[Senate Hearing 105-894]
[From the U.S. Government Publishing Office]
S. Hrg. 105-894
SMALL BUSINESSES TO GLOBAL CORPORATIONS:
WILL THEY SURVIVE THE YEAR 2000?
=======================================================================
HEARING
before the
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
UNITED STATES SENATE
ONE HUNDRED FIFTH CONGRESS
SECOND SESSION
on
THE EFFECT OF Y2K ON GENERAL BUSINESS--A TERM THE ENCOMPASSES THE
SPECTRUM OF AMERICAN COMMERCE RANGING FROM OVER 5 MILLION SMALL FIRMS
AT ONE END OF THE SPECTRUM TO GLOBAL CORPORATIONS AT THE OTHER END
__________
OCTOBER 7, 1998
__________
Printed for the use of the Committee
Available via the World Wide Web: http://www.access.gpo.gov/congress/
senate
_______________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office
Washington, DC 20402
U.S. GOVERNMENT PRINTING OFFICE
51-51564 cc WASHINGTON : 1999
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
[Created by S. Res. 208, 105th Cong., 2d Sess. (1998)]
ROBERT F. BENNETT, Utah, Chairman
JON KYL, Arizona CHRISTOPHER J. DODD, Connecticut,
GORDON SMITH, Oregon Vice Chairman
SUSAN M. COLLINS, Maine JEFF BINGAMAN, New Mexico
TED STEVENS, Alaska, Ex Officio DANIEL PATRICK MOYNIHAN, New York
ROBERT C. BYRD, West Virginia, Ex
Officio
Robert Cresanti, Staff Director
T.M. (Wilke) Green, Minority Staff Director
(ii)
C O N T E N T S
------
OPENING STATEMENT BY COMMITTEE MEMBERS
Robert F. Bennett, a U.S. Senator From Utah, Chairman, Special
Committee on the Year 2000 Technology Problem.................. 1
Susan M. Collins, a U.S. Senator from Maine...................... 2
Gordon Smith, a U.S. Senator from Oregon......................... 4
CHRONOLOGICAL ORDER OF WITNESSES
Laurene L. West.................................................. 6
Lou Marcoccio, Research Director, Gartner Group.................. 9
Hon. Fred P. Hochberg, Deputy Administrator, Small Business
Administration................................................. 19
William J. Dennis, Jr., Senior Research Fellow, National
Federation of Independent Business............................. 23
Rod Rodrigue, Director, Manufacturers Extension Partnership,
State of Maine................................................. 25
Harold Schild, President/CEO, Tillamook Cheese, Inc.............. 26
Dr. Charles Popper, Chief Information Officer, Merck & Co........ 32
Ronald J. Streck, President and CEO, National Wholesale
Druggists' Association......................................... 34
Keith Mallonee, Vice President, Systems Development, McKesson
Corp........................................................... 36
Richard T. Carbray, Jr., General Manager, Pelton's Pharmacy and
Home Health Centers............................................ 37
APPENDIX
Alphabetical Listing and Material Submitted
Bennett, Hon. Robert F.:
Opening statement............................................ 1
Prepared statement........................................... 45
Carbray, Richard T., Jr.:
Statement.................................................... 37
Prepared statement........................................... 46
Responses to questions submitted by Chairman Bennett......... 48
Collins, Hon. Susan M.:
Opening statement............................................ 2
Prepared statement........................................... 49
Dennis, William J., Jr.:
Statement.................................................... 23
Prepared statement........................................... 50
Responses to questions submitted by Chairman Bennett......... 66
Dodd, Hon. Christopher T.: Prepared statement.................... 67
Hochberg, Hon. Fred P.:
Statement.................................................... 19
Prepared statement........................................... 69
Responses to questions submitted by Chairman Bennett......... 81
Kyl, Hon. Jon: Prepared statement................................ 84
Mallonee, Keith:
Statement.................................................... 36
Prepared statement........................................... 84
Responses to questions submitted by Chairman Bennett......... 85
Marcoccio, Lou
Statement.................................................... 9
Prepared statement........................................... 87
Moynihan, Hon. Daniel Patrick: Prepared statement................ 100
Popper, Dr. Charles:
Statement.................................................... 32
Prepared statement........................................... 101
Responses to questions submitted by Chairman Bennett......... 103
Rodrigue, Rod:
Statement.................................................... 25
Prepared statement........................................... 104
Responses to questions submitted by Chairman Bennett......... 105
Schild, Harold:
Statement.................................................... 26
Prepared statement........................................... 107
Responses to questions submitted by Chairman Bennett......... 109
Smith, Hon. Gordon:
Opening statement............................................ 4
Prepared statement........................................... 110
Snowe, Hon. Olympia J.: Prepared statement....................... 112
Streck, Ronald J.:
Statement.................................................... 34
Prepared statement........................................... 113
Responses to questions submitted by Chairman Bennett......... 115
West, Laurene L.:
Statement.................................................... 6
Prepared statement........................................... 116
ADDITIONAL MATERIAL SUBMITTED FOR THE RECORD
Letter from NORPAC Foods, Inc., to Senator Gordon Smith, October
5, 1998, with a NORPAC Food, Inc. Action Summary attachment.... 118
Note: Responses to questions submitted by Chairman Bennett to Mr.
Lou Marcoccio were not received at the time the hearing was
published.
SMALL BUSINESSES TO GLOBAL
CORPORATIONS: WILL THEY SURVIVE
THE YEAR 2000?
----------
WEDNESDAY, OCTOBER 7, 1998
U.S. Senate,
Special Committee on the Year 2000
Technology Problem,
Washington, DC.
The committee met, pursuant to notice, at 9:30 a.m., in
room SD-192, Dirksen Senate Office Building, Hon. Robert F.
Bennett (chairman of the committee), presiding.
Present: Senators Bennett, Smith, and Collins.
OPENING STATEMENT OF HON. ROBERT F. BENNETT, A U.S. SENATOR
FROM UTAH, CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 2000
TECHNOLOGY PROBLEM
Chairman Bennett. The committee will come to order. I have
just received word that we have two stacked roll call votes
scheduled starting at 10 o'clock. I have said before, somewhat
facetiously, the Senate gets in the way of the work of the
Senate from time to time. We apologize in advance to our
witnesses for the disruption that might come as senators will
have to leave to go to the floor to cast these votes; we are
very grateful to all of the witnesses for their coming and
being with us today at this hearing on the general business
sector.
This is the committee's ninth and final hearing this year,
and in every one of our hearings we have strived to increase
awareness and disseminate reliable preparedness information as
well as facilitate solutions. I believe we have done that. In
spite of the efforts of the committee, however, recent polls
say that only 30 percent of Americans have even heard of the
Year 2000 problem and that is a little disquieting. There are
now 450 days between us and the new century so that the work of
this committee and everyone connected with this problem becomes
more urgent with each passing day.
Now we have gone through the top priorities that the
committee laid out at the outset starting with the power grid
going through telecommunications and so on. So we come to
general business activity and just because it comes after some
of these other vital infrastructure priorities does not mean
that it cannot have a major impact on what happens in the Year
2000. ``General business'' is the term that encompasses the
spectrum of American commerce from over 5 million small firms
at one end to global corporations at the other end. Every one
of these companies in one way or another faces a Year 2000
challenge--from the PC on which you keep your books all the way
up through the systems that automate offices, credit card point
of sale systems, and just in time inventory systems.
One of today's witnesses will warn us that over 700,000
small firms are at risk of closing their doors or being
severely crippled by Year 2000 problems. So the awareness
challenge that we have taken on this committee is still very
necessary. Now global corporations face complex problems
because of their dependence on thousands of suppliers,
distributors, and frankly customers; a customer can have a
problem that can kick back into your corporation in a variety
of ways. These problems are both domestic and international.
Businesses must be concerned not only about Y2K readiness of
their partners but the infrastructure of the companies in which
they reside. Perhaps in next year's hearings I will focus more
on international problems and move in that direction.
Today, the Gartner Group is releasing some alarming new
research data which shows that 66 percent of the companies in
critical industries such as health care and food processing
will likely experience at least one mission critical systems
failure. In addition, 50 percent of the companies in critical
trading partner countries such as Germany, Japan, Saudi Arabia,
and Venezuela will experience similar failures, and if these
predictions are correct and nothing is done in the 450 days
remaining, Y2K could deliver a devastating blow to an already
troubled global economy.
If I sound overly serious, it is not because I am grabbing
for the headlines but because I am hoping to reach people who
are currently unaware of where they are. It reminds me of a
paraphrase from the poem by Rudyard Kipling: If you can keep
your head when all around you are losing theirs, you do not
understand the situation. [Laughter.]
[The prepared statement of Chairman Bennett can be found in
the appendix:]
Chairman Bennett. Now, before we hear from our witnesses I
would like to recognize Senator Collins for any opening
statement that she might have. I would also comment that her
colleague Senator Olympia Snowe, who has been part of this
effort even though she is not a member of this committee, has a
statement that she would like included in this record. She has
held a number of hearings around the State of Maine on small
business issues and so it is appropriate that her contribution
to the committee would be included.
[The prepared statement of Senator Snowe can be found in
the appendix.:]
Chairman Bennett. Senator Collins.
OPENING STATEMENT OF HON. SUSAN M. COLLINS, A U.S. SENATOR FROM
MAINE
Senator Collins. Thank you very much, Mr. Chairman. I want
to first thank you for your continued leadership on this
critical issue. Over the past 4 months, this committee has
examined vital areas of our country's technological
infrastructure. We started in June with our utilities hearing,
and since that time the committee has focused on
telecommunications, banking and finance, transportation, and
most recently emergency preparedness. But of all the hearings
that we have held, today's hearing with its focus on Y2K's
impact on business, especially the impact on small business,
might well be our most important endeavor to date.
Our Nation's 23 million small businesses create 2 out of
every 3 new jobs, represent over 90 percent of all employers,
and are responsible for more than half of our nation's
technological innovation. In my home State of Maine, they are
truly the backbone of our economy. While we have received
assurances of other industry sectors' preparedness for Y2K,
there is considerable concern about the small business sector.
Many small businesses are having difficulty in determining how
they will be affected by Y2K and what they should do about it.
Many of them face not only technological but also financial
challenges in becoming Y2K compliant. Most of all, they simply
need practical information about what to do.
The good news is that information resources are available
for small businesses to assist them in figuring out what to do.
In fact, I look forward to welcoming two people who know how to
help small businesses and are working everyday to tackle the
Y2K problem. First, I want to welcome Fred Hochberg, the Deputy
Administrator of the SBA, an organization with which I am very
familiar because I served at one point as the New England
administrator of the SBA. The SBA joined Senator Snowe, as the
chairman has mentioned, in Maine in August to roll out the
agency's ``Are You Y2K OK?'' program which encourages small
businesses throughout the country to identify potential Y2K
problems, take action on them, and stay informed about new
developments. This is an excellent outreach program and I want
to commend SBA for its leadership role on Y2K.
I also am especially proud to welcome Rod Rodrigue from
Maine. I had the opportunity to meet with Rod last month in my
office and was impressed by the tremendous amount of knowledge
and energy he brings to this issue. Thanks to his leadership,
the Maine Manufacturing Extension Partnership has taken the
initiative in my State in reaching out to small businesses to
help them cope with the Y2K challenge.
The Maine Manufacturing Extension Partnership uses a
diagnostic software tool to assist businesses in identifying
specific Y2K problem areas and then provides a road map for
businesses to find further information to help them with the
Y2K remediation process including links to SBA loans if
necessary. I believe that Congress should take a very close
look at this model which is funded through the National
Institute of Standards and Technology as well as the Department
of Commerce.
Mr. Chairman, by their very definition, entrepreneurs are
risk managers. In the years that I have been working with small
businesses and based on my own family's 150 years of continuous
operation as a small business, I am very aware of the countless
experiences where the entrepreneurial spirit has propelled
small business owners to overcome major obstacles to succeed.
