POL00378693
POL00378693
From: Lesley J Sewell[/O=MMS/OU=EXCHANGE ADMINISTRATIVE GROUP
(FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=LESLEY.J.SEWELL]
Sent: Wed 30/11/2011 9:23:10 AM (UTC)
To: Gina Gould: GRO _
Subject: Fw: Draft ARC paper for action and review
Attachment: ARC re IT controls 8.12.11 v1.doc.
----- Original Message -----
From: Sarah Hall
Sent: Tuesday, November 29, 2011 06:54 PM
To: Lesley J Sewell; Chris M Day; Rod Ismay; David X Gray
Subject: Draft ARC paper for action and review
Hi all,
I attach the paper as it looks so far with the inputs from Rod and David. I am not sure it all quite hangs together but I
think the shape is mostly there.
The key piece missing for me is that this does not set out for the lay person what the flows of accounting information in
and out of Horizon are which I was expecting from Rod. We discussed a diagram showing information in and information
out with details of the controls around that information that satisfy us in POL that it is right and the accounts are
appropriately controlled. Your slides listed the controls but assumed that you know what the system does but the ARC.
don't know. At the moment I haven't included your list as they looked mostly to be system controls that David's paper
listed. You may want to review/add to David's system control list (para 9) to make sure all are covered once but only
once.
I think there are more controls than those you listed too, Rod - for example you reconcile POL data to client data which
gives further assurance doesn't it? Also I think there are security controls over cash - unusual balance reviews etc? All
of these provide assurance that the numbers we take from the system are right.
Please could Rod prepare the diagram we discussed which I suggest goes into appendix 1 of this paper?
Please could others review and comment - I hope it isn't too far off.
Regards,
Sarah
Sarah Hall
Financial Controller
Post Office Limited
148 Old Street LONDON EC1V 9HQ
From: Lesley J Sewell
Sent: 25 November 2011 17:45
To: Chris M Day; Sarah Hall; Rod Ismay; David X Gray
Subject: ARC
Dear All
Just to confirm the key points from our call this afternoon:
POL00378693
POL00378693
Fujitsu Positioning (LJS/DG):
Position the services we receive from Fujitsu and distinguish between Horizon and HNGx with key timelines.
Savings as part of the move to HNGx and the recent benchmarking data, including the plan for further benchmarking
activities.
Status of the actions from the 10/11 audit - I also think that we need to make it clear that this was the first audit on HNGx.
We should have an update by monday from Group on the internal audit they have just performed on HNGx. The
purpose of this audit was to provide an additional level of assurance that the actions had been satisfactorily completed
ahead of this years management controls audit.
Update on the current 11/12 audit with E@Y and the planned timescales for completion.
SAS70 - current position and activities underway with FJ to introduce a SAS70 framework for the 12/13 audit. This will
include details of the commitment from FJ and in particular MD to MD assurance.
As part of this summary we will be clear on the timelines and the acknowledgment by E@Y that the approach we have
taken is eminently sensible. A SAS 70 could not have been implemented for this financial year.
In addition, to supplement the detail Rod will be drafting for horizon integrity we will summarise (written and diagram) how
from a technical perspective the integrity of the data is maintained.
Horizon Integrity (RI):
Update on the current position with the claims and media interest.
Accountancy/settlement controls (RI):
Plain english description of the accountancy controls which were used for Horizon and a brief diagram which could be
used at the ARC.
In essence, what are the key controls which POL can be assured of the data integrity from an accounting perspective.
Rod: A question - is there any material difference from what you do today between HNGx and Horizon and if not it may
be worth making that point.
Sarah has kindly offered to top and tail, so I suggest that the detail is provided to Sarah by 12 on Tuesday so that we can
get a draft for us all to review by close of play tuesday.
Let me know if there's anything which I've missed.
Have a good weekend.
Lesley