Originally Posted by
golfbananajam
Seems to me you 're confusing software testing (which is what I've tried to describe) with business continuity testing, which I haven't described but which seems to have been sorely lacking.
Reading between the lines in Section 5 it looks as though they thought that whatever happened to FPRSA they would be able to fix it before that failure became a business issue. They were obviously wrong but sadly exactly why isn't in this report and left for later.