA/SPE/o14 1.0 LFS Audit Trail Specification (CSR+) Pathway
[8] TA/SPE/o15 1.0 Audit Data Catalogue (CSR+) Pathway
fo] TA/PRO/003 10 Conducting Audit Data Extractions at CSR+ Pathway
COMMERCIAL IN CONFIDENCE
Page 2 of 91
WITN04600102
WITNO4600102
ICL Horizon System Audit Manuel Ref: TA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
‘APS ‘Automated Payments Service
BSU Business Support Unit
CSR Core System Release (previously known as NR2)
DLT Digital Linear Tape
DW Data Warehouse
EPOSS Electronic Point of Sale Service
ESNS Electronic Stop Notice System
HAPS Host Automated Payments System
HLD High Level Design
HSH Horizon System Help Desk
OAS OBCS Access Services
OBCS Order Book Control Service
OsP One Shot Password
POCL Post Office Counters Limited
POIA Post Office Internal Audit
PONA Post Office Network Audit
QRM Quality & Risk Management
RDMC Reference Data Management Centre
RDS Reference Data Service
RED Reconciliation Exception Database
RFI Request For Information
Sis Strategic Information Service
TIP Transaction Information Processing
TMS Transaction Management System
0.5 Changes v0.2 to v0.3
Document references updated
COMMERCIAL IN CONFIDENCE Page 3 of 9
ICL Horizow System Audit Manuel
Pathwoy (CSR+)
Ref:
Version:
Date:
WITN04600102
WITNO4600102
1A/MAN/o05
10
20/12/00
0.7 Toble of content
1 Tntroduction ......scessecseesseeseessesseessesseeseesseessesseaseesseesessessessesseassesenseeseeses
2 SCOPC .essecsssessesessesesessesseseesessesesessesssseesesseesessesesssessnsucsieseeeessesnsseeeeeseenee
3 Terminology ....ccsscescecseecseeseesessecssessessecsseeseesssssecsesssseseesseeseesssseeseeseseseees
4 What is Horizon? .......eccccscesssessesesesteseseseeesneseseseceeseseseseeneaesesnsneneaeseeenes
41 Background..............
4.2 — Horizon Services Overview.......ccceccssescsessseseseseeeeneseeeeeeneneeeneeeneneeeenene
43 Central Systems Overview
4.4 Distribution Mechanism Overview .........cccccsseseceeseeseseeeeteeeeeeteeeeeeeeee
4.5 Counter Systems Overview...........
4.6 Horizon System Helpdesk Overview .....c.cccssesseeeesseseeeeeseeseeneseeenenes
5 The Horizon Services & Systems ......:.ssecsessessesseesesseesseeseessesseeseeseenees
5.1 Diagramming Conventions........ccsceccssecsessesessesseseeesseseeseeessesneseessseesess
6 Horizon Operational Services .......cccccessesseessesseseeseseseeseesessesesseereseesess
64 Order Book Control Service.....cccscsccessesseeseesesseesesseesseseeseessssseeseeneeses
6.1.1 Control Notice Processing ........cesssecsecseecseeseessecseesesseesessessssseeseesneesese
61.2 Benefit Book Receipt...
6.1.3 Benefit Book Handover
6.1.4 Benefit Encashment.
6.2 Automated Payments Service
6.2.1 Standard Payment Using Token
6.2.2 Payment Reversal .......sccssssssessseseseesseessseensesssecsscsssesseesavecssisessessesease
6.2.3 Automated Payments Reconciliation..........sccsesesseeseseesessesseseeneess
63 Electronic Point of Sale Service .......ccseessesssssesseesseeseeesesseeeneeneesseeeeenes
6.3.1 Sale of EPOSS Product to Customer .....cccssceeesseseeeeeseeseseseseenens
6.3.2 Manage Stock Movement at the Outlet ...........cccccsecsesseesseseeseeseeesees
6.3.3 Produce the Cash Account
6.3.4 Generate Reports and Transaction Information
6.4 Logistics Feeder System .........c.sscssssssecssesseesesssesseeseesecsesseessesseesessseesees
10
+10
10
12
12
v2
COMMERCIAL IN CONFIDENCE
Page 4 of 91
ICL
Pathwoy
WITN04600102
WITNO4600102
Horizon System Audit Manuel Ref: IA/MAN/oo5
Version: 1.0
(CSR+) Date: 20/12/00
6.4.1
6.4.2
6.4.3
6.4.4
65
65.1
6.5.2
653
6.5.4
val
Jaa
712
JAZ
714
TAS
71.6
7.2
7.24
7.2.2
723
7.2.4
725
81
8.44
8.1.2
813
8.1.4
8.1.5
8.1.6
Planned Orders & Advice Notices ......ccccsssseseesessesessesteseesessessseensees 29
Delivery Stock Pouch to Outlet .......cccccecsesesessesesseessessessessesseseenees 30
Collect Stock Pouch from Outlet ...... ccc Sl
Produce Cash and Stock Statements
Horizon System Help Desk.
Service Overview
Schematic .
Data Input Streams
Data Output Streams
Horizon Operational Support Services ...........0. deceeeetesesseseeseenene 5
Business Incident Management System (APS/EPOSS) .........0see 35,
System Overview (APS) w.cccsccsesseeseeseseessssessseesessesisseenesesieseeeeeenees 35
System Overview (EPOSS).......ccssssessseseeseesnsssessssssessesseeseesnssseesteeseene 37
Schematic ......cccccssssessecseseessssecessecseseesessesseseesesneseaeeneaneateaeessteasaseeteaeenes FO
Data Input Stream ......c.cceecseseeeeessesesseeeseeseseesessesesseeesesneaeseeseneas 3Q)
Data Output Streams ........cec ccc cesses ceseseseseeeeessseseeteseetscseseeetecees BQ)
Data Retention Requirement .........ccccceeseeseseseeeseseseeretesestseseeseees 3Q)
Reference Data Management Centre .......:..scssseceesseeseeseesseeseessesseeseess ZO
System OVervieW .....cccccsecssssesesseessseesessecsssesessesessesssaneseeseesseeessneeseeeens 40
Schematic ....c.cececcceesesececsessseseseseeeeeeseseseesereeeeneneseseeeensasseseeesseeerseeeeeeeeees GL
Data Input Streams ........cceccce ees esceeseeeeseseseseeseeseseseeteeeessseseeesecsees Ql
Data Output Streams ........c cece ceeseeseseeseseseseeteseseseseeteeetstseseseeeses QQ
Data Retention Requirement ...........cccsccssssesesseseesseseseseeseeseseseeseensaes 43
ICL Pathway Commercial Systems ........::ssssssssessesesstesesseesessesseenees 4G.
Service Level Contract Administration ...........ccceeceseeeeeteteeeeeeeeteeees 44
OVEDVIOW .oieeccccseseeteseseseenenesesecesnesesestssuesesesteneneseseeteneasseseenseeaterseeeeeeeeees Gp
Schematic ..c.c.ccccccccccseseseeeeseseseeeeteseseseeeseseeesneseseseeeensaeeeseetenseeseseeeeeeeees 44.
Data Input Streams ....... ccc esseeseseeseseseseseeneseneseseerensassnenseeseenees 45
Changes to Standing Data
Data Output Streams
Data Retention Requirements
Operational Audit Data ..
COMMERCIAL IN CONFIDENCE Page 5 of o1
ICL
Pathwoy
Horizow Systew Audit Manual
(CSR+)
WITN04600102
WITNO4600102
Ref: IA/MAN/oo5
Version: 1.0
Date: 20/12/00
9.
9.2
9.21
9.2.2
9.2.3
93
9.4
95
9.6
9.7
9.8
10
10.1
10,2
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.3
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.4
10.4.1
10.4.2
10.4.3
a
Wd
Audit Track Content And Maintenance
Audit Data Retention Policy ......ccccsesecssessessesssssiesseeseeseenseseesneenes
Operational Services Audit Data
Operational Support Services Audit Data.
Commercial Systems Audit Data.
Order Book Control Service
Automated Payments Service
Logistics Feeder Service
Data Warehouse/MIS ..
Transaction Processing ......c.scssessessessesessestesessessessesessessesssnesnesssseseeneneene
Reference Dat .....c.ccccccesseessssessesseeseessesseesesssessecseseseesssssecsesssseseeseseneeses
Operational Audit Data Archive Server.......
Overview...
Archiving and Storing Audit Data.......ccccssseeseseeseseeseeseeneeneeeenes
OVEDVIOW so eseessessesssesseesseesesssessessussseesscssessecssssssssecsusessesesssessessnsssecseeesees®
Audit Track Gatherer .......c.ccccscecseesecsessteeseesssseeseessseseesssesecseasecseeneseees
Audit Track Sealer .....cececccessessesseesesseesseessesessessesesssseessessessessessesseeeses
Audit Track Hoarder.....cccsscsssecsseesssesseessseessescsseessssesseesseeesssensvessseessees
Audit Track Deleter
Retrieving and Extracting Audit Data .........cccccecsssesesseeeessesessesreseenes
OVERVIEW. .eseesestestesteees
Request For Information...
Marking Files and Tapes ..........sssssessssseessessesssesseesseeseessessecsessneeseesneessess
Audit Track Retriever......cscccsscsseesssessseessseesssssssesssesssecssessssensvessseesses
Audit Data Check Seal .......cccscecsessecsseesseesseessseenseesseessnssseesseeesseesses
Audit Trail Extractor .....c..cccscesecseessesseeseeseesesseeseeesesseesseessesessesseesseenes
Archived Audit Data Usage .......c.cccsecseessessesseeseeseeseessesseesnesseeseesneeses
Proving Integrity of Processing ..........:-000
Investigation Support.
Bulk Extraction
Obtaining Access to Operational Audit Data
Access Control Policy
COMMERCIAL IN CONFIDENCE
Page 6 of 91
ICL
Pathwoy
Horizow Systew Audit Manual
(CSR+)
Ref:
Version:
Date:
WITN04600102
WITNO4600102
1A/MAN/o05
10
20/12/00
Wd
1.1.2
11.1.3
1.1.4
WS
11.1.6
2
2.1
11.2.2
2
A
Ad
12.1.2
12.13
12.1.4
121.5
12.2
12.3
B
Ba
14
14.1
14.2
14.2.1
14.2.2
14.2.3
14.2.4
14.2.5
14.2.6
14.2.7
ICL Pathway’s Internal Auditors occ eceseseeseetesteneeseeeeseneeneeteenenes 66
Post Office AUditOrs .......csccessesssseessesssessseessssesseesssesseesssecssesssseesserssseess
POCL Emergency Manager ........:.sscsccsesesssessssesesseessseesesseesssesssnseeeseens
POCL <Client> Auditors.
Authority's Agents.
One Shot Passwords.
Requesting Audit Data Extractions .
Pre - Requisites
Requesting Audit Data.
