PraxIS July 2004

04-07 Contents: IT Governance, Business Continuity, A9, ISBN origin, Ageism in IT, Spreadsheet Detective Review

ISSN 1649-2374 This issue online at     [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
    IT Governance document available from ITGI
    Business Continuity Maturity Model
2) Sites of interest
    Amazon's A9 search service
    The Irish inventor of the ISBN scheme
3) Ageism in IT's discussion for the older IT professional 
4) Spreadsheets
    My talk to ISACA on Spreadsheet Quality
    My article on Agile Spreadsheet Development (ASD)
    Last reminder: Spreadsheet Risks Conference July 15-16 2004
5) Review
    Spreadsheet Detective auditing add-in   
6) On the lighter side
    Correspondence from the taxman
14 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

What's most interesting item in this month's newsletter? Email me to vote for your favourite; or, reality-TV style, to vote out the least interesting!

Do me a favour - tell a news, business, or travel portal about my euro-based foreign exchange calculator!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

IT Governance download from

The IT Governance Institute (ITGI) exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated....

A new research document from the ITGI reflecting the latest thinking on this increasingly global topic that will have the greatest impact on an organization in the short to medium term. Based on COBIT control objectives, the authors designed this publication primarily as an educational resource for IT control professionals, but it is also of critical importance to the CIO, IT management and assurance professional. Download PDF (357k)

This research is intended as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization’s IT controls as required by the US Sarbanes-Oxley Act of 2002 (the “Act”).

Business Continuity Maturity Model free download

Virtual Corporation Inc has provided a public domain diagnostic tool for objective evaluation of business continuity program effectiveness. The levels are:

  1. Self-governed
  2. Supported self-governed
  3. Cooperatively governed
  4. Enterprise awakening
  5. Planned growth

You can download the 1.1MB 62-page PDF from


2) Sites seen, notes from the blog

Amazon's A9 search service

A9.COM is a new search engine in beta by Amazon. It takes Google results and a second column (click on it to reveal it) shows books related to that search. If you sign into the system, it keeps track of your search history and a third column allows you to go back over previous searches.
Related article: Future of Search Will Make you Dizzy, May 20, 2004. "Amazon's A9 search subsidiary's chief executive Udi Manber says there's far to go yet in search, and an important way to advance will be to force users to change their habits."



The Irish inventor of the ISBN coding system

This will answer the frequently asked question by many students and researchers who wonder "Who invented the ISBN book number system?". A copy of the original 1966 report by Professor Gordon Foster, who designed the 9-digit International Standard Book Numbering code structure, is now available at ( for short). It can be downloaded from that site as a 37K RTF file.
This work initiated the scheme in the UK and Republic of Ireland that was subsequently adopted by the International Standards Organisation as the standard for world-wide use. The current ISBN manual is available as a PDF from . The scheme has since been extended to serials (for example, the ISSN of PraxIS is 1649-2374), and other media.

I quote the introductory paragraph:

"Author: A Report by F. G. Foster. Introduction: The Publishers Association carried out in 1966 an inquiry into the feasibility of the adoption by the U.K. book trade of a standard system of numbering all book titles. The conclusion that has been reached is that there is a clear need for the introduction of standard numbering, and that substantial benefits will accrue to all parties therefrom. The following is a summary of the scheme and report on its implementation to date. "


3) Ageism in IT

Over 40? Forget about getting a job May 28 2004 by
Readers say age discrimination rampant in recruitment's campaign against ageism in IT has elicited quite a bit of reader feedback. Job hunts are particularly tough for older IT workers, said readers, many of whom have been unsuccessful in landing positions for which they're qualified even after months or years of searching. A recruiter who wrote in backed up these claims: "As a recruiter (age 51), I can tell you for certain that ALL the major banks will not employ any mid-management people over 45, maybe even 40. Top execs, yes, providing they are friends of friends but below that not a hope." ... perhaps it's just a matter of insecurity on the part of hiring managers and headhunters, who see experienced applicants as a threat.
As a 56-year-old reader put it: "Who wants an oldie who will tell you that your software is cr@p and that there are more efficient ways of using the cr@p that you have?
On the other hand, a company exec in the Lebanon says: "Between age 45-65, men are at their prime in terms of work experience, PR, contacts, general knowledge, wisdom not to mention more. So if someone is in that range, I as an employer will definitely recruit him. Younger men are better & more productive in specific & limited areas."
Another says: "I have to admit I never include my date of birth on my CV and discovered this made a huge difference - CV's now get passed from the agency to the potential employer".


