Hello and welcome to part 2 (week 8) of Phase 5&6 of the Post Office Horizon IT Inquiry at Aldwych House in London.
Today we're going to be hearing from Chris Day (CD), former Chief Financial Officer (CFO) of the Post Office (PO).... 🧵
I'll be live-tweeting CD's evidence. I'll be honest with you I'm hardly expecting much in terms of crowd-pleasing fireworks, but you never know what documents might come up.
Tim McCormack, whose prescient emails featured so prominently in part 1 of Phase 5&6 thinks he's already spotted something about Mr Day...
Whilst we're waiting to start, here's a blog post I wrote this morning about Alan Bates alerting the Justice for Subpostmasters Alliance about possible legal action against the government.
#PostOfficeScandalpostofficescandal.uk/post/alan-bate…
Day is being sworn in and taken to his witness statement. Catriona Hodge (CH) is asking the questions.
Please note nothing I tweet is a direct quote unless it is in "direct quotes". It is a summary and/or characterisation of proceedings.
I'll try to screenshot documents as I go...
Sorry some tech difficulties at my end - this is CD
And this is Catriona Hodge
The Chair, Sir Wyn Williams (SWW) is remote today
You can watch it all here live
CD says Paula Vennells was keen to make the PO wash its face and put financial primacy first. CD also deputised for PV when she was on leave.
CD was Rod Ismay's boss. Rod Ismay was the Head of Product and Branch accounting. More on Ismay here:
postofficescandal.uk/post/ismay-the…
CD is taken to his Witness Statement (WS)
Shortly after CD took up his CFO post in Aug 2011, Rod Ismay sent him the Ismay Report.
CD agrees RI wanted him to read and discuss this report. And also notes he's discussed it with Kevin, Paula, Susan or Mike (ie the company's top brass).
CH wonders if he was worried that there were challenges to the system on which the business's accounting integrity was based
CD says he had none
CH takes CD to the Ismay report
CD agrees he was aware the PO prosecuted its staff by the time he received this report.
CH would you be concerned about the financial integrity of your system knowing you prosecuted staff
CD would not make connection
CH points out that the Ismay report states that SPMs are being supported by MPs and C4 News was planning a piece on the Horizon (H) system - would that worry him
CD I would be aware of the concerns
CH highlights this section of the Ismay report and suggests this is about the PO's processes - not Fujitsu's
CD agrees
CH wonders if CD knew about the process of investigating SPM accounts
CD wasn't really aware of the detail.
C
CH asks him if the assumptions in this exec summary, that H is robust, but dependent on the quality of its users makes sense, given his experience of working on large-scale accounting systems
CD agrees the integrity of a system isn't just about user input
CH asks him what he understood from there to be no back doors to H
CD that there was no way in that couldn't be controlled and observed
CH takes him to more "back door" talk in the Ismay Report
CD agrees this concurs with what he understood
CH takes him back to the exec summary
CH notes the par raises known system issues
CD agrees
CH takes him to p15 of the Ismay report titled Known System Issues. She raises point b)
CH on the face of it, this is an accounting error - that a transaction has not been properly processed and recorded by H
CD yes
CH not a user error
CD yes
CH dates back to 2005
CD correct
CH reads out the second par
CH so the PO thought this is about a piece of hardware
CD yes
CH "up to now" - so this was an assumption which lasted 5 years...
CD yes
CH you're being told that for a period of 5 years, the PO had done nothing to address the underlying problem which caused this issue
CD not sure. he's differentiating between errors caused by inputs and broader hardware issues which did no have any bearing on previous legal cases.
