1 Tuesday, 4 June 2024 2 (9.45 am) 3 MS HODGE: Good morning, sir, can you see and hear us? 4 SIR WYN WILLIAMS: Yes, I can, thank you very much. 5 MS HODGE: Sir, our witness today is Mr Christopher Day. 6 SIR WYN WILLIAMS: Yes. 7 MS HODGE: Please could the witness be sworn. 8 CHRISTOPHER MARK DAY (sworn) 9 Questioned by MS HODGE 10 MS HODGE: Good morning, Mr Day. As you know, my name is 11 Ms Hodge and I will be asking questions on behalf of the 12 Inquiry. 13 Please could you give your full name. 14 A. Christopher Mark Day. 15 Q. You should have in front of you a hard copy of a witness 16 statement dated 19 April 2024. Do you have that before 17 you? 18 A. I do. 19 Q. That statement should run to 49 pages, including 20 an index of exhibits; is that correct? 21 A. It is. 22 Q. Could I ask you, please, to turn to page 41 of your 23 statement. At the top, there's a statement of truth 24 and, underneath, a signature; is that your signature? 25 A. It is. 1 1 Q. Is the content of the statement true to the best of your 2 knowledge and belief? 3 A. It is. 4 Q. Thank you. Mr Day, your statement is now in evidence 5 before the Inquiry. I'm going to ask you some questions 6 about matters arising in your statement but I don't 7 propose to take you through each and every topic that 8 you address there. Could I ask you, please, to begin by 9 briefly summarising your professional background before 10 you joined Post Office Limited? 11 A. Yes. My finance background started with working at 12 Beecham Plc as a graduate trainee in the Group Treasury 13 Department. I then moved into financial markets with 14 a US investment bank, before joining Diageo, where I had 15 succession of roles in corporate finance and capital 16 markets and then as an international Finance Director in 17 the Netherlands and Germany. 18 On returning to the UK, I joined the BBC as Group 19 Financial Controller and then I joined Post Office as 20 Chief Financial Officer in August 2011. 21 Q. Thank you. You explain in your statement that you were 22 appointed by and reported into the Chief Executive 23 Officer, Ms Vennells; is that correct? 24 A. That's correct. 25 Q. You have explained that you were recruited to bring 2 1 a more commercial focus to the business's Financial 2 Division; is that right? 3 A. I believe that's the case, yes. 4 Q. Is that something which you recall Ms Vennells raising 5 with you at the time of your appointment? 6 A. I do. I recall her referring to what she called the 7 "primacy of finance", which was that she wanted Finance 8 to take a more proactive role in the management of the 9 Post Office, and the context for that was that we were 10 keen to move to a situation where the Post Office broke 11 even and was no longer dependent on public subsidy. 12 Q. How would you describe the financial performance of Post 13 Office Limited when you took on the role of CFO? 14 A. Well, I think it was a large and complex organisation. 15 It was still loss-making at that point. We had various 16 elements of the business that we were working on to 17 increase profitability, one notable one would be the 18 Crown estate, where we had a very clear plan to drive it 19 back to profitability. 20 Other elements of the estate were sort of large cost 21 centres, effectively, so very limited in terms of the 22 number of sub post offices that we could close, for 23 example. 24 Q. In your statement you describe the focus of your role 25 comprising three principal elements. You've identified 3 1 the first being to drive the financial performance of 2 the business, as you've referred, the second being to 3 provide commercial support to the business and, thirdly, 4 to help the Post Office to compete on the provision of 5 Government services, with the aim of creating a business 6 which was no longer dependent upon public subsidy. 7 Those are the three aspects you've identified there; is 8 that right? 9 A. Correct. 10 Q. In a nutshell, was your task to support the CEO in her 11 efforts to make the Post Office a more successful 12 business? 13 A. Yes. 14 Q. Could you please describe your working relationship with 15 Ms Vennells? 16 A. We had a close collaborative working relationship and 17 I believe we worked well together. As I say, she was 18 keen to promote the financial discipline of the 19 organisation and that suited me, my purposes, very well. 20 It was good to work for a Chief Executive who had that 21 focus on the numbers and the financial performance. 22 Q. You've mentioned it was her desire for finance to take 23 a more proactive role in management. It's right, isn't 24 it, that you deputised for Ms Vennells on occasion when 25 she was on annual leave -- 4 1 A. Yes, from time to time I would deputise for her. 2 Q. -- and that therefore your role, certainly then, and 3 I think you accept, extended more broadly than simply 4 dealing with financial matters? 5 A. Yes. 6 Q. I'd like to ask you some brief questions about your 7 responsibilities as CFO. Would it be fair to say that 8 there were two principal aspects to that, one of which 9 related to the external financial reporting of the 10 business? 11 A. Yes, that was my primary focus. 12 Q. You've explained that it was your duty as CFO to ensure 13 that all of the company's annual financial statements 14 were true, fair and accurate -- is that correct -- 15 A. Correct. 16 Q. -- and that the independent annual financial audit was 17 conducted properly? 18 A. Correct. 19 Q. During your tenure as CFO, the firm which performed that 20 independent audit of POL was Ernst & Young; is that 21 right? 22 A. It was. 23 Q. The other aspect of your role, so the other principal 24 aspect, related to the day-to-day management of the 25 business's financial accounting, budgeting and planning; 5 1 is that right? 2 A. Correct. 3 Q. One area of the business for which you were responsible 4 was the Product and Branch Accounting Division; is that 5 right? 6 A. Yes. 7 Q. You've explained in your statement that Product and 8 Branch Accounting performed the back office accounting 9 function of the business; is that right? 10 A. Yes, essentially, it reconciled the client accounts with 11 the customer accounts. 12 Q. It provided you with the aggregated data and information 13 which you needed to produce the Post Office's annual 14 financial reports? 15 A. Yes. 16 Q. Would it be fair to say that Product and Branch 17 Accounting, therefore, served an essential role in 18 helping you to meet your obligations for financial 19 reporting? 20 A. Yes. 21 Q. During your tenure, the Division was led by Rod Ismay; 22 is that right? 23 A. Correct. 24 Q. In your statement, you say you would have been briefed 25 about the Horizon system by Mr Ismay, or possibly by 6 1 a member of his team, on your arrival; is that right? 2 A. Yes, I don't recall precise conversations but I'm sure 3 they would have taken place early in my tenure. 4 Q. I think it's at paragraph 38 of your statement, please, 5 WITN10000100. It's on page 12, please, paragraph 38. 6 The penultimate sentence reads: 7 "As CFO, I was expected to have a general 8 understanding of how [Post Office Limited] accounts for 9 transactions in branches and by product type, for the 10 purpose ultimately ever ensuring the reliability of 11 POL's financial statements." 12 Presumably, at a minimum, you would have understood 13 that Horizon was a point of sale and financial 14 accounting system that was operated and maintained by 15 Fujitsu Services? 16 A. Yes, I would. 17 Q. You would have been aware that the system was used in 18 the Post Office branches to process and record each 19 transaction performed at the counter by a subpostmaster, 20 a manager and assistant, for example? 21 A. Yes, I would. 22 Q. You would have also been aware, I assume, again at 23 a minimum, that those transactions processed and 24 recorded by Horizon were transmitted to Post Office's 25 back office accounting systems? 7 1 A. Yes. 2 Q. There, as you've said, they would be checked and 3 reconciled against data provided to the Post Office by 4 its clients? 5 A. Correct. 6 Q. Do you recall what you were told, if anything, by 7 Mr Ismay about the contractual relationship between the 8 Post Office and its agents? 9 A. I don't, I'm afraid. 10 Q. Were you aware at the time that you took on your role 11 that Post Office and branch accounting were responsible 12 for issuing transaction corrections to recover from 13 subpostmasters accounting shortfalls shown by Horizon. 14 A. I believe I would have been aware shortly after joining, 15 either through conversations with Mr Ismay during my 16 induction or having read the now called Ismay Report. 17 Q. I will come on to that in a moment but, before I do, do 18 you recall what you were told about that process of 19 issuing transaction corrections? 20 A. I don't. 21 Q. It was shortly after you took up your role as CFO that 22 you received an email and attachment from Mr Ismay, 23 relating to challenges to the integrity of Horizon; is 24 that right? 25 A. Correct. 8 1 Q. Could we, please, first turn up that email, which is at 2 POL00294836. Thank you. So we see there it's an email 3 from Mr Ismay to you, Mr Day, on 8 September 2011, so 4 relatively shortly after you took up -- I think you said 5 August 2011 was when you started in the role of CFO. 6 The subject of the email is "Horizon Challenges", 7 a report dated 2 August 2010, and the name of the 8 attachment is "Horizon Integrity". Mr Ismay says: 9 "Chris -- further to my last email, please find 10 attached a report I did last summer for Dave Smith (then 11 MD). It is a long report but that detail was agreed as 12 necessary and I would be grateful if you could read it 13 as context to the update I need to give you." 14 Just pausing there, would it be fair to say that 15 this wasn't simply a report that passed across your 16 desk, it was something Mr Ismay wanted you to read and 17 discuss with you. 18 A. Yes. 19 Q. He goes on to say then, in the third paragraph: 20 "Mike Granville has had related stakeholder 21 conversations ..." 22 Do you recall Mr Granville's role? 23 A. I don't recall his precise role. I think he was 24 involved in a government communications, PR-type role. 25 Q. It goes on to say: 9 1 "... and I expect you may have heard references to 2 this area ..." 3 By which he presumably he meant Horizon integrity, 4 would you agree? 5 A. Yes. 6 Q. "... from Kevin, Paula, Susan or Mike." 7 So he's assuming there, is he not, that this is 8 a subject that you would have already discussed with 9 directors of the company, the Chief Executive, General 10 Counsel or Mr Granville? 11 A. That's what he's saying, yes. 12 Q. Do you recall whether you did, in fact, discuss the 13 issue of Horizon integrity with any of those individuals 14 named there? 15 A. I have no recollection of discussing it with any of 16 those individuals. 17 Q. Were you concerned to be told, so early in your tenure, 18 that the integrity of the system from which you'd 19 derived your financial accounting data and information, 20 was being challenged? 21 A. My recollection is that the report was shown to me 22 partly from Mr Ismay to describe the role that he was 23 doing and the function of his team, but also clearly to 24 alert me to the fact that there had been challenges to 25 the integrity of the system but, as I understood it, 10 1 those had all been addressed at the time. 2 Q. So is the answer you weren't concerned at all? 3 A. I was aware of the challenges. I don't think I was 4 unduly concerned. 5 Q. You would have known, would you not, that, if the 6 Horizon system lacked financial integrity, then the 7 financial statements for which you were responsible 8 might not be true, fair and -- 9 A. Absolutely. 10 Q. In your previous roles, had you ever come across 11 a situation like this before, where users of the 12 business's accounting system were saying, "We believe it 13 lacks financial integrity"? 14 A. No, I hadn't. 15 Q. It's your evidence that, I believe, you have no 16 independent recollection of reading this report; is that 17 correct? 18 A. That's true. I'm sure I read it but I don't recall 19 reading it. 20 Q. And you don't recall whether you had any discussions 21 with Mr Ismay, albeit this email does tend to suggest 22 that he wished to discuss the matter with you? 23 A. I think it's highly likely that I discussed it with him 24 as part of my induction. I don't recall the precise 25 conversation. 11 1 Q. I'd like to explore with you what you thought or would 2 have thought, based on your recollection at the time, 3 about some of the issues that are raised in this report. 4 Please could we bring up a copy of the report at 5 POL00294837. So we see at the top there, as we know, 6 this was a report that Mr Ismay produced for the then 7 Managing Director, Dave Smith. There are various Senior 8 Managers in the organisation who were copied into this 9 report, originally produced just over a year prior. The 10 title of the report is "Response to Challenges Regarding 11 Horizon ... Integrity" and the first paragraph reads: 12 "Post Office Limited has, over the years, had to 13 dismiss and prosecute a number of subpostmasters and 14 Crown staff, following financial losses in branches. 15 A small number of these have made counter claims that 16 they [are] not guilty of the charges made but that the 17 Horizon system was faulty." 18 Just pausing there, had you had any prior experience 19 of working for an organisation which prosecuted its 20 staff for financial losses suffered by the business? 21 A. I hadn't, no. 22 Q. You've explained in your statement that you did not know 23 when you first joined the Post Office that it brought 24 private prosecutions against its agents and its staff; 25 is that right? 12 1 A. Yes, I don't recall being aware at the time, although 2 I can see it's indirectly referenced in this report. 3 Q. So, by the time you read this report in early September, 4 you would have been aware of that fact, would you not? 5 A. I think it's highly likely that I was aware. 6 Q. Knowing that the Post Office brought prosecutions in 7 these circumstances, would that have affected the 8 importance that you attached to the financial integrity 9 of the business's accounting systems? 10 A. Yes, I think it would. 11 Q. Why? 12 A. But I think -- I think my primary focus would have been 13 on whether I, as CFO, could rely on the integrity of the 14 system to verify the accuracy of the financial 15 statements of Post Office. That would have been my 16 primary focus. 17 Q. In terms of wider risk to the business, however, would 18 you have been concerned about the importance of 19 financial integrity, bearing in mind that you knew that 20 the business brought prosecutions in reliance on Horizon 21 data against its agents and employees? 22 A. I don't know whether I made that specific connection at 23 the time. 24 Q. The report goes on to say in the second paragraph: 25 "Various lobbying groups have been set up by former 13 1 subpostmasters and these have at times received national 2 media coverage and in some cases been taken up by local 3 MPs. Most recently, Channel 4 has proposed a news 4 article about this area." 5 This suggests, does it not, that concerns about 6 Horizon's integrity were not isolated to a few 7 disgruntled subpostmasters who'd been convicted but had 8 attracted the attention and support of Members of 9 Parliament and the national media? 10 A. Yes, it does. 11 Q. Do you think that would have registered with you at the 12 time as a significant area of risk for the business? 13 A. I think the context for this would have been a knowledge 14 of the size of the network and the relatively scarce 15 incidents of such matters, but I think, in terms of 16 peripheral vision, yes, I'm sure I would have had 17 an awareness that there had been some media coverage, 18 that there was some reputational risk to the Post 19 Office. 20 Q. If we continue, please, on to the following paragraph, 21 the report defines its purpose there as being to 22 provide: 23 "... an objective internal review of [Post Office 24 Limited's] processes and controls around the branch 25 accounting." 14 1 It explains it includes an overview of Post Office's 2 control environment; its response to accounting errors, 3 which we've referred to as transaction corrections; its 4 IT systems, so Horizon versus Horizon Online. Were you 5 aware at this stage as to the existence of different 6 iterations of the system, that is to say an earlier 7 version which had been superseded by Horizon Online? 8 A. I believe I would have known that Horizon Online had 9 replaced Horizon in January 2010. That's probably the 10 extent of my knowledge at that stage. 11 Q. It refers there to the "resolution of known issues", 12 under "IT systems". 13 Thirdly, third party perspectives comprising court 14 judgments, media and audit. 15 Then, lastly: 16 "Statistics on branch accounting issues, suspensions 17 and prosecutions." 18 Would you agree that that accurately summarises the 19 focus of the report being on the Post Office's processes 20 and controls, as opposed to, by contrast, Fujitsu's 21 processes and controls? 22 A. Yes, I would. 23 Q. What you were not receiving in this report was a very 24 detailed explanation of how Horizon operated at 25 a technical level; is that fair? 15 1 A. That's fair. 2 Q. Therefore, to someone without a detailed technical 3 background, it was nonetheless a relatively 4 comprehensible report, was it? 5 A. Sorry? 6 Q. For someone who did not have a detailed technical 7 background in IT matters, what was canvassed in this 8 report was readily understandable to you, was it? 9 A. Broadly, yes, it was. 10 Q. If we can move on, please, to the "Executive Summary", 11 which is on the second half of this page, it reads, in 12 the first paragraph: 13 "The allegations to which we are responding follow 14 on from cases where thousands of pounds were missing at 15 audit. We remain satisfied that this money was missing 16 due to theft in the branch -- we do not believe the 17 account balances against which the audits were conducted 18 were corrupt." 19 Just pausing there, were you told by Mr Ismay, or 20 did you later become aware during your time as CFO, 21 what, if any, enquiries were made by Product and Branch 22 Accounting when an SPM or an employee said, "I simply do 23 not know what has caused the accounting shortfall in the 24 branch accounts. I think the system must be at fault"? 25 So my question is: would you have known what processes 16 1 were followed by Product and Branch Accounting to 2 investigate the causes of these shortfalls? 3 A. I think I would have had a broad understanding of the 4 processes, in terms of investigating the differences, 5 but I don't think I would have a detailed understanding 6 of what happened in each particular case. 7 Q. Do you think that's something you would have enquired 8 about at the time, namely what are we doing as 9 a business to satisfy ourselves that these losses are 10 genuine, bearing in mind what we're being told by our 11 agents and employees about suspected faults in the 12 system? 13 A. I don't recall, but my memory is that these were 14 relatively rare occurrences. So I ... 15 Q. We'll come on shortly to look at that issue. If we turn 16 to the second paragraph, please, of the "Executive 17 Summary", it states: 18 "[Post Office Limited] has extensive controls 19 spanning systems, processes, training and support. 20 Horizon is robust, but like any system depends on the 21 quality of entries by the users." 22 If we just pause there again, would that have struck 23 you at the time that you read this report as an accurate 24 statement, namely that the robustness of Horizon 25 depended on the quality of the entries made by its 17 1 users? 2 A. I believe it would have done, yes. 3 Q. Would it have occurred to you that the quality of the 4 code and the work undertaken to develop and maintain the 5 system might have been significant factors which 6 affected the robustness of the system? 7 A. I don't believe I would have had that awareness. 8 Q. Do you think it would have struck you at the time that 9 statements like that betrayed an assumption by the Post 10 Office that any fault, any accounting error, 11 responsibility for any accounting error, must lie with 12 the user? 13 A. I don't think I would have seen it that way. But I can 14 see now that it could be interpreted that way. 15 Q. From your experience of working with large-scale IT 16 systems, would you have considered that to be 17 an accurate assumption, that any accounting error must 18 be the fault of the user? 19 A. No. I don't think I would have had that general view. 20 Q. What would your experience have been? 21 A. I think my experience would have been that faults could 22 have arisen for any number of reasons, either user 23 error, problems with software, problems with processing. 24 Q. Do you recall whether you took any steps to challenge 25 the assumption that we see there? 18 1 A. I don't recall but I don't believe I did. I think 2 I read and accepted this report at first sight. 3 Q. If we carry on, please, to the final paragraph on the 4 first page, which reads: 5 "The integrity of Horizon is founded on its tamper 6 proof logs, its realtime backups and the absence of 7 'backdoors' so that all data entry or acceptance is at 8 branch level and is tagged against the log on ID of the 9 user. This means that ownership of the accounting is 10 truly at branch level." 11 On the face of it, what Mr Ismay appears to be 12 identifying here, a variety of security features which 13 underpin his stated confidence in the integrity of 14 Horizon; is that fair? 15 A. Yes. 16 Q. What did you understand Mr Ismay to mean by the "absence 17 of 'backdoors'"? 18 A. I would have understood this to mean that only the 19 subpostmaster had access directly to their data, that 20 there was no intervention at the centre by Product and 21 Branch Accounting and that the data stood in accordance 22 with what was input in the branch, and that there was no 23 other access to that data, hence the tamper-proof logs. 24 Q. We know, because we've discussed it, you were aware that 25 Product and Branch Accounting issued transaction 19 1 corrections and Mr Ismay deals with these, please, at 2 page 7 of the report. So this is under the heading of 3 "Accounting and control in [Product and Branch 4 Accounting]". Within the box at the top, the first 5 paragraph reads: 6 "Central controls over accounting are primarily in 7 the Product and Branch Accounting team but also include 8 activity in cash centres and alerts from our method of 9 payment [processes]." 10 If we go on, please, to the following page, at 11 page 8, there's a number of bullet points there, the 12 first one relating to transaction corrections. This is 13 where we see here he gives his explanation about 14 backdoors. It reads: 15 "... 'double entry' adjustments sent to branches for 16 their acceptance [this is his definition of transaction 17 corrections]. There is no 'backdoor' to force them into 18 branch accounts. Visibility is key to ensure ownership 19 of the issue and prevent any risk of arguments about 20 'backdoors'." 21 So that would be consistent, would it not, with your 22 understanding that you've stated -- 23 A. Yes. 24 Q. -- to me just now, essentially, that you've been told 25 here that, if and insofar as Product and Branch 20 1 Accounting issued a transaction correction, it still had 2 to be accepted by the agent in branch -- 3 A. Correct. 4 Q. -- and, therefore, they retained ultimate control over 5 their accounting data? 6 A. Correct. 7 Q. Please could we return to the executive summary, which 8 is on page 2, now. The second paragraph reads: 9 "Accounting errors do happen through user mistakes, 10 but these can be explained and resolved case by case." 11 So, again, we see that assumption that all 12 accounting discrepancies are caused by the user, do we 13 not? 14 A. We do. 15 Q. "Systems issues have also arisen but again POL has been 16 able to explain them and rectify them." 17 So you're being given assurance there that, if and 18 insofar as issues have arisen, they have been rectified 19 by the business? 20 A. Correct. 21 Q. "Whilst they have affected the available and 22 functionality of the system, with consequent impacts on 23 customers and clients, they do not bring the integrity 24 of the system into question." 