WITN11130100
WITN11130100
Witness Name: Michael Young
Statement No.: WITN11130100
Dated: 8 August 2024
POST OFFICE HORIZON IT INQUIRY
FIRST WITNESS STATEMENT OF MICHAEL YOUNG
I, MICHAEL YOUNG, will say as follows:
INTRODUCTION
1 I am a former employee of Post Office Limited (“POL”). My career at POL began
in August 2008 as Operations Director (“OD”) and ended in April 2012 as Chief
Operations Officer (“COO”).
2 I make this witness statement to assist the Post Office Horizon IT Inquiry (the
“Inquiry”) with the matters set out in the Rule 9 Request dated 13 June 2024
(the “Request’). Throughout this witness statement, I will use the structure and
headings of the Request.
3 I have not been asked by the Inquiry to give a full account of every aspect of
my work, actions, and opinions whilst at POL. I have been asked a list of
detailed and specific questions. Accordingly, this statement is not a
chronological list of all my actions, but a series of answers to the questions I
have been asked.
Page 1 of 63
WITN11130100
WITN11130100
I prepared and submitted this witness statement within two months of receiving
the Request on 13 June 2024, which was the first notification that I had been
asked to submit a witness statement to the Inquiry. The accompanying
disclosure to the Request amounted to over 2,000 pages. In addition, it has
been necessary for me to consider evidence given to the Inquiry by other
witnesses. Accordingly, I have tried to provide the Inquiry with the relevant
information to answer the questions to the best of my ability. I have not had the
time to comment on each document in the disclosure bundle, given the short
deadline to submit my witness statement, nor have I explained some of the
technical concepts and terms pertinent to the Inquiry on the basis that I believe
many of these are well known and understood by the Inquiry through other
witness evidence. Should the Inquiry wish for further information or for me to
expand upon any matters raised in this witness statement, I will do my best to
respond within a reasonable timeframe.
Within the Request, I am asked at various points to comment on my thoughts,
beliefs, concerns, opinions, and observations using the benefit of hindsight. To
do so, I have drawn on my recollection from the time to the best of my ability.
However, given the amount of additional information I have learned from
various sources about Horizon (as defined below) in the 12 years since I left
POL, it is difficult for me to attribute precisely the source of the information I
have gathered.
References to “RMG’ are to Royal Mail Group. References to “SPMs” are to
SubPostmasters, Subpostmistresses, Managers and Assistants. References to
“Separation” are to POL becoming independent from RMG on 1 April 2012.
Page 2 of 63
WITN11130100
WITN11130100
“Horizon” refers to both variations of the Horizon IT Systems: Legacy Horizon
and Horizon Online. References to “Legacy Horizon” are to the first iteration
of the Horizon. “Horizon Online’ is the second iteration that was rolled out from
March 2010. References to “Crowns” are to Post Office branches owned and
directly managed by POL. References to “BEDs’” are to bugs, errors, or defects
with Horizon or any other IT system. References to “Fujitsu” are to Fujitsu
Limited.
7 A significant passage of time has passed since my tenure at POL (August 2008-
March 2012). In making this statement, I have sought to refresh my memory
from the contemporaneous documents provided by the Inquiry insofar as
possible. I make this witness statement to the best of my recollection,
knowledge, and belief. My legal representatives assisted me in preparing this
witness statement.
BACKGROUND
8 After completing my A-levels, I joined the British Army for 11 years. When I left
the Army, I joined the Police Service for seven years, rising to Detective
Sergeant.
9 Between March 1995 and February 1998, I worked for Orange Plc. I initially
started as their investigations manager, responsible for fraud and security-
related matters. I later became their Group Head of Security Management.
10 From February 1998 to June 2006, I served as the Chief Information Officer
(“ClO”) and Vice President of International IT of Verizon Business Solutions
Page 3 of 63
WITN11130100
WITN11130100
(‘Verizon’). In this role, I was responsible for IT development in EMEA (Europe,
the Middle East and Africa) and APAC (Asia-Pacific).
11 Between June 2006 and May 2007, I ran Mike Young Associates, my
consultancy providing technology advisory services to clients.
12 In July 2007, I became Vice President of Global Services at BT Group Plc. I
was responsible for establishing and overseeing the service delivery strategy
and executing capability for winning new business and in-life programmes (e.g.
managing service requirements for clients), including the National Health
Service, the Department of Works & Pensions, Credit Suisse, Reuters, and the
Ministry of Defence.
13 In August 2008, I joined POL as OD, reporting to Alan Cook (“Cook”), the
Managing Director. On 1 August 2008, the Board of Directors (“BoD”) ratified
my appointment to the BoD. I was also a member of the Executive Committee
(‘ExCo”). This can be seen from the Minutes of the Meeting of the Board held
on 20 October 2008 (Meeting minutes: Board meeting minutes held on 20th
October 2008 POL00021497). I regularly attended BoD, ExCo, and Risk
Committee meetings.
RESPONSIBILITIES WITH POL
14 On joining POL, my responsibilities were to develop and manage, at an
executive level, the partnerships and relationships with suppliers. My direct
reports included Andy McClean (“McClean”), Head of Operations Control, Neil
Ennis (“Ennis”), Head of Operational Efficiency, David Smith (“Smith”)
Page 4 of 63
15
16
17
WITN11130100
WITN11130100
(subsequently replaced by Lesley Sewell (“Sewell”)), Head of Change and IS
(Technology), Clive Bradley (“Bradley”), Head of Property Projects, John Scott
(‘Scott’), Head of Security, and Keith Rann (“Rann”), Head of Cash Vehicles
in Transit (“CVIT”). A list of my direct reports is set out on page 16 of the
Welcome Post Office Report (Welcome to Post Office Ltd Report V6
POL00429291). A few months after joining, I recruited Brian Deveney
(‘Deveney’), Head of Procurement/Sourcing. I cannot recall whether I recruited
Deveny from RMG or externally. Deveney also reported to me.
During my tenure, I ensured that all my direct reports kept me copied on emails
and that they briefed me on all matters that they thought appropriate to bring to
my attention (e.g. major IT or software related issues).
I was not responsible for the branch network or any of other POL group support
functions such as Finance, HR, and Legal.
My day-to-day responsibilities varied and often changed as set out below in
paragraphs 18 - 30. I was mainly responsible for the efficiencies (such as cost
control and optimising company processes) and budgets across POL. POL has
always focused on cost control and revenue opportunities to reach the ultimate
Government objective, which is to be self-sustaining. Program initiatives across
POL usually echoed success factors around revenue improvement and cost
efficiencies. One of the consequences of this endeavour was the centralisation
of very large program governance controls, particularly, as it relates to these
two fundamental aspects (revenue improvement and efficiencies) to ensure
Page 5 of 63
18
19
20
WITN11130100
WITN11130100
success. Ennis was the lead in this endeavour and through me we endeavoured
to report to the BoD, ExCo, program sponsors, and the Risk Committee.
Security responsibilities:
During my time, POL was the largest physical mover of cash in the UK. I
regularly met with the Bank of England (“BoE”) in London, as I was responsible
for numerous depots around the country and a fleet of 400 to 450 heavily
secured lorries, which carried and transferred large amounts of cash from
branches to the BoE. Security in the depots and the vehicles was a constant
concern. I was also responsible for CVIT security analysis and input to
employee awareness of security protocols. I was not responsible for the
RMG/POL investigations into potential criminality within the POL network or
involved in criminal prosecutions or civil litigation.
Third Party Relationships responsibilities:
I was managing third-party relationships (such as, the BoE, Driver and Vehicle
Licensing Agency (“DVLA”)) and IT relationships between POL and RMG,
Fujitsu, CSC, Ingenico (PayStation terminals), BT (the network), Logica (a data
system), and Prism (SAP and other associated management information
systems).
Regarding Horizon, Sewell managed the day-to-day relationship with Fujitsu
(i.e. managed approximately 90% of the relationship). I liaised and managed
the relationship with Fujitsu's top management, Duncan Tait (“Tait”), Group
Chief Executive Officer at Fujitsu, and Gavin Bounds, COO at Fujitsu. I knew
Page 6 of 63
WITN11130100
WITN11130100
Tait from when I worked at Verizon, as Tait was working at Hewlett-Packard at
the same time. During my time at POL, when we had issues (such as hardware
failures or connectivity issues) that were deemed necessary to be brought to
my attention, I would call Tait and discuss these issues with him.
Property responsibilities:
I was also responsible for overseeing all Property-related projects, which Clive
Bradley led. For example, our major projects included changes to the Crown
Network of Post Offices as they were being refurbished. Other property-related
projects included in-branch brand changes (to signage), work to SPM branches
that POL paid for, evaluation of potential office properties, discussions relating
to the potential relocation options with the ExCo, refurbishment of RMG’s old
offices, and office move for our headquarters.
Operational Efficiency and Operational Control responsibilities:
Other responsibilities included overseeing Operational Efficiency and
Operational Control, which McClean and Ennis led. The responsibilities
included ensuring all major programmes delivered their efficiencies and that
any expected benefit in revenues was realised. I also had to manage
relationships with ExCo sponsors (i.e. the relevant ExCo individual responsible
for a specific program) and the Finance department, which was time-
consuming. I was in regular contact with Mike Moores (“Moores”), the Chief
Financial Officer (“CFO”), regarding potential financial risks. During my time at
POL, I provided regular updates and progress reports at the ExCo or in BoD
meetings so that programme sponsors were kept updated on the various
Page 7 of 63
23
24
25
WITN11130100
WITN11130100
projects I was overseeing. Operational Control responsibilities included
ensuring that the Post & Go terminals (i.e. an automated machine that allowed
customers to weigh their letters and packets, pay for and print postage labels
and stamps without the need to visit the counter), Bank of Ireland Cash Points
(new and existing), Identity Booths (i.e. allowing branches to conduct
verification checks), and PayStations ran effectively.
IT-related responsibilities:
Regarding Legacy Horizon, I was responsible for ensuring that any IT-related
issues, such as network connectivity and blue screen issues (explained in more
detail below), were resolved. Overseeing IT issues only occupied an average
of 10% of my time. During the Horizon Online testing and rollout, my time spent
on IT matters could increase to 30%.
After Cook exited POL, David J Smith (“DJS”) became the Managing Director
(‘MD’) in April 2010. Paula Vennell’s (“Vennells”) job title changed to COO,
which had the potential to be conflated with my title (as OD) by vendors and
suppliers outside of POL. Accordingly, my title changed to Chief Technology
and Operations Services Director.
My roles and responsibilities remained the same, but I was unhappy about the
new title, which gave the impression that my role was limited to IT operations.