CH moves to the following par. This was not a hardware issue, but was, in fact a software issue. Which they are not intending to do anything about because HOL will replace old (legacy) H
CD agrees
CH next par says that the issues have been resolved. But in the preceding pars it says the PO had not sought to identify the branches affected
CD agrees
CH the PO had instead relied on the branch to spot the problem or for a customer to raise an issue about an unpaid bill
CD agrees
CH bearing in mind this fault lay unresolved and undiagnosed for 5 years, would you entertain the possibility some branches were out of pocket because they had made it good or made to repay the discrepancies caused by the error
CD yes it's a possibility
CH it showed there was a software bug in the system which was capable of causing accounting errors, because a customer whose bill has not been paid is raising an accounting error
CD yes
CH did you think this was consistent with the confidence RI was expressing in his report?
CD I was being asked to accept that none of these issues had any bearing on these legal cases
CH that's what he wanted you to think, but is that consistent with what you are being told here. There is a fault, it took ages to resolve and Fujtisu (F) weren't even aware of it. How could you or RI be confident?
CD it says it was a resolved issue
CH doesn't give you a great amount of confidence in the PO's processes tho, does it?
CH would you agree that this was not a systematic integrity issue
CD I would have accepted it at the time
CH takes him to Ismay's thoughts on doing an independent audit of H
CD I would like to think that I would not accept these reasons for not commissioning an independent review
CH takes him to the par on E&Y and Deloittes and suggests that what RI is saying here is that the above would not sign off on H's integrity
CD no just that they would have so many caveats it wouldn't be much use
CH is that not what the caveats are? An inability to sign off on H's integrity
CD accepts
CH do you see a tension between the PO and its auditors over PO's absolute faith in H and its auditors concerns
CD no because I had a separate relationship with the auditors and from what I read in that par I don't think it would particularly surprise me
CH takes him to RI's concluding pars which effectively says we shouldn't have an independent review because it would need to be disclosed in court.
CH is this not odd
CD it is, but I don't recall it striking me as odd at the time. Regrettably I was not focusing on disclosure etc
[both CD and CH have quite soporific voices (CH in particular would be good doing ASMR clips) and the evidence is not particular thrilling]
CH should you not have challenged this report - it was your job
CD yes I had a lot going on when I was being inducted. RI was telling me that there had been challenges and that was in the past. I was also talking to E&Y about areas that needed to be addressed. This was useful for context
CH it was a red flag, was it not
CD yes
[we move on to the Ernst and Young 2010/2011 audit which reached CD's desk when he took post]
CD conversation with E&Y audit partner was positive. He sent a management letter in which he described "refinements" rather than "fundamental control deficiences".
CH produces the management letter
It is addressed to Susan Hall, the PO's financial controller
CH so this is a significant caveat. You cannot rely on this audit to prove system integrity
CD true, but when you look at all the transactions covered in the financial statements it's hard to see where the weaknesses, but he's not giving a green light to the H system, nor would I expect him to
CH is it not that E&Y are not looking at the code and integrity of H and therefore not signing it of at all as robust
CD correct
CH notwithstanding this E&Y had found problems
CH correct
Beginning of the exec summary
CH reads the reassuring stuff and then points out weaknesses in control environment "operated by POL's third party IT suppliers"
CD confirms he understands this to mean Fujitsu
CH what did you understand by privileged acess
CD that this was a theoretical possibility of back end access, not "front end" access to branch accounts, but it was still a weakness that needed to be addressed in short order.
CH did you understand the significance of this section?
CD not in detail. would have seen it as theoretical and we did take steps to address if over the course of the following 12 months
[CH mistakenly calls Mr Day "Mr Grey". I know how she feels...]
CH notes this par is in direct contradiction to the Ismay report
CD not sure I would have interpreted this in the same way - this is about a perceived risk across the estate. I did not relate this to individual accounts
CH what did you understand "unrestricted access" to mean? It's not theoretical. It says they have it
CD it doesn't speak to the suggestion that it could not be done without an SPMs visibility of the transaction
[CH is actually whispering now]
SWW so what is being said here is that unrestricted access "could take place? That wasn't theory. However there was no evidence that it *had* taken place."
