Provisional List of Issues
Updated 22 September 2021
This provisional list of issues has been prepared in order to identify the key themes on which the Inquiry intends to focus its investigative work. This provisional list of issues is being published to enable core participants and other interested persons to make representations to the Chair before the list is completed and the Inquiry’s investigative work commences.
For the avoidance of doubt, the Chair will be guided by the evidence that emerges throughout the Inquiry and the completed list of issues will not bind the Chair to investigate only those issues set out therein or necessarily to investigate a listed issue irrespective of the sufficiency of evidence that is identified.
It is open to individuals to provide the Inquiry with written submissions on the content of the provisional List of Issues below.
The Inquiry asks any person who wishes to provide submissions on the List of Issues to provide two separate documents as outlined below:
1. A schedule that identifies all proposed amendments in the following format: [Section], [paragraph], [wording of any proposed amendments]. Any proposed amendments should be listed in the same order as the provisional List of Issues.
2. A document that contains brief written reasons explaining all proposed amendments.
Please do not provide the existing provisional List of Issues with proposed amendments shown as tracked changes. All submissions must be sent in writing to the Solicitor to the Inquiry at the email address solicitor@postofficehorizoninquiry.org.uk by 5.00pm on 10 September 2021.
The email subject title should read ‘[Person / organisation name] – Written submissions in relation the provisional List of Issues’.
Please note that submissions are not mandatory.
As noted in Statement of Approach 004, if the Chair considers it necessary, he will convene a hearing at which oral submissions about the list of issues can be advanced by Core Participants only.
Please contact the Solicitor to the Inquiry if you have any queries.
The Horizon IT System
A. Adoption and design
1. Who was responsible for decision-making in relation to the commissioning, selection, specification and design of the Horizon IT System?
2. What factors influenced (a) the decision to adopt and (b) the design of the Horizon IT System?
3. What role, in particular, did commercial and financial considerations play?
B. Pilot and roll out
4. What issues were identified during the piloting of the Horizon IT System?
5. By whom were they identified and to whom were they reported?
6. What investigations were carried out and by whom were they undertaken?
7. Were their scope and the conclusions which they reached appropriate?
8. What (if any) remedial action was taken?
9. What (if any) assurances were given regarding the resolution of these issues prior to the roll out of the Horizon IT System? By whom and to whom were they given?
10. Was it appropriate for such assurances to be given and relied upon?
11. What (if any) steps were taken to bring these issues to the attention of sub-postmasters and sub-postmistresses (SPMs), managers and assistants? Were these adequate?
12. Was the Horizon IT System fit for purpose when it was rolled out?
13. If not, was this known at the time and, if so, by whom?
C. Modifications
14. What significant changes were made to the operation and functionality of the Horizon IT System during the relevant period[footnote 2]?
15. What factors influenced those changes?
16. What consideration (if any) was given to the concerns expressed by SPMs, managers and assistants about the operation and functionality of the Horizon IT System during the relevant period?
17. To what extent (if at all) did any of the changes made improve the operation and functionality of the Horizon IT System for SPMs, managers and assistants?
18. What (if any) changes were made, in particular, that impacted branch accounting procedures?
19. When and for what reason(s) were such changes made?
20. What effect did such changes have?
21. What (if any) steps were taken to consult and to notify affected SPMs, managers and assistants about such changes being made? Were these adequate?
D. Training
22. What training was provided in relation to the use and operation of the Horizon IT System to SPMs, managers and assistants during the relevant period?
23. At what stage and by whom was the training delivered?
24. What experience and qualifications did those responsible for delivering training have? Were these adequate?
25. In what respects (if any) was the training provided to SPMs, managers and assistants adequate or inadequate?
26. What (if any) changes and improvements were made in the provision of training during the relevant period?
27. Is the training currently provided to SPMs, managers and assistants in relation to the use and operation of the Horizon IT System sufficient?
E. Advice and assistance
28. What advice and assistance were available to SPMs, managers and assistants in relation to the operation of the Horizon IT system during the relevant period?
29. How and by whom were these provided?
30. What experience and qualifications did those responsible for providing advice and assistance have? Were these adequate?
31. In what respects (if any) was the advice and assistance provided adequate or inadequate?
32. What (if any) changes and improvements were made in the provision of operational advice and assistance during the relevant period?
33. Is the operational advice and assistance currently provided to SPMs, managers and assistants in relation to the Horizon IT System sufficient?
F. Resolving disputes
34. What practices and procedures were in place during the relevant period regarding the reporting, investigation and resolution of disputed shortfalls, discrepancies and transaction corrections?
