1 Tuesday, 4 July 2023 2 (10.00 am) 3 MR BEER: Just so everyone knows, we're waiting for 4 the Chair to come online. 5 SIR WYN WILLIAMS: I should be online, actually. 6 I have started -- oh. 7 MR BEER: Perfect, we can now see and hear you, sir. 8 Can you see and hear us? 9 SIR WYN WILLIAMS: I can indeed. Yes. 10 MR BEER: Good morning to you. Can I call Mr Ben 11 Foat, please? 12 SIR WYN WILLIAMS: Well, just before you do that, 13 there's just one or two things I'd like to say, 14 if I may, Mr Beer. The first thing I'd like to 15 do is to thank all those who were kind enough to 16 send messages of support to me via the Inquiry 17 during my recent illness. That was very kind 18 and I much appreciated it. 19 The second thing I'd like to say is that 20 this four-week session will, I hope, continue 21 uninterrupted by any ill health on my part but 22 I have been advised that I should conduct the 23 hearings remotely, so that, unfortunately, 24 I won't be able to pay visits from time to time 25 to the Inquiry. I believe the assessors are 1 1 present this morning and they will continue to 2 attend from time to time. 3 I'm sorry I won't be able to do that but 4 obviously I will review that once we get into 5 the autumn and hopefully I will be fully 6 recovered. 7 Just two minor points about the timetable. 8 Tomorrow, if we may, could we start at 10.15, 9 Mr Beer. That's simply to facilitate an early 10 morning medical appointment of mine. Then on 11 26 July could we finish by 2.00 pm, again to 12 facilitate a medical appointment for me. 13 Then one other announcement, in a sense 14 unrelated, but related to the fact that I held 15 a hearing on the 23rd -- or was it the 27th -- 16 anyway, in late April, about compensation. 17 Obviously, in the normal course of events, 18 I would have produced either an interim report 19 or a progress update, as I promised I would at 20 the end of the hearing. The current position is 21 that I fully intend to produce an interim report 22 before Parliament rises on 20 July and I can't, 23 at the moment, see any reason why I shouldn't be 24 able to do that. 25 With those announcements, can I turn to this 2 1 morning's hearing. My understanding, Mr Beer, 2 is that you are going to question Mr Foat. It 3 is only you who will be questioning him and 4 then, at the end of that session, I'll simply 5 decide what should happen next and, thereafter, 6 we shall commence Phase 4 with, I think, 7 Mr Ferlinc to give evidence; is that correct? 8 MR BEER: Yes, it is, sir, save that Mr Ferlinc 9 pronounces his surname -- it is pronounced in 10 that way, we found out this morning. 11 SIR WYN WILLIAMS: Well, I'm very sorry for 12 mispronouncing on the first attempt but I shall 13 remember in the future how to pronounce his 14 name. Thank you. 15 MR BEER: Thank you very much, sir. So Mr Foat, 16 please. 17 BEN FOAT (affirmed) 18 Questioned by MR BEER 19 MR BEER: Good morning, Mr Foat, as you know, my 20 name is Jason Beer and I ask questions on behalf 21 of the Inquiry. Can you give us your full name, 22 please? 23 A. Benjamin Andrew Foat. 24 Q. Thank you for coming to the Inquiry today to 25 assist us in our work and thank you for the 3 1 witness statement that you have previously 2 provided. You should have in front of you 3 a hard copy of that witness statement in your 4 name, dated 21 June 2023. If you turn to the 5 last page of it, page 19, is that your 6 signature? 7 A. The version that I have in my notes says GRO but 8 that would be where my signature was placed. 9 Q. Thank you. Yesterday, Herbert Smith Freehills, 10 the Post Office solicitors, kindly wrote us to 11 pointing out a correction that you wish to make 12 to paragraph 14(a) of the witness statement. If 13 you turn that up, please. That's at the top of 14 page 5. 15 A. Correct. 16 Q. In the fourth line, a date is given as 22 August 17 2022. Would you like to amend that to 12 August 18 2022? 19 A. That is correct. 20 Q. Then something that I'd spotted, if you look at 21 page 1, paragraph 3, second line, a request 22 "pursuant to Rule 9 of the Inquiry Rules 2006, 23 dated 5 June 2022". Should that be 2023? 24 A. Correct. 25 Q. Save for those two directions, are the contents 4 1 of that witness statement true to the best of 2 your knowledge and belief? 3 A. Yes. 4 Q. For the purpose of the transcript, and it's 5 already being displayed, the URN is POL0011816 6 4ds. That can come down from the screen, thank 7 you. 8 I'm only going to ask you questions today 9 about a limited range of disclosure issues 10 arising from the disclosure to the Inquiry, on 11 30 May this year, of an appendix to 12 a prosecution policy had contained racist and 13 offensive identity codes. In particular, I'm 14 not going to ask you about the substance of the 15 issues arising from that disclosure. They will 16 be addressed with other Post Office witnesses 17 when the opportunity arises in Phases 4, 5 and 6 18 of the Inquiry and we're going to ask you to 19 return at a later stage of the Inquiry to ask 20 you questions about your role in other events 21 that the Inquiry is examining, principally 22 Phases 5 and 6. 23 Can I make two points clear before I ask the 24 substance of my questions. It's right, isn't 25 it, that you're giving evidence today following 5 1 the service of a Rule 9 Request, so a request 2 for evidence addressed to the Post Office 3 pursuant to Rule 9 of the Inquiry Rules 2006 4 and, therefore, you're giving evidence on behalf 5 of the Post Office in a representative capacity 6 not a personal capacity; is that right? 7 A. That is correct. 8 Q. Does it follow that you are, in part, reliant on 9 information given to you by others in order to 10 write your witness statement and in order to 11 answer my questions today? 12 A. Significantly so, yes. 13 Q. The second point of clarity that I'd like to 14 make clear before we get to the substance of the 15 questions: none of my questions are designed to 16 obtain from you any information which the Post 17 Office continues to assert a claim to legal 18 professional privilege over; do you understand? 19 A. Understood. 20 Q. So please bear that in mind when I'm asking the 21 questions. Can I start with your background, 22 please. You're a lawyer by profession; is that 23 right? 24 A. That is correct. 25 Q. You have legal qualifications? 6 1 A. Correct. 2 Q. You're the general counsel to Post Office 3 Limited -- 4 A. That is correct. 5 Q. -- and you're a member of the executive team of 6 Post Office Limited? 7 A. Correct. 8 Q. Is that sometimes called the Group Executive? 9 A. The General Executive. 10 Q. General Executive, thank you. 11 Is that the most senior leadership team 12 within the Post Office that's accountable to the 13 board? 14 A. Correct. 15 Q. How long have you been group general counsel? 16 A. Approximately four years, since 1 May 2019. 17 Q. In short order, what does your role as general 18 counsel involve? 19 A. Ultimately, I'm responsible for instructing the 20 legal department and the law firms and, 21 therefore, managing legal services to the 22 company. In addition to that, there are other 23 areas of responsibility as well, such as 24 compliance, and I'm the chairman of a subsidiary 25 company with the Post Office. 7 1 Q. What role did you perform in the Post Office 2 before becoming group general counsel? 3 A. Legal director. 4 Q. For how long were you legal director? 5 A. I was appointed in August 2016. 6 Q. Before that, did you work outside the Post 7 Office or within the Post Office? 8 A. Prior to that, I commenced employment at the 9 Post Office on -- in August 2015 in the capacity 10 of Head of Legal for Financial Services. So 11 I was dedicated to the Financial Services team 12 at Post Office. 13 Q. So August 2015 to date, the role as a lawyer 14 within the Post Office, being promoted to legal 15 director and then promoted to general counsel in 16 May 2019? 17 A. That's correct. 18 Q. As group general counsel, what role specifically 19 do you perform, insofar as the Post Office's 20 engagement with the Inquiry is concerned? 21 A. So ultimately, obviously, there is a board that 22 makes decisions and certain decisions are 23 delegated to the General Executive and, in this 24 particular case, there is a General Executive 25 subcommittee that makes the decisions. Part of 8 1 my responsibility is making sure that the 2 provision of legal advice and services is given 3 to the company. 4 Q. You've previously made four interim disclosure 5 statements to this Inquiry and previously 6 a witness statement. This is your second 7 witness statement; is that right? 8 A. That is correct. 9 Q. Do you consider that the Post Office acts under 10 a duty to be candid with and to assist the 11 Inquiry? 12 A. Absolutely. 13 Q. That, amongst other things, fulfils a commitment 14 which a series of very senior Post Office 15 executives have made publicly and to the 16 Inquiry? 17 A. Correct. 18 Q. You've been general counsel since May 2019. 19 That was just after a huge disclosure exercise 20 had been completed in the Group Litigation; is 21 that right? 22 A. I recall that the -- what was referred to as the 23 "Common Issues judgment" had been handed down 24 I think approximately March 2019. The Horizon 25 Issues trial was halfway through at that point. 9 1 There were basically a series of trials that 2 were to occur in respect of the GLO, which is 3 the name that -- was the programme that was 4 managing that matter. 5 Q. Did you play any part in the disclosure exercise 6 for the purpose of the Group Litigation? 7 A. No. 8 Q. Did you play any part in the disclosure exercise 9 that occurred in the run-up to what I'm going to 10 call the Hamilton appeals? 11 A. The Court of Appeal -- correct, at that stage 12 I had become the general counsel. But 13 previously, the GLO, as we refer to it, was 14 managed in a separate programme and that didn't 15 come through my line of responsibility as legal 16 director. Obviously, when I became general 17 counsel, that changed, and initially HSF were 18 appointed in or about, I think, April 2019. 19 Q. What about the Hamilton appeals to the Court of 20 Appeal Criminal Division? Did you participate 21 in any way in the disclosure exercises for the 22 purpose of those appeals? 23 A. Yes, I was general counsel at that time. Peters 24 & Peters and HSF, the two law firms, were 25 involved in that process. 10 1 Q. What about you? Did you superintend, in any 2 way, those exercises? 3 A. I didn't actually do the disclosure exercises 4 myself. Obviously, that is undertaken by the 5 relevant lawyers in the external law firms. As 6 part of the Hamilton judgment, it's obviously 7 a very complex criminal process and so it was 8 necessary to appoint external criminal lawyers 9 to advise the board. It's not part of the role 10 of the general counsel to make decisions in 11 respect of that but certainly to support the 12 board receiving advice in respect of what is 13 required for disclosure. 14 Q. Do you understand that one of the very things 15 that this Inquiry is investigating is how it 16 came about that, in very many criminal 17 prosecutions brought by the Post Office, there 18 was what was described by the Court of Appeal as 19 "pervasive failures in disclosure for over 20 a decade"? 21 A. Correct. 22 Q. And that we are investigating what the Court of 23 Appeal described as POL's, the Post Office's, 24 "approach to investigation and disclosure being 25 driven by what the Post Office considered to be 11 1 in its best interests rather than that which the 2 law required"? 3 A. Correct. That's a reference to the historical 4 practices and I think specifically in -- the 5 judgment referred to the investigation practices 6 that were conducted at that time. 7 Q. Well, and the disclosure practices? 8 A. Indeed. 9 Q. And that we're investigating the underlying 10 facts which the Court of Appeal described in 11 relation to disclosure as being "failures that 12 were so egregious that a prosecution in any of 13 the Horizon cases was an affront to the 14 conscience of the court"? 15 A. That is correct. 16 Q. So, against that background, where the Inquiry 17 is investigating the Post Office's past 18 disclosure failings, which led to wrongful 19 convictions and to imprisonments, do you agree 20 on behalf of the Post Office that disclosure in 21 this Inquiry must be punctilious, it must be 22 prompt and it must be complete? 23 A. Correct. Post Office is absolutely committed to 24 making sure that there is full disclosure. If 25 I could just say, you know, genuinely, everyone 12 1 in the teams, in the different law firms, are 2 working incredibly hard. I recognise that there 3 are a number of areas where we have fallen short 4 and I do apologise to the Inquiry and especially 5 to the Core Participants. But, genuinely, the 6 team are working incredibly hard to make sure 7 that we do the full disclosure that we must do, 8 and remediate any issues that do come to light. 9 Q. How many people within the internal Post Office 10 Legal Support division, if I can call it that, 11 are working on Inquiry disclosure? 12 A. So within the Post Office internal team, it has 13 varied over the years, depending -- as the 14 Inquiry has evolved. It will have varied from 15 anywhere, I think, between four to what 16 I understand is now eight lawyers. Of course, 17 there are many issues that the Inquiry lawyers 18 must attend to in addition to disclosure. 19 Q. You're assisted, I think, by Herbert Smith 20 Freehills, HSF as you referred to them already. 21 They're the Post Office's recognised legal 22 representatives in the Inquiry presently? 23 A. That is correct. 24 Q. Can you give us a similar figure, please, of how 25 many were working or have been working -- 13 1 I imagine that waxes and wanes as well -- on the 2 Inquiry? 3 A. Indeed, my understanding is that 46 lawyers are 4 working specifically on these disclosure and 5 remediation issues. I'm happy to come back and 6 give an exact figure but that is my 7 understanding based on what I've been told. 8 Q. Same question, please, in relation to Peters & 9 Peters? 10 A. I think it is much smaller. Again, I'd want to 11 come back but my understanding is that there are 12 at least five. 13 Q. Can you explain briefly, please, the role that 14 Peters & Peters presently perform? 15 A. Sure. As part of the disclosure process, what 16 Peters & Peters, and indeed Post Office, sought 17 to do was to make sure we could collate all 18 relevant materials so that, when Rule 9 requests 19 came through, the organisation would be in 20 a position to be able to respond to those. So 21 back in 2020, Peters & Peters were looking at 22 what was called the post-conviction disclosure 23 exercise and, as part of that exercise, they 24 were searching through repositories of 25 information, and that was part of a disclosure 14 1 exercise that you've referred to previously in 2 relation to the Hamilton judgment. 3 Subsequently to that, in January 2022, 4 Peters & Peters also undertook in advance of the 5 Rule 11 and 14 requests, again looking through 6 the data repositories of Post Office, which 7 I should say is complex and vast, and they were 8 trying to ascertain and get as many of the 9 relevant documents, or rather responsive 10 documents, so that when the Rule 11 and Rule 14 11 requests came in, Post Office was able to search 12 them. 13 Q. Are you satisfied that everyone within each of 14 the teams that you've just mentioned understands 15 that this Inquiry is itself investigating 16 pervasive disclosure failures that lasted over 17 a decade, that sent people to prison? 18 A. Yes. I do believe everyone that is working at 19 HSF, at Peters & Peters and Post Office, we 20 recognise that this is an extremely serious 21 issue. 22 Q. And that, therefore, the Post Office's 23 disclosure obligations in this Inquiry are 24 heightened because we're investigating the issue 25 of non-disclosure? 15 1 A. Quite. 2 Q. You mention in your witness statement a unit 3 within the Post Office called the Central 4 Investigations Unit. What function or functions 5 does the Central Investigations Unit perform, so 6 far as concerns this Inquiry? 7 A. So the Central Investigations Unit was a unit 8 that was relatively recently established. 9 Following the criticisms that were contained in 10 the Hamilton judgment, which referred to 11 investigations and disclosure not being 12 satisfactory. The Central Investigations Unit 13 was established to make sure that good 14 investigation practices occur across the 15 organisation. 16 So it's what I call a second line of defence 17 function, in that when issues arise within the 18 organisation that require an investigation, the 19 Central Investigations Unit make sure that those 20 issues are investigated appropriately, according 21 to industry standards. 22 Q. A line of defence against who? 23 A. Sorry, I used the expression "the second line of 24 defence". It's a compliance concept: three 25 lines of defence. So, in summary, the first 16 1 line of defence is usually the business that 2 does the activity; the second line of defence is 3 an assurance function, so that can commonly 4 include a legal department, compliance function, 5 an assurance function; and then the third line 6 of defence is an audit function. 7 Q. What function do they perform specifically in 8 relation to the disclosure exercise being 9 undertaken for the purposes of this Inquiry? 10 A. In what respect? 11 Q. That's my question. Do they perform any 12 function in relation to the disclosure exercise 13 that's being undertaken for the purposes of this 14 Inquiry? 15 A. Not specifically, unless there is a particular 16 issue that is raised and referred to them, and 17 so, in this context, given appendix 6 and the 18 failure to disclose, they are involved, together 19 with Jeremy Scott-Joynt KC. 20 Q. I'm not sure he's a KC. 21 A. Oh, apologies. 22 Q. I think he's only 2018 call. So I'm not sure 23 that he will have quite achieved the status of 24 King's Counsel yet. 25 A. Apologies. In any event, he's of counsel that 17 1 is providing oversight to that investigation 2 team, together with an organisation, ETICA, to 3 investigate. 4 Q. With that background, can we turn to the issues, 5 then, please. Can we start by looking at 6 POL00115668 -- sorry POL00115669. Right, that's 7 going to be difficult. Have you got in your 8 bundle in front of you -- sir, I think it's in 9 your tab B11, in volume 1 -- a colour document 10 called "Security Operations Team, Case 11 Compliance". If you haven't, please do borrow 12 mine. I wonder if it could be walked down to 13 you. 14 Ah, yes. We've now got it on the screen. 15 A. Sorry, is the document A3? POL00038452? 16 Q. No. It's on the screen now. 17 A. Okay. 18 Q. Is it right that that for a period of time, the 19 length of which has yet to be established and is 20 presently being investigated by the Project May 21 investigation team that you have just mentioned, 22 that the Post Office maintained and operated 23 a suite of documents, there are eight of them, 24 that gave guidance to members of its security 25 team as to the construction and completion of 18 1 files of investigation in the case of those 2 suspected of criminal offences? So there's 3 a suite of documents, of which there are eight 4 in number? 5 A. Correct. It's not the Central Investigations 6 team but it was the Security -- 7 Q. Yes, I said security team? 8 A. My apologies. Security Investigations Team. 9 Q. The document we're currently looking at on the 10 screen, is this the first in the series of eight 11 documents? 12 A. I understand that to be the case. 13 Q. Thank you. I'm not going to delve into the 14 substance of the issues, as I've said already, 15 but, in order to provide some understanding of 16 the documents we're about to look at, can you 17 assist us with what your understanding is of 18 what this document is, the front of the suite of 19 eight. 20 A. So my understanding is that this document was 21 used previously when Post Office conducted 22 prosecutions. It was used in two ways. One was 23 a working document and, in the second respect, 24 it was to act as a compliance check. So when 25 I referred to a second line of defence before, 19 1 my understanding is that the document was to be 2 used both in terms of undertaking the 3 prosecution work but also as a quality check. 4 Q. So it's how to structure case files, offender 5 reports and other documents within the case 6 file, and then there's a score on the right-hand 7 column, which, if we just scroll down we can 8 see, adds up to 100. If we scroll back up 9 again, presumably these were marked -- so look 10 under "File Construction", to take 11 an uncontentious one, fourth row. The author of 12 the document must use the correct font for all 13 reports, namely Chevin light 12, which is 14 a font, and if they do that, they score 15 0.5 per cent, yes? 16 A. Correct. 17 Q. Is it your understanding that sitting behind 18 this first document, for a period of time which 19 is yet to be established, was a series of other 20 documents that fed into or assisted the 21 completion exercise contemplated by this 22 document? 23 A. I understand that is the case. 24 Q. Thank you. 25 A. There are connected documents. 20 1 Q. Yes, so there are some documents that are 2 connected to, that help you to do the things 3 that this requires? 4 A. That's my understanding. 5 Q. Thank you. Now, amongst the documents that sit 6 behind or sat behind that first document, can we 7 look at them, please. POL00115670, thank you. 8 You'll see this is entitled: 9 "Post Office Limited 10 "Security Operations Team 11 "Compliance. 12 "Guide to the Preparation and Layout of 13 Investigation Red Label Case Files 14 "File Construction and Appendices A, B & C." 15 So it's a document of the Post Office and, 16 in particular, its Security and Operations Team, 17 yes? 18 A. Yes. 19 Q. Then we can see the purpose of the document by 20 reading at the foot of the page the 21 introduction: 22 "The aim of this document is to give 23 guidance to Security Operations Managers and 24 Team Leaders on the current compliance standards 25 for the preparation of red label case files and 21 1 appendices A, B and C." 2 Yes? 3 A. Correct. 4 Q. Then another document that's sat behind that 5 first coloured Excel document we looked at, can 6 we look at POL00094200. 7 Again, a Post Office document headed up 8 "Security Operations Team", with the subject of 9 "Summarising of Tape Recorded Interviews": 10 "The purpose of the document is to advise 11 Security Managers to changes in the requirements 12 for summarising tape recorded interviews." 13 Yes? 14 A. Correct. I recognise that as appendix 7. 15 Q. So we're looking at a series of documents that 16 sat behind that first Excel document. Can we 17 turn to POL00115672. 18 A. I should just add, when I say I recognise that 19 as appendix 7, I recognise that now, obviously, 20 not at the time. 21 Q. Yes. POL00115672. Again, another document in 22 the suite that sits behind the Excel. If we 23 just scroll down to look at the document as 24 a whole, what do you understand this document to 25 be, or the purpose of this document to be? 22 1 A. So starting on the first page, it's 2 an investigation template that the Security 3 Investigations Team would have used in the 4 course of their work when they were 5 investigating and considering prosecution. 6 Q. So if we go back to the first page, please. 7 Thank you. We can see that it's in the style of 8 a template -- this one is blank -- and it 9 requires data to be entered in when a person is 10 being considered for prosecution, essentially, 11 yes? 12 A. Correct. 13 Q. You see in the top right, underneath the 14 heading, it says, "Identification Code". Do you 15 understand that to be a reference to a series of 16 numerical codes that correlate to an assessment 17 of a person's racial or ethnic identification? 18 A. Correct. 19 Q. So the author of the document, the person 20 filling out this template, had to enter an ID 21 code -- 22 A. Correct. 23 Q. -- for the suspect? 24 A. That's correct. 25 Q. Can we look at another of the series of 23 1 documents, please. POL00115674. This was 2 another of the series of documents that sat 3 behind or was related to the first document that 4 we saw, yes, the Excel document? It's part of 5 the suite and it contains a description of seven 6 identification codes, correct? 7 A. Correct. 8 Q. I should say I'm going to read out some of the 9 identification codes on the document as they are 10 printed. They are racist and offensive but I'm 11 going to read them out. 12 Identification code 1: the document says 13 that you are a "white skinned European type" if 14 you're British, French, German, Swedish, Polish 15 or Russian, yes? 16 A. Correct. 17 Q. You are a "dark skinned European type" if you 18 are Greek, Cypriot, Turkish, Spanish, Italian, 19 Sicilian or Sardinian, yes? 20 A. Correct. 21 Q. You are a "Negroid type" if you are West Indian, 22 Nigerian, African or Caribbean? 23 You are "Indian/Pakistani type" if you're 24 Asian. 25 You're "Chinese/Japanese type" if you're 24 1 Malayan, Japanese, "Philippino" (sic), Burmese, 2 Siamese, or from Mongolia or Mongolian, perhaps. 3 You're "Arabian/Egyptian type" if you are 4 Algerian, Tunisian, Moroccan or North African. 5 Or you're not known, ID code 7. 6 A. That is correct. 7 Q. So there was a correction of eight documents 8 sitting behind the first one that we saw, the 9 guide; the guidance summarising the completion 10 of tape recorded interviews; the ID code 11 template which required you to enter an ID code 12 in; and then this identification code or ID 13 codes document. 14 That can come down, thank you. 15 Can I turn to the question of disclosure of 16 that material to this Inquiry? 17 Can we begin, please, by looking at 18 a request made by the Inquiry to the Post Office 19 for the disclosure of documents dated 20 28 February 2012 (sic), INQ00002007. 21 SIR WYN WILLIAMS: Could you give me the date of 22 that document again, please, Mr Beer? 23 MR BEER: Yes, 28 February 2012 -- sorry, 2022! 