03-11 Contents: Spreadsheet risk, e-Voting, Business Integrity, Internet telephony, Software Testing, NOD32 antivirus
This issue online at http://www.sysmod.com/praxis/prax0311.htm
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success
1) Risk management
Spreadsheet risk stories
Building Integrity In Business
2) e-Voting questions
Labour party proposes audit trail for e-voting
3) Software Quality
Recommended: James Bach Rapid Software Testing Workshop
4) Internet
Anti-virus favourites
Skype free internet telephony
5) On the lighter side
Choral humour
20 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information
_______________________________________________________
Please let me know what you think of this newsletter - I'm always interested in receiving your comments! Thanks for reading,
Patrick O'Beirne
_______________________________________________________
_______________________________________________________
They just keep coming. Check out my blog at www.sysmod.com/best-practice for stories like:
a) NYSE fines a Grand Rapids stock trader almost a half a million dollars for not documenting share trades. His documentation was a spreadsheet which was "thrown away after the transactions and other documentation were completed".
b) Fannie Mae made a $1.2 billion mistake.
According to their press release, "There were honest mistakes made in a spreadsheet used in the implementation of a new accounting standard". Shortly after Fannie Mae released its third-quarter earnings statement Wednesday 29 Oct, shares started trading down. But Fannie Mae stock regained some of the losses after the company announced the correction would only impact its balance sheet and have no affect on its income statement, news sources said.
c) Spreadsheet variance and Ethical problem at MCI
Watchdog Calls for Further Investigation of MCI
Oct. 10, 2003 Telecommunications News PRNEWSWIRE
The August 2003 Department of
Defense IG has identified MCI over-billing in "Financial Management -
Certification of a DOD Payment for Telecommunications Services." This report
states, "... many of the invoice amounts listed on the MCIWorldCom spreadsheet
were inaccurate. Specifically, 467 invoices on the MCIWorldCom spreadsheet
differed from the hard copy invoices by $2.1 million.
Last month, The New York Post reported a former MCI employee's claim about
over-billing at the State Department: "It was wrong and I regret it. We were
over-billing the government $20,000 a month on one circuit. We had thousands
of government circuits -- many of them through the State Department. We were
stealing from the government. [The order to overcharge] came down from a vice
president and through three layers of management. It would come up in staff
meetings all the time and everyone complained about it, but no one in
management listened."
The story above leads neatly into this:
This conference organised by The Institute of Chartered Accountants in Ireland will discuss the U.S. business scandals and the lessons that they may hold for corporate governance in general, including Europe, and how the integration of business ethics into the organization itself can help mitigate such problems. Venue: The Guinness Storehouse, St. James’s Gate, Dublin Time: Friday 7th November 2003, 2.00pm to 5.30pm. Information: Tel: (01) 637 7200 email ca at icai dot ie
The ACM, Association for Computing Machinery, has had a Computer
Security Day on 30 November since 1988. More information can be obtained at
www.computersecurityday.org .
(update 11-11-03)
____________________________________________________________
____________________________________________________________
On 3 November, the Labour Party in Ireland issued a press release urging suspension of the proposed e-voting system "until flaws are addressed".
http://www.labour.ie/press/detail.tmpl?SKU=20031103143251
“The reforms proposed by the Labour Party are as follows:-
1. The introduction of a Voter Verifiable Audit Trail (VVAT) which would create a parallel paper record of votes cast which could be stored and checked in the event of a dispute over an election outcome.
2. The use of Formal Methods to ensure that the software used in both the election machines and in the vote counting is totally reliable.
3. The adoption of formal procedures to prevent interference either with the machines software or counting process.
4. The carrying out of an integrated end-to-end test of the entire system.
5. The establishment of an independent audit and supervisory role over electronic voting for the Standards In Public Office Commission."
The issues were discussed in June 2003 on the Open mail list and the IRISHLAW mail list in Ireland.
The software was audited by PMI software
http://www.pmisoftware.com .
Their code review is available at
http://www.redbrick.dcu.ie/~afrodite/E-Voting/FoI_request/PMICodeReview.ps
The hardware was audited by KEMA http://www.kema.nl and TNO Building and Construction Research http://www.bouw.tno.nl
http://www.liberalslant.com/wrp102103.htm
Electronic Voting: What You Need To Know by William Rivers Pitt - Oct 21, 2003
"The ideal voting technology would have five attributes: anonymity, scalability, speed, audit and accuracy.
You want anonymity, but you also want audit ability. The problem you have is that those two things cannot really coexist to the fullest extent. The way that we do audit ability is that we track all transactions that happen.
"
http://www.verifiedvoting.org
http://www.notablesoftware.com/evote.html
http://www.blackboxvoting.com/
____________________________________________________________
____________________________________________________________
Dublin 10th –12th December 2003.
I attended James' workshop in Edinburgh. My report is in the
June 2003 issue of PraxIS.
James has solid material and a full-flow, no-slack presentation. Be prepared for
a lot of work!
His claim to fame is on context-driven testing and heuristics for deriving test
strategies and test plans. That works very well in rapidly changing
environments, particularly in exploratory testing where testers are given a
product they have not seen before. Those in a more corporate environment where
the same product is being tested all the time, with small improvements, can use
the ideas to brainstorm things to test that they may not have considered before.
I also give a tip in the report on how to star in the course. I don't want to
give people an unfair advantage, of course, but it's good!
As a software application developer, I found the course exercised my critical
thinking faculties, which is always a good idea for developers, who tend to be
write-only people ;-) The course materials have all the usual checklists and
idea generation material, some of which I put to use right away, and found them
helpful.
More information from Newell and Budge :
http://www.newellandbudge.com
_______________________________________________________ _______________________________________________________
I got some feedback from last month's mention of anti-virus software. Daniel Clark of Ryba Macaulay Limited wrote to say that they much prefer NOD32 to Grisoft.
Daniel says "A quicker scanner and has not failed to catch an 'in the wild' virus in 5 years of VB testing... " and supported it with a PDF report from Virus Bulletin.
On the Enterprise Ireland ecommerce mail list, I got an answer to my enquiry last month about internet voice conferencing. Fiach pointed me to www.Skype.com . An article by Robin Good at www.masternewmedia.org Master New Media "Please Skype Me" calls it a disruptive P2P VoIP Technology that allows you to call and talk Free to any Windows PC.
"Skype is based on the same FastTrack P2P network that Kazaa and other file sharing tool utilize. Unlike Yahoo Messenger, Vonage and Free World Dialup, Skype relies on a P2P (peer-to-peer) network, meaning that the voice packets being sent do not go over a centralized server that redistributes them, but are sent directly between users. "
Reports so far indicate it is free of spyware. There will be added chargeable services, but the basic product is free. Updated 11-Nov: I tried it but it is internet telephony, not teleconferencing; in other words, it provides one-to-one voice calls, not multi-way calls. I suspect audioconferencing will be a chargeable feature soon.
_______________________________________________________ _______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
While rehearsing recently a conductor remarked..........
"Basses, please sing a B flat, don't just click on a link that might take you to the web site of B flat"
I've never heard quite such an eloquent but futile plea to get basses to sing the right notes!!
P.S. I'm a tenor ;-)
_______________________________________________________
_______________________________________________________
Copyright 2003 Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to
EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I will be moderating posts to the
EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
_______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
Copyright (c) SML 2003
_______________________________________________________
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://groups.yahoo.com/group/EuroIS/
_______________________________________________________