FUJ00087125 - Fujitsu’s comments on Second Sight Briefing Report - Part Two.
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
Fujitsu’s comments on Second Sight Briefing Report - Part Two.
CONFIDENTIAL
Authors
Gareth Jenkins, James Davidson, Pete Newsome & Mike Harvey
Overview
These comments included are based on a review of the Second Sight briefing report part two
provided to Fujitsu on the 21% August 2014.
This commentary does not constitute a comprehensive view of all the issues raised by the report, to
the extent to which they relate to the Horizon application but it is written so as to provide a
commentary on key areas of contention in relation to the Horizon application and alleged issues.
Fujitsu has not commented on any element of the report that does not relate to the Horizon
application itself. As such, a failure to comment does not mean we agree with its content. Please
note the numbering used below correlates to the paragraph number in the briefing report.
Our key concern with this briefing report (and the previous Second Sight reports that have been
shared with Fujitsu by Post Office) is that the allegations and/or assertions made by Second Sight are
consistently made without any reference to any primary source evidence to support and/or provide a
basis to support the allegation or assertion. We have raised this concern repeatedly with Post Office
but, thus far, it remains unaddressed by Second Sight. This means that the briefing report, to the
extent to which it relates to the Horizon application (we do not feel it correct for us to comment on
any other element of the report) constitutes unsubstantiated subjective opinion which, in our opinion,
is without merit or basis. It should be noted that Fujitsu reviewed all ‘spot cases’ related to the initial
‘interim’ review by Second Sight during 2013 and provided detailed summaries of events. No
evidence of underlying application issues was identified and in all such reviewed instances, Horizon
performed as it was designed to.
Not withstanding our concern above, we have provided a response to the relevant sections below. In
particular we are unhappy with the, in our opinion, deliberately provocative use of the term “fit for
purpose” in sections 18.6 to 18.12. This section appears to have been written to garner headlines if
publicly disclosed rather than present the facts in an objective and balanced manner. Given the term
has particular legal meaning we feel it is a term that has been used incorrectly in this report and
should therefore be removed and/or rewritten.
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
Overall, we remain disappointed that a process that was intended to provide insight and address
concerns raised by sub-postmasters has in fact been hijacked by a partisan process which, because
of its continued failure to comply with the basic requirements of the need to back up allegations with
evidence, has resulted in a report which, in our opinion, contains no substantiated allegation with
respect to any issue raised with the Horizon application, As such, it cannot, in our opinion, be relied
upon by any Sub-Postmaster or Post Office as providing any insight into the merits or otherwise of
any claim against the Horizon application.
Section 1 — Introduction
1.2 — Part one of the report was not shared with Fujitsu for comment.
1.3 - The suggestion that the thematic issues inform individual cases is problematic. For example,
while it may be true to suggest that a ‘comms issue’ occurred as part of a given case, Fujitsu’s
detailed analysis of case ‘spot reviews’ demonstrated that in all cases the application performed as
designed. Therefore, if the contention by Second Sight is that thematic issues are, in themselves,
sufficient to provide the factual background to an individual case, this would be misleading and
incorrect. In all cases, a detailed review of the individual circumstances will be required to establish
the sequence of events and the root cause, if any.
1.6 — Further to our comment on paragraph 1.3, we believe that any alleged thematic issues should
reference the actual “spot reviews” to which the alleged issue is alleged to relate. This will allow for
proper review of the allegation. The groupings approach adopted here removes any transparency
and makes it difficult to determine whether there is any evidential basis for the claim.
1.8-— A more accurate contextual summary would be to note that concerns are being raised by 150
users from a population of over 78,000. In addition, the time period for issues to which the report
relates also provides a more thorough context. Whilst the claims relate to a period of 9 years, the
Horizon application itself, in various guises, has been in place for 16 years.
Section 3 - Scope
3.1 — From a Fujitsu perspective, the central allegations regarding the Horizon application relate to
branch accounting imbalances which, it is alleged, have been caused by issues with the Horizon
application. The key question to examine is whether or not the application accurately records
transactions that take place in a branch, has logic built into it to ensure data accuracy and ensures
integrity of the data is maintained through its lifetime. Fujitsu refers to this as the ‘Core Audit
Process’.
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
When examining individual cases, the primary source of data used for investigation is that captured
as part of the ‘Core Audit Process’. The process of capturing transaction data and storing it ina
secure audit database is a feature of the Horizon application that was specifically designed to provide
the master data for all investigations where issues are alleged. The widening of the scope is
understandable in relation to general learning’s and improvements that could be identified but, in
Fujitsu’s view, is irrelevant to answering the central allegations regarding the Horizon application.