While we hear about the reasons for concern about small
businesses and their ability to cope with Y2K in today's
hearing, we should not lose sight of their amazing and
continual ability to adapt to changed circumstances. Coupled
with tools and resources from organizations like the SBA and
the Maine MEP, it is my expectation that small businesses will,
in fact, succeed in solving the Y2K problem. I look forward to
learning more from today's witnesses about how the Federal
Government can assist them in meeting this goal. Thank you, Mr.
Chairman.
[The prepared statement of Senator Collins can be found in
the appendix.]
Chairman Bennett. Thank you very much. We have divided up
the responsibilities in the committee according to the seven
priorities that we outlined and the seven members of the
committee. Senator Smith, who is himself a small businessman--
actually his business has grown quite large, has led the
committee on this issue. [Laughter.]
During my first campaign, I was accused of being a big
businessman, and I said, well, I did not start out that way.
[Laughter.]
But I am not going to give it back. This particular
assignment of dealing with general business Y2K problems has
been given to Senator Smith and he has responded very well and
we appreciate his leadership and help on this. Senator Smith.
OPENING STATEMENT OF HON. GORDON SMITH, A U.S. SENATOR FROM
OREGON
Senator Smith. Thank you, Mr. Chairman. I appreciate being
able to work with you and the excellent leadership you have
given in addressing this Y2K problem. I also want to thank our
distinguished witnesses who are with us today for taking time
to help us address the challenges facing the entire business
sector at both the large and small ends of the scale.
With American business today becoming more and more
dependent on technology, I hope this hearing will be a stepping
stone for all small businesses to inch closer to full
preparedness for the Year 2000. Those most at risk for the Y2K
failures are small and medium-sized companies, not their larger
counterparts. Many small companies have not yet realized the
extent to which the Y2K computer problem will affect their
businesses and may not have access to capital to cure such
problems before the Y2K issue causes them disastrous effects.
This is why it is so important for the Federal Government
to both raise awareness of the problem as well as find emerging
solutions. In my former life, as the chairman mentioned, I was
a food processor. I called myself a pea picker from Pendleton,
OR and owned a small frozen food processing plant. I can assure
you that any interruption within the farm to fork chain can
result not only in direct loss to those who supply food but
will likely translate into food shortages and price increases
nationwide.
As with many businesses, food suppliers are increasingly
dependent on computerized processing and information exchange.
For example, farmers and ranchers use electronically equipped
irrigation systems, animal systems and transport systems. Food
processors rely on automated systems that help prepare and
package consumer ready products. Distributors, wholesalers, and
retailers depend on computer-driven equipment to transport,
deliver, store, display, and sell food products. Inventory and
accounting systems, harvesting equipment, grain elevators,
refrigeration and security systems all depend on the
computations of computers. Mr. Chairman, I know that there was
some difficulty in getting some of our larger retailers and
food processes to participate today, but I am happy to report
that we will hear from a representative of one of Oregon's food
companies and they have been working very hard on the Y2K
issue.
I am proud to introduce Harold Schild, the president and
CEO of Tillamook County Creamery, who is one of our witnesses
today from Tillamook, OR. If you all have not tried Tillamook
cheese and ice cream, it is the best in the world. No offense
meant to any of my Wisconsin colleagues.
Chairman Bennett. We will take you to Cash Valley.
[Laughter.]
Senator Smith. I look forward to hearing Mr. Schild's
testimony to address the real problems with which typical small
business is confronted and specifically the food industry in
its approaches to addressing the Y2K problem. Another company
from Oregon, Norpac Foods, has also been leading the effort in
addressing the Y2K problem in the frozen food business. While
their representative is not here today, Mr. Chairman, they have
provided a statement that is very helpful and insightful, and I
ask that that be included in the record.
Chairman Bennett. Without objection.
[The prepared statement of Norpac Foods can be found in the
appendix.]
Senator Smith. I am also pleased that the Deputy
Administrator of the Small Business Administration, Mr. Fred
Hochberg, is here before us today. The SBA has been one of the
leading Federal agencies actively raising public awareness for
Year 2000, and I would like to commend the agency for its
aggressive outreach programs to small business. I know my
constituents in Oregon have found the SBA website a very useful
and informative tool.
Mr. Hochberg, I am interested in your opinion regarding the
recent legislation passed by the Senate Small Business
Committee that requires SBA to establish a Y2K loan program. I
understand this loan program would establish a new short-term
loan program under which the SBA would guarantee up to 50
percent of the value of private sector loans up to a total loan
value of $50,000 for small businesses to become Y2K compliant.
So your views on that I am interested in. If you or any of the
witnesses can testify on the impact this legislation will have,
it will be helpful to all small business.
As we work toward addressing the Y2K problem, let us not
forget that many of our international neighbors are still very
far behind. We need to continue to encourage foreign countries
to focus on the impacts of Y2K since it could potentially shut
down an entire country. With this in mind, I look forward to
hearing more specifics on Y2K challenges facing our small
businesses and our global corporations and, Mr. Chairman, I
thank you.
[The prepared statement of Senator Smith can be found in
the appendix.]
Chairman Bennett. Thank you very much. Now, before we get
into the subject of today's hearing specifically, I would like
the members of the committee to meet one of my constituents,
Laurene West, who is a registered nurse from Salt Lake City,
UT. Her special medical circumstances graphically demonstrate
that the Y2K problem is not just a technological problem or a
business problem, but can be a very personal one. This very
capable and articulate woman is living proof that the Y2K
problem has potential to take a very serious toll. And she has
courageously agreed to share her story with us. So I would ask
her to come forward and be our first witness this morning. Even
though it is not specifically on the issue of small business, I
think you will find it very worthwhile. Ms. West, we welcome
you and again we thank you for your willingness to share what
must be a very difficult personal odyssey with us, but I think
the committee and those who are watching on television and
elsewhere will be greatly benefitted by your willingness to do
this and we are grateful to you.
STATEMENT OF LAURENE L. WEST
Ms. West. Thank you, Senator Bennett. Can you hear me?
Chairman Bennett. Yes. If you could get a little closer to
the microphone. These microphones are not going to be
threatened by Y2K problems. [Laughter.]
They are low enough tech and old enough that they are not a
problem. So if you could get it as close to you as you can, we
would appreciate it.
Ms. West. Thank you. I appreciate the invitation to present
to you my concerns and my health history. Seated before you
this morning, I probably give the impression that I am good
health. I am not. Without a daily supply of medication and a
coordinated community effort on the part of the health care
community, I will be a casualty of the Year 2000; I will die.
I had a tumor removed from the center of my brain, and I
now require daily medication to prevent the tumor from
returning. Additionally, when I had the first of 13 surgeries
on my head, I acquired a staph infection which now requires--
the infection that I have in my head is not sensitive to any
known oral antibiotic. Therefore, I am dependent on a continual
supply of IV antibiotics. I am a registered nurse. For 20 years
I worked in critical care settings of acute care facilities,
and for the last 14 years I have worked with developing and
implementing medical information systems. I share that with you
so that you know or that you understand that I know health
care. I know it from being a clinician. I know health care also
from being a recipient of care and I know how the Year 2000
will affect health care.
My message today is twofold. First as a clinician, we have
all heard the media reports about what the Year 2000 will do to
the power grid, national security, air traffic. All hospitals
are at risk if we do not have power, but I can bring an army of
clinicians into any facility and keep patients alive basically
by doing CPR, but I cannot keep patients alive if I do not have
a continual supply of their medications.
My second message is that all Americans will be affected by
a disruption in the supply and distribution of medications,
particularly those of us who are alive only because on a daily
basis, I take drugs to keep my tumor from growing and to keep
the infection in my head from spreading. And what I find
amazing is that my medication requirements are minimal compared
to those of diabetics, transplant patients, patients with
implantable devices, patients who have hypertension, who have
cardiac difficulties. Those people have no time if they do not
have access to their medications.
We need to begin immediately to create a public awareness
program. We need to teach the people of our country what they
can do to prepare. AARP needs to know. They need to talk to
their membership and let those people know that they are going
to have a store of their medications. They need to stockpile
their medications. An informed and educated public will be less
likely to panic, but we will have panic if we have people out
there who think that they cannot get access to their
medications, many of which are controlled substances.
All medication dependent Americans are looking to you for
help in mobilizing national resources to help us survive. I
will be happy to help in any way that I possibly can. Let us
work with the RX2000 Solution Institute, the American Medical
Association, the American Nurses Association, Department of
Insurance, AARP, International Red Cross, any other Federal
resources that we have, to prepare a coordinated national
preparedness program so that the Year 2000 does not cause
unacceptable deaths.
We may need legislation allowing a one-time exclusion for
either Medicare, Medicaid or any other health plan to allow
patients to get a 90 day supply of their medications at the end
of 1999 instead of just a 30 day supply. We would then need to
come up with a creative process to distribute and store
controlled substances and radioactive isotopes. We need to work
with the CDC, the Centers for Disease Control, to prevent
global epidemics from the lack of antibiotics and
immunizations.
We should compose a national patient advocacy council to
monitor Year 2000 efforts within all health care organizations
and provide patients and health care providers a media where
they can turn, where they can look for help, where they can get
answers. And if worst case scenarios occur and health care is
rationed, the public needs to know which diagnoses and which
procedures will be covered.
Thus far, most health care organizations are taking the
position that they can reduce their liability exposure by
minimizing their due diligence and their education. That may be
politically correct and legally correct, but I do not consider
that to be ethical. If we do not teach the patients what they
need to do, we will die. There is no harm in overreacting to
this issue. There is harm if we do not react.
I am willing to do whatever I can to help in any way to
save as many lives including my own as possible. And my story
is not unique. There are millions of people who are at greater
risk than myself who need your help. And for them and for
myself I am asking for your help. Thank you.
[The prepared statement of Ms. West can be found in the
appendix.]
Chairman Bennett. Thank you. May I ask you a question or
two? It is my understanding that your medication is
sufficiently unusual that you require a very careful
calibration that involves medical devices that are something
other than just pills sitting on a shelf; is that true?
Ms. West. To keep my tumor from regrowth, there is an oral
medication that I take. My risk is with infection and in order
to receive the IV antibiotics, those are at such a high
concentration that in order to receive those, I have a catheter
that is inserted into the antecubital vein of my arm and then
threaded up into the superior vena cava of my heart, and you
can only do that under sterile circumstances.
Chairman Bennett. But the calculation of the dosage
requires devices----
Ms. West. That is correct.
Chairman Bennett [continuing]. Which could fail because of
Y2K?
Ms. West. That is correct.
Chairman Bennett. I wanted to make that clear so that
everybody understood it is not just a matter in your case of
stockpiling 90 days worth of pills. The device that controls
this daily injection must be absolutely on in terms of its
calibration and its accuracy or you would not survive a couple
of days. Is that----
Ms. West. That is correct.
Chairman Bennett. I do not mean to overdramatize it, but
your delivery seemed a little cool, and I wanted everybody to
understand exactly how serious the calibration issue is in your
case and how vulnerable you are to a Y2K failure.
Ms. West. And there are patients who are at much greater
risk than myself such as transplant patients and insulin
dependent diabetics. They have less time than I have and the
calibration for their medication also comes from a device with
a microprocessor and in many cases those medications cannot be
stored. The medication that I take for my tumor, I can store 6
months worth of that and then I rotate through that. The IV
medication that I take for the infection in my head, I cannot
store that for more than 2 weeks.
Chairman Bennett. Thank you for that clarification. Do any
other members of the committee have questions?
Senator Collins. I just want to thank you, Ms. West, for
coming forward and sharing your personal experience. The fact
that you have been both a clinician and a patient gives you an
unusual insight to share with the committee. I wish you the
best of everything and I really appreciate your taking this
good out of your very difficult experience.
Ms. West. Thank you.
Senator Smith. I would just simply second that. Thank you
for being here and others will benefit because you have shared
your story.
Ms. West. Thank you.
Chairman Bennett. Thank you. You have helped us dramatize
in a positive and I think worthwhile way the challenge of this.