25 Now, this paragraph of the report alerted you to 21 1 system issues, did it not -- 2 A. Yes. 3 Q. -- that were known to Post Office Limited at the time? 4 Could we please move forward to the section of the 5 report where these system issues are addressed in more 6 detail. That's at page 15. This section is entitled 7 "Known IT issues"and Their Non-Applicability to the 8 Allegations Made". I'd like to ask you, please, some 9 questions about the example given at (b), which is 10 described as "Barcode sticking". The first paragraph 11 reads: 12 "A small number of branches have experienced 13 a situation where a customer transaction ([for example] 14 a bill payment) sticks on the details of the preceding 15 transaction. In some cases the branch has spotted it 16 immediately but in some cases it has only come to light 17 when the customer complains that they are being chased 18 for an 'unpaid' bill. Incidents go back to 2005." 19 So, on the face of it, if we pause there, what's 20 being described here is an accounting error, namely that 21 a transaction has not been properly processed and 22 recorded by Horizon; would you agree with that? 23 A. Yes. 24 Q. What's more, contrary to the assertion that's made in 25 the executive summary, it was not an error caused by the 22 1 user but by the system itself. That's right, isn't it? 2 A. Yes. 3 Q. This paragraph also tells us that the issue dated back 4 to 2005, so this is five years before this report was 5 prepared? 6 A. Correct. 7 Q. If we read on, we can see Mr Ismay's description of the 8 steps which were taken by Post Office Limited to explain 9 and rectify the problem, as he suggests in his Executive 10 Summary. The second paragraph reads: 11 "Up to now it had been understood that [this issue] 12 related to a version of scanners where [Post Office 13 Limited] did not know which other branches had the same 14 version. It was not therefore possible to isolate other 15 branches. It was also a rare event on the scanners 16 themselves. It was not a systematic failure with every 17 transaction on the particular scanner." 18 If we pause there again, we can see from this 19 paragraph, can we not, that Post Office Limited had 20 originally understood this problem to relate to a piece 21 of hardware, namely the barcode scanner that was used 22 and that supported the Horizon system. 23 A. Yes. 24 Q. It's also clear that this misunderstanding, as to the 25 source of the problem, had prevailed until shortly 23 1 before this report was written in August 2010. Is that 2 not clear from the statement "Up to now it has been 3 understood"? 4 A. Yes, you could interpret it that way. 5 Q. Namely between 2005, and we're now nearly August 2010, 6 when this report is produced, it has been assumed by 7 Post Office Limited that this problem related to a piece 8 of hardware? 9 I think you agree that that's -- 10 A. Yes, you can interpret it that way, yes. 11 Q. -- an acceptable interpretation of that? 12 In terms of the remedial steps that Post Office said 13 they've taken to deal with this issue, you were told 14 here that Post Office didn't know which branches were 15 affected by what was thought to be this faulty version 16 of the barcode scanner and, as a result, they'd not been 17 able to identify the branches affected by the problem; 18 do you agree with that? 19 A. Yes. 20 Q. So is it not right that you're essentially being told 21 here that, for a period of nearly five years, Post 22 Office had done nothing to address the underlying 23 problem which was causing this known issue? 24 A. I don't know if I'm being told that. I think I'm 25 being -- I think he's seeking to differentiate between 24 1 any errors, which would have been caused by inputting of 2 data in a branch, with broader hardware issues, which 3 he's asserting did not have any direct bearing on any of 4 the previous legal cases, and that there would be, from 5 time to time, glitches that would happen with the system 6 that would be rectified. I accept that it looks as if 7 this particular one took a long time to be rectified. 8 Q. So if we look, then, at the following paragraph, it 9 confirms that Fujitsu had investigated the issue, that 10 is to say the suspected problem with the hardware, the 11 barcode scanner, and had advised Post Office it's not 12 a hardware related issue; it's a Riposte software issue. 13 Were you aware of the function that Riposte served in 14 the Horizon system? 15 A. No. 16 Q. It goes on to state: 17 "It will cease to be a problem with Horizon Online, 18 as HOL [meaning Horizon Online] does that use Riposte." 19 So again we see here, quite some time after the 20 issue first arose, Fujitsu have ultimately diagnosed it 21 as a software fault, not a hardware issue, but they're 22 not intending to do anything about it because the 23 original Legacy version of Horizon is going to be 24 shortly superseded; is that how you would have read? 25 A. That appears to be the case, yes. 25 1 Q. Now, what Mr Ismay goes on to tell you is that: 2 "This issue does not appear to have arisen in any of 3 the legal cases in question and the incidents have been 4 resolved at all branches where it has been noted." 5 Now, pausing there, what you were being told is 6 that, where accounting errors had arisen and had been 7 discovered, they had been resolved -- 8 A. Yes. 9 Q. -- that's correct, isn't it? But you'd also been told 10 in the preceding paragraphs that Post Office Limited had 11 not taken steps to identify the branches affected by 12 this problem in the period between 2005 and 2010, had 13 they? They'd not taken active steps to try to identify 14 which branches were affected because they didn't know 15 which branches had this faulty barcode scanner? 16 A. That would appear to be the case, yes. 17 Q. The Post Office had instead relied upon the branch to 18 spot the problem or a customer to raise a complaint, for 19 example, about an unpaid bill? 20 A. Yes. 21 Q. So a reactive rather than a proactive -- 22 A. It looks that way. 23 Q. -- response? 24 Bearing in mind that this fault appears to have 25 persisted for a period of five years, undiagnosed and 26 1 unresolved in the Horizon system, would you have not 2 entertained the possibility that there would be affected 3 branches where accounting errors hadn't been detected 4 and adequately resolved; where, for example, 5 a subpostmaster had made it good because they couldn't 6 work out the underlying cause of the problem -- 7 A. I think that's a possibility. 8 Q. -- or had been made to repay? 9 A. But, again, I think Mr Ismay is seeking to draw 10 a differentiation between errors or imbalances generated 11 at the point of sale from issues relating to hardware or 12 software that was no longer used, but I can see from 13 this that there may have -- this may have been 14 a relatively widespread issue. 15 Q. It appeared to show, did it not, that there was 16 a software bug in the system which was capable of 17 causing accounting errors because, if a customer 18 complained that their bill hadn't been paid, then, at 19 some stage in the process, an error had arisen, had it 20 not? 21 A. Yes, it would depend how -- you know, the order of 22 magnitude, how many customers and branches were 23 affected. 24 Q. Did you consider that this information was consistent 25 with the confidence being expressed by Mr Ismay in the 27 1 integrity of the Horizon system? 2 A. I viewed this series of bugs or glitches that had 3 happened historically as beings things which typically 4 happen in a large IT computer system, that they had been 5 addressed -- I can see this one took a long time to be 6 addressed -- but what I was clearly being asked to 7 accept was that none of these issues had any direct 8 relation to previous legal cases. 9 Q. That appears to be the assumption that was made by 10 Mr Ismay, and that's what he says in the report, but 11 what I'm testing with you is whether that's really 12 consistent with what you were being told here because 13 you were being told that Post Office were taking no 14 steps to detect this issue, to proactively resolve it, 15 and Fujitsu weren't even aware that the software fault 16 existed. So how could you or Mr Ismay possibly be 17 confident that these were isolated cases and they'd all 18 been resolved? 19 A. Well, I think my personal assurance would have been, 20 again, going back to my duties as CFO, was to verify the 21 accuracy of the company's financial statements and, 22 rightly or wrongly, I would have taken assurance from 23 the fact that Horizon Online had been introduced in 2010 24 and that this particular issue no longer existed. 25 Q. It didn't say very much, though, did it, for Post 28 1 Office's processes and procedures before you came into 2 post? 3 A. Well, it suggested that there had been issues in the 4 past, which had generally been resolved, and/or Horizon 5 Online had superseded the previous system. 6 Q. The final thing that Mr Ismay says about this particular 7 issue is that, we can see there in the final paragraph 8 and the last sentence: 9 "This is not considered a systematic integrity issue 10 for Horizon and it should be resolvable from the facts 11 of records in the Horizon transaction logs." 12 Would you have agreed with Mr Ismay's assessment 13 that this was not a systematic integrity issue? 14 A. I think I would have accepted it at face value at the 15 time and I think the reference to the transaction logs 16 presumably means that all of the discrepancies would 17 have been found and could have been found in due course. 18 Q. If the transaction logs still existed? 19 A. Indeed. 20 Q. I'm going to move on now from known IT issues to another 21 part of the report, in which Mr Ismay addressed the 22 option of procuring an independent review or audit of 23 Horizon to respond to the challenges to its integrity. 24 Do you recall that aspect of the -- 25 A. Yes. 29 1 Q. Can we please turn to page 19. Thank you. In the 2 second half of the page 19 we see the heading "4(c) 3 Independent Review and Audit Angles". The report 4 states: 5 "POL has actively considered the merits of 6 an independent review. This has been purely from the 7 perspective that we believe in Horizon that a review 8 could help give others the same confidence that we 9 have." 10 So we see, again, Mr Ismay making a very clear 11 statement of confidence in the integrity of the system; 12 is that fair? 13 A. Yes. 14 Q. He goes on to say: 15 "Our decision between IT, Legal, [Product and Branch 16 Accounting], Security and Press Office has continued to 17 be that no matter what opinions we obtain, people will 18 still ask 'what if' and the defence will always ask 19 questions that require answers beyond the report. 20 Further such a report would only have merit as at the 21 date of creation and would have to be updated at the 22 point at which Horizon or the numerous component 23 platforms were upgraded." 24 What this appears to be saying, does it not, is that 25 it simply wouldn't be worth commissioning an independent 30 1 review because it would not have the effect of silencing 2 criticisms of Horizon; is that fair? 3 A. Yes. 4 Q. At the time you read the report, would you have 5 considered that a good reason for not procuring 6 an independent review of Horizon? 7 A. I don't think I would, actually. I mean, I clearly 8 wouldn't now and I don't recall in detail reading this 9 paragraph, but I would like to think that I wouldn't 10 think that this was a suitable reason or series of 11 reasons for not commissioning an independent review. 12 Q. Sorry, I'd just like to clarify that last point you're 13 saying. You think you wouldn't have thought -- 14 A. Yes, I -- clearly, I have a clear view now but, trying 15 to place myself back in 2011 and reading this, although 16 I don't have a precise recollection of reading it, 17 I would like to think that I would not accept these 18 reasons as a legitimate reason for not commissioning 19 an independent review. 20 Q. The report goes on to say: 21 "Ernst & Young and Deloittes are both aware of the 22 issue [by which he presumably means the issue about 23 integrity] from the media and we have discussed the pros 24 and cons of reports with them. Both would propose 25 significant caveats and would have limits on their 31 1 ability to stand in court, therefore we have not pursued 2 this further." 3 What Mr Ismay appears to be saying here is that 4 Ernst & Young, POL's external auditors, and Deloittes, 5 were simply not prepared to sign off on the integrity of 6 Horizon; is that fair, so far as he understood it? 7 A. No, I don't think I would interpret it that way. 8 Q. How would you have interpreted it? 9 A. I interpret this as saying that both the auditors and 10 Deloitte would be likely to introduce so many caveats 11 that a report might not have much value and might not be 12 able to address all of the questions asked. 13 Q. Isn't that in the nature of a caveat: that what you're 14 saying is "I can't sign this off as having integrity 15 because I simply am not in a position to say one way or 16 the other that it does"? Is that not what the reference 17 to "caveats" is? 18 A. Broadly, yes. It would depend what those caveats were, 19 of course. 20 Q. Did you consider at the time that there was a tension 21 between the absolute confidence which POL was expressing 22 in the integrity of Horizon and the reluctance of its 23 statutory auditors to sign up to that position? 24 A. No, because I had a separate relationship with Ernst & 25 Young and, as I'm sure we'll come on to discuss, we were 32 1 working through a series of improvements to the IT 2 control environment. So, set against that knowledge of 3 what I was actually working on, I don't think this 4 paragraph would have particularly surprised me. 5 Q. As you've just alluded to now, the report goes on to 6 explain that the external audit that Ernst & Young 7 perform includes tests of Post Office Limited's IT and 8 finance control environment but the scope and 9 materiality of those tests mean that Ernst & Young would 10 not give a specific opinion on the systems from this. 11 We shall come on to that topic shortly, this issue of 12 the Post Office's IT and finance controls, but you were 13 aware from your work with Ernst & Young that those tests 14 were carried out -- were you not -- 15 A. Yes. 16 Q. -- and that Ernst & Young would not express an opinion 17 on the overall integrity of the system due to the 18 relatively high-level nature of the work that they were 19 doing on those controls and processes; is that fair? 20 A. Yes, it is. 21 Q. Before we move on from this report, please, there's one 22 final paragraph I'd like to address. Could we turn to 23 page 20. So this is following on from the part of 24 Mr Ismay's exploration of obtaining an independent 25 review and audit. He states: 33 1 "It is also important to be crystal clear about any 2 review if one were commissioned -- any investigation 3 would need to be disclosed in court. Although we would 4 be doing the review to comfort others, any perception 5 that POL doubts its own systems would mean that all 6 criminal prosecutions would have to be stayed. It would 7 also beg a question for the Court of Appeal over past 8 prosecutions and imprisonments." 9 Did it strike you as odd that one of the reasons 10 being advanced by Mr Ismay for not commissioning 11 an independent review would be that it would need to be 12 disclosed in court? 13 A. I don't recall, it certainly strikes me as odd, having 14 reread the report recently but I don't recall having 15 thought at the time that this was odd. Again, my 16 primary focus would have been to understand issues that 17 might relate to the integrity of Post Office's financial 18 data and, regrettably, I don't think I would have been 19 focusing so much on what might need to be disclosed in 20 court as a result of having an independent review 21 commissioned. I don't think that would have been 22 uppermost in my thoughts at the time. 23 Q. Do you think you would have been in favour of 24 commissioning such a review when you read this report, 25 bearing in mind the importance of integrity to your 34 1 functions and the accuracy of the Post Office's 2 financial statements? 3 A. Do I think then that I would have been? I think 4 I accepted the broad thrust of this report at the time. 5 I don't think any of the legal or prosecution issues 6 would have influenced me but I think I wrongly took 7 assurance on the integrity of the data for my purposes. 8 Q. You've said several times in relation to this report 9 "I accepted, I accepted, I accepted what I was being 10 told". Now, you'd obviously only been in post for 11 a matter of weeks, you couldn't be expected to 12 understand or have an awareness of the detail of this 13 report but it was your role to challenge, was it not, 14 where challenge was necessary? 15 A. Yes, and I would set this report into a broad context of 16 a wide induction programme for -- taking several months 17 across the whole of the Post Office Network. This is 18 clearly an important part for me to understand what's 19 happening in Chesterfield. Mr Ismay is telling me 20 there's a back history here that you need to be aware 21 of, that there have been challenges to the integrity of 22 the system, but I would set that against the context of 23 I'm having parallel conversations with the audit partner 24 from Ernst & Young and getting an independent view from 25 him on the quality of data, the integrity of the system, 35 1 areas of control weakness that still need to be 2 addressed. So this is an important piece of context but 3 this was not my only reference point, at that stage. 4 Q. No, by no means, but it was something of a red flag, was 5 it not -- 6 A. Yes. 7 Q. -- issues with the integrity of the system? 8 A. And I'm sure I would have discussed it with the audit 9 partner, bear in mind that at least 50 per cent, 10 60 per cent of the audit each year was carried out in 11 Chesterfield. 12 Q. Thank you. If we can turn, then, to our next topic 13 which is the annual independent financial audit 14 conducted by Ernst & Young. What I would like to 15 explore with you now, if I may, is your knowledge of 16 those reviews that Ernst & Young conducted on POL's IT 17 governance and control environment. 18 You've explained in your statement you weren't in 19 post at the time when Ernst & Young conducted and 20 finalised their audit for the financial year 2010/2011. 21 A. Correct. 22 Q. That's correct. But the findings of that audit were 23 communicated to you and you discussed them with the 24 audit partner, Angus Grant; is that right? 25 A. Yes, I did. 36 1 Q. You state that your conversation with Mr Grant was 2 positive, so far as you recall? 3 A. It was. I recall it was a positive conversation. He 4 described a gradual improvement in the overall quality 5 of internal controls. He referenced the fact that there 6 was more work to be done and I think, as we'll see in 7 the executive summary for the management letter from 8 2010/11, he referenced some specific areas that he 9 described as refinements, rather than fundamental 10 control deficiencies. So, from my point of view, 11 I wanted to know how bad things were and, frankly, what 12 the chances were of serious management letter points 13 and/or a qualified audit, and he assured me that neither 14 of those was the case. 15 Q. As you've just explained, you took assurance from the 16 fact that the audit had not identified issues that would 17 lead to a qualification of the report. That really is 18 the nuclear option, is it not, to qualify the financial 19 statements of a business? 20 A. It is. 21 Q. Therefore, there might be some very serious issues which 22 need to be addressed but which don't necessarily lead to 23 a qualification? 24 A. That's true. 25 Q. Could we please bring up the management letter which was 37 1 produced by Mr Grant in August 2011. It bears the 2 reference POL00030217. Thank you. 3 On page 2 of this document, please, we have the 4 introductory letter from Mr Grant to Sarah Hall. Do you 5 recall what Ms Hall's role was? 6 A. She was financial controller. 7 Q. Thank you. It bears the heading, "Internal control 8 matters arising from the 2011 audit", and it goes on to 9 state in the second paragraph: 10 "Our review of the company's systems of internal 11 control is carried out to help us express an opinion on 12 the accounts of the company as a whole. This work is 13 not primarily directed towards the discovery of 14 weaknesses, the detection of fraud or other 15 irregularities (other than those which would influence 16 us in forming that opinion) and should not, therefore, 17 be relied upon to show that no other weaknesses exist or 18 areas require attention. Accordingly, the comments in 19 this letter refer only to those matters which have come 20 to our attention during the course of our normal audit 21 work and do not attempt to indicate all possible 22 improvements that a special review might develop." 23 So this really here is one of those significant 24 caveats that we saw discussed in Mr Ismay's report, 25 which is to say that an audit of this type should never 38 1 be relied upon as signing off a system as having 2 integrity because its primary function is to look at 3 those areas which might have an impact upon the 4 financial statements but not more holistically at the 5 system; is that fair? 6 A. That's true. But I would say it's difficult to 7 imagine -- when you look at all the transactions that 8 are covered within the financial statements, it's 9 difficult to understand exactly how extensive weaknesses 10 could be that would not have any impact at all on the 11 financial statements of the organisation. But I accept 12 that he's not giving a blanket green light to the 13 Horizon system nor would I have expected him to. 14 Q. I think the point is: is it not so much that weaknesses 15 in the system wouldn't have an impact on integrity; is 16 it not rather that Ernst & Young are not looking at all 17 aspects of the system, they're not looking at the code, 18 they're not looking at, you know, the specifics of the 19 underlying architecture and structure of the system and, 20 therefore, they're not signing it off overall as robust? 21 A. That's correct. 22 Q. Notwithstanding that caveat, Ernst & Young had detected 23 deficiencies in POL's IT environment, had they not? 24 A. They had. 25 Q. If we could turn to the "Executive summary", please, on 39 1 page 3. So, in the first paragraph, we see a point 2 you've already alluded to, which is that improvements 3 have been made by Post Office Limited, so it reads: 4 "The finance leadership team at Post Office Limited 5 has implemented and processed improvements throughout 6 the organisation during the past financial year. 7 "In particular, focussed management action has 8 addressed many of the issues raised in our prior year 9 management letter and led to significant improvements in 10 the overall payroll control environment. The 11 recommendations we have made in this report should be 12 seen as refinements rather than fundamental control 13 deficiencies in comparison." 14 So that's really summarising the point you made 15 earlier as to what you took from this report, 16 improvements had been made, these were refinements now 17 being identified, not fundamental control deficiencies? 18 Is that -- 19 A. Correct. 20 Q. Okay. It goes on to state, however: 21 "The main area we would encourage management focus 22 on in the current year is improving IT governance and 23 control environment. 24 "Within the IT environment our audit work has again 25 identified weaknesses mainly relating to the control 40 1 environment operated by POL's third party IT suppliers", 2 who were -- 3 A. Fujitsu. 4 Q. -- so far as you are aware, Fujitsu: 5 "Our key recommendations can be summarised into the 6 following four areas [fourth of which is to]: 7 "Strengthen the review of privileged access." 8 What did you understand this letter to mean by 9 "privileged access"? 10 A. I think I understood it to be a theoretical possibility 11 that people could access elements of the system. Having 12 been told that there were no backdoors to the system, 13 I would not have believed that this entailed access to 14 the -- what I would call the front office, the branch 15 accounts, of Horizon. But I can see that it was 16 a significant finding and a control weakness that would 17 need to be addressed in short order. 