CD "Yes I would agree with that sir"
[we take a break. this is tedious and frankly going over old ground]
[we have returned]
CH takes him back to the E&Y management letter from the 2010/2011 audit and some key recommendations, including
CH whose job was this
CD the CIO
CH in isolation, or with input from the finance team
CD I would own the audit overall, but this was a specific IT issue which I would expect them to do
CH CIO was Lesley Sewell (LS) - do you recall a briefing by her addressing this?
CD seen the doc, but don't remember it then
CH takes him to it
CH notes this was written in response to the E&Y 2011/2012 audit, but the doc references the issues raised in the 2010/2011 management letter
It says the 2010/2011 issues have largely been addressed
CH goes to the appendix and notes E&Y's first recommendation is a repeat of its 2010/2011 recommendation of reviewing privileged access
CD agrees there's an inconsistency here with the LS briefing and what's in the appendix
[I'm going to sit out the live-tweeting unless something newsworthy comes up. this feels like a waste of time and electricity]
CH takes CD to the prep emails for a paper to be sent to the Audit and Risk Controls (ARC) committee of RMG in Nov 2011.
CD says this was in response to some article in Private Eye (first one was Sep 2011). First email is from Susan Hall...
This is a section of the report being prepared for the ARC committee.
CH notes there is no mention of the ability for unrestricted back end access
CD yes
CH odd that this was not mentioned?
CD no not appropriate here
CD it was not hiding the E&Y detail, it was a summary
CH takes CD to RI's response to Susan Hall (SH) and reads from the main par about E&Y
CH did you think this was right at the time?
CD yes, less so now
CH why
CD given what we know about access to the system
CH reads the second half of RI's proposed changes to the ARC report- was this appropriate
CD not my focus at the time. Reading it recently, "I'm shocked." - it doesn't make any sense to draw that together in this way
[we move on to the response to the 2013 Second Sight Interim Report]
CH you say you weren't involved in the appt of second sight (2S) - should you not have been, given they were investigating the work in Product and Branch Accounting - a division you were responsible for
CD not really
CH you were on the board and got updates about 2S, culminating on 1 July where you were briefed about it by Paula Vennells
Horizon (H) is the first item on the agenda. PV says:
CH did you know what anomalies PV was referring to
CD no
CH but did you understand they were accounting errors
CD did not from this update, but I did from the 2S report which I read a short while later
CH these bugs revealed something which affected your dept - were you surprised you had to learn of it from this report
CD yes
CD I regret I did not take any follow up action to find out why I had not learned about this earlier. I can't recall being alarmed. Knowing what I know now I should have been alarmed and concerned, but I wasn't at the time - I put them into relatively routine things which go wrong with an IT system and get fixed. I didn't start thinking about how I might be able to rely on my accounting system's financial data in the light of these errors
We turn the page on the Board Meeting minutes whereby the Board asks PO to challenge 2S on the language of their report.
CH asks CD to shed some light on this
CD can't remember, remembers there was a concern the language in the 2S report was quite emotive and anecdotal. So board wanted 2S to be more specific and draw out themes and reduce the degree of anecdotal or lack of evidence-based findings
CH between this meeting and the board meeting on the 16 July PV provided multiple updates to the board
CD I don't remember much, but having been sent plenty of documents, I've been able to piece this together and come up with why they tone had changed so much by 16 July
CH we'll get onto that shortly
CH takes him to his WS on the 2S issues raised. You believe the likely risk to the PO based on the issues raised to be immaterial.
CD I was not party to the discussions about the raising of past prosecutions
We go to the 16 July board minutes which discuss 2S's report
CH takes him to his WS where he says he does not recall who raised the concerns in b) in the above. And doesn't know why they were raised.
CD having not been involved in the 2S process, my involvement was limited to the CEO and GC's reports. Through the inquiry process and being in receipt of other documents you can see in c) the board felt the 2S process had not been handled well. i can now understand, but didn't at the time, why the board was concerned about opening ourselves up to wrongful prosecution claims.
