NCVO
Cyber Essentails

Testing the Limits

In 2000 the Post Office introduced a new accounting system ‘Horizon’ to manage all its branches. Over the next few years hundreds of sub-postmasters/postmistresses were prosecuted for theft, fraud and other charges as the system identified money was missing from the accounts.

Many of these people went to prison, even a pregnant woman and others had their lives ruined. One man even committed suicide.

The Post Office a bastion of trust with the UK population in court said the system was correct and it was the sub-postmasters/postmistresses that were the criminals.

Over the last few years cracks began to show, a report by Second Sight specialists in fraud investigation who were brought in to vet the system for the Post Office and give it a good bill of health, highlighted its flaws and said the system was not ‘Fully Fit for Purpose’. Documents that would have showed accounting errors were hidden by the Post Office and then they produced a document to counter Second Sights report.

Finally after many years over 550 former sub-postmasters/postmistresses have brought a class action against the Post Office and it has been shown how bad the system really was.

This week the Post Office has finally settled the action by paying out £58 million to pay the claimants.

The real cost here though is the people who went to prison and have lost their livelihoods, homes, lives, friends and family. These people will have the long task now of getting the prosecutions overturned and pardoned, but that will not stop the prejudice against them when looking for jobs.

What went wrong?

As someone who worked on financial systems for many years, I suspect flawed testing and management pressure to deliver the software into production was a primary problem. If it works and the system errors are low, then release it. We can fix any shortfalls later. This is not uncommon in the business world but can be a minefield further down the line (Companies like Microsoft have operated like this for many years).

If we has system discrepancies we would run the systems through, re-processing the data we had in a test/debug environment and see if we could

  • a) reproduce the error
  • b) identify the point it would go wrong.
  • c) fix it
  • d) test it (including all the previous testing)
  • e) release the new version to production.

It should have been obvious to the Post Office management that they would not suddenly have that many fraudsters on their hands and it should have raised a red flag about the Horizon system. Of course if they knew that this number of fraudulent sub-postmasters/postmistresses is/was the norm then the Post Office must be in really bad shape.

In this case the Post Office were almost Judge, Jury and Executioner, they could bring prosecutions without referral to anyone like the DPP, their evidence was of their own making and some people have said the evidence was a a fabrication.

It’s important here that people are aware that computer systems are fallible and that incidents like this should not immediately make you think that your local retailer is a crook, they maybe, but proper systems, procedures and controls need to be in place to insure impartiality.

The Institution of Analysts and Programmers is working hard ‘Improving Software for Society’ with schemes like FURST and our Academic Partnerships. It is difficult when large organisations do not even follow the basics of software development practice.

The moral here is to TEST, TEST, TEST and then TEST again! and trust your end users, they are usually annoyingly right.

Comments are closed.