18 Q. When you say that you understood it to be only 19 a theoretical possibility, is it your evidence that, in 20 reaching that assumption, you were relying upon what 21 Mr Ismay had told you about the absence of backdoors? 22 A. I can't -- certainly, Mr Ismay's report would have been 23 in my mind. I can't recall whether there would have 24 been other references as well. I don't -- that may not 25 have been the only reference point that I had for 41 1 forming that opinion. 2 Q. Bearing in mind this is identified as one of the four 3 main areas which require management attention, would you 4 not have discussed this with Mr Grant at the time, to 5 test your assumption that it was a purely theoretical 6 possibility? 7 A. I don't recall whether I discussed these four issues 8 specifically with him at the time. It's likely that 9 I would have done but I don't recall the conversation. 10 Q. So are you saying that you think your conversation 11 simply focused on the positive areas of improvement? 12 A. Well, I think that was the wider context -- was that 13 things had improved greatly but "There are some areas 14 that you need to continue to improve, together with your 15 IT colleagues and your third-party supplier", hence the 16 first reference to improving governance of the outsource 17 application management. There's clearly a criticism 18 there of the way that Post Office was managing the 19 Fujitsu relationship and the degree to which we were 20 taking direct control of the control environment. 21 Q. It's likely, is it not, that Mr Grant would have 22 discussed each of those four points with you in some 23 detail, no? 24 A. Quite possibly. 25 Q. You simply don't recall? 42 1 A. I don't recall. 2 Q. It might assist if we were to look at the section of the 3 report which addresses this issue, please. Could we 4 turn to page 31. Thank you. So we see the left-hand 5 column bears the heading "Background", the middle column 6 "Recommendation" and the final column "Management 7 Comment". In the bottom row, the report reads: 8 "We reviewed privileged access to IT functions 9 including access to user administration functionality 10 across all in-scope applications and their supporting 11 infrastructure." 12 It goes on to say, if we can turn over the page, 13 please, "Our examination revealed". It deals first with 14 POLSAP, which was the Post Office's back end accounting 15 system -- is that correct -- and then goes on to deal 16 with Horizon Next Generation on the following page, 17 please. It states there: 18 "There are inappropriate system privileges assigned 19 to the APPSUP role and the SYSTEM_MANAGER role on the 20 Oracle database level on the Branch Database Server 21 supporting HNG-X; 22 "There is [also] inappropriate privileged access at 23 the Oracle database level on the Transaction Processing 24 System server (DAT) supporting HNG-X." 25 Would you have understood at the time what was being 43 1 referred to here, do you think? 2 A. I don't think I would have had a detailed understanding 3 of it and, clearly, it's taken on far greater 4 significance since that time. I think I would have 5 viewed this as one of a series of areas of weakness. 6 I would have viewed it as theoretical but something 7 which needed to be addressed and which, in due course, 8 we did take steps to address, both internally and with 9 Fujitsu, over the course of the next 12 months and, 10 indeed, in the financial year -- my first financial year 11 2011/12, significant steps were taken to address each of 12 these and Ernst & Young carried out compensating testing 13 to be able to give themselves the assurance they needed, 14 admittedly for the purpose of verifying the financial 15 statements and the -- being able to give us a clear 16 audit. 17 So yes, looked at in isolation with what we now 18 know, this looks like a very clear message. What we 19 actually did was to gradually close, over the course to 20 of the next 12 to 18 months, all of these loopholes and, 21 in fact, for the financial year which commenced one 22 April 2012, we had ISAE 3402, which is the international 23 standard for accreditation for testing of IT controls, 24 in place at the cost of Fujitsu, so we had effectively 25 closed all of these doors within eight months of me 44 1 joining the organisation. 2 Q. We'll come on shortly, Mr Day, to the subsequent audit 3 work and assurance work that you were involved in but, 4 if we could turn, please, to the following page, we can 5 see what Ernst & Young said about the consequences of 6 inappropriate privileges or accesses to the system. So 7 in the left-hand column, under "Background", we see the 8 last paragraph in the first row reads: 9 "Unrestricted access to privileged IT functions 10 increases the risk of unauthorised/inappropriate access 11 which may lead to the processing of unauthorised or 12 erroneous transactions." 13 On the face of it, these statements indicated, did 14 they not, that Fujitsu staff had the ability to access 15 parts of the Horizon system in a manner which was 16 unauthorised or inappropriate; is that fair? 17 A. That's my understanding now, I don't think that was my 18 understanding at the time. 19 Q. It's right, is it not, that that statement was in direct 20 contradiction to what you'd been told by Mr Ismay about 21 the absence of backdoors into the Horizon system, is it 22 not? If it could lead to the processing of unauthorised 23 or erroneous transactions, it couldn't possibly be right 24 that subpostmasters had complete ownership of their 25 accounting, could it? 45 1 A. No, again, I wouldn't have -- I'm sure I would not have 2 interpreted this at the time as being a reference to -- 3 even a theoretical reference -- to Fujitsu employees 4 being able to access individual branch accounts. This 5 is talking about the Horizon estate as a whole and 6 a perceived weakness relating to the inappropriate use 7 of privileged access authority. It's a serious matter 8 but I don't think I -- in fact, I'm sure I didn't relate 9 this back to individual subpostmaster accounts. 10 Q. What do you think you understood it to mean, when it 11 referred to the processing of unauthorised or erroneous 12 transactions? 13 A. Well, just that: that there was a theoretical 14 possibility that -- 15 Q. Why was it only theoretical though? This is saying that 16 they have, as a matter of fact, unrestricted access, 17 that they have inappropriate privileged access. So they 18 did have this access. It wasn't purely theoretical, was 19 it? 20 A. Well, it doesn't say how many or how many incidences 21 there had been, whether indeed they'd ever been used but 22 it's showing that there is a control weakness that could 23 give rise, in theory, to unauthorised transactions 24 broadly within the Horizon Online estate. You can read 25 it completely differently now in the knowledge of 46 1 hindsight, and understand exactly what that could 2 potentially mean in terms of individual branch accounts 3 but, again, it doesn't speak to the suggestion that that 4 could be done without a subpostmaster's visibility of 5 such a transaction. 6 MS HODGE: Sir, I think that might be a suitable time to 7 take a short break, please, if that's convenient. 8 SIR WYN WILLIAMS: All right. 9 Let me just ask you, Mr Day, isn't Ms Hodge right 10 when she asks you to remove the word "theoretically" 11 from your answer, in this sense: that unauthorised 12 access, in the way that Ernst & Young are describing, 13 could take place -- that wasn't theory -- however, there 14 was no evidence that it had taken place? 15 A. Yes, I would agree with that, sir. 16 SIR WYN WILLIAMS: Right. Thank you. 17 MS HODGE: Thank you, sir. Can we please return at 11.15. 18 SIR WYN WILLIAMS: Yes, of course. 19 MS HODGE: Thank you. 20 (11.03 am) 21 (A short break) 22 (11.15 am) 23 MS HODGE: Good morning, sir, can you see and hear us? 24 SIR WYN WILLIAMS: Yes, thank you. 25 MS HODGE: Thank you. 47 1 Mr Day, before the break we were looking at the 2 Ernst & Young independent annual audit for the financial 3 year 2010 to 2011 -- forgive me, the management letter 4 from that audit. 5 A. Yeah. 6 Q. I'd like to turn, please, to the recommendations which 7 Ernst & Young made to address the weaknesses identified 8 in the IT control environment. This is at POL00030217, 9 if we could start, please, at page 31. Thank you. So 10 we looked, firstly, at the column bearing the title 11 "Background". We can see the recommendations contained 12 in the middle column, and it states in the final row: 13 "We recommend that management conducts a review of 14 privileged access to IT functions across all in-scope 15 applications and their supporting infrastructure to 16 determine whether the level of privileged access granted 17 is appropriate." 18 It then reads: 19 "Where access is deemed to be inappropriate, this 20 access should be revoked immediately." 21 It goes on to say, please, at page 34, in the top 22 row: 23 "Management should implement monitoring controls to 24 help ensure that controls operated by the third party 25 service provider [we know to be Fujitsu] are in place 48 1 and are in operation, for example, monitoring of 2 appropriateness of access to privileged users/profiles." 3 Now, so far as you were aware, who within the 4 business would have been responsible for taking these 5 recommendations forward? 6 A. The IT function, the CIO. 7 Q. Would that be in conjunction with finance or in 8 isolation? 9 A. I would have viewed my responsibility as owning the 10 audit overall. Therefore, I would have had 11 an expectation that IT colleagues working in conjunction 12 with Fujitsu would have addressed any IT control issues 13 arising from the prior year management letter, just as 14 I would have expected my own financial accounting 15 reporting team to have been responsible for any 16 specifically financial issues which had arisen. But 17 here we're talking about IT control issues. 18 Q. The CIO at the time was Lesley Sewell; is that correct? 19 A. Correct. 20 Q. Do you recall receiving a briefing in May 2012 from 21 Ms Sewell, in which she addressed these recommendations? 22 A. I've seen that document recently. I don't recall at the 23 time receiving it. 24 Q. Please could we bring it up. It's POL00143065. Thank 25 you. 49 1 We can see at the top it's a briefing for the Chief 2 Executive and for you, as Chief Financial Officer, in 3 relation to Post Office IT general controls, and this is 4 in respect of the audit for the financial period 5 2011/2012. But, as we'll see, it comments on some of 6 the progress which had been made in relation to the 7 observations in the previous year's audit. 8 A. Yes. 9 Q. Under the heading "Purpose", it states that the paper is 10 to provide an update on, firstly: 11 "Progress made in addressing the observations from 12 the [2011/2012] IT General Controls Audit. 13 "[Secondly, the] Implementation of an SAS70 14 (ISAE3402) style report. 15 "[Thirdly] Observations arising from the 2011/12 16 audit and the proposed Management Response." 17 Just pausing there, you mentioned before the break 18 the implementation of an ISAE 3402 type audit. Can you 19 explain, please, what that was? 20 A. Yeah, this was an internationally recognised standard 21 for assurance engagements relating specifically to the 22 testing of IT control environments. So it was 23 considered a best-in-class certification of the quality 24 of IT controls and from, more or less, the day I started 25 there had been strong encouragement, particularly from 50 1 the Royal Mail Group Audit Risk and Compliance 2 Committee, that I should seek this accreditation from 3 Fujitsu. 4 And, as we'll come on to see, we -- in fact, the CIO 5 achieved that for the start of the 2012/13 financial 6 year. 7 Q. In terms of what this report achieved, was it materially 8 different to the tests which Ernst & Young had carried 9 out of the IT control environment for the period 2010 to 10 2011? 11 A. My understanding is that -- well, firstly, it was 12 internationally accredited, it was an industry standard 13 but that, in the intervening year, 2011/12, Ernst & 14 Young had carried out extensive compensating testing, as 15 they called it. I don't think I knew exactly what that 16 involved but it was sufficient for them to be able to 17 give the same degree of assurance that they would be 18 able to give in subsequent years as a direct reliance on 19 the ISAE 3402. 20 The point that they made to me, strenuously, was 21 that there was both an efficiency argument here, which 22 is it didn't make sense for them to be -- for us, Post 23 Office, to be paying them to do compensating controls 24 for a third party system and, secondly, that there was 25 a point of principle which was that, surely, Fujitsu, 51 1 who would have other clients, presumably with similar 2 requirements, should take responsibility, certainly 3 financially, for achieving that accreditation. 4 Q. Just to be clear, the ISAE 3402 style of report would 5 not have been an independent forensic audit of Horizon, 6 that type of audit that had been mooted in Mr Ismay's 7 report back in 2010? 8 A. No, it wouldn't, no. This would have been a more 9 efficient and, as I say, more widely recognised way of 10 achieving the aims of having the financial statements be 11 true and fair and accurate. It would not be 12 a widespread assurance on the integrity of the Horizon 13 IT System. 14 Q. Its primary purpose then being to streamline -- 15 A. Yes. 16 Q. -- those processes? 17 A. Yes. Sorry, could I just add one thing? 18 Q. Please. 19 A. As far as I'm aware though, it did address specifically 20 all of the four issues that had been raised in the 21 '10/'11 management letter issue. 22 Q. Including privileged access? 23 A. It included testing of privileged access authority. 24 Q. Under the heading "Background", please, if we go down, 25 please, to paragraph 2.3, this briefing would have 52 1 reminded you that the 2010/2011 audit had resulted in 2 a number of actions for Post Office and Fujitsu to 3 address, which it says were concluded by October 2011. 4 Is that consistent with your recollection? 5 A. Yes. 6 Q. It states: 7 "The implementation of these actions had resulted in 8 significant changes to our processes and to deliver 9 improvements to our IT General Controls." 10 It goes on to say: 11 "Given the timing of this year's audit (January and 12 February 2012), there was some time for these changes to 13 have embedded. The improvements are evidenced in the 14 findings of the 2011/12 audit where there are no high 15 risk observations within the 7 identified (versus 10 16 last year) and only 25 specific recommendations (versus 17 over 70 last year)." 18 Now, appended to the briefing, is a summary of the 19 seven observations which were made as part of the 20 2011/2012 audit. They're contained in Appendix B on 21 page 5 of this document, please. So we see here it 22 bears the title, "Summary of 2011/12 Ernst & Young audit 23 recommendations and proposed Management Responses". So 24 these are fresh recommendations arising from the latest 25 audit of Post Office's financial statements; is that 53 1 correct? 2 A. It is. 3 Q. The first of these relates to privileged access. So 4 Ernst & Young appears to repeat the recommendation to 5 Post Office to conduct a review of privileged access for 6 in-scope applications, that being Horizon and POLSAP, 7 the Post Office back end accounting system, so that's 8 the first recommendation, the second being to revisit 9 the need to grant access to SAP_ALL and SAP_NEW levels. 10 Would you have understood at the time do you think, to 11 what that was referring? 12 A. Yes. Sorry, to the ... 13 Q. To SAP_ALL and SAP_NEW -- 14 A. Yes, POLSAP, yes, was data extraction from Horizon 15 for -- used for further analysis of the financial 16 numbers. 17 Q. Forgive me but, insofar as there was a need to revisit 18 the granting of access at those levels, would you have 19 had a detailed understanding of what that was referring 20 to? 21 A. Yes, I would. 22 Q. What did you understand SAP_ALL and SAP_NEW to entail? 23 A. I'm sorry, I can't recall that now. But I generally 24 would have recalled being disappointed that this finding 25 came back the following year, having read the earlier 54 1 briefing note that described all of the actions having 2 been undertaken by October 2011. So -- 3 Q. So there was an inconsistency -- 4 A. There was an inconsistency -- 5 Q. -- on the face of it? 6 A. Yes, and this was a disappointment that Ernst & Young 7 felt the need to say that, notwithstanding some 8 management actions have been taken, they felt that this 9 point still stood. 10 Q. So that related both to the conducting a review of 11 privileged access and the other recommendation we looked 12 at before, which was the final one: implementing 13 monitoring controls for third-party suppliers, that 14 being Fujitsu. So this was an outstanding 15 recommendation? 16 A. It was, and this -- it was unfortunate that this, what 17 I'd call a sort of transition year, '11/'12 -- between 18 the findings of the '10/'11 report that I inherited and 19 the initiation of the ISAE standard on 1 April 2012, 20 I think we all believed that we had addressed, as well 21 as we could, with manual intervention and working with 22 Fujitsu, all of the issues from the '10/'11 management 23 letter. But this one clearly took longer or -- and/or 24 we didn't address it to the satisfaction of Ernst & 25 Young. 55 1 Q. Now, in the column on the right-hand side, Ms Sewell, 2 the CIO provides a summary of the proposed Post Office 3 Management response and that first bullet point provides 4 a definition of privileged access. She says there: 5 "Privileged access describes the level of control 6 where the user having this access can perform all or 7 nearly all tasks within the system, eg SAP_ALL provides 8 the capability to process and approve financial 9 transactions within a SAP system. The purpose of 10 SAP_ALL is to enable qualified administration users the 11 capability to maintain the system." 12 Now, before the break, you said in your evidence 13 that you understood privileged access to be a purely 14 theoretical possibility. Did this not show that it 15 wasn't simply theoretical; it was something which was, 16 in fact, used by administration users to maintain the 17 system? 18 I appreciate this is a reference to SAP, which is 19 the back end system but, insofar as we're looking at 20 privileged access more broadly, this established, did it 21 not, that it was something that wasn't simply "could be 22 used" but was, in fact, used? 23 A. It does. I don't think it would have surprised me or 24 alarmed me that there was access to the SAP system. 25 I think that is very distinctly different from access to 56 1 the front end Horizon IT System. 2 Q. So, to your mind, because the example given was one 3 relating to SAP, you're saying that you had understood 4 that to be materially different, that is to say the 5 nature of privileged access to SAP you understood to be 6 materially different to the privileged access that was 7 available in Horizon? 8 A. Absolutely. 9 Q. Thank you. 10 That deals with privileged access. Do you recall 11 receiving a further report from Angus Grant of Ernst & 12 Young in August 2012? 13 A. Yes. 14 Q. Can that be shown, please. That bears the reference 15 POL00143525. 16 Forgive me, the second page, please, we see the 17 management -- it must be third page, sorry -- the 18 management letter addressed to you, Mr Day. I don't 19 propose to take you through the control themes and 20 observations because we've seen those summarised in 21 Ms Sewell's briefing to you. Do you accept that they 22 are materially -- that what you were told by Mr Grant 23 was materially the same as Ms Sewell had summarised to 24 you in her briefing, namely that the recommendations in 25 relation to reviewing privileged access and implementing 57 1 controls had not yet been carried out? 2 A. Yes. Correct. 3 Q. Thank you. I'd like to move on to a new topic, please. 4 This relates to the actions which you took to report 5 risks relating to Horizon to the Board of Royal Mail 6 Group. In December 2011, a report was submitted in your 7 name to the Audit and Risk Committee of Royal Mail 8 Group, addressing Horizon controls and Post Office's 9 relationship with Fujitsu; is that correct? 10 A. Correct. 11 Q. This was approximately four months into your tenure as 12 CFO and was before Post Office Limited had formally 13 separated from Royal Mail Group; is that right? 14 A. That's right. 15 Q. Although the report went out in your name, I think it's 16 your evidence that you had very limited input into its 17 preparation; is that right? 18 A. Yes, I would have taken responsibility for the contents 19 and, as I think I referenced in my statement, it was 20 a request at a previous Royal Mail Group Audit, Risk and 21 Compliance Committee that I should come with a paper 22 addressing the concerns which I think related to Private 23 Eye, amongst other things, and so -- no, I take -- 24 I took and I take full responsibility for that paper. 25 Q. Please could we bring up some correspondence relating to 58 1 the production of that report, which has been disclosed 2 to the Inquiry. That bears the reference POL00295091. 3 Thank you. If we scroll down, please. Thank you. The 4 first email in the chain is from Sarah Hall, who, as we 5 know, was a Financial Controller of Post Office Limited, 6 and she addresses the email firstly to you and then to 7 other Senior Managers in the Post Office. 8 The subject is "[Royal Mail Group Audit and Risk 9 Committee] paper draft re Horizon -- urgent for review 10 by [Thursday] midday". She explains: 11 "Dear all, 12 "The [Royal Mail Group Audit and Risk Committee] 13 requested a paper on the IT controls and Horizon claims. 14 With input from various experts this has now been 15 drafted but is clearly a sensitive area so I attach the 16 draft for your review and comments before it goes to 17 Group for circulation to the ARC." 18 So I think, in fairness, as it says there, the 19 original draft put together by others but brought to 20 your attention for review and comment before it was 21 submitted? 22 A. Correct. 23 Q. Could we turn, please, to the draft that was appended to 24 this email, which bears the reference POL00295092. 25 Thank you. So this paper bears the heading "Update on 59 1 Post Office Limited Horizon Controls and Relationship 2 with Fujitsu", and it states its purpose to be: 3 "[To set out] the controls that operate around the 4 Post Office Limited Horizon system, the relationship 5 with Fujitsu and why the Post Office is able to rely on 6 these controls in the light of: 7 "[Firstly] IT control issues identified at last 8 year's audit; and 9 "[Secondly] possible challenges against the 10 integrity of the Horizon platform." 11 Overall, stepping back, the purpose of this paper 12 was to give assurance to the Audit and Risk Committee 13 about the integrity of the Horizon system; is that fair? 14 A. Yes. 15 Q. Now, under the heading "Background", at paragraph 2, the 16 draft report refers to the findings of Ernst & Young's 17 audit for the financial year 2010 to 2011, so that was 18 the original management letter that you saw shortly 19 after your arrival into post. It said this: 20 "There were a number of IT [controls] identified 21 during the 2010-11 year end Ernst & Young audit. These 22 were largely centred on Fujitsu and a number of 23 recommendations were included in the management letter 24 following the audit. Unlike other RMG IT suppliers, 25 Fujitsu does not have an SAS70 or equivalent report on 60 1 its controls and the consequences of this is that EY 2 needs to do full testing of all systems which are 3 integral to the financial results." 4 No mention was made here, or anywhere else in the 5 report, of Ernst & Young's findings that Horizon had 6 inappropriate system privileges which potentially called 7 into question the financial integrity of the system, did 8 it? 9 A. That's true. 10 Q. When you read this draft report, did that not strike you 11 as a significant omission, namely the failure to 12 acknowledge such a findings by POL's independent 13 auditors? 14 A. No. I think this paper attempted to paint the whole 15 picture of the relationship with Fujitsu contractually. 