WBON0000916 - Bond Dickinson - Telephone attendance - Post Office Limited - Horizon challenges

Evidence on official site

WBON0000916
WBON0000916

Band Dickingow.

Telephone attendance

Client: Post Office Limited

Matter: Horizon Challenges General Matter no: 364065.531

Attending: Mark Westbrook from Deloitte and Andy Parsons of Bond Dickinson

Name: Amy Eames Location: N/A Date: 3 November 2014

Start time: 11.30am — 12pm Units: 5

In attendance:

* Mark Westbrook (MW)- Deloitte
e Andy Parsons (AP) — Bond Dickinson
« Amy Eames — Bond Dickinson

AP explained that POL was receiving pressure from Second Sight as to the remote access. There has
been a general complaint in relation to mysterious transactions and that this therefore must be Post
Office or Fujitsu going into the branch system. The plan is therefore to speak to MW and Fujitsu and
then make a note to Second Sight as to what it remote access is and the controls surrounding the
access. AP said that in Deloitte's report it refers to back door access and that these are used in
exceptional circumstances, for balancing transactions in the report.

MW explained that the review was documentation focused rather than testing and that Deloitte had
recommended in their report to have testing carried out. MW was not 100% comfortable in POL using a
documentation review process. MW said in the system design documentation talks about exceptional
balance transactions as part of its inherent design system. These are to be used in exceptional
circumstances, for example where technical errors occur and a system loses connection halfway through
a transaction. This caught Deloitte's attention as back door access to make changes and was a key risk
area and therefore was highlighted in Deloitte's report.

AP said that Second Sight does not know about Deloitte's report and that this stems from M051 and the
reference to the "Black Ops Centre" at Fujitsu.

MW said that in relation to the controls around use and the functionality, this can be best summed up in
an email from John Simkins (JS) at Fujitsu which details functionality. [AP to request email from MW].
MW read through JS's email during the call.

AP explained that there was concerned of around subpostmaster visibility of the transactions. MW said
that it they probably did have visibility as in Appendix 2, page 50 of their report data posted from other
systems for transactional corrections is visible and accepted by subpostmasters. AP to ask Fujitsu what
it looks like on accounts and how Post Office communicates this to the branch.

MW said that exceptional balance transactions would he imagine be initiated by the subpostmaster as
per the example found by Deloitte. AP further discussed that on the old system it was difficult to see

whether it had been used previously. MW further said that this would require a detailed interrogation
exercise on the old system which was not trivial.

4A_29763609_1

WBD_000786.000001
WBON0000916
WBON0000916

MW said that they were using Peaks on the helpdesk system and in his view this was not helpful. MW
further said that the Post Office needs to commission someone to look into the details surrounding the
controls for exceptional balance transactions, for example what it is, what it is possible to do, what are
the controls and whether the Peak tickets are reliable to rely on. He feels that there has been too much
reliance on the representations by Fujitsu.

AP further asked whether they can inject any transaction and whether there is any limit to this? AP
thought it could be used to put a single transaction in. MW said that that is the intention of an

exceptional balance transaction but can insert as many transactions with as much as they wanted. AP
said that it would be interesting to know the limit of the scripts.

4A_29763609_1 2

WBD_000786.000002