We were in a hospital yesterday, Senator Dodd and I, and some
people connected with the health care industry have said to us
this is not a patient care problem, this is just a computer
problem where our billing system is at risk. We did our very
best yesterday to make it abundantly clear this is first and
foremost a patient care problem. Your being here today and your
willingness to share your experience with us has helped to
dramatize that for any who still have not got the message.
Ms. West. Can I make one more statement?
Chairman Bennett. Surely.
Ms. West. I am astonished that physicians, many physicians,
and many hospitals are considering this to be an IT problem
only. And at this point, there is not time for a complete
electronic fix. Their only alternative is for physical
contingency plans working closely with pharmaceutical
companies, closely with biomedical device manufacturers, to
make sure that there is a continual supply or we will have
large scale mortality rates in the Year 2000.
Chairman Bennett. Our third panel will consist of a number
of pharmaceutical companies. I know their representatives are
in the room; that is one of the reasons why we asked you to be
our first witness so they could hear this directly from you.
Thank you again for coming and for sharing this with us.
All right. We will now start with Lou Marcoccio from the
Gartner Group, and he will set the scene for the hearing. His
research is based on a network of some 15,000 companies in 26
vertical industries in 87 countries. He will share the results
of Gartner's research into the impact of the Year 2000 problem
on small, medium, and large companies and the relative Y2K
preparedness of industry sectors within the United States. And
he will also give us an update of the Y2K status of other
countries closely connected with the U.S. economy. If Ms. West
gave us a laser beam micro-view of the Y2K impact on one
individual, Mr. Marcoccio will give us the macro view. In some
cases, it is almost as scary. Have I pronounced your name
correctly, sir?
Mr. Marcoccio. Yes, you have, Senator, yes.
Chairman Bennett. OK. Fine. We welcome you here and I
apologize in advance when the buzzer goes off. We will do our
best to run over and vote and get back as quickly as we can,
but we will get started.
STATEMENT OF LOU MARCOCCIO, RESEARCH DIRECTOR, GARTNER GROUP
Mr. Marcoccio. OK. Great. First of all, thank you, Mr.
Chairman and members of the committee, for having me here this
morning to share this information with you and this important
research that we have been working on and pulled together in
regard to the scope and status and risks in regard to Year 2000
throughout key industries and throughout the world.
In developing our research at Gartner Group for those who
do not know, I would just like to make a comment here that we
do our research in several ways. We have tens of thousands of
clients throughout the world that we work with everyday in all
industries throughout most countries of the world. We also do
surveying of very large numbers as, Senator, you mentioned, of
15,000 companies in 87 countries including the country
governments and their agencies as well as far as status and
specific risks related to those specific companies and
government agencies.
One of the things that we find is that first of all
throughout 1998, there has actually been tremendous progress
and, in fact, in 1997, in calendar year 1997, about 5 percent
of information technology budgets were spent on average on the
Year 2000 problem and on Year 2000 projects. In calendar year
1998, that has increased by six times, and during calendar year
1998 the companies that have started and government agencies
that have started on this problem are spending an average of 30
percent of their information technology budgets. Unfortunately,
we have not seen as much of an expansion in other areas outside
the IT area. We see now about 30 percent of companies that had
previously started on Year 2000 in calendar year 1997 have
expanded these efforts into other areas of business, areas of
contingency and other areas of integration and interoperability
between themselves, other countries, other facilities and so
forth throughout the world.
What we find in our information--basically we do our
surveys, we do our measurement of companies and governments
through a method that we call COMPARE. It has five levels I
would just like to briefly mention so that you understand when
I go through the actual status. These five levels include level
I being companies that are basically just getting started. They
are doing awareness. They are getting people or a champion to
head up the activity within a company, and they are starting to
do their inventorying of both their IT systems and also their
key business processes as well.
In level II is where these companies basically complete
detailed inventories of their business dependencies and the
remainder of their IT components, embedded systems and other
things that they at least can get their arms around and
identify, which in many cases is a difficult task in itself.
In level III these companies actually get detailed program
plans put together, project plans, they get the resources
identified, committed and in place, and they start doing the
work as far as actually getting systems remediated and fixed
and also doing a great deal of work as far as identifying
dependencies and risks with vendors, supply chain vendors and
other business dependencies. In level III, they also get 20
percent of what they identify as their mission critical systems
fixed, tested and back into production environments within
their companies.
In level IV, they get the remaining 80 percent of those
mission critical solutions fixed and back into production as
well as completing a detailed risk assessment and development
of contingencies and alternatives in order to lower the risks
enough in order not to have major business interruptions.
In level V, they basically complete whatever else they have
time to complete outside of mission criticality as well as
putting procedures and policies in place to ensure that they do
not bring in infected systems or other business processes after
they get their systems fixed. So those are basically the five
levels.
First of all, I would like to identify status associated
with size. When we look at all companies and all government
agencies throughout the world, we identify size in three
categories. First of all, small is under 2,000 employees. We do
have some subcategories as far as extent of size in the small
category, but we identify small as under 2,000 employees.
Medium or mid-size is 2,000 to 20,000 employees. And large is
over 20,000 employees.
What we find at the present time this quarter--in fact, as
of just a couple weeks ago in our latest status survey--we find
that small companies throughout the world in this under 2,000
employee category are anywhere from not started at all up to
approximately the end of level II, which means that they have
gotten some great extent of their inventory completed. That is
the range throughout the world as far as small companies.
The mid-size companies run the range from between being
about halfway through their inventory activities up to and
including having as much as ten to 20 percent of their internal
systems fixed and have started testing. So it is a pretty wide
range on the mid-size companies as well. And the large
companies, over 20,000 employees, run the range from the end of
level II, which means that they have basically nearly completed
their thorough inventory of business processes as well as their
internal IT systems, all the way up to having as much as 70 to
80 percent of their internal systems fully remediated and are
well into the test phase.
Now, this means if we were to look at actual timeframes, we
find that it takes--and this is a pretty important fact to us--
it takes an average of 30 months for a mid-size company or
government agency to complete their systems, mission critical
systems, that they identify as mission critical. That means
that unfortunately it takes about 6 months under 3 years to get
that kind of activity completed. That is from the time they
start to the time they get their mission critical systems made
compliant or at least remediated, fixed, and back into
production.
Now that means that small companies, the difference between
small companies and mid-size companies right now runs between--
well, it is about 1\1/2\ to 2 years difference between medium
to large companies. So large companies are way out ahead of, of
course, small and mid-size companies overall throughout the
world. It is a 1\1/2\ to 2 year difference between mid-size to
large. And right now it is running 2\1/2\ to 3 years between
small to large companies. So large companies are considerably
out in front throughout the world and especially here in the
United States.
Now, 23 percent of all companies throughout the world of
all sizes, all industries, have not started as of yet on any
Year 2000 activities or efforts; 83 percent of that 23 percent
are small companies. That is what we categorize as small
companies throughout the world.
So understanding that by size, let us now take a look by
industry. According to our latest survey, we find that the
three industries that are farthest out ahead are insurance,
investment services, and banking. I think we are all somewhat
familiar with the reasons why those industries are somewhat
ahead. Basically, their mission critical systems were a lot
more obvious up front or early on. In some cases these are the
industries that are most regulated, and in some cases we have
situations where these industries actually experienced failures
starting quite awhile ago. In fact, banks had failures in
regard to processing 30 year mortgages back in 1970 and so
forth. So these are the industries that are farthest head.
Chairman Bennett. They are also the industries that come
under the purview of the Senate Banking Committee where Senator
Dodd and I got started on this. In an election year where we
are both up, we cannot fail but to take note of that.
[Laughter.]
Mr. Marcoccio. So looking at this same chart, you can see
that some of the industries that are farthest behind
unfortunately are like education, health care, especially
health care as far as hospitals and elderly care facilities.
The oil industry is surprisingly behind in these activities.
Industries like semi-conductor, food processing and
agriculture, farming, construction industry, all of these
industries are dangerously behind and if you look at our 30
month timeframe that it takes to get mission critical solutions
compliant, they are dangerously behind in this situation.
Senator Smith. Mr. Chairman, I notice that the lawyers are
dangerously behind. Does that mean that business can sue their
lawyers? [Laughter.]
Chairman Bennett. I am sure some lawyers will figure out a
way to sue other lawyers.
Mr. Marcoccio. Yes. And we separated medical practices out
of health care because we found such a stark difference.
Medical practices in general are extremely behind on this
activity. We find a very small percentage have actually started
any activity whatsoever in addressing the problem.
Next slide. The next item has to do with--excuse me. I am
sorry. We are out of sync. We need to go back. There we go.
Yes. OK. The next slide here we have categorized basically all
of the industries and what we have been doing is we have
actually been following failures for some time. We have put
analyses together associated with being able to calculate
predictions related to status, related to history of failures
that have occurred in those industries and in those size
companies, and we have been able to analyze and come up with a
prediction associated with these four categories of industries.
As you can, the industries that are farthest ahead in
category 1, we have now predicted that 15 percent of all
companies in those industries will experience at least one
mission critical system failure. The industries that are in
category 2, 33 percent, or approximately one-third, of those
companies in those industries will experience at least one
mission critical system failure. And, of course, a mission
critical failure means that a business interruption is likely
to occur. It could affect revenue and will likely affect the
continued operation of that business.
The category 3, one half of all companies in those
industries throughout the world will experience at least one
significant mission critical system failure. And in our last
category, which is extremely severe, we will have two-thirds of
all companies in that category will experience at least one
significant mission critical system failure. So these are
clearly the industries that are at most risk and we have gone
through subcategorizations in these areas to identify risks of
various severity within these industries as well.
The next item I would like to share is associated with
status of countries--go on to the next major slide--the
status--it is another one like that one. The status of
countries we have been able to identify associated with where
they stand and basically as you can clearly see the United
States is definitely farthest out front when we include all
sizes, all industries of companies throughout, and government
agencies at both the Federal, State and local level. You can
see the United States is clearly out in front. We have other
countries that are just slightly behind like Holland, Belgium,
Sweden; several of the western European countries are just
slightly behind the United States.
Now when we look at countries that are farthest behind, you
can see that we have an anomaly in Western Europe where we have
Germany very far behind. Germany has had a major focus on a new
monetary euro system. They have also been a major driver of
that strategy and in order not to lose focus on that activity
or actually lose focus on the activity, they have actually put
very little effort up until now associated with the Year 2000.
It has only been as of late that many industries and companies
in Germany are now starting to figure out that they need to
address the problem and now they are scrambling to figure out
how they can get moving as quickly as possible. We also have
countries like Japan that are relatively far behind.
Next slide, please. Now we have taken the countries as well
and categorized them in four categories. And as you can see, we
have been able to predict the percent of companies in each of
these categories as far as how many companies will experience
at least one significant mission critical system failure, and
you can see the countries in category 1 where we will have 15
percent of those companies--and again, this is all sizes, all
industries--will experience at least one significant mission
critical system failure. These include countries like
Australia, Belgium, Bermuda, Canada, Denmark, Holland and so
forth.
The countries that are in category 2 where companies in
those countries, 33 percent of them, will experience a
significant mission critical system failure, and these include
countries that many of our companies are well entrenched with.
There is an awful lot of dependency on. Many are addressing
markets in these countries to a great extent. Countries like
Brazil, Chile, Finland, France, Hungary and so on.
In category 3, 50 percent of companies and government
agencies in those countries will experience a significant
mission critical system failure. And, of course, in category 4
we are talking about two-thirds will experience the same. So
you can see the probability and the extent of the problem here;
the seriousness of the problem within these countries is
extreme. We find in countries like Afghanistan, Bahrain,
Bangladesh, Cambodia, Chad, China and so on and so forth, we
have, first of all, very little effort going on at the
government level within these countries, either local, regional
or federal. And we also find that most of these industries are
way behind, many of them not even started in many of these
countries.
