PraxIS October 2004

04-10 Contents: EUC risks, photocopier hack, Security, Quantitative methods, Euro EU+10, Spreadsheet error survey, Ig Nobel prizes

ISSN 1649-2374 This issue online at   [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
    End user computing risks
    Hacking into online photocopiers
    CyberSecurity Awareness Month
    Culling unpopular colleagues?
2) Quantitative methods
    My recommended course book
3) Euro
    Faint stirrings of interest
4) Spreadsheets
    New Statistics on Model Error Rates
5) Off Topic
    Ig Nobel prizes 2004
    Actuary jokes
16 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

To help sponsor the cost of this newsletter, make your next purchase from Amazon using one of the links below. You don't even have to buy the specific book I mention - just click on one of my links before you buy anything from Amazon! When you click, you are offered a choice of Amazon store - US, Canada, UK, France, Germany, Japan, so you can pick the one you prefer.

For those who read this by email: if some of the links in this newsletter wrap in your email window, or your email client cannot open PDF files, you can go to the online version of this newsletter and right-click on the links to save the files:

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

End user computing risks

I presented on this topic on Sep 30 to the Information System Security Association of Ireland ( The risks in end user development is getting more prominent attention in the software engineering community: "The Dangers of End-User Programming", by Warren Harrison IEEE Software, July/August 2004, pp. 5-7. Warren says "recently Iíve become uneasy thinking about where these dabblers are applying their newfound knowledge...And now weíre expecting (no, depending on) these folks to write software that not only works correctly but is secure as well?" The Sep/Oct 2004 issue of IEEE Software magazine has free access to a PDF of the letters page that includes readers' comments on these risks, "How Dangerous Are End-User Programmers?" Warren comments "Programming isnít easy or error free, even for 'professional developers'. Why pick on end users? "


Hackers use Google to access networked photocopiers
Many people don't realise that modern photocopiers have hard disks that spool image files. If configured incorrectly or left to default, networked copiers can reveal network information, such as IP addresses, login details and device information, so that it can be indexed by Google.

A post on the Open list in Ireland said "reminds me of all the laser jet printers you used to find on the internet that had no password protection. I found that <name> had such a printer sitting on their network once. Wonder how many pages of 'please change my password' it took for them to fix it :)"


October is CyberSecurity Awareness Month "Securing your personal computer plays a crucial role in protecting our nationís Internet infrastructure. The National Cyber Security Alliance (NCSA) is a public-private partnership focused on promoting cyber security and safe behavior online." Includes a list of the top ten cyber security tips for home users.


Culling unpopular colleagues?
Software Magazine September/October 2004 (Vol. 21, No. 5) pp. 28-32 Why Culling Software Colleagues Is Popular
"Cutting staff is generally seen as an unpleasant duty, to be carried out when a companyís financial position deteriorates. This article explores the observation that regular culling of staff can be popular with the workforce, because poor performers cause much more damage than is apparent to management. Using queuing theory and simulation, the author demonstrates the severe impact of poor work. In this context, the support for cutting poor staff is logical. The author recommends surveying your software developers to find out if they feel that this would improve their productivity. If so, then there is a popular mandate to implement a 'rank and remove' approach. "


Books on Hacking

Hacking Exposed: Network Security Secrets and Solutions, 4th edition Stuart McClure, Joel Scambray, George Kurtz. Explains operating systems, switch and network vulnerabilities--used by the bad guys to get in--and how to remove them. 

Hacking: The Art of Exploitation, by Jon Erickson. Describes the techniques of computer hacking, covering such topics as stack-based overflows, format string exploits, and shellcode. of Exploitation  


2) Quantitative methods

I have just started presenting a course in Quantitative Methods to the first year BA students at the Irish Management Institute. This draws upon my background in financial modelling and operations research, and some lecturing I did in the School of Management Science and Information Systems Studies (MSISS) at the Department of Statistics in Trinity College Dublin.

For the course book, I am using Louise Swift's "Quantitative Methods for Business, Management and Finance"  because it starts from the right place for mature students who have forgotten school math, and gives many examples to practice the points.  It covers Essential Maths, Describing Data, Probability, Statistics, and Business Modelling, which includes linear programming, project planning, inventory control, time value of money, quality control, and simulation. 

I can send a longer book list to anyone who requests it. My close second choice was "Quantitative approaches in business studies", by Clare Morris 6th ed 2003, very reader-friendly but slightly less detailed. 


For readers interested in quants, here are some more useful links: Paul Wilmott's site on Quantitative Finance (is there any other kind?) has forums discussing financial engineering techniques, risk modelling, derivatives, Monte Carlo simulation, and more. His book is:

Paul Wilmott on Quantitative Finance, 2 Volume Set, gets five-star reviews. Updates "Derivatives: The Theory and Practice of Financial Engineering". With essential Visual Basic code and spreadsheet explanations of the models 

Here are two online texts with free content:  Spreadsheet Modeling for Investment Decisions, online ebook by Martin Hovey of the University of South Queensland. "Spreadsheet Modelling for Investment Decisions should be treated as a supplement to finance textbooks... a valuable aid to developing workable models quickly and accurately."  Spreadsheet Modeling in Corporate Finance, online ebook by Martin Hovey of "The book is written as a supplement to your corporate finance textbook."