24 SIR WYN WILLIAMS: That's what confused me. 25 MR BEER: Yes, 2022. If we just scroll up just so 25 1 we can see who it is from, thank you. It's from 2 the Inquiry, it's addressed to the partner then 3 handling matters at Herbert Smith Freehills, and 4 it's dated 28 February 2022, so it is a letter 5 addressed to your recognised legal 6 representatives from the Inquiry. We can see 7 from the heading what the request is about: 8 "Request for information pursuant to Rule 9 9 of the Inquiry Rules 2006 -- Request number 11 10 -- Matters arising from Board Minutes (excluding 11 Project Sparrow minutes)." 12 You referred earlier to Rule 9(11) and 13 Rule 9(14). Were you using that as shorthand 14 for the way in which the Inquiry styles its 15 requests? They are each sequentially numbered. 16 This was the 11th in the series and there's 17 a summary of what it was about in that heading. 18 A. That is correct. 19 Q. So when you refer to Rule 9(11) that's what this 20 is about. 21 A. Correct. 22 Q. So it's a request made pursuant to Rule 9 of the 23 Inquiry Rules 2006 and, for those not familiar, 24 that's the provision, is this right, by which 25 the Inquiry formally requests the disclosure of 26 1 documents from the Post Office and others? 2 A. That is right. 3 Q. If we scroll through the document, please. 4 You'll see that there's information about other 5 things and then, if we stop there, request 15 6 within Rule 9(11) was a request for disclosure 7 of: 8 "The Minutes of the Audit, Risk and 9 Compliance Subcommittee of the 11 February 2014 10 ... refer to a report which outlined the 11 proposed changes to the prosecutions policy and 12 a paper to explain the most appropriate way to 13 communicate the prosecutions policy." 14 Then this: 15 "Please provide copies of the same and 16 copies of all iterations of the prosecutions 17 policy since 1999 that are in POL's custody or 18 control." 19 So it's that last sentence that's the 20 operative one, is that right, Mr Foat, "copies 21 of all iterations of prosecutions policy since 22 1999 that are in POL's possession or control"? 23 A. Correct. 24 Q. I'm not going to turn it up now, if we go to the 25 last page of the letter, we can see that 27 1 a response was due by 31 March 2022, so it gives 2 a month to reply to the request? 3 A. Correct. 4 Q. The Post Office responded to Rule 9(11) part 15 5 on 14 May 2022 by disclosing some documents to 6 the Inquiry and, amongst those documents that 7 were disclosed, was one document that's relevant 8 to the present issues. Can we look, please, at 9 POL00038452. Thank you. This is a version of 10 the guidance that we just saw. Can you see 11 that? 12 A. Yes. 13 Q. "[POL] 14 "Security Operations Team 15 "Compliance 16 "Guide to the Preparation and Layout of 17 Investigation Red Label Case Files. 18 "Offender reports & Discipline reports." 19 So it's by no means exactly the same as the 20 guide that I showed you earlier but, in very 21 broad terms, fulfils the same purpose as the 22 guide that we just saw, namely to give guidance 23 on the construction of files and the contents of 24 prosecution files. 25 A. Correct. 28 1 Q. So, in response to request 15 in our Rule 9(11), 2 we received this document? 3 A. Correct. 4 Q. Correct? Now, I think you agree, Mr Foat, that 5 the documents which ought to have been disclosed 6 in answer to the request were the suite of 7 documents that we've just been discussing? 8 A. Correct. 9 Q. Therefore, including the other iteration of this 10 guide, but also all of the other documents that 11 I showed you, including the ID codes document 12 containing the racist and offensive identity 13 codes? 14 A. Yes. Correct. The suite of documents should 15 have been provided. 16 Q. That should have been provided to us in the 17 spring of 2022? 18 A. I think the -- certainly, the policy documents 19 absolutely needed to be provided. I read them 20 as being both the request 11 and the request 14 21 as requiring the full suite of documents to be 22 provided. 23 Q. Okay, we'll take that shortly in the interests 24 of time. There was a follow-up request in 25 August 2022. Request 14, so Rule 9(14), and 29 1 you're saying that would have captured all of 2 the documents. I'm not going to quibble with 3 you over which was the trigger, whether it was 4 9(11) or 9(14), but, by the middle of 2022 we 5 should have had the suite of full documents? 6 A. Yes, correct. 7 Q. Sorry, the full suite of documents? 8 A. Correct. 9 Q. Can I look at now why we didn't get them? 10 A. Yes, sure. 11 Q. Can we look at your witness statement, please, 12 page 5, paragraph 16. Thank you, it's page 5., 13 paragraph 16, at the foot of the page. You deal 14 with them compendiously. You say: 15 "Requests No 11 and No 14 sought POL policy 16 and procedure documents relating to POL's 17 conduct of criminal investigations and 18 prosecutions. To identify such arguments, 19 [Peters & Peters] and [Herbert Smith Freehills] 20 ran search terms across a Relativity database 21 which I will refer to as the CCRC database." 22 Just stopping there, "Relativity database", 23 can you explain what a Relatively database is, 24 please? 25 A. It's an eDiscovery, electronic disclosure 30 1 platform. So within the context of this 2 Inquiry, it contains the data repositories of 3 the Post Office, which contains, I understand 4 54 million documents. 5 Q. So it's a commercially available, purchasable, 6 e-disclosure platform? 7 A. Correct. 8 Q. You continue: 9 "Those searches were designed to identify 10 responsive documents in a database that contains 11 millions of documents. The CCRC database is 12 hosted on Relativity by POL's eDiscovery 13 provider, KPMG, together with other databases 14 that hold POL documents. The CCRC database 15 contains materials collated for the purposes of 16 the criminal appeals. Searches were and are run 17 across this database for the purposes of 18 disclosure in accordance with POL's 19 post-conviction disclosure obligations, to 20 conduct document reviews, and to identify and 21 produce documents to the Inquiry." 22 If we move down to paragraph 17, you say 23 a document, which you've called Appendix 3, 24 that's the guide, yes? 25 A. Yes. 31 1 Q. I'm going to call it the guide: 2 "[The guide] was responsive to the search 3 terms run by [Herbert Smith Freehills] across 4 the CCRC database for the purpose of Request 5 No 11. The other appendices were not produced 6 for the following reasons: 7 "Copies of appendices 1, 2, 4, and 5 [they 8 are other of the suite of eight documents that 9 sat behind the Excel] belonged to the same 10 'family of documents' as [the guide]." 11 Yes. 12 A. Correct. 13 Q. "... (ie [those documents] were all contained in 14 a zip [file] that was attached to an email dated 15 7 March 2013 that was sent by a POL Security 16 Team manager)." 17 A. Correct. 18 Q. "Although they belonged to the same 'family of 19 documents', Appendices 1, 2, 4 and 5 were not 20 produced at the same time as [the guide] because 21 they were not responsive to the search terms so 22 they were not reviewed for the purpose of 23 responding to Request No 11." 24 Yes? 25 A. That's correct. 32 1 Q. To summarise what you're saying is that, for the 2 purposes of responding to request 11, search 3 terms were used, ie words -- 4 A. Yes. 5 Q. -- were used. They only picked up the guide 6 document. They didn't pick up any of the other 7 documents? 8 A. Correct. 9 Q. And that, although the guide document was within 10 a family of other documents, those other 11 documents were not disclosed? 12 A. Correct. 13 Q. Then if we go down to (b), you say: 14 "Appendices 6, 7 and 8" -- 15 Appendix 6 is the ID codes document that 16 contains the racist and offensive language? 17 A. Correct. 18 Q. "... were not responsive to search terms and 19 were not within the 'family of documents' and it 20 was not apparent at the time that they belonged 21 to the suite of documents." 22 A. Correct. 23 Q. Can I ask you some questions from what you're 24 saying here. So an email has been sent on 25 7 March 2013 that contained Appendices 1-5 as 33 1 a zip file, yes? 2 A. Mm-hm. 3 Q. The guide document was Appendix 3, and that 4 caused a hit to a search term, yes? 5 A. Correct. 6 Q. Only Appendix 3, the guide, was disclosed to us, 7 but not the other four documents in the family? 8 A. That's correct. 9 Q. What guidance was given to your document 10 reviewers about what they should do with 11 documents that are within a family of documents, 12 ie documents which are linked to one another, 13 when only one of them is responsive to a search 14 term? 15 A. So there is guidance that's given to the 16 reviewers. There is both a first tier and 17 a second tier review. Reviewers are encouraged, 18 if they do have any queries, to raise them. My 19 understanding is that -- to the approach to 20 family of documents is that they would look at 21 the relevant context, the relevant request, and 22 determine whether or not the family of documents 23 should be looked at. 24 In this particular case, they didn't look at 25 what I call Appendix 1, 2, 4 and 5, and 34 1 I understand why, from what they have told me, 2 the reason for that is because it wasn't 3 responsive, so they didn't look into the family 4 of documents. 5 Q. So because -- 6 A. Just factually speaking. 7 Q. Yes. So because there wasn't also a hit in the 8 other four appendices, we're not going to look 9 to see what those appendices contain to see 10 whether they touch upon or are relevant to the 11 document that does contain the hit -- 12 A. That is correct. 13 Q. -- even though they're within a family together? 14 A. Yes. That is correct. 15 Q. Was that guidance -- was that the guidance that 16 was given, that you -- because there are no hits 17 in another part of the family, you don't look at 18 the other part of the family? 19 A. I would need to take that question away. I am 20 not aware. I do know that there are cases 21 where, even though there aren't those hits, the 22 family documents would be checked, but it would 23 depend on the relevant request, it would depend 24 on the suite of documents that was contained, so 25 I imagine a zip file. But I'm not instructed 35 1 with that particular detail. 2 Q. Have any changes been made to any guidance that 3 did exist on how to treat families of documents 4 since this episode has unfolded? 5 A. Since this has occurred, yes. So most recently, 6 HSF have gone through -- obviously to date there 7 has been roughly disclosure of 117,000 8 documents. HSF have identified that there are 9 approximately 30,000 documents that would be 10 family documents of the 117,000. They've 11 then -- obviously that's just responsive, that's 12 not necessarily relevant. 13 They've then gone on to identify that there 14 would be approximately 1,500 documents that are 15 relevant, of which I understand less than 700 16 would be relevant to Phase 4. 17 Q. The phase that we start in about an hour's time? 18 A. Correct. 19 Q. Have you investigated the content of the 20 instructions that were given to document 21 reviewers that enabled them to discard other 22 documents within a family, on the basis that the 23 other documents didn't themselves respond to 24 a search term? 25 A. That is an ongoing question for remediation. 36 1 Q. Would you agree that the approach of only 2 disclosing documents within a family if they are 3 themselves responsive to a search term is 4 a rather mechanistic approach to a disclosure 5 exercise? 6 A. I do agree. It's obviously a very difficult 7 exercise to be managing a repository of 8 54 million documents. Of course, the reviewers 9 don't know of the relevant documents. So they 10 are -- there's a number of processes that go on. 11 So search terms is one way. But there are other 12 avenues that are also done to try to identify 13 the documents. But I accept your premise. 14 Q. It's rather mechanistic because it focuses on -- 15 the use of search terms will turn over or 16 potentially turn over the documents and only the 17 documents that are responsive to our search 18 terms and not apply a human mind to the 19 documents that accompany or are related to that 20 document? 21 A. Understood. 22 Q. So if there was, for example, an email attaching 23 two documents, two Word documents, asking for 24 views from two people and they set out opposing 25 views on an issue, if one of the attachments was 37 1 worded in a way that was responsive to your 2 search terms, and the other one wasn't, on this 3 approach, the reviewer would only look in the 4 document that was responsive to the search term, 5 and wouldn't look in the other document? 6 A. Factually, that's what happened in this 7 particular situation. I think the broader issue 8 is around the de-duplication -- 9 Q. I'm going to come to that in a moment. I'm just 10 looking at what the reviewers did, if they're 11 confronted with an email, it's got two things 12 attached to it, they get a hit for one document 13 because a word has been used -- 14 A. Correct. 15 Q. -- they are not instructed. That's part of 16 an email chain. There are two documents 17 attached to the email. Have a look yourself in 18 the other document and see whether it responds 19 to the request? 20 A. I think they are and, in certain cases, they 21 have done that. I would like an opportunity to 22 perhaps bring back that guidance and -- 23 Q. This is your opportunity, Mr Foat. We have 24 asked you to set out in writing, in your 19-page 25 witness statement, what occurred on this 38 1 occasion and why it occurred? 2 A. Yes. 3 Q. Is it your understanding, on this occasion, that 4 the reviewer did not look in any of the other of 5 the suite of documents in the zip file to see 6 whether they are responsive to the request that 7 was made? 8 A. That is so. 9 Q. They didn't apply a human mind to it? 10 A. I can't comment as to what was in their mind but 11 what you have said is factually accurate. 12 Q. But is it an outlier, is what I'm driving at? 13 Is it somebody made a mistake or is it because 14 of the instructions they were given were faulty? 15 "If you've got an email that's got two 16 attachments, ten attachments, have a look, 17 reviewer, to see whether the entire suite of 18 documents should be disclosed". Was that 19 instruction given? 20 A. I don't think the instruction was given, and my 21 rationale for saying that is there were cases 22 there they did check. But I take your point and 23 accept that the approach taken in this 24 particular case was that, had the family 25 documents been checked, then it would have 39 1 identified documents Appendix 1, 2, 4 and 5, but 2 it wouldn't have identified appendix 6, 7 and 8. 3 Q. When would appendix 6, 7 and 8 have been 4 identified? 5 A. Those documents would have only been identified 6 in the -- by the de-duplication process. 7 Q. Can you explain what the de-duplication process 8 is please? 9 A. Sure. When providing documents to the Inquiry, 10 obviously in a massive repository in 11 an organisation, there may be duplicates of 12 documents. So rather than actually provide 13 literally the same document, there is a process 14 called de-duplication. Now, in this particular 15 case, where the error occurred, is that instead 16 of -- 17 Q. Sorry, can I interrupt: the second error. 18 A. Yes, correct. Where the error occurred, or 19 second error, was that when you de-duplicate, 20 you should de-duplicate if they're identical. 21 In this case there were other attachments that 22 were de-duplicated. So if I could perhaps 23 explain that more clearly. 24 So when you have -- and we talk about 25 families of documents. So when you have what's 40 1 called a primary or parent document, so a cover 2 email, and it contains a series of attachments, 3 so you might send photographs of plants, which 4 are the attachments. What happens in what's 5 called the top-line de-duplication process, if 6 you have an attachment, an email that -- sorry, 7 you have an email, which is your parent document 8 and then you have, let's say, three attachments 9 which have three different plants -- insert 10 whatever sort of plant you want -- what should 11 normally happen is that, where you have 12 literally the exact same replica of that, so 13 there is another version that is identical, that 14 has exactly the same cover email with the same 15 attachments of those three plants, that would 16 then be de-duplicated and that's called the 17 top-line methodology. 18 That didn't happen here. What happened in 19 this particular case is that, where there were 20 versions -- so instead of having an exact 21 replica of the cover email with the three 22 different attachments, where there were versions 23 where there was the cover email but, let's say, 24 four plants that were attached to the email, the 25 item line methodology that was used meant that 41 1 it would consider them as the same when they 2 were not. And they would therefore de-duplicate 3 and, therefore, that is why the Inquiry did not 4 get to see and, indeed, the reviewers didn't get 5 to see Appendix 6, 7 and 8. 6 Q. You describe that in paragraph 18 of your 7 witness statement on page 7, at the top of the 8 page you say, "Copies of Appendix 3" that's the 9 guide, yes: 10 "Copies of Appendix 3 exist in duplicate, 11 and near duplicate form in the CCRC database ... 12 some of those duplicate versions of Appendix 3 13 have family documents ... The duplicate versions 14 of Appendix 3 were tagged as 'duplicate' by 15 POL's eDiscovery provider, KPMG, and so they 16 were considered unnecessary to review." 17 That's a shortened way of explaining what 18 you just said, yes? 19 A. Yes, apologies. 20 Q. What you're just saying here is, as I've put to 21 you, there's a double error. There's the one 22 we've spoken about already, but what you're 23 describing that the Post Office did, and its 24 document providers did, is, I find a document 25 that's responsive to a search term, it's part of 42 1 a family, I'm not going to look at the family. 2 That document itself is also a part of other 3 families but, because I've already decided to 4 disclose that single document, the guide, I'm 5 not going to look at other families in which 6 that document appears. 7 A. Yes, that's the first point, in respect of the 8 approach to family documents. 9 Q. Yes. 10 A. Yes. 11 Q. But you're not going to look at the appearance 12 of that document elsewhere in the document 13 universe because it is assessed to be 14 a duplicate? 15 A. Correct. 16 Q. So I missed the opportunity to see in what 17 context the document appears in all of those 18 other places in the document universe? 19 A. Yes, had the de-duplicate process been the 20 accurate process, it would have led to the 21 identification of all of the documents. 22 Q. So you're missing the opportunity to see whether 23 that document appears in another family, and 24 where in the family it appears, and whether 25 other documents in those other families also 43 1 need to be disclosed? 2 A. Yes, working it backwards. Correct. 3 Q. The guide to which Appendix 3 -- so the guide, 4 which is Appendix 3, was itself undated, wasn't 5 it. There's no date on it. 6 A. Yes, I believe so. 7 Q. Yes, it's undated. Wouldn't it be important, 8 therefore, to disclose the email of 20 March 9 2013 to show that that document and the other 10 four documents which were part of the family 11 were in circulation at that point, March 2013? 12 A. Yes, but they weren't responsive. But I agree, 13 they ought to have been but, factually, they 14 weren't responsive. 15 Q. Because all we get is a free-floating appendix 16 that could be a year old, it could be 50 years 17 old. We don't know the date of it. So having 18 the email that says "This was sent between A and 19 B on 7 March 2013", shows that it was at least 20 in circulation then? 21 A. Of course -- 22 Q. It helps to try to date the document, doesn't 23 it? 24 A. Indeed, and for which I can only apologise. To 25 be fair to the reviewer, of course, if the 44 1 documents weren't responsive, they themselves 2 wouldn't have known. 3 Q. But this document was responsive, wasn't it, the 4 guide -- 5 A. Oh, sorry, the guide was -- 6 Q. But the email to which it was attached wasn't 7 itself disclosed? 8 A. Correct. 9 Q. All we got was an undated document? 10 A. Correct. 11 Q. Can we look at a similar problem, please, and 12 turn to paragraph 44 of your witness statement, 13 which is on page 15. You say: 14 "An examination of emails obtained from the 15 historic Security Team's archive has been 16 carried out." 17 Just to date this exercise, this is part of 18 the post-revelation of the problem clear-up 19 exercise; is that right? What you're referring 20 to happening in paragraph 44? 21 A. Apologies. If I could just have a moment to 22 read the context? 23 Q. Yes. If you go back to the heading, to 24 paragraph 36. It says: 25 "Investigative steps and preliminary 45 1 findings". 2 You tell us, from paragraph 36 onwards, 3 things that have now been done in the light of 4 the revelation of the problem, the 5 non-disclosure problem. 6 A. Correct, the point why I reflect is that, whilst 7 there have been examinations, there have been 8 a number of steps that have been taken, 9 obviously before now, in order to secure 10 documents and to speak to people. So that's 11 just the point that I was attempting to clarify. 12 Q. Yes. 13 A. But, yes, obviously since 30 May there has been 14 an examination of all of this to remediate the 15 issues as quickly as possible. 16 Q. So in paragraph 44, you're referring to what's 17 been done now, now that the non-disclosure 18 problem has been pointed out, yes? 19 A. Yes, other than to say, of course, that the 20 relevant documents were collated and put on to 21 Relativity and it was done initially through 22 the -- in 2020 in the post-conviction 23 disclosure -- 24 Q. Yes, so the documents you're referring to in 25 paragraphs 44(a) to (e) were, in fact, on 46 1 Relativity at the time that the searches in 2 March and then August 2022 were carried out? 3 A. Correct. 4 Q. What I want to understand is why they weren't 5 turned up in March and August 2022. So in 6 paragraph 44, you set out a series of emails, 7 which you say are from the historic Security 8 Team's archive. There are five of them, but (a) 9 and (b) are essentially the same chain. So 10 there are four email chains. 11 I just want to go through them, please. Can 12 we start, please, with POL00118096. Thank you. 13 If we can scroll down, please. I'm sorry, 14 just to the bottom of the first page. Thank 15 you. 16 You can see it's an email dated 23 May 2011, 17 from Dave Posnett, who was an accredited 18 financial investigator in the Security 19 Operations Team, to a wide group of people, 20 correct? 21 A. Correct. 22 Q. He says, under the subject, "Casework 23 Compliance": 24 "Most of you are aware that case files 25 submitted for legal advice will become subject 47 1 to compliance checks. This process is due to 2 commence in June and is designed to raise 3 standards of files submitted (including their 4 contents -- reports, taped summaries, appendix 5 enclosures, recoveries, stakeholders, etc) and 6 ensure there is a consistent approach across the 7 team. It is also probably an opportune time 8 given that we have recently recruited new people 9 to the team. 10 "I've associated relevant documents that 11 feed into the compliance process. Please 12 familiarise yourself with these documents." 13 Then there will be some meetings and the 14 dates are set out. If we just scroll up we can 15 see a forwarded email of August 2011 attaching 16 the compliance zip that Mr Posnett referred to, 17 yes? 18 A. Correct. 19 Q. So you've got an email of May 2011 from Dave 20 Posnett of the Security Team to a wide range of 21 people in the Security Team attaching a zip file 22 about case compliance. Now, that zip file 23 contained a series of documents. Can we look, 24 please, at POL00118101. We can see it's the 25 guide, yes? 48 1 A. Yes. 2 Q. So the guide would have been responsive to the 3 search terms in the same way as Appendix 3 was 4 and produced a hit, yes? 5 A. The guide, which is Appendix 3, was responsive. 6 Q. Yes. So if a search had been undertaken using 7 those search terms, this guide, being 8 an attachment to this email, as part of a zip 9 file, would also be responsive? 10 A. I don't think the email would have been 11 responsive, but the guide, Appendix 3, yes. 12 Q. What is displayed to the reviewer when they get 13 a hit? 14 A. They have a list, there's a whole list of 15 documents that they have. So they would have to 16 click in to it to actually see the relevant 17 document. 18 Q. What is displayed to the reviewer to show them 19 that it is part of a family of documents? 20 A. There is -- my understanding is that there is 21 an icon that they would have to click into to 22 link it into the family document. 23 Q. So just -- 24 A. But I don't think -- and I'm happy to check 25 this, but I don't think that email would have 49 1 been responsive because, looking at the email, 2 it doesn't contain any of the search terms. 3 Q. No, but if the guide contained a responsive 4 search term, the reviewer can click the icon to 5 see which email this was an attachment to? 6 A. Correct. 7 Q. So what are they told, the reviewers? Are they 8 told to do that, to check the email? Because, 9 if they'd done that on this occasion, we would 10 have seen that this guide, also undated, was in 11 circulation in May 2011, wouldn't we, and we 12 would that have seen who was circulating it? 13 A. Yes. The reviewer does a linear review. 14 Q. What does that mean? 15 A. Well, in the sense -- it's sequentially. So 16 they don't necessarily know all these documents 17 exist. It's just the documents that come up 18 that are responsive, and then they will go 19 through them and my understanding is that, where 20 it is responsive, they would check the family 21 documents. 22 Q. So what has happened here, then? Because we've 23 got an email from Mr Posnett to a whole bunch of 24 people in the Security Team saying "You need to 25 comply with this compliance document". That's 50 1 important, isn't it, because the email shows who 2 was distributing it, the email shows to whom it 3 was distributed. The content of the email shows 4 an instruction. "You must comply with this, and 5 you're going to be audited for your compliance". 