What we have done is we have taken our detailed information
down at the next two or three levels beyond this, this
research, and we have been following not only failures but the
extreme details of this status, and we have put together now an
analysis, analytical analysis, associated with our predictions
related to the infrastructures within these countries and what
some of the likely outcomes will be. Now if we take those four
categories of the countries down at this lower, bottom slide on
the floor here, you can see they have been categorized across
the top of this slide, and as you can see, in category 1, which
the United States would be in, we have identified a situation
such that we will have isolated and minor problems related to
power loss. We do not see at this point in time serious or
severe power loss especially across or broad-based across the
United States. We see that we will have some problems. There
will be some interruptions, especially down within community
power companies, very small facilities and so forth, and we
have categorized those as isolated and minor.
Same thing with telephone operations. Isolated and minor
issues. As you can see, if were to go across to the last
category of countries that are in the most severe condition,
when we talk about power loss, they will experience a
widespread and moderate. And these categories down at the
bottom--by the way, when I say widespread, I am talking about
the distribution of the failure and the problem throughout the
entire country--and then the second item is associated with the
severity. So we are talking about widespread and moderate
situations as far as power loss, as far as telephone operations
and interruptions.
And when we get to government services within those
countries, we are talking about a situation where we have
widespread distribution and extremely severe severity issues.
The governments in many of these countries have not started any
activity whatsoever in some cases. If they have started, they
are way behind.
Next slide, please. So if we look at failures that are
likely in each of these cases associated with these countries,
associated with these industries, if we look at failures
overall, what we find in our research also--and also by
following the history of these failures so far--we find that a
failure, any mission critical failure will cost anywhere from
in a smaller company as little as $20,000, which could be
extreme to some small businesses, up to $3.5 million to get
themselves back operating associated with a mission critical
failure. This is the range of what it will cost by failure.
Also, a key point here is that failures overall, when we
talk about all these failures that will occur, 10 percent of
them we are predicting will last 3 days or longer. It is likely
that a small percentage will last more than 3 days, but we know
that, and we can predict that 10 percent will last 3 days or
longer.
Chairman Bennett. Is that in the United States?
Mr. Marcoccio. That is overall, worldwide across all
industries all countries. In the United States, we have also
calculated and find that, yes, that holds true in the United
States as well.
Next slide. Now another point I would like to bring up is
one of the things that I hear all the time in working with many
companies, in fact doing conferences and talking with clients
throughout the world and many country governments, there is
still a misnomer out there. You were talking about awareness
earlier, Mr. Chairman. The misnomer is that many people think
that Year 2000 failures will occur at the strike of midnight
January 1, 2000, and that that is our only fear and our only
threat. That is absolutely not the case. In fact, we are
talking about at the actual millennium rollover, the failures
that are likely to occur are related to the embedded chip
failures that are likely to occur or happen.
We do find in our research, by the way, that the number of
embedded chips, and we have been working with many engineering
organizations, manufacturers of chips, and manufacturers of
many types of equipment, we do find that a small percentage of
embedded chips, a very small percentage, will fail in total. I
have seen numbers publicized about 30 billion chips that we
have, embedded chips throughout the world, and I have seen
numbers of 10 or 20 percent that are likely to fail. Our
research does not show those numbers. In fact, our research
shows that embedded micro-controllers, we are talking about 1
in 100,000 as far as failing.
Now, unfortunately, that 1 in 100,000 may be running a very
critical operation as far as power operation or life support
system or whatever. So, of course, they have to be researched
and evaluated and analyzed. But the number of actual failures
we are going to see from embedded systems or embedded chips
will be very small in number. But the embedded chips that do
fail, however, most of them will fail at the strike of
midnight, January 1, 2000. That is the way they are engineered,
designed. In fact, they are engineered to monitor 8 second
intervals, and within 8 seconds of that strike at midnight,
those embedded chips will fail. The majority will fail.
However, when we look at computer systems throughout the
world that are likely to have failures, those failures, of
course, have been occurring already in low volumes for some
time, through the 1970's, 1980's and so forth, and, in fact,
throughout 1997 and 1998, we have had quite a few failures. The
volume has gone up somewhat in regard to material resource
planning systems, in regard to many devices or systems that are
used to forecast information, quarterly or yearly forecasts,
especially 2 or 3 year forecast information.
So in 1998, we have been seeing failures occurring. In
1999, we are expecting that the volume will go up considerably.
Most companies are going to be entering their fiscal 2000 as
far as their business fiscal years, and we also have many other
attributes that will cause the volume to go up considerably in
1999. We will see failures go up dramatically in the Year 2000,
but they are not going to just peak and drop quickly when we
hit 2000. These failures will occur at a fairly consistent rate
throughout the entire year of 2000. We have many transactions
in many of these systems that do not occur at the strike of
midnight. They occur either the next quarter or within the next
segments of business throughout the entire year. And this will
continue in 2001 at a reduced rate, 2002, so we are talking
about a 3 to 4 year period of considerable number of likely
failures.
Chairman Bennett. I have to interrupt you here. I need to
get over to the vote and we will return as quickly as we can.
This is fascinating stuff and I have some questions for you,
but I apologize. The committee will stand in recess.
[Recess.]
Chairman Bennett. The committee will come to order. OK. Mr.
Marcoccio, again my apologies for the interruption. We are back
to your last chart, as I understand it.
Mr. Marcoccio. OK. Great. Well, my point on that last chart
was, of course, that the failures will occur over a 3 or 4 year
period as opposed to a single point in time and when we look at
risks and we talk about potential effects, global effects,
economic effects and so forth, we really need to be thinking
about that entire spectrum or period of time as opposed to one
point in time.
And my last comment that I wanted to make basically is
associated with the potential risks to the United States
specifically. From a domestic perspective, the risks that we
have identified or highlighted as being most important are the
interruptions or failures due to interdependencies and
interconnections between companies and countries and we feel
that can produce a considerable negative impact. Second, of
course, the IT systems in critical industries that will not be
fixed in time because many of these companies just will not
have time because of the 30 month factor and the amount of time
it takes to get mission critical systems completed. And then
there are several other risks, of course, that I have in my
testimony, but from a foreign perspective, the foreign business
interruptions which would impact, too, many U.S. companies, of
course, from a dependency perspective--foreign security issues
ignited by things like unrest or severe economic issues. Many
of these countries, of course, that I had in that fourth
category, we are talking about the likelihood for significant
impact to their basic infrastructure.
So things like foreign security, national security, as well
as unrest in those countries, is very likely in our estimation.
Key foreign government agencies will experience significant
failures and therefore the interrelationships between our
government agencies, militaries and so forth are also highly
critical.
And this last point is associated with our recommendations
to the committee. I guess the most primary recommendation would
be to identify either a specific Federal agency or group that
exists today to manage and coordinate the global impact of Year
2000. We think this is of ultimate importance. Of course, all
the other issues and items that are being dealt with within the
committee we feel are important as well, but we feel it needs a
major focus as far as addressing the global impact issue.
And the second recommendation is associated with the
Security and Exchange Commission, and I know, Mr. Chairman, I
think you have done some great work in trying to drive the
issue of disclosure throughout the United States as far as
publicly held companies. We find in our research, however, that
there is a vast amount of difference between what has actually
been disclosed thus far and the actual status within the
majority of companies, even here in the United States.
We do find that a lot more as far as numbers of companies
do intend to at least make or fill or provide their disclosure
statements in this next quarter, related to some contingency
work and so forth, but we still find, even with the work that
is being done today, a considerable difference in reality
versus this extreme optimism. We would strongly recommend that
a policy be adopted where either the SEC or another independent
agency or company actually provide a set of random audits
associated with these companies. As we all know, this process
works at least relatively well as far as our IRS and our tax
returns, and we feel that that is definitely necessary in order
to get these disclosures much more accurately implemented.
And last, the recommendation I would like to bring out is
associated with new legislation that is implemented. We would
like to see all new legislation questioned as far as
determining if it may require IT modifications and systems.
There is an awful lot of legislation that is launched that
requires in many of these industries we are talking about being
far behind--education, health care and many others--to go and
make changes in their systems related to reports, related to
regulations and other types of changes. We would like to see an
evaluation be made or at least some kind of quick assessment be
made on any of these pending legislations and that we would ask
that these types of things as much as possible be put off or
stopped because we are basically adding to the serious
condition--the fact that they have to go out and spend critical
time implementing those changes.
Last, we would like to also recommend that we set correct
expectations within the U.S. Government agencies and also any
other awareness activities that comes out of the committee
associated with the period of time that these failures will
take place. We find even in reports and documents from our U.S.
Federal agencies that there is a misnomer associated with the
period of time that these failures are likely to take place. So
we would hope that some effort be put in place to accurately
make aware individuals and within our Federal agencies that we
are talking about a much longer period of time for potential
failure and risk.
[The prepared statement of Mr. Marcoccio can be found in
the appendix.]
Chairman Bennett. Thank you very much. I have a whole
series of questions I would like to sit down and discuss with
you and we could take all of the rest of the morning with you.
Unfortunately, we do not have that time. And the Senate vote
has eaten up half an hour or more of our time in addition. Let
me ask you if you would be willing to respond to questions in
writing that would be made part of the record?
Let me just pick out several of the things you have said in
your testimony. You talked about 1 to 3 days being the duration
of some of these problems. Thus, I think the implication in
some people's minds is, OK, the problem will hit and we will
have 3 days to solve it and then it will be over with. And that
brings to mind the statement by one nuclear physicist in Russia
who said we plan to do nothing about Y2K. We will just let it
come. When it hits, we will see where the problems are, and
then we will buy the fixes from the United States. So that is
the easy way to deal with this.
I want to give you the opportunity to correct the
impression that no matter how bad it is, it can be fixed within
3 days.
Mr. Marcoccio. OK. Well, we do do a pretty thorough
analytical analysis associated with that information, but one
point I would make in regard to that would be that since we are
talking about many millions of failures that will take place
and even mission critical failures throughout the world, when
we talk about all failures in the millions, 10 percent of those
will last 3 days or longer. That is extremely substantial in
our mind to have 10 percent of a very, very large number last 3
days or longer. We are talking about business interruptions
where a factory that runs three shifts a day may not be able to
operate for 3 days or longer. We are talking about situations
where goods that may have a very short shelf life not be able
to be delivered within 3 days. We are talking about very, very
substantial unfortunately ramifications associated with that 10
percent.
So I by no means meant to lighten the situation with the 10
percent, but when we look at the real numbers, the likely
number is in the millions throughout the world of total
failures. Yes, 10 percent will last 3 days or longer is likely
to occur and what we are predicting. We feel that is a very,
very large number. We also feel a percentage of that will last
15 days or longer as well. In many cases, if you are talking
about extreme conditions, if you are talking about basic
infrastructure, very large corporations, to have a failure and
a business interruption and a large portion of a business
actually shut down that operation for 15 days or longer we feel
is a very, very serious and severe situation. So, yes, I did
not mean to make that sound like a very light statement. We
feel that is pretty severe.
Chairman Bennett. Yes. No, I know you did not. And that is
why I gave you the opportunity. I come back to this chart that
says 4 years. We have to look at the macro world in terms of
the lasting impact of this thing dragging out over that period
of time.
Now, back to your chart on the level of readiness in
various countries. I have the feeling that some countries will
simply drop off the radar screen and may be there. That is out
of sight in terms of their ability to connect with the world
for several years. Is that a correct?
Mr. Marcoccio. I think that extreme situation is possible
in some cases, yes.
Chairman Bennett. And if that is a country where we are--
we, the Western world, not necessarily just we the United
States--taking critical materials, the interruption of that
supply chain will cause enormous repercussions. The Western
world will not stand for an interruption for several years and
will find alternative sources of supply. Therefore, the country
that is just beginning to build itself up economically on the
basis of whatever it is they produce suddenly finds themselves
wiped out of its ability to compete. The desire of
industrialized nations to have alternative supply sources turns
them to their competitors. Even if they then get their Y2K
problem solved, they are so far behind the market they cannot
ever climb back into a competitive position. As a result we
will have a serious humanitarian problem; CNN will go in with
their cameras and show starving children. Last time CNN showed
starving children in Somalia we sent in troops, and I think we
are going to have other aspects of that in various countries
around the world as a result of this problem.