As discussed above, this was only a fraction of my responsibilities. In October
2010, DJS moved to RMG to become Chief Customer Officer, a role which
involved continued oversight of POL. A few weeks later, Vennells was promoted
to MD. Shortly after, I was promoted to COO. I recall Vennells continued to
Page 8 of 63
26
27
28
29
WITN11130100
WITN11130100
report to DJS until he left the Group in June 2011. Vennells then started to
report to Moya Greene, RMG Chief Executive and Alice Perkins (“Perkins”),
POL Chair, until RMG and POL separated.
Shortly before Smith retired, I hired Sewell, who not only had the relevant IT
specialism, but also had financial services experience. We enjoyed a close and
good working relationship. After Smith left in late March early April 2010, Sewell
was promoted to Head of IT & Change and became responsible for managing
Horizon (in amongst other responsibilities).
As COO, my priorities shifted to negotiating and managing the Separation.
From March 2011, I spent three days a week working on the Separation. I
handled all the outsourced IT contracts and negotiations. The Separation was
a complex process; I needed to not only separate numerous products and
services (ranging from a book of stamps to differing weights, measures, and
values around the delivery of parcels) but also put in place a framework to
manage any ongoing mutual use of those products and services between POL
and RMG, taking into account the emerging competition.
At the time of the Separation, Sewell was responsible for Horizon (amongst
other responsibilities) but would keep me informed of all the IT-related issues
that needed board-level input or oversight. I trusted Sewell to do her job and I
did not want to step on her toes. She asked for help when she needed it.
One year later, in March 2012, Vennells informed me that, I would no longer sit
on the BoD, once the Separation concluded, and my job title would not remain
as COO. I did not want to accept returning to the title OD, as I felt it would be
Page 9 of 63
WITN11130100
WITN11130100
seen as a demotion, so we came to a mutually agreed departure, and I left.
Shortly after, I informed Sewell and Human Resources that I was leaving POL.
Sewell was asked to step in as interim COO while a restructure was considered.
After the Separation, Sewell became the ClO.
30 During my first three years, I spent a lot of my time visiting Post Office branches,
getting a feel for everyone’s morale, and trying to see whether there were
strategies we could implement to help. Nothing in the branches was reported
to me that indicated there was something fundamentally wrong with Legacy
Horizon or Horizon Online. Still, to this day, I am unaware of an identified part
of Horizon code that someone can point to show that Horizon is fundamentally
flawed. I believe an effective IT system requires not only good technology, but
that technology needs to be wrapped in good processes and training for all
users. Like any IT system, they all have BEDs requiring fixes or updates.
Horizon Online was a significant upgrade to Legacy Horizon. I understand
Horizon Online is still used today.
ROLE AFTER POL
31 After leaving POL, I was appointed the Group CIO at Dentsu Aegis Network
between June 2012 and October 2016. I was responsible for all technology and
all data needs. I reported to the CEO, and I was a member of the Group
Executive. In October 2016, I became the Group ClO at Centrica, coordinating
all Information Services activities across the Centrica Group. From September
2021 to the present, I have been an advisor to VYN Intelligence and Digit Lab,
Page 10 of 63
WITN11130100
WITN11130100
advising on technology, digital, cyber and data strategies. Additionally, I mentor
C-suite executives in the technology sector.
KNOWLEDGE OF HORIZON
32 When I joined POL, Smith explained POL’s entire IT landscape to me and took
me to visit POL’s Model Office, which sat in the POL’s headquarters, to look at
the Legacy Horizon. I recall asking whether I could be trained on Horizon, which
covered the use of the improved touch screens. Subsequently, I received basic
training (a one-hour session) on the system covering the basic transactions.
These touch screens were complicated, and I would have required significant
training to be fully conversant in how the system worked. I do recall that
Postmasters and SPMs received training and a refresher training course every
year. We would normally visit most of the Crowns in London to provide support
where there were network problems and when there was significant footfall
(such as Christmas and other holiday periods).
33 At the time I joined, POL was still using Legacy Horizon. However, POL’s BOD
had already negotiated and agreed to the contract for the upgrade to Horizon
Online (i.e. the commercials and a draft plan were already in place). Fujitsu was
in the process of developing the Horizon Online code. I was not a part of any
initial discussion, decision-making, or the planning process of Horizon Online. I
was responsible for Fujitsu delivering Horizon Online to ensure POL made cost
efficiencies. Horizon Online was intended to provide added features to support
new revenue (such as financial services). Horizon Online allowed for an easier
way to deliver product and service changes. The contract with Fujitsu for
Page 11 of 63
34
35
WITN11130100
WITN11130100
Horizon Online that I inherited was not due to expire until 2015, so during my
entire time at POL, we were tied to Horizon Online and the contractual terms of
that agreement.
I never saw the entire Horizon contract between POL and Fujitsu. In my first or
second week at POL, I asked Smith for the full contract between POL and
Fujitsu to understand our contractual position that could impact the operational
matters that were my responsibility. He only sent me the simplified document
with the appendices relating to IT and technology (or an amendment to the
contract). Smith asked me to request the full contract from Legal. I spoke with
Legal, but I never received it from them. Despite not seeing the entire contract,
I was aware that POL did not own the Intellectual Property (“IP”) for Horizon
and that there was no contractual clause allowing POL to insist on a full audit
of Horizon, including the IT code. Despite the Inquiry disclosure process, I still
have not been provided with or seen the full POL/RMG contractual documents
with Fujitsu.
In early 2010, we started the rollout of Horizon Online in 20 Crown branches.
First, we chose our large Crown branches and other branches that were
considered and/or were most receptive to change. This pilot rollout was slow,
and there were minor issues (as explained elsewhere in this statement), not
untypical of a “pilot”. More problems arose after implementing Horizon Online
in the next steps of the pilot within Crown branches and a few rural SPM
branches. I was not unduly worried about the operational issues as you expect
every system to develop IT issues and BEDs during the testing and pilot phase.
As I have an IT background, I understand that you can fix these IT issues
Page 12 of 63
36
37
38
39
WITN11130100
WITN11130100
relatively fast with software changes and upgrades. The need to fix BEDs is not
unusual, nor is it an indication that there is fundamentally something wrong with
an IT system. A good example of this is when you install an update on your
iPhone. Such updates provide bug fixes and operational upgrades to your
phone. At this time, I was more worried about the ongoing impact on our
budgets because the rollout had slowed.
While I do not believe Horizon Online was the best system on the market at the
time, I would rate it in the mid-range. However, I strongly believe it was a
significant and promising upgrade to Legacy Horizon.
Legacy Horizon
Regarding my knowledge of BEDs in Horizon, I was only aware of two
significant BEDs within Legacy Horizon: (i) Blue Screen errors; and (ii)
Integrated Services Digital Network (“ISDN”) errors. I was not aware of any
coding issues with Legacy Horizon.
A Blue Screen error is a critical error displayed on the operating system’s
screen, indicating the system crashed and can no longer operate. At that point,
the Postmaster or SPM must shut down the terminal as they cannot reboot it.
They must call an engineer to visit the branch and replace the terminal. One of
the advantages of Horizon Online is that you can try to fix issues remotely
without having to call out an engineer.
The ISDN internet connection was fragile, and there was a lot of network
instability. The issue was mainly with backing-up data. If the ISDN was down or
Page 13 of 63
40
41
42
43
WITN11130100
WITN11130100
problematic, Postmasters and SPM could not back up their data centrally and,
therefore, reconcile their figures with Product & Branch Accounting (“P&BA”).
If a Post Office only had one Horizon terminal and that terminal experienced a
Blue Screen error or ISDN issue, that Post Office could not operate until an
engineer fixed the issue.
So far as I understand, the two issues described above are not linked to the
criminal prosecutions. However, I was aware of complaints about the integrity
of Legacy Horizon by some of the SPMs. I recall speaking to Smith about the
allegations when I joined POL. From memory, I believe he assured me verbally
that there was nothing wrong with Legacy Horizon and nothing to worry about
(or words to that effect).
Horizon Online
Regarding Horizon Online, from conversations with various stakeholders, I
understood that the design of Horizon Online was a collaborative effort with
input from Postmasters and SPMs. The architecture and design team
considered each party's requirements; everyone was consulted and had a
voice. Horizon Online then underwent a three- to four-week testing phase in
POL HQ's Model Office.
I became aware of several Horizon Online BEDs during the rollout. As I
explained in paragraph 35, I did not have an issue with the BEDs in themselves
but rather with how we dealt with them.
Page 14 of 63
44
45
46
WITN11130100
WITN11130100
The crucial difference between Horizon Online and Legacy Horizon was the
internet connectivity and the database. Horizon Online improved the systems
by automatically backing up data centrally instead of holding and storing the
data at the branch that then had to be manually uploaded to the central
database. Horizon Online delivered more operational stability than Legacy
Horizon due to better internet connectivity.
BEDs during Horizon Online’s testing phase caused the rollout to be paused
for several months. The problem was that Fujitsu did not understand what the
BEDs were. It took Fujitsu some time to find the cause of the problems. In June
2009, I briefly considered rolling back the pilot and returning to only using
Legacy Horizon. In an operational meeting between my team and Fujitsu, I
briefly commented on the possibility of having to roll back to the use of Legacy
Horizon, which could inevitably lead to “stopping” the Horizon Online rollout in
its entirety. I had seen an email from Andrew Hall dated 9 June 2009, which set
out the contents of that meeting. Hall writes “The meeting opened up with Mike
Y reminding Fujitsu with considerable force that despite a re plan: (i) the Post
Office remained unhappy with Fujitsu; and (ii) That this was the very last chance
for Fujitsu” (Email from Andrew Hall to Peter Rowley, Lester Young, Alan
Alvarez, Mike Wood, Clive Bailey, Peter Jeram, Paul Goodge, Steve Goldsmith
David Roberts re meeting with Post Office 9/6/09 FUJ00126078). Ultimately,
my worry was meeting customer demand in branches and the potential for
ongoing impact on revenue streams.
In March 2010, we learned that the faults causing the service interruptions and
delays during Horizon Online’s pilot were two different Oracle BEDs (i.e. faults
Page 15 of 63
WITN11130100
WITN11130100
in the Oracle database software). The two Oracle BEDs caused a data
mismatch; therefore, I still maintained that there was fundamentally nothing
wrong with the system.
47 In the end, I trusted Fujitsu to do their job. Fujitsu and Oracle resolved the
issues, and then we continued the roll-out. I recall Fujitsu resolved issues
before Horizon Online’s main roll-out and therefore should not have impacted
any prosecutions.
48 As Head of IT, Sewell was responsible for liaising with the branch network,
procurement, the Crowns, and SPMs. I cannot recall personally informing and
updating Vennells of the issues. I am sure Vennells would have been informed
via her other direct reports.
