Managing reality in Information Systems - strategies for success
ISSN 1649-2374Systems Modelling Ltd. http://www.sysmod.com
Welcome
EuSpRIG 2002 Symposium July 18/19 report
"Coping with IS/IT Risk Management" Book review
SoftTest Ireland - new Software Testing SIG
New CMMI Process Improvement YahooGroup
Euro coins test for colour blindness
Yahoo! mail twists your words
Lawyers with a sense of humour
13 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information
_______________________________________________________
Please take the reader survey contained in this issue - that's how I know what interests you!
On a personal note: I will be on vacation, returning to the office on Monday
August 12 2002. My wife Megan will be opening her exhibition of photographs "Giochi
di Luce" ("Play of Light") in Treviso, Italy for August 2002:
http://www.meganobeirne.com/gallery.htm
_______________________________________________________
My report is also available on the web at http://www.sysmod.com/eusprig02.htm
The theme of this year, “Spreadsheets – the hidden corporate gamble” captured the current concerns about corporate risk and auditing accounting systems. One of the talks described how the manipulation of a spreadsheet at AIB’s Allfirst subsidiary could easily have been seen by a spreadsheet formula audit tool.
David Chadwick (University of Greenwich) in his introduction in the proceedings “Training Gamble leads to Corporate Grumble” highlighted the need for awareness of spreadsheet risks to be included in curricula for professional examinations such as the Certificate in Information Systems Auditing (CISA) and the Qualification in Computer Auditing (QiCA).
David Banks, Ann Monday (University of South Australia)
‘Interpretation As A Factor In Understanding Flawed Spreadsheets’
David Banks summarised what we know about the prevalence of spreadsheet
errors. He went on to discuss the place of interpretation as a complicating
factor, the tendency of people to selectively present data that support their
case. He described some teaching situations where the students find it very had
to believe that there is more than one possible answer, and no single ‘correct’
answer. Looking at how they work and think, and some of the cultural background,
gives some insights into how easy it is for people to get hooked into certain
patterns of thinking.
Thomas Grossman (University of Calgary, Canada)
‘Spreadsheet Engineering : A Research Framework’
Tom Grossman took what is known from the long and painful history of of software
‘engineering’ and applied it to spreadsheet development. He listed eight
principles showing the benefits of best practices chosen for specific
situations. He also described distinguishing features of spreadsheet use, such
as exploratory modelling and their use for rapid re-evaluation of strategic
impact. The observation that increased experienced with spreadsheets is not
correlated with increased quality is related to the difference between amateurs
who are results-focused and tend not to consciously improve their process; and
professionals, who do reflect on their own work methods. The heterogeneous
nature of spreadsheet developers means that no ‘one-size-fits-all’ model of
spreadsheet ‘programmer’ can be applied. He concluded by outlining a number of
areas where further research could usefully by conducted.
Markus Clermont (University of Klagenfurt, Austria) ‘A
Spreadsheet Auditing Tool Evaluated In An Industrial Context’
Markus Clermont described the classic scenario where a computer science student
was given a project to audit some spreadsheets in industry. A Linux-based
toolkit was made available. The company concerned said “Well, of course you
won’t find anything, our developers are very good and these spreadsheets have
been in use for a while”. (Spreadsheet auditors don’t take bets with project
managers on statements like that, it would be like taking candy from babies.) In
fact, the student found 109 different kinds of defect giving rise to 1,832
actual errors, an overall error rate of 3%. The true measure of the significance
of the finding was the changes the company then made, not just to the
spreadsheets but to the personnel!
Martin Campbell-Kelly (Warwick University) “The rise and
rise of the spreadsheet”
Professor Martin Campbell-Kelly gave an historical perspective from the early
days of modelling systems to VisiCalc, Lotus 1-2-3, and Microsoft Excel. That
induced nostalgia in a number of members of the audience; I remember my own
financial modelling system that I developed for the PDP-11 and the VAX in the
late seventies!
Ray Butler (HM Customs and Excise) “Losing at Spreadsheet
Roulette”
Ray Butler told three stories: the AIB/Allfirst fraud that involved among other
things the falsification of a spreadsheet; a school that lost £30,000 from their
school funding because of a budget spreadsheet error; a local authority pension
fund spreadsheet omitted £4 million from their cash book. He also showed how
their tool SPACE would have helped an auditor quickly detect such errors.
