PraxIS August 2002

Managing reality in Information Systems - strategies for success       ISSN 1649-2374

Systems Modelling Ltd.



Risk Management

EuSpRIG 2002 Symposium July 18/19 report
"Coping with IS/IT Risk Management" Book review
SoftTest Ireland - new Software Testing SIG
New CMMI Process Improvement YahooGroup

Euro features

Euro coins test for colour blindness

On the lighter side 

Yahoo! mail twists your words
Lawyers with a sense of humour

13 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information



Please take the reader survey contained in this issue - that's how I know what interests you!

On a personal note: I will be on vacation, returning to the office on Monday August 12 2002. My wife Megan will be opening her exhibition of photographs "Giochi di Luce" ("Play of Light") in Treviso, Italy for August 2002:


Risk Management

EuSpRIG 2002 Symposium, Cardiff July 18/19 report

My report is also available on the web at

The theme of this year, “Spreadsheets – the hidden corporate gamble” captured the current concerns about corporate risk and auditing accounting systems. One of the talks described how the manipulation of a spreadsheet at AIB’s Allfirst subsidiary could easily have been seen by a spreadsheet formula audit tool.

David Chadwick (University of Greenwich) in his introduction in the proceedings “Training Gamble leads to Corporate Grumble” highlighted the need for awareness of spreadsheet risks to be included in curricula for professional examinations such as the Certificate in Information Systems Auditing (CISA) and the Qualification in Computer Auditing (QiCA).

Academic papers.

David Banks, Ann Monday (University of South Australia) ‘Interpretation As A Factor In Understanding Flawed Spreadsheets’
David Banks summarised what we know about the prevalence of spreadsheet errors. He went on to discuss the place of interpretation as a complicating factor, the tendency of people to selectively present data that support their case. He described some teaching situations where the students find it very had to believe that there is more than one possible answer, and no single ‘correct’ answer. Looking at how they work and think, and some of the cultural background, gives some insights into how easy it is for people to get hooked into certain patterns of thinking.

Thomas Grossman (University of Calgary, Canada) ‘Spreadsheet Engineering : A Research Framework’
Tom Grossman took what is known from the long and painful history of of software ‘engineering’ and applied it to spreadsheet development. He listed eight principles showing the benefits of best practices chosen for specific situations. He also described distinguishing features of spreadsheet use, such as exploratory modelling and their use for rapid re-evaluation of strategic impact. The observation that increased experienced with spreadsheets is not correlated with increased quality is related to the difference between amateurs who are results-focused and tend not to consciously improve their process; and professionals, who do reflect on their own work methods. The heterogeneous nature of spreadsheet developers means that no ‘one-size-fits-all’ model of spreadsheet ‘programmer’ can be applied. He concluded by outlining a number of areas where further research could usefully by conducted.

Markus Clermont (University of Klagenfurt, Austria) ‘A Spreadsheet Auditing Tool Evaluated In An Industrial Context’
Markus Clermont described the classic scenario where a computer science student was given a project to audit some spreadsheets in industry. A Linux-based toolkit was made available. The company concerned said “Well, of course you won’t find anything, our developers are very good and these spreadsheets have been in use for a while”. (Spreadsheet auditors don’t take bets with project managers on statements like that, it would be like taking candy from babies.) In fact, the student found 109 different kinds of defect giving rise to 1,832 actual errors, an overall error rate of 3%. The true measure of the significance of the finding was the changes the company then made, not just to the spreadsheets but to the personnel!

Martin Campbell-Kelly (Warwick University) “The rise and rise of the spreadsheet”
Professor Martin Campbell-Kelly gave an historical perspective from the early days of modelling systems to VisiCalc, Lotus 1-2-3, and Microsoft Excel. That induced nostalgia in a number of members of the audience; I remember my own financial modelling system that I developed for the PDP-11 and the VAX in the late seventies!