CONCERNS WITH THE INTEGRITY OF HORIZON
49 Beyond the operational issues mentioned above (i.e. change management
failures, hardware failures, two Oracle bugs experienced in pilot, and the items
for action in the audit findings), I could not see anything with Horizon that
indicated any weakness in integrity of the platform/service. I was ever mindful
that the Justice for SubPostmasters Alliance (“JFSA”) frequently indicated in
the media that they had been impacted by some part in the reconciliation
process. I, however, could not see anything on the platform/service that
evidenced this. Despite the lack of evidence, that the system had failed in some
way, I did ask Fujitsu several times to review the Horizon code. It is only the
last request in 2012, that they agreed to do so (which is discussed in more detail
below).
Page 16 of 63
50
51
52
53
WITN11130100
WITN11130100
To be clear, I never saw Horizon Online’s IT code, as POL did not own the IP
or the contractual right to review the code; however, I sensed that the code was
good because it worked across a significant branch network and an extensive
product and service portfolio, with few problems. I am still not aware of any
integrity issue surrounding the Horizon Online code. I believe there are three
key components of an effective IT programme: (i) IT system; (ii) process around
the use of the IT system; and (iii) training.
Having followed the Inquiry, it is my view today that the end-to-end process was
not comprehensive enough and that there was not enough in-depth training
provided to SPMs, and their staff on a regular basis.
When I joined POL, I did not know that Fujitsu via Horizon could insert, edit, or
delete transaction data or data in branch accounts without the knowledge or
consent of SPMs, managers, and/or assistants, nor that such actions would not
leave a robust audit trail.
I was unaware of any remote or privileged access being exercised without the
consent of the Postmasters or SPMs. I understood that if an SPM phoned the
help desk for assistance, Fujitsu could assist remotely, but only with the consent
and approval of the SPM. I had no belief, understanding, or even inkling that
Fujitsu could remotely access the system independently; I believed the SPMs
needed to be part of that process. Only when I became aware of the Second
Sight interim report (“Second Sight Report”) after I left POL did I discover that
Fujitsu gained access to the SPM’s data without their consent. It should be
Page 17 of 63
54
55
56
WITN11130100
WITN11130100
noted, I was not involved in the commissioning of Second Sight, a forensic
accounting firm.
Further, the Second Sight Report made evident that the process with Horizon
may not be entirely auditable. This was despite Fujitsu's previous assurances
of end-to-end auditability of actions on the system. Knowing now of the
possibility for the lack of auditability and keystroke recording once a Fujitsu
employee gained remote access is a significant concern to me.
As Ernst & Young (“EY”) was on RMG’s consultancy panel, RMG had agreed
one year in advance (in 2010) to conduct an audit of Horizon. EY’s audit report
(“EY Report’) raised issues with privileged access to Horizon. This can be seen
in EY’s management letter for the year dated 27 March 2011 (Ernst & Young
Management letter to POL for year ended 2011 POL00030217).
Privileged access means the permission level of an individual at Fujitsu (e.g.,
an engineer) who has the ability and access to change, add, or delete data on
Horizon. As I explain later in this statement, there were different levels of
privileged access. One of EY’s concerns was the number of individuals at
Fujitsu with privileged access. The EY report confirmed that this area needed
review and some improvement. As an example, one of the employees with
privileged access at Fujitsu had left the business, but their access remained. I
had expected a more robust and automated process to be in place in a tech-
company like Fujitsu. Usually, when an employee exits a business, the
company has automatic controls to disable their IT access to account for the
possibility of human error.
Page 18 of 63
57
58
59
WITN11130100
WITN11130100
Fujitsu should also have limited the highest level of privileged access to one or
two employees (e.g. engineers). The EY report confirmed that four or five
employees at Fujitsu had the highest level of privileged access to Horizon. In
my opinion, Fujitsu could have provided temporary permissions to the privileged
access levels to cover users who were sick or on holiday or provided different
levels / tiers of access (e.g. tiers 1 — 5 offer different access levels, tier 1 being
the engineer). Fujitsu subsequently remediated the privileged access issue,
which was undoubtedly reviewed in follow up audits.
Concerns During my time at POL, I received two phone calls from Computer
Weekly, a Technology magazine. I cannot recall when I received the first phone
call, but it was at a time when only a handful of SPMs had complained. I
remember stating that (in line with what I had been told by my team and from
Fujitsu) Horizon was a reliable IT system, as I believed, at the time, there were
no issues (or words to that effect). I believe Computer Weekly quoted me in one
of their articles. I immediately informed Cook and ExCo that I was quoted in the
magazine.
The first phone call from Computer Weekly was the first time I became aware
of concerns being raised regarding the potential integrity of Horizon. At the time,
I thought Computer Weekly was only looking for a comment from me for their
article. After I was quoted in Computer Weekly, I immediately informed the
ExCo. In an ExCo meeting there was a discussion around the Computer
Weekly article but it only lasted five to ten minutes. Prior to attending this ExCo
meeting, I shared my concerns with Smith to see if he had any additional
information that Fujitsu might have provided on the issue. He did not. I also
Page 19 of 63
60
61
WITN11130100
WITN11130100
inquired whether McClean had any further information that could be cause for
concern with Horizon; he was unaware of any. I do not recall any SPM
complaints or issues from the branch network raised as a direct consequence
of the Computer Weekly article.
On page 43, paragraph 141 in Vennells’s first witness statement, (Paula
Vennells Witness Statement WITN01020100), she stated, “[Mike Young] said
it was a trade magazine that did not know what it was talking about in relation
to Horizon”. To clarify, I did not state it was a “trade magazine” or say the
magazine did not know what it was talking about. I recall stating the article was
one-sided, not a balanced story, and not an accurate reflection on how POL
and Fujitsu were running Horizon. The magazine was sent to members in the
technology industry, such as chief information officers and chief technology
officers, and is sponsored by some of the largest technology houses, such as
Microsoft. Vennells misinterpreted what I said.
I received the second phone call from Computer Weekly during the Separation
negotiations with RMG (between October 2011 and February 2012). I believe
it was the same individual who called the first time, and I responded similarly,
“there are no issues with Horizon”. I was now concerned when the number of
SPMs who experienced issues became more than 80. Accordingly, I
immediately informed Tait and Vennells and said, “enough is enough” let's
undertake an independent review of Horizon. I told them we urgently needed to
conduct a proper independent investigation into Horizon. It became apparent
that the media focus on Horizon would not go away. I recall asking Tait for
Fujitsu to pay for the investigation but for POL to lead it. I was expecting to sit
Page 20 of 63
62
63
64
WITN11130100
WITN11130100
down with both Tait and Vennells to inform them that we needed to review the
quality of the Horizon Online code; however, we never met before I left POL. I
knew there had been some phone follow ups between Tait and Vennells - the
outcome of which I do not recall.
Additionally, as mentioned above, I became aware of the Second Sight Report
and its outcomes after leaving POL. To this day, I do not believe a full
investigation into the Horizon code has taken place to determine whether there
was an actual code issue with Horizon or just the processes followed and
training around it being deficient. In my opinion, POL needed one of the big
forensic consultancy firms to look at the entire Horizon operating framework,
inclusive of process, training, and, most importantly, the Horizon code itself.
To conduct such an investigation would have taken much longer and incurred
significant costs. Second Sight’s investigation did not encompass an evaluation
of the quality of the Horizon code, but they established that remote access had
occurred without following the correct protocol of having the SPM’s consent.
This raised doubts that the actions of such remote access were fully auditable,
as has been aired through the media and subsequently in the Inquiry.
I want to make clear that no one at POL told me what to say to any media
requests that were directed to me. POL never told me to take a stance and
defend Horizon. If I had felt Horizon, at the time, was flawed, or if I saw any
evidence to suggest that there were issues, I would have confirmed this to ExCo
(inclusive of Vennells), but I did not.
Page 21 of 63
65
66
67
68
WITN11130100
WITN11130100
Further, Rod Ismay’s (“Ismay”), Head of P&BA, report (“Ismay Report”)
confirmed there was nothing wrong with Horizon. I discuss the Ismay Report in
detail below in paragraph 90.
Regarding discussions with POL’s ExCo, I had no other discussions with any
ExCo members further to what I described in paragraphs 32 to 65 above. I
believe I was only copied on emails for good housekeeping. I was not expecting
to be involved. I have not been able to review all emails from the time in
preparing this statement.
In considering an email from Vennells to Davies dated 30 November 2018
where Vennells stated “as we know, the consistent answers from FJ and ClOs
(Lesley Sewell and Mike Young before her) was that it was not possible [to
access the system]) (Email from Mark R Davies to Paula Vennells re: Strictly
confidential and legally privileged POL00163407). As I mentioned above in
paragraph 53, I knew as with most IT systems, you could gain access remotely.
However, I did not realise any remote or privileged access to branch data was
gained without the consent of the Postmasters or SPMs.
In my familiarisation with Horizon, when doing the basic training and talking to
branch managers and SPMs, I became aware of how remote access was
administered through managing a problem (that may be system, process, or
both). This was further underlined through the Ismay Report. Accordingly, I
knew that the correct process was that SPMs needed to provide consent for
any remote access to their branch data. I was unaware of any unauthorised
access until I saw Second Sight’s evidence relating to the Inquiry. I also
Page 22 of 63
WITN11130100
WITN11130100
believed all actions taken on the system remotely were auditable by checking
the event logs. I do not believe Vennells and I ever spoke about the issue of
remote access or the ability to change data, although, undoubtedly, like me,
Vennells would have received the EY Report and its findings. To be clear, most
software in the world can be accessed remotely, as this is a necessary
operation for any modern IT support function. For example, the National
Security Agency, Central Intelligence Agency, etc., can all be accessed
remotely. Remote access to IT systems is the standard used by IT support
functions to try and resolve issues quickly and efficiently.
69 There were no assurances I needed to provide to Vennells or any other POL
colleagues, as I did not see anything fundamentally wrong with Horizon (or its
IT code) at the time, other than minor bugs and glitches that would normally be
expected in a pilot.
EARLY ROLES AT POL
70 My role as OD was very extensive. As mentioned in paragraphs 13 to 28, my
role was not an “/T guy’ (as Vennells describes). As can be seen from
POL00021497 and (Meeting minutes: minutes for Board meeting held on 19th
January 2009 POL00021498), I was responsible for very large programs across
the entire POL business. These programs were complex by nature requiring
significant investment and often culminated in lengthy and arduous negotiations
with diverse clients such as the DVLA, Bank of Ireland, Fujitsu, etc. These
negotiations, while challenging, were a crucial part of our efforts to improve
revenues, create efficiencies, improve customer footfall in the post offices
Page 23 of 63
71
72
73
WITN11130100
WITN11130100
themselves, as well as improve customer experience. At the time, nothing the
Post Office sold in its branch network was unique to the business and
competition on the high street was fierce.
Operationally, my role had to ensure end-to-end operations ran smoothly. This
included CVIT and the related depots, as well as all the systems in branch (e.g.
Post and Go Machines, cash points, identity booths, screens, etc). Other
responsibilities were property changes & closures and all matters outside of
investigations, as it may relate to security. Additionally, I hired a procurement
director to formulate a best practice procurement framework in order to change
behaviours around purchasing and manage third party suppliers. This brought
another avenue in our efficiency drive across the POL business.
