POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
Afvenox 2
Re: Seema Misra
2" Interim Technical expert’s report to the Court prepared by
Charles Alastair McLachlan, a Director of Amsphere Consulting
Ltd.
Staple Hall I
87-90 Houndsditch I
London EC3A 7AD
England
This report contains 30 pages
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Comber Rich Solicitors
Yard House, Basingstoke, RG21 7NX I
Contents
41 INTRODUCTION.....c.ssssssessssecssssssssnesseensensseeneennnenensensernneenensnnnneeanennansenenn 4 I
2 PRELIMINARY REPORT OF FINDINGS DURING VISITS TO A SUB
POST OFFICE IN THE MIDLANDS AND WEST BYFLEET........cssssssssens 1
3 WHAT HYPOTHESES COULD SUPPORT THE DEFENDANT’S CLAIM
THAT THE HORIZON SYSTEM WAS THE SOURCE OF THE
ACCOUNTING DISCREPANCIES? .....ccsssseensssesnsscsssessenensenenensatsneneneanenenee 19
4 WHAT EVIDENCE NEEDS TO BE PROVIDED IN ORDER TO
DETERMINE THE MERITS OF THE DEFENDANT'S CLAIM?.......essssseee 22
5 MY DUTIES TO THE COURT
Charles McLachlan 1
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1 Introduction
1
Lal
1.1.2
12
Instructions
I am Charles Alastair McLachlan, a Director of Amsphere Consulting
Limited, London, England specialising in information technology consulting.
[have been instructed in this matter by Coomber Rich Solicitors, on behalf of
their client, Seema Misra, (“the Defendant”) to assist the court in this matter
of alleged fraudulent accounting in providing expert evidence on the
questions posed at 1.1.3 hereunder.
The allegations arose from the discrepancy between the transactions as
recorded in the Horizon system provided by Post Office Counters Ltd through
a service agreement with Fujitsu and the cash on hand at the defendant’s Post
Office branch.
I was instructed to visit a sub post office in the Midlands and the sub post
office at West Byfleet to review the operational procedures and IT systems
implemented at the two sites in order to:
a. Understand the basis upon which standard operational procedures would
provide evidence to identify and resolve discrepancies arising from the use
of the Horizon system.
b. Understand the elements of the end-to-end IT architecture which could be
the source of discrepancies as a result of defects in the operation of the
software, hardware, network or integration with 3" party components.
Qualifications
Charles McLachlan 1
POL00046162
POL00046162
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX I
I
1.2.1 Ihave been working in the software industry since my first job at the age of
17 writing software analysing the results from a particle accelerator for the
UK Atomic Energy Authority
1.2.2 I obtained an M.A in Computer Science from Cambridge University
matriculating in 1979.
1.2.3 I developed software for environmental contro! systems for a company on the
Cambridge Science Park while at university.
1.2.4 I was retained by Cambridge University to do undergraduate teaching for
three years.
1.2.5 After University, I worked for the company of the Emeritus Professor of
Computer Science at Imperial College (and founder of IBM UK Hursley
Laboratories), developing PC multi-tasking office automation software. As
the company transitioned to IT consulting, I advised HP on their Unix
Strategy and looked at the potential for hosting Inmos parallel processors in
PC environments. I also built an extensive financial performance analysis
system for the Building Society industry.
1.2.6 In 1987, I became the founding partner of CMJP Associates which delivered
software development services to a wide range of clients using PC and
Client-Server technologies.
Charles McLachlan 2
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.7 A number of these projects included the development of accounting modules
and work for the Financial Services industry including SG Warburg, GNI (of
the London International Financial Futures Exchange LIFFE).
1.2.8 In 1991 J established a partnership for CMJP Associates to provide expert
advice to the Client Server Centre of Excellence.
1.2.9 In July 1993 I became the founding Technical Director of Infonet Stystems.
Infonet Systems focused on building leading edge object oriented Client- I
Server solutions. Its first success was the delivery of a complete front office I
trading platform of financial derivatives (repos and bonds) in four weeks. I
This was the first NT based client server trading desk in the City of London.
