POL00031388 - RDW Proposed Draft re : Deloitte instructions as at 9.5.2014 - to support Post Office’s legal position.

Evidence on official site

POL00031388
POL00031388

STRICTLY PRIVATE & CONFIDENTIAL - SUBJECT TO LEGAL PRIVILEGE

RDW Proposed Draft re: Deloitte Instructions as at 09.05.14

Purpose

In light of the specific allegations being made against Post Office by Applicants to the Mediation Scheme,
Post Office requires input from Deloitte to support Post Office’s legal position (as advised by Linklaters LLP)
that:
- Horizon produces and maintains the accounts between Post Office and its agents (including
subpostmasters); and
- unless there is proof that the Horizon processing environment (“HPE”) is not functioning as
intended, Post Office can enforce its contractual rights against agents relying on those accounts.

Context

On 30 April 2014, the Board raised two specific questions and requested input from Deloitte:

1. In light of the specific allegations regarding non-traceable “phantom” transactions existing in
Horizon, what assurance could be provided over how the system records and maintains the
transaction logs; and

2. Ina wider context, what further assurance could be given both pre and post 2010 (when there was
a change in Horizon system)?

In this context, the “assurance” sought is the level of comfort and confidence that Post Office and Horizon
users can have that the HPE is fit for purpose, functions as designed and ensures that complete, accurate
and auditable records are kept of all sub-postmaster transactions.

Process

Deloitte have assessed Post Office’s sources of assurance relating to the implementation and IT
management activities of the HPE. In order to complete this work, further documentation relating to the
2010 implementation and wider information sources will be reviewed. Deloitte will update their existing
executive summary and report, reflecting this further work on assurance sources.

Deloitte will be extended to deliver, through desktop review, a schedule of design features which underpin:
a Branch’s full control and ownership of all records in their ledger; and
e how the system retains these records on a complete, accurate and auditable basis.

This schedule will highlight the design features for which assurance has been obtained and those where
additional documentation, validation and testing would be needed in order to provide further assurance to
the Board. A schedule of key historic changes will also be included, which may need consideration in the
context of any impact they had on these design features.

Deloitte’s extension will also include an assessment of the technical design of the Audit Store’s tamper
proofing features.

Key Milestones:

End of Tuesday 13" May — Updated Executive Summary report extract + 1 page Board Summary.
End of Friday 16" May — Issue of full Phase 1 report.

End of Friday 16 May — Summary of key observations from Deloitte’s extension work.
Thursday 22"% May — Board Meeting

End of Friday 23" May — Issue of Extension report