Most of my time was spent negotiating contracts with third parties. It was
imperative that, in an increasingly online world, POL could offer products and
services so that people had a reason to use the Post Office or Post Offices in
their community. Otherwise, Post Offices could be subject to closures.
Accordingly, POL had to make cost-saving efficiencies and/or obtain revenue-
increasing opportunities to safeguard the Post Office network.
Further, in BoD meetings, I was asked to provide status updates regarding the
Horizon Online rollout and whether delays would impact other programmes. As
seen in POL Board Minutes dated 19 January 2009, Sue Whalley, Strategy
Director, asked for “clarification as to whether any delays would impact other
programmes” (POL00021498). While the delay of the rollout initially caused
some concerns about potentially impacting other programmes, Fujistu made up
Page 24 of 63
WITN11130100
WITN11130100
for lost time by deploying additional resources to the project therefore limiting
the impact of the initial delay.
74 Additionally, I recall being a member of the Investment Committee (“IC”). This
was mainly due to my part in supporting Ennis regarding governance on large
programs across the POL portfolio. I recall attending the POL IC meetings. I was
responsible for several mandates, including costs and negotiations. At IC
meetings, I would provide updates regarding the revenue or cost efficiencies of
the projects (Minutes from the POL Investment Committee meeting
POL00338301).
COMPUTER WEEKLY ARTICLE — 11 MAY 2009
75 As I mentioned in paragraph 58, I shared the Computer Weekly article with the
ExCo (Bankruptcy, prosecution and disrupted livelihoods - Postmasters tell
their story; reported by Rebecca Thomson - Article POL00041564). From
memory, I discussed the article in a full ExCo meeting. I wanted everyone to
know that I was approached and questioned on this issue.
76 No specific actions or follow-ups were discussed about the article after having
had the dialogue at the ExCo / BoD meeting. Some participants (I cannot recall
who) were already aware, while others were not. Before the discussion, I spoke
to my team, as I later did with other media articles of a similar nature, to ensure
they were unaware of any issues that may point to a known problem on Legacy
Horizon. This did include my Operations team briefly discussing the issue with
their counterparts in Fujitsu. Nothing was brought to my attention, and I believed
the system was running well within normal parameters.
Page 25 of 63
WITN11130100
WITN11130100
77 Beyond sharing the Computer Weekly article with ExCo, I did not have any
updates to provide POL ExCo or the Board regarding Horizon. The ExCo
meetings did from time to time discuss media stories (e.g. radio, Channel 4, etc)
as they arose.
LEGACY HORIZON, ROLL OUT OF HORIZON ONLINE AND RELATIONSHIP WITH
FUJITSU.
78 Asdiscussed in paragraph 34, I was not involved in developing the requirements
for Horizon Online. On joining POL, Fujitsu had the development of Horizon
Online code underway, and the contractual elements had already been
negotiated; in essence, it was an IT upgrade that I inherited. I was focused on
developing the final roll-out plan. At that point, I did not believe there were any
issues with Horizon beyond what I have already described. As mentioned above,
we started by rolling out Horizon Online in 20 Crowns as part of the pilot stage.
79 I was apprehensive about the ability to achieve the cost efficiencies, as Fujitsu
was already behind on the rollout. The delay caused a knock-on effect on other
programs because they, too, had cost efficiencies associated with them
(POL00021498). Fujitsu worked tirelessly to deliver on time; they did more than
they needed to in terms of helping us with our efficiencies. I want to stress that
my relationship with Fujitsu was professional and courteous. I did not shy away
from confrontation when I felt the service in any shape of form had fallen below
expectation. I knew we were tied to the contract that I inherited until 2015, so I
wanted to ensure that we could deliver the IT programme as envisaged. This
necessitated a good-working relationship, but I was not afraid to “call them out”
Page 26 of 63
80
81
WITN11130100
WITN11130100
if necessary. I was not the easiest person to keep happy, but I was very
conscious about celebrating successes jointly with Fujitsu when it was warranted.
Problems that were encountered with Horizon Online during my time at POL
were the delays in the pilot and rollout that were caused by two different Oracle
BEDs. The rollout started on time, but then issues began to arise. At first, I
classed these issues as “teething issues” that could be easily overcome. It was
Fujitsu’s code, and they formulated it (any bugs associated with it would have
been resolved by them). Therefore, the competencies for that resolution were set
by Fujitsu. Accordingly, I believed the Fujitsu team could fix them relatively
swiftly; understandably, at that point, the rollout started to slow down.
Once Sewell had updated me that Fujitsu was struggling to diagnose the Horizon
Online bugs during the pilot phase, I recall writing a strongly worded letter to Tait
dated 10 May 2010 expressing my frustrations and dissatisfaction with Fujitsu.
(Letter from Mike Young to Duncan Tait re Current standing on Fujitsu contract
FUJ00095658). This formal letter was copied to the General Counsel and Group
ClO of RMG as a courtesy because they provided an evaluation of the next steps.
The letter was designed to communicate RMG/POL Group's discontent around
the early Horizon Online rollout issues. There was a worry about the quality of
the Horizon code, hence the ask for a review, and a worry about staffing levels,
hence my ask for Fujitsu to go “open book’ and let us review their operations and
performance on the contract. It also laid a potential foundation for a claim of
contractual non-performance. I was even more frustrated with Tait’s late
response on 30 June 2010 (Email from Gavin Bounds to Duncan Tait, Re:
forwarding email of 30/06/2010 re: response to your letter, FUJ00096312).
Page 27 of 63
82
83
84
WITN11130100
WITN11130100
I believed Fujitsu's resourcing on this project was too lean. I wanted them to
resource the project more adequately. As mentioned in paragraph 81, I asked
Tait to go “open book’ as I wanted full transparency to see the level of resources
Fujitsu were using, e.g. coders, support team, infrastructure team, etc.
(FUJ00095658). However, the contractual terms did not allow me to make such
demands of Fujitsu. After the letter exchange with Tait, I remember calling him to
ask, “Why won't you let us look at your systems?”. Tait said, “Because there is
nothing wrong with the system” (or words to that effect).
Again, I want to stress that I was not worried about the BEDs; I believed Fujitsu
could fix them. I did not realise how long it was going to take Fujitsu to identify
the source of the bugs (i.e. the Oracle BEDs). At that point, we were weeks
behind schedule, and I did start to get worried. I did not raise the issue directly
with Tait at this time because I believed the best thing was to allow the
operational teams time to resolve them. I recall either emailing or mentioning to
Sewell my concerns, to which she replied, “Leave it with me” (or words to that
effect). Sewell was competent in running these types of issues. I trusted Sewell
to oversee the remediation of these issues by Fujitsu. I did not want to
immediately call Tait and step on Sewell’s toes as Head of IT.
At some point, Sewell informed me that Fujitsu did not know the cause of the
problems, but knew they were bug related. Therefore, Fujitsu could not develop
a fix. I was highly concerned because if we were not able to deliver Horizon
Online, or if the delays became too prolonged, we would not meet our targeted
efficiencies. However, we were too far into the project for it to just be stopped. If
we did stop Horizon Online, we would still have had to find a way to work with
Page 28 of 63
WITN11130100
WITN11130100
Legacy Horizon’s issues (i.e. the blue screens and ISDN issues). A few weeks
later, Fujitsu addressed the issues with Oracle and continued the rollout. I was
unaware of any significant issues with Horizon Online after this point.
POL RESPONSE TO HORIZON CRITICISM IN 2010 AND THE ISMAY REPORT
85 I recall watching parts of the Channel 4 documentary, but I cannot remember
when I watched it or the details.
86 Regarding the Channel 4 programme, I saw nothing in the programme that
allowed me to “unpick” anything in Horizon. When these matters were brought to
my attention, I would generally speak to Sewell and ask her if we were aware of
any technical issues arising from Horizon. Sewell would have spoken with her
counterparts at Fujitsu before giving me her updates. From an IT standpoint,
there was no evidence to be drawn from what we could see in the operations of
Horizon or via the teams that were supporting it that gave any corroboration to
complaints made by the JFSA (and its members) through various media outlets
(including the Channel 4 programme). If there were IT problems with the system,
it would be a problem that was also experienced in Crowns, as well as with SPMs.
87 At the time, I was focused on understanding from my direct reports whether it
was a process rather than an IT system issue because I could not see anything
relating to BEDs. I knew that one of the differences between Legacy Horizon and
Horizon Online was that Legacy Horizon’s data was stored in the branches and
had to be manually uploaded, whereas Horizon Online’s data was automatically
centralised in a datacentre. The centralised process allowed the P&BA team to
Page 29 of 63
88
89
90
91
WITN11130100
WITN11130100
review that data, request an investigation should anomalies be present, and
request Fujitsu to provide their audit logs.
At the time, neither Ismay or Fujitsu could find any system network or data issues.
I was satisfied that the centralised data allowed us to audit the event logs.
Accordingly, I could only assume that the branches made user errors. I want to
make it clear that there were genuine cases of theft in the network.
Equally, it was also clear that some SPMs would allow non-Horizon trained staff
to use the system, which could cause errors. Under the SPMs contractual terms,
only trained staff could operate the Horizon terminals.
After the Channel 4 documentary aired, POL received considerable media
attention and scrutiny. Accordingly, DJS asked Ismay to conduct an internal
investigation, which resulted in the Ismay Report titled “Horizon—Response to
Challenges Regarding Systems Integrity,” dated 2 August 2010 (Horizon —
Response to Challenges Regarding Systems Integrity POL00026572).
On 29 July 2010, Ismay sent the draft report to me, DJS, and Moores (Email
chain from Rod Ismay to Rod Mark Burley, lan Trundell, Dave Pardoe and
others Re: Horizon Challenges - Draft report with attachments POL00120479).
At the time, P&BA was responsible for reviewing all the data and overseeing the
financial/transaction activities. DJS chose Ismay to lead the internal investigation
because he was bright, informed, unbiased, understood IT, process, training, and
had a good relationship with the branches in the network.
Page 30 of 63
92
93
94
95
96
WITN11130100
WITN11130100
The Ismay Report confirmed that the system was not flawed. The report analysed
some of the more high-profile prosecutions that were highlighted in the media,
and his report determined that the information and evidence used in these cases
were reliable. At the time, the Ismay Report solidified my view that there was not
a technical problem with Horizon.
I was not involved in preparing the Ismay Report. DJS informed me that Ismay
was conducting an internal investigation, and I believed it was an appropriate
decision. It was my understanding that DJS could have requested an
independent investigation at this stage.
I believe Ismay requested and reviewed the data from my team and other
information and data that he had access to. I saw the final Report and discussed
it at an ExCo meeting, which at the time, provided us with comfort that there was
not an IT issue with Horizon. I was not involved in the decision for there to be a
report or in the preparation of the report.