CH let's test what you did know. you knew upon reading 2S's report they had identified 2 faults with H (online). You knew from PV's update they caused accounting errors
CD well, from the 2S report
CH these faulst called into question the integrity of H's financial accounting
CD potentially
CH PO's knowledge of these faults called into question its confidence and statements about H's integrity
CD yes
CH and you were aware PO was still prosecuting SPMs and seizing their assets
CD yes
CH did this not make you alive to the real possibility the PO might have wrongful prosecution claims against it
CD no not at the time
CD "it was clearly expressed by somebody on the board, but I don't know who it was and in what context"
CH but the board was sufficiently concerned to ask you to investigate and notify PO's insurers
Sorry, wrong doc...
[CD eventually produces a paper to the board in March 2014]
Point 3 references the establishment of the PO's complaint and mediation scheme
CH asks how interested the board were in their personal risk
CD admits he isn't clear - he thought he was investigating potential compensation costs
[we end for lunch. CH only has a few more questions then it's the SPM lawyers and other who get their chance if they are still awake]
[we're back]
CH wants to look at the Horizon (H) desktop review carried out by Deloitte (D).
CH notes Linklaters LPP (L) had been asked to look at the PO's liability for claims by SPMs. L noted there was no objective review of H and the Board instructed D to create such a report
CD agrees with all that
CH takes him to April 2014 board meeting and discussion of D's report into H
CD you did not lead on this work - it was Lesley Sewell (LS) and Chris Aujard (CA)
CH so you got board updates and saw the report
CD correct
CH reads out point b)
CD says it was more that it was expressed more objectively than that. It wasn't that we asked D to create a one-sided review.
CH raises point e) - what does CD understand CA meant about phantom transactions
CD it surprised me that he was asking such a specific question of D
CH do you think he was talking about unathorised transactions
CD yes but I'm not sure I would have made the connection at the time
CH takes CD to his WS on the D draft report. Notes his point about board disappointment and it being "far too caveated"
Then CH goes to the D report itself.
And reads from the Exex Summary
She reads on...
And then turns to D's matters for consideration
CH raises this point in 4 e) of the key matters
CH did this not concern you?
CD I don't recall this specific finding. I have a better recollection of the short-form report which came to the board.
CH did you read this
CD I will have done, I don't recall this point or relating back to the earlier issues. I'm not sure what the question is...?
CH explains the lack of proactive checking - and traces it back to the Ismay report
CD hadn't made that connection.
CH takes him to 4 f)
CH any recollection of reading this at the time
CD no
CH if you had read it would you have made connection between this and earlier concerns about access to the system
CD I would like to think I would. I do recall colleagues saying this report was unwieldy and not written in plain English so CA asked D to write a shorter report for the board which had specific management actions to come out of it.
CH reads more of the report and states unequivocally that there were clearly back doors into H
CD accepts that, but doesn't know why it didn't raise alarm bells at the time. Remembers a CA paper called Zebra Actions which the IT function took hold of which was to test for the number of times balancing transactions had been used apart from the one time in 2010. And the other had to do with testing the integrity of audit store access. I think there was a shorter form of this D report which may or may not have been discussed at board level. And there was a CA management action paper. Then it goes cold.
CD regrettably I did not connect the balancing transaction point with the earlier points. Had we as a board had that presence of mind to think "oh my goodness" wasn't that back door access a problem in the past we might have done something.
[CH moves on to the Simon Clarke advice]
CH takes CD to his WS
And wants to focus on this sentence.
CH when did you see the Advice?
CD pretty sure I didn't see or get sent any of them before this Inquiry.
SWW has some questions. Specifically about this par in his WS
SWW your WS suggests the board received both the documents listed in par 108. Was that the case?
