Sysmod's PraxIS
Managing reality in Information Systems - Strategies for Success
Systems Modelling Ltd. Issue: AUG 2000
http://www.sysmod.com
IN THIS ISSUE
WELCOME
Our Euro software package certification service
Error discovered in official guide euro calculation examples
A caution on Euro spreadsheet converters and a bonus for readers
New: the European Spreadsheet Risks Interest Group (EuSpRIG)
Information Security : who's spying on your downloads?
Y2K continues to bite!
ABOUT THIS NEWSLETTER
-----------------------------------------------------------------------------------------
WELCOME
Welcome to PraxIS! We appreciate any comments, feedback, or ideas for future topics. Please forward this newsletter (in its entirety) to anyone who may find it of interest.
Subscribe and UNSubscribe information is at the end.
Patrick O'Beirne, Editor
-----------------------------------------------------------------------------------------
Euro software package certification
My article "Trust, but verify euro certification" (http://www.sysmod.com/certific.htm) has been widely publicised. After appearing in "Euro-Impact" (http://www.euro-impact.com) it appeared in International Treasurer (http://www.intltreasurer.com) and the AMUE euro-files (http://www.amue.org). It's about time we provided a consistent and standard definition of the terms Certification, Accreditation, Euro compatible, Euro ready, Euro compliant, Euro functional, and Euro enabled.
We now proudly announce the availability of our euro software product certification service.
1. Summary:
The software company pays a base charge plus a price per module depending on the nature of the review and the complexity - single or multi-currency, plus reasonable business travel expenses for visits.
2. What kinds of tests will be applied?
The test cases cover the "price accordion" effects, detecting the use of inverse rates, rounding, truncation, accounting with master and detail records, and account and base conversion in the transition scenario. We also assess reliability, error protection, audit trails, user interface (usability) issues, documentation, and support.
3. What kind of euro-compliance certification will be given?
The product will be shown to have fulfilled specified certification conditions. This is not a certification of the producer's business, their quality system or their software production process. We follow the guidelines of ISO/IEC 12119:1994 - "Information Technology - Software packages - Quality requirements and testing". For the suppliers, it has the benefit of providing a transparent and cross-industry applicable standard that will simplify their communications to their customers.
4. How do these tests differ from other certification schemes?
Details are available on request on how this compares to the BASDA, DIN, Afnor and IBM schemes. Please indicate the nature of the products for which you are considering certification.
AMUE Guide "The Euro in your Shop - a Practical Guide "
http://www.amue.org/publications/business/smretail/irish/index.html
This is an excellent practical publication for the retail trade. However, even there an error has crept in to a triangulation example (on page 20 of sr_irish_2.pdf, it may be different for other countries). I'm just going to quote the steps concerned:
- Step 1: IEP 89 : 0.787564 = EUR 113.0066889
- Step 2: round euro to third decimal place minimum: EUR 113.01 (!)
- Step 3: calculate FRF amount: EUR 113.01 x 6.55957 = FRF 741.2970057
- Step 4: round FRF price to second decimal place: FRF 741.30
Step 2 is the error: rounding to third d.p. should be 113.007 and that times 6.55957 gives 741.27732699 which finally rounds to 741.28 - a different answer! However, both are legally acceptable payments given the 3c tolerance allowed by French law.
Euro spreadsheet converters
IBM made available on http://www.ibm.com/euro the FIS spreadsheet conversion tool that is also available from http://www.fis-online.de. I have not evaluated this tool in detail yet. If you would be willing to pay for a survey of desktop conversion products, what would it be worth to you? See the feedback form at the bottom of this email for a survey question to determine if there is a market for this kind of product review. It may save you from wasting time chasing down a problem like the following. As a bonus, anyone who responds to this will receive a copy of a short two-page PDF advisory on manual spreadsheet euro conversion.
I was sent a euro converter for evaluation. I installed it on to a Windows 98 system, did a quick calculation check, and it looked OK. However, on exiting Excel, something looked odd… The usual message box when you close an unsaved sheet reads:
"Do you want to save the changes you made to 'Book1'?" followed by three buttons:
[Yes] [No] [Cancel]
But it now showed these buttons:
[Cancel] [Yes] [OK]
But the action is the same as it always was depending on the position of the button; so the first button still means "Yes" although it is labelled "Cancel", clicking "Yes" means "No", and clicking "OK" means "Cancel". When I reported this to the authors, they at first denied their product could cause it. When I tracked it down to an out-of-date (21.11.96 ) MSO97.DLL that their installation procedure had dropped into the \windows\system directory, they actually tried to pass the blame on to MS saying:" the behaviour was caused by a faulty component (MSO97.DLL provided by Microsoft Corporation!!!)". They have something to learn about configuration management and version checking.