I recall discussing the contents of the Ismay Report with Sewell, but I did not
distribute widely based on some of the sensitivities associated with it
(prosecution case analysis). I briefly discussed the contents of the Report with
the CFO, Moores, and then had a short discussion with DJS. Both discussions
merely covered the content of the Review and nothing additional.
The Ismay Report gave me comfort that there was no core Horizon system error.
As mentioned above, Ismay explains that the problems could be either a process
issue or simply that the SPMs took the money. I did not let Fujitsu know of the
Ismay Report, as it was an internal document only. Additionally, I wanted to keep
Page 31 of 63
97
98
99
WITN11130100
WITN11130100
pressure on Fujitsu to ensure Horizon was working optimally, especially
considering the negative media and scrutiny around Horizon.
Through email correspondence that I was copied on, Board and ExCo meeting
minutes, and seeing some of the visitors attending our HQ, I became aware that
there was more political pressure being applied to POL regarding issues such as
separation from RMG, formulation of a new Board (post separation), the future
strategy POL, continuing funding debate of POL going forward, and invariably in
some measure some of the media output that was playing out in regards to
Horizon. For example, I was copied on an email chain from Smith to Granville,
Sewell, and Martin Humphreys on 21 July 2010 discussing a previous email from
Oliver Griffiths explaining that “there is recent interest from MPs in purported
cases where the Horizon system has left SPMs out of pocket [...] there will be
Significant political heat” (Email Tracy Abberstein on behalf of David Y Smith to
Mike Granville, Martin Humphreys, Lesley J Sewell cc Mike Young re FE
Justice for SPMS POL00417098).
I forwarded an email to Mark Burley, POL’s Horizon Program Director, from Smith
tome, Sue Huggins, and Mike Moores dated 21 July 2010, where Smith informed
us that “Channel 4 will run a new item on the same issue”. By forwarding that
email, I wanted to stress that POL was under pressure due to a service it took
from Fujitsu (Email chain from Mark Burley to Mike Young, Sue Huggins cc Nick
Beal and others re: RE: Urgent channel 4 horizon issue, POL00120481).
I was aware of some of the prosecutions, but I was not involved and did not know
any factual details. I did not see any of prosecution case papers or audit logs that
Page 32 of 63
WITN11130100
WITN11130100
I assumed must have been used to show evidentially that there had been
dishonest use of the Horizon system (i.e. evidence false accounting or theft from
the system).
100 Regarding POL’s approach to the media criticism of Horizon, Legal and Public
Relations (“PR”) were normally involved in formulating how to address the media.
I believe Legal threatened to sue Channel 4, which caused delays in airing the
programme. In an email from Katie Brown, Producer Channel 4 News Film, to
Paul Budd, External Relations Director, dated 26 July 2010, Brown stated “We
are postponing tonight's broadcast as we are still working on the investigation.”
(Email from Rod Ismay To: Michele Graves, Mandy Talbot, Rebekah Mantle
and others re Press Office response to Channel 4 - July 2010 - C4 News item
"postponed" POL00338347).
101 ‘I recall during an RMG/POL BoD meeting, we were informed that Mary Fagan,
PR Officer, contacted Cook or DJS to tell them about the Channel 4 programme.
I understand the Channel 4 Programme aired a few weeks after this email.
102 Granville asked whether I was prepared to stand behind the system. As far as I
was concerned, there was nothing I could see or was being told that was wrong
with the IT system itself. I could not see any IT BEDs that would have caused
any transaction or reconciliation errors. Whenever a significant media alert was
announced attacking Horizon, I spoke to my team (e.g. Sewell, McClean, etc.,
who were engaging with Fujitsu) to ask whether I was missing anything and
whether there were issues with the IT systems that could be causing the
Page 33 of 63
WITN11130100
WITN11130100
problems complained of by the affected SPMs. These conversations were
immediate, and no known issues were brought to my attention.
103 I received an email dated 22 July 2010 from Mark Burley to me and Sue Huggins
copying Nick Beal, Philippa Wright, Michele Graves, and Mike Moores. In this
email, it outlines that every time Horizon was challenged in court, POL achieved
a successful outcome. And, therefore, I felt it was fair and right to back Horizon
(Challenges as to the Integrity of Horizon, POL00424359). Ismay’s report also
elaborated on why some SPMs were wrong to blame Horizon. I had no evidence
to undermine Ismay’s report.
KNOWLEDGE AND INVOLVEMENT IN PROSECUTIONS AND SUSPENSIONS OF
SPMS
104 I was not involved in any of the prosecutions of SPMs by POL or RMG.
Additionally, I did not receive any training regarding the prosecutions, as I was
not involved. It was not part of my area of responsibility.
105 When I joined POL, I knew that RMG/POL had a prosecuting arm. I was aware
that POL used a criminal barrister to prepare prosecutions on their behalf, i.e.
instead of the Crown Prosecution Service bringing case, POL would present their
case file to the criminal barrister who advised RMG/POL, and then would present
the case on their behalf in court.
106 When I joined POL, Cook informed me that RGM and Legal were responsible for
conducting investigations and prosecutions, and that this would not be part of my
operational roles and responsibilities.
Page 34 of 63
WITN11130100
WITN11130100
107 Prior to my arrival, Tony Marsh (“Marsh”) was the head of security at POL.
Subsequently, Marsh was promoted to be the head of security at RMG, and Scott
was promoted to head of security at POL. Later, I spoke with Scott, who
confirmed that investigations were conducted at RMG. A few weeks after Marsh
moved to RMG, he requested a meeting with me. In that meeting, Marsh asked
to combine the security departments at RMG and POL. However, as I knew the
RMG and POL Separation was coming, it did not seem that it was the right to
time to merge the two functions, so I refused his proposal.
108 During my time at POL, I was unaware that Fujitsu was providing prosecution
witness statements supporting prosecutions. I can understand that Fujitsu might
have to provide information and evidence for the cases such as logs and audit
trails, but that Fujitsu was providing expert evidence on the system itself would
not in my opinion be considered truly independent.
109 I had no role in determining or investigating the issues relating to the experience
of the SPMs that led to them being prosecuted.
110 Further, I was not involved in the prosecution of Seema Misra. I only became
aware of this case after seeing the Channel 4 programme and reading the Ismay
Report. I was not copied on the initial email dated 21 October 2010 regarding the
conviction of Seema Misra (Email from Rod Ismay to Jarnail A Singh, Mandy
Talbot, Hugh Flemington and others re Regina v Seema Misra - Trial result,
POL00169170). I was not aware that as a result of a successful RMG/POL
prosecution, a pregnant lady was imprisoned.
Page 35 of 63
WITN11130100
WITN11130100
111 Occasionally, in BoD meetings, discussions regarding prosecutions would be
had between the Chair, the MD (Cook or DJS), Vennells, and Susan Crichton
(“Crichton”), General Counsel. I did not have anything to contribute and did not
stray into these discussions, as I had no direct knowledge of responsibility for or
involvement in the cases.
112 An email from Will Russell (“Russell”), POL’s Commercial Advisor, to Lesley
Sewell dated 4 March 2011 confirmed that any discrepancies with those
branches involved with the very early pilot would be dealt with expeditiously so
that no branch lost money and any potential gains made were kept by branches.
Specifically, Russell wrote “we have agreed to write off the losses and repay the
gains via Subpostmaster pay,” (Email from Rod Ismay to Simon Baker and
Susan Crichton re: Receipts and Payments issue, POL00188382). Accordingly,
I do not believe prosecutions were based on the reconciliation discrepancies with
SPMs accounts using Horizon Online, as it was still in very early pilot stage,
mainly in Crowns.
113 Regarding POL’s security performance presentations, I do not recall receiving
the security performance presentations (Email from Mark Dinsdale to Adrian
Morris, Alan X Simpson, Ali Piper and others re Security Performance Pack
ver3 POL00338296) and (Post Office Ltd Security Performance Pack Period 4
- 2010/11 POL00338297). The first time I saw these documents was during this
Inquiry. This document clarifies that the Security department, which I oversaw,
had many responsibilities, not just investigations. The biggest task for Security
was to manage the CVIT-related risks. Again, I was not part of the prosecution
process that was overseen by Legal.
Page 36 of 63
WITN11130100
WITN11130100
114 Regarding my understanding of any MOU discussions with RMG, I saw an
email from Alwen Lyons (“Lyons”), Company Secretary, to Crichton dated 14
March 2012, which stated, “Mike would have stamped on this very quickly’
(Email from Susan Crichton to Alwen Lyons RE: Investigations MOU - talks with
MDA at a standstill POL00179491). This email concerns the memorandum of
understanding on investigations relating to Separation and each party's
ongoing roles and responsibilities. I was unaware of the MOU discussion that
took place on 14 March 2012 (as I had left POL). As part of the Separation
negotiation framework that I was leading on POL’s behalf, security and how
both POL and RMG would continue to work post-separation had already been
agreed upon, and I cannot recall how this was specifically framed. However,
the good working relations and cooperation between RMG and POL security
teams were undoubtedly set to continue. This email, dated 14 March 2012,
seeks to change this somewhat in RMG’s favour, knowing that I as negotiation
lead on behalf of POL, had now left.
115 POL was still reliant on RMG to assist in conducting investigations. So far as I
know, POL and RMG continued to work together after the Separation. After I
left, I suspect that RMG was planning on changing their security process. From
the email, I suspect Lyons implied that I would not have allowed changes to
POL’s security process.
Page 37 of 63
WITN11130100
WITN11130100
INFORMATION PROVIDED TO BIS IN 2010 FOLLOWING COMPLAINTS FROM
JFSA
116 I was not involved in updating the then Department for Business, Innovation &
Skills (“BIS”) regarding Horizon issues.
117 Vennells or Perkins were responsible for updating BIS and Government
relations generally. I am aware that there was regular communication with the
Government, which was to be expected given they were the main shareholder.
118 I am also aware that prior to the Separation one of the non-executive roles on
the POL board was taken up by BIS. From that point on, they would take an
active part in POL BoD meetings. Occasionally, Vennells and Perkins would
update the Board on their contact with the Government. I was not involved and
had no direct relationship with anyone in Government. I, nor anyone from my
IT team, were asked to attend any Government meetings. I would be copied on
emails as a part of the general circulation at the executive level.
119 My general approach to my significant level of email traffic would be that I did
not respond to an email unless I had something to contribute. I received 300-
400 emails per day. I was often copied on emails (for example, as seen in
POL00417098). I read all my emails that I received but prioritised emails from
the Board, management, RMG, senior stakeholders, or urgent emails. I
responded quickly to those emails. It was always my practice to not put off
dealing with matters that I considered important. I deal with issues there and
then. Otherwise, I believed things could get overlooked, as my working days
were so hectic. I was juggling many different responsibilities (‘wearing many
Page 38 of 63
WITN11130100
WITN11130100
hats”). Also, I was fortunate enough to have an experienced PA who was able
manage my inbox, so that irrelevant emails were deleted to help keep my inbox
from being too overwhelming.