While at Infonet, I developed the Object Oriented Just In Time software
development methodology.
1.2.10 In December 1996, I was recruited by the European headquarters of emerging
internet service provider UUNet (shortly to become part of MCI Worldcom),
to advise on IP billing and customer provisioning systems. A key element of
the assignment was to undertake a critical review of the implementation and
customisation of the GEAC Smartstream ERP solution by Arthur Andersen
Business Consulting.
1.2.11 In August 1997 I was recruited by Arthur Andersen Business Consulting to
provide technology leadership for the new Advanced Technology division.
Over the next five years, I became the international thought leader in the
building of software related services that underpinned the development of
Andersen’s New Media and eBusiness practice. This was recognised by
election to partnership in 2000.
Charles McLachlan 3
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.12 Early identification of the crucial role for Java technologies and ‘just in
time’ business and technology development methods, positioned the
emerging Business Consulting (BC) division for rapid growth on the Internet
wave to become 9th globally by Quarter 3 2001. Achievements during this I
period cover:
1.2.13 Major systems delivery projects The software development related service
revenues were the fastest growing area of the fastest growing global
consulting organization between 1997 and 2002. My team delivered marquee I
projects for key clients including: launch of Sky.com, TimeOut.com, I
myTravel.com, Cendant’s Move.co.uk, pan-European systems for Budget-
Rent-a-Car. I was also engaged as a technical delivery expert for major new
systems types including on-line trading exchanges, high throughput customer
services systems, on-line transaction processing systems and content
management systems.
1.2.14 Solution Development: I provided technology leadership for the development
of key global solutions for BC including: eStrategy, eBusiness, Content
Management, Experience Design, Component Based Development, Business
Architecture, Enterprise —_ Integration, Datawarehouse, Technical
Architecture, Active Intelligence™, Anti-Money Laundering, Telco Fraud
Protection.
1.2.15 I was the recognized methodology and risk management expert for software
related technology solutions across Andersen.
Charles McLachlan 4
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.16 I worked closely with the Computer Risk Management practice in the
Andersen Audit practice to perform technical due diligence, project risk
I
reviews and advise on project recovery. I
I
1.2.17 Capability Development One of my key strengths was the recruitment, I
training, development and motivation of deeply technical teams to perform
successfully in a “Big 4’ consulting environment.
1.2.18 Operating first as the founding director of Andersen’s Global Software
Engineering Centre of Excellence and then as a member of the Global
Advanced Technology Advisory Team, I became one of a small number of
newly appointed partners building the technology integration skills at the
heart of BC’s growth strategy.
1.2.19 I provided technical leadership for the development of the core component I
based rapid implementation methodology and acted as the expert for
methodologies built on this foundation including eBusiness, eMarketplace,
Content Management, Datawarehouse, Business Architecture, Enterprise
Integration and Customer Management. I
1.2.20 Other achievements include implementation of the first successful
Knowledge Management Capability Maturity Model for the UK practice;
establishing a global virtual community of 2,000 software developers;
developing alliance relationships with BEA, Microsoft, Sun and a variety of
specialist technology providers; sponsorship of Computing for Business MSc
at Imperial College, development of four technology training courses for
global roll-out; delivery of a technology competency model for all
practitioners globally.
Charles McLachlan 5
POL00046162
POL00046162
Amsphere Confidential and Privileged I
On instruction of Coomber Rich Solicitors ij
Yard House, Basingstoke, RG21 7NX
1.2.21 Lam currently working as an IT and Technology Risk consultant as a Director
of Amsphere Consulting Limited.
1.2.22 Recent assignments include:
e Advisor to board of advisor to board of interactive satellite broadband
start-up
e Recovery of failing project at Big ‘4’ consulting firm
© Associate editor Butler Group, the IT strategy consulting information
service company.