35. Who was responsible for conducting investigations into the cause(s) of disputed shortfalls, discrepancies and transaction corrections?
36. What experience and qualifications did they have? Were these adequate?
37. What factors influenced the scope of the enquiries which were undertaken and the conclusions which were reached?
38. What role, in particular, did financial considerations play?
39. In what circumstances (if any) was authorisation given to place disputed items into the central suspense account pending investigation?
40. Should such a procedure have been adopted as a matter of course?
41. Are the current procedures for reporting, investigating and resolving disputed shortfalls, discrepancies and transaction corrections adequate?
Knowledge
42. What information and knowledge did the stakeholder organisations (including Post Office Limited, Royal Mail Group Limited, Fujitsu Services Limited, the National Federation of Subpostmasters, the Communication Workers Union and any relevant predecessor companies or bodies) and government departments have about the following facts and matters during the relevant period:
a) Bugs, errors and defects in horizon:
- the existence and extent of bugs, errors and defects in the Horizon IT System
- the ability of such bugs, errors and defects to cause apparent discrepancies or shortfalls in branch accounts
- the ability of such bugs, errors and defects to undermine the reliability of the Horizon IT System accurately to process and to record transactions
- the extent to which apparent discrepancies or shortfalls arose in branch accounts as a result of bugs, errors and defects in the Horizon IT System
b) Other sources of errors:
- the ability of errors in data entry and branch accounting procedures to cause discrepancies in branch accounts
- the ability of errors in data transfer and processing to cause discrepancies in branch accounts
- the ability of errors in reference data to cause apparent discrepancies in branch accounts
- the ability of errors in third party data to cause apparent discrepancies in branch accounts
- the extent to which such errors in fact caused apparent discrepancies in branch accounts
c) Access to information:
- the limited extent and format of the reports and transaction data available on the Horizon IT System to SPMs, managers and assistants
- the inability of SPMs, managers and assistants to access or properly to identify transactions recorded on the Horizon IT System
- the inability of SPMs, managers and assistants to identify the causes of apparent or alleged shortfalls or discrepancies in their branch accounts
- the fact that Fujitsu held audit data which contained a complete and accurate record of all actions performed by a SPM, manager or assistant when using the Horizon IT System
- the fact that Fujitsu held records (i.e. PEAKs and KELs) relating to the occurrence of bugs, errors and defects in the Horizon IT System
- the fact that Post Office Limited had a contractual right to obtain copies of such data and records
d) Remote access:
- the ability of Fujitsu employees to alter transaction data or data in branch accounts without the knowledge or consent of SPMs, managers and assistants
- the ability of Fujitsu employees to implement fixes in the Horizon IT System which had the potential to affect transaction data or data in branch accounts without the knowledge or consent of SPMs, managers and assistants
- the extent to which such access rights and privileges were used by Fujitsu employees
- the extent to which their use affected the reliability of branch accounts
e) Robustness:
- the fact that Legacy Horizon was not “remotely robust”
- the fact that the robustness of the first iteration of Horizon Online (i.e. HNG-X) was “questionable”
- the fact that the second iteration of Horizon Online (i.e. HNG-A) was “robust”
- the extent of the risk that shortfalls in branch accounts were caused by the Horizon IT System during the period in which Legacy Horizon and HNG-X were in use
43. At what level within the stakeholder organisations and government departments were these known?
44. When and in what circumstances did they first become aware of these matters?
45. How did their knowledge develop over time?
46. What enquiries and / or investigations did they undertake or request in respect of these matters?
47. By whom were these enquiries and / or investigations undertaken?
48. Were their scope and the conclusions which they reached appropriate?
49. What (if any) assurances were they given about these matters?
50. By whom and to whom were such assurances given?
51. Was it appropriate for such assurances to be given and relied upon?
52. What (if any) steps were taken by the stakeholder organisations and government departments to bring these matters to the attention of SPMs, managers and assistants?
53. To what extent (if at all) were the solutions or fixes (which were implemented to remedy bugs, errors and defects in the Horizon IT System) tested with SPMs, managers and assistants?
Contractual liability for shortfalls
A. Policies and guidelines
54. What policies and guidelines were adopted during the relevant period regarding the contractual liability of SPMs for shortfalls shown by the Horizon IT System?
55. Who was responsible for determining those policies and guidelines?
56. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
57. What factors influenced the formulation of those policies and guidelines?
58. Was legal advice obtained? If so, from whom?
59. To what extent (if at all) did those policies and guidelines differ from the approach taken to Crown Office employees?
