Over recent years, in hindsight a ridiculously long time, I’ve been following the painfully drawn out scandal of the Post Office’s Horizon accounting system. It’s very rare for an internal accounting system to attract massive publicity, but this has been a special case. Many lives have been ruined by a mixture of bad software and truly dreadful management.
Now that the legal case brought by the victims has been successfully concluded I want to set out some of the my thoughts, and explain why I am appalled at the way that the Post Office, and its IT supplier, Fujitsu, behaved. My criticisms are not moral judgments, but are based on my experience in IT auditing, fraud investigtion and software testing. The Horizon case had many features that should have alerted a good internal audit department to some fundamental problems.
In “part 1 – errors and accuracy” in the three part series looks at system and user errors, the level of accuracy that systems must have, and the lamentable attitude of the Post Office.
In “part 2 – evidence & the ‘off piste’ issue” I explain why I was dismayed at the aggressive way that the Post Office investigated and prosecuted alleged fraudsters and did so even though its working practices, and those of Fujitsu, undermined confidence in the integrity of their systems and data. Having worked as an IT auditor on system audits and fraud investigations this is as an aspect of the case I found particularly shocking.
The final post “part 3 – audit, risk & perverse incentives” discusses how internal auditors have to be strongly independent and think about risk in a different way from the senior executives. The Post Office’s internal auditors do not seem to have been strong enough to do the job they were paid for.