Commercial Audit Records (R697) ...ccccsseeeesseseeeseeeeeesneseeeeee
Included [tems ........ccccessecsessessessseeseeseesseeseessesseessseseesesseeseessseseeseseseess
Invoicing Records.......ceccecssesesseeseeseessessesssessessesssesseessesseesesssesseesseeseess
Change Control Documentation ........:.ccssesssesseeseeseesresseeseesnesseesseeees
Special Assistance INVOICES .........ssesseeseesseeseessessesseeneeeessecstssnessteaneentenee
Development Activity INVOICES.........ccescesseeseseeseesesesteseesestesesseseereaes
Contracts with Sub-Contractors........scccccsesssesseeseeeseeseeseeseessssseeseeeseesee
Excluded [tems ........cccccsssecsesssesseessesseeseesseessessesseeseseseesesssecsessseesesseeeseess
Caveats ..cccsccesecseseeseesesseseessenssneseeneens
Obtaining Access to Commercial Audit Data & Records
Access Control Policy ......ccsseesessessessesessessesesssssesessessssseseessesssrssseneseseene
Conducting Joint Audits ..........cccccecseeseeseessssseeseeseeseesseeseessseseeseenseess
Generral......ccceccecseessesseeseesseesesssessessseeseessesseesessssssessuseseesseesecsessnsesesseseseess
Joint Working Framework ..........c:csseessesseessessesseeesesseesseesessneesesseeeneeses
PLANNING... essecseessesseessessessnessecsscssessscssecsecsvsssecsecsseeseeaseasecanssneensaneeseess
Terms of Reference ....cscecsseesssecseessesssecsseesseessseesseessseesseessseesseessneesseens
Detailed Audit Schedules...........cscecsesessesseessesseesssseessessesseessssseessseseesee
ROSOUFCES ....sessesceseesessesseseesessesesessesnesecsessessesessssssesssuesesseeneanesessesneanenees
“72
Reporting Arrangement .........cccccscesessesssseesesssseeseesesseseeseenssessesseeeseenes 77
Corrective Actions Review
Process Review and Improvement ..
COMMERCIAL IN CONFIDENCE
Page 7 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
1 Introduction
This document is intended for the community of auditors who are involved in
auditing the Horizon system and describes Horizon so that auditors can
understand the business processes and data flows involved. It is structured to
lead the reader through Horizon so that a general level of understanding and
knowledge can be obtained. It does not set out to be an exhaustive
decomposition of the total solution.
It provides information in support of the Horizon system meeting
Requirements 697 (General - Audit: Access), 699 (General - Audit: Trail), 816
(POCL Applications - EPOSS: Audit) and 829 (General - Security: Prosecution
Support).
It is supported by a number of related documents that describe the Operational
Services audit trails [4][5][6][7], the relevant Commercial Systems audit trails
and the audit data itself [8] in more detail.
The business processes include all systems and services that make up Horizon
including :
Operational Services
APS - Automated Payments Service.
b. EPOSS - Electronic Point of Sale Service.
c OBCS - Order Book Control Service, including OBCS Access Service
(OAS).
d. LFS - Logistics Feeder Service
e. HSH - Horizon System Help Desk.
Operational Support Services
a. BIMS - Business Incident Management System.
c RDMC - Reference Data Management Centre.
Commercial Systems.
a. SLCA - Service Level Contract Administration.
Change Control is also included as any changes to any of the above Services
can only be achieved through the agreed Change Control process which has its
own audit trail of documentation associated with it.
The document describes how access to the ‘audit trail’ is achieved and
establishes a framework for joint working where this is deemed appropriate.
COMMERCIAL IN CONFIDENCE Page 8 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
2 Scope
The information in this document is relevant to Horizon at Core System
Release+.
3B Terminology
Each organisation that constitutes the Horizon Community of Auditors will
have their own set of standard definitions and terminology and their auditing
policies and practices will be defined and described in Audit Manuals. However,
there is some terminology that is specific to Horizon :
Audit Tracks Defined in [1] as “a record of activities made within a
subsystem for one or more of its interfaces.”
Audit Trail Defined in [1] as “one or more such tracks.”
In addition this document uses the following terms throughout :
POCL Post Office Counters Ltd. The organisation responsible for
operating the outlets through which Horizon will be
delivered to the end customer.
COMMERCIAL IN CONFIDENCE Page 9 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
4 What iy Horizon?
4.1 Background
Horizon was the total solution to the joint requirement of the Department of
Social Security and Post Office Counters Limited which asked for the provision
of a facility to transact most Post Office business and, in particular, the
payment of benefits on each PO outlet counter across the UK.
Following the withdrawal of the Benefit Agency from the contract on 24"" May
1999 the Horizon solution was de-scoped to deliver Post Office services only.
However, the basic architecture and principles of Horizon have not changed
with BA’s withdrawal.
It achieves this through the provision of a number of SERVICES at the Post
Office Counter delivered via the logical SYSTEM componentry shown in Figure
1.
Pathway Central )
—SaS
Systems "
Links to POCL and
their clients
Help Desk
Distribution
Mechanism
Wide Area
Network
Post Office
Counter Systems
Figure 1 : Overview of Horizon Logical Components
4.2 Horizon Servicey Overview
The services available at Core System Release are :
e Order Book Control Service (OBCS) that ascertains the validity of a BA order
book before payment is made. Note that this is a Post Office Service and
subject to a separate contractual agreement between the Post Office and
DSS.
COMMERCIAL IN CONFIDENCE Page 10 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
e Electronic Point of Sale Service (EPOSS) that enables PostMasters to conduct
general retail trade at the counter and sell products on behalf of their
clients.
e Automated Payments Service (APS) support for utility companies and others
who provide incremental payment mechanisms based on cards and other
devices.
¢ Logistics Feeder Service (LFS) targeted at the efficient management of cash
and value stock, principally to minimise cash held overnight in outlets and
outlet’s value stock holdings generally.
Each service is separate but all are delivered through the system architecture as
shown in Figure 2. New services can be added simply by defining the business
requirement, designing and constructing the software and utilising the existing
architecture to deliver the service to the Post Office Counter.
a Logistics
SAP ire mae Feeder
ADS I¢ Service
Order
—P Book
esns [J oBcs opcs II Beck,
Service
Electronic;
RDS EPOSS TMs wan m=] EPoss I I Pontet
RDMC Service
—P Automated)
HAPS aps I I Payments
it Service
Customer Distribution Wide Area PO Counter
Systems Central (Host) Systems Mechanism Network ‘Systems
Figure 2 : An Overview of Horizon Services and the Architecture
COMMERCIAL IN CONFIDENCE Page n of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
4.3 Central Systems Overview
The central systems comprise substantial computers running large relational
databases with on-line access for the Help Desk service.
The central systems are responsible for:
¢ Receiving information from POCL and its clients
¢ Storing incoming information and in some cases using it to modify existing
information
e Transforming it into a format suitable for the counter applications
¢ Passing information to the counter applications via the distribution
mechanism
e Receiving information back from the counter applications via the
distribution mechanism
¢ Storing returned information
¢ Passing information back to POCL and its clients
e Summarising information into an appropriate format for management
information access
4.4 Distribution Mechanimm Overview-
The distribution mechanism takes one logical stream of information from the
central systems and fans it out to the almost 20,000 outlets across the UK.
Conversely, it receives input from the almost 20,000 outlets and funnels it in to
one logical stream.
4.5 Counter Systems Overview
The counter systems provide interactive support for all staff in every Post Office
and are capable of operating even if they lose their connection to the centre.
Other than in fallback mode all outlet transactions take place directly through
this facility and the result of every transaction is captured and returned to
POCL. The results of certain specific transactions are returned directly to the
DSS and others to automated payment clients of POCL.
If the counter system is not available for any reason the Post Office operates in
fallback mode whereby transactions are authorised on a case by case basis by
the Horizon System Helpdesk. On return of the counter details of transactions
made in fallback mode are input in bulk by the Post Master.
COMMERCIAL IN CONFIDENCE Page 12 of 91
WITN04600102
WITNo4600102
ICL Horizow System Audit Manuel, Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
Most of the transactions that occur at the counter are unplanned in that
nothing exists to represent an individual transaction until a customer walks up
to the counter and asks for some service or product.
4.6 Horizon System Helpdesk Overview
This provides POCL outlet staff with a single point of contact for dealing with
all problems relating to the system procedures and the Horizon system
installed in outlets.
COMMERCIAL IN CONFIDENCE Page 13 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
S The Horizow Services & Systems
S.L Diagramming Conventiony
Within each Horizon Service, be it Operational or Operational Support a
number of business processes are enacted in order to deliver the required
customer interaction. Similarly the Pathway Commercial Systems initiate
business processes in order to deliver the required end product. Each business
process requires data to allow it to operate and generates data to confirm the
transaction and report the outcome.
Diagramming conventions have been used as shown as shown in Figure 3 :
Data Flow
=I] —
Data Store
Process
iaman-03
Figure 3 : Diagramming Conventions
A process is an IT component that manipulates the data in some way.
An external entity is a component that sits outside the scope of the diagram
but communicates with a process within it. Conventionally, flows between
external entities are not shown, but in this case they are shown where they add
to the overall understanding of the diagram.
A data store is a mechanism which holds data in a persistent manner for a
significant amount of time. In this context significant means longer than the
processing time of the processes to which it connects. Thus transient data is
NOT held within a data store.
The data flow arrows indicate the nature and direction of the data between
processes, external entities and data stores.
The following sections provide a ‘Level 1’ decomposition of the various business
processes enacted at Core System Release (CSR). Each consists of the data flow
diagram for that element of the service and a brief resume.
COMMERCIAL IN CONFIDENCE Page 14 of o1
WITN04600102
WITNO4600102
ICL Horizon Sytem Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6 Horizow Operational Services
6.1 Order Book Control Service
6.1.1 Control Notice Processing
Data Flow Diagram
‘Stop/Recall/Purge
RN Fil
<a . y
OBCS Hot ‘Stop/Recall/P urge i i
Central CRN FADCode Sydem Central Stop!
fil Redirect
. ~ “ Retum ist
Stop! Recall Purge
Y
Transaction
Management Fe ==
Sygem J
Telp Desk
Stop List
Stop/RecaliPurge Quer File
Y
Stop/Re call Purge bese
Toca! Stop
List
iaman.o6
Resume
ESNS transmit a single Control Notice for an Order Book. This Notice may be to
Stop or Impound an Order Book on next presentation, or to Purge existing
Control Notices from the Central and Local databases.
The Control Notice is compared with the Central CRN (Customer Reference
Number) database and a separate CN record generated for each Post Office
where the Order Book has been previously submitted. The FAD code is added
to the CN record and passed to TMS where the CN records are distributed to
each Post Office at which point they are added to the Local CN database.
Control Note details are also sent to Help Desk Query Servers at the Horizon
System Helpdesk sites (Stevenage and Manchester) to enable PM enquiries
during periods of ISDN down time.
COMMERCIAL IN CONFIDENCE Page 15 of 91
WITN04600102
WITN04600102
ICL Horizow Systew Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
Further Information
IA/SPE/ou : OBCS Audit Trail Specification [4]
COMMERCIAL IN CONFIDENCE Page 16 of o1
WITN04600102
WITNO4600102
ICL Horizon System Audit Manual Ref: TA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.1.2 Benefit Book Receipt
Data Flow Diagram
Transaction Result
le
OBCS Host :
System = ——— Central Stop/
Redirect!