120 As I was leaving POL, I recall advising Sewell to also deal with problems
immediately whilst she assumed the role of interim COO.
121 I do not recall being involved in any written or telephone responses to MPs
regarding Horizon.
122 Atthe time, in December 2010, there was nothing that suggested to me that the
integrity of Horizon was flawed other than the JFSA complaints. I was told by my
team that there were not any known issues with the IT systems that correlated to
the issues being raised by the JFSA. More importantly, the system was running
well and according to expectations.
123 I recall an email dated 29 November 2010 from Mike Granville regarding
correspondence regarding BIS (Email from Mike Granville to Mike Young re:
Horizon query in confidence POL00417094). I do not recall this email in detail
other than that it appears to be related to delays in the Horizon Online pilot and
rollout. At this time, I did not see anything that suggested the system was not
operating within normal parameters, as delays in rolling out new IT change
programmes were not unusual.
124 I want to emphasize that at the time, I did not have any knowledge that gave me
concerns about the safety of the convictions against SPMs. However, as I was
Page 39 of 63
WITN11130100
WITN11130100
not involved in the prosecutions, I did not know specific details of the cases other
than the summaries in the Ismay Report.
125 During my time at POL, I recall becoming aware of an email from Alan Bates to
Vennells requesting a meeting. Bates explained that if Vennells did not meet him,
he would leverage his media contacts to spread the message. The JFSA had
numerous media contacts they could leverage. I do not know whether this email
is within the Inquiry’s documents. If so, it has not been disclosed to me.
HORIZON REVIEW IN 2011
126 I was aware an EY audit was conducted in March 2011. I was not involved in the
discussion or the drafting of the terms of the EY audit, therefore, cannot comment
on the background to this review. I have seen a document dated 12 January
2011 relating to the Draft Terms of References ((Draft) Terms of Reference from
Stephen A Collins to Rod Ismay, Lesley Sewell cc Martin Knights and others
RE: POL - Review of Horizon Electronic Point of Sale System POL00294803).
I do not recall being part of the process that drafted these terms of reference.
127. As mentioned, EY was RMG and POL’s regulator auditor. First, EY would
conduct audits for RMG and then audits would filter down to POL level. I do not
recall ever meeting with EY in respect to their audit work for POL. Sewell was
responsible for liaising with EY on behalf of IT team to assist with any queries
they might have relating to the IT system and architecture.
128 In 2011, I recall sitting in a Board meeting with EY where the new auditing
standard, SAS 70, was discussed (Royal Mail Holdings Plc Audit and Risk
Page 40 of 63
WITN11130100
WITN11130100
Committee Minutes of the meeting held at 100 Victoria Embankment London
RMG00000005). I discuss SAS 70 in more detail in paragraph 160 below.
129 I saw a paper from RMG’s Audit and Risk Committee that summarised the EY
audit of POL Horizon controls and relationship with Fujistu dated December 2011
(Royal Mail Holdings Plc Audit and Risk Committee update on Post Office
Limited Horizon Controls and Relationship with Fujitsu POL00295092).
However, I was not involved in the audit review or the outcomes of EY’s report.
130 I asked Sewell to keep me updated throughout the audit process, which she did.
During the audit, Sewell informed me that EY raised issues around the number
of Fujitsu employees who had privileged access to Horizon.
131 I am aware that Deloitte subsequently reviewed EY’s audit around January 2012.
I ensured the recommended remedial work arising from these audits was
concluded.
BBC REPORTING IN FEBRUARY 2011
132 I donot recall the BBC Radio Surrey broadcasts.
133 On 8 February 2011, when I became aware of the BBC Inside Out South
programme, I emailed Tait a link to the programme suggesting that he watch it
and read what the media was reporting about the SPMs and Horizon (Email
thread from Duncan Tait to Gavin Bounds RE: Fw: Horizon Integrity - BBC
iPlayer link to programme FUJ00174417). As far as I was aware, at this time,
Horizon Online was working as expected. Tait wrongly interpreted my email to
mean there was complete faith in the system; that is not what I meant. I emailed
Page 41 of 63
WITN11130100
WITN11130100
Tait to make him aware of the programme (if he wasn’t already aware) and to
elicit a view from him as to whether my view of Horizon (being stable and
performant) was accurate.
134 After a further three or four media reports were published, I met with a number
of my direct reports to confirm we were not missing potential any Horizon faults.
I was not involved in POL responding to any such reporting regarding the
broadcast of SPMs or communications following the broadcasts, nor any
suggestion of legal action.
135 Fujitsu also repeatedly confirmed the system's stability. Fujitsu’s engineers
assured us that all BEDs reported were within the normal expected tolerances,
and the BEDs were resolved. I did not have reason in my mind to demand a
more thorough investigation until I received the second direct phone call from
Computer Weekly.
136 I was not approached by either Fagan or the PR team on responding to media
alerts or broadcasts. Again, I did not see anything untoward with Horizon at the
time, so, I could not comment to the contrary. In 2012, I did however become
concerned when the number of SPMs with complaints increased significantly.
137 As mentioned in paragraph 133 above, in the email I sent to Tait, I shared the
link to the Inside Out programme and stated, “You need to take a look at this.
Undoubtedly, Horizon integrity remains a core to our safe operation and date,
nothing has surfaced that suggested there is any evidence that the system is
flawed in anyway. Can we briefly talk through these latest developments”
(FUJ00174417). I was aware of the contents of the Inside Out programme.
Page 42 of 63
WITN11130100
WITN11130100
Accordingly, I shared the link to Tait as I wanted to put pressure on Fujitsu to
review their system in its entirety and assure both POL and them there was
nothing to be concerned about. I wanted Tait to look at Horizon to see if anything
was showing in the Horizon code that could support what was being said about
Horizon in the media.
138 AsI have said elsewhere in the statement, contractually, POL did not own the
IP around Horizon nor have the explicit right to audit the Horizon code.
However, I hoped that as an executive, Tait would take my concern seriously
and conduct the thorough review of Horizon. Particularly, as the media
concerns were increasing, which was damaging POL and Fujitsu’s reputation.
I felt the pressure as I managed the relationship with Fujitsu at a time when
potential issues around Horizon were appearing in the general media. I wanted
to ensure continuous MD/CEO-to-CEO engagement, so I suggested that
Vennells meet Tait, which could also bring additional pressure to bear on
Fujitsu.
139 Regarding the views held by those on POL’s BoD as to the reportage, so far as
I can recall, Vennells was worried about the possibility of more media reports
and the potential to harm POL’s brand. At the time, POL stood by its messaging
that they we not aware of any issues with the Horizon IT system.
140 My experience of the relationship between National Federation of
SubPostmaster (“NSFP”) and POL was professional and courteous throughout
my tenure.
Page 43 of 63
WITN11130100
WITN11130100
141 I recently saw an email I received from Mike Granville also sent to Kevin
Gilliand, Angela Van-Den-Bogerd, Paula Vennells, Susan Crichton, Rod Ismay,
Alana Renner, and myself dated 26 January 2011, regarding the relationship
between the NSFP and POL (Email from Mike Granville to Kevin Gilliland,
Angela Van-Den-Bogerd, Paula Vennels and others re: NFSP line on Horizon
POL00294748). I do not recall having a conversation with Paul Hook, Head of
Regulation Strategy, NFSP. I was only familiar with George Thomson
(‘Thomson”), former general secretary of the NFSP. I saw no evidence to
suggest that Thomson was anything but respectful and professional and POL,
likewise in return.
142 I was not heavily involved in liaising with the NFSP. I do recall visiting one or
two NFSP conferences when POL wanted to add new products to their branch
network. For example, we showcased Horizon at the NFSP conference to
demonstrate new innovative features and capabilities. Vennells was
responsible for maintaining the relationship with the NFSP as she had overall
responsibility for the branch network.
PROPOSED LITIGATION AND FURTHER MEDIA COVERAGE IN 2011
143 Regarding proposed litigation, I was not aware of the proposed Shoosmiths
litigation until it was mentioned via the second Computer Weekly call, where
they indicated that the JFSA instructed lawyers. Computer Weekly did not refer
the litigation as the Shoosmiths litigation.
144 During my tenure, I was unaware that POL took any particular approach to legal
privilege, how to manage confidential communication, and retention of
Page 44 of 63
WITN11130100
WITN11130100
documents generally and as it related to the issues raised by the JFSA about
Horizon or potential litigation about Horizon. I personally did not take legal
advice on such issues.
145 In late 2011 and early 2012, I was not involved in the potential litigation against
POL from SPMs. I did not have any involvement or knowledge of the issues of
the litigation until the second Computer Weekly call (as mentioned in paragraph
143 above). During that time, I was focused on the Separation that was
completed by the end of the first quarter of 2012. I missed certain BoD meetings
during this time where such issues may have been discussed. Also, I do not
recall being involved in or called to any executive or board meetings to discuss
the litigation.
146 As I mentioned above, I received the second Computer Weekly phone call
during this time (late 2011, early 2012). It was only after this phone call that I
started to question Horizon's integrity, as I felt the increasing numbers of SPMs
complaints warranted an independent review by Fujitsu. As I have mentioned,
I called Tait and made this demand and asked that Fujitsu pay for the
independent investigation. Tait agreed. I immediately called Vennells and told
her that Fujitsu had agreed to pay for an independent review of Horizon, and
that we should sit down with Tait to discuss it. I expected to sit down with Tait
and Vennels to discuss the nature of scope of this review, but I left POL before
any such meeting took place.
147 Regarding the media coverage, I recall reading the Private Eye article
(Newspaper Article re: Computer Says No - Publication on How the Horizon
Page 45 of 63
WITN11130100
WITN11130100
Scandal has Affected Postmasters POL00338401). Additionally, I was quoted
in another Private Eye article (Letters - Pirate Eye - Lost Horizon
POL00294974). That article was published during the time I was focusing on
the Separation. I do not remember signing off on a quote to be published;
however, at the time I was content for my name to be used in the defence of
Horizon. The quote reflected my knowledge and views at the time. I do not recall
taking any steps in relation to this article.
148 I do not recall whether the BoD took any steps in relation to the Private Eye
article. Once I became aware of a new negative media article relating to
Horizon, I would generally arrange a round table meeting with my IT team to
discuss any developments that may have required my attention.
RECEIPTS AND PAYMENTS MISMATCH BUG
149 I first became aware of the Receipts and Payments mismatch bug when Sewell
gave me an early indication that an issue had been found. In or around February
2011, Sewell called me to tell me that there were issues with receipts and
payments. Additionally, I recall receiving an email from Ismay that seemed to
downplay the issue. This was still early in the pilot and seemingly addressable
quite quickly (Fujitsu Post Office Receipts/Payments Mismatch Issue
FUJ00081945).