We note that on the basis of the content of this report and the fact that Second Sight have not
engaged with us directly to better understand the ‘Core Audit Process’, this part of the architecture
and its key features appear not to have been examined, or understood, by Second Sight. We have
supplied a detailed account of the process at the commencement of Second Sight’s engagement and
transactional information with respect to each individual case for which we've been asked for
information. However, we see little evidence of the use of its content in this report. Given that this
‘Core Audit Process’ is central to the Horizon application a failure to examine or understand the
process results in a fundamental flaw in the report itself.
Section 4 — The Contract with Sub-Postmasters
This section does not relate to the Horizon application and as such, Fujitsu has not commented.
Section 5- ATM’s
No specific comments. The analysis supports the conclusion that the Horizon application is
performing as designed.
Section 6 — Motor Vehicle Licences
6.1 - The root cause of the issue noted is misprinting of V11C forms which is not a Horizon
application issue. The Horizon application would recognise the information that is contained in the bar
code (which was incorrect) and display this to the sub-postmaster. This would have highlighted the
discrepancy for investigation at the time.
Sections 7-9
These sections do not relate to the Horizon application and as such, Fujitsu has not commented.
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
Section 10 — Limitations in the Transactional Audit Trail
In general, this section is not about whether or not the Horizon application records the data (the title
is misleading), but issues the Sub-postmasters have in accessing the information recorded. There are
some factual inaccuracies contained.
10.4 — This is incorrect. There is a transaction log that is available to sub-postmasters that enables
every transaction recorded in the Horizon application relating to that branch to be viewed by the sub-
postmaster. This was noted in Fujitsu’s response to previous spot-reviews.
10.5 — Same as 10.4
10.8 — The Horizon application performs as designed and provides the capability to view every
transaction and as such the statement made here is incorrect.
Section 11 - Transactions Not Entered by the Sub-postmaster or their Staff
11.1 — When reviewing the spot cases supplied by Second Sight, Fujitsu has seen no evidence that
would suggest any ‘unknown’ transactions have been present. There was one specific spot review
where this was alleged but upon investigation, Fujitsu was able to demonstrate that this was not the
case. Second Sight have provided no further evidence Fujitsu can investigate in relation to this
allegation.
11.2 —- The Horizon application presents the system identity of the recovering operative as the
primary ID, not the originating operative. It is possible to differentiate between system generated and
user generated transactions in the raw logs. Therefore it is easy to differentiate between entries made
by a user and those that are system generated. To be clear, any system generated transaction
requires a branch user to acknowledge and accept this transaction and it is this operative’s id that is
recorded as the primary id.
Section 12 — Transaction Reversals
12.1 — This has been stated on a number of occasions and investigated in each case. Examination of
the audit trails provided a detailed view and explanation of each instance and no anomalies were
identified.
12.2 — The allegation here appears to be that the Horizon application creates Transaction reversals
without sub-postmaster knowledge. This allegation is without merit. The system has been designed to
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
automatically create a reversal in the event that a transaction fails. When a user logs on to the
system, they will be notified of the reversal and a receipt printed. This was investigated as part of a
specific spot-review and the circumstances were fully explained and the sub-postmaster
acknowledged possession of the printed receipt supplied as part of the recovery process. As such
the Horizon application was proven to operate as designed.
12.3 — When Fujitsu are asked to investigate alleged discrepancies, the subject matter experts do not
rely solely on the Audit Retrieval Query (ARQ) data extracts to understand the sequence of events.
The raw system logs from the Horizon application are also examined where more detailed
information is available as commented on previously. Fujitsu have suggested amending the ARQ
extract to provide more detail as a result of this specific spot review which is strongly recommended
going forward.
Section 13 - REMS
This section does not relate to the Horizon application and as such, Fujitsu has not commented.
Section 14 - Missing Cheques
This section does not relate to the Horizon application and as such, Fujitsu has not commented.
Section 15 — Pensions and Allowances
This section does not relate to the Horizon application and as such, Fujitsu has not commented.
Section 16 - Surpluses
16.2 — There has previously been an allegation that the Horizon application generates ‘unknown’
transactions or is the source of alleged unexplained data anomalies. Fujitsu has thoroughly
investigated all alleged instances as part of previous court cases and Second Sight spot reviews and
to date there is no specific evidence that has been found that support these assertions.