Grenville Croll “A typical Spreadshet Audit
Approach”
Grenville Croll described an approach used for a model review process. It uses
model maps (like the SPACE tool above) to find patterns; code review; range
names review; high-level risk analysis and review; documentation; and
sensitivity analysis.
Notable quotes
“We frequently find … organisations do not even have the most rudimentary internal modelling standards” Barry Pettifor, PwC.
“The presence of a spreadsheet application in an accounting system can subvert all the controls in the all other parts of that system”. Ray Butler, HM Customs and Excise.
I am looking for a corporate sponsor who would be interested in working with me to bring this prestigious event to Dublin in July 2003. Please contact me if you would like to be associated with this group.
I provide training for best practice and accelerated productivity, and expert consultancy in spreadsheet modelling and auditing. To request a private in-company course or consultation, simply contact me by email to: spreads (at) sysmod (dot) com. Further information is on our web site:
http://www.sysmod.com/spreads.htm
Tony Moynihan, Springer-Verlag London 2002
ISBN 1-85233055-6 Practitioner book series.
Candid interviews with twenty experienced project managers are the central feature of this book from Prof. Tony Moynihan of the School of Computer Applications at Dublin City University. His method of interviewing and simulating situations extracted key insights from these veteran solution providers as to how they really cope with messy reality.
Project managers can read this book as if it were like their informal networking, swapping stories over the bar with their peers. Students can see how real life situations arise and what coping mechanisms are brought to bear to manage the chaos of real life. The professional researcher will home in on the chapters where the methodology is revealed, that of eliciting personal constructs.
The examples chosen come from the small-scale 2-month to 2-year projects that most commercial implementations focus on. Read and enjoy this refreshing set of candid-camera snapshots!
Tony Moynihan’s aim was to tackle the problem of finding out the basis for people’s actions when they are better at doing the work than describing how they work. Intuitive knowledge is always richer in information than any external description of it. So, in part 1 he interviewed 14 experienced systems consultants, implementers and developers, to identify the factors that matter to them.
The key question was “What makes different projects different?” He gives five interviews verbatim, showing how he repeated combinations of questions to arrive at the scale of weighting that the interviewees applied to each factor, and in what way combining them created new threats or opportunities.
He gives a table of 113 constructs obtained from this analysis. This showed the importance of non-technical, more “political” constructs such as commitment, control, support, and stability. He then compares these to risk factors identified in the Information Systems project management literature.
In part 2, he explored with twenty more project managers (PMs) some situations which featured the most frequently mentioned concepts in more or less risky combinations, and provides the actual transcripts of the conversations. These are quite revealing – I should know, I was one of them!
This is the best part of the book. Many times, they say “I’ll give you an example” and then relate some horrendous yarn that explains why they are so touchy about that point. To illustrate the “hidden agenda” concept that they all dig for like sniffer dogs after contraband, one tells the story of an airport that deliberately bought less efficient gate allocation software because they wanted to use the tool to justify buying a new terminal.
In part 3, he explains his method and reflects back on the research material provided to provide common coping strategies or recipes. Quotations are collected under each heading to show how they are talked about. Students embarking on their first industrial project assignment would be well advised to read these for some vicarious experience of the issues of ownership and control, the problems of change and learning; ending with the “Doomsday scenario”, projects you should walk away from!
In part 4, he presents the material from other points of view … interorganizational trust; agency theory; planned organizational change; capability; action, rationality and control; requirements uncertainty. The researcher will be interested in the chapter “What’s the book really been about”, on knowledge elicitation.
Finally, the appendices included a detailed listing of the “recipes for success” (or at least avoiding disaster), with the evidence for each shown backed up by the interview notes. For example “If the client … hasn’t the needed time or skill, … try to get him/her support or training. If this doesn’t work, ask for an alternative contact, or try to work around him/her”. These are thirty-seven gems of hard-won wisdom and insight that belong in every project manager’s head.
Click here for links to buy the book at the Amazon store of your choice:
http://www.sysmod.com/booklist.htm#isitrisk
This special interest group is open to all in Ireland interested in software testing. The new website is now up and running:
The website contains registration information for the SIG with company and individual membership now being accepted. It has a members mail list and information on events and downloads.