6 They're all relevant things that we get from the 7 email that we don't get from the guide? 8 A. Of course, and I recognise that. I think 9 factually what happened here is that, because 10 the cover email, if you like, wasn't responsive, 11 it was sitting -- I imagine it would have been 12 sitting in the family documents but it was not 13 checked. That is plainly wrong and so 14 I acknowledge that point but, just factually, 15 that's why I don't think that email was picked 16 up at that point. 17 Q. Can we look, please, at POL00118104. This was 18 also an attachment to Mr Posnett's email, the 19 racist and offensive ID codes document, and so 20 this was part of the family too, agreed? 21 A. Agreed. 22 Q. So if we got the email, we would know that it 23 was Mr Posnett, on 23 May 2011, distributing to 24 a wide variety of people within the security and 25 operations team saying, "You've got to comply 51 1 with these racist and offensive ID codes and 2 you'll be marked down if you don't". That's 3 relevant information for us, isn't it? 4 A. Correct, and had the approach to search terms, 5 family documents and de-duplication been right, 6 it would have been identified. 7 Q. Because one of the things that POL has said in 8 response to this part of the scandal within 9 a scandal within a scandal, is these are 10 outdated documents, they're from the past. But 11 as we pick away at this, we might find that, by 12 looking at the emails, that, in fact, they were 13 in circulation until quite recently, might we, 14 if we get the emails? 15 A. Well, there is -- my understanding is that they 16 are historic in nature. My belief about that, 17 and that they with us necessarily be so because 18 the Post Office stopped prosecuting and has not 19 prosecuted, and that policy came in 2019. 20 I recognise the racist and unacceptable language 21 that's contained within that document and for 22 which I can only apologise to see that. That is 23 certainly not consistent with my values and nor 24 the current Post Office. I accept that is 25 a document that clearly was in existence at that 52 1 time. 2 Q. It wasn't just in existence, was it? It was 3 being circulated and saying, "You must comply 4 with its terms and if you don't, you'll be 5 picked up for non-compliance"? 6 A. In 2011 -- 7 Q. Yes. 8 A. -- that appears to be the case. 9 Q. Okay, let's go on, please. Can we look, please, 10 at POL00118110. Can we start by looking at the 11 second page, please. Just scroll down, please. 12 It's from Mr Posnett again, dated 27 April 2012. 13 Do you see that? 14 A. 27 April, correct. 15 Q. An email to a wide variety of people in security 16 operations team, again. Subject is "Case 17 Compliance". He says: 18 "All, 19 "The compliance checks on submitted offender 20 interview case files will continue in 2012/2013. 21 Associated are all the supporting documents 22 needed, which have been amended where 23 appropriate." 24 Can you see that? 25 A. Correct. 53 1 Q. Then if we go to page 1, we can see somebody 2 called Andrew Wise, who was in Security 3 Operations North, forwarding that email in 4 October, the end of October 2012, forwarding the 5 last attachment, the Compliance zip file, to 6 a group of people who I think were in Security 7 Operations in the north of England: 8 "Hi All, 9 "I am assuming that most of you (if not all) 10 have seen the case compliance info before. Now 11 that everyone is up and running and progressing 12 cases I thought it would be a good time to 13 refresh on the compliance checks." 14 So he's forwarding a zip file too. So it's 15 forwarded again the year after we've just looked 16 at it by Mr Posnett and then in October 2012, by 17 somebody else within Security and Operations. 18 Can we just look at a couple of the 19 attachments within this zip file. POL00118124. 20 It's the guide again, yes? So the email that's 21 being sent around as a compliance requirement in 22 April and October 2012 amongst the zip file 23 includes the guide. 24 Then POL00118128. Another part of this zip 25 file being sent around within POL in April and 54 1 October 2012 is the racist and offensive ID 2 codes document. 3 So would you agree that the email that 4 I showed you of April and October 2012 was 5 relevant information for the Inquiry to receive? 6 A. Agree. 7 Q. Because it shows that, again, the compliance 8 guide and this document were being circulated 9 with instructions to security teams that they 10 will be audited against their compliance with 11 their terms? 12 A. Yes, certainly I understand, under request 14, 13 which included guidance, that it ought to have 14 been disclosed. 15 Q. So looking at the April 2011 and now the April 16 and October 2012 emails, all three of which had 17 the guide and the racist and offensive ID codes 18 document attached, can you explain if it was the 19 pool of documents over which the search was run 20 that caused them not to be included, or the 21 de-duplication exercise that you referred to 22 that caused them not to be included in material 23 sent to the Inquiry? 24 A. My understanding is it's the de-duplication 25 exercise. I say that because, in addition to 55 1 the various setting up of the data repositories 2 and the PCDE work review and the review that was 3 done by HSF and Peters & Peters with their 4 search terms, they had also interviewed Andrew 5 Wise and had also taken all of the relevant 6 materials from his laptop. And so my 7 understanding is that they would have been -- 8 they are on Relativity but, because of the 9 search terms, families and, specifically in 10 this, the de-duplication, they -- it wouldn't 11 have been picked up to the reviewer. 12 Q. I just want to press you on that. In 13 paragraph 16 of your witness statement -- no 14 need to turn it up -- you say that the pool 15 within Relativity of material that was looked at 16 for the purposes of these two requests was the 17 CCRC? 18 A. Mm-hm. 19 Q. This material appears not to be within that 20 pool. So was that the problem, looking at too 21 small a universe, or was it the de-duplication 22 exercise that meant that this material was 23 included and, therefore, even though there may 24 have been a hit against it, was not disclosed to 25 us? 56 1 A. My understanding is that it would be the 2 de-duplication exercise. 3 Q. On what basis do you reach that understanding? 4 A. Sure. Because the -- I agree, it wouldn't 5 necessarily be picked up in the CCRC or the PCDE 6 exercise, but that isn't the only database that 7 sits within Relativity. So Relativity, as 8 I said, has over 54 million documents. The CCRC 9 database has over 5 million documents. There 10 are over 160 different data repositories within 11 Relativity, as well as all of the mail boxes. 12 And so, whilst I accept that these emails may 13 not have been picked up in the CCRC database, my 14 understanding -- but I'm happy to be corrected 15 on the point -- is that it wouldn't have been 16 identified because of the de-duplication error. 17 But I'm happy to take that away and report back 18 to the Inquiry. 19 Q. If we just look, then at paragraph 16 of your 20 witness statement, which is on page 5, you say 21 in the second line: 22 "To identify such documents, 23 [Peters & Peters] and HSF ran search terms 24 across a Relativity database which I will refer 25 to as the CCRC database ... The CCRC table is 57 1 hosted on Relativity by POL's eDiscovery and 2 provider KPMG ... The CCRC database contains 3 materials collated for the purposes of the 4 criminal appeals. Searches were and are run 5 across this database", et cetera. 6 It only refers to the CCRC table there, 7 rather than other parts of the document universe 8 within Relativity. So I'm trying to establish 9 whether that's the problem or the de-duplication 10 exercise, which you have attributed the blame 11 to. 12 A. Yeah. As I said, I'm happy to come back to it, 13 having taken instructions. But my understanding 14 with these requests is that the documents that 15 weren't disclosed ultimately, in all cases, had 16 the de-duplication been correct, then those 17 appendices would have been disclosed but I'm 18 happy to come back and report back to the 19 Inquiry with specifics. 20 Q. Can we look at a third email, please. 21 POL00118129. Much narrower distribution between 22 Andrew Wise and Helen Dickinson, Mr Wise being 23 a security manager in Chesterfield. Here is all 24 the Dave Posnett stuff -- sorry, that "Dave 25 Posnett sent through to me", "the stuff Dave 58 1 Posnett sent through to me". Can you see that? 2 A. Yes. Thank you. 3 Q. Attached to that email, so we're here now in 4 July 2016, I'm not going to turn them up in the 5 interests of time. Take it from me that the 6 attachments to that included the guide and the 7 racially offensive ID codes document. So this 8 email, if this had been disclosed to us, would 9 have shown that in 2016 the guide and the 10 racially offensive ID codes document were still 11 in circulation amongst, at least, these two 12 people. 13 A. Correct. 14 Q. So can you help again as to why the 15 de-duplication exercise had the effect of 16 excluding the emails from disclosure to us? 17 A. Because where you have -- the Relativity system 18 gives a preference to various versions of the 19 documents and the preference that it would take 20 normally is at the time. So that's the first 21 point. The second point is that, on this 22 particular case with the email, because the 23 email itself wasn't responsive, it wouldn't have 24 been picked up. So the search terms -- 25 Q. The search term would have hit the guide -- 59 1 A. Absolutely, yes. 2 Q. -- and the reviewer could see an icon -- 3 A. Yes. 4 Q. -- that linked that to this email? 5 A. Yes, and it's the same family issues document 6 that we have discussed. 7 Q. So I'm going to press you again -- 8 A. Yes. 9 Q. -- why is it that a reviewer would not go back 10 and look at the family of which the document for 11 which they had a hit was a part? 12 A. Because in this particular case, they weren't 13 responsive. 14 Q. That's not really an answer though, is it? 15 Because if they're responsive, they are going to 16 consider them for disclosure anyway. We're 17 looking at a different issue, namely you have 18 a document which is part of a family -- 19 A. Mm-hm. 20 Q. -- why do you not look at the rest of the 21 family, because it provides context, colour, 22 assistance, to this Inquiry, doesn't it? 23 A. Sure, and I accept that. Just factually 24 speaking, my understanding is that although the 25 guide -- so Appendix 3 -- was identified, this 60 1 particular email wasn't. Now, there are 2 a number of reasons why that didn't. So, given 3 that, on the face of this document, it doesn't 4 appear to contain any of the search terms, it 5 would seem to me that it therefore wasn't 6 responsive, because of the approach that was 7 taken with family documents, meant that such 8 documents therefore wouldn't have been disclosed 9 and if there was multiple copies of this, it may 10 not have been disclosed on that basis. 11 So I accept your premise that it should have 12 been disclosed but, factually, that's the 13 explanation that I have for why it has not been 14 disclosed, from those that were managing and 15 overseeing this process. 16 Q. Isn't it blindingly obvious, though, that where 17 you turn up a document that's undated, you would 18 see which documents were associated with it, in 19 order to try to date it and see who was passing 20 it around within the organisation? 21 A. They may not have seen this cover email. I take 22 your point -- 23 Q. Because they didn't look. 24 A. Quite. 25 Q. So what's been done to improve that situation? 61 1 I appreciate that we're now going to get 1,500 2 documents for the hearing that starts in 3 26 minutes. 4 A. Correct. So -- and, look, I appreciate there 5 have been a number of areas which haven't been 6 done to the standard that we would expect but we 7 are quickly remediating them. In respect of the 8 search term issues, new modified search terms 9 have been designed and are being run. In 10 respect of the family documents, as I explained 11 before, we have already remediated that process. 12 We understand that there are 1,500 documents, of 13 which less than 700 will be relevant to Phase 4. 14 I take your point that Phase 4 starts today. 15 Q. We've already had Phases 2 and 3. 16 A. Understood, and so the approach that we would 17 take is to ensure that we prioritise the 18 documents that are relevant to Phase 4, so that 19 we can make sure that they are given to the 20 Inquiry prior to the witness giving evidence. 21 And of course, we will work with the Inquiry to 22 make sure that they are prioritised in that 23 order. 24 Q. I mean, that's very kind but it leads to the 25 situation where, last night, Mr Blake received 62 1 from POL three documents at 10.30 in the 2 evening, I think, relevant to Mr Ferlinc, who is 3 giving evidence in a minute. That's what this 4 situation has caused. 5 A. I appreciate that and, on behalf of Post Office 6 and myself, I absolutely apologise. We are on 7 it, though. We are remediating it. We're 8 wanting to make sure that we are transparent. 9 I think one of the things that we have done 10 throughout this process is that, when these 11 issues have been identified, I've always ensured 12 that we be completely transparent with the 13 Inquiry, that we disclose the issues, we 14 disclose our approaches to ensure that there is 15 that transparency and that we quickly remediate 16 the situation, as quickly as possible. 17 I think it's fair to say these issues need 18 to be seen within the greater context of this 19 extremely complex and large-scale disclosure 20 exercise. 21 Q. Lastly, please, can we look at POL00118137. If 22 we go to the second page, please. We can see 23 that this is an email exchange of 21 May 2019. 24 If we just scroll down so we can see who Dimitri 25 Wren was: an associate paralegal with Womble 63 1 Bond Dickinson. If we scroll up, please, 2 Dimitri Wren says: 3 "I am assisting Mandy with disclosure 4 queries and in this case, SharePoint document 5 instruction. Our data analyst has advised that 6 the following SharePoint documents are password 7 protected and they require a password to access 8 them ..." 9 Then over to the first page, please, and 10 scroll down, please. Mr Wise, a security 11 manager: 12 "Some of the documents we provided to Bond 13 Dickinson are password Protected ... I have 14 tried the usual 2 security passwords we use 15 however these do not work as the documents are 16 from before they can [sic] into use. 17 "Would you have the passwords for these 18 documents, they are the ones you collated on to 19 SharePoint." 20 So this is May 2019. It looks like, for 21 a disclosure exercise, the documents are being 22 accessed. 23 Scroll up, please. 24 You'll see that there is a zip file as 25 an attachment, yes? I'm not going to go through 64 1 them again. The guide is one of the documents 2 within the zip file, as is the racially 3 offensive ID codes. So it looks like they were 4 being considered, is this right, for disclosure? 5 Would this be in the Group Litigation Order, 6 May '19? 7 A. My understanding from Womble Bond Dickinson, as 8 part of the ongoing investigation that we're 9 undertaking, is that this email was associated 10 with the further issues trial. So the further 11 issues trial was a third trial that had been set 12 down, which did not ultimately eventuate. 13 Q. So is the answer the same: that the guide and 14 the other suite of documents, including the 15 racially offensive ID codes document, wasn't 16 disclosed to us, even though the guide would 17 have produced a hit, being an attachment to this 18 email, because of the de-duplication exercise? 19 A. Correct. 20 Q. Okay, that can come down. 21 It's right, isn't it, that Eleanor Shaikh 22 made a request on 10 April 2023 for documents 23 which detailed the quality and compliance 24 assurance processes for investigations which 25 were implemented by Post Office Security Team in 65 1 2008 and to 2011, under the Freedom of 2 Information request? 3 A. That is correct. 4 Q. The Post Office and that FOI request on 19 May 5 2023, so about a month later, by disclosing all 6 documents within the suite of eight? 7 A. Correct. 8 Q. The ID codes document that we have seen does not 9 detail the quality and compliance assurance 10 processes itself, does it? 11 A. No. 12 Q. It just contains some ID codes? 13 A. Correct. 14 Q. So why was it disclosed to Ms Shaikh as part of 15 a family of documents that detailed a quality 16 and compliance assurance process but not to the 17 Inquiry? 18 A. Um -- 19 Q. Why was it picked up? This a family of 20 documents, which is all about compliance and 21 assurance. We need to disclose all of them, 22 even though this individual one is not on its 23 face. 24 A. The answer is because the FOIR team wrote to the 25 Security Team member, Andrew Wise, so you may 66 1 recall his name from a number of the documents 2 that you've just shown me. Andrew Wise, 3 immediately in being informed as to the scope of 4 the relevant FOIR, namely the quality assurance 5 and the audit, knew exactly and could pinpoint 6 immediately that those were the documents that 7 would be responsive to that particular request. 8 Q. So even though we'd asked for prosecution 9 policies and prosecution guides, that same 10 exercise wasn't gone through? 11 A. Quite. But there is a different process that 12 necessarily went through, in terms of the 13 Inquiry. So in terms of the FOI request, it was 14 able to be sent to someone who immediately 15 already knew of the existence of the document, 16 and could identify it and produce it. Obviously 17 in -- 18 Q. Can we have some of that treatment too, please? 19 A. Of course and you do. But in order to provide 20 a large-scale disclosure exercise, where there 21 is the 54 million documents, in this particular 22 case, obviously, the reviewers, unlike Andrew 23 Wise, didn't -- they don't know of the 24 document's existence until they do the search 25 terms, until they do that review. 67 1 So I take your point. I'm merely just 2 trying to explain why the FOIR situation -- why 3 the documents were disclosed under FOIR, and why 4 that was an easier process than the process that 5 we undertake in terms of disclosure to the 6 Inquiry. I absolutely accept they should have 7 been disclosed to the Inquiry. 8 Q. I have shown you four occasions that emails 9 circulated the guide and the racially offensive 10 ID codes document, amongst quite a wide group of 11 people. Can we look at paragraph 40 of your 12 witness statement, please, which is at the foot 13 of page 13. You say in your statement: 14 "Email searches have so far identified 23 15 occasions on which Appendix 6 [that's the 16 racially offensive ID codes document] was sent 17 as an attachment within the Security Team 18 between 2012 and May 2019." 19 So in addition to the four that I've pointed 20 out, there are another 19 circulations; is that 21 right? 22 A. Correct. 23 Q. That goes right up to May 2019? 24 A. Correct. 25 Q. Has the number increased, since you made this 68 1 witness statement, from 23? 2 A. Not that I am aware of. There are a number of 3 steps that we're taking to verify that number 4 but I don't have any updated figure on that. 5 Q. What assurance or guarantee can you give to the 6 Inquiry, to the other Core Participants and to 7 the public, that what has occurred in this 8 instance, a serious failure in POL's disclosure, 9 will not happen again? 10 A. Well, firstly, I recognise that, clearly, as 11 we'd discussed today, that there are a number of 12 areas where we have fallen short and I genuinely 13 apologise for that, I think we have taken 14 immediate steps to remediate the issue. We are 15 on it. We have already modified the search 16 terms. We have already gone through the family 17 documents approach. We are working through the 18 duplication -- de-duplication approach, which we 19 know is not across all Rule 9s, for instance. 20 But we are genuinely working through the 21 issues to remediate them as quickly as possible 22 to be completely transparent with the Inquiry 23 with where we are and, as I mentioned before, we 24 do want to support the Inquiry to be able to 25 continue its work and therefore prioritise the 69 1 remediation in terms of the witnesses in 2 Phase 4. 3 SIR WYN WILLIAMS: What's the timescale for you 4 completing that work, realistically, Mr Foat? 5 A. Sir, I don't have any precise instructions on 6 that point but save to say that certainly the 7 search terms and the family documents will be 8 shortly done, I understand, in a matter of 9 a fortnight or so. The de-duplication issue, 10 I am just not instructed at this time to give 11 a time frame. 12 SIR WYN WILLIAMS: Because I am concerned that we 13 are rapidly approaching a period when, quite 14 justifiably, many people will be taking their 15 holidays and the like and, therefore, there is 16 the possibility of the remediation steps which 17 you wish to take being prolonged and, so far as 18 can be avoided, I want to avoid that. 19 So I would like you, not now in the witness 20 box, but shortly after you've ceased giving your 21 evidence, to discuss so that as fully as may be 22 and to write to me giving me a pretty precise 23 timetable of what we're looking at. 24 A. I absolutely will do that, sir, and, in 25 particular, if it would help the Inquiry, to 70 1 provide a direct report also from the people who 2 are directly undertaking the remediation to give 3 that clarity, not just in terms of the scope of 4 the remediation steps but also the dates in 5 which we expect that to be completed. 6 SIR WYN WILLIAMS: All right. I'm not saying that 7 my request to you is the only request I'll make. 8 I want to reflect upon the evidence you've given 9 and discuss it with my team, who I may yet issue 10 directions in writing, putting it neutrally, to 11 assist you, to comply, putting it more 12 aggressively, to make you comply with a pretty 13 tight timetable. 14 A. Thank you, sir. 15 MR BEER: Sir, thank you very much. They're the 16 only questions I ask Mr Foat. 17 SIR WYN WILLIAMS: Thank you, Mr Beer. 18 MR BEER: Sir, apologies to the shorthand writer. 19 We've gone straight through deliberately. Might 20 we take a 15-minute break now until 12.05. 21 SIR WYN WILLIAMS: Of course. If it helps, I am 22 prepared to sit a little later this evening so 23 that we don't rush to start now, so that the 24 shorthand writer can have more of a break. 25 I'll leave that in Mr Blake's hands to 71 1 discuss whether with everyone involved whether 2 we need to start at 12.15 and sit a little later 3 or whether 12.05 is all right. 4 MR BEER: Sir, thank you very much. 5 (11.50 am) 6 (A short break) 7 (12.07 am) 8 MR BLAKE: Thank you very much, sir. Can I now call 9 Mr Ferlinc. 10 SIR WYN WILLIAMS: Yes, of course. 11 MARTIN CHARLES GEORGE FERLINC (sworn) 12 Questioned by MR BLAKE 13 MR BLAKE: Thank you very much. Can you give your 14 full name, please? 15 A. Martin Charles George Ferlinc. 16 Q. Thank you, Mr Ferlinc. You should have in front 17 of you a witness statement. Do you have that, 18 or at least a bundle containing your witness 19 statement behind tab A? 20 A. Okay, if I can find that one. Yes, I have it in 21 front of me. 22 Q. Thank you very much. Can I ask you -- that 23 statement is dated 11 May 2023? 24 A. Yeah. 25 Q. Can I ask you to turn to the final page, that is 72 1 page 28 -- 2 A. Okay. 3 Q. -- just before we get to the index. Is that 4 your signature there? 5 A. It's my signature, yes. 6 Q. Is that statement true to the best of your 7 knowledge and belief? 8 A. It is. 9 Q. Thank you very much. For the purpose of the 10 transcript, that is URN WITN08610100. Thank you 11 very much. 12 That can come down. Thanks. 13 Thank you, Mr Ferlinc. I'm going to start 14 with your background. You were employed by what 15 I will refer to as the Post Office or POL from 16 1979 to 2011, albeit it was known through 17 a number of different names throughout that 18 period; is that right? 19 A. Correct. 20 Q. You started as a counter clerk after the 21 completion of your A levels? 22 A. Correct. 23 Q. Amongst your early roles you were a Crown Office 24 branch manager? 25 A. Yeah, in the mid-1980s, I believe. 73 1 Q. From 1989 onwards, you worked in various audit 2 related roles? 3 A. That's right. 4 Q. 1989, you were audit manager in Nottingham? 5 A. That's right. Audit manager in Nottingham. 6 Q. In 1993, the Post Office was restructured into 7 seven regions, and you became audit manager for 8 the Midlands region and then the regional audit 9 manager in 1995? 10 A. Correct. 11 Q. In 1998 or 1999, there was a review that you 12 have detailed in your witness statement. It was 13 a review of the structure. Can you briefly tell 14 us the purpose of that review and its outcome? 15 A. Yeah. I'm not entirely sure of the timeline. 16 It could have been 1998 when it started and 1999 17 when it finished. Essentially, at the time, so 18 around about 1998, there were two auditing 19 departments within Post Office. So you had 20 a Post Office internal audit team, which 21 comprised around about 30 members of staff, 22 based in Chesterfield or London, largely 23 managerial grades, largely with internal audit 24 qualifications, and that team basically audited 25 head office functions. 74 1 Separate to that team were regional 2 auditors. They were largely people who had 3 counter office background experience, didn't 4 have auditing qualifications and were separate 5 from the internal audit team, so you had these 6 two teams together. So around about 1998, the 7 National Audit Team, which was the Post Office's 8 internal audit team, decided to review the 9 structure, the processes, the policies, that the 10 regional audit teams had in place. I was 11 working, as you said, in the Midlands region and 12 was seconded to National Audit to take part in 13 this review. 