150 The Receipts and Payments mismatch bug echoed the complaints from the
JFSA about reconciliation issues. I was confident Sewell would handle
appropriately and manage the issue. If she needed my help she would ask.
Upon reviewing an email from Russell to Lesley Swell and Andy Mclean dated
Page 46 of 63
WITN11130100
WITN11130100
4 March 2011 regarding the receipts and payments issue, I was reassured by
Sewell’s resolution process. The email confirmed that the bug affected 62
branches (POL00188382). Although I do not recall this email, I was confident
in Sewell’s approach to the issue, which included liaising with Finance to write
off the losses and repay the gains.
151 Again, I had no involvement in the prosecutions, so if this particular bug could
have had an impact on these matters, I would expect that Ismay who was
involved in gathering investigation information would bring this information to
the attention of Crichton.
152 I now know that this bug was actually the Oracle bug identified in 2010 as part
of the Horizon Online pilot.
153 As mentioned above in paragraph 149, I first learned of this bug in February
2011. When I learned about the Receipts and Payments mismatch bug, we
stopped the pilot rollout of Horizon Online until Fujitsu addressed this issue. As
previously stated, we took steps to ask Fujitsu to resolve the issue and provide
an action plan and timeline. At the time, I was worried about efficiencies and
the cost of the delay. After Fujitsu discovered the issues were two Oracle bugs
rather than a Horizon one, the issue was resolved quickly. Fujitsu made up for
the delay by increasing the number of resources on the project. Consequently,
we delivered the roll out on time and to plan, whilst also achieving our cost
efficiencies.
154 I informed the ExCo and/or the BoD that we found the Receipts and Payments
mismatch bug, and consequently, the Horizon Online roll-out was halted until
Page 47 of 63
WITN11130100
WITN11130100
such time the issue had been rectified. The conversation I had with the ExCo
about these issues was very much framed in terms of the impact it would have
on the Horizon Online rollout program that might in turn impact our cost saving
efficiencies.
155 I am not aware of any prosecutions relating to the Receipt and Payments
mismatch bug. At this time the bug was identified during the pilot and roll out
program and as far as I was aware this stage of the pilot only involved Crowns
and a small number of trusted SPM branches (so that the internet stability in
tural areas could be tested). Accordingly, I had no such concerns.
156 On only two or three occasions, such as the Private Eye and the Computer
Weekly articles, I provided a corporate response or advice relating to the
Horizon criticism. I was never part of a full corporate plan around responding to
the JFSA or any media enquiries.
ERNST AND YOUNG REPORT 2011 AND STEPS TAKEN THEREAFTER
157 Asmentioned above, I never met with EY during the Horizon audit. Sewell was
responsible for meeting and liaising with EY on IT issues. I understand that
RMG instigated the EY audit of Horizon. I was pleased that EY, one of the Big
4 auditors, were conducting the audit. The audit meant it would either solidify
our understanding of the system or find something we were unaware of (which
we could then raise with Fujitsu to be resolved).
158 I donot recall contacting Fujitsu directly myself to let them know that EY would
be conducting an audit, but this was done as Fujitsu were aware and provided
Page 48 of 63
WITN11130100
WITN11130100
input to the audit process. Other than what I said above, I have no knowledge
and had no involvement in the instruction, nor the preparation of the EY report
or taking steps after I received it.
159 I understood the importance of audit controls around a system like Horizon,
which was being used as the Electronic Point of Sale system for all products
and services within the post office network, including several significant
financial services. These controls tended to be more stringent and robust than
the norm. Therefore, security controls, in particular, would need to be
substantial and auditable.
160 From my understanding, SAS 70 was a US audit framework developed for
companies selling financial services. EY was the leader in the field and was
ahead of the competition in terms of using this new audit standard. Accordingly,
EY adopted SAS 70, and their auditors were SAS 70 qualified. I believe RMG
was in the process of conducting its first SAS 70 audit. However, POL could not
change their audit framework within the financial year that the EY audit was due
to take place, as it would mean losing cost efficiencies that were budgeted. As
such, POL had to educate the EY auditors on Horizon, so they could approach
the task similar to a SAS 70-like audit, but without it being formally subject to
SAS 70 standards. During a POL/RMG Board meeting, I stated that we could
conduct a SAS 70 audit the following year (POL IT Audit Update (SAS70)
WITN00740120) and (Post Office LTF Board: Viability of introducing a SAS70
or equivalent audit report POL00362957), as we would have the time to prepare
for an audit under this new framework.
Page 49 of 63
WITN11130100
WITN11130100
161 My biggest concern arising out of the EY audit was the privileged access issue.
As I previously mentioned, I was not surprised Fujitsu had remote access.
However, such remote access should always leave a fully auditable event log
down to the specific key stroke. Prior to the Inquiry, I was unaware there were
occasions where remote access could not leave an audit trail. We were informed
there were no un-auditable access remote access points in Horizon by Fujitsu
and that the privileged and remote access was defined and secure, allowing
certain users (depending on their level of privilege) to access the system. The
EY report revealed that in respect of remote access to the system numerous
users had privileged access at the highest level.
162 The EY report confirmed that the levels of privileged access should have been
controlled better with fewer users having the highest level of access. Most IT
support functions operate a tier access system that limit the number of those
granted the highest unfettered levels of access.
163 Following the EY report, I called Sewell and told her we urgently needed to
investigate this issue. We immediately informed Fujitsu that we wanted them to
review the issue that had been raised by EY.
164 As I mentioned above, I was also concerned that Fujitsu did not have an
automated process that automatically revoked access to employees who had left
the company. This showed a lack of maturity in some of Fujitsu’s system access
process. EY found that an employee that had left the company some months ago
was still registered as a user on the Fujitsu systems.
Page 50 of 63
WITN11130100
WITN11130100
165 I entrusted Sewell with liaising with Fujitsu to resolve the issues, which she duly
did.
ENGAGEMENT WITH MPS AND REVIEW
166 I did not often meet with MPs, Ministers, or Civil Servants regarding Horizon, and
I was never invited to attend such meetings as it was not part of my operational
remit.
167 I attended one meeting with Edward Davey, MP, and Vennells, where we
discussed general matters concerning POL (but not Horizon). I was rarely
copied on emails between POL and Government ministers. I was not
responsible for liaising with MPs, Ministers, or Civil Servants.
HORIZON ISSUES IN EARLY 2012
168 As mentioned above, I expressed the necessity for a review of Horizon to Tait
and Vennells after the second Computer Weekly phone call. My recollection of
the second Computer Weekly call was that they rang me on my mobile whilst I
was in a Separation negotiation meeting. I stepped outside to take the call. The
journalist informed me that the number of SPMs who were complaining had
increased to over 80 SPMs, and asked whether I should continue to defend
Horizon. At this point, I continued to defend Horizon, but did take note of the
significant increase in SPMs that joined the JFSA. The phone call lasted
approximately three minutes. Due to the seriousness of the issue, I immediately
rang Tait and let him know the nature of the phone call with Computer Weekly
and my response. I said, “it is causing us more media issues than it is causing
Page 51 of 63
WITN11130100
WITN11130100
you. Our brand is now actively being impacted. We must conduct an independent
review the system, and I would ask that you pay for if’ (or to that effect). I told
him that I was going to inform Vennells of this matter as it needed to be resolved
as a matter of priority.
169 Immediately after my call with Tait, I called Vennells and informed her of the
Computer Weekly phone call and my call with Tait. Vennells agreed with me that
an independent review of the Horizon system should take place. Afterwards, I
informed Sewell of this as I knew she would become heavily involved.
170 Prior to me leaving POL in early March 2012, I do not recall attending a meeting
with Tait and Vennells to progress the independent review and I did not have any
further dealings with the matter. As an expectation, I thought POL and Fujitsu
executives would have arranged a meeting to discuss the next steps in
evaluating an independent review of Horizon Online, the process framework, and
the training regime.
171 I presumed that after leaving POL, Vennells would have arranged a call or a
meeting with Tait at Fujitsu to progress the independent review. Through
following the Inquiry, I learned that Crichton advised Vennels that POL should
pay for its own independent investigation of Horizon. Accordingly, POL hired
Second Sight, who were previously known to Crichton
172 I cannot recall ever being asked by the POL Board or its executive team to
contact Fujitsu to undertake a review of their system. I cannot speak for the
whole Board as I left in March 2012, but certainly Vennells and I believed there
Page 52 of 63
WITN11130100
WITN11130100
should be an investigation of Horizon in 2012 following the Computer Weekly
call.
173. When Perkins joined as Chairman, I recall the executives were asked what the
new Chairman should require as part of an onboarding plan. My specific
requests were around security, familiarity around Horizon, and a review of the
latest audit reports.
174 Further to reviewing the disclosure documents, in early 2012, I recall two
change-related activities, which affected financial services, and two hardware
failures in Fujitsu’s datacentre, which caused problems in dealing with
customers in the branch. All four incidents were encapsulated by the Major
Incident framework, which involved circulating the nature of the incident to key
individuals throughout POL, inclusive of POL BoD and ExCo. Furthermore,
recognising the sensitivities of our newly launched financial services portfolio, I
emailed Nicholas Kennett (“Kennett”), the Finance Director, on 1 February
2012, to inform him that we were doing our best to fix the financial products
(POL00140626). Kennett responded confirming that he had already received
an incident alert. Kennett was responsible for updates on financial services.
175 I prepared a board report dated March 2012 (Post Office Ltd - POL Board
Noting Paper Horizon - By Mike Young POL00142856), for the BoD following
the major incident alert that went out to ExCo after these events.
176 Additionally, in February 2012, there was an escalation from Vennells,
regarding Pervez Kakvi’s (“Kakvi”) complaint, a SPM (who also sat as a
magistrate). Vennells registered her disappointment regarding some of the
Page 53 of 63
WITN11130100
WITN11130100
service issues. Sewell and I responded to this escalation with the SPM himself
and Vennells (Email from Lesley J Sewell to Mike Young and Dave Hulbert. RE:
FW: Horizon Breakdown 1st February POL00142755).
177 Any other issues would have been brought to my attention by my direct reports.
I believe Sewell and Burley would have updated me on any other significant
issues relating to Horizon (had they occurred), which they did not.
178 Despite the initial delays in the testing and rollout phase and at the time I left
POL, I still considered that Horizon Online was a good investment and worked
well across the entire branch network. I felt that all the architectural decisions
relating to the broadband network and the centralised data framework were
comprehensive and a welcome upgrade to all. Blue screens and ISDN
connectivity problems were as a consequence consigned to history. However,
with the increasing complaints regarding the reconciliation issues and the
increasing number of complaints by SPMs, I felt that POL needed to “unpick”
the Horizon system right down to the quality of the code used in Horizon Online
(especially as we could not ascertain any issues that might evidence the JFSA’s
complaints).