A Retum List
Stop Notices
Transaction Result
Transaction
Management
‘System
‘Stop Notices
Transaction Result
and
. 5 oBcs ——
$e Tora sto
Tocal GRN cone Recieol
File Retum List
Transaction Result Local CRN Enquiry + Result
Local Stop enquiry + result
Central CRN enquiry + result
Central Stop enquiry + result
Order Book
iaman-07
Resume
The Post Office receives a new Order Book (OBs may be received in batches)
from the Benefits Agency and is ‘accepted’ by the Post Master. Any Control
Notices that exists for the OB are applied after which the OB is either available
for collection by the beneficiary or is immediately impounded and returned to
the Benefits Agency.
Transactions confirming the actions taken are sent back, via TMS to OBCS.
Further Information
IA/SPE/ou : OBCS Audit Trail Specification [4]
COMMERCIAL IN CONFIDENCE Page 17 of 91
ICL
Pathwoy
Horizow Systew Audit Manual Ref:
Version:
(CSR+) Date:
WITN04600102
WITNO4600102
IA/MAN/o05,
1.0
20/12/00
6.1.3 Benefit Book Handover
Data Flow Diagram
Transaction Result
OBCS Host
Systen
A
‘Transaction Result
Transaction
Management
System
Transaction Result
bee Stop Instruction Chasers I
(Counte) I *+—— Local Stop
Redirect!
Return List
Transaction Resuit Stop Instruction
‘Stopped Order Book
Order Book
(unies stopped)
Form of Authority orI
Expired Book
Form of Authority
iaman-On
COMMERCIAL IN CONFIDENCE
Page 18 of 9
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
Resume
A benefit claimant arrives at the Post Office with an appropriate form of
authority to pick up the new Order Book. This may be an expired OB or some
other form as notified to the claimant.
The Local CN database is checked to see if any Control Notices have been
received since the book was ‘accepted’ and if not, the OB is ‘activated’ and
handed to the beneficiary.
Transactions recording the result of the activity are sent back to ESNS via TMS
and OBCS.
This is normally followed by a benefit encashment.
Further Information
IA/SPE/ou : OBCS Audit Trail Specification [4]
COMMERCIAL IN CONFIDENCE Page 19 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
6.1.4 Benefit Encosrment
Data Flow Diagram
Fie
Local Stop
Transaction Result
OBCS Hot $ i
Sytem I [I con Stone
Redirect?
A Return List
Transaction Result ‘Stop Notice
Transaction
Management
Sydem
Stop Notoe
Transaction Result
oscs =
(Counte ———____—_—_—_—_ J
‘Stop Notice ‘ , ‘oa CRN
ile
Redirect!
Return List
Help Desk
Stop List
Quey File
Resume
Foreign Encashment
Transaction Result
Quey
Benefit Book
jaman-09
Stop Notice
‘Stopped Order Book
can+
Benefit Book +
{Milk Tokens,
Having obtained the new Order Book, or already being in possession of one, the
beneficiary wishes to encash one of the foils for a benefit payment.
The book is presented to the Post Master and the local CN database checked for
any Control Notices that should be applied. The PM is also able to check
against the HelpDesk Stop List Query File during periods of ISDN downtime.
Depending on the outcome of that check there could be one of three outcomes
e The benefit is paid to the claimant and the book returned to him/her.
e The benefit is paid but the book is impounded afterwards.
COMMERCIAL IN CONFIDENCE
Page 20 of 91
WITN04600102
WITN04600102
ICL Horizow Systew Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
e The book is impounded immediately and no benefit is paid.
Further Information
IA/SPE/ou : OBCS Audit Trail Specification [4]
COMMERCIAL IN CONFIDENCE Page 21 of 91
WITN04600102
WITNO4600102
ICL Horizon System Audit Manual Ref: TA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.2 Automated Payments Service
6.2.1 Standard Payment Using Token
Data Flow Diagram
AP Transaction Details
Indirect Direct
AP Hos TPS
AP Transaction Details
Full Transaction Details
Reference Data All Reference Data Transection
Management I J —____geul Management
Centre System Full Transaction Details
All Reference Data
Automated AP Transaction Details.
Payments I__I EPOsS.
Service
Bill Payment foarcode)
Pre-payment (Card)
Money
Bill Payment (barcode)
Pre-payment (Card)
Money
Receipt
laman-10
Resume
Automated Payments enables members of the public to pay bills from various
utilities and other organisation who have a bill paying agreement with the Post
Office. It also allows for pre-payment of money against future use of a utility.
The customer presents the utility bill or card and cash to the Post Master who
issues a receipt. Transaction details are sent to POCL HAPS at Andover and
COMMERCIAL IN CONFIDENCE Page 22 of o1
WITN04600102
WITNo4600102
ICL Horizow System Audit Manuel, Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
POCL TIP at Chesterfield for subsequent processing and reconciliation with
their clients.
Further Information
IA/SPE/o12 : APS Audit Trail Specification (CSR+)
COMMERCIAL IN CONFIDENCE Page 23 of o1
WITN04600102
WITNO4600102
ICL Horizon System Audit Manuel Ref: TA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.2.2 Payment Reversal
Data Flow Diagram
AP Transaction Details
Indirect Direct
AP Hos TPs
Business Rules
AP Transaction Details
Reference Data
Full Transaction Details.
Business Rules
Reference Gaia Fefoence Dain Transaction
Management I" ei} Management
Centre Sysem Full Transaction Details
Business Rules
Reference Data
‘Altemated AP Transaction Details
Payments I---I EPoss
Service
Original Payment Receipt
Reversal Receipt
Money Original Payment Receipt
iaman-25
Resume
There will be times when the POCL Customers wishes to change or reverse
entirely an Automated Payment transaction made earlier. APS allows this to
happen as long as certain POCL Business Rules surrounding reversals are met :
a. Transactions shall only be reversed in the office in which the original
transaction took place
b. A transaction cannot be reversed if it has been forwarded to POCL or the
Client
c A transaction must be available for reversal until the end of business day
on which the transaction was performed
COMMERCIAL IN CONFIDENCE Page 24 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pothway (CSR+) Date: 20/12/00
d. Eligibility for reversal is subject to the constraints of the token
technology of the transaction and the AP Client Specification
The Customer must have the Original Printed Receipt before the reversal can
commence. If the rules applicable to the scheme have been met, and the
original transaction is still available to be reversed, it will be and the money
returned to the Customer. A second, Reversal Receipt, is produced by the
system and handed to the Customer.
Further Information
IA/SPE/o12 : APS Audit Trail Specification (CSR+)
COMMERCIAL IN CONFIDENCE Page 25 of o1
WITN04600102
WITN04600102
ICL Horizon System Audit Manuel Ref: IA/MAN/oo5
Version: 1.0
Pothway (CSR+) Date: 20/12/00
6.2.3 Automoted Payments Reconciliation
Data Flow Diagram
Transaction
AP Host Processing
System
= L = . =
All AP All
Transactions Transactions Transactions
‘Automated
Payments
Reconciliation
‘AP Reconolliation
Report
a
iaman-28
Resume
AP Transactions are reconciled on a daily basis by Horizon. The reconciliation
is between AP transactions to be sent to POCL and those to be sent to each
POCL <Client>.
Reconciliation is used to demonstrate that the same transactions have been
sent to each party and if not an explanation can be found.
Further Information
IA/SPE/o12 : APS Audit Trail Specification (CSR+)
COMMERCIAL IN CONFIDENCE Page 26 of 91
WITN04600102
WITNO4600102
ICL Horizon System Audit Manual Ref: TA/MAN/oo5
Pathwoy
Version: 1.0
(CSR+) Date: 20/12/00
6.3 Electronic Point of Sale Service
6.3.1 Sale of EPOSS Product to Customer
Data Flow Diagram
Reference Data
Reference Datal
Management
Centre
[om Data
EPOSSTransaction
Transaction I] Detaiis
‘Management
‘System
4
EPOSS Transaction
Details
Reference Data
y
EPOSS
Transaction Details
Sale Product
Resume
The customer selects one,
Reference Data
Receipt
iaman-t2
or a number, of consumer products that are available
for sale within the Post Office. These may be products being sold by PO on
behalf of another organisation, eg. DVLA car tax discs, or pure consumer goods,
eg. sweets. Only those goods that are identifiable on the menu hierarchy may
be sold in an outlet and this is controlled through the transmission of reference
COMMERCIAL IN CONFIDENCE Page 27 of o1
WITN04600102
WITNo4600102
ICL Horizow System Audit Manuel, Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
data from the Post Office to the counter via the Reference Data Management
Centre.
Variable information about the products, eg, price. is also sent to the outlet via
reference data.
Further Information
IA/SPE/o13 : EPOSS Audit Trail Specification
COMMERCIAL IN CONFIDENCE Page 28 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pothway (CSR+) Date: 20/12/00
6.3.2 Manage Stock Movement at the Outlet
Data Flow Diagram
EPOSSTransaction
Transaction Details
Management
Sysem
EPOSS Remm-in EPOSS Remm-Out
Details Details
Stock Transfers In Stock Transfers Out
iaman-13a
Resume
The PM is able to manage stock movement into, out of and between Stock
Units through the Remm-In and Remm-Out feature.
Stock movements into the SU could be as a result of a Pouch Receipt ex
SAPADS (see LFS), transferring stock in from another SU, adjusting up for
earlier mistakes of reflecting gains in stock holding for any other reason.
Stock movements from the SU could be as a result of selling a product to a
customer, transferring redundant or called-in stock to SAPADS, transferring
stock to another SU, adjusting down for earlier mistake, loss, shrinkage or theft.
Further Information
IA/SPE/o13 : EPOSS Audit Trail Specification
COMMERCIAL IN CONFIDENCE Page 29 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.3.3 Produce the Cash Account
Data Flow Diagram
Cash Account Details
TIP Inte face
Cash Account Details
TPS
A
Cash Account Details
Transaction
Management
Sysem
A
Cash Account Details
EPoss
Multiple Stock Units
faman-13b
Resume
The balances from the Stock Units are aggregated and an overall Outlet Cash
Account balance struck. A Cash Account report is produced (3 copies) for all
transactions defined in POCL rules. The results are transmitted to TIP.
The Cash Account is expected to balance each week.
Further Information
IA/SPE/o13 : EPOSS Audit Trail Specification
COMMERCIAL IN CONFIDENCE Page 30 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
6.3.4 Generate Reports and Transaction Information
Data Flow Diagram
EPOSSTransaction
Details
TIP Interface
—p
EPOSSTransaction
Details
TPs
fy
EPOSSTransaction
Details
Transaction
Management
Sysem
4
EPOSS Transaction ‘Cash Account Deta
Details
POSS:
iaman-13¢
Resume
All EPOSS transaction data and derived values, including Cash Account
balances are transmitted, on a daily basis, to POCL TIP, Chesterfield where it is
used by POCL to reconcile Outlet activity to monetary values received.
Reports can be generated by a number of selection criteria an rely on the
presence of markers in TMS to avoid double counting. Some reports are
mandatory.
Further Information
IA/SPE/o13 : EPOSS Audit Trail Specification
COMMERCIAL IN CONFIDENCE Page 31 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
6.4 Logisticy Feeder System
6.4.1 Planned Ordery & Adwice Noticey
Data Flow Diagram
Rejected Planned Orders
Records stock Advice Notice
LFSHos
‘System
Planned Orders
‘Stock Advice Notices
Transaction
‘Management
Sysem
Planned Orders
Stock Advice Notices
LFS (Counter)
Planned Orders
Stock Advice Notices
laman 31
Resume
SAPADS estimates the replenishment requirements of each Outlet and sends
estimated quantities of stock (cash, stamps and other Counter stock) to the
Outlet. Outlets are informed of the planned delivery through a Planned Order.
