top | item 38967986

(no title)

To be fair, neither of the two organisations responsible for Horizon over the period in question - Fujitsu Services, formerly ICL Pathway - in any way resemble your pastiche of "YC Offspring" startups.

Indeed, they were the exact opposite: huge multinationals with presumably gigantic legal, infosec and HR policy departments who could probably jump through the various compliance hurdles required by this procurement process in their sleep.

By comparison the startups you're complaining about usually take years to reach sufficient maturity to take part in large public sector procurement processes like this.

Clearly in this case maturity and scale were not a bulwark against incompetence, opacity and mendacity. Indeed the opposite - as I type this the Post Office's lawyers Herbert Smith Freehills are making mealy mouthed justifications for witholding reams of technical evidence from the public enquiry for months. It's disgusting, and as someone running a small business and endlessly having to justify our commitment to information security, data privacy and transparency I find the hypocrisy infuriating.

discuss

HenryBemis|2 years ago

I cannot blame the contractors. I can only blame the Royal Mail/Post Office.

On the world of RACI, the client is always the A. I don't expect the guy who gets paid to be honest. I expect the payer to do their checks.

And stuff like that could have been picked up but an ITGC audit, Project Audit (reqs), SOX, any type of break/smoke test.. and so on..

Somebody dropped the ball - hard. This could have been prevented and/or detected and/or corrected.

Having served as Internal Audit for many many years, I get angry because I/someone in my line of work should have caught this.

Now.. WTF was the internal audit of Royal Mail/Post Office? Why isn't the CAE brought in for questioning and what was the scope of their audits?

Yes, definitely NOT YC company. But I don't see any YC companies hiring auditors, only engineers ;)

robbbbbbbbbbbb|2 years ago

You definitely should blame the contractors.

It's become very clear as the public enquiry has progressed [1] that Fujitsu were:

- aware of several bugs - including ones they'd fully understood the cause and mechanics of - that would induce double-counting of transactions

- aware that criminal prosecutions were underway against users of the system in which just such double-counted transactions would clearly have had a material impact on the case and the evidence aduced

- failed to raise the above in a timely manner, either to the Post Office who had directly requested audit logs, to external auditors, or to the justice system itself

[1] https://www.theguardian.com/uk-news/2024/jan/17/post-office-...