16 The issues -- it alluded to the issues that had arisen 17 in the 2010/11 audit. I don't think it would have been 18 necessarily appropriate to go into those in a great deal 19 of detail and, moreover, the issue -- the fourth of the 20 four issues identified, which now, of course, we 21 understand to have much greater significance -- would 22 not have had that huge a significance at the time. 23 So I don't think this was in any way hiding the 24 detail of what Ernst & Young had found. I think it's 25 an attempt to summarise the fact that there had been 61 1 issues, they largely related to Fujitsu, they were being 2 worked through, and the backdrop to -- as I mentioned 3 before, to this discussion at the Royal Mail Group ARC 4 was a previous lobbying for me and others to get Fujitsu 5 to assure their system. 6 So that's largely the question that we were -- the 7 exam question that we were trying to answer in this 8 paper. It wasn't to give the Royal Mail Group Audit 9 Committee an absolutely full, blow-by-blow explanation 10 of everything that had come up in the '10/'11 Ernst & 11 Young audit. 12 Q. I'm not suggesting that you would have been expected to 13 go into that level of detail but the context of this 14 report was, was it not, that claims were being made 15 about Horizon's lack of financial integrity, and you've 16 been asked by the committee to provide a report 17 addressing those claims; that's correct, isn't it? 18 A. Broadly yes, but -- 19 Q. Sorry -- 20 A. It's all of those issues that were itemised in the 21 2010/11 Ernst & Young management letter and the solution 22 was seen as the earliest possible adoption of SAS70 or 23 equivalent. 24 Q. You accepted earlier that a SAS70 report was not going 25 to provide complete assurance on the Horizon system 62 1 because it was simply going to streamline the process of 2 testing the IT controls. So that in and of itself 3 wasn't an answer to claims about Horizon's integrity, 4 was it? 5 A. It wasn't an all encompassing answer; it was an answer 6 to the question: can we depend on Horizon to provide 7 accurate financial data, bearing in mind the Royal Mail 8 Audit, Risk and Compliance Committee was engaged in 9 making sure that the -- primarily, that the financial 10 accounts were accurate. 11 Q. The one issue in Ernst & Young's management letter which 12 did go directly to the financial integrity of Horizon 13 was privileged access, was it not? 14 A. I think I would agree with that in hindsight. 15 I don't -- 16 Q. Yet -- 17 A. -- think I had that understanding at the time. 18 Q. But that, that one issue, was not mentioned in this 19 report? 20 A. No, simply that I don't think it had particular 21 resonance. I don't think we saw, if you like, the first 22 three points of those four summary points that Ernst & 23 Young had made as distinct from the fourth point being 24 the privileged access point. That's taken on far 25 greater significance since those days. 63 1 Q. Some of this paper draws very heavily on Mr Ismay's 2 original report of August 2010 -- 3 A. Yes. 4 Q. -- would you agree with that? 5 A. Yes. 6 Q. What it doesn't contain is any reference to the known IT 7 issues that Mr Ismay mentioned in that report; do you 8 accept that? 9 A. I do accept that. 10 Q. Why is that? 11 A. Because, as I said earlier, I don't think those were -- 12 I think there were two categories of bug or anomaly: the 13 ones generated at the terminal through input errors, 14 potentially; or the more, shall I say, customer -- ones 15 which impacted customers more, and that subcategory that 16 Mr Ismay referred to in his note around screen freezes, 17 incomplete transactions, subpostmasters not sure whether 18 a transaction had gone through or not, the barcode 19 sticking, these were, in my view -- and I believe 20 others' view -- these were routine problems that would 21 get resolved from time to time and that would have 22 an impact on customers, and that was a large focus at 23 the time. 24 But I don't think they're things which would 25 naturally have lent themselves to a review with the 64 1 Royal Mail Group Audit Committee about concerns around 2 Horizon generally. 3 Q. Was the purpose of this report simply to identify all 4 the positive control measures that were in place but not 5 to actually give a full warts and all assessment of the 6 true position; is that really where we ended up with 7 this report, do you think? 8 A. No, I think at the time I viewed this as -- I accept the 9 point that this is heavily, heavily influenced by the 10 earlier Ismay Report and, indeed, Mr Ismay had a large 11 input into compiling this report but, equally, I placed 12 reliance on the objectivity of my Financial Controller, 13 who was a very good Financial Controller, to critically 14 evaluate that information, and I think that this -- 15 I certainly thought and I still think, that this 16 presented a fairly fair and balanced view of the 17 situation. 18 It comprises reference to expectations of Fujitsu, 19 acknowledgement that we don't have the right 20 certification in place, acknowledgement that there have 21 been challenges to the integrity of Horizon, and an 22 intention to -- a clear pathway to show what we're going 23 to do about it. 24 Q. Please could we return to the email correspondence of 25 30 November 2011. Thank you. We can see there in the 65 1 top half of the page Mr Ismay's response to Ms Hall's 2 original email enclosing the draft. He writes, and 3 you're copied in -- not copied, forgive me, one of the 4 addressees of the email. His first comment in relation 5 to paragraph 1, he requests that a sentence be added: 6 "... along the following lines 'The IT control 7 issues identified during the audit did not question the 8 integrity of accounting data in the system. Rather, 9 they were recommendations about the documentation and 10 authorisation of changes to systems and about 11 opportunities for streamlined assurance'." 12 Pausing there, did that strike you as an accurate 13 statement of the findings which Ernst & Young had made 14 in their 2010/11 audit? 15 A. At the time, yes. 16 Q. And now? 17 A. Less so now, given what we now know about Horizon. 18 Q. Given what we now know about Horizon or, more 19 specifically, about privileged access? 20 A. Yes. 21 Q. Mr Ismay goes on to say: 22 "The rationale for this [that is to say for 23 requesting that amendment] is that for purposes of 24 ongoing [Royal Mail Group] Criminal Prosecution 25 activity, Rob Wilson ([the Royal Mail Group] Head of 66 1 Criminal Law) has advised that were that not the case 2 then current prosecutions would have to be stayed. It 3 is important to make clear [Ernst & Young] did not 4 challenge the integrity of accounting data in the 5 system." 6 Again, we see here a very clear concern being 7 expressed by Mr Ismay that any challenge to the 8 integrity, financial integrity, of Horizon would 9 undermine the safety of Post Office's private 10 prosecutions; do you agree with that? 11 A. I would have -- as I said earlier, my primary focus 12 would have been on the first half of this paragraph and 13 the last line because I'd have been considering the 14 impact on the veracity of our financial statements. 15 I mean, rereading this -- I don't recall reading this at 16 the time but rereading this recently, I'm shocked at the 17 rationale that's given and I don't understand -- to me, 18 it's a non sequitur anyway. 19 Either the data has integrity for accounting and 20 reporting purposes or it doesn't and the last thing that 21 would have been on my mind would have been linking it to 22 previous criminal cases, or -- and/or staying 23 prosecutions. I can't understand why those two things 24 would have been drawn together. 25 Q. Thank you. I'd like to address another topic with you, 67 1 which concerns the response to Second Sight's Interim 2 Report. 3 Sir, with your permission, I propose to deal with 4 this topic and then see where we are. It may be that we 5 can take a slightly earlier break for lunch but, rather 6 than taking another morning break, sir, unless you -- 7 SIR WYN WILLIAMS: Oh no, you deal with it in whichever way 8 you think appropriate, Ms Hodge. 9 MS HODGE: Thank you, sir. You say in your statement that 10 you don't recall having any direct involvement in the 11 instruction of Second Sight or the day-to-day management 12 of their work; is that correct? 13 A. That's correct. 14 Q. Given your oversight of Product and Branch Accounting, 15 which -- to which you referred earlier, do you think you 16 ought to have been involved in the engagement of Second 17 Sight as forensic accountants who would be looking at 18 cases handled by that division? 19 A. Not necessarily. Yes, they would have been looking at 20 historic allegations about the Horizon system. I would 21 have expected to have been kept briefed on progress. 22 I would not have expected to have been involved in their 23 work more closely than that and, indeed, I was, I was 24 kept briefed, I believe, from time to time. 25 Q. As a member of the Board, you received updates in 68 1 relation to Second Sight's investigation; is that 2 correct? 3 A. Yes. 4 Q. These culminated in a Board meeting on 1 July 2013, in 5 which the Board received an update from the Chief 6 Executive, shortly before the Interim Report was 7 finalised and circulated to interested parties; is that 8 right? 9 A. That's right. 10 Q. Please could we look at the minutes of that meeting on 11 1 July, they bear the reference POL00021515. We can see 12 there from those present -- you're the last named under 13 those "Present" -- in attendance were the Chairman and 14 Chief Executive, Non-Executive Directors and other 15 directors of the company. 16 If we scroll down, please, the first item on the 17 agenda was Horizon, and it states: 18 "The CEO apologised for the short notice in keeping 19 the Board updated but explained that issues had arisen 20 over the last couple of days. She gave an update on the 21 Horizon review which was being undertaken by Second 22 Sight and their Interim Report which was to be presented 23 at a meeting of MPs on 8 July. The investigation to 24 date had found no systemic issues with the Horizon 25 computer system but had highlighted areas for 69 1 improvement in support areas such as training." 2 You state in your evidence that the Board -- by 3 which, presumably, you meant you as well -- had felt 4 reassured by this update, particularly by the suggestion 5 that there were no systemic issues in the system; is 6 that correct? 7 A. That's correct. 8 Q. Ms Vennells, however, went on to explain, under 9 subparagraph (b): 10 "... like any large computer system, [Horizon] would 11 occasionally have anomalies and two were [known] over 12 recent years. The Business had dealt with these 13 anomalies to ensure no subpostmaster was out of pocket 14 and these anomalies had not affected any of the cases 15 which Second Sight had reviewed. Second Sight had been 16 told of these anomalies and they would include them in 17 their report." 18 At the time of this update, did you know to what 19 Ms Vennells was referring by "these two anomalies"? 20 A. I didn't, no. 21 Q. It would have been apparent to you, would it not, from 22 the update that you received that they related to 23 accounting errors in the system? 24 A. (No audible answer) 25 Q. Would you have gleaned that from the suggestion that 70 1 they'd been dealt with to ensure that no subpostmaster 2 was out of pocket? 3 A. I don't think I gleaned it from this update but 4 I gleaned it on reading the Second Sight Report a short 5 while later. 6 Q. When you read the Second Sight Report, you discovered, 7 I think you say, the existence of those two bugs, the 8 receipts and payments mismatch bug and the local 9 suspense account bug; is that correct? 10 A. It is, yes. 11 Q. Bearing in mind that you had oversight of the division 12 that was responsible for identifying any alleged 13 accounting errors arising from those bugs, did it 14 surprise you to learn this for the first time from, 15 I suppose, firstly, Ms Vennells' update but the detail 16 from Second Sight's Report? 17 A. Yes, it did. 18 Q. Did it concern you that these anomalies were known to 19 the business but had not been previously brought to your 20 attention as CFO? 21 A. I can't remember if it concerned me. I was surprised 22 and I remember being assured and you can see through the 23 Second Sight Report that Post Office had assured them 24 that these bugs had been rectified and there'd been no 25 detriment to any subpostmasters but I regret that 71 1 I didn't take any closer action, follow-up action, to 2 understand why I had not known about these earlier. 3 Q. So at the time, then, would you have been concerned that 4 this discovery called into question the accuracy and 5 reliability of the reporting lines to you as CFO? Are 6 you saying only with hindsight? 7 A. I think with hindsight, certainly. 8 I can't recall having been alarmed but I'm not sure 9 now -- knowing what I know now, I think I should have 10 been alarmed. I should have been concerned but I don't 11 think I was at the time. I think I took, unfortunately, 12 assurance that these matters were in the past, had been 13 remediated, had been dealt with, and I probably put them 14 into that category of relatively routine things which go 15 wrong with an IT system and get fixed. Sorry, I don't 16 think I made a connection to how on earth can I rely on 17 my financial data if these two things have happened in 18 the past without my knowledge? I don't think I made 19 that connection. 20 Q. Did you take any steps after these anomalies, these 21 bugs, were bought to your attention, to assure yourself 22 that any accounting errors caused by them had, in fact, 23 been identified and remedied? 24 A. I don't recall but I think it's unlikely that I did. 25 I don't -- 72 1 Q. Why is that? 2 A. Well, I have no recollection of making any specific 3 intervention. As I say, I think I would have -- I think 4 on the basis of what I read in the Second Sight Report 5 I would have been surprised to learn about them. Then 6 maybe slightly perturbed that they had been divulged by 7 Post Office, apparently to Second Sight, so slightly 8 perturbed that I wasn't part of that disclosure process. 9 But, in terms of my primary focus of does this give me 10 cause for concern about the accuracy of my financial 11 statements, no, it wouldn't have done. 12 You know, looking at the number of cases and looking 13 at the order of magnitude, I'm afraid I would have 14 simply been applying a materiality filter to that. 15 Q. Which is to say that the value of any accounting 16 shortfall would not have been sufficiently high to 17 register with you as a significant risk at a business 18 level? 19 A. Well, yes, twofold: firstly, I was assured they'd been 20 remediated and that no subpostmaster was out of pocket 21 because, clearly, they could have been material sums for 22 an individual subpostmaster but then, with my CFO hat 23 on, you know, do these make me concerned that I've 24 misstated my accounts? No. 25 Q. Thank you. On the following page, the minutes of the 73 1 meeting record that: 2 "The [CFO] was concerned that the report from the 3 independent forensic accountants was not as factual as 4 expected and could lead to loose language at the MP 5 meeting." 6 A. CEO. 7 Q. Sorry, the CEO, forgive me. At subparagraph (d): 8 "The Board asked the Business to challenge Second 9 Sight to ensure changes were made to the report where 10 possible and asked the Business to prepare their 11 communication to combat any inaccuracies." 12 Can you explain, please, the reference in the 13 minutes to the Board asking POL to challenge Second 14 Sight to ensure that changes were made to the report? 15 A. I don't recall the specific -- this specific part of the 16 conversation but my general recollection is that there 17 was a disappointment with the lack of evidence-based 18 findings. You referenced earlier the periodic updates 19 from the CEO through the course of the Second Sight 20 investigation, which were broadly that there was nothing 21 systemically wrong with the system but that some of the 22 language used was quite emotive, some of the examples 23 seemed to be anecdotal and not evidence based and that 24 was the general feeling from that meeting. 25 So I think that's the context for the board seeking 74 1 to challenge Second Sight where appropriate to be more 2 specific, to try to draw out themes, particularly, my 3 interest being in can we find things which are more 4 widespread, that there might be something we can do 5 about, and to reduce the degree of perceived anecdotal 6 or lack of evidence-based findings. That's the general 7 sense but I don't have a specific memory of the 8 conversation. 9 Q. Between the date of this meeting on 1 July and the next 10 meeting of the Board on the 16th, Ms Vennells provided 11 several updates to the Board via email; do you recall 12 that? 13 A. I know that a lot happened in those two weeks and 14 I don't recall everything that happened but, through 15 this Inquiry process, I've been able to piece together 16 quite a lot of what I think happened, such that, as I'm 17 sure we'll come on to discuss, the tone of the 16 July 18 Board meeting was really markedly different from that of 19 1 July. 20 Q. I'd like to explore with you a little bit why that might 21 be. Now, one of the risks which Ms Vennells identified 22 in her emails to the Board related to the reopening of 23 past prosecutions brought by Post Office as a result of 24 Second Sight's findings. Do you recall that risk being 25 raised? 75 1 A. I don't. I've seen the -- seen a document, which -- 2 from Ms Vennells, which was updating the board on the 3 progress of meetings with, I believe, James, now Lord, 4 Arbuthnot and other MPs, and I think it was in that 5 document, which is broadly positive in terms of the 6 findings and the discussion with MPs, but references, 7 I think, Lord Arbuthnot's concern or determination that 8 we should go back and look at previous prosecutions as 9 a bit of a frustration for Ms Vennells. So I -- but 10 I've seen that recently. I don't recall having read 11 that note at the time. 12 Q. Can we please turn up your statement at WITN10000100, 13 please, at page 24, please, paragraph 69. Thank you. 14 You're referring here -- perhaps if we go back a page 15 just to place that in context, sorry. Thank you. 16 You were asked questions in your Rule 9 Request 17 about financial and reputational risk and you refer here 18 to an email from Ms Vennells dated 6 July, in which, in 19 advance of the publication of the Interim Report, she 20 identified one of the main reputational and potentially 21 financial risks arising from the review relates to 22 possible attempts to reopen past prosecutions based on 23 the findings. Now, you say: 24 "I do not remember this being discussed by the Board 25 but I do not believe this was a significant financial 76 1 concern. My recollection is that we believed only 2 a small number of historic cases would be affected, 3 leading to a limited number of possible compensation 4 claims, which, from a POL financial reporting 5 perspective, would be immaterial in quantum." 6 Now, it might be suggested that here you're trying 7 to downplay somewhat the significance of the risks 8 relating to the reopening of past criminal cases; would 9 that be fair? 10 A. No. 11 Q. You do, however, dismiss the financial risk as being one 12 that's really immaterial to you as CFO, in terms of its 13 quantum? 14 A. That was my perception at the time and the context would 15 be the Second Sight Report. So I had not made the 16 direct connection, nor had I been party to the 17 conversation with MPs, and the determination to include 18 past prosecutions in the findings. Perhaps -- my 19 perhaps naive view at the time was that there would be 20 a small number of people who might need to be 21 compensated but that was, in my mind, in relation to the 22 findings of the Second Sight Report, primarily around 23 poor support and training to subpostmasters. 24 Q. This wasn't the first time that someone within Post 25 Office had raised a concern about the reopening of 77 1 criminal prosecutions with you, was it? 2 A. Remind me? 3 Q. In Mr Ismay's original report to you, he specifically 4 addresses the risk of reopening cases if Horizon is 5 found not to have integrity. We saw that raised again 6 in the email of November 2011, so was this not something 7 of which you were aware, a perception of a greater risk 8 to the business, possibly an existential threat, even? 9 A. No, it wasn't and, indeed, there's a two-year hiatus 10 between those two references -- a three-year hiatus in 11 one case and two years in the second case -- of those 12 connections you just attempted to make. So no, they 13 absolutely would not have been in my thought and, 14 therefore, I would not have written in my statement that 15 I thought we were only dealing with a small number of 16 compensation cases at this stage. 17 Q. Second Sight's Interim Report was addressed again at the 18 Board meeting on the 16th, as you have referenced 19 already. I think you recall -- is it fair to say you do 20 recall that meeting, the tone of it, now? 21 A. Yes. 22 Q. Please can we bring up the minutes of that meeting. 23 Those are at POL00021516. Thank you. It's at page 6, 24 please, where we see Second Sight's Interim Report was 25 discussed. Thank you. So, in the first paragraph, by 78 1 way of update: 2 "The CEO explained that although Second Sight's 3 report had been challenging it had highlighted some 4 positive things as well as improvement opportunities. 5 The Business had been praised in Parliament for setting 6 up the independent review; the proportionality of the 7 tiny number of cases had been emphasised ..." 8 That's a point that you've, in fairness, raised 9 a few times: 10 "... and no systemic issues had been found with the 11 Horizon computer system. However there were cultural 12 issues which had to be addressed to improve the support 13 we gave to subpostmasters. The CEO stressed this was 14 now a catalyst to make changes in the Business." 15 The section I want to ask you about is (b), please, 16 where it reads: 17 "The Board were concerned that the review opened the 18 Business up to claims for wrongful prosecution." 19 Now, in your statement you say, about this minute -- 20 we don't need to bring it up unless you wish to see 21 it -- but it reads: 22 "I do not recall who made that comment that led to 23 the minute [that I've just cited]. I don't recall what 24 the specific basis for this concern was." 25 Again, it might be suggested that, in your evidence, 79 1 you're seeking to distance yourself from the seriousness 2 and significance of the concerns that are being voiced 3 at this stage as to the implications that Second Sight's 4 findings had for Post Office's past criminal 5 convictions; is that fair? 6 A. No. Could I add a little more? 7 Q. Please. 8 A. My -- having not been involved in the Second Sight work, 9 really at all, my views were informed by the periodic 10 updates provided generally by the CEO, occasionally by 11 the General Counsel. So I think the summary in the 12 minutes under (b) is exactly what my understanding would 13 have been at the time. I've been able to, through this 14 Inquiry process and on receipt, fairly recently, of 15 other documents, to understand a little bit more of the 16 background to why you can see reported under (c) the 17 Board felt that the business had not managed the 18 assignment well, and then, if we come on to talk about 19 the requests of me to look into the insurance situation, 20 why I can now understand, but didn't at the time, the 21 Board had that specific concern about potentially 22 being -- opening ourselves up to claims of wrongful 23 prosecution. 24 So, sorry, that's a very long answer but, in terms 25 of the core document, the Second Sight Review itself, 80 1 and my reading of this minute, which is the only thing 2 I had until recently, I did not have a perception that 3 either of those had, in themselves, opened us up to 4 claims of possible wrongful prosecution. 