60. For what reason(s) did it differ (if at all)?
61. What (if any) changes were made to the policies and guidelines over the relevant period?
62. When, by whom and for what reason(s) were those changes made?
63. What effect (if any) did those changes have?
64. Are the current policies and guidelines in relation to the liability of SPMs for shortfalls shown by the Horizon IT System appropriate?
B. Audits
65. Who was responsible for conducting audits of SPMs’ branch accounts during the relevant period?
66. What training and qualifications did they have? Were these adequate?
67. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
68. In which circumstances were audits of SPMs’ branch accounts scheduled?
69. How promptly were they completed?
70. To what extent (if at all) were auditors authorised to exercise Global User rights permitting them to inject transactions into branch accounts?
71. In which circumstances (if at all) were such rights exercised by auditors?
72. What (if any) records were made by auditors in relation to the exercise of such rights?
73. What (if any) information was communicated to SPMs following the exercise of such rights by auditors?
74. To what extent (if at all) were the auditors’ findings properly communicated to SPMs during the relevant period? If so, how were their findings communicated?
75. What (if any) improvements have been made in the conduct of audits?
76. Are the current procedures for auditing SPMs’ branch accounts adequate?
C. Suspension and termination
77. Who was responsible for decision-making during the relevant period regarding:
- the suspension and reinstatement of SPMs? *the termination of SPMs’ contracts?
- the determination of appeals against termination?
78. What training and qualifications did they have? Were these adequate?
79. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
80. Upon which source(s) of information did they rely when taking their decisions?
81. What (if any) enquiries did they undertake or request regarding the cause(s) of disputed shortfalls shown by the Horizon IT System? Were these adequate?
82. What test and procedures were applied when determining appeals? Were these appropriate?
83. For what reason(s) was the contractual right to appeal removed from SPMs during the relevant period? Who was responsible for that decision?
84. What (if any) improvements have been made to the procedures for suspension, reinstatement, termination and the determination of appeals?
85. Are the current procedures in relation to suspension, reinstatement, termination and the determination of appeals fit for purpose?
D. Debt recovery
86. Who was responsible for conducting civil proceedings to recover shortfalls shown by the Horizon IT System?
87. What training and qualifications did they have? Were these adequate?
88. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
89. What (if any) advice or guidance did they receive regarding their duty of disclosure?
90. Upon which source(s) of evidence did they rely when bringing proceedings?
91. What (if any) policies or guidelines were in place regarding the provision of evidence by employees of Fujitsu during the relevant period? Were these appropriate?
92. Is the current practice in relation to the recovery of shortfalls shown by the Horizon IT System adequate?
Private prosecutions
A. Policies and guidelines
93. What policies and guidelines were adopted during the relevant period regarding the bringing of private prosecutions against SPMs, managers and assistants alleged to be responsible for shortfalls shown by the Horizon IT System?
94. Who was responsible for determining those policies and guidelines?
95. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
96. What factors influenced the formulation of those policies and guidelines?
97. What (if any) role did the recovery of alleged financial losses play?
98. Was legal advice obtained? If so, from whom?
99. To what extent (if at all) did the policies and guidelines differ from the approach taken to Crown Office employees?
100. For what reason(s) did it differ (if at all)?
101. When did Post Office Limited cease bringing private prosecutions?
102. By whom and for what reason(s) was that decision taken?
103. What effect (if any) did that decision have?
104. How does Post Office Limited now handle cases of suspected criminal conduct?
B. Investigations
105. Who was responsible for conducting criminal investigations during the relevant period into SPMs, managers and assistants alleged to be responsible for shortfalls shown by the Horizon IT System?
106. What training and qualifications did they have? Were these adequate?
107. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
108. What (if any) advice or guidance did they receive regarding (a) their duty to conduct a thorough investigation; (b) their duty to pursue all reasonable lines of enquiry; and (c) their duty of disclosure? Were these adequate?
109. What factors influenced the scope of the enquiries which were undertaken?
110. What (if any) role did financial or reputational considerations play?
111. Who was responsible for supervising or reviewing the conduct of these criminal investigations?
112. What training and qualifications did they have? Were these adequate?
113. To what extent (if at all) was independent oversight exercised in relation to the conduct of these criminal investigations? By whom was it exercised and was it adequate?
C. Charging decisions
114. Who was responsible for making charging decisions during the relevant period in respect of SPMs, managers and assistants alleged to be responsible for shortfalls shown by the Horizon IT System?
