05-06 Contents: Watchdogs nod, Bill of rights and responsibilities for testers, Eusprig programme, Spreadsheet Check+Control
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0506.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
The watchdogs nod
|2) Software Development and Testing
Agile & Evolutionary, rights and responsibilities of testers
CSE Software Engineer's Seminar Series at ICS
|3) Eusprig 2005 Draft Programme
|4) Spreadsheet Check and Control
New book due September 2005
|5) Off Topic
|20 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
It's nice to be able to report on some serious software process improvement presentations this month. And of course to pre-announce my new book on Spreadsheet Check and Control!
SEC fails own security and accounting tests Source: Silicon.com
The US Government Accountability Office (GAO) has conducted the first ever external audit of the Securities Exchange Commission (SEC), finding that the agency failed to implement a "comprehensive monitoring program to identify unusual or suspicious access activities". A lack of user accounts and passwords, access rights and permissions, network security, or audit and monitoring of security events could enable a hacker to access sensitive financial information undetected. The GAO also found weaknesses in internal practices, such as issuing penalties to companies. However, the SEC had not broken any compliance regulations, despite its security weaknesses. SEC officials plan to improve their security to serve as an example to the companies it regulates. http://software.silicon.com/security/0,39024655,39130801,00.htm
Links to the GAO report Financial Audit: Securities and Exchange Commission's Financial Statements for Fiscal Year 2004. GAO-05-244, May 26. http://www.gao.gov/cgi-bin/getrpt?GAO-05-244 (656K PDF) Highlights - http://www.gao.gov/highlights/d05244high.pdf (36K PDF)
Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities. GAO-05-434, May 26. http://www.gao.gov/cgi-bin/getrpt?GAO-05-434 (684K PDF) Highlights - http://www.gao.gov/highlights/d05434high.pdf (45K PDF)
Enterprise Ireland is the agency charged with promoting Ireland's technology industry. They recently brought Tom Gilb to Ireland to talk on Evolutionary Development. Tom's paper on "What is missing from Agile Methods" was presented at the E-I events. You can download the full 10MB presentation from http://www.xpday.org/slides.php. See if you can infer from this article what he thinks is missing, before I reveal it at the end. As a case study on EVO methods he reported on the ConfirmIT project in Trond Johansen's company FIRM in Norway. This showed remarkable improvements once they focused on measures of success.
E-I kindly sponsored Tom to present to SoftTest Ireland on a "Testers Rights: What Test should demand from others, and why?", and the main lessons of the FIRM case study. A short Bill of Rights for testers was described by Lisa Crispin at http://home.att.net/~lisa.crispin/XPTesterBOR.htm Tom's is considerably longer, but evoked so much interaction from the attendees that he did not get past the summary slide! The full paper is worth reading at www.SoftTest.ie. In summary, testers have the right to:
1. sample their process inputs, and reject poor quality work (no entry).
2. unambiguous and clear requirements.
3. test evolutionarily; early as the system increments.
4. integrate their test specifications into the other technical specifications.
5. be a party to setting the quality levels they will test to.
6. adequate resources to do their job professionally.
7. an even workload, and to have a life.
8. specify the consequences of products that they have not been allowed to test properly.
9. review any specifications that might impact their work.
10. focus on testing of agreed quality products, and to send poor work back to the source.
Here are a couple of quotes from the presentation:
"Typical requirements today have 50 to 300 major defects per page, each can lead to a wrong test. It takes about 15-30 minutes to take a 1 page sample and check it according to standards Like ‘unambiguous’, ‘clear enough to test’." Tom cited two recent cases where after a short training session managers were able to identify 300 defects (London) and 162 defects (Dublin) in one page of their best approved requirements document.
"Testers in fact have a professional obligation to send clear early written warning signals to project management about consequences. For example: bug rate predictions at customer sites, if released now; load of work at help desks; load of work doing bug fixing and regression testing. All consequent problems fleshed out - with concrete suggestion about what to do in practice about it."
If you haven't guessed already, what Tom regards as missing from XP is quantification - measurement and the use of the data for extrapolations. My courses in the Personal Software Process (PSP) included measurement and estimation. Tom's focus however is on the business value of the process, and the evolutionary method that allows him to make a remarkable "no cure, no pay" offer. If only that applied to the major IT and road construction projects that we have all heard overrun their cost!
The Agile movement describes Customer Rights, Programmer Rights, and Manager Rights, which you can read at: http://www.builderau.com.au/program/development/0,39024626,20280741,00.htm
With rights come responsibilities: a US DOD web site mentions a "Program Manager's Bill of Rights and Responsibilities" which I can't find in its original form but Google has a cached version from the akss.dau.mil web site.