© Design and implementation of delivery risk management system for an
off-shore software development company
e Project delivery for an applications management business
e Report on XML related integration and data quality risk for JP Morgan-
Chase
e Expert witness including cross examination in an ICC Arbitration between
3 national banks and an international provider of banking accounting
software
e Expert witness in a High Court action relating to the quality of software
testing between an international mobile telephone operator and an
established mobile telephony systems integrator.
e Expert advisor in action between Geographical Information Systems
provider and off-shore software development services provider.
Charles McLachlan 6
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.2.23 Lam a former Director of UCL Consultants (founded by University College
London) which is responsible for providing professional consulting services
from members of UCL.
1.2.24 J am a Partner of the Transformation Development Partnership LLP.
1.2.25 I was appointed Visiting Professor of Software Enterprise at University
College London in 2005.
1.2.26 I have worked with IT organisations of all scales from small businesses to
international global organisations.
1.2.27 I mentor small businesses owners through the Academy for Chief Executives.
1.3 Confidentiality
1.3.1. This report is strictly private and confidential and has been prepared at the I
request of Coomber Rich Solicitors on behalf of their client, for the Court. I
1.4 Legal and factual issues
1.4.1 This report should not be read as expressing any opinion on factual matters
which depend on disputed testimony of the witnesses of fact, or legal issues.
It, however, inevitably reflects my understanding of the position.
Charles McLachlan 7
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
1.5 Sources of information
1.5.1 In preparing my report, I have read and considered the following documents:
a. Summary of facts prepared in accordance with Rule 21.3(1)(b) of the
Criminal Procedure Rules 2005; I
b. The Indictment — The Queen v Seema Misra;
c. Witness statement of Keith Noverre 8" January 2009;
d. Witness statement of Elaine Ridge 9" January 2009; I
& Witness statement of Lisa Jane Allen 12" January 2009; I
f. Witness statement of Adrian Morris 6'" January 2009;
g Witness statement of Jon Longman 29" May 2009; I
h. Witness statement of Javed Salim Bidiwala 13" April 2006 !
i. The statement under Section 9 of the Criminal Justice Act 1967 of John
Kidd
j. The Audit of Post Office ® West Byfleet branch, FAD 126023 — Action
Plan Appendix A
k. ‘The Witness statement of Andrew Paul Dunks 24" June 2009
1 The exhibits provided running from pages 1-35 insofar as the copies
provided are legible.
m. The systems architecture for the end to end process from Point of Sale
terminal to Electronic Funds Transfer for a leading UK retailer
Charles McLachlan 8
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG2 7NX
1.6 The scope of my work
1.6.1 I report as an expert witness, not as a witness of fact. I
1.6.1.1 Ihave reviewed the documentation provided to me.
1.6.1.2 I have not undertaken an operational review of the software solution
Horizon system,
1.6.1.3 I have not had access to any documentation or test data relating to the
Horizon system
1.6.1.4 I have attended a sub post office in the Midlands reporting regular cash
discrepancies, interviewed the sub postmistress, reviewed the operating I
procedures in the sub post office and reviewed the capabilities of the
Horizon system.
1.6.1.5 I have attended the sub post office at West Byfleet named in these
proceedings, interviewed one of the attending investigating officers,
reviewed the operating procedures in the sub post office and reviewed the
capabilities of the Horizon system.
Charles McLachlan 9
POL00046162
POL00046162
Amsphere Confidential and Privileged I
On instruction of Coomber Rich Solicitors I
Yard House, Basingstoke, RG21 7NX
1.7 Independence
1.7.1 [have prepared an independent and objective report addressed to the Court. I
have had no previous involvement with the Defendant. I have no previous
involvement with Coomber Rich Solicitors.
1.7.2. Amsphere’s fees in this case are not dependent on the result of the
proceedings in this matter.
1.8 The structure of my report is as follows:
1.8.1 At Section 2, I report my preliminary findings following the visits to the two
sub post offices.
1.8.2 At Section 3, I reconsider “What hypotheses could support the Defendant’s
claim that the Horizon system was the source of the accounting
discrepancies?”
1.8.3 At Section 4 I reconsider “What evidence needs to be provided in order to
determine the merits of the Defendant’s claim?”
