Application Design Should Prevent Chaos on Wall Street

Back in the early days of computing, when I first started doing product reviews, one of the things we always checked was basic error detection. Now, understand that this was so long ago that we had to carve our ones and zeros out of stone before we could do computing, but even then, dumb errors were common, and precautions had to be taken. So part of the testing would be to enter totally inappropriate information into data fields to see what happened.

A properly designed application simply wouldn’t allow the results of really stupid stuff to be entered. For example, a phone number field, done properly, wouldn’t let you type in “Mike” instead of numbers. Unfortunately, far too many applications in those days had no such provision for error checking, and when programs tried to use the information you’d entered, they’d fail, frequently in a spectacular manner.

Thursday’s amazing trading system error on the stock market was a lot like that. A trader made what my stockbroker called a “fat fingered mistake” and when trading shares of Procter and Gamble, accidentally put 16 billion shares on the market instead of 16 million. Other traders around the world panicked and the Dow Jones Industrial Average dropped nearly a thousand points before everyone realized it was an error, and prices bounced back. Basically, the mistyping of one key on a keyboard created economic chaos.

Now, leaving aside any question of the obvious lack of any sort of error detection at the New York Stock Exchange, and its clear vulnerability to such errors or intentional acts, think about your own data systems. Chances are you’re using the same off-the-shelf commercial applications that everyone else uses for most functions.

But chances are you also have some things that are designed just for you. It might be your website, it might be a custom application that applies to your business, or it might be a front end for an existing application. Whatever it is, it has the potential to introduce errors that can cost your business a ton of money.

So find out whether the applications you’re using have been tested rigorously for error detection. I mean more than just typing in letters for what’s supposed to be a numeric entry. Are you able to enter dollar amounts in your purchasing package that are beyond the approval level for the person involved? Are you able to enter numbers beyond the value of your entire company? Can you track exactly where those expenditures go? Have you reviewed the data to find out?

There are a lot of ways a careless employee can cause havoc in your company. There are more ways that a disgruntled employee can create a mess. While you probably can’t prevent every idiotic act, you can at least make things more likely to be caught before they do damage. Even something as simple as a message that says “Are you Sure?” when an entry is outside set parameters or exceeds a set threshold will at least prevent some of the worst fat-fingered typing errors.

But protections like those don’t happen by themselves. You have to test the applications you depend on and make sure they work, and you have to set the limits appropriately. I suspect that the trader who accidentally sold billions of shares instead of millions wouldn’t have made the error if he’d been asked to confirm his entry. You need to make sure something equally stupid doesn’t happen to you, even if you don’t have the ability to make the market tank.