PMs are able to vary the quantities by calling the Inventory Managers by
‘phone. A replacement Planned Order is NOT despatched to confirmed the
revised delivery.
Further Information
IA/SPE/014 : LFS Audit Trail Specification [7]
COMMERCIAL IN CONFIDENCE Page 32 of o1
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.4.2 Delivery Stock Pouch to Outlet
Data Flow Diagram
Barcoded Pouch
Receipt Details
LFS Host
Sydem
compel
Barcoded Pouch
Receipt Details
Transaction
Management
System
4
Barcoded Pouch
Receipt Details
LFS (Counter)
oneal
Barcoded Pouch
Receipt Details
Delivered by Courier
Collected by Courer
iaman32
Resume
The Stock Pouches are despatched by SAPADS, via courier, to the Outlets.
Details are sent to the Outlet via the system and on receipt of the Pouch the PM
reads the barcode using the Counter wand. This checks the details already sent
from SAPADS.
A receipt is printed which both the PM and Courier sign acknowledging receipt
of the Pouch.
Further Information
IA/SPE/o14 : LFS Audit Trail Specification [7]
COMMERCIAL IN CONFIDENCE Page 33 of o1
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.4.3 Collect Stock Pouch from Outlet
Data Flow Diagram
Barcode Pouch
Collection Details
LFS Host
‘System
4
Barcode Pouch
Collection Details
Transaction
Management
System
A
Barcode Pouch
Collection Details
LFS Counter)
Barcode Pouch
Collection Details
Collected by Couser Collected by Courier
iaman33
Resume
The Stock Pouches are despatched by SAPADS, via courier, to the Outlets.
Details are sent to the Outlet via the system and on receipt of the Pouch the PM
reads the barcode using the Counter wand. This checks the details already sent
from SAPADS,
A receipt is printed which both the PM and Courier sign acknowledging receipt
of the Pouch.
Further Information
IA/SPE/014 : LFS Audit Trail Specification [7]
COMMERCIAL IN CONFIDENCE Page 34 of 9
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
6.4.4 Produce Cash and Stock Statementy
Data Flow Diagram
Daily Cash Statements
Weel Stock Statements
LFS Host
System
A
Daily Cash Statements,
Weelty Stock Statements
Transaction
‘Management
System
A
Daily Cash Statements,
Weel Stock Statements
LFS (Counter)
A
Daily Cash Statements
Weely Stock Statements
laman-34
Resume
The Cash Statement contains the quantities and total values of each cash item
(denomination) for an Outlet. A declaration is made every day by every Counter
that has been used on the day. Individual stock units are checked each day to
ensure that the declared value equals the calculated balance of cash. A
discrepancy is reported if a balance is not achieved. The Cash Statements are
sent to SAPADS on a daily basis.
Stock Statements are similar and their accumulations are based on stamp
declarations, value stock balances and non-value stock declarations. The data is
capture on a weekly basis following the Cash Account Rollover process. The
Stock Statements are sent to SAPADS on a weekly basis.
Further Information
COMMERCIAL IN CONFIDENCE Page 35 of o1
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
IA/SPE/014 : LFS Audit Trail Specification [7]
6.5 Horizow System Help Desk
6.5.1 Service Overview
The Horizon System Helpdesk (HSH) deals with all technical and operational
calls related to the Horizon environment or the data feeds into Horizon from
Post Office Counters Ltd and their clients. It provides a single point of contact
for outlet staff and Horizon operation staff.
6.5.2 Sthemotic
The following diagram shows the main data flows within HSH.
‘Helpdesk
‘Call Re-
direction
Other
Helpdesks
faman-19.ins
COMMERCIAL IN CONFIDENCE Page 36 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
6.5.3 Data Input Streamy
From POCL outlet staff, calls relating to system procedures and Horizon system
equipment installed in outlets.
From DSS staff, OBCS queries via the ITSA Service Helpdesk.
From POCL (HAPS) staff, EPOSS and APS queries via the POIT Helpdesk.
From POCL Regional HQ, unplanned office closure details via the POCL
Regional Helpdesk.
From ICL Pathway, calls relating to any element of the Horizon system.
6.5.4 Data Output Streamy
Essentially all output streams will consist of the advice and guidance requested
by the incoming call. In some instances the call will be re-directed to an
alternative Helpdesk more appropriate to the nature of he incident.
COMMERCIAL IN CONFIDENCE Page 37 of o1
WITN04600102
WITNO4600102
ICL Horizon System Audit Manual Ref: TA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
7 Horizow Operational Support Services
7.1 Business Incident Management System (APS/EPOSS)
7.1.1 System Overview (APS)
The role of the BSU is to ensure that all APS transactions that occur at the Post
office counter reach the intended Clients. The transaction details must pass
across a number of system boundaries that may cause rejections (or non-
deliveries) which have to be progressed by the BSU with the assistance of other
ICL Pathway units.
The BSU will generate reports on those incidents and record them on the BSU
APS Reconciliation Exception Database (RED). Each new incident will generate
a BIMS report that is updated and ensures that an audit trail is available for
each incident.
The BIMS report is used for two reasons:
¢ to inform POCL Chesterfield and Andover of the details of the APS
transaction(s) which have been rejected (undelivered) and to give them
the
correct transaction details so that they can be forwarded to the correct
Clients for settlement, and
© to inform POCL Chesterfield and Andover that the incident has been cleared
and, when agreed between ICL Pathway and POCL, closed.
There are potentially 6 types of incident that may be dealt with through BIMS
(APS) :
a. Incidents at ICL Pathway Central Systems
The APS Host prepares APS Transaction files for transmission to POCL HAPS.
The TPS Host prepares will also create AP Transaction files as well as TPS
Transaction files for TIP. The ICL Pathway Central Systems will receive both
sets of AP Transaction files and reconcile the two files on a transaction by
transaction basis. Files that pass validation are sent straight to HAPS.
If there are any differences then these discrepancies are stored in the APR as
discrepancies.
b. Unmatchd Reversals
The ICL Pathway Host APS also checks to see that any reversed transactions
have a matching pair of transaction details i.e. that there is an original and a
reversed transaction.
COMMERCIAL IN CONFIDENCE Page 38 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
If the Host APS has a reversed transaction to which it can not find the original,
then the reversal is rejected by the Host and put into an APS exceptions table.
Every entry that goes into this table causes an event to be raised.
COMMERCIAL IN CONFIDENCE Page 39 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
c Incidents on APS Reconciliation Reports
The BSU will receive a number of APS reports from ICL Outsourcing (CFM)
everyday and these reflect the APS transactions that have occurred at Post
Offices using the APS during the previous business day.
This report shows the number and value of the APS transactions which have
been transferred to HAPS and to TIP for the previous business day. The report
will show any timing delay exceptions which are normally resolved the
following day. However, some exceptions are more than merely timing delays in
which case they become ‘Confirmed Exceptions’ and have to be resolved by the
BSU.
d. Incidents at HAPS Andover
HAPS receives AP transactions files from ICL Pathway APS daily. It carries out a
validation check on the files, merges the APS files with other Post office
transaction files (ie. APT and ECCO transactions) and then sorts the
transactions by Client. The data collated enables POCL Andover to inform the
Clients of their transaction payments for the previous accounting day.
HAPS may reject individual transactions if the Client ID details on those
transactions are not recognisable by the system.
e. Incidents at TP Chesterfield
POCL Chesterfield receives transaction data from the HAPS data stream and
the TPS data stream. The HAPS data must pass through a pre-APACHI
validation check before accepted by APACHI. The validation process checks all
the data details to ensure that the right payments go to the right Clients.
The system causes a number of transactions to appear duplicated which would
be picked up by the pre-APACHI validation check.
f. Incidents at the AP Client
AP Clients receive their APS payments from the Settlement team at POCL
Chesterfield on a daily basis.
There are two categories of Clients :
© Girobank who acts on behalf of a number of Utility and Service companies.
¢ Non-Girobank Clients whom POCL Chesterfield deals with directly.
The Public Customer may query their Utility bill with regards to payments
made at the Post office, e.g. a payment has been shown incorrectly or does not
appear on the Customer’s bill.
The Customer will initially contact the AP Client with their query. The AP
Client may be able to resolve the query without taking the incident further.
However if the Client is unable to resolve the incident, then they will contact
POCL at Chesterfield and ask them to resolve the incident.
COMMERCIAL IN CONFIDENCE Page 4o of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
7.1.2. System Overview (EPOSS)
ICL Pathway is not responsible for directly reconciling EPOSS transactions.
There is an obligation to pass raw transaction data to POCL TP daily, followed
by a completed post office Cash Account on a (generally) weekly basis. POCL
are then responsible for reconciling the individual transactions to the Cash
Account totals to provide a national picture.
However, on occasions, due to system constraints, e.g. reversals being
prevented due to Cash Account roll over etc, an office may well submit a Cash
Account to POCL TP, which is known to be incorrect. In such cases, POCL TP
will require full details of the transaction in question to enable the
reconciliation and settlement or the error notice procedures to be effected. An
incident is therefore raised via the HSHD and passed to BSU who will complete
the appropriate BIMS entry advising POCL of the correct transaction or
settlement values.
COMMERCIAL IN CONFIDENCE Page 41 of o1
ICL Horizow System Audit Manuel
Pothway (CSR+)
WITN04600102
WITNO4600102
Ref: IA/MAN/oo5
Version: 1.0
Date: 20/12/00
7.1.3 Schemotic
Duplicated Tans actions
APS Inciderfs @ Client
‘APACHI Valle ton Fallures
EPOSS theldents
APS Inkiderts
Unmatched!
Reversals ‘APR Discfopancies
Management
Repors
APS Recondiliation Report
[APS Summary Report
TenDay Exception Repot
Polling Exception Report
APS Discrepancy Table
Y
Homzon sysiem
HelpDesk
Pinice
t
Business incident
Management
‘sygem
T
BSU BIMS
Reports
lamana0.ns
1
ia
required
Y
Management
Reports
Manuat
Invoice
Adjustments
COMMERCIAL IN CONFIDENCE
Page 42 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
7.1.4 Dato Input Streamy
APS Reconciliation Report from ICL OSD
APS Summary Report from ICL OSD
Ten Day Exception Report from ICL OSD
Polling Exception report from ICL OSD
APS Discrepancy Table from APS Host
PinICLs with details of Incident to be investigated
7.1.5 Data Output Streamy
BIMS Report to originator of incident
Copy of BIMS Report to HAPS Andover, TP Chesterfield & Horizon Service
Management
7.1.6 Dato Retention Requirementy
BIMS Reports are retained for 7 years.
COMMERCIAL IN CONFIDENCE Page 43 of 9
ICL
Pothway
WITN04600102
WITNO4600102
Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
(CSR+) Date: 20/12/00
7.2 Reference Data Management Centre
7.2.4 Syytew Overview
The Reference Data Management Centre (RDMC) is a the mechanism which
receives reference data from both POCL and from within Pathway and delivers
it to the various parts of the Pathway system. RDMC includes
a.