Now am I overstating it? Do not hesitate to disagree with
me. I am not trying to make a political point here. I am trying
to get information. If I am overstating it, tell me and tell me
why.
Mr. Marcoccio. No, I think that situation is definitely
possible in some number of countries. Some of these companies
basically that are in that fourth category have situations
where they have dependency within their government agencies.
Many of the countries in that category, basically the country
owns the power company, the telecom company. In some cases, we
are talking about food distribution being heavily owned or
supported by the government. We are talking about situations
where we already have close to or at starving situation of
people and food. We are talking about countries where we
already have some unrest occurring.
Considerably, in many of those countries, we are talking
about situations where they have threats between their country
and others from a national security perspective. So we already
have a pretty significant situation, even from a global economy
perspective as well with those countries, and this is going to
add considerable turmoil to those countries and in some cases
may do exactly what they said and actually may shut them out of
any type of global market opportunities.
Chairman Bennett. OK. Thank you very much. I have many more
questions I would love to discuss with you.
Mr. Marcoccio. We would be glad to submit answers in
writing or follow-on meetings or whatever.
Chairman Bennett. All right. We will do that, but in the
interest of time I will turn to Senator Smith.
Senator Smith. In the interest of time, I will just submit
written questions.
Chairman Bennett. OK. Thank you again, and our apologies
for the interruptions. It has been very useful.
We would like now to hear from the Honorable Fred Hochberg,
Deputy Administrator of the SBA. We had planned to have him on
a panel with a number of other witnesses. Mr. Hochberg, given
your time pressures, I think we will hear from you first and
ask you your questions and then hear from the other members of
the panel. Again, we apologize to you. I think you probably
would learn from the questions and answers from the other
members of the panel. So we invite you to stay as long as you
can, but we do understand the pressures that are on you and we
will hear from you now.
STATEMENT OF HON. FRED P. HOCHBERG, DEPUTY ADMINISTRATOR, SMALL
BUSINESS ADMINISTRATION
Mr. Hochberg. Thank you. Thank you, Mr. Chairman, for
inviting the U.S. Small Business Administration to testify
before your committee. My name is Fred P. Hochberg, Deputy
Administrator of the SBA. I appreciate the opportunity to
discuss the Year 2000 or Y2K problem facing the nation's 23.6
million small businesses. Before I begin, I would like to
applaud both you, Mr. Chairman and Vice Chairman Dodd, for your
leadership on this issue. I would ask that my full statement be
made part of the record.
Chairman Bennett. Without objection.
Mr. Hochberg. As someone who has run a small business and
met a payroll, let me assure you I know firsthand how
potentially disruptive the Y2K bug may be to a business. We at
the SBA are committed to doing all we can to minimize the
impact of the Y2K problem on America's small businesses. To
some extent all small businesses may be affected since any
firms with non-Y2K compliant hardware, software or equipment
with time-dependent chips are potentially at risk.
And small firms should not forget their dependence on
outside entities. A business that has addressed its Y2K issues
in-house could still suffer or fail because a key outside firm
with its own Y2K problem fails to perform. However, it is clear
that with foresight and preparation, the problem can be avoided
or at very least minimized.
In July of this year President Clinton issued a challenge
to both the private and public sectors to work together to
address this critical issue. The President's Council on the
Year 2000 Conversion under the dynamic leadership of John
Koskinen has spearheaded the administration's efforts in
dealing with this problem. Let me briefly update you about what
the SBA is doing to ensure that our own computer systems are
Y2K compliant and what SBA is doing to help our customers.
With regard to SBA's internal computer systems, I am
pleased to inform you that as of today we have completed the
renovation of the computer programs in all of SBA's mission
critical systems ahead of the targeted goals for the Federal
Government.
Let me now turn to discussing how SBA is striving to help
the nation's small businesses cope with the Y2K issue. Our goal
from the beginning has been to bring the seriousness of this
problem to the attention of the small business owners without
creating undue panic. As a result of our work with industry
experts, we have developed a common sense three-step program
that anchors our Y2K outreach efforts.
First, businesses are encouraged to conduct a self-
assessment to see if they may have defective computer hardware
and software as well as any equipment using date sensitive
embedded computer chips.
Second, businesses are encouraged to take action
immediately. Now is the time to begin evaluating and addressing
one's vulnerability to the Year 2000.
Third, businesses are encouraged to stay informed about
this issue. Accurate Y2K compliance information could change
and business owners need to keep abreast of any modifications
they may need to make as a result of changes in their business
operations.
Part of this process also includes following up to ensure
your suppliers and distributors are Y2K compliant and
developing contingency plans to deal with problems that may
arise or are beyond their control. These three steps form the
basic message of our public awareness program. We have prepared
a series of materials and services to notify small businesses
about the Y2K issue. They include the posters you see in the
room, fliers that we are putting in bill statement stuffers
such as this one, a toll-free hotline, a special Y2K section of
our website, the address of which is www.sba.gov. In fact,
since its inception in February of 1998, this site has been hit
or visited over 840,000 times.
Our traditional resource partners have been a tremendous
asset in helping us spread the word about Y2K. Since our Y2K
kickoff in early June with you Chairman Bennett and Vice
Chairman Dodd, the SBA has conducted Y2K training events
throughout the country. Since June, we have distributed more
than two million of these fliers through our private sector
partners such as financial institutions, utility companies and
newspapers.
We are also very excited that recently we reached an
agreement with the Internal Revenue Service to distribute
nationwide 6.5 million of these fliers to small business
owners.
Before I conclude my testimony, let me tell you about an
exciting activity we have planned for later this month. We will
sponsor a nationwide Y2K action week during the week of October
19 to focus government, business and media attention on the Y2K
problem. We have nearly 340 events already scheduled across the
country in conjunction with this effort. I am also happy to
report that 47 of those events are in States that members of
this committee represent. It is our hope that we can reach
millions of small businesses and motivate them to take action
now on this critical issue.
Let me conclude by saying the bottom line is small
businesses need to take action now and stay informed on this
issue. It is too late to start early. The reaction to our
efforts has been overwhelmingly positive. As you return to your
respective States in the coming weeks, we urge you to carry
forward the Year 2000 message. You are uniquely situated to
bring the urgency of this message home to the small business
community. We frankly need your help in this effort and would
be happy to provide materials or help you communicate with your
small business constituents.
For most businesses, the Y2K issue can be managed if they
take action now while there is still time. Thank you, Mr.
Chairman, for inviting the SBA to testify. I look forward to
working with you and would be happy to answer any questions.
[The prepared statement of Mr. Hochberg can be found in the
appendix.]
Chairman Bennett. Thank you very much. We applaud what you
have been doing. I note that John Koskinen has helped you in
changing the title of Y2K Awareness Week to Y2K Action Week
because if we are only dealing with awareness we are too late.
Mr. Hochberg. Exactly.
Chairman Bennett. You are aware, I am sure, of the study
that was done by the NFIB in conjunction with Wells Fargo Bank,
in June or July where 82 percent of small businesses said they
had no Y2K plans and, more chilling for me, 40 percent or
roughly half that number said they did not plan to get any Y2K
plans. Now you have done yeoman work in trying to get the word
out. Do you have any statistics that could be used to counter
those summer numbers to say that the percentage of small
businesses that are now going to try to deal with this might be
going up or do we just have the number of hits on your web site
and a general feel that things are better?
Mr. Hochberg. We have not conducted research in terms on
the extent of the problem. I believe NFIB has done so and has
some updated information on that.
Chairman Bennett. Good. We will hear from them next.
Mr. Hochberg. But we are mounting this campaign and
organizing many events the week of the 19th to make sure we do
get this message out. I was a small businessman. I ran a
catalog company, and I understand you deal with the upcoming
season, how to get inventory in, and deal with payroll issues.
It is harder to get a small business person to focus on
something that seems like an eternity, 15 months away. We have
mounted this effort because we know there is that potential
problem.
Chairman Bennett. I understand exactly having run several
small businesses myself. May I inject a somewhat cautionary
note? I am delighted that you are reporting that your mission
critical systems are remediated and you are going to be in good
shape. Here in the Senate, we have gone through the process of
trying to make sure that the Senate computers are compliant, it
would be very embarrassing for me if I am out here sounding the
cry for all the rest of the world and my own computers do not
work. I have found that the first reports of getting things
under control are almost always more optimistic than the fact.
And I would really be very stunned, very pleased obviously, if
all the PC's on everybody's desk at the SBA were ready. I have
a suspicion that maybe that is not the case.
So I would just suggest to you as the top manager, now that
you have gotten your optimistic report, go back and start
asking some troublesome questions, and I think you will
discover that some people said, oh, well, we did not mean that.
And just as I want to avoid the embarrassment of having the
Senate not be Y2K compliant all the way through, you want to
avoid the embarrassment of having the SBA not be compliant.
There are certain of our colleagues that I would just as soon
not alert. [Laughter.]
But we will let that one go by. Senator Smith.
Senator Smith. Mr. Hochberg, thank you for your testimony.
I understand the SBA will be guaranteeing 50 percent of the
loan value up to $50,000 to help small businesses pay for Y2K
fixes. Can you characterize or project how quickly the
guaranteed funding will enable small businesses to complete
remediation and testing efforts? Do you have a sense of timing
on that?
Mr. Hochberg. Senator Smith, all of SBA's loan programs
currently are available for Y2K remediation--from our LowDoc
and SBAExpress programs that were just expanded last month and
through our regular 7(a) and 504 loan programs, which are for
larger amounts, up to $750,000-$1 million respectively. They
are all available to be used for these efforts. And our newly
expanded programs, the LowDoc, standing for low documentation,
and SBAExpress allow 36 hour approval times. They are very
quickly available so that should not be an impediment to a
company getting the funds, and those loans can be paid out 5,
10, or 15 years to amortize the cost of those changes.
Senator Smith. Are you getting many people seeking loans
for this specific reason?
Mr. Hochberg. Our loan programs are loan guarantees. So, in
fact, we often do not see the precise nature of some of those
loans. But our banks are alerted to that. In every forum that
our district officers speak in, we make sure people are fully
aware that these programs are available.
Senator Smith. Do you notice banks pushing small businesses
to make sure their customers are Y2K compliant?
Mr. Hochberg. The banks have been some of our best
partners. The American Banking Association, in fact, took our
entire training and education program and incorporated it into
their documents. Nations bank and Wells Fargo are actually
distributing this to their customers and working with other
banks to do so as well. So the banks have been, as the
gentleman from the Gartner Group indicated, at the forefront
and I believe small businesses do listen to their bankers.
Senator Smith. Thank you very much. I guess bottom line
there is really no reason people should not be doing this in
small business. They just solve the problems if they are aware
of it. I do not imagine that for most large companies the Y2K
problem would be a large financial hit, but it potentially
could be if they do nothing about it. So thank you for your
efforts.
Mr. Hochberg. Certainly.
Chairman Bennett. Thank you. And you are more than welcome
to stay or if you have to leave, we will understand.
Mr. Hochberg. Thank you.
Chairman Bennett. We will now have the other members of the
panel on small business join us: William Dennis, senior
research fellow at the National Federation of Independent
Business; Mr. Rod Rodrigue, director, Manufacturers Extension
Partnership from the State of Maine; and Mr. Harold Schild,
president/CEO of Tillamook Cheese. And I have eaten Tillamook
Cheese so I can endorse the comments of the Senator from Oregon
with the caveat that Cash Valley cheese in Utah is of equal
quality.
All right. Mr. Dennis.
STATEMENT OF WILLIAM J. DENNIS, JR., SENIOR RESEARCH FELLOW,
NATIONAL FEDERATION OF INDEPENDENT BUSINESS
Mr. Dennis. Being originally from Wisconsin, I am going to
have to argue with that. But thank you very much, Mr. Chairman.