5 Q. I'd just like to test with you a little bit, Mr Day, 6 what you did know, from what we've discussed so far 7 today. You knew, upon reading Second Sight's Report 8 that it had identified two faults in Horizon Online, 9 which we've mentioned, the two bugs; that much you 10 accept, yes? 11 A. Yes. 12 Q. You also knew from Ms Vennells' update that those faults 13 had caused accounting errors which had had to be 14 rectified; that's correct, isn't it? 15 A. Well, I knew that from the reading the Second Sight 16 Report, yes. 17 Q. Either the report or the update? 18 A. Yes. 19 Q. You would have appreciated at the time, would you not, 20 that the existence of such faults potentially called 21 into question the integrity of Horizon's financial 22 accounting? You were alive to that risk, surely? 23 A. Potentially. 24 Q. You would also have appreciated, would you not, that 25 POL's knowledge of these faults called into question the 81 1 confidence which it stated in Horizon's integrity? 2 A. Yes. 3 Q. You were aware from the regular updates that the Board 4 received from Ms Crichton, General Counsel, that POL was 5 still bringing prosecutions and recovering assets from 6 subpostmasters and employees in reliance on Horizon 7 data. You knew that, did you not? 8 A. Yes, I would have known that, yes. 9 Q. Did those matters, taken together, not provide 10 sufficient reason to be concerned that POL might face 11 claims of wrongful prosecution? 12 A. They might have been but they weren't in my mind at the 13 time. So if I look at the Second Sight Report and the 14 periodic updates that I was receiving, it was that there 15 were no systemic issues with the system. There were the 16 four spot reviews identified, which -- particularly 17 SR05 -- would have been of concern but these were, as 18 I understood it, work in progress. More work needed to 19 be done by both Second Sight and Post Office to 20 establish exactly the veracity of these particular 21 claims or issues. 22 So, no, I don't think -- I mean, I genuinely was 23 surprised by the comment in the minutes that, on the 24 basis of what I understood and had been party to, we had 25 opened ourselves up to claims of wrongful prosecution, 82 1 and that's why I say I don't know -- I'm not saying it 2 didn't happen. Clearly, it was expressed by somebody on 3 the Board but I don't know who that was or in what 4 context. 5 Q. As you've acknowledged, the Board was sufficiently 6 concerned, was it not, about this issue that it asked 7 you to investigate the insurance position and to ensure 8 that Royal Mail Group and Post Office Limited notified 9 their insurers of the review's findings? 10 A. Yes. 11 Q. We can see the action for that on page 7, please -- 12 thank you: 13 "The CFO was asked what the insurance position was. 14 He promised the Board a note on this. He was also asked 15 to ensure that both RMG and the Business's insurers were 16 given notice of the review findings." 17 Now, do you recall what action you took to comply 18 with that instruction? 19 A. I don't recall the note, whether I wrote a note or not. 20 I did take action to ensure that both Royal Mail Group 21 and Post Office's insurers or their brokers were given 22 notice of the findings, and the reason that Royal Mail 23 Group were involved is that one of the policies, the 24 Directors' and Officers' policy, was actually still part 25 of Royal Mail, it was in a six-year run-off period since 83 1 2012, so we shared responsibility for that. So I would 2 have had to have reported it to Royal Mail Group. 3 I don't think I did it personally. I think I did it 4 through a direct report of mine who looked after 5 insurance. 6 Q. I wonder, please, if we could turn to POL00108035. 7 Thank you. This appears to be your first update on this 8 matter, so if we could scroll, please, to the bottom of 9 the document, where the email chain starts. Thank you. 10 That's the bottom of the email. So if we could please 11 just get to the top of that first message. Thank you. 12 So this is dated 19 July 2013, addressed to Alwen Lyons, 13 Company Secretary, it reads: 14 "Dear All 15 "On Tuesday the Board asked for information on three 16 things this week: 17 "A paper on Transitional Support Services with 18 Fujitsu which we agreed would be considered by 19 corresponded. 20 "The impact of the Financial Services Junction 21 insurance changes, and the continued Transitional 22 Support from Fujitsu, on the strategic plan and bottom 23 line (including the P&L [profit and loss, presumably] 24 and cash flow changes). 25 "[Thirdly] The impact on Horizon/Second Sight on our 84 1 insurance cover. 2 "The first two points are covered by the attached 3 and the final one is explained by Chris below." 4 It reads: 5 "Insurance 6 "We discussed what impact the current Horizon issues 7 might have on our insurance on which we are advised by 8 our insurance broker, Miller. Their view is that whilst 9 other insurance policies may be impacted the most likely 10 one is D&O ..." 11 You've just explained that was a reference to the -- 12 A. Directors' and officers'. 13 Q. Thank you. 14 "... this had the added complication as it is the 15 only policy we share with [Royal Mail] and was shared by 16 their broker, JLT." 17 Do you recall who that's a reference ... 18 A. Yes, I don't recall what it stands for. 19 Q. "The excess on this policy varies under different 20 criteria but the main one is £25,000 on each and every 21 claim. A meeting is being set up with JLT and Miller to 22 ensure they are fully briefed on the issues before JLT 23 engage with the insurer." 24 Thank you, that's your first update. We see the 25 issue of insurance arises again, however, and you 85 1 produce a paper to the Board in March 2014. This is 2 POL00027430. This is entitled "Insurance issues arising 3 from the Complaints and Mediation Scheme": 4 "The purpose of this paper is to set out the 5 insurance-related issues for the Complaints and 6 Mediation Scheme and is an update to the paper committed 7 to the Board reading room in December 2013." 8 In terms of the nature of the risks identified, you 9 describe these at paragraph 3, please: 10 "So far [circa] 150 applications have been received 11 of which only about a third have been worked through so 12 the assessment below is based on our estimation of the 13 issues. It is possible, but unlikely, that the pattern 14 of cases might develop in a way that chases this 15 assessment." 16 So, pausing there, this is, of course, a reference 17 to the establishment of the Complaint Review and 18 Mediation Scheme -- that's correct -- 19 A. Yes. 20 Q. -- and the number of applications received by that 21 scheme for compensation -- 22 A. Yes. 23 Q. -- arising in connection with faults in Horizon? 24 A. Arising from the findings of Second Sight Report. 25 Q. Now, earlier on, you, in your evidence, emphasised the 86 1 very small number of cases which affected your 2 assessment of materiality. By this stage, Post Office 3 had received 150 applications. Had that changed your 4 assessment -- 5 A. Yes. 6 Q. -- of the seriousness and significance of this issue? 7 A. Yes, I still felt -- we still felt, that we were dealing 8 with compensation but, clearly, through the course of 9 the second half of 2013 and into 2014, the number of 10 applications and the size of some of the compensation 11 requests, however one might attempt to scale them, were 12 orders of magnitude bigger than we had originally 13 envisaged or imagined as a direct result of the Second 14 Sight Review back in July 2013. 15 So, yes, this absolutely was now material. It was 16 not just material to me financially; it was taking up 17 a huge amount of management time across the 18 organisation. 19 Q. Now, so far as your assessment was concerned, the making 20 of payments under the scheme would not attract insurance 21 covering; is that correct? 22 A. Yeah, I think my developing understanding of the 23 insurance position was -- and I'm talking here about 24 professional indemnity, rather than D&O insurance -- 25 that compensation, if defined as goodwill, in relation, 87 1 for example, to Post Office having poorly supported or 2 trained subpostmasters, failed to provide them with the 3 requisite tools to do the job properly, could lead to 4 compensation claims which would not be covered by PI 5 insurance, ie PI insurance, as I understood it, would be 6 limited -- cover would be limited to issues for which 7 Post Office was legally liable. 8 Q. That is to say for which they had a legal obligation to 9 pay -- 10 A. Yes. 11 Q. -- compensation. Now, one of the aspects of the 12 concerns of the Board is not simply the business's 13 liable but it was the individual liability of directors; 14 is that correct? 15 A. It is. 16 Q. Did you personally have a concern yourself? 17 A. I don't recall having a concern and, going back through 18 all of the documentation, it's clear that there were 19 lots of different conversations around insurance, both 20 at the Board and outside of the Board, and different 21 non-execs expressing concern about the lack of clarity 22 that I had provided on insurance, and it's difficult to 23 work out from where each person was coming, whether it 24 was on behalf of the organisation, in terms of 25 professional indemnity cover, or whether it was on 88 1 behalf of themselves in terms of possible breaches of 2 directors' duties or errors through the D&O mechanism. 3 It wasn't entirely clear where all of these 4 different challenges and questions were coming from. 5 Q. What was your perception at the time as to where the 6 focus lay, as between the Board's interest in their own 7 exposure and the exposure of the business? 8 A. My recollection is that the very first conversations 9 were around D&O, and I think that's -- but I have to 10 caveat that with I didn't have a full and detailed 11 understanding of exactly which policies might apply in 12 which circumstances but, if I go back to the very 13 beginning of the conversation, which is that Board 14 meeting of 16 July, my very clear understanding was we 15 were talking about potential compensation and, 16 therefore, I don't think it would have been in my mind 17 that D&O was the appropriate cover. But I can't speak 18 for others. 19 MS HODGE: Thank you, sir. That brings me to the end of 20 that topic. I wonder whether, if you would be content 21 if we take an early lunch break and return at 1.30 to 22 finish my questions for Mr Day and then to hand over to 23 recognised legal representatives? 24 SIR WYN WILLIAMS: Yes, by all means. So as you have 25 suggested, we will adjourn now and resume at 1.30. 89 1 MS HODGE: Thank you, sir. 2 (12.26 pm) 3 (The Short Adjournment) 4 (1.30 pm) 5 MS HODGE: Good afternoon, sir, can you hear and see us? 6 SIR WYN WILLIAMS: I can, thank you. 7 MS HODGE: Thank you. 8 Mr Day, good afternoon. The next topic I'd just 9 like to deal with, please, is the Horizon Desktop Review 10 carried out by Deloitte. Now, as part of actions 11 arising from Second Sight's findings, the Post Office 12 commissioned a review by Deloitte into the integrity of 13 Horizon; is that correct? 14 A. That's correct. 15 Q. This report became known as the Horizon Desktop Review 16 of Assurance Sources and Key Control Features but, 17 before we turn to that report, I would like to ask you 18 some questions about the reasons why it was 19 commissioned. 20 Now, just by way of background POL had instructed 21 Linklaters LLP to advise on the business's potential 22 liability to claims from subpostmasters who had wrongly 23 been held accountable for shortfalls shown by Horizon; 24 is that right? 25 A. That's correct. 90 1 Q. Linklaters had identified, in its advice to the Post 2 Office Board, that there did not exist an objective 3 report which addressed the use and reliability of 4 Horizon; is that right? 5 A. Correct. 6 Q. The Board therefore decided that it would instruct 7 Deloitte to produce such a report; is that a fair 8 summary? 9 A. Yes. 10 Q. Now, if we could look, please, at the minutes of the 11 Board meeting on 30 April 2014, these are at 12 POL00021524. Thank you. 13 So these are the minutes of the meeting on 30 April. 14 We can see at page 6, please, the discussion of the 15 Deloitte report into Horizon. 16 Now, just pausing there, I think it's right to say 17 that you didn't lead on this work as such; it was led by 18 the CIO, Lesley Sewell; is that correct? 19 A. Correct, and Chris Aujard, the General Counsel. 20 Q. The then General Counsel? 21 A. Yeah. 22 Q. So the extent of your involvement was insofar as you 23 received updates as a member of the Board and were shown 24 a copy of the report; is that correct? 25 A. Correct. 91 1 Q. So this confirms that the Board welcomed Lesley Sewell, 2 Chief Information Officer. She wasn't a regular 3 attender at the Board; is that correct? 4 A. Correct. 5 Q. She dealt with matters as and when she needed to, and 6 Gareth James, a partner at Deloitte, then welcomed to 7 the meeting, and Chris Aujard, the General Counsel, also 8 rejoined the meeting: 9 "The Chairman thanked Gareth James for his draft 10 report and explained that there were a number of people 11 who were sceptical about Horizon. The Board were 12 concerned to know the truth about the reliability of the 13 system. Deloitte's views would need to be expressed in 14 such a way that they would persuade reasonable lay 15 people." 16 Does that accurately summarise your understanding as 17 to what was being sought from Deloitte at this stage? 18 A. Yes, it does. 19 Q. Essentially, a report that would show others or prove to 20 others that POL was right to have confidence in the 21 system? 22 A. Yes, although I think somewhere else it says in the 23 minutes that the Chair expressed a view that it would be 24 beneficial to have a positive view of the integrity of 25 Horizon, if that be the case. So it wasn't completely 92 1 one sided and lacking objectivity. 2 Q. We see at subparagraph (c), Ms Sewell explained that: 3 "... the first piece of work that Deloitte had been 4 asked to undertake was to give assurance that the 5 control framework, including the security and processes 6 for changes in the system, were robust from an IT 7 perspective." 8 Pausing there again, what Ms Sewell is describing 9 there, is she not, is an activity that is similar to 10 what had been carried out by Ernst & Young as part of 11 their financial audit but here perhaps with a particular 12 focus, a more direct focus, on the Horizon system? 13 Broadly speaking, they were covering the same areas, 14 that is to say the control framework, security and 15 processes for change; would you agree with that? 16 A. Broadly but I don't think that's the same as saying that 17 they were simply being asked to replicate what Ernst & 18 Young were doing. 19 Q. No, indeed. I didn't mean to imply that at all but 20 rather that the matters being canvassed by Deloitte 21 would cover an area that had already been 22 investigated -- 23 A. Yes. 24 Q. -- by Ernst & Young, of which you were aware and which 25 had been reported to you? 93 1 A. Correct. 2 Q. So it goes on at subparagraph (d) to confirm that Gareth 3 James, the partner at Deloitte -- so we know, forgive 4 me, by this stage, a draft report is in existence. So 5 some provisional findings, it seems, have been made at 6 this point: 7 "[Mr] James reported that all the work to date 8 showed that the system had strong areas of control and 9 that its testing and implementation were in line with 10 best practice." 11 However, he goes on to say: 12 "Work was still needed to assure the controls and 13 access at the Finance Service Centre." 14 Now, if we go on to (e) please: 15 "Chris Aujard [the General Counsel] explained that 16 several of the subpostmasters who were challenging 17 Horizon had made allegations about 'phantom' 18 transactions which were non-traceable." 19 What did you understand Mr Aujard to mean by 20 "phantom transactions"? 21 A. I don't think I had an understanding at that time of 22 what he meant. Rereading the documentation recently, 23 I've noticed, all the way back to the Rod Ismay report 24 there's a reference to allegations of ghost 25 transactions, which I had not previously picked up. But 94 1 back in 2014, I think this would have been a surprise to 2 me that he was asking such a specific question of 3 Deloitte. 4 Q. Would you have understood that issue to relate to the 5 question of privileged access and whether or not 6 transactions could be inserted without a subpostmaster's 7 authority or approval? 8 A. I would now make that association. I don't think I did 9 at the time. 10 Q. Mr Aujard said: 11 "Assurance from Deloitte about the integrity of the 12 system records logs would be very valuable." 13 So clearly a hope and expectation that Deloitte will 14 ultimately give the Board the assurance that it's 15 seeking. 16 A. Yes. 17 Q. Now, a copy of the report was shared with you; is that 18 correct, at the time -- forgive me, after this meeting 19 in April, a copy of Deloitte's review was shared with 20 you? 21 A. I believe it was. 22 Q. Can we please just look at what you say in your 23 statement about your reaction to reading the report. 24 That's at WITN10000100, please, at page 34, 25 paragraph 108. Thank you. Now, I think you make the 95 1 point that the copy that's been shared with you is 2 marked as a draft, dated 23 May 2014. You don't believe 3 you've been shown final versions -- 4 A. Correct. 5 Q. -- or a final version of the report or of the briefing 6 document supporting it? 7 A. Correct. 8 Q. But you do say that, on receipt of the reports, this is 9 the fourth line from the bottom: 10 "... I can recall a sense of general disappointment 11 by the Board. I cannot recall my views at the time, but 12 looking at it now I think that Deloitte's report was far 13 too caveated and failed to reach any definitive 14 conclusions on the reliability of the Horizon IT 15 System." 16 Now, what I'd like to do, please, is look at the 17 report with you and some of the conclusions which it did 18 reach. Please could we bring up the report which bears 19 the reference POL00028062. Thank you. 20 Now, just to orientate ourselves a bit, please can 21 we turn to page 3, where we find the "Executive 22 Summary". This provides the outline of the "Context" 23 for the assurance work which Deloitte had undertaken. 24 It reads: 25 "As outlined to us by the Post Office Limited 96 1 litigation team, 'POL is responding to allegations from 2 subpostmasters that the "Horizon" IT System used to 3 record transactions in POL branches is defective and 4 that the processes associated with it are inadequate 5 ([for example] that it may be the source and/or cause of 6 branch losses). POL is committed to ensuring and 7 demonstrating that the current Horizon system is robust 8 and operates with integrity, within an appropriate 9 control framework'." 10 It goes on to confirm: 11 "POL is confident that Horizon and its associated 12 control activities deliver a robust processing 13 environment through three mechanisms: POL have designed 14 features directly into Horizon to exert control; POL 15 operates IT management over Horizon; and POL have 16 implemented controls into and around the business 17 processes making use of Horizon. Collectively these 18 three approaches of inherent systems design, ongoing 19 systems management and business process control are 20 designed to deliver a Horizon processing environment 21 which operates with integrity." 22 A little further down, it confirms: 23 "Deloitte has been appointed to: 24 "[Firstly] consider whether this Assurance Work 25 appropriately covers key risks relating to the integrity 97 1 of the processing environment; 2 "to extract from the assurance work an initial 3 schedule of the Horizon Features; 4 "to raise questions for potential improvements in 5 the assurance provision." 6 Now, what I'd like to do, please, is move forward to 7 the observations that were made in the report, the 8 detail of which we can find at section 6 of the report, 9 please, page 29. Now, we see here a section of the 10 report entitled "Matters for Consideration": 11 "In this section we set out our key matters for 12 management consideration, further to the work we have 13 performed above. 14 "We have structured this section as follows: 15 "[Firstly] Key matters for Consideration, by Risk 16 Area ... 17 "Factors to Consider in Formulating an Action Plan; 18 and 19 "Proposed Action Plan." 20 Now -- thank you -- if we scroll down a little, we 21 see the column on the left-hand side relating to "Risk 22 Area", the column in the middle defining the "Key 23 Matters for Consideration" and the column on the 24 right-hand side, the "Nature of Assurance Work". Now 25 on, page 30 please, this is the fourth area of risk 98 1 identified and -- please, if we could scroll down to 2 subparagraph (4), thank you -- these relate to risks 3 identified confirming system usage and, over the page, 4 on page 31, we're starting first with subparagraph (e). 5 This raises a point which we discussed this morning, 6 Mr Day, of Mr Ismay's report. It provides: 7 "Proactive monitoring of key System Usage Risks: The 8 current assurance environment appears to be 'reactive' 9 in nature, with exceptions in processing triggering 10 diagnostic and remediation activity only when reported. 11 It would appear that no use is being made of the Audit 12 Store, for proactive monitoring of unusual or 13 exceptional system events potentially worthy of further 14 investigation and action." 15 Now, bearing in mind what you'd repeatedly been told 16 or reassured about the business's efforts to rectify and 17 remedy any accounting shortfalls created by software 18 faults, were you not concerned to read here that there 19 was no proactive monitoring of events in the system, 20 which could potentially cause such errors and 21 shortfalls? 22 A. I don't recall this specific finding. I have a better 23 recollection, I think, of the short form report, which 24 I believe came to the Board. I'm not sure this full 25 56-page -- 99 1 Q. This is the assurance review, which I think you, in your 2 evidence, say that you read. 3 A. Okay. 4 Q. Is that correct? Do you recall reading the report, the 5 review? 6 A. I will have read it. I don't recall this individual 7 point or, indeed, relating it back to the earlier 8 issues. I'm not exactly sure what the question is. 9 Q. Forgive me, the point I'm making here is what Deloitte 10 are flagging is a reactive approach being taken to the 11 diagnosis and remediation of problems in the system, and 12 that was consistent with what we saw, was it not, in 13 Mr Ismay's report about the barcoding? 14 A. Oh, I beg your pardon. 15 Q. -- fault. 16 A. I hadn't made that association but I can see why you're 17 saying that now. Yes. 18 Q. Now, you may not recall, or indeed you may not have read 19 the next paragraph, but I would like to ask you about 20 subparagraph (f), relating to hardware controls over the 21 audit store. This reads: 22 "The Centera EMC devices used to host Audit Store 23 data have not been configured in the most secure EC+ 24 configuration. As a result, system administrators on 25 these boxes may be able to process changes to the data 100 1 stored within the Audit Store, if other alternative 2 software controls around digital seals, and key 3 management are not adequately segregated from Centera 4 box administration staff. Privileged access to the 5 cryptographic solution around digital signatures, and 6 publicly available formulas on MD5 hashed digital seals 7 would potentially allow privileged users at Fujitsu to 8 delete a legitimate sealed file, and [replace it] with 9 a 'fake' file in an undetectable manner." 10 Do you have any recollection of reading that at the 11 time? 12 A. I don't but I can quite see its significance now. 13 Q. If you had read it, do you think you would have made the 14 connection between this and the concerns which were 15 earlier articulated about access to the system? 16 A. I would like to think I would, although, as I say, 17 I will have received this report and read it, I do 18 recall colleagues saying that this was unwieldy and not 19 written in plain English and that was why I think Chris 20 Aujard was asked to ask Deloittes to write a shorter 21 form, easier to understand, report, which I believe was 22 then taken to the Board. And that one had some very 23 specific management actions coming out of it, 24 relating -- two particularly, one to do with balancing 25 transactions and one to do with integrity of the audit 101 1 store. But the point above it in (e), I don't recall -- 2 I don't recall that one. 3 Q. What you seem to be suggesting, Mr Day, was this was far 4 too lengthy a report for you to consider in all its 5 detail but you, of course, were experienced in dealing 6 with lengthy reports. We had the management letter from 7 Ernst & Young with some detailed audit considerations. 