1.8.4 Atsection 5 my expert’s declaration is recorded.
Charles McLachlan 10
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
2 Preliminary report of findin ings during visits to a sub post
office in the Midlands and West Byfleet
2.1 Findings during visit to sub post office in the Midlands
2.1.1 Background of sub postmistress
2.1.1.1. The sub postmistress responsible for the sub post office we visited in the
Midlands asked that she retain her anonymity at this stage in the process
because she is very fearful of being suspended. However there are some
relevant details that she was ready to have appear in the report:
2.1.1.2 She has a previous career in banking with a major retail bank and had
previous bank teller experience before moving to export/import credit
products.
2.1.1.3. She is familiar with handling detailed and complex documentation from her
experience at the bank.
2.1.1.4 She has been a sub post mistress for more than 10 years and only took on
POL00046162
POL00046162
2.1.1.5 She has been recognised by the Post Office for her bravery in her response
to being shot at by armed robbers on more than one occasion and she
Charles McLachlan i
POL00046162
POL00046162
On instruction of Coomber Rich Solicitors
Amsphere Confidential and Privileged I
Yard House, Basingstoke, RG21 7NX I
commented to us “why would I steal money from my own business when I
have already demonstrated that I will put my life at risk to protect it?”
2.1.1.6 Her husband and her children are all qualified graduates. I
2.1.2 Background to issues at the sub post office
2.1.2.1. The sub post office is operated by a husband and wife team together with
their son.
2.1.2.2 The sub post office has 3 counter terminals which are operated on a shared
stock basis
2.1.2.3 The premises housing the sub post office include a small shop selling a I
limited range of envelopes, gift card and other post related accessories. The I
lottery terminal is on the shop counter. We were advised that sales in the I
shop are between £200-£300 per week compared to a monthly transaction
volume at the post office counter of between £200,000 and £300,000 per
month.
2.1.3 Pattern of discrepancies
2.1.3.1 The sub post mistress explained that her experience is that there are almost
no discrepancies that she has to record against the stock.
Charles McLachlan 12
POL00046162
POL00046162
Amsphere Confidential and Priviteged I
On instruction of Coomber Rich Solicitors I
Yard House, Basingstoke, RG21 NX
2.1.3.2 There are also almost no discrepancies that she has to record against the
physical cash held in the shop. I
2.1.3.3 There are consistently discrepancies arising from the use of debit cards or
post office cash account cards.
2.1.3.4 The value of discrepancies has increased as the proportionate value of card
use has increased.
2.13.5 If an “Account Payable” or counter credit is entered the Horizon system
assumes that there is a corresponding receipt (either physical cash, debit
card transaction, Post Office Cash Account card transaction or cleared
cheque).
2.1.3.6 The post mistress used to receive discrepancy reports generated by the Post
Office identifying when there was a mismatch between the counter credit
recorded at the counter and the cleared cheque or debit card amounts
reported to them by their correspondent banks or card merchant provider.
She no longer receives these and concludes that the Post Office function
that provided this service is non-operational or insufficiently staffed to
properly reconcile all of the discrepancies. These discrepancies, if left
unresolved, could create a liability for the sub postmistress.
2.1.3.7. If stock is sold, the Horizon system assumes that there is a corresponding
receipt (either physical cash, debit card transaction, Post Office Cash
Account card transaction).
Charles McLachlan 13
Amsphere Confidential and Privileged
2.1.3.8
2.1.3.9
On instruction of Comber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
If at the end of the monthly period there is a discrepancy between the cash
on hand and the credit balance expected by the Horizon system then the
only way to close the period and start a new period is to “make good” the
cash discrepancy and declare that the cash on hand has been brought up to
the expected credit balance. There is no mechanism to record the
discrepancy in a suspense account for subsequent investigation and
resolution. The system imposes a declaration as part of the operating
procedure that the cash is on hand. If the actual reason for the discrepancy
is due to a problem with a non-cash credit (e.g. incorrectly processed card
payment, incorrectly recorded cheque payment) then there is no opportunity
for the sub post mistress to note her concerns on the system.
