|
|
|
|
|
|
by HenryBemis
894 days ago
|
|
|
I cannot blame the contractors. I can only blame the Royal Mail/Post Office. On the world of RACI, the client is always the A. I don't expect the guy who gets paid to be honest. I expect the payer to do their checks. And stuff like that could have been picked up but an ITGC audit, Project Audit (reqs), SOX, any type of break/smoke test.. and so on.. Somebody dropped the ball - hard. This could have been prevented and/or detected and/or corrected. Having served as Internal Audit for many many years, I get angry because I/someone in my line of work should have caught this. Now.. WTF was the internal audit of Royal Mail/Post Office? Why isn't the CAE brought in for questioning and what was the scope of their audits? Yes, definitely NOT YC company. But I don't see any YC companies hiring auditors, only engineers ;) |
|
|
It's become very clear as the public enquiry has progressed [1] that Fujitsu were:
- aware of several bugs - including ones they'd fully understood the cause and mechanics of - that would induce double-counting of transactions
- aware that criminal prosecutions were underway against users of the system in which just such double-counted transactions would clearly have had a material impact on the case and the evidence aduced
- failed to raise the above in a timely manner, either to the Post Office who had directly requested audit logs, to external auditors, or to the justice system itself
[1] https://www.theguardian.com/uk-news/2024/jan/17/post-office-...