Procedures to handle the receipt, validation and storage of reference
data
Change control facilities to manage the controlled release of reference
data to the Pathway system
Data transformation procedures which handle the ‘enrichment’ of
reference data into the format required by the Pathway Counter
Applications.
Delivery of reference data to the Pathway Counter Applications to
support the processing of Electronic Point of Sale Services (EPOSS) and
Automated Payment Services (APS). EPOSS and APS counter processing
functionality is generic and the individual transactions are driven to a
great extent by reference data parameters
Delivery of reference data to other areas of the Pathway system such as
TPS, MIS and APR
RDMC does not support any BA reference data.
COMMERCIAL IN CONFIDENCE Page 44 of 91
WITN04600102
WITNo4600102
ICL Horizon System Audit Manual Verin LAIMAN/o95
Pathwoy (CSR+) Date: 20/12/00
7.2.2 Schemotic
oct nos Tot ross
nese ota comeroqptonsia ee tion
y
ARNE
DATA
NaNAGEMENT
CENTRE
nel Dea “ee Bank Hhicays of omtces a ae
Y
one ow TPs us 4S
Reterenpe Data
coumer TS
Journal
laman29.ins
7.2.3 Dato Input Streamy
Reference data is categorised as
Type A
interface
Type B
automated interface.
Type C Pathway owned reference
Application System.
data which
POCL owned reference data delivered via the formal automated
POCL owned reference data delivered other than via the formal
supports the Counter
COMMERCIAL IN CONFIDENCE
Page 45 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
Type A Data
This reference data is delivered by POCL via a formally agreed interface. The
data consists of outlet, client, product and automated payment token
definitions. It is transferred from POCL to Pathway using FTMS.
RDMC processes each file of reference data delivered by POCL and returns
error details and process statistics to POCL via FTMS. FTMS will ensure all data
transfer information required for auditing is available for collection by the
Archive Server
Type B Data
This consists of reference data which is supplied by POCL but was not included
in the formally agreed Type A interface - mainly because the requirements for
and / or the decision to supply the data was taken at a late stage in the CSR
design. The data consists of scales tariffs product migration definitions.
Formal procedures are agreed with POCL to support the delivery of this data
from POCL to Customer Services. Customer Services then manages the
preparation of the data for input to RDMC with the support of Counter
Development.
An audit record is maintained by the archive server of all reference data files
received by RDMC and of the associated error details and process statistics.
Type C Data
This consists of reference data which Counter Development supply to support
the Pathway Counter application. The best example of this type of reference
data is the menu hierarchy definition. The data is delivered by Counter
Development to Customer Services.
Customer Services manage the loading of the data into RDMC. An audit record
is maintained by the archive server of all reference data files received by RDMC
and of the associated error details and process statistics.
Rollout Auto-Config Data
At a specific point in the automatic configuration of new POCL outlets, the
auto-config process sends details of the offices to be rolled out to RDMC by
creating data files in the RDMC environment. The data is loaded automatically
into RDMC where it triggers the delivery of reference data for the newly rolled-
out offices to other areas of the Pathway system.
An audit record is maintained by the archive server of all reference data files
received by RDMC and of the associated error details and process statistics.
COMMERCIAL IN CONFIDENCE Page 46 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
7.2.4 Data Output Streams
Reference Data to Pathway Counter Applications
RDMC delivers new and changed reference data to the Pathway Counter
Applications via a Reference Data Agent process (R_LD_ALL). This process
reads generic views of the reference data within RDMC and extracts details of
reference data changes. The agent process then converts the data into attribute
grammar format for and delivers it to the Correspondence Server level.
RDMC maintains a audit record of when each set of input data is delivered to
the Correspondence Server.
Delivery of Reference Data to Other Pathway Systems
RDMC delivers changes to outlet, client and product reference data to MIS
each day. An audit record is maintained by RDMC of when each set of input
data is delivered to MIS.
Additionally, RDMC provides an up-to-date view of outlet and client details to
the TPS and APR host system
7.2.5 Dato Retention Requirementy
RDMC operates as a fully replicated system across two sites offering immediate
resilience in the event of failure. Data is transmitted a number of times each
day between RDMC and the POCL RDS system at Huthwaite via dedicated
ISDN lines.
In the event of failure, fallback processors and links are in place.
COMMERCIAL IN CONFIDENCE Page 47 of 91
WITN04600102
WITNo4600102
ICL Horizow System Audit Manuel, Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
8 ICL Pathway Commercial Systemy
8.1 Service Level Contract Administration
8.1.1 Overview
SLCA, and its associated reporting system Service Level Agreement Monitoring
(SLAM) are used to compare the performance of the Horizon system against a
number of measures established in the contract Schedule Bo3. It does this by
taking information feeds from the Data Warehouse (DW) and running these
against special formulae, again established in the contract. SLAM is used to
report the outcome of these calculations to the Horizon Service Management
Group, a Pathway/POCL committee.
8.1.2 Schematic
The following diagram shows the main data flows within SLCA.
COMMERCIAL IN CONFIDENCE Page 48 of 91
ICL
Pothway
(CSR+)
Horizow System Audit Manuel
wi
Ref: IA/MAN/oo5
Version: 1.0
Date: 20/12/00
WITN04600102
ITN04600102
rrstaveds: I] I] once es rone siete HDT sana
=
comes
station
on
=
lamant8.ins
COMMERCIAL IN CONFIDENCE
Page 49 of ot
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
8.1.3 Data Input Streamy
Transaction Data (Automatic Feed)
Transaction timing data is taken by the TPS Harvester.
Helpdesk timings are taken from the Horizon Helpdesk.
File delivery times are taken from LFS, OBCS and APS.
Reference Data delivery times are taken from the RDMC.
All the above are held as Oracle tables within the DW.
Transaction Data (Manual Feed)
There are a number of manual data feeds into SLCA, all of which result in
Oracle tables within the DW, eg. Achievement of Rollout, achievement of
Training.
Standing Data
SLA parameters (as defined by the contract) are held as Oracle tables within the
DW.
Mathematical formulae used to calculate achievement (as defined in the
contract) are held as Oracle tables within the DW.
8.1.4 Changes to Standing Data
Changes to the SLA Parameters and mathematical formulae are allowed via an
Administration Facility within the SLCA system. Physical access to this facility
is strictly controlled and password controls are used to control logical access.
Changes to the parameters and/or formulae require pre-authorisation through
the Change Control process before they can be applied. A CCN number must
exist for each change.
Records of changes to Standing Data, including Contract, Contract SLA,
Performance Measure and Liquidated Damages are maintained in an
AUDIT_DETAILS table within the Oracle database :-
e For each field in the Contract table created, amended or deleted a record of
the change.
¢ For each field in the Contract SLA table created, amended or deleted a
record of the change.
e For each field in the Performance Measures table created, amended or
deleted a record of the change.
¢ For each field in the Liquidated Damages table created, amended or deleted
a record of the change.
COMMERCIAL IN CONFIDENCE Page 50 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
8.1.5 Data Output Streamy
Data output from the various calculations are passed to Service Level
Agreement Monitor (SLAM) where they are converted into graphs and
histograms for presentation to interested groups among them the
POCL/Pathway Service Management Group. SLAM is a passive system insofar
that it does not carry out any processing other than to transform tables of
numbers into graphical representations.
Remedy Calculations are generated by SLCA for subsequent application during
the quarterly invoicing cycle within the Common Charging System. These
values are held as Oracle tables within the DW.
8.1.6 Data Retention Requirementy
Requirement 697 calls for this data to be retained for 7 years.
This data is not archived onto the audit archive DLTs.
COMMERCIAL IN CONFIDENCE Page 51 of 91
WITN04600102
WITN04600102
ICL Horizow Sytem Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
9 Operational Audit Data
This section deals with the generation of audit data that is of interest to the
community of auditors.
9.1 Audit Track Content And Maintenance
A logical description of the audit tracks established within Horizon can be
found in the Audit Trail Functional Specification [1]. The physical manifestation
of the audit tracks is the production of various files, transfer control files,
archived database tables and the host databases themselves, some of which are
archived to the Audit Archive, some of which are maintained as live databases
subject to regular backup.
The following sections identify, for each Horizon service, the physical
representation of the audit tracks described in [1]. A more complete description
can be found in the Audit Data Catalogue [6].
9.2 Audit Date Retention Policy
9.2.1 Operational Servicey Audit Data
Audit data relating to the Operational Services described in this manual is
retained for not less than 18 months.
9.2.2 Operational Support Servicey Audit Data
Audit data relating to RED Case Histories is retained for 18 months.
Audit data relating to RED Outputs is retained for 7 years
Audit data relating to RDMC is retained for 18 months.
9.2.3 Commercial Systemy Audit Data
Audit data relating to the Commercial Systems described in this manual is
retained for 7 years.
COMMERCIAL IN CONFIDENCE Page 52 of o1
ICL
WITN04600102
WITNO4600102
Horizow Systew Audit Manual Ref: IA/MAN/oo5
Pathwoy
Version: 1.0
(CSR+) Date: 20/12/00
9.3 Order Book Control Service
ESNS i.
‘Customer References
{Al I ORCS Host (Bg I "Controi Notices
Book Order Totals
[B]
‘O8GS Agent
Comespondence FIND tts sou
Servers
iaman.29a
IOP Transaction
OBCS Host >
Outward file containing details of all Order Book
Tal
File ESNS transactions made at PO Counters.
Exceptions File OBCS Host > Outward file containing details of exceptions
ESNS found when validating Control Output Files
received from DSS. File sent even when empty.
IOP Control ESNS > OBCS I Inward file containing details of transactions to
Output File Host support Order Book encashments.
Audit Control File I ESNS>OBCS I Inward file containing details of files transferred
Host in across the interface.
[B] I TMS_TX_LOCAL_S I OBCS Host > Contains details of stops received from ESNS for
TOPS TMS customers that OBCS knows about.
arc-excptns OBCS Contains details of exceptions that have
database occurred during the database archiving
tables processes.
auds The generic Oracle audit trails table.
IN]
Riposte messages
TMS Journal
All messages written to the Correspondence
COMMERCIAL IN CONFIDENCE
Page 53 of 91
ICL
Pothway
Horizow System Audit Manuel
(CSR+)
WITN04600102
WITNO4600102
Ref: IA/MAN/oo5
Version: 1.0
Date: 20/12/00
I server.
COMMERCIAL IN CONFIDENCE
Page 54 of 91
WITN04600102
WITNO4600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pothway (CSR+) Date: 20/12/00
9.4 Automated Payments Service
HAPS: AP Clients
q
RODS Host APS Host
4
APR Host. APS Agent
A
Coreen denee [IN] aus ese
laman27d
[K] I Transaction File
Automated Payments transactions from APS.
APS Host >
HAPS back to HAPS.
TXN Control File APS Host > HAPS transactions control file indication files
HAPS sent by APS.
FTMS Control Files I APS Host > Contains FTMS details of files to be sent to
HAPS HAPS
FTMS APS Host > Contains the FTMS acknowledgement from the
Acknowledgement I HAPS remote end of link for files sent.
File
Errors File HAPS > AP Errors relating to HAPS Transaction File.
Host
Confirmation File HAPS > AP Confirmation file that a transmitted file has
Host passed validation.
