News update 2006-02: February 2006
A monthly newsletter on risk management in financial services,
operational risk and user-developed software from Louise Pryor
Comments and feedback to firstname.lastname@example.org. Please tell me if
you don’t want to be quoted.
Subscribe by sending an email to news-subscribe AT louisepryor.com.
Unsubscribe by sending an email to news-unsubscribe AT
louisepryor.com. (Change ” AT ” to “@”). Newsletter archived at
In this issue:
1. The tools for the job
2. Email: is it safe?
3. Russian viruses?
5. Newsletter information
1. The tools for the job
How do you decide what tools to use? Yes, it’s possible to beat an
egg white with a knife, or loosen a screw with a nail file, but an
egg-beater or screwdriver would be a better choice. Not
surprisingly, the same goes for software. Excel is a bit like a
Swiss Army knife: you can do most things with it if necessary, but
specialist tools often work better.
This was recently demonstrated at Roll-Royce, where engineers were
asked to calculate how many times a simple pendulum hit a target
pin. Those who used Excel came up with three as the answer, while
those using specialist mathematical software came up with four
(which was the correct answer). Even using a much smaller time step
in Excel made no difference.
It’s well known that Excel’s statistical functions are less than
perfect. For a start, its functionality is limited; there are many
analyses that you just can’t do. Then there’s the issue of
accuracy: Excel doesn’t use the best available algorithms. The
values differ in the third digit and beyond. Some of the problems
are more evident in the tails of the distributions. A number of the
statistical functions use non-standard definitions. The random
number generator is not really random enough (and in one version of
Excel it actually produced negative numbers, which are definitely
outside the [0,1] range).
Microsoft has made improvements, but this means that current
versions of Excel are not consistent with earlier versions. The
same workbook will give different results depending on which Excel
version is used. Also, it is claimed that some of the fixes have
made the problem worse: “Microsoft attempted to fix errors in the
standard normal random number generator and the inverse normal
function, and in the former case actually made the problem worse.”
Some improvement can be gained by using specialist statistical
add-ins for Excel, but if you are doing any serious statistical
work you should probably consider using a specialist tool. The nail
file might do for one screw, but if you are putting a shelf up a
screwdriver is more or less indispensable. A Swiss Army knife,
although handy, can’t replace a whole toolbox.
On a somewhat related note, I’m currently chairing the GIRO working
party on software use, which is looking into what software GI
actuaries (and others) use, and how they use it. As our first step,
finding out what software is actually used, we are conducting an
online survey. So, if you work in General Insurance, as an actuary
or otherwise, we’d really appreciate if you’d help us out by
completing the survey, which is at
http://www.surveymonkey.com/s.asp?u=891841542723. There’s a prize
of a bottle of champagne for one lucky participant!
2. E-mail: is it safe?
Fifteen years ago e-mail was new and shiny and more or less unknown
in the business world. Nowadays it’s hard to imagine how businesses
could operate without it. In some ways, though, we haven’t really
got to grips with it. Those physical carbon copies, one into the
file and one into the day book, certainly meant that records of
outgoing letters were kept. Morgan Stanley must wish that life was
that easy. The firm has just made an offer of $15 million to settle
an investigation by the SEC into an alleged failure to produce
email evidence during a legal dispute. Morgan Stanley was involved
in a court case, and failed to produce e-mails and documents sought
by the opposing side’s lawyers. The regulators were concerned that
this indicated a breach of federal regulations, and began their own
investigations. Meanwhile, the judge was so annoyed that she
reversed the burden of proof in the court case, so Morgan Stanley
had to prove its innocence.
Of course we all know that the Cc: designation on an e-mail means
“Carbon copy”, and Bcc: means “Blind carbon copy”. Was it easier to
make sure that copies went to right people when actual carbon paper
was used? I suspect that mistakes happened back then, just as they
happen now. Every business day, the US Defense Department is meant
to announce contracts awarded valued at $5 million. A new employee
at the Air Force dropped the Defense Department from the e-mail
distribution list for new contracts in December. Nearly $4 billion
in contracts slipped through the net before the error was
discovered. “It’s awfully embarrassing,” said an Air Force
It turns out that not expecting an e-mail is no excuse for not
reading it. Bernuth Lines Ltd listed an e-mail address in the
Lloyd’s Maritime Directory, and on their web site. When they were
involved in an arbitration case, both the arbitrator and the other
party to the dispute sent e-mail to the listed address, even though
it had not been specifically notified to them. It appears that the
e-mails weren’t read, and may even have been deleted as spam. This
cut no ice with the judge who said that receiving an e-mail is no
different to the receipt at a company’s office of a letter or
telex. He ruled that e-mail counts as a “recognised means of
communication”. The moral of this story is pretty obvious: if you
publicise an e-mail address, for goodness sake make sure that you
read the e-mail that is delivered to it.