‘The sub post mistress demonstrated the following transactions in which the
use of a debit card could result in a discrepancy in the cash account
(physical + debit card/POCA amounts) at the sub post office:
2.1.3.10 Account Payable using a Debit Card / POCA card: the customer is seeking
to make a bill payment of council tax using a debit card. The card is
apparently authorised at the PIN terminal for the required amount. The card
receipt is apparently credited to the sub post office account. The council tax
payment is debited from the sub post office account. However, during the
end to end electronic fund transfer process the fund transfer fails. The
central Post Office account never receives the expected electronic funds. It
is supposed that the end of day process identifies that there is no credit
corresponding to the bill payment and therefore there must be a cash
discrepancy.
Charles McLachlan 14
POL00046162
POL00046162
POL00046162
POL00046162
Amsphere Confidential and Privileged
. On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG2I 7NX
2.1.3.11 Debit Card/POCA withdrawal: the customer is seeking to receive an over
the counter payment of cash from their debit card or POCA facility. As
above [2.1.3.10] the card is apparently authorised but in fact the fund
transfer fails at some point and the sub post office account is debited with
the cash at the counter terminal but this is not recorded centrally against a
debit card fund transfer. There is therefore an apparent cash shortfall in the
till. The Horizon system only prints a receipt for the customer; there is no
debit voucher for the counter staff to place in their till. At the end of the
day or the end of the week it is not possible to physically reconcile the cash
payments with debit vouchers.
2.1.3.12 In either of the two cases above [2.1.3.10], [2.1.3.1] the electronic funds
transfer mechanism duplicates the fund transfer. This could result in the
expected credit balance at the sub post office being higher than it actually is.
The sub post mistress will be expected to make good this discrepancy with
cash.
2.1.4 Operating procedures
2.1.4.1 We discussed the operating procedures implemented at the sub post office
in the Midlands in great detail with the sub postmistress. In my opinion, she
demonstrated the trained eye for detail and procedure that I would expect
from somebody with her professional experience.
2.1.4.2 She demonstrated a range of features of the Horizon system that showed
how stock and cash were tightly connected across the system and how the
system had built-in mechanisms to link stock sales with cash receipt.
Charles McLachlan 15
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG2] 7NX
2.1.4.3. She also demonstrated the weaknesses of the system in relation to the use of I
the debit card/POCA terminal:
e the lack of counter vouchers,
© the requirement to record some debit terminal transactions as cash
receipts,
© the delays in the system at busy periods,
© the lack of certainty as to whether a transaction completes when I
there is a break in network connectivity
2.1.5 Capabilities of Horizon
2.1.5.1 Horizon terminals are capable of working in on-line and off-line mode.
2.1.5.2 The terminals are required to be left on overnight in order to permit two
way data transmission and software updates.
2.1.5.3 All of the facilities of Horizon are available in off-line mode except I
debi/POCA transactions and access to information from the DVLC
required to issue vehicle licences.
2.1.5.4 The Horizon system sells postal services, provides foreign exchange,
supports receipts of cash, cheque and debit card/POCA for Accounts
Charles McLachlan 16
POL00046162
POL00046162
I
I
Amsphere Confidential and Privileged I
On instruction of Comber Kich Solicitors
Yard House, Basingstoke, RG21 7NX
Payable services and supports payment of cash from debit card/POCA
I
accounts.
2.2 Findings during visit to sub post office at West Byfleet I
I
2.2.1 Operating procedures
2.2.1.1 I was able to confirm my understanding of the operating procedures from
my visit to the sub post office in the Midlands.
2.2.1.2 It was clear that there is no standard operating procedure to reconcile
counter credits with the actual amounts recorded. This could give rise to a
range of discrepancies which the sub post mistress would rely on the Post
Office to identify and reconcile. If the Post Office failed to do so then
overstated amounts could give rise to a deficit at the sub post office which
the sub post mistress would be required to make good with cash.