CD can't be completely sure that the whole of the board received the full long doc. Can't recall who decided this was not in a form acceptable for the board. It would have come to some of the board and rejected as not fit for purpose. I had thought the board got both docs, but I'm not sure.
SWW quotes his WS saying the board had a "general sense of disappointment..."
SWW am I to understand from that was that your personal view did not demonstrate conclusively or even on balance of probability because there were no conclusions on that.
CD correct
SWW so the doc you are satisfied from memory went to the board you were disappointed with
CD correct - we were two years on, and no further forward - the system was broadly reliable but nothing specific on x, y or z and we couldn't go back far enough etc etc
SWW should D's full report not be too difficult to understand for those in the PO team who had the relevant expertise
CD correct
SWW so will there have been people at the PO who would have the expertise to understand the D report
CD - yes CIO, IT, IT security all working in conjunction with the GC who was custodian of this report
SWW so LS and CA
CD and Julie George
Questions now from Ed Henry KC (EH) for some SPMs. Takes him straight to an ARC document 20 Jan 2014, chaired by CA
Takes him to allegations against H
EH who was the risk business partner
CD not sure, might have been Dave Mason - worked in internal risk and audit dept
EH on 25 June 2014 you and PV signed off the annual report. Takes him to the 2013/4 annual report and accounts. These are important?
CD yes
EH and you want to give a true and accurate reflection of the busines
CD yes
EH I took you to the Jan 2014 ARC report which noted the H risk
EH takes him to Engagement Risk in the Annual Report (ARA)
EH these are very carefully worded and delphic
CD in terms of my duties as a CFO, at no stage did we seek to diminish or cover up the ongoing concerns around H if that's what you're alluding to. But this would not be the point in the accounts to make reference. The auditors were aware of the 2S review and they were aware of provisions and contingent liabilities
EH really
CD yes I needed to disclose as much as possible to the auditors so they could consider a contingent liability or provision
CD you'll see a progression of statements about issues with H up to my last report where we put more in about it.
EH so auditors were made aware of contingent liabilities and integrity issues with H
CD yes
EH takes him to a discussion about management discussions with the auditor about putting a provision in the accounts in which Susan Hall says there is no need
EH no mention of the JFSA or impending or possible litigation. This was ultra-defensive, keep a lid on things mode, wasn't it?
CD no I don't think it was
EH wasn't the mediation process a sham?
CD don't think so
EH takes him to 21 May 2014 PO board meeting
EH why is it that the board is allergic and hypersensitive to the inclusion of Project Sparrow in the Annual Accounts?
EH why was the comms man dealing with this
CD he would draft everything in the ARA outside my responsibility, reporting to the Chair and CEO. Not sure why Sparrow was in the discursive part of the ARA and therefore part of the CEO overview. But the auditors had decided not to put in a contingent liability or provision, so this was more of a wider risk
EH this risk got lost in the wash didn't it
CD I admit it looks like this - it was a risk, there were other risks IT, Business transformation and network transformation ongoing at the time. Face value it looks odd to lump Sparrow in with that
EH it's all part of a sleight of hand - to put the best possible gloss on a situation, without stating the unvarnished truth
CD no
Sam Stein KC for SPMs now asking questions
SS branches would be told by H there was a shortfall and the branch manager and staff were encouraged to pay the shortfall
CD via a transaction correction
SS well if there was a discrepancy then the branch manager or SPM would be encouraged to pay it
CD [doesn't appear to agree with this]
SS you must have been following this for some time
CD accepts it a possibility
SS what do you mean a possibility - it happened
CD accepts
SS do you agree to hold a debit against an SPM would require a credit to be in the PO accounts
CD no necessarily
SS can you explain that
CD if the two sides of a transaction can't be married up then there would be [goes into complicated explanation] but a balance could exist in an PO account which was a credit from an SPM
SS raises the issue of Ms O'Dell
CD it's regrettable the onus was on SPMs to prove with evidence that a shortfall was not their fault
SS regrettable might be an understatement
CD I agree
SS goes back to the debit and credit issue. For a debit in a branch there has to be a credit in the PO
CD not as simple as that. My direct experience of suspense accounts is from the top down - I wouldn't have visibility of material sums to SPMs
SS let's forget about suspense accounts, Alisdair Cameron called them a red herring. Let's stick with our crude example. Money paid into the PO by SPMs for a discrepancy - where does it go
CD there would have been a fundamental mismatch which would need to be investigated - it doesn't automatically go into PO's back pocket
SS so what happened to SPMs money? Where did it go? Do you not know?
