undefined | Better HN

0 pointsHenryBemis2y ago0 comments

I cannot blame the contractors. I can only blame the Royal Mail/Post Office.

On the world of RACI, the client is always the A. I don't expect the guy who gets paid to be honest. I expect the payer to do their checks.

And stuff like that could have been picked up but an ITGC audit, Project Audit (reqs), SOX, any type of break/smoke test.. and so on..

Somebody dropped the ball - hard. This could have been prevented and/or detected and/or corrected.

Having served as Internal Audit for many many years, I get angry because I/someone in my line of work should have caught this.

Now.. WTF was the internal audit of Royal Mail/Post Office? Why isn't the CAE brought in for questioning and what was the scope of their audits?

Yes, definitely NOT YC company. But I don't see any YC companies hiring auditors, only engineers ;)

0 comments

1 comments · 1 top-level

robbbbbbbbbbbb2y ago

You definitely should blame the contractors.

It's become very clear as the public enquiry has progressed [1] that Fujitsu were:

- aware of several bugs - including ones they'd fully understood the cause and mechanics of - that would induce double-counting of transactions

- aware that criminal prosecutions were underway against users of the system in which just such double-counted transactions would clearly have had a material impact on the case and the evidence aduced

- failed to raise the above in a timely manner, either to the Post Office who had directly requested audit logs, to external auditors, or to the justice system itself

[1] https://www.theguardian.com/uk-news/2024/jan/17/post-office-...

j / k navigate · click thread line to collapse