2.2.2 Capabilities of Horizon
2.2.2.1 The West Byfleet sub post office is set up to operate with each counter
having a separate stock. Although this assists with stock control and I
ensures that stock discrepancies can be localised, it does not provide any
assistance in management of discrepancies in debit/POCA receipts (no
vouchers are automatically printed) or Accounts Payable and counter credit
discrepancies (standard operating procedures do not reconcile these on a
daily basis).
Charles McLachlan 7
POL00046162
POL00046162
On instruction of Coomber Rich Solicitors
I
Amsphere Confidential and Privileged I
Yard House, Basingstoke, RG21 7NX I
2.2.3 Approach of investigating officers to system issues
2.2.3.1 On our visit to West Byfleet, we had an opportunity to raise some questions
with one of the investigating officers that attended on the day of the audit
that gave rise to these proceedings.
2.2.3.2 He made it clear that it was Post Office policy that investigating officers I
should never consider systems problems as relevant to their enquiries.
2.2.3.3 He agreed that the Horizon system provided no paper record of debit/POCA
vouchers and therefore that a sub postmaster/mistress would not be able to
produce any evidence that a customer had received a receipt for a
debit/POCA transaction.
2.2.3.4 He accepted that the Horizon system, as supplied, which the sub post
master/mistress was required to use under contract, did not provide the
facility for the sub post master/mistress to reconcile discrepancies that
might arise in the operation of the system.
2.2.3.5 He accepted that there was no Post Office requirement that he should I
understand the operation of the Horizon system in order to properly conduct
his investigations.
Charles McLachlan 18
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
I
I
I
I
3 What hypotheses could support the Defendant’s claim
that the Horizon system was the source of the accounting
discrepancies?
3.1 Background
3.1.1. Accounting systems are usually designed around a ‘double entry’ booking
keeping principle. The double entry book keeping principle means that for
every entry into the system there is an equal and opposite entry that should
maintain the ‘balance’ between the accounts.
3.1.2 So, for example, if somebody at the till sells a stamp for £1 paid in cash then
the stock account would be reduced by £1 value of stock and the cash on
hand account would be increased by £1 — overall the balance between the
accounts would be unchanged.
3.1.3 As part of the process of financial control, it would be normal for the value of
stamps to be physically counted and recorded (stock value) and the value of I
cash on hand physically counted and recorded (cash value) and these two
values compared (‘reconciled’) to what is recorded in the accounting system.
3.2 Hypothetical issues with the Horizon system
3.2.1. The User Interface gives rise to incorrect data entry: poor user experience
design and inadequately user experience testing can give rise to poor data
entry quality. In cases that users are working under pressure, insufficiently
trained or are using a system presented in a language different from their first
language the problems of data entry can be exacerbated.
Charles McLachlan 19
POL00046162
POL00046162
Amsphere Confidential and Priviteged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG2I 7NX
3.2.2 The Horizon system fails to properly process transactions: accounting
systems are usually carefully designed to ensure that accounts balance after
each “double entry” transaction. In particular, a database technology referred
to as ‘two-phase’ commit is used to ensure that either both entries or neither
entry is recorded on the system.
3.3 Comments on Hypothetical issues following site visits
3.3.1. There are opportunities for incorrect data entry (e.g. entry of £2,000 for a
cash credit rather than £200) to give rise to discrepancies in cash recorded on
Horizon versus cash held at the till, The sub post office relies on the
consistent, accurate and timely resolution of these discrepancies by the Post
Office and the operators of the Horizon system. The sub post master/mistress
has no standard operating procedure or local record that protects them from I
the failure of the Post Office or the operators of the Horizon system to deal I
with the discrepancies. Perversely, the Post Office and the operators of the
Horizon system have no incentive to resolve discrepancies that appear as cash
losses at the post office counter because the sub post office contract makes
the sub post master/mistress personally liable.
3.3.2 The Horizon system does not appear to be a single monolithic mainframe I
based system with computer terminals with no independent processing
capability. Rather the architecture relies on a number of inter dependent I
units: the individuals nodes (counter terminals) at the sub post office each
with its own processing unit with an attached keyboard, touch screen, barcode
scanner, debit card authorisation PIN terminal and printer and a network
router to the wider Horizon system. Each of these components could give
Charles McLachlan 20
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
rise to faults that result in discrepancies: either due to problems within the
components or due to problems from interaction between the components.