14 So that review looked at every aspect of the 15 regional audit teams, there were seven regions, 16 and the outcome for that review, which took 17 a few months, was to develop this new team 18 called the Network Audit Team, and the idea was 19 that that team would slot under the national 20 audit team, so forming one auditing body with 21 the internal auditors effectively managing the 22 old regional audit teams. So that sort of 23 summarises that project. 24 Q. Thank you very much. Was that in any way linked 25 to the rollout of Horizon, which we know was in 75 1 the '99 period? 2 A. I don't believe it was. There wasn't, to my 3 knowledge, any link at all. 4 Q. In 1999 or thereabouts, you became Head of 5 Network Audits, so you were the head of that new 6 team -- 7 A. That's right. 8 Q. -- of network auditors. I think there came 9 a point in time where what you've described as 10 the National Audit Team separated out and went 11 to the Royal Mail -- 12 A. Yes. 13 Q. -- and the network team stayed with the Post 14 Office? 15 A. Yes, so as I mentioned, the idea was for this 16 new Network Audit Team to slot under the 17 National Audit Team. I'm not sure of the time 18 frame but a short period after that team was 19 devised, the internal audit team -- and there 20 was one in Post Office Counters, Royal Mail and 21 Parcelforce, were moved into Royal Mail Group 22 and the decision was taken that, even though 23 that team would move to Royal Mail Group, the 24 Network Audit Team would still stay within Post 25 Office Limited. 76 1 Q. You became part of what we know as the Security 2 and Investigations Team, initially; is that 3 right? 4 A. Yes, not immediately. So initially, because 5 this team was sort of left without a home, it 6 was given a temporary line within the Finance 7 Directorate and then it went to the Operations 8 Directorate and then, shortly after, it was 9 moved to a Security and Investigations team 10 which itself was undergoing a review of its own 11 structure. 12 Q. Slightly confusingly, following one of these 13 reviews, your team became called, I think, the 14 National Audit and Inspections Manager -- or you 15 became the National Audit and Inspections 16 Manager? 17 A. Yes, when I've gone through my own memories I've 18 struggled to work out at what point these role 19 names changed but, yes, National Audit and 20 Inspections Manager -- the inspections bit was, 21 once we came under the Security Team, we also 22 looked at physical inspections while we were at 23 branches. So my team would go to branches and 24 include now a physical inspection of security, 25 physical security. So that's why the team was 77 1 then expanded to be called Audit and 2 Inspections. 3 Q. During that period, the core work that you were 4 managing was branch auditing? 5 A. Absolutely, yeah. 6 Q. I think you first reported to Tony Marsh, who we 7 will hear from tomorrow, and, at some point, it 8 moved to Rod Ismay, who we have already heard 9 from. 10 A. Yeah. 11 Q. How big was your team? 12 A. When it started, so when it was created in 1999, 13 I believe it was 103 or 104, of which probably 14 about 10 or 11 people were in a core admin team 15 in Chesterfield. So the remaining 90 people 16 would be dotted around the UK, in various little 17 places to be able to go locally to branches to 18 audit them. 19 Q. So you described the early days of your work, 20 you were in the regions. It was separated by 21 regions. Was it now focused, concentrated, on 22 a national team? 23 A. Yes. So before this new team, there were seven 24 regional audit teams doing things differently, 25 with subtly different practices and different 78 1 interpretations. So one of the aims of this new 2 team was to bring some consistency to the 3 operations. So it was a centralised, managed 4 team, albeit with resource placed around the UK. 5 Q. Perhaps taking this out of turn -- and we will 6 come to it -- but did that in any way affect the 7 way that auditors related to the subpostmasters, 8 for example? Did it break up any of those 9 personal relationships that may have existed 10 when it was operating at a regional level? 11 A. Only in the context of -- because we had less 12 resource, this team of 103, for the Network 13 Audit Team, probably would have been about 14 150/160 in the seven individual teams. So 15 there's less resource out in the field and 16 therefore less local resource. So perhaps the 17 local auditors wouldn't be from somewhere you 18 were as familiar with, if you were at a branch. 19 Q. That change in resource happened when, the late 20 1990s? 21 A. Yeah. And I would just add to that, you know, 22 from the creation of that team of 103/104, the 23 numbers were always coming down. So there were 24 less and less staff in that team over the next 25 six to eight years. 79 1 Q. I think you've said in your witness statement 2 there were issues -- or there weren't new staff 3 coming in because your team was actually getting 4 smaller? 5 A. Yeah, I mean, the broad policy at Post Office at 6 the time was that there was no compulsory 7 redundancy. So if any reductions in staff 8 occurred, then those displaced staff would be 9 found a new home. And I forget the term used 10 for those people but, essentially, if a vacancy 11 came up in my team, we would be expected to fill 12 that vacancy with a displaced, surplus person 13 from somewhere else. But I don't recall many 14 vacancies happening because of this constant 15 reduction in staff. 16 Q. You've also mentioned in your witness statement 17 about looking back, a lack of people with IT 18 expertise, for example. Was it difficult to 19 bring those kinds of people in because of those 20 difficulties -- 21 A. Because of those restrictions. I think, to be 22 fair, we're going back to 1999/2000. For most 23 of my team, arguably all of my team, they 24 probably hadn't even touched a computer since 25 about 1995 -- or before 1995. So most people 80 1 didn't have much IT background anyway, sent 2 an email, used the Word document. So it was 3 very much about learning on the go. 4 Q. Because new members weren't joining that team, 5 you weren't getting people with more recent 6 expertise? 7 A. Exactly. 8 Q. You continued in that role until 2006 or 2008, 9 you're not entirely sure of the precise date -- 10 A. Yeah. Can I just clarify that. I think, 11 reading through some of the other documentation 12 that I've seen now in more detail, I think it 13 might be that I changed role in 2006 but that in 14 2008 the auditing teams were moved into the 15 Network Directorate. So I think there was 16 a two-year span where I reported to Keith 17 Woollard and, by 2008, the auditing arm of my 18 team moved, organisationally. 19 Q. Thank you. You became compliance risk and 20 assurance manager? 21 A. Yeah. 22 Q. You've said that involved providing management 23 information on compliance audit activity. Very 24 briefly, can you tell us what that involved? 25 A. Yeah, I mean, essentially, that time in Keith 81 1 Woollard's team, there's a greater focus on 2 compliance risk with regulatory obligations, so 3 anti-money laundering, providing assurance to 4 Bank of Ireland and other partners, NS&I, DVLA. 5 So my role was to use the audit findings, albeit 6 the auditors were no longer reporting to me, but 7 to use their findings on compliance activity to 8 provide assurance to our clients and partners. 9 Q. You were on something called the Post Office 10 Risk and Compliance Committee? 11 A. Yes. On it, I attended many of the meetings, 12 probably not all of them. 13 Q. I think you took minutes of those meetings, did 14 you? 15 A. Again, I think probably minutes is -- perhaps 16 I took notes and that was not at every meeting. 17 So I think the responsibility for those minutes 18 or notes was shared with someone from Security. 19 Q. Thank you. We'll look at some minutes in due 20 course but can you give us some examples of the 21 types of person that sat on that committee, how 22 high up in the company they were, for example? 23 A. Well, it was a subcommittee of the Executive 24 Team. So it would include directors from the 25 Team. It would also be chaired, over time it 82 1 changed, but I think Sir Mike Hodgkinson was 2 chairing it at some point, Alan Cook was 3 chairing it at some point, and then at each of 4 those meetings people would be invited, 5 depending on the subject of the day, to present 6 something or talk about something or be 7 questioned about something. 8 Q. That committee had a link to the board of POL? 9 A. To the Executive Team, which in turn had a link 10 to the board, yes. 11 Q. Thank you. I just want to take you to your 12 witness statement, paragraph 90 to 92. That's 13 WITN08610100. Thank you very much. It's 14 paragraph 90 to 92. That is page 27. I'll read 15 that out, that says at 90: 16 "With the exception of issues encountered 17 during a communication failure/power outage at 18 a branch, for which there are fall back 19 processes, I did not have nor was I aware of any 20 concerns regarding the robustness of the Horizon 21 system during my time working for Post Office. 22 Any issues I had heard about seemed to be 23 considered as related to in-branch/user error. 24 "As I did not have any concerns, there was 25 no communication decision to make. 83 1 "I was not aware of any instruction given to 2 auditors to disregard possible problems with 3 Horizon as a possible cause for discrepancies, 4 noting that I did not have direct contact with 5 branch auditors after those roles moved 6 (organisationally) into the Network 7 Directorate." 8 So in none of the roles that we have already 9 discussed, so from heading the Network Audit to 10 your involvement in the Post Office Risk and 11 Compliance Committee, in the latter half of the 12 first decade of the 2000s, did you hear anyone 13 raise issues with the robustness of Horizon? 14 A. I guess it depends on, you know, the definition 15 of robustness. I think there were glitches and 16 there were the occasional things that came to 17 light, such as screens freezing or amounts being 18 stuck in suspense. These, from my position at 19 the time, seemed to affect individual branches 20 rather than being systemic across the whole of 21 the network, which is what I would have expected 22 from a system that wasn't robust. 23 Q. So if we look at paragraph 90, for example, you 24 talk there about a communication failure and 25 a power outage of a branch -- 84 1 A. Yeah. 2 Q. -- what you might understand is a hardware 3 failure or something along those lines? 4 A. Yes. 5 Q. What you don't mention there is bugs, errors or 6 other defects. 7 A. Okay. I mean, in terms of bugs, I suppose, from 8 my perspective at the time and even now, would 9 be that any software will have some bugs. 10 That's why we have software updates and fixes. 11 So I think there's always a sense of there might 12 be some issues in the system but they are being 13 fixed with the software updates, but nothing 14 from my perspective that made me feel that the 15 system wasn't robust. And I don't remember 16 people talking in those terms either. 17 Q. They may not have been talking in terms of 18 robustness -- 19 A. Okay. 20 Q. -- but are we to take it, from what's written 21 there and from your oral evidence, that you were 22 aware, in general terms, that there were bugs, 23 errors and defects but that your view was that 24 they were corrected by updates? 25 A. They were corrected in some form or other. So 85 1 updates or a manual workaround. So there were 2 issues, individual issues that had been reported 3 but, as I said, nothing to me that made me feel 4 like this was a systemic problem across the 5 whole estate. 6 Q. Where were you receiving that information from, 7 so the fact that these issues were corrected, 8 for example? 9 A. I guess in terms of audit activity, so, you 10 know, as an audit activity, it might be a case 11 of "This is an issue that's being resolved", or 12 "This is an issue that's currently happening to 13 me because I've got an amount in suspense that 14 doesn't -- shouldn't be there". So probably 15 from audit activity would be the main source. 16 Q. When you say "audit activity", do you mean 17 branch auditors on the ground reporting back to 18 you? 19 A. Yeah, through their audit reports. 20 Q. The fact those issues had been corrected, was 21 that coming also from the auditors or was there 22 someone else in the company who was reassuring 23 you that those kinds of bugs were being -- 24 A. I mean, that's a good question, I'm not always 25 entirely sure there was always that sense of it 86 1 was being corrected. It was a known problem and 2 someone was looking at it, was perhaps the 3 assurance, for want of a better word, that I was 4 given. 5 Q. The someone, who would that be? Would that be 6 Post Office, Fujitsu, Helpline? 7 A. Combination of both. A combination of the two 8 helplines, so initially Horizon Support or NBSC. 9 Q. I want to ask you, before we get on to specific 10 examples, just some very basic questions, 11 because you're going to be the first of our 12 policy witnesses and we will hear from people 13 who were on the ground but I'll start by asking 14 you the basics of auditing. When one things of 15 auditors, you think of, for example, 16 an accountant who signs off a company account. 17 Can you tell us about the job of a Post Office 18 branch auditor? Because you've distinguished 19 between the network or the branch auditors and, 20 for example, the national auditors? 21 A. Yes, so using your example, I'd say the auditors 22 were more like stocktakers, that they would go 23 to a branch to physically count, broadly 24 speaking, cash and stock and some other items, 25 and validate that they were there, in comparison 87 1 to what should be there. 2 Q. Were they accountants or people with particular 3 qualifications? 4 A. No, as I mentioned earlier, this resource was, 5 broadly speaking, a set of staff that came from 6 a counter experience, Crown Office background, 7 without any auditing qualifications. I'm not 8 aware of any single member of the team that 9 would have had an auditing qualification. 10 Q. Can you tell us the difference during your 11 period of involvement between an auditor and 12 an investigator? 13 A. Okay. So there were two separate roles and two 14 separate teams. As I mentioned in the 15 organisational structure, there was a point when 16 the audit and investigation teams reported to 17 Tony Marsh, Head of Security and Audit, but 18 prior and after that, we separated into 19 different areas as well. 20 But to answer the question, the auditor's 21 role was to go out there and to verify that 22 assets were at the branch and, where they 23 weren't, over a certain amount of discrepancy, 24 there would be kind of a line drawn and then the 25 investigation team would be involved. So they 88 1 would come to the branch and start to 2 investigate the matter further, in addition to 3 the Network Management Team. So there was like 4 two reporting lines at that point, one would go 5 to Network Management to make decisions, 6 contractual, and the investigators would be 7 involved in making more in-depth investigations 8 into potentially what the cause of the 9 discrepancy was. 10 Q. We've heard at some points, particularly in the 11 Human Impact evidence that we heard in Phase 1 12 of this Inquiry, evidence about auditors and 13 investigators attending a branch together. Did 14 you have experience of that? 15 A. Absolutely. So ordinarily what would happen, 16 for a routine audit -- and what I mean by 17 routine is we're going there without expecting 18 to find any problem, issue, discrepancy and, 19 when we do, we report it up to Network and 20 Investigations and, in those cases, people from 21 Network and/or Investigations would then come to 22 the branch. But, also, there will be types of 23 audits which will be requested by the 24 investigation team. So the investigation team 25 may be doing some work, understanding there's 89 1 a potential risk at this branch, they would 2 arrange what would be called a special audit, 3 and they would ask us to turn up at this branch 4 on a certain day, and they would be there. 5 Often, they would be waiting outside until 6 we finished the audit of accounts and once we 7 finished the audit of accounts, they would then 8 make the decision as to whether to pursue the 9 matter further. I don't remember, but I may be 10 wrong, that auditors and investigators would 11 turn up at the same time. There may have been 12 an occasion when that happened but, generally 13 speaking, the auditors would arrive, perform 14 their task and then, if required, the 15 investigation team would come in. 16 Q. Looking back, can you see any problem with the 17 auditors and the investigators being in the 18 branch at the same time, from the perspective of 19 the subpostmaster? 20 A. It might feel quite intimidating and it might 21 feel like almost being -- like they'd been set 22 up. But I think, from our perspective, from my 23 perspective, as long as there was clear, defined 24 responsibilities that we pursued our role up to 25 this point and then at that point the 90 1 investigation team decided what to do, then that 2 responsibility line for me was quite clear. But 3 I can understand from a human impact point of 4 view it may feel quite intimidating to be faced 5 with two activities at the same time. 6 Q. Was there any separate guidance for when 7 an auditor was present at the same time as 8 an investigator, when there was an investigation 9 going on, as to how the auditor should conduct 10 themselves? 11 A. How should they conduct themselves? 12 Q. Well, did they have any training on 13 investigation methods or Police and Criminal 14 Evidence Act or continuity of evidence, or 15 anything like that? 16 A. No, I mean, they performed their role as they 17 were required to do and then at that point, as 18 I said, if there was a requirement to pursue the 19 matter further, the investigation team would 20 pursue it. I think the only overlap would be 21 the investigation team might ask the auditors to 22 obtain extra reports. But that would be it. 23 Q. We'll go on to talk about the kinds of reports 24 that auditors could obtain. Could we first look 25 at POL00085769, please. 91 1 A document will be brought onto screen. 2 It's a 2011 document, October 2011. So you 3 probably weren't involved at the time. This is 4 a "Business Loss Programme Board Report". But 5 it's page 9 I'd like to look at. It's just 6 a description of the role of audit -- thank you 7 very much. So it says there: 8 "Although often spoken of as if it were 9 a fraud prevention device, audit is in reality 10 simply a means of checking whether the assets 11 within a branch correspond to our record of 12 assets. Where there is a discrepancy it is not 13 necessarily possible to say how that difference 14 arose." 15 Is that something you would agree with, that 16 description? 17 A. Let me just read it again. I would agree with 18 it. Maybe the first sentence "often spoken of", 19 I'm not sure "often", but certainly sometimes 20 spoken as a fraud detection device. 21 Q. Reading that, was the essence of an auditor's 22 job, essentially, to check whether X equalled Y 23 in the branch? 24 A. Yes, so, you know, both before and after Horizon 25 we would, my team would go in and essentially 92 1 verify that the physical assets matched up to 2 what should be there so that would be creating 3 a cash account of sorts and that would be 4 essentially their job, stocktaking activity. 5 Q. Looking into why the difference arose was not 6 really part of the auditor's function? 7 A. Not really. I think it would be a case of, if 8 there was a discrepancy, there would be 9 an effort to identify why that might be. So, 10 for example, I've audited branches in the past. 11 My first reaction would be: have I done 12 something wrong? Have I got the wrong figures? 13 Have I missed something off? So I think 14 initially, there I would be to make sure they've 15 got everything, had they concluded everything. 16 They would probably -- not probably, they would 17 talk to the person in charge, and say, "Look 18 this is our current position, can you shed any 19 light on it?" So not interviewing, as such, but 20 just establishing have we got everything we need 21 to have? Often that would then translate to 22 yes, I know about this, or a case of "I've no 23 idea". 24 At that point -- sorry, the auditors would 25 then, again, just go through some of the 93 1 information that's available on site. But at 2 that point, if there is a significant 3 discrepancy, it would then be flagged up on this 4 escalation process. 5 Q. Thank you. That can come down. 6 In your experience, was the line between 7 those who were auditors and those who could, for 8 example, close a branch or pursue criminal 9 action, in comparison to those who could just 10 carry out that sort of pure mathematical 11 calculation, was that clearly delineated? 12 A. Just to be clear what you mean about closing the 13 branch. Do you mean the decision to close 14 a branch or the act of closing a branch? 15 Q. Either or both. 16 A. Okay, the decision to close a branch was never 17 the responsibility of the audit team. So any 18 decision to close a branch would be at the 19 network, possibly with investigation input, but 20 the network management would decide whether, on 21 the basis of our findings, it was necessary to 22 close the branch. If the decision was to close 23 branch, then my audit team would effectively 24 produce the final cash account, remit the items 25 that were in hand. So yes, there would be some 94 1 involvement in the closing of the branch, but 2 kind of a technical movement of cash and stock, 3 or transferring it to somebody else. 4 So sometimes, it wasn't so much the branch 5 was closed but maybe the subpostmaster was 6 precautionarily suspended and an interim 7 subpostmaster was found, so rather than having 8 to close a branch, an option could be just to 9 transfer the assets to this interim 10 subpostmaster. 11 Q. Who would make that decision? 12 A. The decision would always be made by the 13 Network. 14 Q. Do you think it was clear to subpostmasters, 15 managers, et cetera, of that delineation? 16 A. I think with hindsight, probably not and 17 I think -- I know there are occasions when I've 18 heard of -- and particularly subpostmasters, but 19 also Crown Office staff, as well, had complained 20 about the conduct or behaviour of an auditor, 21 and when I found out the person's name I've 22 realised, well, it wasn't an auditor, it was 23 an investigator. So clearly, there wasn't 24 a communication to the subpostmaster to say, 25 "This is my role". 95 1 I believe that auditors would go into 2 a branch and make it clear "We're here to audit 3 the branch". I don't know what process took 4 place when the investigators came in and whether 5 those lines were blurry. So from 6 a subpostmaster's point of view, they've got 7 four people in the branch, they're all part of 8 the same team, perhaps, from their perspective. 9 Q. Thank you very much. I'm going to take you to 10 an illustration of the divisions of the roles, 11 and I wonder if you can assist us. It's 12 POL00084978. You may have seen this in your 13 bundle. If we could -- thank you very much, if 14 we could just look at 1 to 4, so exactly where 15 you are currently on the screen. 16 A. Okay. 17 Q. Using this illustration, is it right to say that 18 if there was a discrepancy, then it's notified 19 to the contract advisor, investigation team, and 20 network compliance manager. I mean, that's 21 essentially what you've already told us this 22 morning -- 23 A. Yeah. 24 Q. -- that the job of the auditor -- 25 A. This a flowchart for the team after 2008 but 96 1 I think, broadly speaking, that would be the 2 flow prior to it, as well. 3 Q. Is that irrespective of how the discrepancy 4 arose? 5 A. I guess it depends on the Network's 6 decision-making process. So they will be told 7 "This is a discrepancy, it's X amount". There 8 may or may not be a reason at that point. So it 9 may well be there's already been an admission or 10 this figure in the balance snapshot or the 11 office snapshot doesn't equate to this other 12 figure. So they will be given some fact-finding 13 outputs, I suppose, to make the decision. But 14 sometimes, as you have kind of alluded to, it 15 wouldn't be clear. It wouldn't be clear they'd 16 was a loss due to a known error or something in 17 the account which didn't look right. It just 18 wouldn't be clear. So irrespective, that figure 19 would be related to the Network Team to make 20 a decision. 21 Q. Thank you. If we turn over the page, it will 22 identify there what then happens. Can you, if 23 you're able to, briefly walk us through the 24 process that's outlined there from the Audit 25 Team's perspective? If it doesn't reflect what 97 1 happened when you were there, then please tell 2 us any differences. 3 A. Yeah, I think the one thing that strikes me as 4 probably not as I would remember it, is on the 5 left-hand side there's a diamond shape towards 6 the middle. It says, "Are there financial 7 irregularities or suspicious circumstances?" and 8 then there's a drop down to a box at the bottom 9 saying "Seek proposals to make good 10 discrepancy". 11 In my mind, we wouldn't do that. In my 12 mind, if there was any known issue, and 13 certainly admission of theft, for example, or 14 any other suspicious activity, we wouldn't seek 15 proposal to make it good. That again would be 16 left with the Network Management Team to decide 17 how they want to proceed. So that looks 18 slightly out of kilter with what I would 19 remember of the process when I was there. 20 Q. But, essentially, it leads down to the contract 21 advisers? 22 A. Yes. 23 Q. You used the words "known issues" a couple of 24 times. 25 A. Okay. 98 1 Q. What this box, this explainer, doesn't seem to 2 show, is what to do if a discrepancy is 3 unexplained. Was there a focus on that 4 particular type of issue? Was there enough 5 training, for example, or explanation to the 6 audit team as to what to do in those 7 circumstances? 