The bulk of my testimony today will be a report that was
produced.
Chairman Bennett. Yes, and it will be without objection
included in the record.
Mr. Dennis. Data for the report were collected in April,
late April. We will update that report later this month. In
fact, I had a conversation yesterday with the Gallup
organization so we are about ready to go in and essentially
repeat what we did earlier. My judgment is that the October-
November data will be much more optimistic or encouraging than
was the spring's. However, I say that from experience rather
than data. Many small business owners, as you are well aware,
have immediate pressing problems and those tend to go right to
the top of the list. So the current status is not totally
unexpected although not always totally understandable either.
Chairman Bennett. Can you pull the microphone a little
closer to you?
Mr. Dennis. Surely. Is this better?
Chairman Bennett. Thank you. Yes.
Mr. Dennis. The critical finding in the spring report was
that over 80 percent of the small businesses in this country
are potentially exposed directly to a Y2K problem. To take it a
little bit further, think of dividing the small business
population into fifths. A fifth of them does not understand
that there is a Y2K problem. They are not aware of it. A fifth
are currently taking action. A fifth have not taken action, but
plan to take action. Two-fifths are aware of the problem and do
not plan to take any action prior to the Year 2000.
If we put together the people who do not have computers or
embedded chips as well as those who have taken action and feel
comfortable, we have approximately 40 percent of the small
employer population. At the other extreme are those which plan
to take no action, and who are computer dependent to the extent
that if they lost their computers or the computers
malfunctioned, would lose 85 percent or more of their
production or sales. That effectively means they would have to
close down for a period until they can fix it. About 330,000
businesses fall into that category. If you cut the amount of
computer dependence somewhat, then you about double the number.
So we have a serious problem among a significant number of
businesses.
Aside from the general liability issues that you have
talked about on other occasions and an assumption that the
credit markets do not go south on us, it seems to me that the
primary function or role of the Federal Government other than
taking care of its own house is to serve as the village nag. It
would be helpful quite frankly, and many of you are doing so,
to----
Chairman Bennett. I have been called a lot of things, but--
[Laughter.]
Go ahead.
Mr. Dennis. One of the critical points is to nag the right
people. Let me refer you to a study conducted by the Small
Business Administration in 1994 titled ``How Small Businesses
Learn.'' That study focuses on how government can communicate
with the small business population. There are two key groups.
The first key group are trade associations, but specifically
industry-specific trade associations. The reason that they are
critical is not only because they have good contact with small
business owners, but because they also are aware of the
equipment that is used within those industries. It is the kind
of information that someone interested in smaller firms or
knowledgeable about smaller firms in general would not
necessarily have. So industry-specific trade groups are very
important because of what they know and because they have
enormous credibility within the population itself.
The second group that has enormous credibility within the
population itself are colleagues and business associates. You
spoke earlier about banks and their relationships and indeed
they have been out in front from what we have seen. But there
are other types of organizations as well, large and small,
which would do well to impress upon their customers and
suppliers the need to be Y2K compliant.
The upshot is that government would do well to focus on its
bloody pulpit function and this it can do quite well. Thank you
very much, Mr. Chairman.
[The prepared statement of Mr. Dennis can be found in the
appendix.]
Chairman Bennett. Thank you. Mr. Rodrigue.
STATEMENT OF ROD RODRIGUE, DIRECTOR, MANUFACTURERS EXTENSION
PARTNERSHIP, STATE OF MAINE
Mr. Rodrigue. Thank you. Senator Bennett, Mr. Chairman, and
Senator Smith, I am here today from the great State of Maine to
hopefully bring across more solutions than problems. I am
president of the Maine Manufacturing Extension Partnership,
which is part of a national Manufacturing Extension
Partnership, put together by NIST under the Department of
Commerce. Our primary mission is to help small and medium-size
manufacturers become more globally competitive by using the
best available technologies.
We are the folks in the trenches that talk to these
manufacturers and try to find out what we can do to help them.
What we have done in Maine and the reason we have been asked to
come here today is to tell you a little bit about what we have
done as a model program. When we saw all the great number of
manufacturers that could potentially be affected by Y2K, we got
very nervous about what would be happening to our manufacturing
base in Maine. With 2,500 manufacturers in Maine, 88 percent of
them hiring below 100 folks, we started to look at these
manufactures as the ones that were the most at risk.
A few months back NIST came out with a Y2K assessment tool.
This tool is a mechanism you can hand to manufacturers enabling
them to actually do an assessment of all of their inventories.
It looks at the supply chain, and allows them to look at their
embedded systems. For just 1 second, if you could, just
visualize a manufacturing facility with 50 or 60 machines from
a dozen different countries all with embedded chips networked
together out of customized software, not knowing who put in the
custom systems in some cases. It becomes very complicated. We
have seen so much apathy with small manufacturers that we
decided to call every manufacturer in the State of Maine. We
estimate 500 to 600 will need help.
We took this Y2K tool and linked up with SBDC's, SBA folks,
business visitation folks and so forth, and will deliver this
tool to every single manufacturer that needs it on a
personalized basis. We have heard today about the apathy and it
really is there, but once a manufacturer uses this tool and
complete their system inventory, lights come on and the
manufacturers understand the value in going through an
assessment.
The real back breaker in this whole process is proceeding
from the awareness to the remediation phase. They cannot get
their arms around the remediation problem. This process gives
them a road map. At the end of this engineering road map, the
mission criticals are identified and prioritized. We attach a
SBA LowDoc loan application instruction sheet that gives them
not only the means, but a mechanism. Then we take and help them
through their remediation process.
The real good news is that this document, this tool, sits
in the hands of about 2,500 MEP folks all around the country.
There are 400 offices in all 50 States and Puerto Rico. They
are affiliated with 3,500 other agencies that can help
distribute the tool. What we are doing in the State of Maine we
think would be a good model. We will continue to talk about Y2k
awareness and put the action together. We have handled about 50
companies so far.
In your letter you asked me what it is the Government could
do to assist in the situation. In Maine we have begged and
borrowed and tried to put this product out on limited
resources. With the lack of funding we will probably stop at
about 100 or 120 companies. MEP has yet 400 other companies to
assess. The national NIST program, the MEP program has
submitted a request for funding through the Department of
Commerce. I am asking that Maine's Y2K model program and the
budget request be used to put this tool in the hands of all of
the States in the union, allowing immediate delivery of this
tool. Remembering that this is an assessment tool, we need to
be mindful that manufacturers are looking at a narrow window of
opportunity to complete and start the remediation process to be
Y2K compliant.
What we are asking today, I guess, or what I am asking
today is to have this committee reach out and plug in this
system and let us go out and actually start to do the work. I
did not want to bore you with more statistics of how bad it is
going to be. I want to say that we can go out now and start to
cure this problem. The tools are there. The people are there. I
am reminded of my first job where my first boss said do not
bring any more problems, just bring solutions. I am hoping that
is what I am doing here today, bringing you some solutions that
make some credible sense.
The national MEP system over the last 6 years has really
been at the forefront of giving technology to the small and
medium-size manufacturers in battling this global competition.
We are in place, we are ready to go. We have the tool to go out
and implement it. The bottom line for me, is to ask you to
expedite or help us get the resources, the financial resources,
to go forward with this program.
I want to point out that these resources we are asking for
is not to pay for the remediation process. It is to help
promote more awareness and alleviate the existing apathy. We
are ready to go and I just hope that you will help me step on
this millennium bug and finally get it out of our hair. I would
be more than happy to answer any questions and I thank you for
inviting me.
[The prepared statement of Mr. Rodrigue can be found in the
appendix.]
Chairman Bennett. Thank you. Mr. Schild.
STATEMENT OF HAROLD SCHILD, PRESIDENT/CEO, TILLAMOOK CHEESE,
INC.
Mr. Schild. Schild. That is fine. Thank you. Chairman
Bennett and Senator Smith, I want to thank you for providing me
an opportunity today to share our experience as a relatively
small farmer-owned dairy cooperative in dealing with the Year
2000 computer problem. We were first made aware of the problem
back in February of 1996 during a routine annual audit by one
of the Big Five firms, and at that point, we authorized
Management Information Services to research the validity of the
potential for problems in our computer systems. They reported
that, indeed, there was a real danger of complete calamity when
January 1, 2000 rolled around and that we should begin
immediately toward correcting the problem.
Now, Tillamook County Creamery Association is 150 member
dairy cooperative. We are nestled between the Coast Range
Mountains and the Pacific Ocean, about 75 miles west of the
Portland, OR metro area. The association has about 400
employees and we have sales of about $160 million per year. We
are totally branded, value-added dairy products, primarily
cheddar and premium ice cream.
At the time we became aware of the Y2K problem, we had an
MIS staff of two people. Despite our efforts, we have been
unable to attract additional staff to our coastal area to cope
with everyday programming demands plus deal with the Y2K bug in
addition to their daily responsibilities. Many other companies
in the metro area that are able to pay higher salaries have
engaged most of the qualified programmers in the region.
Our approach was to form teams that would think of all the
potential problems in their areas. Some of our people were sent
to seminars to gain better understanding in where to search for
the Y2K bugs. A few of the potential problem areas they found,
of course, were our accounting software, electronic data
transfer between our order desk and our customers, member and
employee payroll, quite an important area, point of sale
programs. We have a visitors center that hosts about 900,000
visitors each year, and that, of course, was a real critical
area for us as well as our farm store and dealing with our
members.
A question about our suppliers--were they going to be
compliant and able to continue to supply a regular flow of
product to us? Were there legal issues? Questions we did not
have answers for. Were we in jeopardy of defaulting on some of
our contracts and agreements. Financial transactions. Were
customers' payments going to come through in a timely manner?
Was our order reception and processing going to be up to date?
Were we going to be able to accept customer orders on a timely
manner and get the product to them as expected?
And, of course, our automated product processing. We have a
fairly modern cheese plant and processing, and we are concerned
with the program controllers that actually operate that system.
To date, our accounting department estimates that our out-of-
pocket cash expenditures will exceed a million dollars to avoid
a major Y2K problem. This does not include any of the internal
costs of staff time or expense for training. The loss of
productivity internally because our people are busy with Y2K
issues is also not included in this cost estimate. These costs
will be directly borne by our dairy members, many of whom are
struggling to make ends meet already.
At the present time, we are applying a test program to all
of our software to determine just where the bugs are hiding. We
are confident that TCCA will be Y2K ready before the fall of
1999 if we do not experience delays in receiving software. We
have contracted for the installation of this software by April
1, 1999. And we expect no problems, but then I am sure there
will be some surprises. There always seem to be.
Looking at the rest of the industry, many of the CEO's of
dairy companies that I talk to express a wide range of views on
Y2K--from disbelief that it is more than a computer industry
hype to stimulate business to a view that the electronic world
as we know it today will cease to operate, leaving commerce
stalled, utilities shut down, and only hand operated equipment
functioning. Some project no additional costs to complying with
Y2K while others estimate their costs like ours will run into
the millions.
As in many other industries, the large, well financed seem
to be better prepared than those who are less sophisticated and
more personally operated. I would rate the dairy industry
generally to be at level II in the previous testimony for
overall preparedness. Items that I would suggest perhaps
Congress could help us on is that many persons still are not
aware of the real potential for disaster that exists. This
committee is an excellent vehicle toward a broader awareness
level nationwide, and I compliment you for your efforts on this
behalf.
Some suggestions that could possibly help--Congress could
act on--would be to establish a centralized government
sponsored web page for all companies to log on to and to
certify that they are completely compliant. Other companies
then could access this page to verify if their suppliers and
customers are prepared to function after January 1, 2000. This
would reduce duplication of efforts.
Also, immediate tax recovery of all program upgrade costs.
I understand that IRS has stated that a portion of any new
software or hardware needed for Y2K compliance could be
expensed in the current year. However, much of the software and
hardware needed to operate the new upgrades will not be
immediately deductible because it is not used solely for Y2K
but may incidentally improve other non-Y2K functions of the
operating systems. This upgrade must be expensed over a long
period of time under the current IRS guidelines.