115. What training and qualifications did they have? Were these adequate?
116. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
117. What policies, guidance or principles did they apply when making charging decisions? Were they applied appropriately?
118. In what circumstances where charges of theft authorised? To what extent (if at all):
- was there sufficient evidence to support such charges?
- did the charges place improper pressure on defendants?
- were they intended to do so?
119. Who was responsible for supervising or reviewing charging decisions?
120. What training and qualifications did they have? Were these adequate?
121. To what extent (if at all) was independent oversight exercised in relation to charging decisions?
D. Prosecutions
122. Who was responsible for conducting the prosecution of SPMs, managers and assistants alleged to be responsible for shortfalls shown by the Horizon IT System during the relevant period?
123. What training and qualifications did they have? Were these adequate?
124. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
125. What (if any) policies or guidelines were in place regarding the provision of evidence by employees of Fujitsu during the relevant period? Were these appropriate?
126. Who was responsible for supervising or reviewing the conduct of private prosecutions?
127. What training and qualifications did they have? Were these adequate?
128. How (if at all) was supervision of private prosecutions exercised?
129. To what extent (if at all) was independent oversight exercised in relation to the conduct of prosecutions? By whom was it exercised and was it adequate?
E. Disclosure
130. Who had responsibility for decision-making in relation to disclosure of documents in the course of the criminal proceedings during the relevant period?
131. What training and qualifications did they have? Were these adequate?
132. What (if any) information or knowledge did they have of the matters listed at Q.42 above?
133. What (if any) advice or guidance did they receive regarding their duty of disclosure?
134. What, if any, action did they take upon receipt of that advice?
135. What factors influenced the scope of the disclosure which was provided to defendants?
136. What (if any) role did financial or reputational considerations play?
137. Were the decisions which they took in relation to disclosure appropriate?
F. Negotiation and acceptance of pleas
138. Who was responsible for decision-making in relation to the negotiation and acceptance of pleas by SPMs, managers and assistants alleged to be responsible for shortfalls shown by the Horizon IT System during the relevant period?
139. What policies, guidance or principles did they apply when making their decisions? Were they applied appropriately?
140. In what circumstances and upon what conditions were charges not pursued? Were these appropriate?
141. In what circumstances and upon what conditions were pleas accepted? Were these appropriate?
Support, representation and redress for SPMs
142. What support and representation were available during the relevant period to SPMs, managers and assistants alleged to be responsible for shortfalls shown by the Horizon IT System?
143. Who was responsible for providing such support and representation?
144. In what respects (if any) were the support and representation provided adequate or inadequate?
145. What challenges did SPMs, managers and assistants face when seeking (a) to expose the failings of the Horizon IT System and (b) to obtain redress for the wrongs which they suffered as a result of those failings?
146. What opportunities, in particular, did SPMs, managers and assistants have to obtain funding for legal representation? Were these adequate?
147. What (if any) policies or strategies were adopted by Post Office Limited in response to the efforts of SPMs, managers and assistants (a) to expose the failings of the Horizon IT System and (b) to obtain redress for the wrongs which they suffered as a result of those failings?
148. Who was responsible for determining those policies or strategies?
149. To what extent (if at all) has Post Office Limited and / or Fujitsu Services Limited either assisted or obstructed the efforts of SPMs, managers and assistants (a) to expose the failings of the Horizon IT System and (b) to obtain redress for the wrongs which they suffered as a result of those failings?
150. What factors, in particular, led to the failure of the Post Office Complaint Review and Mediation Scheme?
151. To what extent (if at all) has Post Office Limited properly delivered upon the commitments which it made in the mediation settlement to make improvements in its relationships with SPMs and to bring finality to all outstanding issues in respect of historic shortfalls via the Historic Shortfall Group Scheme?
152. To what extent (if at all) has the creation and implementation of the Historic Shortfall Group Scheme and the Interim Compensation Scheme provided an adequate means for affected SPMs, managers and assistants to obtain redress for the wrongs which they have suffered?
Governance and whistleblowing
A. Monitoring performance of horizon
153. What systems were in place during the relevant period for testing and monitoring the performance of the Horizon IT System? Were these adequate?
154. What (if any) contractual obligations were imposed upon Fujitsu during the relevant period in relation to the identification, investigation, recording and reporting of:
- bugs, errors and defects in the Horizon IT System
- other network and system failures
- the impact of such events upon branch accounts
155. Were these adequate?
156. To what extent did Fujitsu comply with such obligations during the relevant period?
157. What (if any) internal and external measures were in place to monitor Fujitsu’s compliance with such obligations during the relevant period?