8 A. No, I think -- and I think with hindsight there 9 probably should be more guidance in training 10 but, essentially, what would happen is, if 11 there's a discrepancy, and it can't be 12 identified for any other -- for any reason, then 13 it would be reported for someone to make 14 a decision. Probably what should have been 15 happening was to look in more detail and, 16 certainly, if an investigation team wasn't 17 involved, because they would normally start to 18 delve more into detail. So there would have 19 been probably more guidance to the auditors to 20 say, "This is what perhaps you could look for", 21 and I don't know there was and there should have 22 been. 23 Q. This really matches the explanation you 24 previously gave that an auditor was there to see 25 if X matched Y, not to look into Y -- 99 1 A. I saw them as fact finders. They gathered the 2 facts as they saw them and provided that 3 information to make a decision. 4 Q. Thank you. I'd like to now look at how often 5 audits took place. 6 That can come down. Thank you. 7 You've explained in your statement that, 8 prior to 1993, audits were scheduled on 9 a cyclical basis. Can you briefly explain -- 10 I appreciate that's a long time ago now, but -- 11 A. Did I say 1993? 12 Q. I believe you did. But if it's not, then please 13 say. 14 A. In my head it's 1999, but -- 15 Q. Well, I think it moved to something called 16 a frequency basis on 1999. It's a little 17 unclear in the witness statement, that's why -- 18 A. Okay, let me try and clarify it then. When 19 I joined the audit team in 1989/1990, branches 20 were essentially audited on a frequency basis. 21 It was either every 12 months, 27 months, 22 39 months. So basically one, two, three years, 23 with some exceptions, the exceptions being if 24 they were known as being high risk. And the 25 high risk was quite crude at that point, it was 100 1 the previous audit finding a high risk issue to 2 consider or were there lots of error notices? 3 So, apart from those two factors, broadly 4 speaking, branches were audited on this cyclical 5 basis, one, two, three years. 6 Q. Is that every branch? 7 A. Every branch, Crown Office, every branch. So, 8 at that point, there would have been about 9 20,000 branches, so every branch filtered into 10 these three categories of frequency. You're 11 right about the 1993, to some degree. So in 12 1993, the National Audit Team, the Post Office 13 internal audit team, developed a risk model 14 which was put out to the seven regional audit 15 teams to use. So the National Audit Team 16 developed the model but it was deployed, 17 operated by the regional audit teams. 18 And that had essentially a number of metrics 19 that identified the risk of branches. That was 20 used from around about 1993 to 1999. As part of 21 the review of regional auditing to 1999, it 22 became clear that that risk model was felt 23 flawed, in as much as the high-risk models -- 24 the high-risk branches in that model tended just 25 to be the biggest branches. So all the Crowns 101 1 and all the big branches were always filtering 2 to the top and it was therefore difficult to 3 maintain this frequency because all the 4 high-risk branches were tending to be bigger 5 branches. 6 So as part of that project in 1999, the 7 frequency approach was removed in place of just 8 purely risk model selection. 9 Q. Thank you very much. We're going to look at 10 something called the audit process manual. 11 I think you've described in your witness 12 statement there was a policy manual and 13 a process manual; is that correct? 14 A. Yes. 15 Q. What was the purpose of the audit process 16 manual? 17 A. The audit process manual was really a guide to 18 auditors in how to perform their work. So going 19 back to the point of we've got seven regional 20 audit teams, which also was the basis of having 21 32 district teams prior to that, all operating 22 in different ways, different practices. So in 23 designing this new Network Audit Team in 24 1999-ish, the audit process manual was designed 25 to bring some consistency so that people 102 1 auditing in Scotland would be doing the same 2 thing as people auditing in Cornwall. So that, 3 essentially, was the purpose. 4 Also, going back to pre-1995, we didn't have 5 computers. We didn't have Word documents. So 6 a lot of the process was just local knowledge. 7 You knew it or you didn't know it and it wasn't 8 really documented in how to do an audit. So as 9 we became more automated or using computers 10 more, there was a desire to put things on paper 11 to both provide that consistency of approach but 12 also have it documented for new people, not that 13 we got many, but to enable them to understand 14 "Well, how do I do my work?" It's all laid out. 15 Q. So it's purpose was for the network field team 16 rather than for, for example, individual 17 branches? 18 A. Yes. 19 Q. Can we look at POL00084650, please. Thank you 20 very much. This is Chapter 1 of the Audit 21 Process Manual, "Audit Plan and Scheduling", and 22 is this the chapter that sets out how audits 23 were scheduled? I appreciate this is dated 24 a bit later on but, in essence, I think -- 25 A. Yes, it's three years after I left that sort of 103 1 area but, equally, the layout, the set-up, the 2 content, is broadly the same. 3 Q. Thank you. The various versions are at the 4 bottom of this page, so we have an original 5 version in 2002. 6 Can we turn to page 3, please. It's 7 paragraph 2.1 on page 3. So 2.1 and 2.2 refer 8 to something called the "Financial Branch 9 Performance Profile", can you talk us through 10 that? Is that what you were talking about when 11 you said the system changed or was it something 12 different? 13 A. Well, it's 2011, it's not a term I would know. 14 But I suspect it's similar to the risk model 15 that I would have known. And that risk model 16 changed its name over time. At one point, it 17 was called the Financial Audit Risk Model, 18 acronym FARM. There was another acronym of 19 ALARM, which I can't remember now what that 20 would stand for but, basically, those were 21 financial risk models. I suspect, I'm looking 22 at 2.2, the sort of metrics within it, it looks 23 to be the same. It's just a different name. 24 Q. So you've explained that, early on, there were 25 regular, scheduled audits of all post offices 104 1 but then it went to a risk-based model that was 2 multifactorial? 3 A. Yeah. 4 Q. What was the purpose behind that? Was it to 5 reduce the number of audits, ultimately, that -- 6 A. I think it's because there were audits being 7 reduced. So because of headcount reduction, 8 cost reduction, the level of staff was reducing 9 all the time, there was a need to make sure the 10 resource that we've got available is utilised as 11 much as we can. So the idea was to target our 12 resource to where we felt there was the biggest 13 risk. 14 Q. In addition to that model, whatever the model 15 may have been called at the relevant time, there 16 were other bases for carrying out an audit? 17 A. Yes. 18 Q. I think one was robbery or burglary, a planned 19 audit. 20 A. Yes. 21 Q. I think if we look at 3.7, so that's over the 22 page, in fact page 5. There's something called 23 random audits. 24 A. Yes, I was going to mention that. 25 Q. Yes. 105 1 A. Because I'd kind of omitted that in the previous 2 explanation, that, yes, we have a risk model 3 approach that replaces the purely cyclical 4 approach, but there was always a considered risk 5 of if we only ever audit the branches with the 6 highest risks, there may be some branches who 7 may never see us, even though on the profile it 8 looks like the risk is quite low. 9 So the idea was two-fold with the random 10 audits, was to (a) make sure that there's always 11 a chance that any branch could be audited 12 because, from a pure random sample, you know, it 13 could be audited tomorrow. But, also, it gave 14 us a baseline measure. It enabled us to say, 15 right, if we just purely audit on a random 16 basis, this I what we're likely to find, and 17 compare that to the risk indicators. 18 Q. In terms of numbers, what kind of numbers are we 19 looking at for random audits or percentages, 20 versus planned -- 21 A. It was 5 per cent, so whatever the numbers were, 22 I think it was always designed as being 23 5 per cent of the total plan being random 24 selected. Just to pick up on the robbery and 25 burglary, those sort of activities and transfers 106 1 well, they were kind of event driven. So, you 2 know, a burglary happens, we have to go and 3 attend today. A transfer is scheduled for next 4 Tuesday, we're planning to go next Tuesday. So 5 they were always announced visits. The person 6 at the branch would know that we were coming, 7 whereas the random audits, the risk profile 8 audits, would be unannounced activities. 9 Q. Thank you very much. 10 Can we now talk about information that's 11 available to the auditors themselves in the 12 branch. Can we look at POL00084801, please. So 13 this is sticking with the Audit Process Manual. 14 But this is Chapter 3. Do you recall in your 15 time how many chapters there were of the Process 16 Manual? 17 A. I'm sure there's an index somewhere in the 18 documents I've seen, but quite a few. 19 Q. So we're here Chapter 3, "Performing a Branch 20 Audit", is that also aimed at the Network Field 21 Team itself? 22 A. Yeah, I think the whole Process Manual's 23 individual chapters are all designed internally 24 with members of the team. 25 Q. This one is a 2010 version, version 5.1, but am 107 1 I right in saying that from 1999 onwards, there 2 was some form of -- 3 A. Yeah, so in 1999 or thereabouts this Process 4 Manual was designed. It was -- you know, it 5 evolved over time but yeah, there was always 6 a manual of this format from 1999 onwards. 7 Q. Thank you. Could we look at page 3, please. At 8 2.1, it sets out three different types of audit, 9 a financial assurance, both FAA and Tier 2; 10 a compliance audit; and a follow-up audit. Are 11 those the delineations that you recognise or was 12 it something different? 13 A. Yes, yes. 14 Q. Can you briefly take us through the difference 15 between the three or, in fact, four different 16 types of audit? 17 A. So in terms of the top bullet point, Financial 18 Assurance and Tier 2, I don't know the timeline 19 of when this changed but there came a point, 20 again with the headcount reduction, with the 21 less and less resource but still the same level 22 of branches to go out to, a decision was taken 23 to perform what's called a Tier 1 audit, 24 a Financial Assurance Audit, so the first part 25 of the audit would be to verify the high value 108 1 items, so all the cash, high level items of 2 stock, against what should be at the branch. 3 And if that didn't reveal any concerns or 4 discrepancies, that would be the end of the 5 financial audit. If there were any concerns it 6 would then be extended to Tier 2. Tier 2 was 7 basically a previous audit, a full financial 8 audit. So the Financial Assurance Audit was 9 just simply just check the key high risk value 10 items are at the branch: if they are, move on; 11 if they're not, do a full audit. 12 Q. So I have understood correctly that at the same 13 time the frequency of audits was reducing 14 because of the reduction in headcount, for 15 example, there was also a change in the depth of 16 the basic audit? 17 A. Yes, as I say, I don't know the timeline but 18 when this Financial Assurance -- I'd say 19 mid-2000s, but I'm guessing, but certainly there 20 was a point where there was this challenge of 21 reducing headcount, how do we perform the same 22 level of activities? The only way to do it 23 perhaps would be to reduce the activity over 24 more branches rather than having a full audit at 25 less branches. Do you want me to go on to the 109 1 next two bullet points? 2 Q. Yes, thank you very much. 3 A. So compliance auditing. If I take you back to 4 1999, a long way, but at that point, the audit 5 was, basically, just a financial audit, and 6 a view on security. So is the parcel hatch 7 secure? Are alarms tested? Things like that. 8 Going to 2000 and beyond, as we took on more 9 products and more clients and became more 10 involved in regulatory affairs, we had a role to 11 perform compliance audit activities. So when 12 an auditor went in, by and large they'd do both 13 audits on the same event. So they'd do the 14 financial audit. Once that had been completed, 15 they would then move into the compliance 16 auditing activity. So there was a range of 17 compliance audit tests to be completed across 18 a range of different aspects. So it could be 19 anti-money laundering requirements, it could be 20 DVLA's requirements. There's a range of 21 product-based requirements. So they would be 22 doing some testing to respond to these 23 compliance activities and that would be part of 24 the same report, but it would be -- it would go 25 off in different chance in terms of how it would 110 1 be used. 2 Q. In your view, was there sufficient resource and 3 time to now dedicate -- or auditor's time to 4 compliance issues, as well as the financial 5 assurance issues? 6 A. I think with hindsight, it was quite demanding, 7 for an auditor to go into a branch and look at 8 all of those aspects. Sometimes they had to 9 defer the compliance activity because the 10 financial activity had taken so long or 11 sometimes, for example, if a subpostmaster 12 wasn't at the branch, then there wasn't much 13 merit in performing the compliance activity and 14 we'd probably arrange to come back at 15 a convenient time for both of us. 16 But yeah, there was quite a lot of activity 17 to perform, but the financial audit always took 18 place first. So that was the priority before 19 the compliance activity kicked in. 20 Q. Just before we finish for lunch, can you tell us 21 about the follow-up audit and what that was? 22 A. Probably less clear about the follow-up audit 23 but I guess what would happen is that if -- 24 Q. We can turn to -- if we scroll down, it may 25 assist. 111 1 A. Oh, okay. 2 Q. To 2.6. 3 A. Okay. It's answered there for you, then. 4 Basically, that's -- when we went to a branch, 5 and particularly with compliance activity, if 6 there were issues that needed to be addressed, 7 the follow-up activity was to go back at a later 8 point to ensure that those points had been 9 addressed. 10 MR BLAKE: Thank you very much. I have a few more 11 questions on this document relating to the 12 information that was available to an auditor but 13 I think, given where we are on the time, we'll 14 break now for lunch until 2.00 and we can come 15 back to the same document. 16 A. Okay. 17 SIR WYN WILLIAMS: All right, that's good. So I'll 18 see you all at 2.00. Thank you very much. Talk 19 about anything except your evidence, all right? 20 THE WITNESS: Fine. Thank you. 21 (12.57 pm) 22 (The Short Adjournment) 23 (2.05 pm) 24 MR BLAKE: Good afternoon, sir. 25 SIR WYN WILLIAMS: Good afternoon. 112 1 MR BLAKE: We've had some difficulty with the 2 transcription. Everybody in this room will have 3 live transcription. It may be that you, sir, do 4 not have live transcription but a full 5 transcript will be available at the end of the 6 day if you don't have it. 7 SIR WYN WILLIAMS: Don't worry about me. I prefer 8 to read it afterwards anyway. 9 MR BLAKE: Thank you. 10 Mr Ferlinc we left off on the Audit Process 11 Manual and it's POL00084801, Chapter 3 12 "Performing a Branch Audit". Can we go to 13 page 11 of that. If we could scroll down to 14 8.2, there's a section in this manual that 15 addresses Horizon reports. Does this set out 16 what reports an auditor would have available to 17 them when they conducted an audit? 18 A. Can you just confirm which section you're 19 looking at? 20 Q. Yes, absolutely. So if we have a look, for 21 example, at 8.2.4, it says there: 22 "The following report printouts must be 23 obtained from the Horizon system, examined and 24 filed with the working papers in line with the 25 current retention process ..." 113 1 A. Okay. On my screen, it goes down to three 2 bullet points, is that all there is? 3 Q. No. It scrolls over the page. Perhaps you can 4 talk us through, using this document or just 5 your own recollection, the kinds of reports that 6 an auditor would be able to have access to? 7 A. I'm going to say essentially everything that the 8 manager in charge of the branch would have 9 access to. So we're talking about reports that 10 identify which stock units are at the branch in 11 use, we're talking about transfers between those 12 stocks, remittances in and out of the branch, 13 an office snapshot or a balance snapshot which 14 will highlight at any moment in time what should 15 be in the branch and how the balance position 16 should look like. 17 So I think that virtually all the reports 18 that the auditors would have access to would be 19 accessible to the person in charge of the 20 branch. 21 Q. Am I right in saying they would either have the 22 subpostmaster log-in themselves or they would 23 have their own log-in to access those reports on 24 the branch's own system? 25 A. Correct. 114 1 Q. We're going to hear in this phase about issues 2 with what we know as Fujitsu ARQ data. That is 3 Fujitsu-held transaction data from Fujitsu's raw 4 audit trail. Was ARQ data provided to Post 5 Office branch auditors? 6 A. Not to auditors. That would have been obtained 7 by the investigators. 8 Q. Was any other Fujitsu audit data held by 9 Fujitsu, such as product of the raw audit trail 10 or later the audit table provided to auditors? 11 A. I'm not aware of that. My recollection is the 12 only information that the auditors accessed at 13 the branch were on the Horizon System at the 14 branch that a manager level access could also 15 obtain. 16 Q. Was consideration given or are you aware of any 17 discussions relating to the obtaining of that 18 kind of audit data from Fujitsu for auditors, 19 for example, in the case of a serious dispute 20 about a transaction with a subpostmaster? 21 A. This goes back to the investigation team having 22 access to that data. I think there came 23 a point -- and I'm not quite sure who made the 24 decision or when the decision was made -- but 25 that ram data would be made available to 115 1 investigators rather than auditors, having that 2 fine line between who is using that data. So 3 even though, in Fujitsu's terms, it might be 4 available to a PO internal auditor, we would 5 define it as investigators would use that data 6 for investigation purposes, rather than 7 auditors. 8 And as I said to you in response to 9 a question earlier today, I think with hindsight 10 there may have been some guidance, training that 11 could have been provided to auditors to access 12 that data, use the data, particularly when the 13 discrepancy perhaps wasn't serious enough to 14 involve an investigator but may have been 15 a discrepancy that worried the branch. 16 Q. So we talked earlier about, for example, the 17 auditor checking whether X equals Y. Is it fair 18 to say that they didn't have sufficient 19 information to identify why X didn't equal Y? 20 A. If X didn't equal Y, it wasn't clear what the 21 difference would be. So there could be a number 22 of reasons and it was often difficult to 23 establish what that reason could be. 24 Q. Was it because nobody thought of transferring 25 that kind of information to branch auditors or 116 1 were there, in fact, difficulties in obtaining 2 that information, for example, from Fujitsu? 3 A. I'm not sure at the outset whether it was 4 envisaged that auditors would have that access 5 to the data and whether it would be too complex 6 for them to analyse. As I said, that may be 7 when the decision was made to push that avenue 8 towards the investigators to perform that role. 9 Q. Were you aware of any difficulties in 10 investigators obtaining that information? 11 A. Only in terms of I believe they had a level to 12 which they could make request they could only 13 have so many requests in a particular period, 14 I believe. 15 Q. Thank you. We will come on to look at some 16 documents in that regard. 17 I'm going to move on now to the security 18 policy and can we look at POL00088867, please. 19 We spoke before lunch about the difference 20 between a process document and a policy 21 document. Is this what you had in mind when you 22 referred to a policy document? 23 A. Yes. 24 Q. Can you just outline for us, using this as 25 an example, what the difference is between 117 1 a process and a policy? 2 A. I guess a policy would probably be more for 3 a wider audience than -- whereas the Process 4 Manual was simply for auditors to work to, the 5 Policy Manual would have a wider remit. 6 Q. Who would you have in mind for this particular 7 policy? 8 A. I mean, it says in terms of the audience there 9 but basically that group of people, people in 10 the retail line and the network, including 11 agents -- well, Transaction Processing, Product 12 and Branch Accounting, as it became known. 13 Q. So quite a wide distribution? 14 A. Yes. 15 Q. This one is written by yourself, you're listed 16 there as the author. Was that a significant 17 document for you, as far as you were concerned. 18 A. I think from my recollection and it does say 19 "Version control ... Replaces all previous 20 versions", I think there were different 21 varieties of this policy, of a losses policy 22 that was born in the late 1990s, and I think 23 this probably -- if I look at the timeline here. 24 Q. If we scroll down it may assist, actually, 25 because there's some slight confusion in the 118 1 document because if we scroll down to the bottom 2 but keeping that table that we can currently see 3 at the bottom, slightly below that, it actually 4 refers to it being version 2.0 January 2004, 5 albeit we saw at the top it said version control 6 1.7, September 2003. I don't know if that 7 assists or doesn't assist? 8 A. Just an admin error, I guess. I think this is 9 just the latest version of similar policies that 10 were badged under different areas and it goes 11 back to the fact that in this period, 2003, the 12 audit team reported to Tony Marsh's security 13 team. So I think he probably took policies that 14 were drawn by me and had them under his 15 ownership. 16 Q. So would the words that are used in this policy 17 be your words? 18 A. I would expect them to be my words with input. 19 I mean, as you can see from the top there, 20 there's quite a few people who would have input 21 to the policy. 22 Q. At this stage, you were audit and inspections 23 manager and that was, as you've explained, part 24 of the security team. 25 A. Yes. 119 1 Q. Version 1.2 there refers to amendments following 2 discussions with the NFSP and the policy being 3 agreed with the NFSP negotiators. Can you 4 assist us with why it would be shared with the 5 NFSP? 6 A. I think the previous policies were, maybe as 7 a matter of courtesy, but also in terms of 8 engagement and input. I don't personally recall 9 the meetings but there would have been meetings 10 to have had that -- I'm guessing, I suppose -- 11 yes, the involvement would be agents or 12 implicated by the policy and, therefore, the 13 Federation would -- 14 Q. That was typical, was it, of these kinds of 15 policy documents, that they would be agreed with 16 the NFSP? 17 A. Yes. 18 Q. Can we look at page 4, please, which is the 19 introduction and purpose. Looking there, 20 perhaps the second substantive paragraph or your 21 own recollection, can you summarise for us 22 briefly the purpose of this policy? 23 A. I guess it goes back to the original policy, as 24 I said probably late 1990s, which I think, from 25 recollection, was a policy that was developed in 120 1 the Midlands region of the seven regional teams 2 and then, when those regions were effectively 3 expanded into a new organisational structure, 4 that policy was redesigned into a business 5 policy and, similar to the regional audit 6 structure review, I think it was designed to aid 7 some consistency in decision-making and 8 interpretation of existing policies. 9 Q. If we scroll down there's section 2, prevention 10 of losses and, in essence, it says there that 11 there should be good accounting practices to 12 prevent losses in branches. That's the most 13 effective way of reducing losses; is that a fair 14 summary? 15 A. Yes. 16 Q. It's over the page to section 3 that I would 17 like to spend a little bit of time on this 18 afternoon. Can I ask you to look at the first 19 two paragraphs there and to read those perhaps 20 to yourself and to take us through those first 21 two paragraphs; what do you understand, in 22 summary, that to mean? 23 A. If a subpostmaster can identify an error, knows 24 that it is likely to lead to an error notice or 25 a transaction correction and can sort of 121 1 substantiate that, then that would provide them 2 with the circumstances where they could seek 3 authority to hold them in suspense. 4 Q. Looking at that second paragraph, it says there: 5 "Under circumstances where the exact cause 6 of the loss is known and a compensating error is 7 expected to be returned, losses may be held in 8 the suspension account ..." 9 Am I to read into that that losses can only 10 be held in a suspense account if the exact cause 11 is known? 12 A. Yes. 13 Q. If we look at then the third paragraph, it says: 14 "Before moving a specific accounting 15 discrepancy to the suspense account, authority 16 must be sought from the Agents Debt Team 3 via 17 the [NBSC]. If there's no clearly defined 18 evidence of a known error (and, therefore, no 19 error notice likely to be issued) authority will 20 not be given." 21 A. Okay. 22 Q. So, again, reading that it seems that, if there 23 isn't a clearly defined evidence of a known 24 error, authority won't be given to transfer into 25 the suspense account; is that correct? 122 1 A. That's how I would read it, yes. 2 Q. If we look at that from another way round, if 3 there was an unknown error, so a bug, error or 4 defect that wasn't known to the NBSC, is it 5 right to say that the subpostmaster would have 6 to make good that discrepancy? 