I would say at this point that we are probably doing about
5 years worth of software and hardware upgrades, all within the
fiscal year 1999, in order to cover the Y2K bug. We normally
would spread this over a longer period of time.
Third, if Congress could assure those of us in industry
that government services will be fully compliant. I understand
there is many Federal, State, and local public bodies such as
utilities, emergency services, financial institutions, and
transportation services that are not Y2K compliant and claim
they do not have the resources to become compliant by January
2000. I thank you for this opportunity to express the Y2K
status of our cooperative in Oregon and hopefully it will help
others avoid a major crisis just 65 weeks from now.
[The prepared statement of Mr. Schild can be found in the
appendix.]
Chairman Bennett. Thank you very much. This has been useful
to get this range of information. Unfortunately a pattern is
being repeated here that we have seen in other hearings which
is that the witnesses we get before us are the witnesses who
know what they are doing. And they give a false impression that
things are better than they really are because the witnesses
that do not know what they are doing refuse to come forward. So
the good ones are here and we recognize you as being
representative of the good ones. The others raise great concern
for us.
Mr. Dennis, you have talked about trade associations and
other colleagues and associates and you highlighted banks. Do
you have the sense that banks, credit unions and so on, those
gatekeepers of credit, are starting to make this a loan issue?
That they are beginning to say you cannot get a loan because we
think you will not be able to pay it back because you are not
going to be Y2K compliant?
Mr. Dennis. Let me separate those two, Senator.
Chairman Bennett. Yes.
Mr. Dennis. In terms of obtaining loan money to become
compliant, my sense is that is not an issue right now.
Chairman Bennett. Yes.
Mr. Dennis. We are in a situation now where credit is
probably as easy to get for a small business owner as any time
in the 23-24 years that I have been researching small firms. So
I do not see that as an issue. The other portion of your
question, are banks requiring Y2K compliance before they are
issuing loans, I do not have a sense that that is a requirement
at this juncture. I do have a sense that they are sending out
letters to their--well, I do not have a sense--I know they are.
A lot of banks are--are sending out letters to their loan
customers which very specifically asks them about their Y2K
activities and infers that it would be well if they took
immediate action to remedy this problem. They are couching the
inquiries in terms of having to do business back and forth over
the wire, not necessarily with you, but with other people.
Therefore, it should have all of its customers in compliance.
Chairman Bennett. Mr. Rodrigue, your body language said you
had an answer to that question.
Mr. Rodrigue. Well, like I said, we are in the trenches,
Senator, and they are starting to get very nervous. The bankers
are sending letters inquiring about Y2K compliance. Credit
terms and availability could potentially be affected.
I should mention that by the use of the Y2K tool, gives
them a due diligence document so they can show the banks that
they have gone through an assessment. It is another big plus.
This tool not only gives them a due diligence at the end of it,
it allows them to move forward because it gives them a document
that tells them how much resources they need to go through
remediation. But the banking portion, Senator, is a very big
concern, and I think that we are going to see a little more of
a panic as the months roll by.
Chairman Bennett. I am privy to the actions inside a major
bank where the credit officers are saying we did not think this
was a credit issue. We now decide that it is a credit issue, we
think we are going to lose between 5 and 20 percent of our
customers by our action. That is we will cut them off as bad
credit risks on the basis that they do not have sufficient
remediation in place. Therefore they are going to start holding
credit and loan officers within the bank, accountable for the
kinds of loans they make with respect to this issue. This is
just one bank. However, I think it is a fairly significant
signal to send to small business people when they go in for a
loan in May or June 1999 and be told by the bank I know we have
served you for 10 years, but we are not going to make this loan
because we do not think you are going to be able to pay it
back.
And that raises an issue I will say here and probably
repeat later on: One of the results of the Year 2000 problem is
going to be a flight to quality. The banks will move to the
quality loans, let other people fall by the wayside. Suppliers
will move or companies will move to quality suppliers; the ones
that are more marginal, they are willing to take a chance on,
will be in difficulty. And as I indicated with the testimony
from the Gartner Group, whole countries will be affected
because people will move to quality and they will go to
reliable sources of supply. It can be for a small business an
opportunity to become a source of quality and thereby step up
over competitors who are not paying attention to this. It can
be an opportunity rather than a disaster.
One quick question for you, Mr. Dennis. NFIB, as I
understand it, does not have Y2K as a mandate yet. Are you
planning to take a more aggressive stand on this in terms of
leadership for your members on this issue?
Mr. Dennis. It has been featured in our magazine, websites,
links to other websites, and that sort of thing. I am not
exactly sure what you mean by a mandate. I am a little bit
confused by that. I am sorry. We clearly have done several
things on the communication side and plan to do more, but----
Chairman Bennett. Yes. I am told NFIB members vote to put
an issue on the top priority list or priority attention
mandating what the staff will do and that has not yet happened.
Mr. Dennis. Yes. No.
Chairman Bennett. I am encouraging you to have that happen.
Mr. Dennis. Thank you, yes. The liability issue has already
been out.
Chairman Bennett. OK.
Mr. Dennis. And I would expect if that is on the voting
side, yeah.
Chairman Bennett. OK. Fine. Senator Smith.
Senator Smith. Thank you, Mr. Chairman. Harold, we actually
had considerable difficulty getting other food processors here
and I wonder if you can conjecture with me why that might be.
Is there a lack of awareness of it, not just the dairy industry
but generally vertically and horizontally in the food
processing industry? What do you think the awareness is?
Mr. Schild. I think probably the food processing industry,
especially your smaller ones, are more manual and they do not
recognize outside of their own daily operations the impact that
it could have on them when it comes to customer suppliers. We
feel that we are moving into becoming a little more
sophisticated with our customers in electronic data transfer
and so on, and I think our customers have probably been
encouraging us. In fact, we are getting letters regularly now
that demand that we acknowledge that we are compliant and or
when we will be, and if that does not happen, then they
threaten to go to another supplier for their cheese.
So I think maybe some in the agricultural arena are not
perhaps as connected electronically with some of their
customers and may not be feeling the pinch. I think in Oregon
especially we have many commodity producers. I believe only
about 15 percent of our agricultural sales in Oregon are
actually to the end user. And therefore being more commodity
driven, they are not likely to be dealing with the end users
that are really demanding this level of compliance.
Senator Smith. Could a component of it be fear of being
associated with bad news?
Mr. Schild. Well, there is probably some of that.
Senator Smith. Is legal liability part of it?
Mr. Schild. I guess that has not bothered us.
Senator Smith. Well, actually I think there is a
competitive advantage to be marketed in some way to let your
customers know you are Y2K compliant and you are on the bridge
of the 21st century.
Mr. Schild. Well, we are certainly working that way and we
are confident that we will be ready. But we still have
questions. In fact, we are preparing the same compliance
letters with many of our suppliers to make sure they will be
able to serve us after Year 2000. So it goes around.
Senator Smith. I thank you for coming and for sharing with
us and I hope that all of you will continue to do what you are
doing. We appreciate it. Thank you, Mr. Chairman.
Mr. Schild. Thank you.
Chairman Bennett. Thank you very much. We appreciate your
being here. I will make this comment following up on Senator
Smith's comment. I have been in touch with some of the trade
associations in the food industry and made it as courteously
clear as I can that we will have representatives of the food
industry testifying next year. We have the subpoena power on
this committee. We have not had to use it up until now and I
hope that the time never comes when we do, but one of the main
concerns that the public has, particularly in some of the more
alarmist websites with respect to Y2K, is whether or not there
will be food on supermarket shelves. Many people are saying
there will not be, and I have said to representatives of the
food industry if you wish to allay this suspicion and convince
people that food will, in fact, be on the shelves in
supermarkets on January 2 or 3 and it will be freshly delivered
food, you had better come before the committee in making your
case. Your unwillingness to come and share information with us
only feeds the people who are pushing the panic button.
So we will have representatives of the food industry before
us at hearings next year. Another reason, Mr. Schild, why we
are grateful for your coming. You are willing to go whether
others never dared to go before. [Laughter.]
We are glad to have you here. Thank you, all.
Mr. Rodrigue. Thank you, Mr. Chairman.
Chairman Bennett. We will go now to the final panel. This
panel is flying two missions. They represent big business. We
have had the representatives of small business. Now we are
going to hear from the representatives of big business. And at
the same time they are all concentrated in the pharmaceutical
industry. So we will be able to get the kind of sense of
availability and Y2K compliance in that key industry as well as
get a sense of what large companies are doing.
I think it is fitting that we started out with Ms. West who
gave us the very graphic and moving description of how
important this industry is, and now we finish up with the
pharmaceutical industry. I am sure you all heard her testimony
and we look forward to learning how you intend to address the
problems that she raised, at least from your part of this
particular supply chain.
We have with us Dr. Charles Popper, who is the chief
information officer of Merck & Co.; Mr. Keith Mallonee, who is
vice president of Information Technology at McKesson Corp.; Mr.
Ronald J. Streck, who is the president and CEO of the National
Druggists' Association; and Mr. Richard Carbray, who is the
general manager of a small pharmacy, Pelton's Pharmacy an Home
Health Centers.
Let me make one other comment. Senator Dodd was involved in
a fender bender on his way in this morning and while there is
nothing dramatic about it, he has got a sore neck. He is trying
to get a little bit of relief and that is the only reason he is
not here. Senator Dodd is usually the most faithful of all
members and please do not misinterpret his absence as any kind
of lack of interest. His written statement will be included in
the record.
[The prepared statement of Senator Dodd follows:]
Chairman Bennett. So I see you have seated yourselves
differently from the way I have it listed. Let us go in the
order that you are seated. We will start with you, Dr. Popper,
and then Mr. Streck, Mr. Mallonee, and Mr. Carbray.
STATEMENT OF DR. CHARLES POPPER, CHIEF INFORMATION OFFICER,
MERCK & CO.
Dr. Popper. Thank you, Senator Bennett. Good morning, Mr.
Chairman and members of the committee. My name is Charles
Popper and I am Vice President of Corporate Computer Resources
at Merck. In that position I serve as the chief information
officer of Merck. Merck is a global, research-driven
pharmaceutical company that discovers, develops, manufacturers
and markets a broad range of medicines. Thank you for inviting
me to participate in today's hearing. I applaud this
committee's efforts in both investigating and publicizing the
potential effect of the Y2K computer problem.
I would like to discuss what my company, Merck, is doing to
deal with the problem. I would also like to provide a broader
context that you may find useful. Our task at Merck has been to
ensure that all computer programs that are in use anywhere
within Merck's worldwide operations will operate correctly
throughout the transition into the next millennium, but our
objective all along has been a more important one consistent
with Merck's company mission. As George W. Merck stated many
years ago, we try never to forget that medicine is for people,
people just like Ms. West, I might add.
Merck is solving its Y2K problem in order to ensure that we
can continue to discover, develop, manufacture and distribute
medicines that treat important human diseases. Our paramount
goal is to ensure the continuity of the supply of medicines to
our patients. At Merck we are doing so by following a simple
strategy.
First, we have inventoried all computer systems,
applications and devices with embedded microprocessors. Second,
we have assessed each of these systems to determine whether it
includes any date processing and whether its correct operation
is of serious concern to our business. As an example of a
system where we are less concerned about a possible Y2K bug,
consider a program that reports monthly sales and organizes the
columns of the report in chronological order. While we prefer
to have the report continue to show the most recent results
from right to left, if the Y2k were to merely cause the columns
to print in a different order, this would only be a minor
concern to us. We are deferring the repair of that kind of bug
to the final stages of the Y2K project.
Third, we have developed a compliance strategy for each
system. Fourth, we are executing that strategy for the many
thousands of systems in our inventory. This is obviously a
daunting task because of its magnitude and its geographic
diversity. We have to deal with systems in the many hundreds of
Merck locations worldwide.