8 Did you not treat this report in the same way as you 9 would -- 10 A. Yeah, to be clear, it wasn't myself that said this was 11 unwieldy and unusable, although I might have concurred 12 with that view. I think it came from one of the other 13 people on the Board who said we need something easier to 14 understand, more concise and with a cover note, which 15 I believe was drafted by Mr Aujard. So I think the form 16 in which it came eventually to the Board, although there 17 is very little -- there appears to be very little 18 documentation relating to this period, I believe was 19 more like a six or eight-page document, much more 20 concise and, as I say, specified two areas that I recall 21 we then took management actions to address. 22 Q. Now, I fully take the point you make, which is that 23 subparagraph (f) is not phrased in language that would 24 necessarily be readily understandable to someone without 25 technical knowledge but, if we look, please, at 102 1 subparagraph (g) which references the branch database it 2 says this: 3 "We observed the following in relation to the branch 4 database being: 5 "[Firstly] A method for posting 'Balancing 6 Transactions' was observed from technical documentation 7 which allows for posting of additional transactions 8 centrally without the requirement for these transactions 9 to be accepted by subpostmasters ([either] as 10 'Transaction Acknowledgements' and [Transaction 11 Corrections] require). Whilst an audit trail is 12 asserted to be in place over these functions, evidence 13 of testing of these features is not available ..." 14 Did that not show, Mr Day, that there were backdoors 15 into Horizon? 16 A. I think, reading this recently, absolutely. It says 17 that. I didn't make any reference to it in my statement 18 and I had no recollection of this being a major alarm at 19 the time, and I don't know why that is. As I say, the 20 only documentation I've been provided with that helps me 21 to piece together what might have happened, although 22 it's not a direct recollection, is management actions 23 relating to the Deloitte report and I think it's a paper 24 by Chris Aujard entitled "Zebra Actions" or "Actions 25 relating to Zebra and the Deloitte report". 103 1 And, having reread that, I can see that there are 2 two specific actions that IT -- the IT function took. 3 One was to test for the actual usage of these balancing 4 transactions, like had it ever actually happened, other 5 than the one incident in 2010 that had been referred to 6 by Deloitte; and the other was -- I forget the exact 7 wording -- to do with testing the integrity of audit 8 store access. And when I reread that document recently, 9 that sounded familiar, rather than anything that I'd 10 read in this original report. 11 So I think that was the distillation -- I think 12 there was a shorter form of this that may or may not 13 have been discussed at the Board. I couldn't find it in 14 any board minutes that it had been discussed but 15 presumably it must have been. 16 Then there were a series of management actions 17 coming out of the Chris Aujard paper, and then the trail 18 seems to go cold in the last few months that I was at 19 Post Office as to exactly whether those actions were 20 followed up and in what time scale. 21 Q. Thank you. I think, so far as you've covered, that's 22 your recollection of how the organisation responded -- 23 A. Yes. 24 Q. -- to the Deloitte report but that's really the extent 25 of how you can help us in that regard; is that correct? 104 1 A. Yes, I mean -- just to expand, I mean, unfortunately, 2 regrettably, I did not connect -- I don't recall 3 connecting at the time the balancing transaction point 4 to the earlier points. It may be -- may be self-evident 5 now but I think, had we as a Board had that presence of 6 mind to think "Oh, my goodness, privileged access, 7 wasn't that a problem in the past, even though it's been 8 remediated", I don't think we put those together. 9 Certainly, I didn't put those together. 10 Q. Thank you. There's one point I'd like to clarify with 11 you, please, in your statement. I'm just moving on from 12 the Deloitte report, this relates to a comment you make 13 in your statement about the advice which POL received 14 from Simon Clarke. That's at WITN10000100, please. 15 Page 27, please, paragraph 85. So you say here: 16 "I have been shown the following legal advice 17 provided to POL", and you list four pieces of legal 18 advice: Simon Clarke's Advice of 15 July 2013; his 19 advice of 2 August 2013; Brian Altman KC's Advice of 20 2 August 2013; and his further advice of 15 October 21 2013. 22 At paragraph 86, you say: 23 "I have no recollection of reading any of the 24 Advice. I do not recall any specific discussions by the 25 Board or briefings to the Board about any of the 105 1 Advice." 2 You then say at paragraph 87, this is what I wish to 3 clarify: 4 "I have been asked whether I had any prior knowledge 5 of the factual allegations set out in paragraphs 3 and 5 6 of the Simon Clarke Advice dated 2 August 2013. I did 7 not." 8 Now, those paragraphs relate to allegations that 9 evidence relating to known issues with Horizon had been 10 destroyed; is that correct? 11 A. Correct. 12 Q. When you say you had no prior knowledge, do you mean 13 prior to reading the Advice dated 2 August 2013? 14 A. I don't believe I read the Advice at all. I've only 15 read the Advice in the last few months. 16 Q. That's what I wanted to ask you, really. When did you 17 first read the Advice? 18 A. During the course of this Inquiry and, for whatever 19 reason, however strange it may seem, I did not read any 20 of those four advices and I'm as sure as I can be that 21 I didn't receive them. 22 MS HODGE: Thank you, Mr Day. I don't have any further 23 questions but if you could remain there, please, there 24 will be some questions from the legal representatives 25 and from the Chair, maybe. 106 1 Questioned by SIR WYN WILLIAMS 2 SIR WYN WILLIAMS: Well, can I just ask, can we just go back 3 to paragraph 108 of the witness statement, so that I can 4 clarify in my own head what it means. It's page 34 of 5 WITN10000100. That's it. 6 Now, Mr Day, just so I can be clear, the document 7 that Ms Hodge took you to is the document you referred 8 to in the first sentence of paragraph 108, yes? 9 A. It is, yes. 10 SIR WYN WILLIAMS: Then you make reference in the latter 11 part of it to a second document and you give the 12 reference, and is that the briefing document which was 13 referred to as coming to you after the whole of the 14 report? 15 A. I believe it is sir, yes. 16 SIR WYN WILLIAMS: Right. Fine. Now, that paragraph reads 17 to me as if you are accepting that the Board actually 18 received both those documents and I want to be clear 19 that that's what you intend to say. If you just read it 20 quietly to yourself, and then ... 21 A. Yeah. 22 SIR WYN WILLIAMS: Forget the draft point for the moment, 23 whether they're the draft or final version, to me, your 24 paragraph reads as if the Board received both documents? 25 A. I think -- I can't be completely sure that the whole of 107 1 the Board received the full long document because 2 I can't recall who it was who said "This is not in 3 a form that is acceptable for the Board". It may have 4 been the Chair or somebody else, I don't think it was 5 myself. So it's possible, sir, that it didn't come in 6 its entirety to the full Board. 7 It would have come to some of the Board and been 8 rejected as not fit for purpose. I can't recall the -- 9 I had thought that both documents had come to the Board 10 but the minutes don't help me to be sure on that point. 11 I'm -- 12 SIR WYN WILLIAMS: So is the true state of your -- I don't 13 want to put words into your mouth. Are you saying this: 14 that the second document referred to in paragraph 108 15 ending 069 reference, that was presented to the Board, 16 so as far as you can remember, and, by "the Board", all 17 the persons who constitute the Board? 18 A. Precisely, sir, but I haven't seen the minutes which 19 prove that to be the case. But I -- 20 SIR WYN WILLIAMS: No, but that's your understanding -- 21 A. Yes, it is. It is. 22 SIR WYN WILLIAMS: Right. So far as the first document is 23 concerned, ending 062, your understanding is that some 24 members of the Board, including you, received that 25 document? 108 1 A. Yes. 2 SIR WYN WILLIAMS: Fine. You go on to say in paragraph 108, 3 after identifying them: 4 "I can recall a sense of general disappointment by 5 the Board. I cannot recall my views at the time, but 6 looking at it now I think the Deloitte's report was far 7 too caveated and failed to reach any definitive 8 conclusions on the reliability of [Horizon]." 9 So am I to understand from that, that your personal 10 view is that the report which you received did not 11 demonstrate conclusively, or even on balance of 12 probability, that Horizon was robust because there were 13 no sufficient definitive conclusions about that? 14 A. Yes, that's true, sir. 15 SIR WYN WILLIAMS: Right. 16 A. To be clear, I think we're talking very much -- I'm 17 talking very much here about the shorter form report 18 with a cover note from Mr Aujard. 19 SIR WYN WILLIAMS: Right, okay. Again, sorry to cut across 20 you but so my thought processes are clear: so of the 21 document which you're satisfied from memory went to the 22 Board was a disappointment to the Board because it, in 23 effect, didn't reach definitive conclusions? 24 A. Correct. We felt we were two years on, no further 25 forward. We'd had a disappointing outcome in terms of 109 1 trying to verify the integrity of the Horizon system 2 from the Second Sight experience which had taken two 3 years. We'd then, albeit rather belatedly, realised 4 that we didn't have a truly objective report on Horizon 5 and this was our attempt to do that, and we find 6 ourselves three or four months later with a report which 7 essentially says the same things again: that the system 8 is broadly reliable but we haven't been able to test X, 9 Y or Z. We couldn't -- we didn't have documentation, 10 sufficient documentation going back far enough for us to 11 be able to fully test it. 12 By the time one had worked through the caveats, one 13 was not left with anything that, in my personal view, 14 took us any further forward. 15 SIR WYN WILLIAMS: Right. Then, finally, and then I'll hand 16 over. So far as what I'll call the long or the complete 17 version is concerned, the document ending 062, which 18 might be difficult for someone like me to understand, 19 ought not to have been difficult or unduly difficult to 20 understand for those members of the Post Office teams 21 who had the relevant technical expertise; is that fair? 22 A. That is fair. 23 SIR WYN WILLIAMS: Right. So will there have been persons 24 who received the full report who should have understood 25 what it was saying? 110 1 A. Yes, that would follow. 2 SIR WYN WILLIAMS: Yes, and from memory, who would those 3 persons have been, Mr Day? 4 A. Well, it would have been the IT function, IT security, 5 the CIO, working in conjunction with the General 6 Counsel, who was custodian of this report but clearly 7 not an IT expert himself. 8 SIR WYN WILLIAMS: Right. So by name: Ms Sewell -- 9 A. Yes. 10 SIR WYN WILLIAMS: -- and obviously Mr Aujard? 11 A. Yeah. 12 SIR WYN WILLIAMS: The most senior people, yes? 13 A. Yeah, another name appears in the documentation that 14 I was only reacquainted with very recently, a lady 15 called Julie George, who was, I think, IT security 16 person reporting in to Ms Sewell. 17 SIR WYN WILLIAMS: Fine. Thank you very much. 18 Right, who wants to ask further questions? 19 MR HENRY: Mr Stein and I would like to ask further 20 questions. 21 SIR WYN WILLIAMS: Have you agreed which one of you is going 22 first? 23 MR HENRY: I think Mr Stein has agreed that I should go 24 first, sir. 25 SIR WYN WILLIAMS: Right. Carry on then, Mr Henry. 111 1 Questioned by MR HENRY 2 MR HENRY: Good afternoon Mr Day? 3 A. Good afternoon. 4 Q. Could I ask you, please, to be shown a document 5 POL00333330, and this is an Audit and Risk Committee 6 document, 20 January 2014. You were in attendance 7 together with Ms Vennells, Ms Lyons and also Mr Aujard 8 was in the chair. 9 Can we go to page 5 of 79, please. We can see that 10 there is, 4.1, "Allegations relating to the integrity of 11 the Horizon system", Chris Aujard is described as being 12 the owner of this matter on the Executive Committee, and 13 it reads: 14 "There is a risk that allegations relating to the 15 integrity of the Horizon system, if not contained, could 16 raise wider questions over the robustness of our core 17 systems and our ability to operate, damaging (amongst 18 other matters) current partnerships, new areas of 19 expansion and public and government confidence." 20 Then there is reference to: 21 "Sparrow has established governance in place 22 including proactive risk and issue management, with 23 blockers to issue resolution escalated through to the 24 programme board. Risks, Assumptions, Issues and 25 Dependencies [RAID analysis] workshops are held monthly 112 1 by the programme team and attended by the Risk Business 2 Partner." 3 Who was the Risk Business Partner? 4 A. I'm not completely sure but I think it may have been 5 David Mason. 6 Q. Who is he? 7 A. He worked in, I believe, the Internal Audit and Risk 8 Team. I think he's named on the first page of this 9 document. 10 Q. Thank you. So far as bow-tie status is concerned, 11 bow-tie was a sort of risk management tool, but it's 12 already determined to be an issue, so no bow-tie 13 document is being produced? 14 A. That's what it says here, yes. 15 Q. So that was January 2014. Now, the last annual reports 16 and financial statements that you signed, before you 17 resigned in January 2015, they were signed off by you 18 and Ms Vennells on 25 June 2014, and I want to take you 19 now to another document, which is POL00026716. You're 20 familiar with this because this is the annual report and 21 accounts, isn't it? 22 A. Yes. 23 Q. Yes. These are important documents, are they not? They 24 are required by statute? 25 A. Extremely important, yes. 113 1 Q. Extremely important and, obviously, you want to give 2 a true and fair view, an accurate view, of the business, 3 don't you? 4 A. Correct. 5 Q. Right. Well, we know from the document that I initially 6 took you to, the ARC document from January 2014, that 7 there was concern about risks which could -- relating to 8 the integrity of the Horizon system -- raise wider 9 questions over the robustness of core systems, 10 et cetera, et cetera? 11 A. Yes. 12 Q. Now, I just want to ask you to go to one extract of this 13 document. Could we go, please, to page 42 of 116. Can 14 you see there "Engagement risk", and beneath "Engagement 15 risk" -- and if we could just scroll up very, very 16 briefly -- we've got "Regulatory & compliance", but 17 I want to concentrate on "Engagement risk". The only 18 reference, I suggest, to the risk identified in the ARC 19 meeting six months before, the risk, in other words 20 quotation, that "allegations relating to the integrity 21 of Horizon, et cetera, et cetera" is this as follows, 22 and it reads: 23 "The support of our staff and subpostmasters and 24 engagement with them during this significant time of 25 change is key to the successful delivery of our 114 1 strategy. Withdrawal or lack of support from our staff 2 or subpostmasters, whether driven by concerns over 3 existing programmes and initiatives or historic cases, 4 could cause delays in the Post Office transformation 5 programmes and limit our ability to meet business 6 objectives." 7 If we then go into the next column, it talks about: 8 "Failure to comply with regulation could result in 9 fines, adverse outcomes for our customers and 10 significant damage to the Post Office brand." 11 That's under Regulatory & Compliance. Sorry, go up 12 to "Engagement risk": 13 "Lack of support from staff and subpostmasters would 14 jeopardise our ability to meet our strategic goals 15 [et cetera, et cetera] reduced reliance on government 16 subsidy." 17 Then the next column: 18 "We maintain a fluid and comprehensive engagement 19 programme with unions, staff and subpostmasters. These 20 include regular meetings with the National Federation of 21 SubPostmasters, the Communication Workers Union and 22 Unite senior management briefings to staff [et cetera, 23 et cetera]. We have a people plan aimed at addressing 24 staff motivation and skill needs. This includes 25 development of new leadership and reward frameworks and 115 1 increased focus of recruitment and training. We have 2 created a Branch Support Programme and planned further 3 initiatives." 4 If I were to suggest to you that engagement risk, 5 those three columns, reading from left to right, are 6 very carefully worded and delphic, what would you say? 7 A. Well, the first thing I would say, in terms of my duties 8 as a CFO and responsible for the annual report and 9 accounts, is that, at no stage, did we seek to diminish 10 or cover up the ongoing concerns that there were around 11 Horizon, if that's what you're alluding to. But this 12 would not be the point in the report and accounts to 13 make reference. The auditors would -- were kept abreast 14 at all times of the findings of the Second Sight review. 15 They reviewed the possibility at all times for 16 contingent liabilities and/or provisions that would need 17 to be made so -- 18 Q. Really? 19 A. Yeah. So my focus would very much on I need to disclose 20 as much as possible to the auditors so that they can 21 make a qualified judgement on whether they need to 22 recommend creating a contingent liability or 23 a provision. So that would be the hard technical answer 24 to the question, rather than, you know, I wouldn't seek 25 to bury it in this text here. 116 1 Q. Okay. I mean, before we move on, you say, you know, 2 that the auditors were kept fully informed about 3 provisions for liabilities; you recall that? 4 A. Absolutely. We had a conversation each year. I mean, 5 it's part of -- it's part of the sign-off process. 6 You're asked a very direct question about your knowledge 7 of fraud, your knowledge of anything anomalistic, any 8 ongoing potential legal issues across the business, and 9 I think you'll see from the report and accounts each 10 year a progression of statements from the audit partner 11 starting back in, I think, 2011/12 where mention is made 12 of allegations about the Horizon system, through to 13 20 -- my last year 2013/14, where there's a much longer 14 statement, which talks about discussions with 15 management, which talks about ongoing investigations. 16 At this point we do not recommend, or management, 17 rather, do not feel it's appropriate to put a contingent 18 reliable in place and we concur with this you, but we 19 will continue to monitor it. 20 So, from my perspective, my duty of care was to make 21 sure that the auditors had all the information such that 22 all of this could be divulged in the accounts at the 23 appropriate place. 24 Q. But you've just said, and you said that you distinctly 25 recall that, you know, the auditors were being made 117 1 aware of provisions for liabilities and, presumably, 2 that would also be, of course, the impact of any 3 integrity issues on Horizon? 4 A. Well, the two were interrelated, clearly. 5 Q. Of course. Could we go, please, to POL00099203. Yes, 6 thank you so much. So this from Ms Vennells to Sarah 7 Hall, and you know who Sarah Hall was, don't you? 8 A. Yes. 9 Q. Who was she? 10 A. Financial Controller, who reported to me. 11 Q. The Financial Controller. Goes to all of the big names: 12 Alwen Lyons, Mark Davies, you, of course, Ms Crichton. 13 Can we go to page 3, and page 3, there is a reference 14 to: 15 "... the Senior Manager confirmed that they agree 16 with our view that there should be no provision", about 17 the Horizon report. 18 I wonder if we can locate that on the page. Yes. 19 Do you see that? 20 "... the Senior Manager confirmed that they agree 21 with our view that there should be no provision." 22 That was in the context of the Horizon report. 23 A. Correct. 24 Q. Do you see that? Also, at page 4, if we could go to 25 page 4, that we have: 118 1 "As expected they asked about the impact on the 2 accounts and I have assured him that we believe there is 3 no impact." 4 That was the consistent message: no impact, no 5 provision needs to be made. 6 A. That was management's view but EY, of course, would 7 exercise complete independent thought and evaluate, and 8 that would have been referred from the senior 9 management -- the Senior Manager to the partner. They 10 would not simply accept our assertion that there's 11 nothing to put in the accounts. 12 Q. But the fact is, and I return -- we don't need to put it 13 back up on screen -- when I was asking about delphic, 14 there's no mention in the ARA that you signed off in 15 June 2014 of the risk of historic miscarriages of 16 justice, is there? 17 A. I didn't see any, no. 18 Q. No, there isn't. There's no mention of impending civil 19 litigation or the risk of impending civil litigation 20 either. The JFSA aren't even mentioned once. 21 Mr Day, this really was going into ultra defensive 22 mode, wasn't it? It was trying to contain, keep the lid 23 on the problems with Horizon integrity, wasn't it? 24 A. I don't believe it was. I mean, the 2013 accounts, bear 25 in mind, would have been signed almost exactly 119 1 simultaneous with the Second Sight Report and, bear in 2 mind, that was an Interim Report, there was still a lot 3 more work to be done, and the key finding was that there 4 were no systemic issues with the system found at that 5 point in time. 6 So I'm absolutely confident that what we said in the 7 2012/13 accounts was completely justifiable. I'm 8 slightly less clear on the '13/'14 points but I'm 9 recalling that the Mediation Scheme was still running, 10 albeit it was at a much higher level of claims and 11 compensation claims at that point. So I think you may 12 have a stronger point for the '13/'14 accounts, but 13 I can't remember the exact wording of what was said 14 about the contingent reliability there. 15 But the only other thing I would say is that the 16 experience of the organisation at that time, I accept we 17 know differently now, was that we'd been through this 18 relatively difficult period of not strong enough IT 19 controls, we'd come through that, we'd successfully 20 closed all the doors, admittedly, in retrospect, I wish 21 we'd looked back at what might have happened before we 22 closed those doors. But that was the context for 23 feeling that we were making progress forwards and that, 24 albeit the Mediation Scheme was much bigger and had 25 taken much longer to complete than we originally 120 1 envisaged, we were getting towards the end of the 2 process. That was the context of the feeling in the 3 middle of 2014. 4 Q. Forgive me but wasn't the mediation process a sham? 5 A. No, I don't think so at all. 6 Q. Anyway, let's go to POL00021525 and this, as we can see, 7 is minutes of a Board meeting held on 21 May 2014. So 8 just tying this in with the answer you gave to my last 9 question, the Board must be feeling more confident now, 10 they think they're making progress, et cetera, 11 et cetera; do you agree? 12 A. Yes, this will have been before the accounts were 13 finalised but, yes. 14 Q. So why is it, then, that the Board is allergic and 15 hypersensitive to the inclusion of Project Sparrow in 16 the report and the determination that it should be 17 excluded? 18 A. Sorry, from which report? From the report and accounts? 19 Q. Yes. I want to take you, please, now to page 6 of 14, 20 which will give you context for this. 6 of 14 at letter 21 (f). So "Annual Report and Accounts", letter (f): 22 "The Board discussed the inclusion of Sparrow in the 23 report and agreed that it should be excluded. However, 24 the business agreed that it would be appropriate to 25 include a paragraph in the CEO overview to explain the 121 1 size of the enterprise risk and the major transformation 2 programmes being undertaken, referring back to the risks 3 already highlighted in the CFO report. 