The Integrated Capability Maturity Model (CMMI) process improvement group is designed for discussion of best-in-class or simple clarification of the upgrade issues involved from SW-CMM, ISO-9000, and EIA/IS 731. SEI describe it as the logical successor to SW-CMM, SE-CMM, and P-CMM branches of the CMM v1.1 disciplines. To learn more about the cmmi_process_improvement group, please visit
http://groups.yahoo.com/group/cmmi_process_improvement
You can subscribe by sending an email to
cmmi_process_improvement-subscribe (at) yahoogroups (dot) com
The Files area contains a number of useful downloads, such as an Excel spreadsheet which maps the SW-CMM v1.1, ISO 9001:2000, and EIA/IS 731 software and systems engineering process improvement frameworks to CMMI v1.1 on a paragraph-by-paragraph basis.
The SEI web site is
Further software quality information is on our web site:
http://www.sysmod.com/swdev.htm
http://optics.org/articles/news/8/7/9/1
Spanish researchers are suggesting that the new Euro coins, introduced in January of this year across most of Europe, could be used as an instant test for red-green colour blindness. Thanks to the properties of two Euro coins, Maria Isabel Suero and co-workers at the University of Extremadura, Badajoz, Spain, say defects in colour vision can be detected both quickly and cheaply. (Optics Express 10 527)
______________________________________________________
We value your feedback. Simply copy and paste the following section
into a new email message and send your reply to ISSUES (at) SYSMOD (dot) COM
______________________________________________________
Was the book review in this issue helpful?
Are there other kinds of book review that would be of more interest?
Thank you! Patrick O'Beirne, Editor
_______________________________________________________
Try this if you have a Yahoo! email account: send yourself a mail with the text "My expression changed when I evaluated their mocha blend" and see what you get.
The Yahoo mail system will insert underscores before words (such as "eval", "mocha", "expression", "javascript") that it thinks might be part of malicious script code. It used to change them to different words, with hilarious results. You can still find traces of these changes on the web if you use Google to search for words like "medireview", "reviewuate", and so on.
The original report of this was in the Risks Digest at
http://catless.ncl.ac.uk/Risks/21.34.html
and it is also reported at:
http://www.ntk.net/2002/07/12/yahoo.txt Need to Know has list of Yahoo swaperoos
http://finance.lycos.com/home/news/story.asp?story=27883602
I quote from the Powers Phillips web site:
"The firm is composed of lawyers from the two major strains of the legal profession, those who litigate and those who wouldn't be caught dead in a courtroom.
Litigation lawyers are the type who will lie, cheat and steal to win a case and who can't complete a sentence without the words "I object" or "I demand another extension on that filing deadline." Many people believe that litigation lawyers are the reason all lawyers are held in such low esteem by the public. Powers Phillips, P.C. is pleased to report that only four of its lawyers, Trish Bangert, Tom McMahon, Tamara Vincelette, and JoAnne Zboyan are litigation lawyers, and only one of them is a man.
Lawyers who won't be caught dead in a courtroom are often referred to in the vernacular as "loophole lawyers," underhanded wimps who use their command of legal gobbledygook to scam money from the unsuspecting, usually widows and orphans. Many people believe that such "loophole lawyers" are the reason all lawyers are held in such low esteem by the public. Powers Phillips, P.C. is pleased to report that only four of its lawyers, Myra Lansky, Kathy Powers, Mary Phillips, and Jay Powers, are such "loophole lawyers" and one of them, Jay Powers, hardly does anything at all anyway so he doesn't really count. "
_______________________________________________________
Copyright 2002 Systems Modelling Limited, http://www.sysmod.com . Reproduction
allowed provided the newsletter is copied in its entirety and with this
copyright notice.
We appreciate any feedback or suggestions for improvement. If you have
received this newsletter from anybody else, we urge you to sign up for your
personal copy by sending a blank email to
EuroIS-subscribe (at) yahoogroups (dot) com -
it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share
experiences with the rest of the group, and to contribute files to a common
user community pool independent of the sysmod.com web site. I will be
moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is
chosen to reflect our focus on practical solutions to IS problems, avoiding
hype. If you like acronyms, think of it as "Patrick's reports and analysis
across Information Systems".
_______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies
or omissions. The information is not intended to constitute legal or
professional advice. You should consult a professional at Systems Modelling
Ltd. directly for advice that is specifically tailored to your particular
circumstances.
Copyright (c) SML 2002
_______________________________________________________
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your
web site!
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail
address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS
newsletter. It also
offers a moderated discussion list for readers and a free
shared storage
area for user-contributed files. The archives of this group
are on
YahooGroups website http://groups.yahoo.com/group/EuroIS
_______________________________________________________