PraxIS June 2005

05-06 Contents: Watchdogs nod, Bill of rights and responsibilities for testers, Eusprig programme, Spreadsheet Check+Control

ISSN 1649-2374 This issue online at   [Previous] [Index]   [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
     The watchdogs nod
2) Software Development and Testing
     Agile & Evolutionary, rights and responsibilities of testers
     Project Intelligence
     CSE Software Engineer's Seminar Series at ICS
3) Eusprig 2005 Draft Programme
     Register now!
4) Spreadsheet Check and Control
     New book due September 2005
5) Off Topic
20 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

It's nice to be able to report on some serious software process improvement presentations this month. And of course to pre-announce my new book on Spreadsheet Check and Control!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

The Watchdogs nod

Breaches welcomed at SEC

SEC fails own security and accounting tests Source:

The US Government Accountability Office (GAO) has conducted the first ever external audit of the Securities Exchange Commission (SEC), finding that the agency failed to implement a "comprehensive monitoring program to identify unusual or suspicious access activities". A lack of user accounts and passwords, access rights and permissions, network security, or audit and monitoring of security events could enable a hacker to access sensitive financial information undetected. The GAO also found weaknesses in internal practices, such as issuing penalties to companies. However, the SEC had not broken any compliance regulations, despite its security weaknesses. SEC officials plan to improve their security to serve as an example to the companies it regulates.,39024655,39130801,00.htm 

Links to the GAO report Financial Audit: Securities and Exchange Commission's Financial Statements for Fiscal Year 2004. GAO-05-244, May 26. (656K PDF) Highlights - (36K PDF)

Dept Homeland Security fails security audit

Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities. GAO-05-434, May 26. (684K PDF) Highlights - (45K PDF) 


2) Software Development and Testing

Agile & Evolutionary, rights and responsibilities of testers

Enterprise Ireland is the agency charged with promoting Ireland's technology industry. They recently brought Tom Gilb to Ireland to talk on Evolutionary Development. Tom's paper on "What is missing from Agile Methods" was presented at the E-I events. You can download the full 10MB presentation from See if you can infer from this article what he thinks is missing, before I reveal it at the end. As a case study on EVO methods he reported on the ConfirmIT project in Trond Johansen's company FIRM in Norway. This showed remarkable improvements once they focused on measures of success.

E-I kindly sponsored Tom to present to SoftTest Ireland on a "Testers Rights: What Test should demand from others, and why?", and the main lessons of the FIRM case study. A short Bill of Rights for testers was described by Lisa Crispin at Tom's is considerably longer, but evoked so much interaction from the attendees that he did not get past the summary slide! The full paper is worth reading at In summary, testers have the right to:

1. sample their process inputs, and reject poor quality work (no entry).
2. unambiguous and clear requirements.
3. test evolutionarily; early as the system increments.
4. integrate their test specifications into the other technical specifications.
5. be a party to setting the quality levels they will test to.
6. adequate resources to do their job professionally.
7. an even workload, and to have a life.
8. specify the consequences of products that they have not been allowed to test properly.
9. review any specifications that might impact their work.
10. focus on testing of agreed quality products, and to send poor work back to the source.

Here are a couple of quotes from the presentation:

"Typical requirements today have 50 to 300 major defects per page, each can lead to a wrong test. It takes about 15-30 minutes to take a 1 page sample and check it according to standards Like ‘unambiguous’, ‘clear enough to test’." Tom cited two recent cases where after a short training session managers were able to identify 300 defects (London) and 162 defects (Dublin) in one page of their best approved requirements document.

"Testers in fact have a professional obligation to send clear early written warning signals to project management about consequences. For example: bug rate predictions at customer sites, if released now; load of work at help desks; load of work doing bug fixing and regression testing. All consequent problems fleshed out - with concrete suggestion about what to do in practice about it."