158. To what extent (if at all) have improvements been made in the levels of testing, monitoring, compliance and reporting?
B. Managing bugs, errors and defects
159. What systems were in place during the relevant period for managing and rectifying bugs errors and defects in the Horizon IT System? Were these adequate?
160. What (if any) contractual obligations were imposed upon Fujitsu during the relevant period in relation to:
- the adoption of measures to rectify bugs, errors and defects in the Horizon IT System
- the use of access rights and privileges by Fujistu employees to remedy errors in transaction data and branch accounts
161. To what extent did Fujitsu comply with such obligations during the relevant period?
162. What (if any) internal and external measures were in place to monitor Fujitsu’s compliance with such obligations during the relevant period? Were these adequate?
163. To what extent (if at all) have improvements been made in the management, rectification and reporting of bugs errors and defects in the Horizon IT System?
164. Are the current arrangements adequate?
C. Technical competence
165. What (if any) technical expertise did Post Office Limited have during the relevant period in relation to IT matters?
166. Was the level of technical expertise sufficient for Post Office Limited to understand the risks involved in relying upon information from the Horizon IT System?
167. What (if any) improvements were made in the level of technical expertise within Post Office Limited during the relevant period?
168. Is the current level of technical expertise sufficient?
D. Engagement with SPMs
169. What procedure(s) existed during the relevant period for SPMs, managers and assistants (whether individually or collectively) to raise concerns and grievances, in particular, regarding:
- the operation and functionality of the Horizon IT System
- the adequacy of the information, training, advice and assistance provided to them
- the adequacy of the investigations undertaken into disputed shortfalls, discrepancies and transaction corrections
- the conduct of audits, suspension and termination
170. Were they adequate?
171. To what extent (if at all) were the concerns and grievances raised by SPMs, managers and assistants:
- recorded and monitored; and
- reported to the senior management of the stakeholder organisations and government departments?
172. Are the current procedures for raising, recording, monitoring and reporting such concerns and grievances sufficient?
E. Government oversight
173. What mechanism(s) were in place during the relevant period to enable the government to exercise oversight in relation to the performance of Post Office Limited and its compliance with its legal and ethical obligations?
174. Were these adequate?
175. To what extent (if at all) did the government exercise any oversight of strategy formation and policy making concerning:
- the recovery of losses shown by the Horizon IT System
- the bringing of private prosecutions
- the conduct of litigation brought against Post Office Limited
176. What (if any) changes or improvements have been made in the level of oversight which the government exercises in relation to Post Office Limited?
F. Whistleblowing
177. What policies and procedures were in place during the relevant period within the stakeholder organisations and government departments to enable employees and workers to report wrongdoing?
178. Were these adequate?
179. To what extent (if at all) was there a culture within the stakeholder organisations and government departments of covering up wrongdoing?
180. To what extent (if at all) have changes and improvements been made in the culture, policies and procedures of the stakeholder organisations and government departments?
Human impact
181. What impact have the failings of the Horizon IT System had upon affected SPMs, managers and assistants?
182. What physical, emotional, financial and reputational consequences have resulted from SPMs, managers and assistants being:
- required to make good apparent shortfalls shown by the Horizon IT System
- alleged to be responsible for shortfalls and discrepancies shown by the Horizon IT System
- accused of committing criminal offences as a result of shortfalls and discrepancies shown by the Horizon IT System
- convicted of criminal offences as a result of shortfalls and discrepancies shown by the Horizon IT System
183. What impact have the failings of the Horizon IT System had upon the families of affected SPMs, managers and assistants?
184. How have the stakeholder organisations and government departments responded to the human impact?
-
The Inquiry intends to adopt the definition of the Horizon System which was used by Mr Justice Fraser in his Judgment (No. 6) “Horizon Issues”. Accordingly, for the purposes of this Provisional List of Issues, “the Horizon IT System” shall mean the Horizon computer system hardware and software, communications equipment in branch and central data centres where records of transactions made in branch were processed. ↩
-
The Inquiry’s investigative work is at a preliminary stage and the precise period of relevance to a particular issue or organisation under investigation will vary. It is, nonetheless, necessary to provide some broad parameters for the purposes of this Provisional List of Issues. Accordingly, the “relevant period” for this purpose shall mean from the time of the first pilot of the Horizon IT System until 1st June 2021 (i.e. the date on which the Inquiry was established). ↩