179 At this point, it was my opinion that the process framework that wraps around
the system, and the training of the system, needed to be reviewed in a similar
light. This would entail a full end-to-end evaluation on all aspects of Horizon.
180 I believe POL should have hired consultants/investigators who were capable of
reviewing all aspects of the end-to-end process and who could evaluate the
quality of the Horizon code. I envisaged a complete review of the system
Page 54 of 63
WITN11130100
WITN11130100
(including the IT code), process, and training. From my understanding, Second
Sight, although they appear to have done a good job, they did not conduct, nor
did they have the capabilities to conduct a full review of the Horizon code. This
is something that I am still not aware of having been undertaken.
181 It is my understanding that Horizon is still being used today. From what I have
learned from the Inquiry, I believe POL has significantly improved the training
of the SPMs on how to optimise the use of Horizon.
182 I have seen an email dated 1 February 2012 from me to Dave Hulbert, copying
Lesley Sewell, relating to a Horizon-related incident (POL00140626). In the
email approximately five weeks before I left POL, I expressed my frustration
with overnight Horizon changes (IT updates). These types of IT changes were
a regular and normal everyday occurrence. The changes and updates I was
mentioning related to the new financial services that POL was offering via the
Bank of Ireland, as Horizon Online allowed us to add services and products by
way of online updates to the system. I recollect that these particular updates
had failed and did not work, which was a frustration for me as I managed part
of the relationship with Bank of Ireland at an executive level. Any change-
related issues to the system would affect every branch not just SPM branches.
This inevitably would impact customers in branch and cause queues in
branches. Consequently, customers were frustrated. However, this specific
Horizon issue was not of a nature that would have caused reconciliation issues
leading to an investigation or prosecution of SPMs.
Page 55 of 63
WITN11130100
WITN11130100
183 I have seen another email dated 5 February 2012 from Lesley Sewell to Dave
Hulbert, copying me, relating to the same Horizon breakdown (POL00142755).
In the email, Sewell asked Hulbert to “look into this and see what happened
with this particular branch”. Kakvi’s branch experienced service disruptions
caused by the change incident. I believe that Kakvi reached out to Vennells
directly because of their personal relationship. However, Vennells would have
already been aware of this issue having received the Major Incidents email,
highlighting that a change request on the system had failed overnight. The
Major Incidents email would have also informed Vennells that the issue was
being remediated. The impact of this issue meant that some transactions in the
branch network could not be completed.
184 I have seen a POL Board Noting Paper (“Noting Paper”) dated March 2012,
signed by me. In the Noting Paper, I provided updates on the major incidents
relating to Horizon and the system’s service failures. My updates include
historical changes to the system architecture, that took some of the business
continuity elements away in order to save money (c. GBP 50 million). We hoped
the change and hardware-related issues would not cause significant problems.
Further, in paragraph 6 of the Noting Paper, I proposed that Fujitsu and POL
should conduct an independent review. I set out what the independent review
must cover (e.g. the technical design of Horizon, all forms of testing, monitoring,
and alerting, etc.) (POL00142856). This would have been my last
communication to the Board, as I left POL in the second week in March 2012.
As you can see, I was informing the Board that that Fujitsu and POL should
conduct a full independent review.
Page 56 of 63
WITN11130100
WITN11130100
CONCLUSION
185 As discussed in paragraph 29, I resigned by mutual consent, following the
successful completion of RMG/POL Separation negotiations and changes to
my role.
186 Knowing what I do now and now with the benefit of hindsight, I could have
insisted on reviewing Fujitsu's Horizon code. As a member of the Board, I should
have asked Cook or DJS to authorise a deep and thorough review earlier on and
play their part in convincing Fujitsu that it was the appropriate course of action.
187 I was unaware of any injustices where SPMs felt they were being pressured into
accepting losses, through threat of prosecution and/or contract termination. Had
I been aware of such pressure tactics, I would have insisted on an immediate
review of the investigation and litigation framework.
188 I would have insisted we stop using anything that supported prosecutions that
could have been vulnerable to the possibility of un-auditable access into the
system or gaps in the continuity chain in the event logs. I am unaware how many
prosecutions were conducted once Second Sight’s interim report was released.
189 I would have insisted on an evaluation of any specific differences between the
use of Horizon Online Crown network and in the SPM network in tandem, I would
also seek to understand any differences in the systems, process, and the
training.
190 During my four years at POL, I worked with many good-willed, kind, and
hardworking employees throughout the entire organisation including the SPMs.
Page 57 of 63
WITN11130100
WITN11130100
Unfortunately, as the Horizon issues materialised over the years, POL’s
reputation has been tarnished. Accordingly, some employees who have worked
for POL over 30-40 years (employees who would “bleed post office”) are no
longer proud to have worked at POL.
191 I regret that the Inquiry process may detract from the good work by so many
employees that were genuinely trying to do their best every day in the post office
network.
192 I also believe it has taken too long for SPMs to receive their compensation and
restitution. The process should have been quicker.
193 Finally, I believe POL should have stopped prosecuting individuals once they
received the Second Sight Report.
Statement of Truth
I believe the content of this statement to be true.
Dated: _8 August 2024
Page 58 of 63
Index to First Witness Statement of MICHAEL YOUNG
WITN11130100
WITN11130100
ic
j=
Document Description
Control Number
POL00021497
Meeting minutes: Board meeting
minutes held on 20th October
2008
POL0000030
POL00429291
Welcome to Post Office Ltd
Report V6
POL-0204374
FUJ00126078
Email from Andrew Hall to Peter
Rowley, Lester Young, Alan
Alvarez, Mike Wood, Clive
Bailey, Peter Jeram, Paul
Goodge, Steve Goldsmith David
Roberts re meeting with Post
Office 9/6/09
POINQ0127361F
POL00030217
Ernst & Young Management
letter to POL for year ended
2011
POL-0026699
WITN01020100
Paula Vennells Witness
Statement
WITN01020100
POL00163407
Email from Mark R Davies to
Paula Vennells re: Strictly
POL-0151659
Page 59 of 63
WITN11130100
WITN11130100
confidential and legally
privileged
POL00021498
Meeting minutes: minutes for
Board meeting held on 19th
January 2009
POL0000031
POL00338301
Minutes from the POL
Investment Committee meeting
POL-BSFF-0164022
POL00041564
Bankruptcy, prosecution and
disrupted livelihoods -
Postmasters tell their story;
reported by Rebecca Thomson -
Article
POL-0038046
10.
FUJ00095658
Letter from Mike Young to
Duncan Tait re Current standing
on Fujitsu contract
POINQ0101829F
11.
FUJ00096312
Email from Gavin Bounds to
Duncan Tait, Re: forwarding
email of 30/06/2010 re: response
to your letter
POINQ0102483F
12.
POL00026572
Horizon —Response to
Challenges Regarding Systems
Integrity
POL-0023213
13.
POL00120479
Email chain from Rod Ismay to
Rod Mark Burley, lan Trundell,
Dave Pardoe and others Re:
Horizon Challenges - Draft
report with attachments
POL-0126171
14.
POL00417098
Email Tracy Abberstein on
behalf of David Y Smith to Mike
Granville, Martin Humphreys,
Lesley J Sewell cc Mike Young
re FE Justice for SPMS
POL-BSFF-0237249
Page 60 of 63
WITN11130100
WITN11130100
15.
POL00120481
Email chain from Mark Burley to
Mike Young, Sue Huggins cc
Nick Beal and others re: RE:
Urgent channel 4 horizon issue
POL-0126172
16.
POL00338347
Email from Rod Ismay To:
Michele Graves, Mandy Talbot,
Rebekah Mantle and others re
Press Office response to
Channel 4 - July 2010 - C4
News item "postponed"
POL-BSFF-0164068
17.
POL00424359
Challenges as to the Integrity of
Horizon
POL-BSFF-077-
0000018
18.
POL00169170
Email from Rod Ismay to Jarnail
A Singh, Mandy Talbot, Hugh
Flemington and others re Regina
v Seema Misra - Trial result
POL-0167423
19.
POL00188382
Email from Rod Ismay to Simon
Baker and Susan Crichton re:
Receipts and Payments issue
POL-BSFF-0026445
20.
POL00338296
Email from Mark Dinsdale to
Adrian Morris, Alan X Simpson,
Ali Piper and others re Security
Performance Pack ver3
POL-BSFF-0164017
21.
POL00338297
Post Office Ltd Security
Performance Pack Period 4 -
2010/11
POL-BSFF-0164018
22.
POL00179491
Email from Susan Crichton to
Alwen Lyons RE: Investigations
MOU - talks with MDA at a
standstill
POL-BSFF-0017554
23.
POL00417094
Email from Mike Granville to
Mike Young re: Horizon query in
confidence
POL-BSFF-0237245
Page 61 of 63
WITN11130100
WITN11130100
24.
POL00294803
(Draft) Terms of Reference from
Stephen A Collins to Rod Ismay,
Lesley Sewell cc Martin Knights
and others RE: POL - Review of
Horizon Electronic Point of Sale
System
POL-BSFF-0132853
25.
RMG00000005
Royal Mail Holdings Plc Audit
and Risk Committee Minutes of
the meeting held at 100 Victoria
Embankment London
VIS00007413
26.
POL00295092
Royal Mail Holdings Plc Audit
and Risk Committee update on
Post Office Limited Horizon
Controls and Relationship with
Fujitsu.
POL-BSFF-0133142
27.
FUJ00174417
Email thread from Duncan Tait
to Gavin Bounds RE: Fw:
Horizon Integrity - BBC iPlayer
link to programme.
POINQ0180598F
28.
POL00294748
Email from Mike Granville to
Kevin Gilliland, Angela Van-Den-
Bogerd, Paula Vennels and
others re: NFSP line on Horizon
POL-BSFF-0132798
29.
POL00338401
Newspaper Article re: Computer
Says No - Publication on How
the Horizon Scandal has
Affected Postmasters
POL-BSFF-0164122
30.
POL00294974
Letters - Pirate Eye - Lost
Horizon
POL-BSFF-0133024
31.
FUJ00081945
Fujitsu Post Office
Receipts/Payments Mismatch
Issue
POINQ0088116F
32.
WITNO0740120
POL IT Audit Update (SAS70)
VIS00014002
Page 62 of 63
WITN11130100
WITN11130100
33.
POL00362957
Post Office LTF Board: Viability
of introducing a SAS70 or
equivalent audit report.
POL-0185272
34.
POL00140626
Email from Nicholas Kennett to
Mike Young RE: Incident -
Banking Services via Horizon
POL-0142081
35.
POL00142856
Post Office Ltd - POL Board
Noting Paper Horizon - By Mike
Young
POL-BSFF-0002021
36.
POL00142755
Email from Lesley J Sewell to
Mike Young and Dave Hulbert.
RE: FW: Horizon Breakdown 1st
February.
POL-BSFF-0001920
Page 63 of 63