PraxIS July 2007

07-07 Contents: Audit Guides, ISO 27K Guides, Automation, Chance, Eusprig 2007

ISSN 1649-2374 This issue online at   [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
     Global Technology Audit Guide (GTAG)
     Guidance to ISO 27K Information Security Management Standards
2) Software Testing
     Automated Scripts push my buttons
3) Just read these a second time
4) Spreadsheets
     Eusprig 2007 in Greenwich July 11-13
5) Off Topic
     'Canada' explained to foreigners
10 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

Summer is upon us so the newsletter will take a lighter tone ... in fact I might just skip August altogether, as it's a holiday month.

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

Global Technology Audit Guide (GTAG®)

The IIA is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG®) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.

  1. Information Technology Controls
  2. Change and Patch Management Controls: Critical for Organizational Success
  3. Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
  4. Management of IT Auditing
  5. Managing and Auditing Privacy Risks
  6. Managing and Auditing IT Vulnerabilities
  7. Information Technology Outsourcing

Guidance to ISO 27K Information Security Management Standards

The information on that website has been gathered from ISO/IEC and similar official sources plus various unofficial sources such as newsletters from ISMS user groups, presentations by and private communications from members of various national standards bodies active on ISO27k business.


2) Software Testing

Automated Scripts push my buttons

I recently ran my ScanXLS spreadsheet quality assessment tool on the EUSES Consortium corpus of 5600 spreadsheet files. I had my own test set of almost 3000 files but I discovered some new things in this set. I also realised that it's rather boring having to check the PC every half hour or so over a nine hour run, to see if Excel has popped up some prompt that is not preventable from VBA. Mostly it just requires the user to press enter to acknowledge that some data has been lost in a corrupted file. In one case, an input is needed; that's where a spreadsheet created in a double-byte character set but opened in a plain Western PC has two sheet tabs that are different in Japanese but the same in ANSI, leading to a defined name conflict for a built-in name like "Print_Titles". In that case, the user needs to type in something, anything unique, just to proceed.

So, I downloaded AUTOIT3 from

Having identified the pop up error message windows, I now have a script that automatically pushes the OK button for me, and fills in a name conflict too. It's just a step up from a record-and-play software testing tool but it suits my purpose well.

Other resources Software QA Testing and Test Tool Resources

Books on Software Test Automation  Software Test Automation by Mark Fewster and Dorothy Graham Automated Software Testing: Introduction, Management and Performance, Dustin, Rashka, Paul, 1999, describes the Automated Test Lifecycle Methodology (ATML)  Lessons Learned in Software Testing: A Context Driven Approach, Cem Kaner, James Bach, Brett Pettichord, 2002



3) Just read these a second time

On the lines of "now that I think about it", Chance News has some recent gems in their 'Forsooth' section at

What happens when a statistician or a literalist looks at lyrics: In "Die schöne Müllerin" by Franz Schubert, there is a line "Da springen drei Rosen, Halb rot und halb weiß " ... "up spring three roses, half red and half white". (Well, I suppose you could have a variegated rose?)

The Kansas City Star newspaper has a poll ( on its website asking people their opinions about the Harry Potter series of books. The first question asks "Is Snape good or bad?" and offers the choices "Yes" or "No". As of June 7, there were 33 (29%) votes for "No". (We know what they meant, but, a poorly thought out survey question)

According to the New York Times of 20 June 2007, 'Brian Kelly, the editor of U.S. News, said more than 50 percent of the presidents, provosts and admission deans who were sent the annual survey of colleges’ reputations continued to fill it out. “We think the vast majority of presidents and academics are still supporting the survey,” he said.' (Well, 'the vast majority' IS more than 50% ... !)

You Can Own an Integer Too — Get Yours Here, ( Ed Felten, May 7, 2007 — "this professor of Computer Science and Public Affairs at Princeton University suggests a way that you can also 'own' your own random integer and hundreds have already done so. He even suggests a use for your number: Did we mention that a shiny new integer would make a perfect Mother’s Day gift?" (In fact, at Eusprig conferences, we have presented some speakers with a prime number specially generated from numbers significant in their personal life.)


4) Spreadsheets

Eusprig 2007 in Greenwich July 11-13

I look forward to seeing some PraxIS readers at the 2007 conference of the European Spreadsheet Risks Interest Group in Greenwich. Here's an outline of the programme, beginning with some diversion at 4pm on Wed July 11 - Hunt The Bug - for those who arrive early and have a laptop with them. Thu July 12 is the main conference day opening with Dean Buckner of the UK Financial Services Authority. The now mature market of spreadsheet control vendors will feature Compassoft (the main sponsors), ClusterSeven, Prodiance, and Codematic. Leading research and guidance on Risk Management will be represented by speakers from the Stuart Graduate School of Business (USA), UWIC, Dartmouth College and University of Hawaii. Development methodologies will be presented by University of San Francisco, Resolver Systems Ltd, Spreadsheet Factory (UK), UWIC and Cardiff University, and continue through Friday with Dundalk Institute of Technology (Ireland) Operis (UK), Small Spark (UK), and Systems Modelling (Ireland).

Spreadsheet Check and Control: 47 best practices to detect and prevent errors Available worldwide from Amazon.

List large directories of spreadsheets, find data links and errors  ScanXLS 3.1 spreadsheet inventory and assessment tool
ScanXLS3 works in Excel 2000 to 2007 and can process the much larger files in Excel 2007 (version 12), 16384 columns by 1048576 rows. It lists all XL* files in directories and reports many types of error and unusual properties. It allows you to specify as many properties and search terms as you wish. It optionally reports a detailed list of cell addresses with errors. It also reveals dependencies by the use of workbook formula links and external data sources.




Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

My wife Megan & I will be spending August at the Banff Centre, near Calgary, Alberta. She has a one month artist's residency and I'm coming along for a holiday in the Canadian Rockies. The following is from a typical Friday post on the Excel-L list:

Canada (a name derived from the Spanish for "there's nothing here") is a geographically large country above the United States and between the Atlantic and Pacific oceans. The following questions are from a "visit Canada" website submitted by potential visitors who were desirous of more information about Canada, as well as the answers that the visitor's bureau staff would obviously love to send back, but don't dare:

------- Forwarded message follows -------

Q: I have never seen it warm on Canadian TV, so how do the plants grow? (UK)
A: We import all plants fully grown and then just sit around and watch them die.

Q: Will I be able to see Polar Bears in the street? (USA)
A: Depends on how much you've been drinking.

Q: I want to walk from Vancouver to Toronto-can I follow the Railroad tracks? (Sweden)
A: Sure, it's only four thousand miles, take lots of water.

Q: Which direction is North in Canada? (USA)
A: Face south and then turn 180 degrees. Contact us when you get here and we'll send the rest of the directions.

Q: Are there supermarkets in Toronto and is milk available all year round? (Germany)
A: No, we are a peaceful civilization of Vegan hunter/gathers. Milk is illegal.

Q: I have a question about a famous animal in Canada, but I forget its name. It's a kind of big horse with horns. (USA)
A: It's called a Moose. They are tall and very violent, eating the brains of anyone walking close to them. You can scare them off by spraying yourself with human urine before you go out walking.

Q: Will I be able to speak English most places I go? (USA)
A: Yes, but you will have to learn it first.



Copyright (c) Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to 

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editorr
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website