FTMS Control Files I HAPS > AP Contains FTMS details of files transferred from
Host HAPS
COMMERCIAL IN CONFIDENCE
Page 55 of 91
ICL
Horizow Systew Audit Manual
Pathwoy
(CSR+)
Ref:
Version:
Date:
WITN04600102
WITN04600102
IA/MAN/o05
1.0
20/12/00
{L]
AP transaction files
transferred between
APS Host and AP
Clients
APS Host > AP I Variable depending on agreement between AP
Client Client and Pathway.
COMMERCIAL IN CONFIDENCE
Page 56 of o1
WITN04600102
WITNO4600102
ICL Horizon System Audit Manuel Ref: TA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
4.5 Logisticy Feeder Service
[LFS] Planned Orders
SAPADS fit we LFSHost =I Pouch Details
Cash & Stock Statements
LFSS Agent
Comespondence J INT rats Journat
Severs
iaman-22a
Planned Orders SAPADS > LFS I Inward file containing details of Planned Orders
File Host for Outlets.
Advice Notices File I SAPADS > LFS I Inward file containing details of Advice Notices
Host for Outlets.
Daily Cash LFS Host > Outward file containing daily Cash Statements
Statement File SAPDS from Outlets
Weekly Stock LFS Host > Outward file containing weekly Stock Statements
Statement File SAPADS from Outlets
Pouch Delivery File I LFS Host > Outward file containing details of Pouches
SAPDS delivered to Outlets from SAPADS
Pouch Collection LFS Host > Outward file containing details of Pouches
Files SAPADS collected from Outlets to SAPADS
Rejected Planned LFS Host > Outward file containing details of Planned
Orders File SAPADS Orders files that have failed validation rules at
LFS Host.
Rejected Advice LFS Host > Outward file containing details of Advice Notice
Notices File SAPADS files that have failed validation rules at LFS Host.
Rejected Pouch LFS Host > Outward file containing details of Pouch Delivery
Delivery Files SAPADS files that have failed validation rules at LFS Host.
Audit Control File I SAPADS > LFS I Inward file containing details of files transferred
Host in across the interface.
COMMERCIAL IN CONFIDENCE Page 57 of o1
ICL
Pathwoy
WITN04600102
WITN04600102
Horizow Systew Audit Manual Ref: IA/MAN/oo5
Version: 1.0
(CSR+) Date: 20/12/00
IN]
ste messages
TMS Journal
All messages written to the Correspondence
server.
COMMERCIAL IN CONFIDENCE
Page 58 of 91
ICL
Pathwoy
Horizow Systew Audit Manual
(CSR+)
Ref:
Version:
Date:
1.0
WITN04600102
WITNO4600102
IA/MAN/o05,
20/12/00
9.6 Date Warehouse/MIS
Horizon Help
Desk
Ita)
y
Help Desk
PASICMS Host “sis
Data Warehouse
ae RDDS Host
[R]
y
Internal Audit
Data
iaman-290
[R] I Internal Audit MIS Note that MIS has its own archiving system at
Files NR2 and is specifically excluded from the
operational audit archive.
[x] I Mitel Cail Log Mitel > MIS I Contains all Mitel call log details for that day
Control File Mitel > MIS I Control file containing details of transmitted
files.
Lock File Mitel > MIS I Lock file indicating that file transmission is
complete.
FTMS Control File I Mitel> MIS I Control Files for files transferred from Mitel.
BT Call Log BT > MIS Contains all BT calll log details for that day
Control File BT > MIS Control file containing details of transmitted
files.
Lock File BT > MIS Lock file indicating that file transmission is
complete.
FTMS Control File I BT > MIS Control Files for files transferred from BT.
HSH Call Log HSH>MIS I Contains all HSH call log details for that day
COMMERCIAL IN CONFIDENCE
Page 59 of 91
WITN04600102
WITN04600102
ICL Horizow System Audit Manuel Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
Control File HSH > MIS Control file containing details of transmitted
files.
COMMERCIAL IN CONFIDENCE Page 60 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo05
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
[x]
Lock File
HSH > MIS
Lock file indicating that file transmission is
complete.
FTMS Control File
HSH > MIS
Control Files for files transferred from HSH.
COMMERCIAL IN CONFIDENCE
Page 61 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
9.7 Transaction Processing
mie
1]
rome Host PIP) tps tost lg I rons Host
ne I
TPS Agent ‘APR Host
IN] ‘Correspondence
‘TMS Jounal Faq———_4 —__
Server
laman-226
Descript
Dl I Transaction File I TPSHost > I TIP transactions in multi structured subfiles
TIP
FTMS Control Files I TPS Host > Contains FTMS details of files to be sent to TIP.
TIP
FTMS TPS Host > Contains the FTMS acknowledgement from the
Acknowledgement I TIP remote end of link for files sent.
File
Errors Details File TIP > TPS Errors relating to TIP Transaction File.
Host
Erroneous Data File I TIP > TPS File which was found to contain errors returned
Host together with the error details file.
FTMS Control Files I TIP > TPS Contains FTMS details of files transferred from
Host TIP
COMMERCIAL IN CONFIDENCE Page 62 of 91
WITN04600102
WITN04600102
ICL Horizow Systew Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
[P] I This is the audit There is no data archived from the RDMC
point for data database at NR2 and thus any audit information
transformation required will be available from the online
within the RDMC service.
database.
[N] I Riposte messages TMS Journal All messages written to the Correspondence
server.
COMMERCIAL IN CONFIDENCE Page 63 of 91
ICL Hori sy A it M. L Ref: IA/MAN/oos,
wo ° Version: 1.0
Pathway (CSR+) Date: 20/12/00
9.8 Reference Date
POGCL RDS
4
[M]
y
RDMC Host }_[P]_ TPS Host
y
Dts Warnes Lag RODS Host >I APR Host
y
RDMC Agent APS Host
Ponesponene IN ais souinat
laman-29f
POCL Reference
RDMC Host
> I Errors associated with the POCL supplied
[M]
Data Errors File POCL RDS Reference Data.
POCL Reference RDMC Host > _ I Errors associated with the POCL supplied
Data Statistics File I POCL RDS Reference Data.
FTMS Control Files I RDMC Host > I Contains FTMS details of files to be sent to
POCL RDS RDMC Host from POCL.
FTMS RDMC Host > I Contains the FTMS acknowledgement from the
Acknowledgement POCL RDS remote end of link for files sent.
File
POCL Reference POCL RDS > POCL supplied Class ‘A’ Reference Data as
Data File RDMC Host defined in BP/IFS/007.
FTMS Control Files I POCL RDS > Contains FTMS details of files to be sent to
RDMC Host RDMC Host from POCL.
COMMERCIAL IN CONFIDENCE Page 64 of o1
WITN04600102
WITNO4600102
WITN04600102
WITN04600102
ICL Horizow Systew Audit Manual Ref: IA/MAN/oo5
Pathwoy
Version: 1.0
(CSR+) Date: 20/12/00
Mapping Load
Statistics File
[M] I EPOSS Reference RDMC EPOSS Reference Data defined as Class ‘C’ in
Data File RD/IFS/ou.
Co
nt’
d
EPOSS Load Error RDMC EPOSS Reference Data errors associated with a
File Load File.
EPOSS Load RDMC EPOSS Reference Data statistics associated with
Statistics File a Load File.
Roll-Out Reference I RDMC Roll-Out Reference Data stating outlets
Data File activated as defined in RD/IFS/o15.
Roll-Out Load Error I RDMC Roll-Out Reference Data errors associated with a
File Load File.
Roll-Out Load RDMC Roll-Out Reference Data statistics associated
Statistics File with a Load File.
Scales Reference RDMC Scales Reference Data stating outlets activated as
Data File defined in RD/IFS/o14.
Scales Load Error RDMC Scales Reference Data errors associated with a
File Load File.
Scales Load RDMC Scales Reference Data statistics associated with a
Statistics File Load File.
Additional Products I RDMC Additional Products Reference Data stating
Reference Data File outlets activated as defined in RD/IFS/o15.
Additional Products I RDMC Additional Products Reference Data errors
Load Error File associated with a Load File.
Additional Products I RDMC Additional Products Reference Data statistics
Load Statistics File associated with a Load File.
Cash Account RDMC Cash Account Mapping Reference Data stating
Mapping Reference outlets activated defined as Class ‘B’ in
Data File RD/IFS/o12.
Cash Account RDMC Cash Account Mapping Reference Data errors
Mapping Load Error associated with a Load File.
File
Cash Account RDMC Cash Account Mapping Reference Data statistics
associated with a Load File.
[P] I This is the audit
point for data
transformation
There is no data archived from the RDMC
database at NR2 and thus any audit information
required will be available from the online
COMMERCIAL IN CONFIDENCE
Page 65 of o1
WITN04600102
WITNo4600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
within the RDMC service.
database.
All messages written to the Correspondence
server.
[N] I Riposte messages : TMS Journal
COMMERCIAL IN CONFIDENCE Page 66 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10 Operational Audit Data Archive Server
10.1 Overview-
Audit data generated at various points in the Horizon solution is gathered
periodically and placed on DLT for long term storage. Files containing audit
data are generated by the various applications and systems and are placed into
special directories established for audit purposes. These are periodically polled
by the Audit Track Gatherer and the files drawn down into the audit archive
server and placed on DLT.
The Archive Server can be decomposed to show its component parts and a brief
description of how they function. Figure 4 shows the basic componentry and
Figures 5 and 6 the data flows that take place between them for archiving and
retrieving audit data respectively.
es
Audit Track I Audit Track I Audit Track I Audit Track —
Gatherer Deleter Sealer Hoarder Com y
Audit Track Audit Track Audit Archive
Extractor Retriever DLT Tapes
Retrieved
Data
Figure 4 : Componentry of the Audit Archive Server
COMMERCIAL IN CONFIDENCE Page 67 of 91
WITN04600102
WITN04600102
ICL Horizow Systew Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10.2 Archiving and Storing Audit Data
10.2.1 Overview
Essentially the activity here is to Gather all audit data files that have been
placed into the appropriate directories, calculate a checksum seal value for each
file (establishing a data integrity control) and placing the sealed file onto a DLT
for storage.
COMMERCIAL IN CONFIDENCE Page 68 of 91
ICL
Pathway
Horizow System Audit Manuel
(CSR+)
Ref:
Version:
Date:
TA/MAN/oo5
1.0
20/12/00
WITN04600102
WITN04600102
COMMERCIAL IN CONFIDENCE
Page 69 of 9
WITN04600102
WITN04600102
ICL Horizo System Audit Ma al Ref: IA/MAN/oo5,
Version: 1.0
ate: 20/12/00
SR+ Dati /12/
Applications Audit Archive & Storage
Gah
Gatherer AUDIT
‘Audit File Directory J DELETER
Tyr
fa) aupiT
Audit File [PI caTHERERS
TMS
E J Gatherer ) AubIT aubiT I =
Audit File Directory [II caTHeRERS AUDIT SEALER II HoARDER Pls
i Tt N-INS:
fa) aupit — = =
Audit File [PI caTHERERS Seal DB 2 o
N-TMS(W) N-TMS(B)
N-TNS(W)
Audit File
3
3
COMMERCIAL IN CONFIDENCE
Page 70 of o1
ICL
Pathway
Horizow System Audit Manuel Ref: IA/MAN/oos
Version: 1.0
(CSR+) Date: 20/12/00
WITN04600102
WITN04600102
Figure 5 : Data Flow - Audit Data Archive & Storage
COMMERCIAL IN CONFIDENCE
Page 71 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10.2.2 Audit Track Gatherer
Gathers Audit Tracks that have been generated within Horizon. The majority of
these tracks are created on different platforms and are gathered onto temporary
disk storage on the Archive Server.
