scte long read
External auditors must “evaluate the internal controls of the corporation, and that includes the effectiveness
what action – and that is why responsible corporations try to ensure it does not happen.” Nick’s book explains that while owned by the government, it had neither oversight into what was going on, nor much interest either. The organisation itself seemed answerable to nobody and in the case of the Horizon software issues, the onus was on the Subpostmasters to prove the software was faulty, rather than the Post Office to support their workers, whose contracts with the Post Office had them at a distinct disadvantage as well. It was easy to just keep prosecuting the little people than admit the software was faulty. Several elements are at work here, preventing positive change for the better. We have looked at the problems associated with dated management styles, public sector accountability and ambitious digitisation projects. Culturally, there is an element of secrecy within digitisation; the IT industry is characterised by independent contractors who would be understandably unwilling to fall on their sword and risk never working in the industry again by speaking out about wrongdoings, cover-ups or just plain old incompetence. Auditors are supposed to prevent issues like this from becoming huge problems but that did not happen in the case of the Post Office. External auditors must “evaluate the internal controls of the corporation, and that includes the effectiveness of the internal auditors while also assessing whether the financial position of the company,” according to James Christie, and he is right of course. It is not within their remit to tackle user errors, bugs and glitches. Internal IT auditors should have been investigating whether these compromised the integrity of systems but Christie feels they were “toothless, asleep on the job and not challenging the rampant misconduct and incompetence at work.” How this was allowed to happen undetected, for so long, is astonishing. “The Post Office internal audit function was a disgrace. So far, no one has actually been found accountable for any of this misconduct within the Post Office in all this time, but the long-overdue inquiry will hopefully remedy that.” Another aspect is the sheer number of parties involved along a digitisation supply chain, and the resulting margin for error that can take place at any point. Making changes in that environment is like turning a super tanker around; it is glacial in
start-ups, and the world’s big four tech companies are headed up by men with an average age now of just 52. When Facebook, Google, Amazon and Apple began life, their owners’ lightbulb moment occurred in their late teens and 20s. US Management Consultants McKinsey & Company have done a lot of work in this space and feel their Digital Factory approach can achieve significant change quickly via small groups of experts on the ground, effecting change as errors occur. They say their research tells them “only 16% of executives say their company’s digital transformations are succeeding”, so clearly something fundamental is required. Could this happen again? Nick sighed. “Unfortunately, yes. I hope this episode will put to bed once and for all the idea that computers are glorified calculators and 2+2 will always equal 4. Modern systems are vast, sprawling ecosystems that are regularly updated by back-end inputs, to the extent that if you press 2+2 on the front end of your terminal you might nine times out of ten get four, but once in a while you’ll get five. And therefore, you cannot rely on those systems.” James Christie agrees. “Nick has put his finger on the problem, although I would add that we have to rely on these systems, but we CANNOT trust them absolutely. We need very carefully designed checks and balances to help us spot and contain problems before they lead to disaster.” All the examples covered have much in common but in the case of the Post Office, the uniquely antiquated culture within the organisation served management far better than the Subpostmasters themselves. Sloppy IT security, a culture of staff openly sharing logins and terminals also served to benefit the Post Office and undermine the victims’ defence. James Christie feels strongly that such a practice “completely undermines accountability. I am amazed that convictions took place at all. A good barrister could surely have thrown a skipload of reasonable doubt onto the prosecution case if the defence had brought in a co-worker to confirm the routine sharing of IDs, and an expert witness to confirm that such sharing makes it impossible to prove who took
of the internal auditors while also assessing whether the
speed and imprecise, and there are the careers and egos of senior managers on the line, preventing progress. The more high-profile the project, the harder it is to turn the tanker, or even slow it down; people are generally not interested in turning it around and it is always politically disastrous to admit mistakes have been made. Better to continue the same path and throw money at the problem, or in the case of the Post Office, throw innocent people into jail. financial position of the company,” according to James Christie, and he is right of course. As with many of today’s technology problems, it seems education and the mere passage of time are possible solutions to the problems highlighted here. Certainly, a new agile approach to management is essential, given the outrageous sums of money wasted in applying yesterday’s approaches to tomorrow’s problems. There are cultural issues, egos to massage, optics to consider and popularity in the polls all playing a part. In the case of the Post Office, it was a catastrophic set of circumstances and an unholy cover-up that has caused decades of misery and a jail term for so many innocent victims. One would hope that The Great Post Office Scandal is the last of these books that needs writing and that lessons are actually learned; the inquiry starting this month will hopefully provide answers many have waited years for.