7 A. I think that's how I'd interpret it. 8 Q. If we move down to the sixth paragraph, which 9 begins "To give": 10 "To give authority to hold losses within the 11 suspense account, even with evidence of the 12 error, is against the principle of right first 13 time. Granting authority to hold amounts in 14 suspense should, therefore, always be considered 15 to be the exception the rather than the norm. 16 Agents are expected to address the underlying 17 cause of misbalancing and must expect that any 18 subsequent errors of a similar nature will be 19 referred to the retail line for corrective 20 action." 21 So it seems there that agents are expected 22 to address the underlying cause even if that is, 23 for example, a technical fault? 24 A. Yes, I think at this stage we probably -- it was 25 written on the basis of a transactional error 123 1 that was made at the branch -- either the 2 subpostmaster knew about it or they didn't know 3 about it -- as opposed to a system error. 4 Q. If it was applied to a system error, it's 5 a little harsh, isn't it? 6 A. Yes. I mean, as I said, this was probably 7 written at a time when it wasn't considered that 8 there were to be bugs or glitches in the system 9 which would cause those types of errors. 10 Q. Is that because it was likely to have been 11 drafted in the very early stages of Horizon or 12 drafted by -- 13 A. The policy initially was written pre-Horizon and 14 a lot of these -- if you compare previous 15 versions, you will probably find a lot of 16 similarity in the language used. 17 Q. So some of the pre-Horizon language would have 18 been copied in to this without thought being 19 given to bugs, errors and defects? 20 A. Possibly, yes. 21 Q. If we go over to page 8, please, there is a 22 section on Horizon Issues, so presumably that is 23 a new section post the implementation of Horizon 24 or rollout of Horizon, or certainly in the 25 development -- at least the development stages 124 1 of Horizon? 2 A. Yes. 3 Q. I'm going to read to you -- I will take each 4 paragraph separately. The first is: 5 "If an agent feels that an error has 6 occurred via the Horizon system, it is essential 7 that this be reported to the Horizon System 8 Helpdesk. The HSH will only consider the 9 incident for further investigation if the branch 10 has evidence of a system fault. If no evidence 11 is available, the case will not be investigated 12 and the agent will be held responsible for 13 making good the loss." 14 How would a subpostmaster be able to show 15 that there was a system fault? 16 A. I don't know that they could. 17 Q. Do you think it was fair to place that kind of 18 a burden on a subpostmaster? 19 A. Looking at it now, absolutely not. 20 Q. I'll read the second paragraph: 21 "System faults are very rare and are 22 normally identified after full investigation has 23 been undertaken. All known system errors are 24 managed through the Network Support Problem 25 Management. Access to Problem Management is via 125 1 the NBSC. If the agent feels that the issue is 2 not being resolved, they should flag the issue 3 up with NBSC. If a known system error has 4 caused a shortage, the agent should be given 5 authority to hold the loss in suspense until the 6 system error has been reconciled and an error 7 notice issued." 8 Now, this was drafted or produced in 2003. 9 We know from the Bates and Others litigation the 10 group action, and the judgment of Mr Justice 11 Fraser that there are a number of bugs, errors 12 and defects prior to that date. So in 2000 13 there was the Callendar Square bug; there was 14 something called the data tree build failure 15 discrepancies in 1999 and 2000; there were 16 Girobank discrepancies in 2000; counter 17 replacement issues in 2000 and 2002; phantom 18 transactions in 2001, that's something that 19 I will come back to; reconciliation issues in 20 2000 and 2002; something called concurrent 21 log-ins in 1999 and 2000. 22 So where did the line that system faults are 23 very rare come from? 24 A. I'm not entirely sure and, having read it myself 25 in preparation for my witness statement, it 126 1 wasn't clear to me where that language came 2 from, going back to the input, or where that 3 input would have come from. 4 Some of those glitches/bugs you named, at 5 the time I wasn't aware of them and so I suspect 6 other people probably weren't aware of them. So 7 even though there were possibly people within 8 Fujitsu and Post Office that were, many people 9 were not. 10 Q. The language, the specific words "system faults 11 are very rare" was that something that you think 12 you may have drafted, having been provided that 13 information or do you think that's somebody 14 else's drafting? 15 A. It feels like part of the business input I would 16 have been told system faults are very rare. 17 Q. And who by? 18 A. I'm not sure. If you go back to the input, it 19 might help. 20 Q. So perhaps if we look at page 1, in the middle 21 of the page there's "Business input". 22 A. So many of those names, to be honest, I'm not 23 entirely sure what their roles were. A lot of 24 them fall under the Security Team or the Product 25 and Branch Accounting Team, the last -- well, 127 1 four of the last five names, I don't recall what 2 their roles were. 3 Q. We have there Assurance, Tony Marsh. Would Tony 4 Marsh have read and signed off this document? 5 A. Absolutely. Well, he should have done. 6 Q. Where would you likely have received information 7 about the operation of the system: so faults in 8 the system? Are you able to assist broadly, 9 even if it's not a name of an individual the 10 department that might have contributed to 11 that -- 12 A. I can't recall where that information came from. 13 Q. Do you remember any discussions about that 14 wording? 15 A. No, no. 16 Q. Can we look back again at page 8, please. 17 Sticking to that second paragraph, we have, in 18 that first sentence, "normally identified after 19 a full investigation has been undertaken". 20 Again, was that something that you would have 21 drafted? 22 A. I clearly would have drafted it. I don't know 23 where that wording would have come from. 24 Q. How would you have satisfied yourself of the 25 accuracy of that statement? 128 1 A. I guess talking to those people who were giving 2 the input and also, you know, talking to, in 3 this case, Tony Marsh, the business owner of the 4 policy. 5 Q. Are there any specific discussions that you 6 recall regarding that, whether it's in relation 7 to the production of this policy or just, in 8 broader terms, that somebody providing you with 9 reassurance that system faults are very rare and 10 normally identified after full investigation? 11 A. I think there were just business messages coming 12 out from top-down to say "Horizon's been 13 a success", you know, "these millions of 14 transactions are being performed", and so it was 15 kind of a message coming through various 16 channels that were saying "If there are any 17 system issues that you are hearing about, 18 they're very rare". 19 Q. You say "top-down". I mean, we've discussed 20 earlier you are involved in, say, the Post 21 Office Risk and Compliance Committee? 22 A. Mm-hm. 23 Q. Do you think that was a message that was being 24 reached by that committee or being passed down 25 by that committee? 129 1 A. I can't recall at those committee meetings ever 2 having discussion about Horizon issues at all. 3 I may be wrong but I can't recall those 4 discussions. I think the messages I'm talking 5 about were top-down are just messages from 6 directors of the board and the ET. 7 Q. And you say "passed down". How would it have 8 been transferred, that information? 9 A. Just through various channels. I mean, they 10 would have workshops where they would have 11 leadership senior managers attending, giving key 12 messages for the next year. That could have 13 been a key message from those workshops. 14 Q. Do you remember the names of any individuals who 15 you can recall having given those messages? 16 A. I can't. 17 Q. I just want to sum up what we've been through in 18 relation to this particular policy and I'm just 19 going to put a few points and it may be that you 20 can just answer these yes or no. If you need to 21 give more detail then feel free but I think it 22 may be that they can be answered just yes or no. 23 Is it right to say that, under this policy 24 the burden was on the subpostmaster to show that 25 there was a system fault? 130 1 A. Under this policy, rightly or wrongly, that's 2 what it says. 3 Q. Second, that if they didn't have evidence of 4 a system fault it wouldn't be investigated by 5 the Helpdesk, and that's the first paragraph 6 that we see there, the final sentence? 7 A. I'm not sure that's true but that's what the 8 policy says. 9 Q. Is there something you have in mind? 10 A. No, I'm just thinking that there may well be 11 things that subpostmasters are not aware of 12 being investigated. That's the only thing I can 13 think of. 14 Q. But applying that policy, if there was a system 15 fault and if they didn't have evidence, it 16 wouldn't be investigated? 17 A. Yes, if they believe a system fault is to blame 18 and they don't have a reason for it or can 19 provide evidence for it, that policy would 20 suggest it wouldn't be investigated. 21 Q. Third, the way that they were directed to 22 address this was through the NBSC; is that 23 correct? 24 A. Can you repeat your question? 25 Q. Certainly. So they were -- if we look at the 131 1 page before -- sorry, page 5, it was the third 2 paragraph there, subpostmasters will be asked to 3 direct this to the NBSC. 4 Sorry, it's the third paragraph before 5 moving. 6 A. Yes, I think if there was any issue of any 7 description that the branch wanted to raise, it 8 would always go through the NBSC initially. 9 Q. Fourth, that the subpostmaster would have to pay 10 the shortfall if they couldn't prove that there 11 was a system fault? 12 A. Mm-hm. 13 Q. Is that correct? 14 A. That's a correct assumption from how this reads. 15 Q. Fifth, that only if there was a known system 16 error could the loss be held in the suspense 17 account? 18 A. Yes, correct. 19 Q. And sixth, that the working assumption, as we've 20 seen on the next -- on section 6, was that 21 system faults were rare and would have been 22 identified, and that's not just in the policy or 23 written in the policy but, by the sound of it, 24 that is the general working assumption? 25 A. I think at that stage that was the general 132 1 working assumption. 2 Q. Does it follow then that, if there was 3 an unknown error, a subpostmaster would have to 4 pay up? 5 A. Yes. 6 Q. And that there was a reliance on the NBSC to 7 identify known errors? 8 A. Or to at least log the issue and whatever 9 resolution policy they had in place to put in 10 place. 11 Q. If we look back at section 3 and the authority 12 to hold losses, is it right to say that the 13 ability to hold apparent losses in the suspense 14 account was intentionally restrictive? 15 A. Yes, I think initially, again going back to 16 pre-Horizon days, it was often used for the 17 wrong reasons and they had lots of amounts being 18 held in there. So it was used or was supposed 19 to be used for specific cases where there were 20 known errors awaiting transaction corrections or 21 error notices. 22 Q. Ultimately, following the evidence that you've 23 already given, it wasn't for the auditor to look 24 into any of this because the auditor's job was 25 principally to look and see if X equalled Y? 133 1 A. If you are talking about an audit discrepancy, 2 absolutely. So the auditor would find the 3 discrepancy, if there was one, and then there 4 could be a number of reasons why there was 5 a discrepancy. The subpostmaster would be 6 expected to make good, unless they could 7 identify this is the reason why. 8 Q. This policy, was that information that was being 9 communicated to subpostmasters by auditors? 10 A. I think not necessarily the policy but, 11 historically, there had always been, within the 12 subpostmaster's contract, two or three 13 paragraphs, maybe more, that outlined the 14 contractual obligations. I think auditors 15 always have that phrase in mind from the 16 policy -- sorry, from the contract, rather than 17 necessarily the policy that's here. 18 Q. The burdens in terms of identifying known errors 19 and, for example, the assumption that system 20 faults were rare, do you think those were 21 messages that were communicated to 22 subpostmasters by auditors on visits? 23 A. I don't believe they would have talked about 24 Horizon issues being rare, they wouldn't have 25 talked about those issues. Fact-finding was 134 1 what they were due to do. So if the 2 subpostmaster said "I believe this is the reason 3 why", I would expect the auditors to log in that 4 report. 5 Q. Surely there would have been a conversation on 6 occasion between auditors and subpostmasters 7 about what the policy says or about the Post 8 Office's approach to -- 9 A. I think the only time the contractual obligation 10 would come up is if there is a shortage and the 11 subpostmaster would probably know their 12 contractual obligation without the auditor 13 having to remind them of it. 14 Q. Looking back now at that policy, do you think 15 that the approach that was taken under that 16 policy to subpostmasters was fair? 17 A. No, absolutely not because, as you have 18 highlighted or alluded to, the onus in this 19 policy was upon subpostmasters to prove 20 something that they could not prove or probably 21 could not prove. So it doesn't feel fair. 22 Q. Thank you. I'm going to change the subject 23 slightly now and look at the IMPACT programme, 24 very briefly. It's related because we've spoken 25 about discrepancies and how they went into the 135 1 suspense account when, for example, there was 2 a known error. Do you recall that changing 3 under what -- I think you have referred to it as 4 the branch trading. I think we call it the 5 IMPACT programme? 6 A. Yes, I think when I saw that in the bundle 7 I wasn't entirely sure what that referred to 8 but, for me, I think IMPACT related to a weekly 9 balancing programme moving into a monthly branch 10 trading programme. 11 Q. So the removal of a suspense account is -- do 12 you have a phrase for it or -- 13 A. What phrase would you like me to give you? 14 Q. You refer to "branch trading". Is that 15 something set different? 16 A. No. Branch trading is just, as I said, the 17 evolution of weekly cash accounting. The 18 suspense account, in terms of IMPACT, I think 19 the plan was to remove that, partly to avoid 20 amounts being put in there without authority. 21 Q. Were you involved in that programme? 22 A. Not as such but I remember having a meeting to 23 discuss how that would affect branches and, from 24 my point of view, how auditors would see the 25 difference. 136 1 Q. Can you briefly summarise your views on that? 2 A. I think at the time I was assured that 3 transaction corrections, I think that's part of 4 the evolution from error notice to transaction 5 corrections that transaction corrections would 6 always be provided with evidence that cannot be 7 disputed, effectively, and, on the very rare 8 occasions that there was no evidence or 9 insufficient evidence, there was a channel for 10 that to be disputed. I'm not sure with 11 hindsight that that was, you know, the way 12 things went and I was assured at the time but, 13 subsequently, I think there was still cases of 14 transaction corrections being issued without the 15 appropriate evidence. 16 Q. Do you recall who those discussions were with 17 and who assured you? 18 A. It's very strange. I can visualise being in the 19 room with a member of the Product and Branch 20 Accounting Team. It could be one of two names 21 but I can't be -- you know, I can't be certain 22 who it was. 23 Q. We've heard from somebody called Susan Harding? 24 A. It wasn't her. 25 Q. Did Susan Harding or any of her team ask you for 137 1 your views on that programme? 2 A. Well, the person I think it was was called Marie 3 Cockett. She may have worked within that team 4 and I remember having a meeting with her to talk 5 through how this would work. 6 Q. Do you recall the use of the "Settle Centrally" 7 button to fill the void left by that programme 8 because we've spoken about the suspense account 9 and the use of it for known errors. Were you 10 aware of the "Settle Centrally" button to be 11 used to, in effect, fill that void? 12 A. Yes. 13 Q. What was your view on that? 14 A. Again, it was supported by being assured that 15 transaction corrections will be supplied with 16 evidence. So if they were provided with 17 evidence that was satisfactory then why wouldn't 18 you settle centrally, if that was your chosen 19 option to do so. I think the gap for me is 20 that, if there wasn't evidence, then what would 21 you do? 22 Q. Can we look at POL00105418, please. It's 23 page 15. This is a number of different 24 documents of -- it's page 15 that I'd like to 25 look at. This is a document that was in your 138 1 bundle. It's an email to Lynn Hobbs. Do you 2 remember who Lynn Hobbs was at all? 3 A. Yes, I remember Lynn. 4 Q. What was her role? 5 A. I know she was a senior manager within the 6 Network Directorate. I can't remember her 7 precise role title. 8 Q. How about John Breeden? 9 A. He worked for her in her directorate. 10 Q. Can I ask you to look at the second paragraph 11 and perhaps read that to yourself and I'd just 12 like you to talk us through the views that are 13 expressed there from yourself. (Pause) 14 A. Okay. 15 Q. Can you assist us with why you're referred to 16 there? 17 A. I'm not entirely sure and I think I've seen 18 a similar note in another part of the bundle 19 with my reference named and I think in that 20 case -- because here it says "totally against" 21 and in that case it said something similar but 22 different in wording. I'm not sure why. 23 I'm not sure whether my name was used to 24 endorse their approach or to back their approach 25 or to say that I was an obstacle to their 139 1 approach. I can't read from that paragraph what 2 my reference was there for. 3 Q. Are you able to assist us with how it happened 4 that something that was established in the 5 policy, in terms of treatment of cash account 6 losses policy and the use of a suspense account 7 for known errors, for example, how that became 8 seen after the IMPACT programme and replaced by 9 the "Settle Centrally" button, how the use of 10 that "Settle Centrally" button became somehow 11 inherently suspicious to the Post Office? 12 A. I'm not sure I would see it as suspicious but, 13 equally, it could still be open to abuse where 14 people click on the button just to get it out of 15 the account. 16 Q. Do you think there was a change in attitude at 17 any point? 18 A. Possibly so. I mean, over time, people change 19 roles, people change views. So I'm not entirely 20 sure, and obviously the system has changed. But 21 yes, I think it may well be that it was 22 considered that, a bit like the suspense 23 account, it was open to being abused. 24 Q. Do you have any views on that now? 25 A. To be honest, it's difficult to go back to that 140 1 time-frame to think through what I was thinking 2 and I know my name's been quoted. I don't 3 personally remember a conversation with John 4 anyway, but I suppose it reflects that my 5 concern would be, if you remove that facility to 6 settle centrally, then there's no transparency 7 in what's going to happen because, if you 8 haven't got the facility to say "I'm going to 9 accept it", even if that's not what you do, 10 there's no record of what happened in that 11 situation. 12 Q. You were aware presumably that the "Settle 13 Centrally" button was used by people both who 14 did accept but also those who didn't accept the 15 amount? 16 A. Well, it definitely could be, yes. 17 Q. One of the purposes of that was to enable the 18 subpostmaster to balance? 19 A. Exactly. 20 Q. I'd like to move on now to bugs, errors and 21 defects. We started today, this morning, by 22 looking at what you wrote in your witness 23 statement about that and we discussed it, and 24 there's one particular incident that I'd like to 25 talk to you about this afternoon, and that 141 1 relates to the Two Ball Lonnen Post Office in 2 Newcastle. I apologise if my pronunciation of 3 that is incorrect. 4 You have been provided with a number of 5 different documents in that respect and I'm 6 going to start with POL00104600. 7 Do you remember -- and I'll take you to the 8 document in due course but you are mentioned in 9 one of these documents. Is this an issue that's 10 broadly familiar to you, even if it's just 11 because we've provided you with the documents 12 recently? 13 A. I remember the name of the branch. I don't 14 remember the detail and, even having looked 15 through the thread of emails, the actual issue 16 itself, you know, isn't particularly familiar. 17 But the branch's name is so clearly there is 18 some information that was available to me at the 19 time. 20 Q. My purpose for taking you to this incident is 21 there are a number of ways in which is the issue 22 was dealt with that I'd like to ask you about 23 and it may refresh your memory of particular 24 issues that cropped up and this is just really 25 being used as an example. This document here is 142 1 from 4 April 2000, so that's early in the life 2 of Horizon, and I think you've already explained 3 who Lynn Hobbs was? 4 A. Well, she worked as a senior manager in the 5 network, yes. 6 Q. And Keith Baines? 7 A. The name's familiar but I can't think who he 8 would be, his role. 9 Q. Now, there is a significant loss in this branch. 10 I'm just going to read you one paragraph or some 11 of the first paragraph, it says: 12 "Both officers have received additional 13 support from HFSOs ..." 14 That's Horizon Field Support Officers; is 15 that right? 16 A. Yes, that's right. 17 Q. "... who investigated the cash accounts to the 18 best of their ability and could not identify any 19 reasons for the shortages. I am told by TP ..." 20 What's "TP"? 21 A. That would be Transaction Processing, which 22 would then become Product and Branch Accounting. 23 Q. "I am told by [Transaction Processing] that no 24 outstanding error notices exist for these 25 offices and that in their opinion they cannot 143 1 identify any system problems for the errors. 2 The worst of the two is Two Ball Lonnen with 3 an outstanding loss of ..." 4 Now, I think that figure is, in fact, 5 incorrect and we'll see why but I think that's 6 meant to be £64,000 rather than £647,000? 7 A. I saw it as 64 anyway. 8 Q. Then there's a second office: 9 "Both offices are run by the same multiple, 10 Nigel Mills, who has a number of other offices 11 in my area. In both instances comments were 12 made by HFSOs about migration errors that would 13 generate error notices and consequently the 14 subpostmaster is now refusing to repay the loss. 15 I know very little about the system but in the 16 case of Two Ball Lonnen this office migrated on 17 a Wednesday", et cetera, et cetera. 18 Are those kinds of issues ones that you 19 recall being experienced by subpostmasters? 20 A. I kind of have a reflection that at the time 21 there's always a sense of there could well be 22 migration issues and there could be a number of 23 aspects to it. There could be a branch that 24 when they migrated already had a problem or it 25 could be there could be something about the way 144 1 the system migrates. So I think there was 2 always a sense of that change over from a manual 3 system to the Horizon System could bring up some 4 issues. 5 Q. If we look at the final couple of sentences in 6 that paragraph, it says: 7 "In the case of both offices the Helpdesk 8 suggested that the system was experiencing 9 problems which would eventually be resolved and 10 an error notice would be generated. RNMs ..." 11 What is RNMs? 12 A. It's an acronym for Retail Network Managers, so 13 it was, at that point, the sort of the liaison 14 between Post Office and the branch, each branch 15 was assigned, I guess, a Retail Network Manager. 16 Q. So: 17 "[Regional Network Managers] knowledge of 18 the system was extremely limited and these 19 assurances were therefore accepted and the 20 offices allowed to carry the amounts in their 21 suspense accounts." 22 If we scroll down -- 23 A. Can I just interrupt there? 24 Q. Absolutely. 25 A. It's just useful to say you've just read out 145 1 that sentence "The Retail Network Manager's 2 knowledge of the system was extremely limited". 3 I think at that period in time, I think the 4 knowledge of the system was limited for a lot of 5 people in the Post Office, auditors, trainers, 6 investigators. I think we were learning as the 7 system was rolled out. 8 Q. Thank you. The final paragraph there says: 9 "I do not believe we should write off almost 10 £70k [that's why it may be 64,000 rather than 11 640,000] without evidence that the system 12 somehow 'created' these errors and they are just 13 'paper errors'." 14 Can we go to another document, same topic, 15 it's POL00104596. We're still in 2000 here, 16 June 2000, and can we turn over the page, 17 please, to page 2, from Keith Baines to Lynn 18 Hobbs: 19 "For Two Ball Lonnen, should the 20 investigation include the [£19,000] in 21 outstanding error notices, or just the [£45,000] 22 authorised cash shortage?" 23 At that time, we can see Keith Baines was 24 head of Horizon commercial. Can we go back to 25 page 1, please, and have a look at the bottom of 146 1 that page. 2 Lynn Hobbs says: 3 "Keith 4 "I would like to include both as the errors 5 in P&As occurred during the same period as the 6 shortages which the office is claiming are due 7 to the system and which we think may be down to 8 in-house fraud." 9 Pausing there, do you remember was it common 10 for branches to be complaining that errors are 11 due to the system? 12 A. I'm not sure common but it had been heard. 13 I had from auditors feedback to say there was 14 a discrepancy and the subpostmaster believed it 15 to be a system error. 