4 "Action: Mark Davies." 5 Mr Davies, your comms man, why is he being given 6 this responsibility in connection with the annual report 7 and accounts, in relation to Project Sparrow, which is 8 dealing with the risks of Horizon litigation, both civil 9 and criminal? 10 A. Well, firstly, he would be responsible for drafting all 11 of the elements of the annual report and accounts that 12 weren't my direct responsibility. So the financial 13 statements would be my responsibility and the rest of it 14 would be, initially, Mark Davies' responsibility, 15 reporting in to the Chair and Chief Exec. I can't 16 answer why Sparrow at this point was seen to be more in 17 the, I guess, discursive part of the report and accounts 18 and, therefore, included within the CEO overview, but 19 the only thing I can think is that, as I mentioned 20 before, because we hadn't -- or the auditors had decided 21 not to put in a financial contingent liability or 22 provision, it was seen as more of a general risk, than 23 a specific financial risk. 24 Q. Can you help, but the paragraph in the CEO overview to 25 explain the size of the enterprise risk and the major 122 1 transformation, that all got lost in the wash, didn't 2 it? 3 A. I admit, it looks slightly unusual in that, by this 4 stage, it was a material financial risk, but there is 5 a context that the other major transformations that were 6 going on, the Network Transformation Programme, the IT 7 Transformation Programme, by this stage, there was even 8 a third one, which was called a Business Transformation 9 Programme which was about taking huge amounts of cost 10 out at the centre, I think this is an attempt to try to 11 put together all of these big ongoing financial costs 12 and risks, but I accept that, at face value, it looks 13 slightly odd to lump Sparrow in with those. 14 Q. It's all part of sleight of hand, "léger de main", isn't 15 it. It's to put the best possible gloss on the 16 situation without actually revealing the unvarnished 17 truth? 18 A. No, not my recollection at all. 19 Q. I'm going to have to deal with matters shortly now 20 because there's a technical problem with uploading 21 certain of the documents but I want to put to you the 22 straight contradiction. We've seen documents that 23 suggest that the Board were concerned about their 24 personal liability in relation to this, and you were of 25 course tasked with dealing with the insurance position 123 1 both in respect of professional indemnity and Directors' 2 and Officers' insurance? 3 A. Correct. 4 Q. Right. Disclosure to the insurer was made but there was 5 no reference to this in the annual reports and accounts. 6 Can you explain why that was? 7 A. I'm not sure why you would expect there to be. 8 Q. Well, if it was a matter of such importance -- and not 9 necessarily the act of reporting to the insurer but the 10 matter upon which your duty, as you saw it, arose that 11 you had a duty to inform your insurers -- why wasn't 12 that matter given greater prominence, which is, of 13 course, the potential existence of bugs, errors and 14 defects and also the conduct of Mr Gareth Jenkins? 15 SIR WYN WILLIAMS: Well, I don't think he can answer the 16 latter part of that question unless you are challenging 17 his evidence that he had no idea of the Clarke Advice. 18 MR HENRY: I do have a document that might be relevant to 19 that, sir. 20 SIR WYN WILLIAMS: Right. 21 MR HENRY: I am anxious, I don't want to be unfair to you, 22 Mr Day, but, I mean, do you see the -- we'll go to the 23 documents straightaway but do you see what I'm getting 24 at? If it's so important that you have to notify your 25 insurers, why isn't the risk that necessitated that 124 1 disclosure to your insurers properly reflected in the 2 ARA? 3 A. Yes, I understand the point. I don't know. I don't 4 equate the two. It was a -- it was good governance to 5 inform the broker, you've seen the list of emails 6 around -- I think it was unfortunate phrase "not scaring 7 the horses", there was a concern that if you didn't 8 inform the broker in -- as soon as you were aware of 9 a possible reliability: (a) you might not be covered; 10 (b) you might suffer much higher premia in the future. 11 Although it clearly was a material risk, I don't 12 think the fact of needing to report it to our broker had 13 a bearing on what I would show in the annual report and 14 accounts. 15 MR HENRY: Right. 16 Mr Day, thank you. May I just mention something to 17 you, sir? 18 SIR WYN WILLIAMS: Yes. 19 MR HENRY: I was hoping to take it without going to the 20 documents, which are yet to be uploaded but I think in 21 fairness, because I'm not going to be suggesting to this 22 witness that he is lying but that he may have forgotten 23 something, and -- 24 SIR WYN WILLIAMS: Just a second, Mr Henry. 25 Could the document on screen come down so I can see 125 1 Mr Henry clearly. Thank you. That's better. 2 Yes, sorry, Mr Henry. 3 MR HENRY: I'm so sorry to trouble you with this, sir, but 4 unfortunately there are three documents which can only 5 be uploaded if we have a short break and -- 6 SIR WYN WILLIAMS: Well, it is -- how long are you going to 7 be, Mr Stein? 8 MR STEIN: Sir, I think in the region of 12 to 15 minutes. 9 SIR WYN WILLIAMS: Let's have our 12 to 15 minutes of 10 Mr Stein, if you don't mind, Mr Henry, then the 11 documents can be uploaded in the short break, and then 12 you can conclude. How about that? 13 MR HENRY: I'm very grateful to you, sir. Thank you so 14 much. 15 SIR WYN WILLIAMS: Fine. Over to you, Mr Stein. 16 Questioned by MR STEIN 17 MR STEIN: Thank you, sir. 18 Mr Day, I've a series of questions which relate to 19 the way that financial matters were dealt with within 20 the Post Office, which hopefully you'll be able to help 21 with. You came to the Post Office from the BBC where 22 you worked as Group Financial Controller for what, six 23 years -- 24 A. Yes. 25 Q. -- BBC, yeah? Then, for the last period of time at the 126 1 BBC, you were then working as acting Chief Financial 2 Officer; is that right? 3 A. Not the last period of time but an interim period in 4 2008. 5 Q. Right. So you had some experience of that and then you 6 joined the Post Office and, essentially, your duties as 7 Chief Financial Officer remained the same for your 8 three-year period; is that right? 9 A. Correct. 10 Q. I think you described those duties within your 11 statement -- paragraph 16, sir, for your note -- 12 day-to-day, you say this: that you were responsible for 13 financial accounting, management and statutory 14 reporting, budgeting, financial planning -- forgive me 15 for shortening this, but you go on, essentially, to say 16 all aspects of financial matters within the Post Office; 17 do you agree? 18 A. Correct. 19 Q. Right, okay. 20 Now, a couple of weeks ago I asked a number of 21 questions of Mr Cameron that related to the way that 22 shortfalls were dealt with within branch accounts; okay? 23 A. Yeah. 24 Q. Now, those questions were about the issue which was 25 where the Horizon system would identify, correctly or 127 1 incorrectly, that there was a shortfall within a branch 2 account, how that was accounted for within the Post 3 Office systems, okay? All right. 4 So let's try and -- and stop me when I go wrong with 5 this, okay? So let's try and work out what actually 6 happened. Branches, as you are aware from the history 7 of this matter, would be told by the Horizon system that 8 there's a shortfall on occasions and the branch manager 9 and staff were then encouraged -- I use that as 10 a neutral expression -- to then pay to cover the 11 shortfall; you're aware of that? 12 A. Well, via a transaction correction. 13 Q. Right. Well, let's start right at the beginning. Do 14 you agree that, on occasions, the Horizon system would 15 suggest there's a shortfall, in other words that the 16 branch needed to pay a sum of money to correct, to 17 balance, the system? 18 A. If there was a discrepancy between the cash that had 19 been paid in, for example, and the amount that had been 20 put into the -- input into the system and that that 21 didn't correspond with the client's understanding of the 22 transaction, that could happen. 23 Q. Right. Well, Mr Day, you must have been following this 24 matter because it's been part of the Inquiry now and, 25 indeed, history of this for quite some time 128 1 subpostmasters; being confronted with a suggested 2 shortfall in their accounts; you must be aware of that? 3 A. That's a possibility. I understand that, yes. 4 Q. What do you mean a possibility? Many, many 5 subpostmasters say it actually happened. It's not just 6 a possibility, Mr Day. 7 A. Yes, but I -- yes, okay. 8 Q. Okay. 9 A. Yeah. 10 Q. So we've got that as our starting point. Now, the 11 technical bits that I need your help on our these: we 12 know from Mr Cameron's evidence that that situation, 13 that the debit amount, the shortfall amount, that debit 14 was held as an amount owed by the postmaster; do you 15 agree with his evidence on that? 16 A. Yes. 17 Q. Right. Now, next bit. Do you agree to hold a debit 18 against a subpostmaster would require a credit to be 19 posted to the POL Post Office financial accounts? 20 A. Not necessarily. 21 Q. Right. Why not? 22 A. Because, as I understood it, mismatches would be 23 investigated. They wouldn't automatically put through 24 as a debit to the postmaster and a credit to the Post 25 Office. It wouldn't work that way. The two sides of 129 1 the transaction would be -- attempt to be married up, 2 where they didn't marry up completely, they would be 3 investigated. That would either result in a transaction 4 correction, transaction adjustment, which the 5 subpostmaster would have full visibility of, or it -- in 6 far more cases, as I understand it and understood it, 7 far more cases, there would be a credit balance in the 8 suspense account, which would result from the client 9 company having demanded less of a -- having expected 10 less from a transaction than the subpostmaster had input 11 at their end, ie the vast majority of credit balances 12 would relate to discrepancies between Post Office at the 13 centre and clients, rather than subpostmasters. 14 But I don't discount the possibility, clearly, that 15 a balance could exist there from a subpostmaster. 16 Q. Right. You are aware of the evidence from 17 subpostmasters, Mrs O'Dell provided a good example. On 18 checking the records of the helpline, she was being told 19 that there's a shortfall. She said, "It's not my fault, 20 nothing to do with me, I don't know what's going wrong", 21 she said that repeatedly and she was told basically "Pay 22 up, it's your duty". Are you aware of such evidence as 23 that? 24 A. I'm aware of such evidence. I actually think it's 25 regrettable that the onus was on the subpostmaster to 130 1 prove that -- through evidence, that it was not their 2 fault. I think that's very unfortunate. 3 Q. Unfortunate may be a slight understatement; do you 4 agree? 5 A. I do. 6 Q. Right. Okay. So in the situation that we've just 7 described, I've used Mrs O'Dell as my example, she's 8 being told there's a shortfall for X sum of money, she's 9 got to pay up, okay? Now, in that crude situation, 10 which was real for her and existed for many 11 subpostmasters and mistresses, do you agree that that 12 would mean that there was a debit against the 13 subpostmaster/mistress's branch and that that would 14 require a credit to be posted within the Post Office 15 financial accounts, in other words to make the balance? 16 It's a double entry bookkeeping system -- 17 A. I get the -- double entry. I think the -- I don't think 18 it's as final as that. I think it would have been in 19 the suspense account for the Post Office pending 20 resolution, pending investigation. And, again, my view, 21 my direct experience of suspense accounts would have 22 been very much from the top down materiality. I accept 23 that I wouldn't have had visibility of sums which could 24 be material to individual subpostmasters. 25 Q. Right, okay. Well, let's just put aside suspense 131 1 accounts for a moment because we went through that with 2 Mr Cameron, who described them as a red herring, okay? 3 So let's just go with our crude example, all right? So 4 what I'm after is this: we know that on occasions 5 subpostmasters were confronted with shortfalls. Those 6 shortfalls weren't identified to any individual 7 transaction such as stamps. They were just told: 8 there's money owing to Horizon, okay? Just stay with 9 that for a moment. 10 Money was then paid in by a branch manager or 11 mistress or employee at the branch and that money went 12 into the accounts. You're with me so far? 13 A. Yes. 14 Q. Right. Now, the bank underwriting Post Office was the 15 Bank of Ireland, correct? 16 A. Yes. 17 Q. Right. So the actual money paid in through either 18 a cash injection into the system or digital transaction, 19 actually went to the Bank of Ireland; do you agree? 20 A. I'm not sure about that. 21 Q. Eventually, it would go to the Bank of Ireland. Surely? 22 They're the bank that underwrites it. I'd be surprised 23 if they went anywhere else. 24 A. Okay. 25 Q. Well, Mr -- 132 1 A. No, that wasn't my recollection but -- 2 Q. Where did it go? Did it go into bonuses? What happened 3 to it? 4 A. You may be right. 5 Q. Well, quite. 6 A. But I come back to the point, which is, it wouldn't 7 automatically -- I think I know where you're going with 8 this and it isn't as simple as debit the subpostmaster 9 for an account that they don't -- for an amount that 10 they don't actually owe, credit central Post Office. 11 There would have been a fundamental mismatch in the -- 12 in some part of the transaction that would need to have 13 been investigated. 14 Q. Right. Sorry, Mr Day -- 15 A. And that's why I come back to suspense accounts because 16 that's the only place it would go pending final 17 accounting determination of treatment. It doesn't 18 automatically go into either the Bank of Ireland or the 19 Post Office's back pocket. That's not the way it would 20 work. It would be an unreconciled item that would be 21 investigated. And what I've shared with you is 22 unfortunately, I was not close enough to seeing those 23 individual balances, which I absolutely now understand 24 were material for individual subpostmasters. 25 My view of suspense accounts was "Tell me, Financial 133 1 Controller, or Ernst & Young, if there's anything 2 material that I need to be aware of", and that's not 3 just size; that's anomalies, that's things which have 4 been there for too long and haven't been resolved. And 5 that would have been my check and balance that things 6 were working correctly. 7 Now on a smaller scale, the team in Chesterfield, 8 Rod Ismay's team, would have been routinely, every day, 9 every week, reconciling all of the individual 10 transactions which would throw up exceptions that they 11 would investigate and, in the vast majority of cases, 12 would either write off the balance or process 13 a transaction correction which a subpostmaster would 14 then have the ability to accept or reject. And, just to 15 repeat myself, my regret is that it's clear -- and 16 I think it came up in somebody else's evidence -- that 17 the onus unfortunately was it was asymmetric, it was 18 very much on the subpostmaster to prove that they had 19 not made a mistake and I think that's regrettable. 20 Q. Or another way of looking at that, Mr Day, is that the 21 only choice they really had was to accept, in other 22 words, accept that they owed the money, when they may 23 well not have done, if it's a Horizon error/defect? 24 A. Well, I would hope that wasn't the case. 25 Q. Mr Day, you seem to be referring to this as though these 134 1 things didn't happen, and you're aware of the High Court 2 judgment, you're aware that this went to the Criminal 3 Court of Appeal, where there have been findings 4 consistently that what I've described actually happened 5 to a lot of subpostmasters. Do you reject all of that? 6 A. No. 7 Q. Right, okay. Now, what we're tying to find out is what 8 happened to subpostmasters' money. Where did it go 9 through the accounting systems? Do I get, from your 10 evidence, that you don't really know? You cannot tell 11 me that it went into a specific account or part of the 12 accounts with a specific name to it; is that what you're 13 trying to tell me? 14 A. I'm not saying I don't know, I'm saying it would have 15 gone into a suspense account. It wouldn't have 16 automatically gone into the consolidated Post Office 17 Accounts. So it would have required reconciliation, 18 investigation. 19 Q. You're saying lots of "would have", you don't understand 20 though the detail of what actually happened or not. 21 That's down to Mr Ismay's team -- 22 A. Well, I -- 23 Q. Okay -- 24 A. I'm piecing together what I now understand from other 25 people's evidence and from documentation that, at the 135 1 time, because I had no reason to be that close to it, 2 I would not have known. 3 Q. Right. Let's try it really crudely. There's a debit on 4 the system for a branch, through an alleged shortfall. 5 Yes? You're saying there's some sort of system Mr Ismay 6 is operating it with his team at a micro level that 7 should be looking into this. Lots of questions about 8 that, that's not your part of the system, okay? Right. 9 Now where within the accounts, you saying, are you, the 10 suspense accounts again? Are you saying there's 11 a suspense accounts with debit, the alleged shortfall, 12 somewhere being referenced within it? Are you saying 13 that? 14 A. That's the only conclusion I can reach. 15 Q. So you don't know the answer to the question? You're 16 saying this is your best guess; is that right? 17 A. Yes. 18 Q. All right, well, I think I've taken that about as far as 19 I can. 20 Can I then deal with one other matter. Mr Cameron 21 referred to the fact that if a postmaster had not paid 22 up within about 60 days what the Post Office considered 23 a debt, then it was written off to the profit and loss 24 account; is that right or is that wrong? 25 A. I don't recollect. I don't recollect the time period. 136 1 Q. Right. Well, that's what he said. If such time period 2 had existed, would you have expected there to be 3 a policy, a rule or procedure, which set out the 60-day 4 write-off policy? 5 A. Yes, I expect there would have been a policy. I don't 6 know who in the organisation would have been responsible 7 for making those decisions. It may have been Rod 8 Ismay's team in Chesterfield. Had it been a larger 9 amount, it might have been escalated to the Financial 10 Controller in London, possibly even to myself. 11 Q. Right, bringing all these things together, so you're 12 suggesting Chesterfield, Mr Ismay's team dealing with 13 these matters, looking at corrections, looking at 14 investigating matters, all of these things you supposed 15 happened, all of that to transactional system going on 16 within the Post Office Accounts, was that the subject of 17 reporting back up to you as the Chief Financial Officer? 18 In other words, were you cited on the comings and goings 19 of these transactions, what's happening, or not: 20 a report an update, something? 21 A. Only by exception. 22 Q. Only by exception: just briefly explain that? 23 A. Only by exception in terms of something which could not 24 be resolved between my Financial Accounting Team in 25 London and Rod Ismay's Finance Service Centre, and 137 1 I don't recall -- that may have happened a very small 2 number of times. 3 Q. So what you mean by exception is something they regarded 4 as exceptional might then be kicked upstairs for you 5 to -- 6 A. Yeah, and that could either be by size but it would be 7 very unusual for something very material, sizewise, to 8 not be -- to not have a clear genesis and resolution. 9 Perhaps more likely would be I might be asked to write 10 off things which had been hanging around for too long. 11 Q. At the time when you were in your three years as the 12 Chief Financial Officer at Post Office, were you aware 13 that, as you and I have discussed, the onus was being 14 put on subpostmasters to pay up in the way that you and 15 I have discussed? 16 A. No, I regret I wasn't aware of that. 17 Q. When did you become aware? 18 A. Through this Inquiry. 19 MR STEIN: Thank you, Mr Day. 20 SIR WYN WILLIAMS: Right. We'll now have a short break 21 of -- well, let's say 3.00 so that, if there are any 22 difficulties with uploading the documents, we have a bit 23 of time to do it, and then Mr Henry can ask his 24 questions on the newly uploaded documents. All right? 25 MS HODGE: Thank you, sir. 138 1 (2.45 pm) 2 (A short break) 3 (3.00 pm) 4 MS HODGE: Welcome back, sir, can you see and hear me? 5 SIR WYN WILLIAMS: Yes, thank you, yes. 6 MS HODGE: Sir, we have some further questions from Mr Henry 7 who will be followed by Mr Moloney -- 8 SIR WYN WILLIAMS: Yes. 9 MS HODGE: -- just to alert you to the fact that Mr Moloney 10 will also be asking some questions. I think we have 11 resolved the issues in relation to documents, so I'll 12 hand you over to Mr Henry. 13 SIR WYN WILLIAMS: Right, Mr Henry. 14 Further questioned by MR HENRY 15 MR HENRY: Thank you, sir, and thank you to my learned 16 friend, Ms Hodge, I'm very grateful. 17 Mr Day, you remember the July 2013 Board, don't you? 18 A. 16 July, yes. 19 Q. You have a recollection of that. The Board were 20 concerned about claims for wrongful prosecution, weren't 21 they? 22 A. It appears so from the minutes, yes. 23 Q. Do you have an independent recollection of that or are 24 you just now going on the papers? 25 A. I don't have an independent recollection. I'm going on 139 1 the papers and I've pieced together other papers that 2 I've seen more recently. 3 Q. I see. Can I ask for this to be put on the screen very 4 briefly -- you're not copied in to it but you're 5 referred to in it -- it's POL00164253. Thank you so 6 much. If we could just blow it up a little bit. Yes. 7 This is from Belinda Crowe/Cortes-Martin to Rodric 8 Williams, Mr Singh, Charles Colquhoun and Chris Aujard: 9 "I now have the actual action from the Board. 10 Copying Charles as he will need to assist with this, and 11 also get signed off through Chris Day." 12 That's to do with insurance, isn't it? 13 A. I believe it is, yes. 14 Q. Yes. The subject is, however, "Enquiry re: Current 15 Prosecutions", and then the following, in bold: 16 "The Board asked for a note from the General Counsel 17 explaining who was named in past prosecutions and the 18 liability for the Business and individual Board members. 19 The note should also include information on both 20 [professional indemnity] and D&O insurance cover." 21 Can you just help us, please: "who was named in past 22 prosecutions"; was that, as it were, the Board saying 23 that they wanted to have a list of everybody who'd been 24 prosecuted? 25 A. Well, I note, first of all, this is five months later. 140 1 This is December 2013. 2 Q. Yes. 3 A. So I don't understand the direct link from the -- that 4 you made to the 16 July 2013 Board. A lot of things 5 will have happened between those two dates. 6 Q. So -- 7 A. Sorry, and I don't understand, at first glance, why 8 they're asking about specifically named people in 9 prosecutions but I have to believe that things had moved 10 on a long way since that 16 July Board meeting. 11 Q. I see. I mean, who was named, I mean, that could be, 12 for example, a list of who had been prosecuted, could it 13 not? 14 A. Possibly. 15 Q. It could be, of course, who was on the hook for 16 liability although that is dealt with separately, and 17 the liability for the business and individual board 18 members. 19 A. Could it not also refer to Post Office versus Royal Mail 20 Group? 21 Q. Exactly. Could be that as well. But I want to just ask 22 you please to consider this: if you were going to advise 23 the Board and take ownership of notification and 24 reporting on this very, very important issue, you ought 25 to have been apprised of all of the relevant facts, 141 1 ought you not? 2 A. As it relates to potential insurance claims, absolutely. 