Practitioners’ presentations

Ray Butler (HM Customs and Excise) “Losing at Spreadsheet Roulette”
Ray Butler told three stories: the AIB/Allfirst fraud that involved among other things the falsification of a spreadsheet; a school that lost £30,000 from their school funding because of a budget spreadsheet error; a local authority pension fund spreadsheet omitted £4 million from their cash book. He also showed how their tool SPACE would have helped an auditor quickly detect such errors.

Grenville Croll “A typical Spreadshet Audit Approach”
Grenville Croll described an approach used for a model review process. It uses model maps (like the SPACE tool above) to find patterns; code review; range names review; high-level risk analysis and review; documentation; and sensitivity analysis.

Notable quotes

“We frequently find … organisations do not even have the most rudimentary internal modelling standards” Barry Pettifor, PwC.

“The presence of a spreadsheet application in an accounting system can subvert all the controls in the all other parts of that system”. Ray Butler, HM Customs and Excise.

I am looking for a corporate sponsor who would be interested in working with me to bring this prestigious event to Dublin in July 2003. Please contact me if you would like to be associated with this group.

I provide training for best practice and accelerated productivity, and expert consultancy in spreadsheet modelling and auditing. To request a private in-company course or consultation, simply contact me by email to: spreads (at) sysmod (dot) com. Further information is on our web site:


"Coping with IS/IT Risk Management" Book review

Tony Moynihan, Springer-Verlag London 2002
ISBN 1-85233055-6 Practitioner book series.

Candid interviews with twenty experienced project managers are the central feature of this book from Prof. Tony Moynihan of the School of Computer Applications at Dublin City University. His method of interviewing and simulating situations extracted key insights from these veteran solution providers as to how they really cope with messy reality.

Project managers can read this book as if it were like their informal networking, swapping stories over the bar with their peers. Students can see how real life situations arise and what coping mechanisms are brought to bear to manage the chaos of real life. The professional researcher will home in on the chapters where the methodology is revealed, that of eliciting personal constructs.

The examples chosen come from the small-scale 2-month to 2-year projects that most commercial implementations focus on. Read and enjoy this refreshing set of candid-camera snapshots!

Tony Moynihan’s aim was to tackle the problem of finding out the basis for people’s actions when they are better at doing the work than describing how they work. Intuitive knowledge is always richer in information than any external description of it. So, in part 1 he interviewed 14 experienced systems consultants, implementers and developers, to identify the factors that matter to them.

The key question was “What makes different projects different?” He gives five interviews verbatim, showing how he repeated combinations of questions to arrive at the scale of weighting that the interviewees applied to each factor, and in what way combining them created new threats or opportunities.

He gives a table of 113 constructs obtained from this analysis. This showed the importance of non-technical, more “political” constructs such as commitment, control, support, and stability. He then compares these to risk factors identified in the Information Systems project management literature.

In part 2, he explored with twenty more project managers (PMs) some situations which featured the most frequently mentioned concepts in more or less risky combinations, and provides the actual transcripts of the conversations. These are quite revealing – I should know, I was one of them!

This is the best part of the book. Many times, they say “I’ll give you an example” and then relate some horrendous yarn that explains why they are so touchy about that point. To illustrate the “hidden agenda” concept that they all dig for like sniffer dogs after contraband, one tells the story of an airport that deliberately bought less efficient gate allocation software because they wanted to use the tool to justify buying a new terminal.

In part 3, he explains his method and reflects back on the research material provided to provide common coping strategies or recipes. Quotations are collected under each heading to show how they are talked about. Students embarking on their first industrial project assignment would be well advised to read these for some vicarious experience of the issues of ownership and control, the problems of change and learning; ending with the “Doomsday scenario”, projects you should walk away from!

In part 4, he presents the material from other points of view … interorganizational trust; agency theory; planned organizational change; capability; action, rationality and control; requirements uncertainty. The researcher will be interested in the chapter “What’s the book really been about”, on knowledge elicitation.

