POL00147957
POL00147957
From: Belinda Crowe[IMCEAEX-
_O=MMS_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FY DIBOHF23SPDLT+29
_CN=RECIPIENTS_CN=BELINDA+20CROWE79B93F 1 1-569F-4526-A078-
F5B4958A8917220@C72A47 ingest.local]
Sent: Mon 07/04/2014 7:23:27 PM (UTC)
To: Chris Aujardf ; Lesley J
Sewell{”
Bec: Belinda Crowe,
Subject: Fwd: Outline objectives, services and deliverables... as discussed
For information. I have not looked yet.
Best wishes
Belinda
Belinda Crowe
448 Old Street. LONDO!
Begin forwarded message:
From: "James, Gareth (UK - Manchester)" <
Date: 7 April 2014 19:
To: "Belinda Crowe
"Desourdy, Charlotte (UK- Leeds)"
‘Subjec Outline object es, services and deliverables... as discussed
Good evening Belinda.
As discussed, please find below some of the key words which hopefully frame our discussions accurately as to the
work you would like Deloitte to perform in support of your objectives. We've included Rodric’s words in the
Background. I will be progressing the more detailed engagement letter structure around these principles tonight. Do
let me know if we’ve missed anything key from your perspective and also what times might suite Lesley for a
conversation to progress to a final agreed scope tomorrow afternoon.
All the best
Gareth
Background and Objectives:
We understand that You are responding to allegations that the “Horizon” IT system, used to record transactions in Post Office branches, is
defective and/or that the processes associated with it are inadequate (the “Allegations”). In order to respond to these Allegations (which
have been, and will in all likelihood continue to be, advanced in the courts), POL wants to demonstrate that the Horizon system is robust, fit,
for purpose, and/or operates within an appropriate control framework. In response to this, POL have either been provided or have
commissioned a number of independent assurance reviews into matters relating to Horizon’s operating environment and processing
integrity. The purpose of seeking input from Deloitte is to provide, based upon the information made available to us by You, an
independently produced summary relating to these sources of assurance, for presentation to the POL Board and specialist resources to
support You in potential further areas of assessment that You may decide that You require.
POL00147957
POL00147957
Services and Deliverables:
We propose to deliver our work in two parts:
© Part 1 “Summary”: Through review of information provided to us by You and interviews with key stakeholders, we will obtain a
high level understanding of the key circumstances behind the allegations, key risks in the Horizon processing environment and the
corresponding investigations, assurance activities and remediation actions which POL have undertaken. We will consolidate and
summarise these matters in a way suitable for presentation to the POL Board on the 26" April, highlighting key areas that may place
POL’s objectives at risk. You do not require Deloitte to comment on the quality of the assurance work performed, nor opine on its
adequacy, sufficiency or conclusions.
¢ Part 2 “Deeper Dives”: Governed by Change Order procedures to our engagement letter, we will supply specialist resources to
support You in further areas of assessment that You may decide You require. Examples of such support may include, but is not
limited to:
©. Testing on data held within the system audit trails, to (for example) verify conclusions previously draw by non-independent
parties into the extent of known deficiencies;
‘© Assessment and profiling of system audit trails, to look for characteristics of and trends in unusual behaviours in the system
transactional core;
© Enquiry into the nature and extent of testing of the Horizon system during its implementation;
© Examination and testing of the integrity of dataflows to and from certain external / third party systems;
‘©. Testing of responses to thematic concerns raised by other independent reviews.
We understand that our work will be produced for use by POL only, and is not envisaged to be shared with any other third parties.
Gareth James
Partner
Deloitte LLP
IMPORTANT NOTICE
This communication is from Deloitte LLP, a limited liability partnership registered in England and Wales with registered number 0C303675. Its registered office is 2, New Street
Square, London EC4A 3BZ, United Kingdom, Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited ("DTTL”), a UK private company limited by
guarantee, whose member firms are legally separate and independent entities. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL
and its member firms.
This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended
recipient(s), please (1) notify it.security.uki ly forwarding this email and delete all copies from your system and (2) note that disclosure, distribution, copying or
use of this communication is strictly prohibited. Email communications cannot be guaranteed to be secure or free from error or viruses. All emails sent to or from a Deloitte UK
email account are securely archived and stored by an external supplier within the European Union.
To the extent permitted by law, Deloitte LLP does not accept any liability for use of or reliance on the contents of this email by any person save by the intended recipient(s) to
the extent agreed in a Deloitte LLP engagement contract.
Opinions, conclusions and other information in this email which have not been delivered by way of the business of Deloitte LLP are neither given nor endorsed by it,