3.3.3 Within the central Horizon system that is not directly visible to the counter
operators I would expect there to be a set of inter-operating components that
could give rise to malfunctions and discrepancies. In particular, the end to
end dialogue between the counter terminal, the card authorisation terminal,
the network, the core Horizon system, the electronic funds transfer
component, the authorising merchant service and the central post office
branch accounting system is a long running transaction with multiple points
of possible failure.
33.4 Complex systems of this nature rarely have sufficient capability built in to
deal with all possible failure points and discrepancies are very likely to arise
which require manual intervention based on the reconciliation of paper and
electronic logs at different points in the system. When the end to end system I
does not provide the counter staff with access to paper or electronic logs at
the point of use then it is impossible for them to identify whether there is a
system fault or operator problem.
Charles McLachlan 21
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
4 What evidence needs to be provided in order to
determine the merits of the Defendant’s claim?
4.1
4.11
Errors in operator data entry are not properly reconciled by the Post Office
finance function or by the Horizon system.
The first problem with the provision of evidence is that the Horizon system
does not automatically provide a paper voucher for retention at the post office
counter when funds are withdrawn using a debit card or Post Office Cash
Account card. Therefore the sub post office has no mechanism for
reconciling the result of downstream processing by the Horizon system and
the Post Office with what occurred at the sub post office counter either at the
time or when discrepancies are identified at the end of the weekly trading
period. In effect, the Horizon system makes it impossible for the sub post
office to demonstrate an error occurred in the downstream processing.
The second problem with the provision of evidence is that the Horizon
system does not automatically provide a paper voucher for retention at the
post office counter when funds are credited to the sub post office account as
part of a bill payment (Accounts Payable) as a result of a withdrawal using a
debit card or Post Office Cash Account card. Therefore the sub post office
has no mechanism for reconciling the result of downstream processing by the
Horizon system and the Post Office with what occurred at the sub post office
counter either at the time or when discrepancies are identified at the end of
the weekly trading period. In effect, the Horizon system makes it impossible
for the sub post office to demonstrate an error occurred in the downstream
processing.
Charles McLachlan 22
POL00046162
POL00046162
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
4.1.3 The third problem with the provision of evidence is that the standard
operating procedure for post office counter clerks does not include the
reconciliation of bill payment or counter credit slips with the individual
amounts recorded by the counter clerk onto Horizon. In effect, this standard
operation procedure makes it impossible for the sub post office to identify
any failures by the Post Office or the Horizon system in identifying or dealing I
with discrepancies arising from incorrect data entry.
4.1.4 The investigations identified below will assist in determining whether such I
evidence is available.
4.2 The Operation of the System gives rise to incorrect data entry
4.2.1 There are two elements to this possible cause I
© The sub post office staff and, in particular, the sub post master/mistress is not
trained in the proper operating procedures to deal with maintaining an
auditable contemporaneous record that would protect their reputations in the
event that faults in the Horizon system or operator error resulted in I
discrepancies between the actual cash position and the centrally recorded
cash position.
e The sub post office staff are not properly trained in the use of the Horizon
system.
4.2.2 In order to understand to what extent sub post office staff are trained in the
necessary operating procedures, it would be necessary to review the course
material provided for counter staff and sub post masters/mistresses and to
Charles McLachlan 23
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors I
Yard House, Basingstoke, RG21 7NX
review the training and assessment processes implemented by the Post Office.
Finally, it would be necessary to review to what extent the necessary I
operating procedures could feasibly be adopted and were in fact adopted in
general operating practice and in the case of Seema Misra in particular.
4.2.3 In order to identify whether Horizon system training is a possible cause, it
would be necessary in the first instance to sit alongside a user operating in
normal Post Office conditions that had only recently completed the standard
systems training and who represented the kind of user engaged by the
Defendant.