16 Q. So that, in fact, is April 2000 and then it's 17 the first email in this chain at the top of the 18 page where we're in June 2000. So that's 19 a couple of months later and this is where your 20 name is mentioned. So Lynn says: 21 "Keith 22 "We discussed these two offices at our last 23 meeting and you said you would send me the 24 information forwarded to Audits. I have not 25 received anything to date and despite trying 147 1 both Chris Paynter and Martin Ferlinc I have 2 been unable to find anyone in Audits who has any 3 recollection of having received information 4 about them." 5 Just pausing there, do you remember being 6 chased at all about this? You don't know? 7 A. No, sorry. 8 Q. "I have received copies of an audit summary for 9 each office for audits carried out on 10 [13 April]." 11 Again, pausing there: audit summary what do 12 you understand by an audit summary? 13 A. I'm assuming that she means an audit report for 14 the branch. Just going back to your previous 15 comment, did I recall being chased? I'm not 16 entirely sure what I'm being chased for. It 17 says not being able to find anyone in Audits who 18 has any recollection of having received any 19 information about them, them being the two 20 branches, I'm assuming. 21 Q. Yes. 22 A. But I'm not sure what sort of information she is 23 expecting. 24 Q. So you don't remember the incident and also you 25 don't -- 148 1 A. No, but I do remember -- I don't remember the 2 second branch's name but the Two Ball Lonnen, 3 I do remember the name and I can't think why 4 that would come to light. 5 Q. The audit summary, though, is that something 6 that would be you could produce in branch from 7 the Horizon System? 8 A. No. As I say, I think this is a written report. 9 I'm guessing what she means by an audit summary, 10 I can't think of anything else other than 11 an audit report. So at the end of each audit, 12 the auditor would write a report in Word and 13 email it to Network Management and, in the case 14 of a subpostmaster at the time, it would be sent 15 by post to them. 16 Q. So an audit summary wouldn't, for example, 17 identify the cause of an issue if it was, say, 18 a technical issue? 19 A. All it would say is this is the discrepancy and 20 where it can be identified what the discrepancy 21 is, so it might be a case of there's a £15,000 22 discrepancy, 10,000 is cash inflation, 3,000 is 23 incorrect foreign currency listings. So it 24 would break down what was known but then it 25 would also have, you know, unknown discrepancy. 149 1 Q. So it would give you the numbers but not the 2 cause of the discrepancy? 3 A. Exactly. 4 Q. This email continues: 5 "It is now over a year since these offices 6 went live and we really do need to resolve these 7 shortages (not surprisingly the subpostmaster 8 who has about 10 offices in my area is unhappy 9 with what he perceives the lack of progress). 10 Can you forward the information sent to audits 11 to me and confirm who in audits is dealing with 12 this." 13 I'm going to take you to another document in 14 the same chain POL00104597. 20 June 2000. I'm 15 going to read to you from that first paragraph. 16 It says: 17 "I was looking to have their transaction 18 information interrogated to try and understand 19 how the errors could have occurred." 20 Pausing there, so they are looking into how 21 they have occurred. At that stage, was that the 22 job of the Retail Network or the Head of the 23 Retail Network, for example? 24 A. I don't believe so and I do not know how it 25 would be possible to be able to eliminate every 150 1 possible cause. 2 Q. "I thought this was what we discussed in terms 3 of obtaining information from Pathway which 4 would only normally be available if we suspected 5 a fraud. What I have received from you is 6 a list of the calls made to the Horizon System 7 Helpline on behalf of the office over the period 8 since Go Live. I assume the information I have 9 received is available basically that touch of a 10 button rather than as a special request which we 11 may have to pay a special payment for. I'm 12 sorry to say that I don't feel I am any further 13 forward with these offices." 14 So it seems as though Lynn Hobbs is trying 15 to get to the bottom of the discrepancy, has 16 been provided with something equivalent to what 17 you, as an auditor, may have been able to obtain 18 from the system itself? 19 A. I'm not sure whether this is referring to the 20 ARQ data, because she refers to the data only 21 being available -- I can't find the words now -- 22 if we suspected a fraud. So that's where the 23 investigators would be involved and they would 24 have the route to obtain that detailed 25 transactional data. 151 1 Q. So the complaint is that she's received a list 2 of the calls made to the helpline but not 3 something more substantive from Fujitsu? 4 A. I think what Lynn makes there is a valid point, 5 that there's a gap in the process there, in that 6 if a discrepancy involves an investigation, then 7 that triggers off obtaining more detailed data. 8 If it doesn't, then there's a gap because 9 nobody's pursuing that data. 10 Q. Absolutely, and that was precisely the question 11 that I was leading to, which is, looking back at 12 your time where you have the job that was being 13 carried out by auditors, do you think that there 14 was a missing job description effectively which 15 is a more technical auditor or someone with 16 technical knowledge who could investigate 17 technical matters? 18 A. If I could go back 20 years I'd do some things 19 very differently and I'm just highlighting on 20 some of the things here. So, yes, absolutely 21 a gap between the discrepancies involving 22 investigators or not and I think there could 23 have been and should have been a role for 24 auditors to fill that gap but it needs the 25 technical expertise, which wouldn't have been 152 1 there. Lynn also mentions about getting details 2 of logs to the Horizon Helpline but also for 3 NBSC. You know, we could and should have been 4 able to access that information. So when we 5 identified an audit loss of X amount, we could 6 then say "But this branch has been reporting 7 issues for the last 20 weeks" and, for whatever 8 reason, we either didn't feel that was 9 available, that data, or what had been -- 10 I don't know what the reason was but, for me, 11 there's a gap there in terms of being able to 12 identify that sort of information that could 13 have been available. 14 Q. Thank you. I'll take you just to one or two 15 more documents in this chain before we end that 16 particular example. POL00104597. 17 We're still in June 2000 and Keith Baines is 18 there emailing Lynn Hobbs. He says: 19 "In order to get detailed information from 20 the system, either special audit functions can 21 be used at the outlet, or -- for older data -- 22 a request has to be made to Pathway by our 23 internal auditors. There's a documented process 24 for this, which from a PO point of view is 25 'owned' by audit." 153 1 So where it's talking audit there, that's 2 not talking about network audit, which is your 3 team, that's talking about the -- 4 A. I am confused because I wasn't sure whether that 5 meant the investigation part, because they will 6 trigger off the request, or whether it meant -- 7 and it would now be Royal Mail internal audit. 8 I personally feel it would mean the 9 investigators. 10 Q. So it may be that audit is being referred to 11 there but, in fact, they mean investigators or 12 what was your reading of that? 13 A. I think in the original documentation from 14 Fujitsu, it referred to Post Office internal 15 auditors, without perhaps using our structure of 16 where we draw a line between audit finishing and 17 investigation starting. 18 Q. It seems there a rather binary choice, that if 19 it is current it can be obtained from Horizon 20 and only if it's older data can a request be 21 made to Pathway. Is that a distinction that you 22 remember at all? 23 A. Yes, in the sense of, at the branch, data was 24 available and I can't remember how many days but 25 perhaps for a trading statement's worth of days, 154 1 40 days, or something like that, and then any 2 data beyond that period of time would not be 3 accessible in the branch. So you would have to 4 request it from Fujitsu or Pathway, in this 5 case. 6 Q. I'm going to read on. It says: 7 "The process envisages an auditor visiting 8 the outlet in the first place to examine the 9 data held locally -- auditors can log on with 10 a special password that gives them access to 11 additional reports not available to other 12 users." 13 Do you think this might be 14 a misunderstanding of the auditor's role or do 15 you think this is an accurate description of 16 what an auditor could have done? 17 A. I'm wondering whether it's a misunderstanding of 18 me, either now or then, as to what an auditor 19 can access because my understanding was that 20 an auditor could access everything that 21 a manager at the branch could access. This is 22 suggesting that there's additional activity that 23 they could access, and I don't know whether 24 that's true or whether my memory's failing me, 25 but I thought that auditors could only access 155 1 what a subpostmaster or a branch manager could 2 access themselves. 3 Q. Then, in the third paragraph, he says: 4 "Then, if access to centrally archived data 5 is required, the auditor will complete 6 a specification form setting out the data 7 required -- eg what data types, what period 8 et cetera. Pathway can cope with a maximum of 7 9 requests per month; my understanding is that 10 a request could cover more than one outlet, so 11 to maximise the use of the limited number 12 available a co-ordinated approach is desirable. 13 For each request Pathway will extract the 14 relevant records from their data warehouse. The 15 data is provided more or less in its raw, 16 unprocessed form, so interpretation will take 17 time and need someone with a thorough 18 understanding of the audit trail specification." 19 So, again, he's referred there to auditors 20 completing a specification form? 21 A. So either, as I said, I'd misunderstood this and 22 actually there was a facility for auditors to 23 access information beyond what is available to 24 the branch or this refers to investigators. It 25 talks about a maximum seven requests per month 156 1 and I don't know if that ties in with the 2 requests for ARQ data that investigators say 3 they can only have so many requests. I don't 4 know if it's per month or whatever. 5 Q. Do you recall that limitation on the number of 6 reports that could be obtained from Fujitsu? 7 A. I don't remember the number but I know there was 8 a limitation. 9 Q. Do you recall POL's approach to that limitation? 10 Were there concerns about the limited number or 11 was it just accepted? 12 A. I don't recall whether after that number there 13 was a charge. There might have been the ability 14 to have more than that number but chargeable. 15 I don't remember POL's approach to that. 16 Q. And the reference at the end of this email: 17 "The data is provided more or less in its 18 raw, unprocessed form, so interpretation will 19 take time and need someone with a thorough 20 understanding of the audit trail specification." 21 From the evidence that you've given today, 22 it doesn't seem as though that is the kind of 23 job that could have been done by an auditor? 24 A. No, we didn't have that skillset to perform that 25 sort of role. Not to say we couldn't have 157 1 achieved it but, equally, I don't feel that we 2 had it. 3 Q. Can we look at POL00093128, please. This is 4 still with Two Ball Lonnen. Here we're in 5 August 2001, so quite a considerable time later, 6 and this is an email from the Retail Line 7 Manager and he says: 8 "It may help you to understand my concern if 9 I explain that there is an ongoing dispute about 10 shortages at this office ..." 11 The Subpostmaster is blaming the Horizon 12 System for the shortages. 13 Then we have reference there to concerns, 14 the issue concerning advice given by the Post 15 Office Helpline to the OIC -- I presume that's 16 officer in the case? 17 A. Officer in charge. 18 Q. Officer in charge, Tracey Dowson, is that 19 somebody you recall? 20 A. I think that's the person in charge of the 21 branch, the branch -- 22 Q. They wouldn't be referred to as the OIC, would 23 they? 24 A. "The ... advice given by Post Office Helpline to 25 the [Officer in Charge] Tracey Dowson ..." 158 1 So the officer in charge being the person in 2 charge of the branch. 3 Q. The officer in charge of investigating the 4 branch? 5 A. No, no, no. 6 Q. Or you are saying it's -- 7 A. Because it's a nominee subpostmaster -- it's not 8 a subpostmaster, it's a nominee -- they will 9 have their own branch manager, for want of 10 a better phrase, the term "Officer in Charge" is 11 just referring to that person, the person in 12 charge of that branch. 13 Q. Can you just remind us why there would be 14 a nominee subpostmaster. 15 A. So nominee subpostmaster would -- I can't think 16 of a particular company involved but it would be 17 a company that would have perhaps 300 or 400 18 branches under their name, and so they would be 19 the nominee subpostmaster, even though they've 20 got 300 or 400 branches. So at each of their 21 branches they would appoint/employ a manager to 22 run their branch. 23 Q. I'm just going to read from her report. She 24 says: 25 "'I spoke to Carl who was very helpful but 159 1 still no answers, he said it was a ghost figure 2 in the system. I proceeded to roll the figures 3 over as told and that Carl would contact myself 4 on the Thursday morning. 5 "'After the phone call he told me he had 6 spoken to his Manager and that they were happy 7 it would show as a shortage the next week, the 8 explanation given is that it was a ghost figure 9 that had got into the system but they did not 10 know how'." 11 Now, did you ever hear the term "ghost 12 figures"? 13 A. I don't recall hearing it at the time. I've 14 heard it since and, obviously, since I've left 15 the Post Office and this trial I've heard those 16 terms but I don't recall at the time hearing 17 those terms. 18 Q. If we scroll down in the message from the Retail 19 Line Manager he says: 20 "Clearly remarks about 'ghost figures in the 21 system' attributable to our own staff are not 22 likely to inspire confidence in Horizon and in 23 this case may prove very damaging." 24 We talked about a bug earlier called the 25 phantom transaction bug? 160 1 A. Right. 2 Q. Were these kind of issues reaching your desk? 3 A. No. The emails that you show me, I've not had 4 sight of those emails and particularly those 5 emails where my name's been inside them. 6 I would have expected to have had some 7 visibility copied into those emails. 8 Q. Did you see it as part of your function to draw 9 together themes from various audits, words that 10 were used, such as ghost transactions, or themes 11 of bugs, errors and defects that may have been 12 raised by subpostmasters? 13 A. I think there should have been a greater role in 14 bringing together themes. As I said to you 15 earlier, I think we could have had a role in 16 looking at the logs of calls made to NBSC and 17 trying to analyse what sort of calls are being 18 made. Having said that, I would expect NBSC and 19 their management to be doing that as well to be 20 able to say "Look, we've had all these calls in 21 the last month, these are the issues". They may 22 have been doing that but the outputs were not 23 reaching my desk. 24 MR BLAKE: I think that might be an appropriate 25 moment for a break. I only have about 161 1 15 minutes' worth of questions after the break. 2 There will be some questions from other Core 3 Participants but, sir, are you content for us to 4 take a 15-minute break now? 5 SIR WYN WILLIAMS: Yes, I am. That's fine. 6 MR BLAKE: Thank you very much. 7 (3.08 pm) 8 (A short break) 9 (3.25 pm) 10 MR BLAKE: Can we now look at POL00021420. 11 Mr Ferlinc, we were talking before the break 12 about the need for some sort of macro analysis 13 or drawing together various strings. I'm now 14 going to move on to your time on the Risk and 15 Compliance Committee. I think you said this 16 morning you attended or went on the committee or 17 something along those lines. 18 A. I attended many if not most of the meetings but 19 I don't think I was considered a member. 20 Q. This particular example is 22 March 2006 and, if 21 we turn to page 3, it has your name -- it 22 appears that that's one that you weren't -- you 23 didn't attend but it does refer to you or, 24 certainly, you're not listed in the members in 25 attendance. Is this something you recall at 162 1 all? 2 A. I'm not sure if -- there's three paragraphs 3 there and it says "Closed" afterwards. I'm not 4 sure if that's just the whole action has been 5 closed, in which case there seems to be 6 a summary of the analysis done. But, as 7 I touched on before and you've highlighted, 8 I think there needed to be greater analysis 9 done. One of the things that I feel was 10 missing, perhaps, was to look at sort of 11 post-event analysis. 12 What I mean by that is, if we have a branch 13 where a subpostmaster is accumulating losses 14 week, after week, after week and that results in 15 their suspension and someone else takes over the 16 branch, I think it was a big gap to look at the 17 branch performance with the new person in charge 18 because, if those losses continued, that would 19 suggest, well, perhaps it's nothing to do with 20 the subpostmaster, there's something in the 21 branch that needs to be looked at. 22 Conversely, if the losses suddenly stopped, 23 that might also give some information as well. 24 I don't think that analysis was ever thought 25 through at the time to look at branches' 163 1 performance after a change of ownership. 2 Q. Why not? 3 A. I'm not sure. I look at it today and think that 4 feels so obvious as a piece of activity to have 5 done and relatively simple. If you look at 80 6 branches, potentially those 80 branches would 7 have ended up with new people in charge to sort 8 of track their performance over the next 9 6/12 months to see is the profile of the 10 branch's performance the same or different and 11 what does that tell us? I just think that was 12 a lost opportunity. 13 Q. So if we look at this as an example, the kind of 14 macro-analysis that was taking place was, for 15 example, analysing 80 branches with the largest 16 shortages -- 17 A. Yes. 18 Q. -- rather than looking at follow-on from 19 suspension or looking at particular bugs that 20 had been referred to by different 21 subpostmasters? 22 A. It would just have been simply a bit of number 23 crunching, identifying that these branches had 24 a similar sort of profile, so they might have 25 all had information in the risk model that 164 1 suggested there was an issue in cash 2 declarations or it could have been they were all 3 rural branches. I guess that's what the 4 analysis would have looked at, at that stage. 5 Q. Can we look at POL00021421, please. This is 6 another meeting of the Risk and Compliance 7 Committee on 6 September 2006. You're listed on 8 this occasion as in attendance. If we look at 9 the summary action points, and it's 0904, it 10 says there: 11 "To analyse those branches where a financial 12 irregularity has been revealed during 2006/7, to 13 ascertain if there are any common profiles." 14 Your name is there as the lead on that. 15 A. I think, again it probably just goes back to 16 what I said before. I think this was looking at 17 the profiles of those branches where there was 18 an irregularity. So was there a particular 19 stream in the risk model that suggested that was 20 a concern, were there different types of that 21 branch also in the risk model that we should 22 target. Basically, I think that links to the 23 previous activity. 24 Q. There were annual reviews. I mean, if we look 25 at POL00033398, for example, I won't take you to 165 1 any particular pages but, I mean, you did 2 produce reviews. Why didn't those reviews 3 address those kinds of issues? 4 A. I think this particular review on the quality 5 auditing was triggered by the movement of the 6 audit teams to the network. I personally had 7 expressed a reservation of the move to 8 a directorate, in terms of potential conflict of 9 interest, auditors auditing branches where they 10 might have also trained the same branch. So, as 11 part of that, I think to mitigate that concern, 12 there was a sense of, well, let's go and do 13 a piece of work to see whether there's any 14 concern about the auditing quality. 15 I think I might have mentioned in my 16 statement at some point, probably the mid-2000s 17 when I was heading the auditing team, my team 18 was reviewed/audited by the internal audit team. 19 So it's kind of followed that theme of someone 20 auditing the auditors. 21 Q. If I was to draw the themes together from some 22 of your evidence today, certainly when you began 23 you talked about the size of the team and it 24 reducing over time, especially in the late 1990s 25 onwards, and you've talked about auditors not 166 1 being able to cover as many or carry out many 2 audits as they previously had. 3 Is funding or the sufficiency of the numbers 4 of your team in any way to blame for that lack 5 of analysis or is it something else? 6 A. I think a couple of things. I think yes, 7 absolutely, costs reduction, head count 8 reduction throughout the 2000s put pressure on, 9 you know, limiting resource with increased 10 amounts. So as we went into financial services, 11 there were more demands on compliance 12 activities. So you got those two pressures of 13 more auditing requirements, product managers 14 wanted their products audited against limiting 15 resource and then we got the skillset. 16 So I would have liked to have seen a broader 17 wider skillset, more qualified skillset, which 18 challenged against the headcount reduction. So 19 those kind of two aspects created the challenge. 20 Q. Did you raise those concerns with anybody? 21 A. I would have raised it with my line manager. 22 I think everybody, though, was in the same 23 position, you know. My line manager was under 24 pressure to reduce resource. Everybody across 25 the business had those challenges. 167 1 Q. When you refer to your line manager, do you mean 2 Tony Marsh or Rod Ismay? 3 A. At that time it would have been Keith Woollard. 4 Q. The very final document I am going to take you 5 to, I think, post-dates your time. It's 6 POL00086765. 7 I don't know if this is a document familiar 8 to you at all? 9 A. Only because I have seen it in the bundle. But 10 it was quite a long time after my time. 11 Q. If we look there, there is an analysis of the 12 audit team and the second bullet point on the 13 left-hand side, it says: 14 "Audit activity is restricted to the 15 checking of cash and stock and the validation of 16 procedural compliance questions." 17 Is that something that you agree with as 18 a concern? 19 A. Yes, this is another review of the -- I'm 20 assuming this is the internal audit team 21 reviewing the auditors. But, yes, in terms of 22 that paragraph, audit activity was very much 23 focused on asset verification and compliance 24 procedural checks. 25 Q. The asset verification would have made sense 168 1 pre-Horizon because you're counting physical 2 numbers that are in stock in a branch but did 3 that make less sense post-Horizon? 4 A. I don't think so because there still needs to be 5 some assurance that the cash is at the branch. 6 There still needs to be some assurance that our 7 assets are safeguarded. So I don't think it 8 follows that there's less validity. 9 Q. Was the audit team ill-equipped for the 10 additional challenge of Horizon -- data from 11 Horizon? 12 A. As I said earlier, across the board, I think 13 there were challenges with a group of personnel 14 who hadn't grown up with technology at their 15 finger tips and learning, you know, quite 16 steeply in this learning curve. 17 Q. If we look on the right-hand side under 18 "Weaknesses", if we look at number 2: 19 "Poor management information, only 20 statistics of visit numbers get reported." 21 Number 6: 22 "Currently not a professional audit 23 service." 24 Are these concerns that you recognise at 25 all? 169 1 A. Well, in terms of too -- again, I don't know 2 what the management information is looking like. 3 There was a bit more than statistics when I was 4 involved but I don't know what it looked like 5 in -- what period is this? Is it 2013? Not 6 sure it says. 7 Q. I don't think it says the date. If we go to 8 page 3, please, and the bottom of page 3 that 9 addresses number 4. It says there: 10 "The Auditing effort in Network is primarily 11 focused around checking cash and testing counter 12 staff compliance with statutory and contractual 13 requirements. 14 "The Network Support Team is made up of 15 approximately 220 FTE that are utilised to 16 conduct a mix of audit work and training. The 17 majority of staff are drawn from Post Office 18 Counters, although some have been 19 subpostmasters. All new staff receive detailed 20 induction training [this is over the page], 21 however, based on our review, none of the staff 22 have any formal audit qualifications, nor do 23 they have any professional audit training or 24 experience prior to their appointment." 25 Are those concerns that you shared or share 170 1 now? 2 A. Absolutely. As I said earlier, our team was 3 filled with resource, purely based upon 4 a background of counter and to some extent cash 5 centre experience. But post-Horizon, and 6 I mentioned in my witness statement -- or 7 pre-Horizon that was quite a valuable resource, 8 people who knew how counters worked they knew 9 how the cash account worked, they had been 10 working in branches. Post-Horizon, they didn't 11 know how Horizon worked other than the training 12 they were afforded. 13 Q. Finally, in that second box about halfway down, 14 it says: 15 "No detailed issue or trend information is 16 produced to better inform management of possible 17 systemic issues, strengths of weaknesses of 18 control or management of risk across the 19 business or within areas/regions." 20 Again, is that something that I think you 21 would agree with from the evidence you have 22 given to me? 23 A. As I said, this is, what, five years after the 24 audit team left me and two years after I left 25 the business but I think it feels like a fairly 171 1 common view that was shared prior to me leaving. 