Spreadsheet Risks
My current article in the Cutter Consortium E-Mail Advisor series (http://www.cutter.com/consortium/index_e-mail.html ) deals with the problem of user errors in spreadsheets. This was written after an interesting symposium hosted by the European Spreadsheet Risks Interest Group (EuSpRIG) at the University of Greenwich on July 17-18, 2000. It was a bit of a nostalgia trip for me, as I started out in my own business back in 1981 offering spreadsheet modelling services - after all, that's where the company name "Systems Modelling" came from! Below is the article. The web page http://www.sysmod.com/spreads.htm also has a list of links to spreadsheet auditing resources. In the feedback form at the bottom of this email, please let me know if you prefer just getting links to articles on the web site or if you like the full article, at the expense of a bigger email.
Spreadsheet Auditing
There’s an amazingly overlooked iceberg of problems in end-user computing. Spreadsheets are developed by people who are very skilled in their main job function, be it finance, procurement, or production planning, but often have had no formal training in spreadsheet use. IT auditors focus on mainstream information systems but regard spreadsheets as user problems, outside their concerns. Internal auditors review processes, but not the tools that support decision making in these processes.
Apart from the direct costs of mistakes, there are inefficiencies from less-than-optimal decisions being made on poorly constructed models, embarrassment and loss of reputation, and unwanted regulatory attention. In the UK, the public procurement process requires bidders to submit their models of the project costing and those models are checked!
Are any important decisions made in your company supported by spreadsheets? Have these models been tested or reviewed? Do you have internal standards for spreadsheet development? We all know that people make mistakes. Yet end users and their managers have the confident belief that their work is perfect!
There are guidelines to assist in sound spreadsheet development, but you often won’t find them in books about spreadsheets, which focus on the technicalities of their operation. Recent spreadsheet applications are so laden with wizard tools that users believe all they have to do is find a function that will do the work for them without requiring any thought on their part. To counteract this, some company standards actually forbid the use of internal financial functions, requiring the user to explicitly code the calculations so that they can be checked. Even better, some require the models to be built for testability and auditability right from the start.
So, if you're an IT manager or auditor, do a favour for your users do a random sample of their spreadsheets, inspect them thoroughly, and determine what training is needed based on what you find. You can contact Patrick O'Beirne at Systems Modelling Ltd. at +353-55-22294 for an independent audit.
Who is spying on your downloads?
Some software is made available in a free version that is sponsor-supported. As you use it, you get served up adverts. Examples are Eudora email, Comet Cursor, Netzip Download Demon, CuteFTP and Go!Zilla. The agents that support this are called Adbots, but they are now beginning to be called spyware. Steve Gibson (http://grc.com) has been posting reports that they report back every download a user makes, not just the advertiser's products! And this information includes email addresses and machine IDs. Aureate, who produce this technology and have changed their name to Radiate, have posted a denial at http://www.aureate.com/privacy/falserumors.html
McAfee refer to descriptions of Aureate as a "trojan" as a low risk hoax. However, if you have privacy concerns, check it out. Steve Gibson offers a utility OptOut which detects and optionally removes all traces of Aureate/Radiate software from your machine. His site also offers a web-based service called "ShieldsUp!" If you ask it to, their site will attempt to probe your PC for open ports while you are on line, and show you how to close these loopholes in the Windows network bindings.
Y2K: It hasn't gone away, you know.
From Windows 2000 Magazine UPDATE, July 11, 2000
Microsoft article Q265387 (http://support.microsoft.com/support/kb/articles/q265/3/87.asp) NT 4.0 assumes the BIOS date is formatted as MM/DD/YY, but new BIOS chips report the date in the format MM/DD/CCYY. When WinMSD reads the date from the Registry, it truncates the year to the first two digits. So, for example, WinMSD interprets April 4, 2000, as 04/04/20 instead of 04/04/2000. Microsoft Support have a bug fix that updates two files: Ntkrnlmp.exe and Ntoskrnl.exe; the files have a release date of June 14.
Patrick O'Beirne, 1st August, 2000
Copyright 2000 Systems Modelling Limited, http://www.sysmod.com. Reproduction allowed provided the report is copied in its entirety and with this copyright notice.
-----------------------------------------------------------------------------------------
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
We value your feedback - that's how we improve!
-----------------------------------------------------------------------------------------
[ Archives ]
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/articles.htm
[ DISCLAIMER ]
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult an appropriate professional for advice which is specifically tailored to your particular circumstances.
Copyright © SML 2000
-----------------------------------------------------------------------------------------
Please tell a friend about this newsletter. NOTE: I guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter visit the
home page http://www.sysmod.com and sign up
in the box.