POL00031400
POL00031400
Message
From: Chris Aujard
(FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=CHRISTOPHER AA0452485-80B7-40D2-ADE7-6F 6FEAE19CC3F88]
Sent: 29/05/2014 18:25:32
To: Paula Vennells
(FYDIBOHF 23SPDLT)/CN RECIPIENTS/CN=Paula.vennells8c63d283-a511-46c3-a93e-dc6f2ae7a78d]; Martin Edwards
Edwards1f838e9d3- €c99-4040-I b432- -33552e99ed2ddd]; Alwen Lyons
GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=Alwen.lyons648ee5c4-f2a8-40e2-9f55-1b9b1e4f6d52]; Julie
George [/O=MMS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN= -RECIPIENTS/CN=! Julie
Georgee2337f53-Sbc7-4902-bf28-7f244bd4e4082ce]; Rodric Williams!” -
GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=Rodric Williamse9c1 14f4 b03f-4595-b082- -ce89be5c79d47b]
cc: Chris Aujard [/O=MMS/OU=EXCHANGE ADMINISTRATIVE GROUP.
(FYDIBOHF 23SPDLT)/CN=RECIPIENTS/CN=Christopher Aa0452485-80b7-40d2-ade7-6f6feae19cc3f88]
Subject: FW: Project Zebra
Dear all — following the 2 longish calls that I have had with Deloitte today, they have now come back in the email below
with a revised statement of the “deliverable” that they are proposing to produce for us. From my read of matter, it looks
basically OK, but I would be interested in feedback (especially from Rod). If the general consensus is that it is OK, I
would propose to ask Alwen to circulate the email to the Board with following message from me:
Dear all ~ as was trailed last Friday, Deloitte have been running significantly behind schedule in the production of their
report for the Board. A further draft version of it was produced on Bank Holiday Monday, but unfortunately (and despite
the involvement of additional partner from the forensic team and verbal assurances to the contrary) the document
produced was both opaque and failed properly to address the “exam questions” they had been set. The matter was.
accordingly escalated further within Deloitte this week and in consequence they have now agreed to re-work the
document into a more succinct “Board Briefing” note, addressing head on the alleged failings in the system. The email
setting out their approach is set out below.
The situation is far from satisfactory and Deloitte are in no doubt that they have significantly blotted their
copy book. They are also suggesting they need until Wednesday next week to finish the job, which again we are
pushing back on, hard. That said, we felt it important to let the Board know where matters stand currently, and the
reasons for the delay. I should add that there is no suggestion from Deloitte that there is somehow something “wrong’
with the system, or that it is not fit for purpose, rather our experience is that their internal review partner approach is
such that any positive (and helpful) statements that are made in early drafts are edited out before the draft is released
to us.
lam very sorry to be the bearer of the news of yet another delay.
Regards
Chris
From: James, Gareth (UK - Manchester)
Sent: 29 May 2014 18:37
To: Chris Aujard; Rodric Williams; Julie George
Cc: Whitton, Andrew J (UK - London); Noon, David A (UK - London); White, Ian (UK - Leeds); Tantam, Mark (UK -
London)
Subject: Project Zebra
CONFIDENTIAL AND SUBJECT TO LEGAL PRIVILEGE
Chris,
POL-0028302
POL00031400
POL00031400
Further to our conversations today, I wanted to confirm the next steps we propose to take regarding Project Zebra.
These seek to create a shorter document for you (intended for Board circulation) which focusses on certain key (and
most relevant) aspects of our wider work to date.
This “Board Briefing” document will focus on the four questions we agreed by phone, being:
1. What comfort can be taken that Horizon only allows complete transactions (baskets) to be processed?
2. What comfort can be taken that the transactions completed in Horizon are ‘digitally sealed’, to protect their
integrity and make it evident if they have been tampered with?
3. What comfort can be taken that Horizon’s Audit Store maintains and reports from a complete and unchanged
record of all sealed baskets?
4. What comfort can be taken that Horizon provides visibility to sub-postmasters of all centrally generated
transactions processed to their Branch ledgers?
For each of the above questions, we will:
e List those relevant high level system design and process control features that we identified in documentation
provided to us;
e Describe the facts relating to the extent and nature of the Assurance Work we have seen;
¢ State what additional work could be undertaken to increase the level of comfort.
Our comments will be framed in the context and limitations of our work.
We estimate that this deliverable will take until close of play on Wednesday next week to produce and issue through our
review and signoff activities.
Please confirm that these points of focus are an accurate view of the next steps discussed this afternoon.
Thanks and regards
Gareth
Gareth James
UK Futures
http:/Awww. deloitte.co.uk/ukfutures
IMPORTANT NOTICE
This communication is from Deloitte LLP, a limited liability partnership registered in England and Wales with registered number 0C303675. Its registered office is 2, New Street
‘Square, London EC4A 3BZ, United Kingdom. Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by
guarantee, whose member firms are legally separate and independent entities. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and
its member firms.
This communication contains information which is confidential and may also be privileged. it is for the exclusive use of the intended recipient{s). If you are not the intended
recipient(s), please (1) notify itsecurity. ult “I by forwarding this email and delete all copies from your system and (2) note that disclosure, distribution, copying or
Use of this communication is strictly prohibited. Email communications cannot be guaranteed to be secure or free from error or viruses. All emails sent to or from a Deloitte UK
‘email account are securely archived and stored by an external supplier within the European Union.
To the extent permitted by law, Deloitte LLP does not accept any liability for use of or reliance on the contents of this email by any person save by the intended recipient(s) to
the extent agreed in a Deloitte LLP engagement contract.
POL-0028302
POL00031400
POL00031400
Opinions, conclusions and other information in this email which have not been delivered by way of the business of Deloitte LLP are neither given nor endorsed by it.
POL-0028302