2 MR BLAKE: Thank you. There will be questions from 3 other Core Participants but is there anything, 4 having seen all of that and all the evidence 5 we've been through today, anything that you 6 would like to raise with the chair? 7 A. I don't think so. 8 SIR WYN WILLIAMS: Thank you very much. 9 MR BLAKE: Sir, do you have any questions before we 10 move to Core Participants? 11 SIR WYN WILLIAMS: No, thank you, no. 12 MR BLAKE: Thank you. I will start with Ms Page. 13 Questioned by MS PAGE 14 MS PAGE: Hello, it's Flora Page. I'm representing 15 a number of subpostmasters. 16 I want to ask you particularly about Nichola 17 Arch it's probably not a name that you know but 18 she was a subpostmaster who was amongst the same 19 very early pilot as the Two Ball Lonnen branch. 20 So in that very, very early stage, long before 21 most of the rest of the network received 22 Horizon, she and the Two Ball Lonnen branch were 23 both in that first wave. 24 Just like them, she suffered doubling up 25 problems. The same sort of problems -- if we 172 1 dig down into that Two Ball Lonnen 2 correspondence, what we see is a doubling up 3 problem and she experienced that in that same 4 wave of rollout. 5 But when her branch suffered doubling up, 6 she was prosecuted. Now, her branch was 7 a single or a "singleton", as I think they were 8 sometimes known, whereas, of course, Two Ball 9 Lonnen was part of this big chain and it seems 10 that, as a result of being part of a big chain, 11 Two Ball Lonnen got completely different 12 treatment. 13 Do you think that there is a risk or 14 a likelihood that subpostmasters who ran single 15 offices were treated less fairly because they 16 were small, less noticeable, more easy to run 17 over, as it were? 18 A. I'm not sure that's case and I can understand 19 why that might be perceived that way. I think 20 my concern, if I can just sort of broaden that 21 point, I think, is that the people who ran 22 offices their own, singletons, I don't think the 23 support structure was there, particularly in 24 terms of Horizon rollout. 25 If I'm working at a Crown Office and my 173 1 branch has been rolled over to Horizon, I've got 2 people around me to talk to, "I'm having 3 a problem with this transaction, what do I do?" 4 When you're a single subpostmaster, you're on 5 your own and, yes, you've got a phone call but 6 it's not the same thing as having someone to 7 turn to. So I think just side-stepping your 8 question in itself, I think there was perhaps 9 a lack of support and understanding of how 10 single subpostmasters needed to be supported 11 differently. 12 So I understand that view, potentially, of 13 how multiples/nominee postmasters were perhaps 14 treated differently but I think, actually, 15 I think single subpostmasters should have been 16 treated differently in being given more support. 17 Q. In a way, you seem to be agreeing with what I'm 18 saying, in that they received the same support 19 that multiples maybe did get and the Crown 20 Offices maybe did get? 21 A. Yes, absolutely. 22 MS PAGE: Thank you. 23 MR BLAKE: We have questions from Ms Patrick and 24 Mr Stein. 25 Questioned by MR STEIN 174 1 MR STEIN: Mr Ferlinc, I have a few questions to ask 2 of you. Can I ask though to go back to 3 a document that Mr Blake showed you, I think, 4 about five minutes ago. 5 Frankie, if I give you the reference number, 6 it's POL00033398. 7 Mr Ferlinc, I represent a large number of 8 subpostmasters and mistresses and I'm instructed 9 by a firm of solicitors called Howe+Co. So we 10 should have on the screen -- 11 I believe I have the number right, 12 POL00033398. 13 SIR WYN WILLIAMS: No, it's a different number, 14 Mr Stein, on the screen, on my screen anyway. 15 MR STEIN: Sir, I agree. I think we are just 16 tracking down the right one. Yes, we have it. 17 Thank you very much. 18 So this is a document, we can see, 19 Mr Ferlinc we have your name there. The date is 20 February 2011 "Assurance Review: Quality of 21 Auditing". Now, if we can just go please 22 through to page 4 of that document to start off 23 with, just helping us with the presentation of 24 this, these appear to be in slide format is this 25 a presentation or a draft of a presentation? 175 1 A. Yes, it's the way that reports -- it was just 2 the theme at the time. A lot of reports were 3 written in a PowerPoint fashion, partly it's 4 a reporting mechanism but also it enables it to 5 be presented. 6 Q. Okay. If we look at that page, which is page 4, 7 and we go to the middle of the page it says: 8 "The key findings from this review that 9 require further review or attention relate to 10 the following issues ..." 11 So if we centre ourselves on the date, this 12 is 2011. You have spoken to Mr Blake more 13 generally about the process of audit and the 14 difficulties that you've discussed with him. So 15 let's just have a look at some of the details 16 that are being expressed here: 17 "Branches selected randomly for audits are 18 not done on the basis of random sampling 19 methods." 20 So if we unpick that, it doesn't sound as 21 though there are random audits; is that right? 22 A. Okay, so up until 2008/2009 maybe, there was 23 a method for truly selecting random branches for 24 audit. I believe that this is saying that, 25 after that, they weren't strictly random, there 176 1 was some bias to the sample of random. So it 2 might be that they chose random but because they 3 didn't have the resource in a particular area, 4 they excluded that area from random sampling. 5 Q. Right. Because if you don't have random 6 sampling, then, as you're aware from having 7 worked in audit for years, biases can creep in? 8 A. Absolutely, and that was the message we wanted 9 to put across. Up until 2008/2009, I was 10 satisfied that there were true random sampling 11 methods applied. After that time, there wasn't. 12 Q. But if it wasn't random, then who is doing the 13 selection of the places of the post offices that 14 should be targeted for auditing? Who is doing 15 that? 16 A. Well, it would be the selection team within the 17 audit team or whatever that team was called at 18 the time but they weren't applying true random 19 sampling methods. They were adding a bias to 20 that method. So they were choosing 5 per cent 21 but they were skewing the sample by excluding 22 certain areas from the population. 23 Q. So just help us a little bit more with this. 24 When you say excluding certain areas of the 25 population, what are we talking about? Are we 177 1 saying that they chose, I don't know, one 2 particular town over another or they chose -- 3 A. I can't remember the detail. All I can remember 4 is that the sampling methods were flawed. 5 Q. You will forgive me saying this doesn't sound 6 like it's a good idea, if you are introducing 7 something which is skewering, effectively, the 8 results because -- 9 A. I'm agreeing with you. My finding is this was 10 a negative aspect that needed to be addressed. 11 Q. Okay. Let's see if it gets better or worse. 12 A. Okay. 13 Q. Bullet point 2: 14 "Team members seem to lack awareness of how 15 the Branch Profile works, and therefore, why 16 they are auditing a branch." 17 This seems to be a bad thing on its own but 18 in combination with non-random sampling it seems 19 to make it worse; do you agree? 20 A. I agree. This is my report and I highlighted 21 these issues. 22 Q. How is it that you've got members of the team 23 that seem to lack awareness of how the branch 24 profile works and why they are even there? 25 A. Right can I just take a step backed. This is my 178 1 review of a team that I was not managing. I was 2 reviewing an auditing activity. This was not my 3 team, this was the team underneath the network 4 that was performing training and auditing 5 activities, and I was reviewing the quality of 6 that activity. 7 These are negative views that we probably 8 share because these are negative findings from 9 the review. 10 Q. But, as against the positive findings on the 11 same page, the negatives do appear to be rather 12 more, how can I put it, negative. They don't 13 seem to be balanced by the positive findings? 14 A. There were more negatives than positives. 15 Q. Whose failure is this? Is it yours because you 16 are not maintaining oversight as the managerial 17 level or is it the team's? Who is the failing? 18 A. It's the team leader of the Network Audit 19 Support Team. 20 Q. Who was? 21 A. I beg your pardon? 22 Q. What's the name of this team leader? 23 A. I don't know the name of the team leader. 24 Q. Now, earlier in your evidence, you were 25 discussing with Mr Blake another document that 179 1 you had dealt with. I'll just put this up on 2 the screen for the moment just so we identify 3 what it is. 4 Frankie, it's POL00088867. 5 You recall this document. You were asked 6 a number of questions about it. The matters 7 that I just want to draw your attention, just as 8 a reminder, this version is dated, it seems, 9 7 September 2003. You will see that is the 10 fourth entry down, thank you, and that the 11 author is you, Martin Ferlinc, National 12 Audit & Inspections Manager, and its owner is 13 described Tony Marsh. Just help us understand 14 the connection between the author here and the 15 owner. You write the thing, yes. What does 16 "owner" mean? What does that mean in terms of 17 the Post Office? 18 A. He owns the policy, he authorises the policy, he 19 gives oversight to the policy. 20 Q. Does that mean that, in terms of your drafting 21 of this, it then goes to Mr Marsh and Mr Marsh 22 then approves it for further work or use within 23 the organisation? 24 A. Yes -- 25 Q. How does that bit work? 180 1 A. There's normally an assurance process on this 2 first table. It seems to be missing from this 3 particular document but there's normally 4 an author, an assurance process and an owner. 5 So, normally, an assurance process would look at 6 it and critique it and give feedback and the 7 owner would sign it off. 8 Q. Right. So somewhere, assuming this went 9 further, this particular policy would go to 10 Mr Marsh, the Head of Security, yes, and he 11 would then sign it off and then that becomes the 12 embedded document within the organisation; is 13 that right? 14 A. Yes. 15 Q. Can we just understand other thing, which is the 16 relationship between you as the National 17 Audit & Inspections Manager and Tony Marsh, Head 18 of Security. Does that mean that the Audit and 19 Inspections part of POL at this time were under 20 control auspices of Head of Security or 21 Security? 22 A. Yes. 23 Q. So Security Department, it's not just checking 24 to make sure the windows are closed and that the 25 fire alarms are on, and things like that. This 181 1 is the type of security that relates to the 2 proper functioning of the system; is that 3 correct? 4 A. Not of the system. Tony Marsh was the Head of 5 Security, Investigations and Audit. So the 6 personnel that reviewed security policies in 7 branches, investigation policies and now the 8 audit and procedural inspection policies. 9 Q. When you say investigations, investigations 10 means the investigations into the possible 11 offences that may have been committed by 12 subpostmasters? 13 A. Yes. 14 Q. So it's bringing together audit, which is 15 reviewing the quality of the operational systems 16 and giving an oversight of that and a result in 17 relation to that, as well as investigating? 18 A. Those three teams Audit, Security (physical 19 security) and then Investigations, which may 20 have been called internal crime or external 21 crime, they all were separate entities under 22 Tony's ownership. 23 Q. Who had brought them together under Tony's 24 ownership? 25 A. From my recollection, because I used to report 182 1 to Alan Barrie, the Operations Directorate there 2 was a decision made that -- security 3 investigations, I think, has always been 4 together from when I joined Post Office, 5 I think. Those two teams were always together. 6 And the idea from Alan Barrie was that there was 7 a natural synergy for Audit to be under Tony's 8 command. That would have been around about 9 2000/2001 perhaps. 10 Q. Okay. So we can take from your evidence that 11 the contents of this document, which you 12 described in your evidence today looking at it 13 with Mr Blake, parts of it were unfair. We can 14 take that this document was something that was 15 known about to Mr Marsh, Head of Security? 16 A. Yes. Just to clarify, I feel it's unfair now. 17 Whether I felt it was unfair at the time is 18 a different situation because I don't think at 19 that time, I believed that there were systematic 20 problems at branches involving Horizon. Now, 21 clearly it does appear unfair. 22 Q. Let's take that on then. Let's go back to the 23 time when you are writing this in 2003. We can 24 look at the parts of it but you appear to be in 25 agreement that this is saying that 183 1 a subpostmaster who's experienced a loss that 2 they've got no explanation for, there's no other 3 explanation for it, you've got nothing to say 4 that it's system fault, then tough. Their 5 problem, they've got to pay? 6 A. Yes. 7 Q. Does that sound like it seems fair to you at the 8 time, in September 2003? 9 A. At the time it must have done but it doesn't 10 seem fair now. 11 Q. If you owned a shop Mr Ferlinc and someone came 12 to you and said "Well, look, mate, the situation 13 is this, that there's some money gone missing 14 here, can't say it's your fault but you've got 15 to pay up", does that sound like that's fair to 16 you now? 17 A. It depends on how it's gone missing. 18 Q. Well, you don't know. This is what is being 19 said in this document. It doesn't matter how 20 it's gone missing. It's not been proven to be 21 the fault of the subpostmaster. 22 A. But equally then, there are other things that 23 could have happened. It could have been 24 an error. If you look at the amount of 25 transaction corrections, the number of error 184 1 notices, there are so many errors that were 2 being made and are probably still being made, 3 there could be members of staff employed by the 4 subpostmaster who may be taking money from them, 5 there could be procedural security faults. So 6 someone might just put their hand round the till 7 and swipe some money. There's so many potential 8 losses that could have occurred. 9 Q. Yes, but I'm not even too sure you have actually 10 mentioned any of those being the fault of the 11 subpostmaster but, yet, your document is saying 12 they have got to pay up? 13 A. But contractually they are liable for losses 14 through negligence and carelessness and error. 15 Q. And you think that only sounds unfair now, 16 Mr Ferlinc? 17 A. No, I'm saying if they are negligent, if they 18 are -- carelessness, if they've made an error 19 then it's appropriate that they would be liable 20 for the losses. I think what I'm saying now is 21 that any errors relating to system issues would 22 not have been fair. 23 Q. Help us a little bit more with this. I am going 24 to take you to another document in a moment but 25 just help us a bit more with this. This 185 1 suggestion, which is that you are saying has got 2 something to do with the contractual 3 requirements or you are saying this is the way 4 it always was, was at the something that you had 5 been told about, that you had been told by 6 a manager about by somebody else saying look 7 Mr Ferlinc this is the way it works. Is that 8 something you were told? 9 A. When I joint the Post Office, when I joined the 10 audit team, the contract very clearly stated 11 that liability. 12 Q. Right. Now, just reminding ourselves that the 13 date of this document is 7 September 2003 I am 14 going to take you to a different document, which 15 is a Fujitsu document. 16 Frankie, it's FUJ00098169. 17 This is, as you can see, this is the front 18 page of this document, "Fujitsu Services input 19 to Feasibility Study". This essentially is at 20 the starting point of the IMPACT study, the 21 IMPACT programme? 22 A. Okay. 23 Q. If we can go then to page 6 of this document -- 24 page 6 on Relativity pagination, please, 25 Frankie -- and then I'm going to be referring to 186 1 the fourth and fifth paragraph on that page, so 2 the one at the starts "Fujitsu Services is 3 pleased to submit this document". 4 So for clarity, Mr Ferlinc, I am not 5 expecting you to have seen this document or, 6 indeed, have been aware of it at the time. 7 I just want to concentrate on the fact that this 8 is a 2003 document, this is earlier to your 9 document and I want to see what's coming 10 together in relation to this. This is saying 11 this: 12 "Fujitsu Services is pleased to submit this 13 document developed as an input to the Post 14 Office E2E feasibility study [that's End-to-End 15 feasibility study] and looks forward to 16 continued joint working in the development of 17 effective systems to support the Post Office 18 business. All pricing and timescales assume 19 this approach. 20 "This paper sets out Fujitsu Services 21 approach to the systems re-architecture, 22 explains the design aims, outlines indicative 23 pricing and offers a proposed implementation 24 plan." 25 So that, in summary, is what this thing is 187 1 about. 2 Then page 34, please, Frankie. 3 So the paragraph I'm identifying here is 4 3.2.4 "Project 4 -- Branch Liability 5 Management": 6 "Within the 'Accounting, Reconciliation and 7 Settlement, including Debt Recovery and Branch 8 Control' area of the business the following key 9 business priorities have been identified: 10 "Simplify identification of debt. 11 "Reduce the amount of reconciliation. 12 "Increase the amount of debt recovered ..." 13 Then the fourth bullet point: 14 "Put the emphasis on clients and customers 15 to validate the data." 16 Now, do you agree that, in the context of 17 what we're talking about here, the clients and 18 customers to validate the data, we're talking 19 about the subpostmasters and mistresses in the 20 branches? 21 A. Clients would be people like DVLA, clients would 22 be the people that we're managing products for. 23 Q. Subpostmasters? 24 A. I think -- I'm not quite sure how -- I would say 25 clients is DVLA, NS&I. 188 1 Q. We can read on: 2 "Simplify branch processes by reducing the 3 amount of paper. 4 "Centralise/consolidate agents debt. 5 "Enable matching of cash at branches with 6 settlement with client." 7 A. Client is DVLA, Alliance & Leicester; that's 8 what a client is. 9 Q. So you don't believe that this applies to the 10 branch offices? 11 A. There might be aspects of it that do but those 12 things you pointed out don't. 13 Q. I see. Now, we understand that the position in 14 relation to the IMPACT system at the time was 15 that there was a need at the time, 2003, for the 16 Post Office to make more money. It was 17 essentially having financial difficulties. Is 18 that something you're aware of? 19 A. Well, I mentioned throughout my presence today 20 that there was a theme of reducing costs. 21 Making more money is just the other side of that 22 coin. 23 Q. Right. Where this is enabling matching of cash 24 at branches was settlement with client, what's 25 that refer to? What do the branches refer to? 189 1 A. Can you just point out which point you're 2 referring to. 3 Q. That's, I think, the seventh bullet point down. 4 A. I'm not sure how that links, the matching of 5 cash with settlement with client. I've no idea. 6 Q. You don't think this might relate to 7 subpostmasters? 8 A. It's talking about settlement with the client. 9 So I don't understand how it links with 10 a matching of cash. 11 Q. Well, what are these branches being spoken about 12 here then? 13 A. I didn't write the document. I don't know what 14 it means. It doesn't make any sense to me. 15 Q. I see. Well, let's just go with the "put the 16 emphasis on clients and customers to validate 17 the data"; is that something you're familiar 18 with in relation to the operation of the Horizon 19 System that whoever is operating the system 20 they've got to validate the data? 21 A. No. 22 Q. Why doesn't that make any sense to you? 23 A. Because Products and Branch Accounting would be 24 matching the data. They'll be matching the data 25 that they get from branches to Horizon with the 190 1 data that's provided from the clients. 2 Q. Right. But then this document from Fujitsu is 3 seeking to suggest that clients and customers, 4 they've got to validate the data. What does 5 that mean to you? 6 A. It doesn't mean anything to me. Maybe Fujitsu 7 haven't understood the terminology that Post 8 Office would use. 9 Q. I see. Well, let's try it another way round. 10 How would a subpostmaster, going back to our 11 earlier discussion in relation to losses, how 12 would they be able to find the evidence that 13 relates to the operation of the Horizon System? 14 What access did they have? 15 A. The same access that an auditor would have in 16 terms of access -- 17 Q. The same access as who? 18 A. The same access as an auditor would have such as 19 all the transaction reports that come out of 20 Horizon; so transaction logs, summaries that 21 they would get out of the system. 22 Q. So you think that the branch managers in the 23 individual branches had the same access as the 24 audit team? 25 A. That was my understanding at the time and it is 191 1 my understanding now that the branch manager has 2 the same access level as the auditor. That 3 might be a false memory but that is my memory. 4 Q. This question of what they had access to, the 5 branches, is quite important; do you not agree? 6 That if they -- 7 A. I agree. 8 Q. I'm just trying to understand what the audit 9 process was, though. Did you not make sure that 10 the branch managers and mistresses had access to 11 the same material or is it just something you're 12 thinking, well, that probably happened or it 13 should have happened. Which? 14 A. They would have had the same access. I think 15 what I'm not sure about is whether auditors had 16 additional access to additional reports. 17 Q. There seems to be -- if you draw back from your 18 evidence, there seems to be a few things that 19 are quite problematic. You're talking about 20 a contractual obligation on subpostmasters and 21 mistresses to make good losses, yes? 22 A. Mm-hm. 23 Q. That's your first -- is that an assumption you 24 made or that was what you were told? 25 A. It's what I read in the contract manual. 192 1 Q. You read that in the manual? 2 A. In the subpostmasters' contract, I seem to 3 remember section 12 to 15 had details about the 4 liability that subpostmasters had for losses 5 through negligence, carelessness, error. 6 Q. Right. Well, what about trying to prove a loss 7 when it's the system that's come up with it? 8 A. I agree. If the system's created a loss, it's 9 very difficult for either party to be able to 10 prove it. 11 Q. If the pressure on the subpostmaster and 12 mistress is that they've have got to, as this 13 document appears to be saying, they've got to 14 validate the data, they've got to actually show, 15 you know, where the problem is, if it's a system 16 error then how are they meant to do that? 17 A. As I said, I agree with you. If there's 18 a system error, it wouldn't be easy for either 19 party to be able to say this is an error that's 20 been caused by the system. 21 Q. Mr Ferlinc, when did it come to you that this 22 was a bit of a problem? This has only come to 23 you before giving evidence that you thought, 24 well, bit of a pity these subpostmasters and 25 mistresses didn't really -- weren't aware of 193 1 what was going on with the Horizon System and 2 that we just nailed them for the money anyway? 3 A. No, I think what I said before is that these 4 system errors weren't visible. They weren't 5 things that I was aware of at the time. 6 Q. When were you aware of -- 7 A. Probably when I left the business and in the 8 media reports following, you know, the 9 mid-2010s. 10 Q. You were aware of some errors with the system. 11 You've not said it was perfect. 12 A. Hey, it wasn't perfect and no system is perfect. 13 As I said, every software system will have bugs 14 and quirks and they are fixed. 15 Q. So who told you day-to-day, week-to-week of the 16 errors? What reports did you get? 17 A. I didn't get any reports. 18 Q. Did you investigate? Did you -- 19 A. I didn't. 20 Q. -- as an example, in whatever way you could, 21 give Fujitsu a ring or ask to visit them and 22 consider with them how they deal with -- 23 A. No. 24 Q. You don't feel that that's something of 25 a failure? 194 1 A. I think with hindsight there were many things 2 that could have done differently, absolutely. 3 Q. In hindsight? This was a failure at the time, 4 Mr Ferlinc, a failure by you and your department 5 actually not grasping the nettle and not 6 actually look at what problems lurked behind the 7 scenes. Do you not agree? 8 A. No, I don't agree because at the time my team's 9 responsibility was for validating assets at 10 branches and that's what the team delivered. 11 Q. You don't feel it was your responsibility just 12 to keep your eyes closed, Mr Ferlinc, and just 13 sort of barrel on regardless? 14 A. Not at all. I didn't feel that's what I was 15 doing. 16 MR STEIN: Excuse me one moment. 17 Thank you, sir. 18 SIR WYN WILLIAMS: All right. Is that all the 19 questioning, Mr Blake? 20 MR BLAKE: It is, yes. 21 SIR WYN WILLIAMS: Right. Well, thank you very 22 much, Mr Ferlinc, for coming to give evidence 23 and answering a great many questions and for 24 answering them, so far as I'm concerned, at 25 least with clarity. Thank you. 195 1 MR BLAKE: Thank you very much, sir. We're back at 2 10.15 tomorrow morning with Mr Marsh. 3 SIR WYN WILLIAMS: Very good. See you all at 10.15. 4 (4.07 pm) 5 (Adjourned until 10.15 am the following day) 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 196 1 I N D E X 2 3 BEN FOAT (affirmed) ...........................3 4 Questioned by MR BEER .........................3 5 MARTIN CHARLES GEORGE FERLINC (sworn) ........72 6 Questioned by MR BLAKE .......................72 7 Questioned by MS PAGE .......................172 8 Questioned by MR STEIN ......................174 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 197