FUJ00155257
FUJ00155257
Page 1 of 2
ra
Pome ey A
From: β Birkinshaw Roy POH
Sent: 05 September 2008 18:24
βTo: Sewell Peter (FELO1); Holmes Alan; Meek Steven; Ambrose Peter; Evans Steve (FELO1);
Chambers Anne O; Johns David DL; Dunks Andy; Thomas Penny; Burton John
Subject: Recent Exercise to review Audit in Horizon
Herewith some quick notes following the meeting held on Wednesday 3rd Sep.
Draft statement:
Peak 152376 triggered a review of the audit mechanism and of the Horizon counter's behaviour. This
review has been going on over the last two weeks. Our conclusion is that there is not sufficient evidence to
warrant continuing the review at the scale with which it was being conducted.
There are nevertheless some residual actions that need to be driven forward.
1. JB to review with Hilary over the extent to-which the programme might need to revisit the history of
ARQs that are closed.
2. RB/PS/SM Audit and Security teams to progress changes to the current process to tighten any
weaknesses perceived therein in responding to Open ARQs.
3. AH to review and articulate a possible set of system changes (with cost benefit analyses) that might
assist the revised process referred to above
4. PS with assistance from audit team - to review the words currently offered to Post Office in support of
ARQ requests and prosecutions in the light of the review run
5. SE to consult with Gareth Jenkins over risk and complexity of any changes that might shorten the locks
applies to the code.
6. SE to review the recent (but as yet unreleased) PCI & EOD implementations for manifestations of a
similar issue and to present recommendations arising from this review.
7. RB to articulate and promote within HNGx the risk arising from the learning derived from this exercise
Annex (for ease of reference):
A list of the Strands being considered at the last and earlier reviews:
1. Digging into the History & checking old ARQs
2. Keeping the ARQ Service Going & codifying the new process
3. Possible changes of audit system to ease the new process
4. Telling Who / What / When
drivers: eg Mike Stewart's request
5. Capping the activity in terms of expenditure and resource
eg Steven needed to progress HNGx & anyway
6. Investigating the underlying technical Problem
Appear to have only 2 branch balancing problems
15/09/2008
FUJ00155257
FUJ00155257
Page 2 of 2
+ 2 others (one to do with harvesters & a dif stock unit)
7. Digging through recent events/evidence.to assist with 6.
8. Reviewing the words audit currently present to Post Office for correctness (ie assembling the case)
9. PMN - Lessons learned into HNGx - Reqt?/ Risk Capture
Regards
Roy Birkinshaw
HNGx Central Systems & Horizon Design & Development Manager
Retail.& Royal Mail Group Account, Fujitsu Services,
Lovelace Road, Bracknell, Berkshire, RG12 8SN
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22 Baker Street, Loridon, W1U 3BW
This e-mail is only for the use of its intended.recipient. Its contents are subject to a'duty of confidence and may be privileged.
Fujitsu Services does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free.
15/09/2008