CD it would have gone into a suspense account. Not a consolidated PO account. It would have required investigation and reconciliation
SS you don't seem to know
CD I'm trying to piece it together in retrospect
SS really crudely. There's a debit on an SPM account and there's a suspense account somewhere with that debit registering.
CD yes
[EH is back asking questions]
EH you remember the 16 July 2013 board meeting. The board was concerned about claims for wrongful prosecutions
CD yes
EH do you have an independent recollection of this?
CD no
EH takes him to an email from Belinda Crowe re insurance issues. Reads out the part of the email in bold
EH who was named in past prosecutions? Was that the board saying it wanted a list of everyone being prosecuted?
CD why is this linked to the July 2013 board meeting - this is dated Dec 2013. I also don't understand why they want specifically named people
EH was that those who had been prosecuted
CD possibly
EH or those on the hook for liability
CD yes or PO vs RMG prosecutions
EH yes. If you were going to advise the board and take ownership on this v v important issue you ought to be apprised of all the relevant facts
CD as it relates to potential insurance claims, absolutely
EH including the Clarke Advice or the advice within it - that a witness had been fatally undermined...
... do you accept you ought to have been properly advised on the Gareth Jenkins position in order to discuss it with the board and insurers
CD hadn't considered that. the only time me and my team were in contact with our brokers or insurers was directly after the 2S report
EH I'm asking whether you ought to have been informed - you ought to have been apprised of all material risk
CD possibly
EH did you notify RMG's insurers
CD yes
[we move to a new doc - it's an email from Andy Parsons 12 March 2014]
EH do you know AP?
CD nope, only from Inquiry
Sorry - this is the email from AP
And this is the doc referred to in that point 3 in AP's email. EH says that if this did go to the board you would have been appraised of the Jenkins problem
EH reads from par 2, which makes it clear there's a disclosure/perjury problem. Then goes on to mention civil risks.
EH keep scrolling through
EH reads out summary.
EH isn't it clear now the board must have been apprised of the Gareth Jenkins issue
CD no recollection of this, and I'd like to see where it is discussed in the board minutes
EH this doesn't jog your memory
CD no idea about this at all. Until this inquiry I didn't even know the name of the expert witness
Tim Moloney KC now asking questions for SPMs. TM takes CD to the Project Zebra action summary and a Julie George email dated 17 June 2014, both of which we've seen before.
TM so there'd been a meeting this morning which you attended - are you saying you didn't see the action report then?
[CD has claimed he didn't see the Project Zebra action report until a couple of weeks ago]
CD remembers a similar document. This email I saw recently and it did jog a memory.
CD it suggests we did convene a meeting of key people capable of actioning the management actions - what is missing is what on earth did happen as a result of the meeting.
[this is so arcane and niche even for me...]
[we've wrapped for the day. Former Post Office chair (and wife of Jack Straw), Alice Perkins will be giving evidence for two days starting tomorrow at 9.45am. Should be more interesting. In fact, I've just heard a barrister tell someone tomorrow will be "very" interesting.]
If you'd like to sign up for my irregular newsletters, then please have a look here. Your donations power my journalism from this inquiry and the website itself.
postofficescandal.uk/donate/
I'll get a blog post up about Chris Day's evidence shortly. Have a good evening.
@threadreaderapp unroll
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.