Finally, the appendices included a detailed listing of the “recipes for success” (or at least avoiding disaster), with the evidence for each shown backed up by the interview notes. For example “If the client … hasn’t the needed time or skill, … try to get him/her support or training. If this doesn’t work, ask for an alternative contact, or try to work around him/her”. These are thirty-seven gems of hard-won wisdom and insight that belong in every project manager’s head.

Click here for links to buy the book at the Amazon store of your choice:


SoftTest Ireland - new Software Testing SIG

This special interest group is open to all in Ireland interested in software testing. The new website is now up and running: 

The website contains registration information for the SIG with company and individual membership now being accepted. It has a members mail list and information on events and downloads.


New CMMI Process Improvement YahooGroup

The Integrated Capability Maturity Model (CMMI) process improvement group is designed for discussion of best-in-class or simple clarification of the upgrade issues involved from SW-CMM, ISO-9000, and EIA/IS 731. SEI describe it as the logical successor to SW-CMM, SE-CMM, and P-CMM branches of the CMM v1.1 disciplines. To learn more about the cmmi_process_improvement group, please visit 

You can subscribe by sending an email to

cmmi_process_improvement-subscribe (at) yahoogroups (dot) com 

The Files area contains a number of useful downloads, such as an Excel spreadsheet which maps the SW-CMM v1.1, ISO 9001:2000, and EIA/IS 731 software and systems engineering process improvement frameworks to CMMI v1.1 on a paragraph-by-paragraph basis.

The SEI web site is

Further software quality information is on our web site:



Euro coins test for colour blindness 

Spanish researchers are suggesting that the new Euro coins, introduced in January of this year across most of Europe, could be used as an instant test for red-green colour blindness. Thanks to the properties of two Euro coins, Maria Isabel Suero and co-workers at the University of Extremadura, Badajoz, Spain, say defects in colour vision can be detected both quickly and cheaply. (Optics Express 10 527)




We value your feedback. Simply copy and paste the following section into a new email message and send your reply to ISSUES (at) SYSMOD (dot) COM

Was the book review in this issue helpful?

Are there other kinds of book review that would be of more interest?

Thank you! Patrick O'Beirne, Editor



On the lighter side

Yahoo! mail twists your words

Try this if you have a Yahoo! email account: send yourself a mail with the text "My expression changed when I evaluated their mocha blend" and see what you get.

The Yahoo mail system will insert underscores before words (such as "eval", "mocha", "expression", "javascript") that it thinks might be part of malicious script code. It used to change them to different words, with hilarious results. You can still find traces of these changes on the web if you use Google to search for words like "medireview", "reviewuate", and so on.

The original report of this was in the Risks Digest at

and it is also reported at:   Need to Know has list of Yahoo swaperoos 


Lawyers with a sense of humour

I quote from the Powers Phillips web site:

"The firm is composed of lawyers from the two major strains of the legal profession, those who litigate and those who wouldn't be caught dead in a courtroom.

Litigation lawyers are the type who will lie, cheat and steal to win a case and who can't complete a sentence without the words "I object" or "I demand another extension on that filing deadline." Many people believe that litigation lawyers are the reason all lawyers are held in such low esteem by the public. Powers Phillips, P.C. is pleased to report that only four of its lawyers, Trish Bangert, Tom McMahon, Tamara Vincelette, and JoAnne Zboyan are litigation lawyers, and only one of them is a man.

Lawyers who won't be caught dead in a courtroom are often referred to in the vernacular as "loophole lawyers," underhanded wimps who use their command of legal gobbledygook to scam money from the unsuspecting, usually widows and orphans. Many people believe that such "loophole lawyers" are the reason all lawyers are held in such low esteem by the public. Powers Phillips, P.C. is pleased to report that only four of its lawyers, Myra Lansky, Kathy Powers, Mary Phillips, and Jay Powers, are such "loophole lawyers" and one of them, Jay Powers, hardly does anything at all anyway so he doesn't really count. "


Copyright 2002 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to 
EuroIS-subscribe (at) yahoogroups (dot) com
- it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor

"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".


To read previous issues of this newsletter please visit our web site at


This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.

Copyright (c) SML 2002

Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!


We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website