Book on financial modelling with spreadsheets CD

Financial Modeling, by Simon Benninga. A finance "cookbook" that bridges the gap between theory and practice by providing a nuts-and-bolts guide to solving common financial models with spreadsheets 


3) Euro future

I recently had a call from Elly Fiorentini of BBC Radio York to answer a question live about decimalisation. It still looks unlikely that the UK is going to do anything about the euro, even though the public service is still conscientiously updating the transition plan:  Euro Preparations - What you need to know (July 2004)
This leaflet provides a summary of the third outline National Changeover Plan. It explains how the UK would make the change from sterling to euro in the event of a decision to join.

I also hear from people in the new EU accession countries about my euro conversion book, so maybe this topic will be revisited in a couple of years!

Just to remind you, my popular online Euro currency exchange conversion calculator Convert euros, dollars, pounds, and more for EU and world currencies with today's European Central Bank rates is available for free use in an iframe if you would like to provide visitors with a currency converter service on your web site.


4) Spreadsheets

New Statistics on Model Error Rates

Usually, people quoting statistics on defect creation rates in spreadsheets refer back to Ray Panko's original researches from 1995-2000. Here is some current work that shows it's just the same now.  Financial Modelling of Project Financing Transactions; Robert J Lawrence, Jasmine Lee, Institute of Actuaries of Australia Financial Services Forum 26-27 August 2004.

They quote Tom Grossman: "experienced spreadsheet users are but amateur spreadsheet programmers." and go on to say "The risks of modelling are well understood in the project financing industry, particularly in the Australian market, and these risks are beginning to be appreciated in other industries as well. People with actuarial training are more likely to view the financial model as a dynamic rather than static model and thereby focus on the logic rather than the results based on current input assumptions."

Statistics on Model Error Rates is an appendix. "They are based on the thirty most financially significant projects that Mercer Finance & Risk Consulting reviewed during the financial year ending 30 June 2004. For the financial models related to these thirty projects the average number of unique formulae per model was 2,182 and the average number of issues raised during the initial review of these models was 151 (or, 6.9% of the number of unique formulae). The average number of versions required in order to produce a model that could be 'signed-off' was 6."

One spreadsheet needed 17 revisions to resolve 239 issues: 22MB, 4,825 Unique Formulas. The very best (in terms of issues as % of Unique Formulas) spreadsheet needed 3 revisions to resolve 49 issues: 1.9MB, 1,559 Unique Formulas.


Expert help is at hand

I can help you with spreadsheet modelling, model review, testing, audit and control:

Recent news of fraud and expensive mistakes requiring compensation have prompted leading banks, financial institutions, manufacturing, and service industries to take a harder look at the risks they are exposed to from spreadsheet applications.

I have developed a particular expertise in detailed testing of spreadsheet models and their structural integrity.  Every customer is surprised at the defects that are uncovered! Would you take the challenge for your critical models?

When you are reviewing  your internal controls, whether for Sarbanes-Oxley (SOX) or other compliance concerns, call on me for a thorough review of your spreadsheet applications. Phone +353 55 22294 or email me .


Books on Sarbanes-Oxley (SOX) compliance  lists recommended books for detailed and high-level overviews of SOX, as well as other technical and business books.



Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

Ig Nobel prizes 2004 The 2004 Ig Nobel Prize Winners
MEDICINE : Steven Stack of Wayne State University, Detroit, Michigan, USA and James Gundlach of Auburn University, Auburn, Alabama, USA, for their published report "The Effect of Country Music on Suicide."
PUBLIC HEALTH : Jillian Clarke of the Chicago High School for Agricultural Sciences, and then Howard University, for investigating the scientific validity of the Five-Second Rule about whether it's safe to eat food that's been dropped on the floor.
CHEMISTRY : The Coca-Cola Company of Great Britain, for using advanced technology to convert liquid from the River Thames into Dasani, a transparent form of water, which for precautionary reasons has been made unavailable to consumers.

Check the web site for the other categories!

Actuary jokes May 2004 issue of Actuary Australia

- technical analysis is astrology performed with a spreadsheet
- bank propriety derivative trading is gambling sanctioned by boards who do not understand it
- selecting an investment manager is like choosing a poker machine based on how much it has paid out in the recent past.
(Darren Wickham)

An actuary is someone who can tell you how many people will die in the next year. A Sicilian actuary can also tell you their names and addresses.
(Roger Bohlsen)


Copyright 2004 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website 

 [Previous] [Index] [Next]