Gathering is implemented using Windows NT remote disk access facilities for
Correspondence Server, Tivoli Object Database and External Gateway Audit
Tracks. NFS is used to collect files from Unix systems in particular the database
applications, e.g. OBCS. The Audit Tracks are gathered at regular intervals. The
Scheduling of the transfers varies with the type of Audit Point and the locations
from which the tracks are gathered and is controlled via the Maestro scheduling
facilities of Horizon.
Multiple instances of the Audit Track Gatherer can be configured on a single
Archive Server.
10.2.3 Audit Track Sealer
Before Audit Tracks are hoarded a seal is calculated for the file. The seal is
stored on the Archive Server in a database which links the seal to the file.
When an Audit Track is retrieved its seal is recalculated and checked against
the value in the database.
10.2.4. Audit Track Hoorder
Transfers Audit Tracks from the Disk Storage on the Archive Server onto long
term storage media (DLT tapes). This component is implemented using the
Legato NetWorker product.
10.2.5 Audit Track Deleter
The Audit Track Deleter is responsible for the deletion of Audit Tracks from the
machines on which they were generated after they have been gathered. The
point in the processing of an Audit Track (by the Archive Server) at which the
original copy of each gathered file is deleted is configurable. Audit Track
Deletion takes place between the completion of Audit Track Gathering and
some (configurable) time after the completion of Audit Track Hoarding for any
particular Audit Track file.
The Audit Track Deleter is also responsible for regularly producing a list of files
processed by the Archive Server.
COMMERCIAL IN CONFIDENCE Page 72 of o1
WITN04600102
WITN04600102
ICL Horizow System Audit Manuel Ref: 1A/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10.3 Retrieving and Extracting Audit Data
LEGATO AUDIT SERVER AUDIT WORKSTATION
<< jew Cred] om
Seal ath ,
won sean Ts uma f=}
REFORMATTER
Tyr (Full)
—<—_ Y
RETRIEVER Extracted AT uriuity Oo
moron pow oriee
Ineral Avot
ORACLE
TASLE tee cicoverer
REBULO veo
TMs al)
OPERATONAL ENVIRONMENT WoT ExmacTOR
Te database
etrleve
haves
LEGATO TAPE] Identity LEGATO USER) Identity & Maik COUNTER Request For
CONTROL Tapes INTERFACE II“ ——Requied Fes DETERMINANT I [@— "Pathway panne
interal velt
COMMERCIAL IN CONFIDENCE
Interpret RFI to
Audit Points &
Filles
Page 73 of 1
ICL
Pathway
Horizow System Audit Manuel Ref: IA/MAN/oos
Version: 1.0
(CSR+) Date: 20/12/00
WITN04600102
WITN04600102
Figure 6 : Data Flows - Audit Data Retrieval & Extraction
COMMERCIAL IN CONFIDENCE
Page 74 of 1
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10.3.1 Overvie
w
This is where audit data is retrieved from the DLT, based on Request(s) For
Information made by Post Office Internal Audit, and presented for further
extraction or placed on CD-ROM or other suitable media for despatch to the
RFI originator.
The following paragraphs are ordered to reflect the actual processing of a
Request For Information (RFI) by ICL Pathway Internal Audit.
Detailed procedures controlling this activity can be found in Conducting Audit
Data Extractions at CSR+ [9].
10.3.2 Request For Information
POIA will request audit data via Request For Information form (RFI). This will
contain a description, in business terms, of the times, outlets, events, items and
activities that the Auditors are interested in. This request has to be interpreted
by Pathway Internal Audit and mapped onto the Audit Points and Files
described earlier in this manual.
10.3.3 Marking Filey and Tapes
Based on this interpretation as many files of audit data that are needed to
satisfy the request are ‘marked’ for retrieval. Legato is notified of these files and
it in turn identifies the DLTs containing these files. Legato provides system
prompts for Operators to load tapes and it copies the data into a local buffer
area.
10.3.4 Audit Track Retriever
Polls the Legato buffer area and retrieves any data files found into temporary
disk storage (Export File) on the Archive Server prior to the extraction of
relevant data for use by the auditors. The Retriever provides a second copy of
the file which is input to the Check Seal function.
10.3.5 Audit Dota Check Seal
To assure the integrity of the audit data while on the DLT the checksum seal for
the file is re-calculated by the Audit Track Sealer (10.2.3) and compared to the
original value calculated when the file was originally written to the DLT. The
result is maintained in a Check Seal Table.
COMMERCIAL IN CONFIDENCE Page 75 of o1
WITN04600102
WITNo4600102
ICL Horizow System Audit Manuel, Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10.3.6 Audit Trail Extractor
This is a ‘catch all’ facility that uses various tools to extract or reform the
retrieved audit data in accordance with the RFI. It also places the information
onto a CD-ROM, or other suitable media, for despatch to the RFI originator.
COMMERCIAL IN CONFIDENCE Page 76 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
10.4 Archived Audit Date Usage
The audit data maintained in the audit archive can be used for a number of
purposes :
¢ Proving processing integrity.
¢ Supporting or substantiating investigations.
¢ ‘Bulk’ extraction.
10.4.1 Proving Integrity of Processing
To prove the integrity of a process during a regular System Audit. Data that is
available on the day(s) that the audit takes place can be used and may be taken
from the archive or direct from the system. Audits of this type are likely to be
run or led by Pathway Internal Audit.
10.4.2 Investigation Support
The term ‘investigation’ is used in its broadest sense and does not limit itself to
fraud. Any RFI is likely to be associated with a specific business event, eg. An
encashment, a bill payment, an outlet, a beneficiary. It is anticipated that the
majority of this type will be based on the TMS Journal, or will use it as a start
point. See section [11.2] for details of how to raise an RFI.
10.4.3 Bulk Extraction
Although the term ‘bulk extraction’ is used, the amount of audit data retrieved
may be relatively small. However, the underlying principle is that a chunk of
data will be extracted from the archive and despatched to the requester for
their further analysis. It is anticipated that the majority of this type will be
based on the TMS Journal although POIA may also request information from
other files (OBCS, etc). See section [11.2] for details of how to raise an RFI.
COMMERCIAL IN CONFIDENCE Page 77 of o1
WITN04600102
WITNO4600102
ICL Horizon System Audit Manual Ref: TA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
11 Obtaining Access to Operational Audit Date
Requirement 699.
11.1 Access Control Policy
The access to, and availability of, audit data is dependent on which audit role
requires it :
e ICL Pathway Auditor.
¢ POCL Auditor.
e POCL Emergency Manager.
e POCL <Client> Auditor.
e Authority’s Agents.
11.1.1 ICL Pathway’y Internal Auditory
ICL Pathway’s auditors, who will be based at the ICL Pathway Headquarters in
Feltham, can access the ICL Pathway datacentres, at Wigan and Bootle, via
secured links. They can also operate out of the Datacentres where this is more
convenient or appropriate.
When routed to a particular campus, the auditor will only be permitted to
access files at that site.
Access to Riposte Journals at the ICL Pathway central sites will avoid the need
to access the journals held at the Post Office outlets.
11.1.2 Post Office Auditory
POCL and POCL <Client> Audit functions will have access to:
e POCL SIS audit track (selective),
e POCL Client audit track (selective), and
e the Systems Management track.
Although classed as a single Audit role Post Office Auditors fall into two
categories, Post Office Network Auditors and Post Office Internal Auditors.
Network Auditors require access to audit trail information at the local sites.
This will account for the bulk of the day-to-day audit activity undertaken by a
large team of experienced auditors. Internal Auditors will usually satisfy their
audit trail information needs through Requests For Information made to the
Pathway Audit function.
COMMERCIAL IN CONFIDENCE Page 78 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
Access to POCL audit trails, particularly the TMS Journal, is seen as a strict
POCL preserve. If any third parties require access to it, for evidential purposes
or fraud investigation, then the access will be via POST OFFICE INTERNAL
AUDIT.
Local Access
Network Auditors will use the same reporting functionality as provided to
support the Electronic Point Of Sale Service (EPOSS). This entails production of
various standard reports which the auditor may use instead of the local Post
Office Manager.
In addition to the standard EPOSS reports, Network Auditors have access to a
suite of special reports and logs available to them via a special authentication
process including a one-shot password.
The “events” of interest will be non-transactional activities which have ongoing
significance, including:
e user log-on/off,
¢ stock unit allocations/transfers/remittances,
e unauthorised access attempts, and
¢ change of access permissions.
Central Access
In exceptional cases, Network Auditors may require access to this information
held centrally via the audit archive. This would apply:
¢ following equipment loss or damage at the local outlet,
e where an operational system is not expected to be re-established during the
day of the auditor's visit, and
if it is necessary to view an historical record.
Network Auditors will not be allowed direct access to information outside the
POCL OPS domain and any information needed will be supplied to them by the
Internal Auditors who will themselves obtain it via the ICL Pathway Auditors.
11.1.3 POCL Emergency Manager
In exceptional circumstances, the Post Office Manager:
e may not be available (as a result of death or injury), or
¢ may not provide co-operation (when under fraud investigation).
COMMERCIAL IN CONFIDENCE Page 79 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
In such cases, an auditor may need to reassign roles to new users and reset
access permissions following transfer of business from one Post Office Manager
to another.
The POCL Emergency Manager role can be used by selected PO Auditors when
they require additional capabilities in the absence of a Post Office Manager. It
provides the normal auditor functions plus the Post office Manager functions,
including user administration.
The POCL Emergency Manager may delete and create a Post Office Manager
Role and produce a cash account for a broken period.
11.1.4 POCL <Client> Auditory
There is no direct access to the system by POCL <Client> Auditors. Post Office
and ICL Pathway’s Auditors will access the system on their behalf and provide
all necessary information that the POCL <Client> Auditors are permitted to see.
They are expected to operate through the PO Internal Auditors.
11.1.5 Authority’s Agenty
Schedule Ao3 identifies other parties that may be granted audit rights to
Pathway and/or the Horizon system. They are :
e External auditors of the Authority.
¢ Other authorised agents.
e Successor organisations to those identified above.
Access by any of these organisations must be co-ordinated in the first instance
by the Authority for whom the Agent is operating and the requirements of the
JWF should, where possible, be observed.
11.1.6 One Shot Passwords
One Shot Passwords (OSP) are transacted through the Horizon System
Helpdesk (HSH) and are available to POCL Post Masters, selected Retail
Network Managers and Network Auditors. Each request for an OSP will result
in a verification dialogue with the HSH and, potentially a Service Management
Centre supervisor.
Details of the OSP can be found in the document ‘Authentication of User for
Release of One Shot Password by Horizon System Helpdesk’, reference
PCL/BSM/SEC/oo1 v1.2 dated 09/12/99.