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
Section 17 - Cash Withdrawals processed as deposits
17.1 — The Horizon application will clearly display that a deposit or withdrawal is being made. The
granular level of reporting referred to is available as previously stated for investigation at a later time.
Section 18 - Error and Fraud Repellency
The underlying accusations made in this section are highly problematic as the key arguments and
assertions (relating to the Horizon application) are based upon conclusions reached that, in Fujitsu’s
view are not supported by the facts established in the course of its investigations over the past 18
months. Fujitsu has investigated the cases where it has been alleged that issues with the Horizon
application have resulted in branch losses and analysed the audit data that is captured as part of
standard operating procedure to reconstruct events. Each case was submitted to Second Sight as
part of the Spot review process that took place during 2013. The detailed case notes clearly show
that the application performed as designed and that information was made available to sub-
postmasters (as part of standard operating procedure) at the time the issues occurred.
18.3: Fujitsu are not aware of any application ‘errors’ in relation to cases investigated. If the assertion
is that the Horizon application should have been amended to avoid a situation where sub-
postmasters own ‘errors’ resulted in losses then we would appreciate Second Sight explaining what
these amendments could and should have been. It would then be for Post Office, with input from
Fujitsu, to determine the practicality and/or merit of such a request. As previously highlighted, in all
investigated instances, the Horizon application has worked as it was designed to.
18.4: This scenario is not one that Fujitsu recognises. The closest scenario would appear to be the
recovery of Automated Payment transactions in the original Horizon application. As such this
example is not valid and should be deleted.
18.5: In both the previous and existing version of the Horizon application, receipts are printed as part
of standard operating procedure that details all transactions that have taken place or failed. As such
this information is available to the user and therefore we do not understand the allegation.
18.6: As highlighted in the overview, this is a term that has particular legal meaning and as such we
do not believe Second Sight is suitably qualified to endeavour to answer this question.
18.9 No evidence has been provided that demonstrates the Horizon application made an error in any
of the ‘spot checks’ recording transactional information. As per earlier comments, detailed
information is made available at the time of any issues occurring and a full log of all branch
transactions is available to sub-postmasters to view.
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
18.10 The Horizon application has been shown in all ‘spot checks’ to operate according to its design
where hardware and communications fail.
18.12 This is poorly and provocatively drafted as it infers that the Horizon application is not fit for
purpose. What it actually appears to be saying is that someone with inadequate skills or training will
not be able to operate the application recovery process effectively. This is not an issue with the
Horizon application which performs as designed. To this end, whilst we believe paragraph 18.6 to
18.12 should be redrafted or deleted in their entirety, we believe that paragraph 18.12 is, in particular,
misleading and should be rewritten.
Section 19 - One-sided Transactions
It appears that this section is primarily concerned with the process of transaction correction / reversal.
From all instances provided to Fujitsu to investigate, the Horizon application has been shown to be
working as per design so the inference that there is some inconsistency in this process is not
understood and Fujitsu have found no evidence that would support this position. Given the very
general nature of this section, Fujitsu would like to understand the specific spot cases referred to or
the additional examples mentioned in 19.7 to investigate further.
Section 20- Hardware Issues
We are unsure what the point Second Sight is attempting to make with an assertion that the some of
the equipment is quite old and that if it breaks a process called “kit swap out” is used. Objective
analysis is available within the industry by applying industry standard measures that can illustrate the
reliability and performance of hardware components and systems within an enterprise. An example
of such a measure would be the “mean time between failures” of a particular hardware component.
Using such measures would enable a view to be taken as to the performance of this hardware estate
when compared to industry norms.
With respect to the implication that a hardware fault could result in an error in the Horizon application
that would cause a loss for the sub-postmaster, we note that Second Sight state that enquiries are
continuing on this point. However, it should be noted that, as stated above and in previous
communications, the Horizon application, and in particular the ‘Core Audit Process’ is designed to
provide a clear audit track of all transactions (whether successful or not) so that in the event of a
hardware or network failure, it can be determined what happened and what transactions were
successful and which were not. This process comprises a core element of the Horizon application
and as such we encourage Second Sight to engage with us to better understand the logic that
FUJ00087125
FUJ00087125
Confidential: For Post Office Eyes Only
underlies this key application component so as to enable it to properly engage with respect to this
allegation. Of the spot reviews undertaken we have found no evidence of any instance where a
hardware failure has result in a corruption of data within the Horizon application.
Sections 21-22
These sections do not relate to the Horizon application and as such, Fujitsu has not commented.
Gareth Jenkins, James Davidson, Pete Newsome & Mike Harvey
15/09/14