04-12 Contents: Home PC security, Totalnic, Good Sox, Software testing guidance, Information Science, Spreadsheets and Sarbanes-Oxley
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0412.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
Home PC Security
End of the domain name hostage saga?
Should European companies pull up their SOX?
|2) Software quality
The D-word: Documentation
Software testing presentations downloadable
|3) Information science
Book: 'Web Search Garage'
Speegle im Speegle
EuSpRIG Annual Conference July 7/8 2005
Auditors: "Spreadsheet controls not sufficient"
Agile Spreadsheet Development
|5) Off Topic
|30 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
Enjoy the holidays !
http://www.sysmod.com/free-home-computer-security.htm In response to a request from a local magazine, I wrote a short article on Free Home PC Security Tips article for home users. It contains the basic advice on exercising caution on the internet and provides links to free software for home PC protection. I since came across another site with the same aim:
http://surfthenetsafely.com Vic Laurie's discussion of Internet hazards: malware, viruses, worms, Trojans, cookies, email attachments, phishing, and spam. Shows how to configure Outlook Express and Internet Explorer for greater security.
http://www.goodpassword.com generates a password from 6-20 characters with the ability to specify what kind of characters you want to use.
For some years the Australian registrar Capital Networks Pty Limited, aka Totalnic, has been blocking the transfer out of domain names through unreasonably restrictive practices. They required copies of passports or notarized company documents, and any change required a 6-month wait before resubmission. I managed to get one .org address away from them, but not .com addresses. ICANN were no help in this process, they could not enforce their own rules at http://www.icann.org/transfers/ and I could not find a local Oz solicitor to affordably take a Small Claims court action. There used to be a TotalnicSucks.com web site but it is not live now, and threads about Totalnic have been pulled from SitePoint.com forums because of legal concerns.
I recently found this announcement "PacNames is pleased to announce it recently acquired the TotalNIC gTLD registrar". I have since successfully transferred a domain away from them, so they appear to comply with the new ICANN rules. Other links related to this story are:
The Sarbanes-Oxley Act, passed after Enron's collapse and other corporate scandals, forces companies to upgrade their internal controls functions that ensure their financial numbers and compliance with regulations are reliable and obliges auditors to test these controls. The main focus of corporate anger has been over the Act's section 404, which requires managements to state, in year-end filings, the adequacy and effectiveness of these internal controls.
http://finance.groups.yahoo.com/group/B2-ORM/ David Spinks, the chairman of the B2-ORM yahoogroup, pointed up an interesting Financial Times article recently on "Anglo-German action against Sarbanes-Oxley" (not free, only for FT subscribers)
British and German business groups are to launch a joint campaign to fight what they see as the 'excessive costs and regulatory burden' imposed by the US Sarbanes-Oxley corporate governance legislation. In a sign of the growing international corporate backlash against the Act, they will urge the US Securities and Exchange Commission to make changes, including making it easier to delist from US stock exchanges. Digby Jones, CBI (Confederation of British Industry ) director-general said that the German industry federation BDI had revealed that nearly all German companies with a US listing had at least considered delisting there as a result of Sarbanes-Oxley.
Martyn Emery of 2020governance.com countered that "UK firms have a distinct advantage with SOX compliance. There has been and there is a culture of investment centric corporate governance in the UK, mostly introduced by the work of Sir Adrian Cadbury. Whereas the more social centric franco/germanic governance model needs far more adaptation."
The Clarrus Compendium is a brief weekly perspective into the software industry, written by Jim Brosseau and Geoff Flamank. I recommend this recent article:
"It never ceases to amaze me that people in software development have an almost religious aversion to the dreaded ‘D-word’ – documentation. Anything from 'we don’t have time for that stuff' to 'we got our documentation over with, now we can get on with the project', and everything in between. If the primary driver for success in the collaborative game of software development is communication, why do we all loathe documentation? There are a number of dysfunctional attitudes around documentation that contribute to its bad reputation. [...]
Documentation is not evil; it is a necessity for most software projects that is managed poorly. It can be thought of as the practical persisting of a common understanding that has been achieved through collaboration, used to facilitate future work toward our common goals. If you are not following this approach, stop wasting your time with documentation – you will probably need the time later to clean up the mess you have on your hands. "
SoftTest Ireland is the special interest group for the community of software testers in Ireland. Recently elected their new chair, I also keep the job of webmaster and have uploaded these presentations from recent meetings to http://www.SoftTest.ie
A Complete Guide to Evaluating Software Testing Tools , John Watkins, IBM
http://www.SoftTest.ie/eval-test-tools-ibm.ppt (406K PPT) and white papers in Word .doc format in long (42 pages, 243K) and short (7 pages, 310K) versions. This talk presents a comprehensive discussion of all aspects of the process of evaluating software testing tools. It is presented from a pragmatic perspective, based on the accumulated experience of numerous testing professionals who have been involved in the complex task of evaluating and selecting a testing tool to meet their particular testing requirements.