3 Q. That, of course, would include the issue raised by the 4 Clarke Advice, if not the Clarke Advice itself, but 5 certainly the issue raised within it, namely the fatally 6 undermined credibility of a witness who had acted as 7 an expert for the Post Office in prosecutions and had 8 brought the Post Office's duties into disrepute. 9 I'm very grateful for some clarification. It should 10 be "in whose name was past prosecutions brought". So 11 I think, therefore, it is a toss-up between RMG and POL. 12 So ignore what I was exploring with you about a list of 13 potential defendants; it looks as if the email -- and 14 I'm very grateful for this to be drawn to our attention 15 on behalf of Ms Vennells -- but it looks to be the 16 question in whose name the prosecution was brought. 17 But leaving that aside, do you accept that you ought 18 to have been properly advised about Mr Gareth Jenkins' 19 position, in order to properly advise the Board as to 20 risk and also to give proper and full notification to 21 the insurers? 22 A. I haven't considered that. To the best of my knowledge, 23 the only time I or my team were involved in liaising 24 with the insurers was directly after the receipt of the 25 Second Sight Report, in July 2013. I don't -- I'm not 142 1 saying it didn't happen but I don't recall any 2 subsequent updates to our brokers or insurers. 3 Q. But I'm asking you as to whether you ought to have been, 4 not whether you were or not, but whether you accept 5 that, in order to advise the Board properly as to risk 6 and also to fulfil your obligations because they had 7 been delegated and deputed to you, so far as 8 notification to your insurers, you ought to have been 9 apprised of all material risks? 10 A. Possibly, but I, on reading this, I see that it splits 11 between a legal view and an insurance view. I accept 12 that the two are interrelated. 13 Q. Did you notify RMG's insurers? 14 A. I believe so, yes. 15 Q. You did. Okay. Let's move on, then, please, to 16 POL00021991. This is an email from a Mr Andrew Parsons. 17 Did you ever come across Mr Parsons? 18 A. I've only known the name through the Inquiry. 19 Q. Only through the Inquiry. So POL00021991, and David 20 Oliver to a number of people, including Belinda 21 Cortes-Martin and could we scroll up, please. It's 22 12 March 2014 and, if we concentrate on number 3, 23 "Insurances risks note": 24 "This note had the dual purpose of advising the 25 board (its contents were later reflected in a board 143 1 paper) and acting as notification to [the Post Office's] 2 insurers -- hence why this doesn't look like 3 a traditional piece of legal advice." 4 Now, I want to show you that document now, the one 5 that is referred to as an "insurances risk note" because 6 of the dual purpose and the fact that it states that its 7 contents were later reflected in a board paper so could 8 we go, please, to POL00021996, please. 9 What I'm going to suggest to you is that, on the 10 presumption that this did go before the Board in one 11 form or other, as indicated by Mr Parsons, then you 12 would have been apprised of the problem with Mr Jenkins. 13 Could we go, please, to -- you can see it's called 14 Horizon Risks. Could we go to page 2, please, and there 15 we see, "Risks to Post Office: Prosecutions & 16 Convictions", and this, of course, would be materially 17 important and of interest to the Board, would it not? 18 A. Yes, if it went to the Board, yes. 19 Q. Yes. I omit the first paragraph but I concentrate on 20 the second: 21 "In particular, the expert evidence of one Post 22 Office witness, Dr Gareth Jenkins of Fujitsu, may have 23 failed to disclose certain historic problems in the 24 Horizon system. Under the criminal prosecution 25 guidelines, Post Office has an obligation to disclose 144 1 (even retrospectively) this previously undisclosed 2 information to subpostmasters' defence counsel. Post 3 Office is required to make these retrospective 4 disclosures where the additional information 5 (ie Dr Jenkins' knowledge of historic, but now resolved, 6 problems with Horizon) may have undermined a prosecution 7 case or assisted with an accused's defence." 8 "Civil Risks" is then mentioned: 9 "Although the law firm Shoosmiths threatened to 10 bring a group action against the Post Office for 11 problems in the Horizon system, this did not 12 materialise." 13 I omit words: 14 "Nothing has been heard from Shoosmiths in the last 15 12 months. However, it is understood that Shoosmiths 16 has around 120 subpostmasters on a register of possible 17 claimants, though as yet no further attempts at 18 litigation have be threatened." 19 "Criminal/Civil crossover claims", can we go up, 20 please. You agree that all of this is highly relevant 21 for the Board's consideration, isn't it? 22 A. Absolutely. 23 Q. Yes. Could we just scroll up, please, further, "D&O 24 Risks", "At a meeting with senior representatives of 25 [Justice for Subpostmasters Alliance]", again, reference 145 1 to a potential claim against directors of the Post 2 Office; do you see that? 3 A. Yeah. 4 Q. Then scrolling up, please, "Summary": 5 "Post Office is in a highly contentious situation 6 and therefore finds itself open to litigation from 7 a number of different sources. It is also quite 8 possible that Post Office's directors and officers may 9 find themselves caught up in this litigation, even 10 though at present a claim against an officer or director 11 would not appear to have any merit." 12 It is dated 15 August 2013. 13 I mean, isn't that clear now, sir, that you must 14 have been apprised of the Gareth Jenkins issue? 15 A. I have no recollection of that. I've no recollection of 16 this document, and I'd like to see where it was 17 discussed in the Board minutes. 18 Q. Certainly, it has been referred to by Mr Parsons as 19 having been submitted to the Board or for the Board's 20 purpose, the dual purpose, and then formed the basis of 21 a paper to the Board but this doesn't jog your memory at 22 all? 23 A. Absolutely not. I would be as sure as I can be that 24 I've not seen this document before. I did not 25 commission it. I would go further and say until this 146 1 Inquiry, I didn't even know the name of the expert 2 witness. 3 Q. So can I just help you, who else was dealing with 4 insurance, apart from you, where -- was Alasdair 5 Marnoch, one of the Non-Executive Directors, also 6 dealing with it? 7 A. I think I may be able to help there. I think there is 8 a reference in the document, just going back in time, 9 you'll recall my somewhat unimpressive attempts to 10 address the various NEDs' questions about insurance. 11 I think when you get to about March 2014 -- I think I've 12 got the date right -- there's a request -- it clearly 13 goes to the legal -- the Legal Team to look at it and 14 I think, at that point -- I'm not saying it was taken 15 out of my hands but I think it took on a completely 16 different dimension. 17 Now, I'm just speculating now but that's the last 18 document which I saw relating to insurance. 19 Q. Now, you mention there that it appeared to have been 20 taken out of your hands. You mentioned earlier in your 21 evidence when you were being asked questions by Counsel 22 to the Inquiry, Ms Hodge, that, in respect of the 23 Deloitte matter, you felt that the audit trail, so far 24 as things that you had wanted instigated, had gone cold. 25 Do you feel a concern now that there may have been, as 147 1 it were, an inner or an outer circle and that certain 2 members of the Board would not have been apprised of 3 this risk? 4 A. No, I'm not saying that. 5 Q. You're not saying that? So you're not saying that this 6 was being kept from you? 7 A. Well, there's a separate point around legal advice, 8 generally, which is I think we're all -- you've seen 9 other people's evidence to the effect we don't 10 understand why we weren't given the advice, sometimes 11 didn't know it existed. I didn't approve budgets to 12 sign off what looks to have been quite expensive pieces 13 of legal advice. That's a general point. 14 On this specific, I would be very surprised if this 15 had come to the Board in this form, because I -- it 16 would certainly have been familiar to me if it had. 17 Q. Well, if not you, then who is responsible for managing 18 this issue? 19 A. Well, it can only be a small group of people who were 20 clearly taking this forward, which was Mr Aujard and 21 Ms Crowe. I don't know who else they were working in 22 concert with but I'm as sure as I can be that this 23 advice did not come in this form to the Board. I stand 24 to be corrected if you can find a minute. 25 Q. This is before Mr Aujard arrives because it's dated 148 1 15 August? 2 A. I beg your pardon, Ms Crichton. 3 Q. But, I mean, Ms Crowe wouldn't act of her own volition 4 on something of this importance. I mean, who at a Board 5 level is going to be accountable and take ownership for 6 this? Because, obviously, if the board was apprised of 7 Mr Jenkins' alleged misfeasance or wrongdoing, then 8 a number of things flow but I'm only going to 9 concentrate, for this purpose, on the ARA, that ought to 10 have gone into the annual report and accounts, a matter 11 of that gravity. 12 SIR WYN WILLIAMS: Well, I think, Mr Henry -- I don't want 13 to stop you, because this is quite an important 14 document, but we have had evidence from Ms Crowe, as she 15 was, and I don't believe this document was put to her. 16 I'm not criticising anybody because I'm rather assuming 17 it's a document that has surfaced comparatively 18 recently, although I may be wrong about that. 19 We've also got Ms Perkins coming tomorrow and we 20 have Mr Parsons coming next week or the week after. 21 Now, on the basis that we accept, for these purposes, 22 that what Mr Day is saying is accurate, that he 23 personally had not seen this document at all, so far as 24 he can remember, I think this line of questioning should 25 be put much more pertinently to Ms Perkins and/or 149 1 Mr Parsons and, for that matter, even though she's 2 already given evidence, Ms Crowe. 3 MR HENRY: Well, thank you, sir. I'm sorry for the 4 oversight, so far as Ms Crowe. 5 SIR WYN WILLIAMS: No, no, I'm not blaming anybody. I'm 6 just saying these things happen in an inquiry and 7 I think -- I may be wrong -- but it's the first time 8 I've seen this document in public in this Inquiry for 9 certain. 10 MR HENRY: Well, I will take your steer, sir, and I will ask 11 Mr Day no further questions. 12 SIR WYN WILLIAMS: Fine. Just before we -- in case I am 13 wrong about that, I won't ask Ms Hodge because she's 14 only recently returned but I think Mr Blake is still 15 there. 16 Is my understanding about this correct, Mr Blake? 17 MR BLAKE: Yes, sir, although in terms of how long we've had 18 this document for, I can't assist with that. 19 SIR WYN WILLIAMS: No, but am I right in thinking that it 20 hasn't surfaced, so far as you can recall, in any 21 questioning of witnesses to date? 22 MR BLAKE: I think that's correct. 23 SIR WYN WILLIAMS: Does anybody in the room -- I'm now 24 inviting anybody to contradict me, if they think that 25 I've got that wrong and we have seen it before. 150 1 MR BLAKE: No, we think this is the first time. I can say 2 for certain that I know that it is in Rule 10 requests 3 for witnesses in the coming weeks. 4 SIR WYN WILLIAMS: Right. Fine. Then I think I will allow 5 you to accept my steer, Mr Henry. 6 MR HENRY: Thank you, sir. 7 SIR WYN WILLIAMS: Mr Moloney. 8 Questioned by MR MOLONEY 9 MR MOLONEY: Thank you, sir. 10 Mr Day, I just want to ask you about the 2014 11 Deloitte report, if I may. 12 With the Deloitte report, Post Office wanted to get 13 to the bottom of any questions around the integrity of 14 the Horizon system; is that right? 15 A. Correct. 16 Q. Yeah, and I think you said that the Board was 17 disappointed with the Deloitte report because it didn't 18 seem to take things much further forward than things 19 that had been before it? 20 A. Correct. 21 Q. We now know that the Deloitte report showed that audit 22 data could be deleted and replaced in an undetectable 23 manner. Inevitably, Post Office had to deal internally 24 with the implications of the Deloitte report. 25 A. Yes. 151 1 Q. You've mentioned to the Chair, I think it was just 2 before the break, about the name of Julie George has 3 come to your attention recently and you think that she 4 might have been in charge of security around IT? 5 A. Yes, that's a document I've seen only very recently and 6 also in others' evidence. 7 Q. Might I take you to that document -- 8 A. Yes. 9 Q. -- which is reviewed and signed off by Julie George and 10 it's POL00031409. That's POL00031409 and, as you say, 11 it's been brought up before, which is the Zebra Action 12 Summary. We can see that this is dated 12 June 2014, 13 and the Deloitte report was, I think, either 23 or 14 24 May, it was late May, in any event, wasn't it. We 15 see that the authors here are James Rees and Emma McGinn 16 and this is signed off by Julie George. If we go to 17 page 2 of this report please under "Introduction", we 18 can see that: 19 "This document is in response to the Zebra review 20 and highlights specific areas regarding the Horizon 21 solution, outlined in Deloitte's report, which suggested 22 controls Post Office could implement to mitigate the 23 areas the project highlighted." 24 So it is, it's about essentially internally 25 actioning what Deloittes identified in the report. 152 1 If we go to page 6, please, we see 4.2.2, under 2 remediation items, which start at paragraph 4, 4.2.2, 3 which is "Data Logging", and reads that: 4 "One point raised in the report was that it was 5 possible for someone with privileged access to delete 6 data from specific areas-off Horizon. This is always 7 a risk with individuals using admin or power user 8 accounts and is a persistent risk, one that needs to be 9 catered for in almost any organisation. 10 "Due to the sensitive nature of the information 11 contained in the databases, monitoring of those 12 databases should be put in place using technology to 13 detect and record deletions and administrative changes 14 to the databases. If possible, alerts should also be 15 generated for mass deletions and high level risk changes 16 to database [schemes]." 17 The "Recommended remediation" was: 18 "The solution currently in place may be able to 19 undertake the level of logging required within the 20 Horizon solution. It is recommended that the current 21 logging and logs are reviewed on a daily basis. 22 "This needs to be investigated further and the 23 options on how to handle this defined through the risk 24 management process and based on the solutions already in 25 place or ones that could be procured to handle this." 153 1 So this section of the report explains that there 2 are no controls over this, absolute controls over this, 3 and Post Office will need to do daily checks in order to 4 make sure there had been no, as it were, phantom 5 transactions or deletions, and so on. This is about 6 deletion of data by people with sufficiently privileged 7 access, here. 8 Did you see the report at or about the time of its 9 creation, Mr Day; can you remember? 10 A. I saw this document for the first time last week. 11 Q. I see. May I take you, please, to an email that Julie 12 George sent, and I think you saw this email -- 13 A. Yes. 14 Q. -- and if I could ask you about this, which is 15 POL00346958. That's POL00346958. 16 This is from Julie George on 17 June 2014, it's to 17 Rod Ismay, David Mason, Malcolm Zack and Gina Gould and 18 it attaches the Zebra Action Summary Version 3, which we 19 looked at just now, and it reads: 20 "Hello all, 21 "I have tried to call you Rod [Rod Ismay, obviously, 22 in this context] -- attached a Draft Summary of actions 23 arising from Deloittes recent piece of work on the 24 Horizon systems [confirming that it's a Zebra Action 25 Summary, to all intents and purposes]. 154 1 "Clearly there is no blame attached anywhere [it 2 continues] and this morning's meeting with Chris Day, 3 Chris Aujard, Lesley and Malcolm -- focused on what we 4 would need to put in place as an organisation to address 5 overall assurance on all critical systems, starting with 6 Horizon from 1 April." 7 So it is plain that at that morning there'd been 8 a meeting between you, Julie George, Chris Aujard, 9 Lesley Sewell and Malcolm; in that context, would that 10 be Malcolm Zack? 11 A. Head of Internal Audit. 12 Q. Head of? 13 A. Internal audit. 14 Q. Thank you. So there's been that meeting that morning, 15 but are you saying that you didn't see the Zebra Action 16 Summary at that meeting? 17 A. I am as sure as I can be that I hadn't seen the Zebra 18 Action Summary but what I do think I was familiar with 19 was a different paper which was authored by Chris 20 Aujard, which was actions -- Zebra actions arising from 21 Deloitte's findings would -- I spoke about it this 22 morning and, having read the documentation recently, the 23 key points on that related to testing whether balancing 24 transactions had, in fact, ever taken place beyond the 25 one that was specified in 2010 and, secondly, something 155 1 around the audit store integrity of testing around the 2 audit store. 3 Those were the two things which sprang to mind. 4 This email I saw recently, and it did jog a memory 5 because I think I probably only met Julie George once, 6 and so when I saw this, yeah, I had a vague recollection 7 of a meeting, so that suggested that we did 8 congregate -- the key people who were capable of taking 9 forward the management actions coming from Deloitte, did 10 meet and do something -- initiate a series of actions. 11 What's missing is what on earth happened afterwards 12 with any of those actions. 13 Q. Quite, and can I come back to what on earth happened in 14 a moment and just perhaps test your memory slightly, if 15 I may, as to whether or not you might have seen this 16 report but also ask you, first of all, about the 17 additional document drafted by Mr Aujard. Do you have 18 a clear recollection of this document, that, as it were 19 distilled aspects of the Deloitte report? 20 A. I don't have a recollection at the time. I -- that's 21 a document which I think I received in my Rule 9 bundle. 22 Q. Okay. 23 A. So I have become familiar with it. 24 Q. Yeah. 25 A. But, as I say, it's conspicuous along with this email as 156 1 being the only documents that we have to substantiate 2 what happened post-Deloitte. I don't know where the 3 Deloitte review itself went, I don't know where the 4 instruction with Deloitte went. It's -- unfortunately 5 I don't recall anything and I have no documentation. 6 Q. Just to test your memory, if I may, to see how sure you 7 are about not seeing this document, obviously this email 8 from Julie George circulates the Zebra Action Summary 9 and speaks of how she has tried that day to call Rod, 10 Rod Ismay, and then, in the following paragraph, says 11 that: 12 "Clearly there is no blame attached anywhere, and 13 this morning's meeting with Chris Day, Chris Aujard, 14 Lesley and Malcolm -- focused on what we would need to 15 put in place as an organisation to address overall 16 assurance on all critical systems, starting with Horizon 17 from 1 April." 18 Would you not think that, if you were having that 19 meeting and you were Chief Financial Officer, Mr Day, 20 Chris Aujard, General Counsel, Lesley Sewell, CIO -- 21 Chief Information Officer -- and Malcolm Zack, Head of 22 Internal Audit, with Julie George, who was the Head of 23 IT Security, so far as you can recollect, that if this 24 document was available and been circulated just later 25 that day, to these people who appeared to be members of 157 1 ExCo, would it not surprise you if that document had not 2 been dealt with in your meeting that morning? 3 A. Not necessarily, no. 4 Q. Right. 5 A. I mean, I have only the vaguest memory of the meeting. 6 I imagine it was quite a difficult meeting. I can see 7 from the people who were there, that it would have been 8 a serious meeting, which is what are we going to do 9 about this but I do not recall us going through that 10 document. And just the style and the font and the 11 addressees of that document, I'm sure I'd recognise it 12 if I'd seen it before. 13 Q. Right. So can I take this from it: that you had 14 a meeting that morning which focused on what you would 15 need to put in place as an organisation to address 16 overall assurance on all the critical systems, starting 17 from 1 April, but you think that this document was 18 not -- you're sure that this document was not, as it 19 were, produced to you in that meeting? 20 A. Yes, because the -- as sure as I can be. The other 21 document that I've referred to, the Chris Aujard paper, 22 when I read it, felt much more familiar. So it's 23 possible that that was a document we reviewed or that we 24 didn't review any document. 25 Q. Then just, finally -- 158 1 A. Sorry, just to say it would be rather strange for all 2 these people to meet and just pore over a document. 3 I think it would be much more likely to be a discursive 4 meeting around the broad findings of Deloitte at that 5 point and the actions that are going to be taken, and 6 I think I've seen elsewhere, possibly Ms Sewell's 7 evidence, that a series of actions were undertaken for 8 which she took functional responsibility but with the 9 aim of delivering them by the end of the financial year, 10 31 March 2015. That's -- when I saw her evidence, that 11 felt familiar but that's all, really. 12 Q. Yeah. Just to round it off, then, essentially, so far 13 as you're concerned, from hereon in, then, as you told 14 the Chair, responsibility for actioning what was 15 necessary passed to Lesley Sewell, Chris Aujard and 16 Julie George, so far as you were concerned? 17 A. Yes, to be precise, it would be functionally Lesley 18 Sewell but Chris Aujard was taking responsibility, as 19 you saw, throughout the whole Project Zebra, of pulling 20 the whole thing together. So it would be principally 21 those two, and I'm less clear on exactly what Julie 22 George's role was. I think she'd only just joined the 23 organisation. As I say, I think this was almost 24 certainly the one and only time I met her, so I'm not 25 sure how involved she was in taking the actions forward 159 1 but, primarily, it would be Lesley and the IT Team and 2 Chris Aujard and the Legal Team. 3 MR MOLONEY: Thank you very much, Mr Day. That's all I ask. 4 SIR WYN WILLIAMS: Thank you very much. 5 Is that it, Ms Hodge? No. 6 MS HODGE: Two matters, please. Firstly, I believe that 7 Mr Day may wish to say something. Is there anything you 8 wish to say, Mr Day, which hasn't already been covered 9 in -- 10 A. Well, it seems rather late now but I would like to say 11 that I am extremely sorry for the devastating impact the 12 Horizon scandal has had on so many subpostmasters and 13 their families and it's extremely regrettable. 14 MS HODGE: Thank you, Mr Day. 15 Sir, there's one final matter I think Mr Blake would 16 like to raise. 17 SIR WYN WILLIAMS: Yes. 18 MR BLAKE: Thank you, sir. I can assist a little further on 19 the Bond Dickinson document. It exists on our systems 20 with a different URN as well, that's POL00193585 and it 21 was a document, in fact, that I took Alwen Lyons to -- 22 SIR WYN WILLIAMS: Right. 23 MR BLAKE: -- and the question was whether she recalled the 24 document and she didn't recall that particular document. 25 SIR WYN WILLIAMS: So it has surfaced but only to be the 160 1 subject of non-evidence, if I can put it in that way? 2 MR BLAKE: Exactly, 21 May 2024. 3 SIR WYN WILLIAMS: Thank you very much, Mr Blake. Thank 4 you. 5 Right. Well, Mr Day, thank you very much for making 6 a witness statement and for appearing today. I'm 7 grateful to you for your participation in the Inquiry. 8 So we will adjourn now and resume at 9.45 tomorrow 9 when I believe Ms Perkins is due to give evidence. 10 MS HODGE: Yes, sir. Thank you. 11 SIR WYN WILLIAMS: Thank you very much, everybody. 12 (3.36 pm) 13 (The hearing adjourned until 9.45 am the following day) 14 15 16 17 18 19 20 21 22 23 24 25 161 I N D E X CHRISTOPHER MARK DAY (sworn) ..................1 Questioned by MS HODGE ........................1 Questioned by SIR WYN WILLIAMS ..............107 Questioned by MR HENRY ......................112 Questioned by MR STEIN ......................126 Further questioned by MR HENRY ..............139 Questioned by MR MOLONEY ....................151 162