PraxIS November 2003                    ISSN 1649-2374

03-11 Contents: Spreadsheet risk, e-Voting, Business Integrity, Internet telephony, Software Testing, NOD32 antivirus

This issue online at http://www.sysmod.com/praxis/prax0311.htm

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success

IN THIS ISSUE

1) Risk management
  Spreadsheet risk stories
  Building Integrity In Business

2) e-Voting questions
   Labour party proposes audit trail for e-voting

3) Software Quality
   Recommended: James Bach Rapid Software Testing Workshop

4) Internet
   Anti-virus favourites
   Skype free internet telephony

5) On the lighter side
   Choral humour

20 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

WELCOME

Please let me know what you think of this newsletter - I'm always interested in receiving your comments! Thanks for reading,

Patrick O'Beirne

_______________________________________________________

_______________________________________________________

1) Risk management - security

Spreadsheet risk stories

They just keep coming. Check out my blog at www.sysmod.com/best-practice for stories like:

a) NYSE fines a Grand Rapids stock trader almost a half a million dollars for not documenting share trades. His documentation was a spreadsheet which was "thrown away after the transactions and other documentation were completed".

b) Fannie Mae made a $1.2 billion mistake.

According to their press release, "There were honest mistakes made in a spreadsheet used in the implementation of a new accounting standard". Shortly after Fannie Mae released its third-quarter earnings statement Wednesday 29 Oct, shares started trading down. But Fannie Mae stock regained some of the losses after the company announced the correction would only impact its balance sheet and have no affect on its income statement, news sources said.

c) Spreadsheet variance and Ethical problem at MCI

Watchdog Calls for Further Investigation of MCI
Oct. 10, 2003 Telecommunications News PRNEWSWIRE

The August 2003 Department of Defense IG has identified MCI over-billing in "Financial Management - Certification of a DOD Payment for Telecommunications Services." This report states, "... many of the invoice amounts listed on the MCIWorldCom spreadsheet were inaccurate. Specifically, 467 invoices on the MCIWorldCom spreadsheet differed from the hard copy invoices by $2.1 million.

Last month, The New York Post reported a former MCI employee's claim about over-billing at the State Department: "It was wrong and I regret it. We were over-billing the government $20,000 a month on one circuit. We had thousands of government circuits -- many of them through the State Department. We were stealing from the government. [The order to overcharge] came down from a vice president and through three layers of management. It would come up in staff meetings all the time and everyone complained about it, but no one in management listened."

The story above leads neatly into this:

Building Integrity In Business

Half day ICAI conference Nov 7

This conference organised by The Institute of Chartered Accountants in Ireland will discuss the U.S. business scandals and the lessons that they may hold for corporate governance in general, including Europe, and how the integration of business ethics into the organization itself can help mitigate such problems. Venue: The Guinness Storehouse, St. James’s Gate, Dublin  Time: Friday 7th November 2003, 2.00pm to 5.30pm. Information: Tel: (01) 637 7200 email ca at icai dot ie

International Security Awareness day

The ACM, Association for Computing Machinery, has had a Computer
Security Day on 30 November since 1988. More information can be obtained at www.computersecurityday.org . (update 11-11-03)

____________________________________________________________
____________________________________________________________

2) e-Voting questions

On 3 November, the Labour Party in Ireland issued a press release urging suspension of the proposed e-voting system "until flaws are addressed".

http://www.labour.ie/press/detail.tmpl?SKU=20031103143251

“The reforms proposed by the Labour Party are as follows:-

1. The introduction of a Voter Verifiable Audit Trail (VVAT) which would create a parallel paper record of votes cast which could be stored and checked in the event of a dispute over an election outcome.

2. The use of Formal Methods to ensure that the software used in both the election machines and in the vote counting is totally reliable.

3. The adoption of formal procedures to prevent interference either with the machines software or counting process.

4. The carrying out of an integrated end-to-end test of the entire system.

5. The establishment of an independent audit and supervisory role over electronic voting for the Standards In Public Office Commission."

The issues were discussed in June 2003 on the Open mail list and the IRISHLAW mail list in Ireland.

