WBON0000344
WBON0000344
Horizon Spot Review 5 —- Response
Centrally Input Transactions
1. Summary
Asa result of a subpostmaster assertion that on Tuesday 19" August, 2008 he observed an individual
based in the basement of the Fujitsu office in Bracknell who demonstrated an ability to pass
transactions directly into the Horizon system. Second Sight has raised a number of specific questions
of enquiry that require a statement response against each.
2. Questions & Responses
Question 1:
What capabilities did the POL Bracknell team have? (As far as TC or Rem Out type transactions or
Journal adjustments are concerned).
Response:
The POL Bracknell Team have no access to the live system so can conduct none of these
transactions.
Question 2:
What were the PHYSICAL or LOGICAL controls over their use of the systems available to them?
Response:
There is no Physical or Logical connection to the live system from the areas in Bracknell being
discussed/ investigated. Detailed documentation has been supplied of the testing processes and
procedures recently audited and the design documents to support this position.
Question
What audit trail is available to show the extent that they posted TC or Rem Out type transactions, or
Journal adjustments?
Response:
When any transactions are posted to the database they are contained in the audit trail. As both the
original Horizon and replacement HNGx test systems were available to the test teams in that period
the test area and the test data is often refreshed and changed it would not be possible to identify
any transactions from this period in the test system. Specifically we do not keep audits of test
systems, only the Live system. As stated in response to question 1, the teams in the area of Bracknell
concerned would have no access to the live system.
Question
WBD_000214.000001
WBON0000344
WBON0000344
Can we reply of the COMPLETENESS of the audit trail? i.e. does it record all transactions or just
transactions meeting certain criteria? Is it protected from user manipulation?
Response:
The detailed answer to this is included in two papers Horizon Data Integrity and Horizon Online Data
Integrity for Post Office Ltd which have been presented as evidence in a number of previous court
cases.
Question 5:
What USER ID was used if TC type transactions or journal adjustments were posted?
Response:
On the old Horizon System (which was Live in 2008) and Data introduced to the system in the Data
Centre would not be marked with any user ID.
Question 6:
Could the POL Bracknell team log on with either super user or SMPR credentials?
Response:
Not in the live system, see test user policy. See the Horizon Data Integrity and Horizon Online Data
Integrity documents for details.
Question
How would TC, Rem Out or Journal Adjustment type transactions executed by the POL Bracknell
team be seen by SPMR of Branches affected by those actions?
Response:
For the PO Bracknell team the SPMR would never see any changes as they are in the test not live
systems.
The process described in the Operations manual refers to changes that were made to the old
Horizon system in 2004 or 2005 relating to Auto Rems and TCs which were introduced at that time
as part of the IMPACT Programme. Auto Rems meant that POL send Horizon a data feed defining
the content of Cash pouches and so as soon as the Branch scans in the pouch that value of cash is
added into their accounts (and a receipt printed). Before that they had to key in the amount and this
caused a number of issues with incorrect amounts being keyed.
However as with TCs the SPMR (or a member of staff) would be responsible for the transaction and
it would be recorded against their name.
Prior to this, Error Notices were sent to Branches which were often months after the errors occurred
and staff were expected to carry out appropriate transactions at the branch. TCs automated this
process and speeded it up. Product & Branch Accounting (P&BA) - recently re-named Finance
Service Centre (FSA) - have never had access to adjust client accounts on site through Horizon.
WBD_000214.000002