Testing in an Agile World, David Putman , Exoftware
http://www.SoftTest.ie/agile-testing-exoftware.ppt (485K PPT)
A personal take on a number of complementary testing strategies, focusing primarily on those used by practitioners of so-called 'agile' software methodologies. No testing strategy works for every situation, and often success can depend on the choice of the testing strategies made by the team.
Risk Analysis and Test Strategy,
Erik van Veenendaal, Improve Quality Services
http://www.SoftTest.ie/test-strategy-risk-analysis.ppt (923K PPT)
http://www.SoftTest.ie/5-core-practices.ppt (688K PPT)
This presentation presents techniques for risk analysis and test strategy determination from a practitioner’s point of view. Once the risk have been identified and analysed, appropriate techniques have to be defined to mitigate those risks. A difficult and experienced based task, however a number of guideline will be presented to assist in choosing the appropriate techniques.
Adventures in Session-Based Testing,
James Lyndsay, Workroom Productions Ltd.
http://www.SoftTest.ie/faisbt.ppt (2.3MB PPT)
Session-based testing is a management technique, and can be used to introduce measurement and control to unscripted, open-ended test approaches. It makes an effective foundation for significant improvements in productivity and error detection. The techniques are particularly helpful in controlling reactive, fire-fighting test teams, and in bringing agility and focus to exploratory methods.
http://sysmod.com/az.php?a=0131471481&b=Web_Search_Garage "Web Search Garage" by Tara Calishain describes Google and Yahoo shortcuts and special syntaxes like "inurl:" and "site:". It also describes why one might wish to use other search tools instead. It was reviewed in http://www.freepint.com/bookshelf/ by Caryn Wesner-Early who said "This book explores more aspects of Internet searching than I realized existed! For instance, even after years of looking for jargon on the Internet, I never tried 'means' as a search term." Combine Google's wildcard capability with its exact-match search capability in queries like, "there are * types of horse" to yield reasonable-sized lists of useful hits. It gets five star reviews with comments like "And I thought I knew how to search!"
I read about a speaking search engine called Speegle http://www.speegle.co.uk/ . It apparently reads aloud Google search results. They caution that it can be slow depending on load. I didn't hear anything at all - has anybody else tried it, and might it suit the visually impaired?
http://scholar.google.com provides citations of academic papers to do with your search topic. It has been investigated by ResourceShelf, Search Engine Watch and others, see http://www.freepint.com/go/b30646. There is a weblog devoted to Google Scholar http://www.researchbuzz.org/archives/002171.shtml and a Google Scholar Bookmarklet http://www.researchbuzz.org/archives/002168.shtml
Any comments from our academic readers? Will this help researchers or just give students another "easy" route to avoid doing actual reading?
www.eusprig.org The European Spreadsheet Risk Interest Group (EuSpRIG) is issuing a Call for Papers for the 2005 conference on "Managing Spreadsheets in the light of Sarbanes-Oxley". The 6th EuSpRIG Annual Conference will provide you with an opportunity to share your own work with a broad range of researchers, practitioners and recognised leaders in the field of spreadsheet research. The programme will concentrate on all aspects of the management of spreadsheets including:
- assessing current spreadsheet use
- risk and other classification systems
- proving effectiveness
- available controls techniques
- planning which kind of techniques fit which risks
- maintaining integrity and compliance
Deadline for submission of complete papers: Friday 25th February 2005
I maintain a list of reported problems arising from inadequate controls on spreadsheet use at http://www.eusprig.org/stories.htm , below is the latest addition!
When auditors are obliged to comment on internal IT controls, they do so...
"Tweeter Entertainment Group Inc., an electronics retailer, reported a wider fourth-quarter net loss yesterday, $12.5 million compared with $10.2 million a year ago, and a 3.5 percent decline in sales at stores open for more than a year. To make matters worse, Tweeter announced that its auditor, Deloitte & Touche LLP, said its spreadsheet controls were 'not sufficient' in the fourth quarter. A spokeswoman declined to say how much in 'recorded adjustments' the company made. Tweeter said the errors did not affect prior periods. "
Charley Kyd's Excel User web site has published an update on my article on applying "agile methods" to this most agile of end user development tools!
http://www.exceluser.com/tools/agile1.htm Many programmers use Agile Software Development, a collection of techniques that reduce errors and speed software development. Here's how Excel users can use similar techniques to gain similar benefits.
Here's a question for you: do you agree with my statement that "A large system developed or evolved from multiple spreadsheets is much more like a conventional systems development project, so there is a need for IT to offer support with their experience of integration testing." Or do you believe that IT people are not skilled in spreadsheets and getting them involved in spreadsheet development would introduce over-complexity and a risk from a lower level of knowledge of the business area?
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
Ahead of time, let me wish all my readers a good relaxing break at the Christmas holidays. If you have still to make some Amazon purchases, please visit our Amazon World Search page and bookmark it to make it easy to return to! http://sysmod.com/amazon
If you'd like to revisit a favourite holiday page, check out our
quiz at :
Copyright 2004 Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/