4) Spreadsheets

My talk to ISACA on Spreadsheet Quality  I gave a talk to the Information Systems Audit and Control Association, Northern England Chapter Meeting on 23 June 2004 on "Spreadsheet Quality". If you'd like the presentation to your professional association, let me know. I also do half day presentations and full-day courses (including hands-on practice) that can be delivered in-house.

I have been asked about Test Driven Development as it may apply to spreadsheets. My article in PraxIS May 2004 described a tool that could be used for that purpose, XLSior. Here is another article which picks up on the Agile theme as it may apply to end-user development:

Agile Spreadsheet Development (ASD)

Because of the pressures of compliance with Sarbanes-Oxley Act, managers are now looking for good advice on how to reduce information risk and manage the end-user development hydra. This article suggests how IT managers can help users to improve their process so that they save time by making fewer mistakes and endure less of the pain and cost of bad practice.

Spreadsheet development is often an ad hoc solution to an immediate end-user need that the IT department are not able or willing to satisfy in the time frame required. For such reasons, it is the original agile development environment, the tool of choice for end-user computing.


Spreadsheet Risks Conference July 15-16 2004

Book your place now for the 2004 European Spreadsheet Risks Interest Group Annual Conference in Klagenfurt, Austria, July 15-16. This will be the most packed conference yet, Eusprig had a difficult job selecting the top papers for presentation, and decided to offer a tutorial session on Wed Jul 14 to assist those new to assessing spreadsheet risk. Web site:


5) Spreadsheet Detective mini-review Southern Cross Software, Queensland, Australia.

It's remarkable how many spreadsheet auditing tools come from Down Under (from our point of view!). The Spreadsheet Detective is pretty well the original of the species, so I'll review it first. I understand that a new version is imminent, so this review may be out of date by the time you read it.

The core features of the tool are:-
· Show which cells have unique formulas and how they have been copied.
· Make formulas easier to understand using automatically created range names.
· Visualize all formulas on a worksheet using concise graphical annotations.
· Reveal the linkages between worksheets in complex workbooks.
· Automated sensitivity analysis to detect most/least sensitive inputs.
· Compare different versions of a worksheet or workbook.
· Utilities to help manage Named Ranges.

Their demo workbook begins with a challenge: "Can you find all the errors in even this simple spreadsheet?" Excel 2002 flags some cells with little green triangles in the top left corner, but none of those are the errors! The solution is shown by their shading tool that highlights which are the cells out of pattern with the rest. (I prefer the formula-pattern colouring system of SpACE, but that's for another review.)

The Autoname tool documents cells by combining row and column headings to create more descriptive names, e.g. a tooltip might show "=E33'Sales - E34'CostOfGoodsSold".  By showing the names right on the spreadsheet errors become more obvious. This obviously depends on how carefully the user has provided labels for the rows and columns. It makes more sense when you know the business purpose of the worksheet.

Range names are also used to create cell comments that help to make it plain whether the range name is correct in context. You should first learn carefully the definitions of what the various special annotation symbols mean, otherwise the shorthand just looks confusing.

These annotations are not only in cell comments but can be added visibly for printing purposes.  An auditor would find this useful in reading the spreadsheet offline with a user familiar with the worksheet or problem domain. Even easier for this purpose (to my mind) is a Formula report that lists the schemas, statistics, and a rather basic map of the cells.

Each sheet has a Statistics table placed at the bottom that shows the number of "schemas" (unique formulas) and a list of those that may require special attention in review, e.g. references to non-numeric cells, constants, and formulas that are large or unprotected.

The Interworksheet report is as far as I know unique to the Spreadsheet Detective. It is a cross-tabulation of the count of references among the sheets. So it is a kind of map that can help show how well the data flow is structured, or whether the links flow in a recommended unidirectional manner.

Further, a Workbook Precedent Report shows the links between workbooks, which is helpful documentation for large models that incorporate multiple spreadsheet files.

A Sensitivity report automates the testing process by making a small change in every input cell and showing its influence on an outcome cell. So if you find that some cells have no relationship to the output, you may want to check that!

As with other tools I have reviewed in Praxis, Spreadsheet Detective has:

In summary, this is a very capable tool, and it still amazingly works with Excel 95.  There are more expensive tools such as SpACE and ExChecker that I will be reviewing in future issues of PraxIS. If you need help now with tools and training for spreadsheet model assessments and can't wait for the reviews, contact me.



Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

6) On the lighter side

The "Bore me" archive of viral emails lists this little missive that will strike a familiar chord with taxpayers everywhere, not just those who allegedly communicate with Her Majesty's department of Inland Revenue in this manner. When I got it, I forwarded it to a couple of people as a TGIF, only to receive an automated reply from a government agency "A message you sent has been blocked for content" - oops!


Copyright 2004 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website 

    [Previous] [Index] [Next]