So, what do you think are testers' obligations? I've put together this list of "Testers' Responsibilities":
http://sysmod.com/az.php?a=0750665076&b=Competitive Engineering A Handbook For Systems Engineering, Requirements Engineering, and Software Engineering Using Planguage, by Tom Gilb, 400 pages, 2005. It is based on well-defined terms, processes and specification standards. It will help at all CMM(I) levels and beyond.
http://sysmod.com/az.php?a=0201631814&b=Software Inspection Tom Gilb, Dorothy Graham (1993). How to achieve high-quality software through inspection, which can be defined as "a formal review of documents to find errors, giving effective statistical process improvement". It illustrates the benefits of the technique in terms of less defects, higher productivity, better project tracking and improved documentation.
Finally, here is a tip that won't last long: until his new "Competitive Engineering" book is published, Tom Gilb is making it available as a free download at http://www.gilb.com/Pages/2ndLevel/gilbdownload.html Even if that book is gone when you visit, there are many more goodies available that make that page well worth a visit, such as his "12 tough questions about written material".
Paul Gerrard of Systeme Evolutif in the UK presented "Project Intelligence" at the SoftTest event . You can download his paper at http://www.evolutif.co.uk/ - the Project Intelligence Framework: project management, assurance and testing (Powerpoint, PDF). There is a comprehensive white paper also available (10MB PDF file!). It was interesting to note that both speakers focused on business value.
The Product Management View: Establishing the roll-out of systems, 6pm June 8th, 2005
A software project is frequently carried out in conjunction with other projects: both with other software projects, and with projects set up to exploit the results of the software project. The product management view supports the portfolio of projects includes release management. This helicopter view helps to give clarity to individual projects, and ease the planning and prioritising of projects.
The Methods View: Why and when use an agile approach, 6pm July 6th, 2005
A software project can be viewed from a number of perspectives. Historical records show high failure rates. The use of principles and the techniques introduced in the past decade have changed the thinking about software development, and improved the success rate in certain key respects.
Presentations by the Centre for Software Engineering. Map and contact details: http://www.ics.ie/main/contact.htm
Keynote: Dean Buckner, Financial Service Authority (UK)
Ray Panko, (US) University of Hawaii, ‘Sarbanes and the spreadsheets’
Pat Cleary, Mukul Madahar and Lynne Norris-Jones, (UK) University of Wales Institute Cardiff, ‘Spreadsheet risks and accountability’.
Roland T. Mittermeir (AT), Markus Clermont (AT, IE), Karin Hodnigg (AT), ‘Protecting spreadsheets against fraud’
Grenville Croll (UK), Frontline Systems (UK) Ltd, ‘The Importance and Criticality of Spreadsheets in the City.’
Ralph Baxter, Cluster Seven (UK) ‘Regulation and the Integrity of Spreadsheets in the Information Supply Chain’
Keith Bishop (UK), Qtier Software Limited, ‘Qtier-Rapor: Spreadsheets in Compliance with the Sarbanes-Oxley Act.’
Ziv Hellman (IS), Inrise Financials, ‘Breaking Out of the Cell: On The Benefits of a New Spreadsheet paradigm’
Vipin Samar (US) ‘Controlling the Information Flow in Spreadsheets’
Stephen Powell (US) Dartmouth College ‘Developing an Auditing Protocol for Spreadsheet Models’
Adrian Carter (UK) ‘The use of spreadsheets to enable SOX compliance’
Conference Dinner with dinner speaker Ray Panko
Keynote: Derek Wimmer, Wimmer Systems (US)
John Nash and Jody Goldberg, (CA) University of Ottawa, ‘Why, How and When Spreadsheet Tests Should be Used’
Simon Thorne and David Ball, (UK), University of Wales Institute Cardiff, ‘Exploring human factors in spreadsheet development’
Kamal Rajalingham, (UK), University of Westminster, ‘A Revised Classification of Spreadsheet Errors’
Simon Murphy (UK), Codematic limited, ‘Comparison of Spreadsheets with other development tools (limitations, solutions, workarounds and alternatives)’
Freek Varossieau (NL), Scientific Software Inc., ‘Remediation Services for Excel, a comprehensive approach’
Vicki Lemieux, Credit Suisse First Boston ‘Archiving: The Overlooked Spreadsheet Risk’
My new book will contain 47 key skills in the design, test, and checking of spreadsheets.
A reviewer who saw an early draft said "Excellent … it should be required reading for all young trainee accountants" - Ciaran Walsh, senior finance specialist, Irish Management Institute.
· Present results with more confidenceknowing that you have checked for errors
· Create spreadsheets faster by avoiding wasted time from lack of specification
· Increase efficiency by avoiding rework
· Reduce worry about costly and embarrassing mistakes
· Discover powerful formula auditing techniques
· Foil attempts to conceal data and formulas from you
· Reduce compliancecosts for businesses in regulated sectors
· Be able to demonstrate management of material risks
· Increase controls on spreadsheet based financial reporting
· Ensure data quality and accuracy
· Protect against formula and operational errors
Orders placed before July 8th will qualify for free delivery. Check out www.SystemsPublishing.com for news.
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
Spoof site: http://www.AllAmericanAntispamAssociationofAmerica.com
SFood site: http://www.storewars.org/flash/
Copyright 2005 Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/