If you haven't guessed already, what Tom regards as missing from XP is quantification - measurement and the use of the data for extrapolations. My courses in the Personal Software Process (PSP) included measurement and estimation. Tom's focus however is on the business value of the process, and the evolutionary method that allows him to make a remarkable "no cure, no pay" offer. If only that applied to the major IT and road construction projects that we have all heard overrun their cost!

The Agile movement describes Customer Rights, Programmer Rights, and Manager Rights, which you can read at:,39024626,20280741,00.htm

With rights come responsibilities: a US DOD web site mentions a "Program Manager's Bill of Rights and Responsibilities" which I can't find in its original form but Google has a cached version from the web site.

So, what do you think are testers' obligations? I've put together this list of "Testers' Responsibilities":

  1. Negotiate service level agreements and monitor their achievement
  2. Seek better ways to test and to improve productivity with tools and training
  3. Define their test process, with entry and exit standards
  4. Define and justify the level of test resources needed for a required level of test quality
  5. Report progress in good time to permit management redirection of effort
  6. Write early, candid, objective assessments of risks and their consequences to project management.

Books by Tom Gilb Engineering A Handbook For Systems Engineering, Requirements Engineering, and Software Engineering Using Planguage, by Tom Gilb, 400 pages, 2005. It is based on well-defined terms, processes and specification standards. It will help at all CMM(I) levels and beyond. Inspection Tom Gilb, Dorothy Graham (1993). How to achieve high-quality software through inspection, which can be defined as "a formal review of documents to find errors, giving effective statistical process improvement". It illustrates the benefits of the technique in terms of less defects, higher productivity, better project tracking and improved documentation.

Finally, here is a tip that won't last long: until his new "Competitive Engineering" book is published, Tom Gilb is making it available as a free download at  Even if that book is gone when you visit, there are many more goodies available that make that page well worth a visit, such as his "12 tough questions about written material".

Project Intelligence

Paul Gerrard of Systeme Evolutif in the UK presented "Project Intelligence" at the SoftTest event . You can download his paper at - the Project Intelligence Framework: project management, assurance and testing (Powerpoint, PDF). There is a comprehensive white paper also available (10MB PDF file!).  It was interesting to note that both speakers focused on business value.

Software Engineer's Seminar Series (Irish Computer Society, Dublin)

The Product Management View: Establishing the roll-out of systems, 6pm June 8th, 2005

A software project is frequently carried out in conjunction with other projects: both with other software projects, and with projects set up to exploit the results of the software project. The product management view supports the portfolio of projects includes release management. This helicopter view helps to give clarity to individual projects, and ease the planning and prioritising of projects.

The Methods View: Why and when use an agile approach, 6pm  July 6th, 2005

A software project can be viewed from a number of perspectives. Historical records show high failure rates. The use of principles and the techniques introduced in the past decade have changed the thinking about software development, and improved the success rate in certain key respects.

Presentations by the Centre for Software Engineering. Map and contact details: 


3) Eusprig 2005 Draft Programme

July 7-8, 2005 at University of Greenwich, London. 

Thursday, July 7th 2005

Friday, July 8th 2005


4) Spreadsheet Check and Control

My new book will contain 47 key skills in the design, test, and checking of spreadsheets.

A reviewer who saw an early draft said "Excellent … it should be required reading for all young trainee accountants" - Ciaran Walsh, senior finance specialist, Irish Management Institute.

Learn how to:

·         Present results with more confidenceknowing that you have checked for errors

·         Create spreadsheets faster by avoiding wasted time from lack of specification

·         Increase efficiency  by avoiding rework

·         Reduce worry about costly and embarrassing mistakes

·         Discover powerful formula auditing techniques

·         Foil attempts to conceal data and formulas from you

 Benefits to your organisation

·         Reduce compliancecosts for businesses in regulated sectors

·         Be able to demonstrate management of material risks

·         Increase controls on spreadsheet based financial reporting

·         Ensure data quality and accuracy

·         Protect against formula and operational errors

Orders placed before July 8th will qualify for free delivery. Check out for news.



Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

Spoof site:

SFood site:


Copyright 2005 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website