And, finally, having made sure that you keep copies of your
e-mails, that they go to the right people, and that you read the
ones that you receive, how effective is e-mail as a communication
medium anyway? A recent article in the Journal of Personality and
Social Psychology argues that people tend to believe that they are
much better e-mail communicators than they really are. The authors
of the article conducted five separate studies to investigate the
communication of humour, sarcasm, and other emotions. The study
found that the people tend to look to their own perspectives when
attempting to understanding messages from others. The problem is
made worse when the other parties to the communication are coming
from rather a different perspective.
E-mails are often less formal than written letters, and we may be
tempted to introduce humour or sarcasm in order to lighten the
tone. This is probably a mistake, if we want to make sure that the
intended message is getting across.
3. Russian viruses?
Stock exchanges and viruses just don’t mix. Early in February the
Russian Trading System (RTS) was infected with a virus, and trading
was suspended for an hour. The virus generated a large amount of
outgoing e-mail traffic, and disrupted legitimate e-mail, both
outgoing and incoming.
“The virus got into a computer connected to a test trading system
from the Internet,” RTS vice president Dmitry Shatsky said in a
statement. “The infected computer started generating huge volumes
of parasitic traffic, which overloaded the RTS’s support
routers. The result was that normal traffic – data going into and
out of the trading system – was not processed.”
Note that it was only a test trading system that was infected; you
have to be careful with any machine connected to the internet,
regardless of what function it is performing.
That was a virus in Russia; it was a virus from Russia, or at least
operated by Russians, that was used to steal more than 1m euros
from bank accounts in France. The virus, or “sleeper bug”, is
downloaded from a web site, or received in an email, but doesn’t do
anything until the user starts using online banking. The bug then
records passwords and security codes and forwards them to the
thieves. Yet another reason, if one were needed, to have up to date
virus and malware protection.
It appears that those Russian thieves were using old
technology. The newest malware programs on the block are Trojans
that don’t bother with your password and security details, they
just wait until you’ve done that bit for them and then access your
bank account directly. These new Trojans are programmed to work
with specific online banking web sites. Remember, just don’t click
on that unsolicited and unexpected e-mail attachment.
The BlackBerry addicts among us can sleep a bit easier for the
moment, as the possible shutdowns of service in the UK and US
look less likely to happen. RIM, the makers of the BlackBerry, had
in any case announced that there would be a work around that would
let the service continue in the event of the threatened US
injunction. It’s not over until the fat lady sings, though, and
things could still go horribly wrong for RIM and BlackBerry users.
One survey showed that 81% of asset managers questioned consider
the Blackberry service as “vital” and “critical” to their
business. Let’s hope they, and everybody else, were making suitable
contingency plans. To me, this whole saga underlines the problems
associated with relying on a proprietary technology for which there
is a single supplier. Personally, I don’t expect to have to take a
view on the likely validity or otherwise of a set of patents before
I invest in a new piece of equipment.
As so many people appear to be addicted to their BlackBerry, maybe
somebody will start making clothes with special BlackBerry
pockets. Don’t laugh too much; apparently you can now get a tie
(yes, one of those things that goes round your neck) that will hold
5. Newsletter information
This newsletter is issued approximately monthly by Louise Pryor
(http://www.louisepryor.com). Copyright (c) Louise Pryor 2006. All
rights reserved. You may distribute it in whole or in part as long
as this notice is included. To subscribe, email news-subscribe AT
louisepryor.com. To unsubscribe, email news-unsubscribe AT
louisepryor.com. All comments, feedback and other queries to
news-admin AT louisepryor.com. (Change ” AT ” to “@”). Archives at