04-07 Contents: IT Governance, Business Continuity, A9, ISBN origin, Ageism in IT, Spreadsheet Detective Review
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0407.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
IT Governance document available from ITGI
Business Continuity Maturity Model
|2) Sites of interest
Amazon's A9 search service
The Irish inventor of the ISBN scheme
|3) Ageism in IT
Silicon.com's discussion for the older IT professional
My talk to ISACA on Spreadsheet Quality
My article on Agile Spreadsheet Development (ASD)
Last reminder: Spreadsheet Risks Conference July 15-16 2004
Spreadsheet Detective auditing add-in
|6) On the lighter side
Correspondence from the taxman
|14 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
What's most interesting item in this month's newsletter? Email me to vote for your favourite; or, reality-TV style, to vote out the least interesting!
Do me a favour - tell a news, business, or travel portal about my euro-based foreign exchange calculator!
The IT Governance Institute (ITGI) exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated....
A new research document from the ITGI reflecting the latest thinking on this increasingly global topic that will have the greatest impact on an organization in the short to medium term. Based on COBIT control objectives, the authors designed this publication primarily as an educational resource for IT control professionals, but it is also of critical importance to the CIO, IT management and assurance professional. Download PDF (357k)
This research is intended as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization’s IT controls as required by the US Sarbanes-Oxley Act of 2002 (the “Act”).
Virtual Corporation Inc has provided a public domain diagnostic tool for objective evaluation of business continuity program effectiveness. The levels are:
- Supported self-governed
- Cooperatively governed
- Enterprise awakening
- Planned growth
You can download the 1.1MB 62-page PDF from http://www.virtual-corp.net/html/bcmm_intro.html
I quote the introductory paragraph:
STANDARD NUMBERING IN THE BOOK TRADE
"Author: A Report by F. G. Foster. Introduction: The Publishers Association carried out in 1966 an inquiry into the feasibility of the adoption by the U.K. book trade of a standard system of numbering all book titles. The conclusion that has been reached is that there is a clear need for the introduction of standard numbering, and that substantial benefits will accrue to all parties therefrom. The following is a summary of the scheme and report on its implementation to date. "
http://www.isaca.org.uk/northern/events.htm I gave a talk to the Information Systems Audit and Control Association, Northern England Chapter Meeting on 23 June 2004 on "Spreadsheet Quality". If you'd like the presentation to your professional association, let me know. I also do half day presentations and full-day courses (including hands-on practice) that can be delivered in-house.
I have been asked about Test Driven Development as it may apply to spreadsheets. My article in PraxIS May 2004 described a tool that could be used for that purpose, XLSior. Here is another article which picks up on the Agile theme as it may apply to end-user development:
Because of the pressures of compliance with Sarbanes-Oxley Act, managers are now looking for good advice on how to reduce information risk and manage the end-user development hydra. This article suggests how IT managers can help users to improve their process so that they save time by making fewer mistakes and endure less of the pain and cost of bad practice.
Spreadsheet development is often an ad hoc solution to an immediate end-user need that the IT department are not able or willing to satisfy in the time frame required. For such reasons, it is the original agile development environment, the tool of choice for end-user computing.
Book your place now for the 2004 European Spreadsheet Risks Interest Group Annual Conference in Klagenfurt, Austria, July 15-16. This will be the most packed conference yet, Eusprig had a difficult job selecting the top papers for presentation, and decided to offer a tutorial session on Wed Jul 14 to assist those new to assessing spreadsheet risk. Web site: eusprig.org
www.SpreadsheetDetective.com Southern Cross Software, Queensland, Australia.
It's remarkable how many spreadsheet auditing tools come from Down Under (from our point of view!). The Spreadsheet Detective is pretty well the original of the species, so I'll review it first. I understand that a new version is imminent, so this review may be out of date by the time you read it.
The core features of the tool are:-
· Show which cells have unique formulas and how they have been copied.
· Make formulas easier to understand using automatically created range names.
· Visualize all formulas on a worksheet using concise graphical annotations.
· Reveal the linkages between worksheets in complex workbooks.
· Automated sensitivity analysis to detect most/least sensitive inputs.
· Compare different versions of a worksheet or workbook.
· Utilities to help manage Named Ranges.
Their demo workbook begins with a challenge: "Can you find all the errors in even this simple spreadsheet?" Excel 2002 flags some cells with little green triangles in the top left corner, but none of those are the errors! The solution is shown by their shading tool that highlights which are the cells out of pattern with the rest. (I prefer the formula-pattern colouring system of SpACE, but that's for another review.)
The Autoname tool documents cells by combining row and column headings to create more descriptive names, e.g. a tooltip might show "=E33'Sales - E34'CostOfGoodsSold". By showing the names right on the spreadsheet errors become more obvious. This obviously depends on how carefully the user has provided labels for the rows and columns. It makes more sense when you know the business purpose of the worksheet.
Range names are also used to create cell comments that help to make it plain whether the range name is correct in context. You should first learn carefully the definitions of what the various special annotation symbols mean, otherwise the shorthand just looks confusing.
These annotations are not only in cell comments but can be added visibly for printing purposes. An auditor would find this useful in reading the spreadsheet offline with a user familiar with the worksheet or problem domain. Even easier for this purpose (to my mind) is a Formula report that lists the schemas, statistics, and a rather basic map of the cells.
Each sheet has a Statistics table placed at the bottom that shows the number of "schemas" (unique formulas) and a list of those that may require special attention in review, e.g. references to non-numeric cells, constants, and formulas that are large or unprotected.
The Interworksheet report is as far as I know unique to the Spreadsheet Detective. It is a cross-tabulation of the count of references among the sheets. So it is a kind of map that can help show how well the data flow is structured, or whether the links flow in a recommended unidirectional manner.
Further, a Workbook Precedent Report shows the links between workbooks, which is helpful documentation for large models that incorporate multiple spreadsheet files.
A Sensitivity report automates the testing process by making a small change in every input cell and showing its influence on an outcome cell. So if you find that some cells have no relationship to the output, you may want to check that!
As with other tools I have reviewed in Praxis, Spreadsheet Detective has:
In summary, this is a very capable tool, and it still amazingly works with Excel 95. There are more expensive tools such as SpACE and ExChecker that I will be reviewing in future issues of PraxIS. If you need help now with tools and training for spreadsheet model assessments and can't wait for the reviews, contact me.
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!
Thank you! Patrick O'Beirne, Editor
The "Bore me" archive of viral emails lists this little missive that will strike a familiar chord with taxpayers everywhere, not just those who allegedly communicate with Her Majesty's department of Inland Revenue in this manner. When I got it, I forwarded it to a couple of people as a TGIF, only to receive an automated reply from a government agency "A message you sent has been blocked for content" - oops!
Copyright 2004 Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://groups.yahoo.com/group/EuroIS/
[Previous] [Index] [Next]