COMMERCIAL IN CONFIDENCE Page 80 of 91
WITN04600102
WITNo4600102
ICL Horizow System Audit Manuel, Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
11.2 Requesting Audit Date Extractiony
11.2.2 Pre - Requisitey
Post Office Internal Audit will be expected to identify Auditors who are
authorised to raise an RFI. It is not anticipated that this list will exceed two
names,
It is the responsibility of Post Office Internal Audit to notify Pathway Internal
Audit of any changes to this list.
COMMERCIAL IN CONFIDENCE Page 81 of o1
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
11.2.2 Requesting Audit Data
All requests for audit data extractions must come to Pathway Internal Audit in
the form of a Request For Information. This is a free format request but must
contain a minimum of the following :
a. Originator identity (name, address, contact ‘phone)
b. Priority; Urgent (<48hours); Routine (<5 days); Other (Specify)
c Enquiry reference if standard enquiry. Plus any allowable variables
within the standard enquiry.
d. Search details if not standard enquiry.
COMMERCIAL IN CONFIDENCE Page 82 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
12 Commercial Audit Records (R697)
Requirement 697 Criteria 1:
The CONTRACTOR and his sub-contractors shall keep or cause to be kept
Records (including financial records) of all Services, covering materials and
Services provided, timesheet records, contracts let to sub-contractors and
Charges levied to the AUTHORITIES. These Records shall not be more detailed
than those held by the CONTRACTOR for its own audit purposes.
12.1 Included Itemy
12.1.1 Invoicing Recordy
System Overview
Although the generation of an Invoice is a manual activity, and the core Invoice
values and frequencies are determined by the Contract between POCL and ICL
Pathway, there are a number of variable elements that are applied to each
Invoice :
e Transaction volumes where the actual transaction count is compared to a
benchmark value and an adjustment factor calculated.
¢ Outlet availability during the Invoice period.
e Numbers of outlets actually rolled-out during NRO compared to original
target.
¢ Liquidated damages arising from failures to achieve SLA commitments.
The Contract also allows for RPI adjustments.
Interim, or ad-hoc, invoices can be generated at any time although these do not
become committed and are used for internal reporting purposes only.
COMMERCIAL IN CONFIDENCE Page 83 of 91
WITN04600102
WITN04600102
ICL Horizow Sytem Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
Schematic
The following diagram shows the main data flows within the Invoicing process.
Raa
Esienal
ene
Data
Warehouse
Transaction Manual Debit
Volume & Credit
Report Ba ee Instructions
SLALighidated RP Volvos
ssiapiant Adjustments Volufres
y
Generate Invoice
(Manual)
Payment
Contract ‘Schedules
laman-t7.ins
Doata- Input Streamy
Transaction Data
Transaction volume data taken by the TPS Harvester.
Qutlet Data
Outlet availability data. (NB Source of this data not yet finalised).
Count of Outlets rolled-out taken from Roll-out database.
COMMERCIAL IN CONFIDENCE Page 84 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
Contractual Data
Capital sum payments during National Roll-out. Based on the later of a pre-
defined date or cummulative number of Post Offices rolled out.
Operating fees during operating period. Monthly fee subject to Transaction and
Availability factors.
Transaction Component factor. A 7% factor based on actual transactions made
compared to an agreed benchmark value.
Outlet Cost Component factor. A 32% factor based on the availability of outlets
during the Invoicing period.
Manual Data
Debit Instructions from BIMS.
Credit Instructions from BIMS.
These are manual notifications that are applied to the Invoice during its
production cycle. (There are, currently, no identified occurrence that might
cause a BIMS Instruction to be raised but it is included for completeness.)
Chongey to Contractual Data
Changes to any element of the Contractual data can only be achieved through
formal negotiation between the two parties.
Output Stream
The invoicing suite of documents consists of the following :
a. Capital Payment Invoice
b. Operating Fee Invoice
c Advice Note for OFT.
d. Credit Note for service credits.
e. General Invoice for ad-hoc supply of goods and services.
f. RPI Adjustment Tracking Schedule.
Dato Retention Requirementy
Requirement 697 calls for these records and data to be retained for 7 years.
12.4.2 Change Control Documentation
Change Control is an agreed process through which changes to the Horizon are
defined, notified, impacted and costed, authorised and controlled.
COMMERCIAL IN CONFIDENCE Page 85 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
Documents that are output from the process and which represent the audit trail
of proposed changes and their outcome are :
Change Request : used by POCL to request changes of Pathway.
Change Proposals : used by Pathway to progress the change through
the Change Control process.
Change Control Note : used by Pathway to request approval for a
change from the POCL.
Supplier Change Request : used by Suppliers to request changes to their
services to Pathway.
CCB Meeting Minutes: _ used to record the outcome of Change Control
Boards where individual Change Proposals are
reviewed.
Retention : Contract life or seven years whichever is the greater.
12.1.3 Special Ayistonce Invoicey
Schedule Ao3 of the Codified Agreements enables Pathway to charge the POCL
for costs incurred in assisting POCL with audit activity following contract
termination. Records relating to time spent and expenses will be maintained on
a case by case basis.
Retention : Contract life or seven years whichever is the greater.
12.1.4 Development Activity Invoicey
Where Fixed Price contracts are entered into on the basis of estimates
documented in Change Control Notes (CCN) or elsewhere then the CCN under
which the work is authorised forms the commercial record. Where work is
conducted on a Time and Material basis records relating to time spent on that
work will be maintained. Note that that this element includes studies
undertaken as part of the Change Control process.
Retention : Contract life or seven years whichever is the greater.
12.1.5 Contracts with Sub-Contractory
Access is limited to contractual and service related arrangements.
Retention : Contract life or seven years whichever is the greater.
COMMERCIAL IN CONFIDENCE Page 86 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathwoy (CSR+) Date: 20/12/00
12.2 Excluded itemy
The following items are outside the scope of ‘Records’ as defined in R697 :
Financial arrangements with Pathway sub-contractors.
Financial and employment arrangements with Pathway employees, both
direct and contract.
G The ICL Pathway Business Case.
d. General accounting information including funding.
e Reports from and to ICL Group or Fujitsu.
There may be other documents or records that are subsequently added to this
list.
12.3 Caveoty
There are two caveats that apply to the above lists :
a. Special access to records not identified as ‘included’ may be granted on a
case by case basis, subject to request and approval at the appropriate
level.
b. The scope of access to records identified as ‘included’ must be agreed as
part of agreeing Terms of Reference for an audit as described in the Joint
Working Framework.
It is possible that records and/or documents will be identified during an audit
that were not included in the original Terms of Reference. Pathway Internal
Audit will facilitate the release of these records and/or documents through the
appropriate channels subject to the records not being on the ‘Excluded’ list.
COMMERCIAL IN CONFIDENCE Page 87 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
13 Obtaining Access to Commercial Audit Data &
Records
Requirement 697.
13.1 Accesy Control Policy
Access to audit data defined as ‘Commercial’ under Requirement 697 is limited
to that data which forms part of those Pathway systems of direct interest and
relevance to POCL. These are currently the Common Charging System, Service
Level Contract Administration and Service Level Agreement Monitor.
Access to non-IT records that contribute to the Commercial audit trail will only
be available during audits conducted in accordance with the Joint Working
Framework. Access will be restricted to those records that are germane to the
provision of Services under the contract.
It is not anticipated that Post Office Internal Audit will request Commercial
audit data extractions in isolation but will seek to conduct joint audits with
Pathway Internal Audit into this aspect of the Horizon business. Joint audits
should be conducted in accordance with the Joint Working Framework.
COMMERCIAL IN CONFIDENCE Page 88 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
14 Conducting Joint Audity
14.1 General
Requirement 697 provides for access to ICL Pathway’s premises, facilities,
Services, documentation, information, staff, procedures, timesheets and other
data in those areas that are directly involved with the operation of POCL
Services and associated systems, by auditors from the Post Office or their
representatives. Other external auditors, including POCL<Client> auditors, are
expected to deal with Pathway via PO Internal Audit respectively.
From ICL Pathway’s perspective the term Joint Working applies to all levels of
involvement from members of a fully integrated audit team to merely hosting
external auditors and facilitating visits to ICL Pathway locations. It also covers
audits that may be undertaken into Commercial or Operational activities.
Each audit organisation will operate to its own detailed audit processes and
standards within a framework that enables joint agreement on planned audits,
terms of reference for audits and the sharing of audit reports and results.
14.2 Joint Working Framework
The Schedules Ao3 establish the contractual framework for the conduct of
audits by the Authority or their Agents. The JWF provides a working
interpretation of the Schedules but does not superceeded or make redundant
any part of them as a result.
14.2.1 Planning
Joint audits can be planned or unplanned although the majority are expected to
be planned. Where PO Internal Audit anticipate conducting audits within
Pathway they would normally build them into their respective Audit Plans and
notify Pathway Internal Audit.
Similarly, where the ICL Pathway Audit Plan identifies an area where
complementary audits by the Post Office could improve the value of the audit
they will be encouraged to support the Pathway activity with resource managed
either by ICL Pathway or by themselves.
Accepting that some audits may be unplanned every effort must be given to
providing adequate notice, say 3 months, of an impending visit.
COMMERCIAL IN CONFIDENCE Page 89 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
14.2.2 Termy of Reference
Whether planned or unplanned Terms of Reference must be established for any
Joint or External Audits and agreed by all parties. The ToRs may be supported
by detailed schedules to be agreed nearer to the start date of the audit. The
Terms of Reference should contain at least the following information :
e Scope of work to be undertaken.
e Proposed dates for the audit and initial schedule.
e Proposed resources for the audit.
¢ Details of any site visits to be undertaken as part of the audit.
e Reporting arrangements for the audit.
Once agreed the Terms of Reference should be shared and agreed with the
auditee.
14.2.5 Detailed Audit Scheduley
Depending on the nature and scope of the proposed audit it may be necessary
to establish and agree Detailed Audit Schedules. Again these should be shared
with the auditee, especially if the scope of the audit is in any way restricted or
special arrangements for site visits and personnel interviews have to be made.
14.2.4 Resourcey
It is anticipated that adequate resources will be provided to conduct the audit.
Where an audit crosses domain boundaries, eg. if an end-to-end audit of an
Horizon service was being conducted, Post Office or Pathway resources will be
allocated to specific tasks within their own area to protect commercial
sensitivity.
14.2.5 Reporting Arrangementy
There is likely to be sensitivity over the reporting arrangements, especially the
extent to which audit reports and findings are disseminated within
organisations. To avoid difficulty it is imperative that agreement on this subject
is reached during the establishment of the Terms of Reference and has the full
support of the auditee.
14.2.6 Corrective Actions Review”
After an agreed period, established in Ao3 as 30 days, a Corrective Action Plan
will be established identifying how instances of non-compliance will be
rectified and how audit recommendations will be addressed. The CAP will
COMMERCIAL IN CONFIDENCE Page 90 of 91
WITN04600102
WITN04600102
ICL Horizon System Audit Manual Ref: IA/MAN/oo5
Version: 1.0
Pathway (CSR+) Date: 20/12/00
establish timescales for implementation and these will be monitored as part of
the ongoing review of the audit results by the participating audit group.
14.2.7 Procesy Review and Improvement
At the end of each Joint Audit the lead auditors from participating group should
arrange to conduct a Post Audit Review to assess performance and areas for
improvement. The views of the auditee will be taken into account.
COMMERCIAL IN CONFIDENCE Page 91 of 91