42.4 If there is a pattern of incorrect data entry then it would be necessary to I
conduct a detailed examination of the kinds of incorrect data entry that occur
and the implications for failure of accounting.
4.2.5 There are two available technologies that could assist in examining cases of
incorrect data entry:
© Screen capture technology installed on the user terminal that keeps a
record of every key press/screen press and the associated screen shot
© Digital camera recording equipment positioned to have a clear view of the
screen continuously recording the screen as it responds to operator entry
43 The Horizon system fails to properly process transactions I
Charles McLachlan 24
Amsphere Confidential and Privileged
43.1
4.3.2
43.4
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
In order to identify whether this is a possible cause, it would be necessary in
the first instance to examine the operations in normal Post Office conditions
where there is an experience by the branch manager of what they believe to
be incorrect transaction processing.
Further, if there is prima facie evidence of incorrect transaction processing, it
would be necessary to review the technical documentation of the Horizon
system and interview key individuals responsible for the system within the
Fujitsu team in order to understand the potential source of the incorrect
transaction processing. From my understanding of comparable retail systems
architectures there are a large number of potential points of failure which
could give rise to the kind of discrepancies reported by Seema Misra and the
sub post mistress in the Midlands. In particular, I have reviewed the
architecture for a national retailer and identified a series of possible failure
points which are currently addressed by testing, review of error logs and
reconciliation of discrepancy reports. See Exhibit “Point of Sale — Electronic
Funds Transfer architecture”.
Based on the review of the technical documentation, it should be possible to
identify and examine the various electronic log files maintained by different
components of the systems architecture that are required by the Electronic
Mastercard Visa (EMV) standard or for Payment Card Industry (PCI)
compliance.
If the potential source of the incorrect transaction processing can be identified
then it would be helpful to be able to reproduce the problems under controlled
test conditions in a consistent and reproducible manner. This would require
Charles McLachlan 25
POL00046162
POL00046162
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG2 7NX
the assistance of Fujitsu in providing access to the test environments
maintained in support of the Horizon system.
Charles McLachlan 26
POL00046162
POL00046162
Amsphere Confidential and Privileged I
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 NX
5 My duties to the Court
5.1 Tunderstand that my overriding duty is to the Court, both in preparing reports
and in giving oral evidence. J have complied and will continue to comply with
that duty.
5.2 T have set out in my report what I understand from those instructing me to be
the questions in respect of which my opinions as an expert are required.
5.3 Ihave done my best, in preparing this report, to be accurate and complete. I
have mentioned all matters that I regard as relevant to the opinions I have
expressed. All of the matters on which I have expressed an opinion lie within
my field of expertise.
5.4 Thave drawn to the attention of the Court to all matters, of which I am aware,
which might adversely affect my opinion,
5.5 Wherever I have no personal knowledge, I have indicated the source of factual
information.
5.6 Ihave not included anything in this report that has been suggested to me by
anyone, including the lawyers instructing me, without forming my own
independent view of the matter.
5.7 Where in my view, there is a range of reasonable opinion, I have indicated the
extent of that range in the report.
Charles McLachlan 27
POL00046162
POL00046162
Amsphere Confidential and Privileged
On instruction of Coomber Rich Solicitors
Yard House, Basingstoke, RG21 7NX
5.8 At the time of signing the report I consider it to be complete and accurate. I
will notify those instructing me if, for any reason, I subsequently consider that I
the report requires any correction or qualification.
5.9 I understand that this report will be the evidence that I will give under oath,
subject to any correction or qualification I may make before swearing to its
veracity.
5.10 I have included in this report a statement setting out the substance of all facts
and instructions given to me, which are material to the opinions expressed in
this report or upon which those opinions are based.
5.11 I confirm that insofar as the facts stated in my report are within my own
knowledge I have made clear which they are, and I believe them to be true, and
the opinions that I have expressed represent my true and complete professional
opinion,
Charles McLachlan
Amsphere Consulting Ltd
Staple Hall
87-90 Houndsditch
London, EC3A 3AD
England
Thursday, 19 November 2009 I
Charles McLachlan 28