PraxIS Aug. 2009

09-08 Contents: Hacked ATM hacked, IQ history, Data leak, Selling skills,Excel Au,Nz,Asia, LinkedIn

ISSN 1649-2374 This issue online at   [Previous] [Index]  [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success


1) Risk
      Hackers unmask fake ATM
      450 year old document control processes
      McAfee data loss

2) Software Testing

3) Spreadsheets
     Antipodean Spreadsheet Gurus
     LinkedIn proliferates Excel groups

4) Off Topic

20 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information

Welcome to PraxIS

August is the holiday month, so this is a somewhat lighter issue.

Patrick O'Beirne


1)  IT Risk

Hackers unmask fake ATM

A fake ATM in a hotel was designed to record card data and PINs. The scam was uncovered after DefCon hackers (8000 attended the annual hacker fest) noticed something amiss with the machine. "They looked at the screen where there would normally be a camera," Priest, a senior conference organiser, told Computerworld. "It was a little bit too dark, so someone shined a flashlight in there and there was a PC." Defcon organisers notified the police who removed the machine for forensic tests.

Google security researcher Chris Paget has also been tweeting from Vegas about a separate cash machine scam involving multiple Diebold machines at the Rio All-Suite Hotel and Casino.

Centuries-old document control processes

There's an expression that someone "gives their imprimatur", implying approval. The word 'imprimatur' is Latin for "Let it be printed", and it comes from procedures devised in 1559 by the Catholic hierarchy to check and control documents to be sure no heresy was being disseminated. Here are the rules for a triple lock on information quality, with their translation:

1.    Concordat cum Originali  (In agreement with the orginal documents)
2.    Nihil Obstat  (Nothing hinders)
3.    Imprimatur (Let it be printed)

In modern terms, this would mean that document control procedures would include:

1. Check that the data in the report has been reconciled to the source data. Managers often complain that it is not clear to them where figures have come from. Check that no data is missing, that no spurious data has been added; ie it reflects the source, the whole of the source, and nothing but the source, When that line has been clearly drawn, then the necessary assumptions, interpolations, adjustments and projections can be clearly distinguished.

2. Review the output by someone, other than the author, who understands the reasoning behind the calculations and the significance of the data. They need to sign off that they find no defects in the document.

3. Have the boss take personal responsibility to approve the printed document before it is used by whatever decision process it supports.

Not bad for rules that are 450 years old!

McAfee warns of irony attack

After a McAfee-run security conference in Australia this month, a McAfee representative reportedly attached a spreadsheet with hundreds of guests’ personal information to a mass-mailed thank you note. The spreadsheet was said to have to contained names, phone numbers, e-mail addresses, employment information, and even dietary requirements of more than 1400 people.

“This is a dangerously high level of malicious irony,” an analyst warns. “We have not seen levels this high since the Windows Vista Compatibility Center suffered compatibility issues at its launch in 2008.”


2) Software Testing

A modest proposal

Last week I posted to a mail list a request from a company for someone to test an application intended for use as a sales aid in retail stores. What is interesting is just how low salesmanship is in that group. Of the many replies I received and forwarded to the prospect, not ONE indicated that they had read the brief, or that they had done anything like that before. The most assertive statement was from a manager saying that their testers "could potentially be suitably qualified".  They're all a very modest lot - I know of course they are all well qualified to perform user acceptance testing!



3) Spreadsheets


There's a lot of spreadsheet experts Down Under.  Many conferences such a EuroStar have both Northern and Southern Hemisphere versions, so maybe an  antipodean version of Eusprig might be  needed -  Australasian  Spreadsheets Risks Interest Group - Ausprig?  After all, they have had an Excel User conference:

People that come to mind are:

Toby O'Brien of BPM Financial Modelling is so far as I know the only person to have published a large document on Best Practices in Financial modelling at

Rickard Wärnelid who on his blog proposed an annual award night for the worst financial models :-)  He also has a handy list of Excel shortcuts for common commands (download requires registration) on

Nick Crawley has a financial modelling website Navigator Project Finance, of which Corality is a spinoff.

Anthony Berglas - the creator of the Spreadsheet Detective, probably the longest established product in this field

Dave Hawley -  the founder of Ozgrid. one of the most frequently referenced Excel sites on the net.

There's all the MVPs such as the author John Green; and those who frequent the newsgroups, like Dermot Balson  and Mercer Consulting whose 2004 review on spreadsheet quality I always cite in my presentations.

And the academics who have presented at Eusprig conferences: Paul Blayney, ( David Banks, Ann Monday ( , John (Fritz) Raffensperger ( .

Could be quite a conference!

LinkedIn proliferates Excel groups

I've been looking at the LinkedIn groups to do with Excel.  As far as I can see, the discussions are private and not indexed by Google. That must surely diminish their value. I'm not going to go trawling through a dozen groups with a few members or posts on the offchance that there's an answer to an Excel question. It is far better to search the newsgroups where the Excel MVPs hang out. On the other hand, there is an argument for private groups on topics that relate to using Excel such as Financial Modelling or Auditing, because these are often more discursive topics where there is no simple definitive answer to a 'how-to' question.

My groups, with their number of members, are: 
  Microsoft Excel Users  4,640
  Financial Analysts & Modelers  2,161
  Financial Modelling in Excel   1,177
  Excel Developers  879
  Financial Modelling Network   364
  Financial Modelling World Association  278
  Excel Gurus   225
  Model Audit Network   76

and that's not all!

The biggest group is  the Excel Users set up by Steve Burda who describes himself as the 'Mother Teresa of networking' and always asks people to connect to him. LinkedIn have now capped his connections at 40,000.  Forty thousand connections?! Bill Gates gave up on Facebook after a mere 10,000 peopl wanted to be his friend:    

Spreadsheet Check and Control: 47 best practices to detect and prevent errors



Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor


4) Off Topic

Last week of holidays

The September issue of Praxis will be a little late. For the first week I'll be at the Schubertiade in Schwarzenberg in Vorarlberg, the westernmost and wealthiest state of Austria. 
The Schubertiade is one of the top chamber music festivals, much in the way the Wexford Festival Opera has a niche status among opera fans.
The town may be small but they also put on art exhibitions, folk music, walks, and other entertainments. The local music events somewhat remind me of when I was in Andy Cusack's Avoca Singers and we used to put on summer Irish Nights for the tourists. Avoca, a little town in Wicklow, is maybe better known to British TV viewers as Ballykissangel.


Copyright (c) Systems Modelling Limited, . Reproduction allowed provided this copyright notice is included.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website