The software was audited by PMI software http://www.pmisoftware.com  . Their code review is available at 
http://www.redbrick.dcu.ie/~afrodite/E-Voting/FoI_request/PMICodeReview.ps

The hardware was audited by KEMA http://www.kema.nl  and TNO Building and Construction Research http://www.bouw.tno.nl

Related Links

http://www.liberalslant.com/wrp102103.htm
Electronic Voting: What You Need To Know by William Rivers Pitt - Oct 21, 2003
"The ideal voting technology would have five attributes: anonymity, scalability, speed, audit and accuracy.
You want anonymity, but you also want audit ability. The problem you have is that those two things cannot really coexist to the fullest extent. The way that we do audit ability is that we track all transactions that happen. "

http://www.verifiedvoting.org 
http://www.notablesoftware.com/evote.html 
http://www.blackboxvoting.com/ 

____________________________________________________________
____________________________________________________________

3) Software quality

Recommended: James Bach Rapid Software Testing Workshop

Dublin 10th –12th December 2003.
I attended James' workshop in Edinburgh. My report is in the June 2003 issue of PraxIS.
James has solid material and a full-flow, no-slack presentation. Be prepared for a lot of work!
His claim to fame is on context-driven testing and heuristics for deriving test strategies and test plans. That works very well in rapidly changing environments, particularly in exploratory testing where testers are given a product they have not seen before. Those in a more corporate environment where the same product is being tested all the time, with small improvements, can use the ideas to brainstorm things to test that they may not have considered before.
I also give a tip in the report on how to star in the course. I don't want to give people an unfair advantage, of course, but it's good!
As a software application developer, I found the course exercised my critical thinking faculties, which is always a good idea for developers, who tend to be write-only people ;-) The course materials have all the usual checklists and idea generation material, some of which I put to use right away, and found them helpful.
More information from Newell and Budge :
http://www.newellandbudge.com 

_______________________________________________________ _______________________________________________________

4) Internet

Anti-virus favourites

I got some feedback from last month's mention of anti-virus software. Daniel Clark of Ryba Macaulay Limited wrote to say that they much prefer NOD32 to Grisoft.

http://www.nod32.com

Daniel says "A quicker scanner and has not failed to catch an 'in the wild' virus in 5 years of VB testing... " and supported it with a PDF report from Virus Bulletin.

http://www.virusbtn.com

_______________________________________________________

Skype

On the Enterprise Ireland ecommerce mail list, I got an answer to my enquiry last month about internet voice conferencing. Fiach pointed me to www.Skype.com . An article by Robin Good at www.masternewmedia.org  Master New Media "Please Skype Me" calls it a disruptive P2P VoIP Technology that allows you to call and talk Free to any Windows PC. 

"Skype is based on the same FastTrack P2P network that Kazaa and other file sharing tool utilize. Unlike Yahoo Messenger, Vonage and Free World Dialup,  Skype relies on a P2P (peer-to-peer) network, meaning that the voice packets being sent do not go over a centralized server that redistributes them, but are sent directly between users. "

Reports so far indicate it is free of spyware. There will be added chargeable services, but the basic product is free.   Updated 11-Nov: I tried it but it is internet telephony, not teleconferencing; in other words, it provides one-to-one voice calls, not multi-way calls. I suspect audioconferencing will be a chargeable feature soon.

_______________________________________________________ _______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) On the lighter side

Choral Conductor's wit

From Flor Peeters, contributed to the choralireland discussion list at yahoogroups:

While rehearsing recently a conductor remarked..........

"Basses, please sing a B flat, don't just click on a link that might take you to the web site of B flat"

I've never heard quite such an eloquent but futile plea to get basses to sing the right notes!!

P.S. I'm a tenor ;-)

_______________________________________________________
_______________________________________________________


Copyright 2003 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to 
EuroIS-subscribe (at) yahoogroups (dot) com
- it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER

"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".


_______________________________________________________
ARCHIVES

To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.

Copyright (c) SML 2003

_______________________________________________________
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!

PRIVACY POLICY:

We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://groups.yahoo.com/group/EuroIS/ 

_______________________________________________________