The fifth and final step is to thoroughly test all of our
systems. Our attitude is to trust no one but ourselves. If a
system vendor tells us that their application is Y2K compliant,
we will insist on testing it ourselves or at least auditing in
detail the test results provided by the vendor. We have already
found instances of applications certified compliant by the
vendor that, in fact, did not pass our test initially.
As you can imagine, Merck's Y2K project is a very
significant effort. We began reasonably early in 1996. There
are now in excess of several hundred people involved. We are
spending many tens of millions of dollars to plan, execute, and
manage this work. Our goal has been to achieve Y2K compliance
by the end of this year, thus allowing all of a 1999 for
dealing with the inevitable glitches and inconsistencies among
systems.
However, Mr. Chairman, fixing our internal systems is only
part of the problem. Merck just as any global company works
with many thousands of business partners, suppliers, customers,
and government agencies. Our ability to continue our company's
operations successfully in January 2000 depends just as much as
on the Y2K programs of these companies and agencies as on our
own internal systems. Hence, we have organized two other major
sets of activity.
First, each business area is examining its business
partners to assess its Y2K risk. If the proper operation of
that entity's systems is essential for Merck's operations, we
are both working with that entity to better understand its Y2K
remediation plans and also developing internal contingency
plans just in case that entity that fails to achieve Y2K
compliance on time.
Second, we are working with the Vital Signs 2000 Project,
which is a health system-wide effort organized by the Odin
Group to gather important information about the Y2K compliance
of the entire health care industry in which we participate. The
Vital Signs 2000 team has developed a survey instrument for the
five groups of entities comprising the health care industry:
payers, providers, suppliers, distributors and government
agencies. By understanding the cross-industry processes and
their Y2K vulnerabilities, we together with the rest of the
industry can develop the detailed contingency plans that can
assure the continuity of high quality patient care.
What about the broader American pharmaceutical industry?
While I obviously cannot testify about the detailed plans and
projects of Merck's competitors, I have had the opportunity to
discuss the Y2K problem with my colleagues in other
pharmaceutical companies. These companies have all followed a
methodology similar to Merck's and are applying the level of
resources needed to deal with the problem. They have also
recognized the broader issues of the readiness of business
partners and are developing appropriate contingency plans.
Let me close with some broader context. I read periodically
that companies and agencies are now just waking up to the
severity of the problem--we have heard about that this morning.
Worse, I still read and hear about entities that still do not
believe that there is a serious problem. They may be right in
their local situation but only an organized testing program
will allow them to be sure. So I do worry about what will
happen as the clock strikes midnight on December 31, 1999.
Again, I thank the committee for the opportunity to be here
today and look forward to your questions.
[The prepared statement of Dr. Popper can be found in the
appendix.]
Chairman Bennett. Thank you very much. Mr. Streck.
STATEMENT OF RONALD J. STRECK, PRESIDENT AND CEO, NATIONAL
WHOLESALE DRUGGISTS' ASSOCIATION
Mr. Streck. Thank you, Chairman Bennett. The National
Wholesale Druggists' Association, or NWDA, appreciates the
invitation to testify today before the committee about the
applications of Y2K. And I ask my written statement be entered
into the record.
Chairman Bennett. Without objection.
Mr. Streck. NWDA is the national trade association
representing distributors of pharmaceutical and related health
care products. Our active member companies operate 215
distribution centers throughout the country that service every
State, the District of Columbia, and U.S. territories. NWDA's
active members provide distribution services to over 130,000
pharmacy outlets in the country including 21,000 independent
pharmacies, 18,000 chain pharmacies, 7,500 hospital pharmacies,
220 mail order pharmacies, 7,000 food stores, 5,000 mass
merchandisers, 4,000 long-term care and home health care
facilities, 56,000 clinics and 1,000 HMO's.
Our most recent data indicates NWDA member wholesale
distributors on average obtain products from over 750
manufacturer suppliers. Typically, a single wholesale
distribution center stocks an average of 24,000 items and will
process over 13,000 order lines per day. Virtually, all orders
placed by pharmacy customers to their wholesale distributors
are transmitted electronically and more and more electronic
picking devices are used to fill these orders.
To service an increasingly demanding and integrated health
care market, practically all wholesalers provide daily
deliveries with a growing number of wholesalers providing twice
a day deliveries to their customers. However, today's
wholesalers do so much more than just deliver product in a
timely manner. Some of the value added services NWDA members
provide to their customers include marketing and advertising
support, product sourcing programs and special handling
services.
Other services provided that are especially relevant to the
Y2K discussion are the computer and information programs that
include third party claims processing and receivable services,
inventory management, pharmacy computer systems for dispensing
and care, and point of sale systems.
Wholesalers have been innovators and leaders in information
technology. They continue to use information technology to
integrate suppliers and customers. These programs and systems
rely on automation, connectivity, information systems,
electronic linkages, and network building that allow for the
prompt and efficient delivery of lifesaving health care
products.
Our members have been methodologically working to ensure
their systems and those of their customers are compliant. You
will hear more about exactly what wholesalers have been doing
from Keith Mallonee of the McKesson Corp. in just a few
minutes. Based on a number of suppliers, customers and orders,
it does not take long to speculate on what would happen if
there were an interruption of an electronic transfer of
information. Many of these transmissions are reliant on
commercial and government telecommunication networks, systems
over which the pharmaceutical industry has no control.
NWDA and its members need to know that these vital
communication networks are Y2K compliant and ready to support
the delivery of health care services to the patient. This
constant electronic transfer of information is the reason I am
here today. As we have developed our association's web page,
NWDA has devoted a separate section just for dissemination of
general Y2K information. We endorse the notion of common
solutions for common process problems and we are ready to move
ahead with an industry clearinghouse for Y2K technical fixes
that would allow drug wholesale trading partners to freely
share such technical information.
We have been reluctant to proceed with this project due to
liability and antitrust concerns. However, with the passage of
the Year 2000 Information Readiness Disclosure Act, S. 2392, we
understand that we will now be able to move ahead. We commend
Congress for its approval of this important legislation and
urge the president to move swiftly to sign the bill into law.
We are greatly concerned that Federal, State, and local
governments are quickly running out of time to adequately test
and correct all public service and infrastructure systems. It
is disturbing to read reports from Congress and the GAO
indicating that there are serious concerns, that many Federal
agencies will just not be ready. The July 1998 report by the
GAO entitled Year 2000 Computing Crisis concluded that quote
``federal agencies and state governments suggest that the full
extent of the managerial and operational challenges posed by
the heavy reliance on others for data needed to sustain
government activity is not yet known.''
Congressman Steve Horn in his role as chairman of the House
Subcommittee on Government Management, Information and
Technology, has issued another report card on Federal agencies
with HCFA once again receiving an F grade. We fear that Federal
and State government agencies will not survive the changeover
to Year 2000 without interruptions in health care
reimbursements. Government reimbursement is only one area that
could disrupt the flow of life sustaining prescription drugs to
patients. Even if all parts of the prescription drug supply
chain are compliant and ready, if there are failures in other
links, it would be irrelevant that we are ready. We need
assurances that government agencies will be Y2K ready so they
can seamlessly carry out their important functions.
Wholesalers are making contingency plans to make sure that
there is not a disruption in the availability of product. I
want to emphasize that wholesalers are just one link in the
chain. If the government agencies that play such a vital role
in the health care system are not going to be Y2K compliant,
contingency plans must quickly be completed and this
information passed on to the public. How a business or industry
develops its own backup plan depends on what government
services will be available.
NWDA and our member companies stand ready to work with
government at all levels to address these issues to ensure that
lifesaving medicines continue to get to those who need them
when they need them. Time is of the essence, and I thank the
committee for holding this hearing today to address this
momentous issue.
[The prepared statement of Mr. Streck can be found in the
appendix.]
Chairman Bennett. Thank you. The buzzer has just gone off.
There is another vote on the Senate floor. This time I think I
will go immediately and come back instead of run the clock the
other way. Mr. Mallonee, I apologize for mispronouncing your
name. We will hear from you as soon as we come back. The
committee will stand in recess.
[Recess.]
Chairman Bennett. The committee will come to order. Mr.
Mallonee, thank you for your patience. We will now hear from
you.
STATEMENT OF KEITH MALLONEE, VICE PRESIDENT, SYSTEMS
DEVELOPMENT, McKESSON CORP.
Mr. Mallonee. Mr. Chairman, thank you for inviting McKesson
to participate today. I know you are all busy so I will keep my
remarks to about 3 minutes. My name is Keith Mallonee. I am
vice president of Systems Development at McKesson. McKesson is
the largest distributor of pharmaceuticals, health care
products, medical and surgical supplies in the United States
with over $20 billion in annual revenue. We serve customers in
all 50 States through a network, a national network of
distribution centers.
Our customers include independent pharmacies, hospitals,
drug chain stores, food stores, clinics, nursing homes. We view
the Year 2000 as a critical business issue at McKesson. We are
in the health care industry. We understand the importance in
ensuring that a critical and potentially lifesaving product
gets into the hands of our customers on time. We are also
heavily involved in electronic commerce. On a daily basis, we
receive over 60,000 orders from our customers. We will fill
over a million and a half order lines from our distribution
centers. Over 99 percent of those orders come into us
electronically.
So we are approaching Year 2000 at McKesson like we
approach any major business issue or initiative and that is
with a dedicated team of personnel, resources, dollars, and
senior management involvement and oversight. We began the
project, the Year 2000 product at McKesson, in 1996. We
established a central Year 2000 project office for all of
McKesson, which I head. It is my full-time job; it is my only
job. It has been that way for 2 years and it will be that way
for the next 18 months at least.
And we did the right steps, as you have heard before. We
did the assessment. We inventoried our systems. We identified
our key business processes. We developed detailed project
plans, and then we sort of divided the Year 2000 project into
what I call manageable chunks of work. We now have over 30
active Year 2000 project teams at McKesson. The majority of our
systems have already been made compliant and we are in the
final stages of taking care of the remaining software and
hardware.
We intend to devote next year to intensive integrated
testing, and that testing will include customers and suppliers.
In addition, we have instituted a very rigorous project control
methodology at McKesson for Year 2000 with regular review
meetings with senior management that goes right up to the board
of directors. While we are pleased with the progress that
McKesson is making, we understand we are heavily interdependent
with other industries, industries such as telecommunications,
electric utilities, and transportation. We do need for them to
be ready as well so that we can get product to our customer.
However, we are developing contingency plans. We are
developing plans that will ensure that we can get product to
our customers in the event that there is a disruption in
business due to Year 2000. McKesson has been in business since
1833. During that time, we have faced numerous challenges in
getting product to our customer. Hurricane Georges is a recent
example of that situation for us. One of our distribution
centers was closed because of the hurricane. But we have in
place a backup system among our distribution centers. So we
were able to reroute those orders from that distribution center
to other distribution centers to get the product to our
customers. That is the sort of contingency planning we will
leverage as we go forward.
Year 2000 is a serious issue and it needs to be taken
seriously and McKesson does. We think we know what we need to
do. We have got the steps in place necessary to get it done and
to achieve what we consider our primary objective in all this
which really is no impact, no disruption to the customer. I
would like to thank again the committee for inviting McKesson
to participate in having discussions on this vital issue. Thank
you.
[The prepared statement of Mr. Mallonee can be found in the
appendix.]
Chairman Bennett. Thank you very much. Mr. Carbray, you get
to be the cleanup hitter.
STATEMENT OF RICHARD T. CARBRAY, Jr., GENERAL MANAGER, PELTON'S
PHARMACY AND HOME HEALTH CENTERS
Mr. Carbray. I would like to commend whoever put this
lineup together because as you can see you have got a
manufacturer down to wholesalers to the end product, the
dispensers of the medication. Good morning, Mr. Chairman. My
name is Rick Carbray and I am representing actually three
groups this morning. I am representing the American
Pharmaceutical Association as well as the Connecticut
Pharmacists Association and individually as a small business in
Connecticut of three pharmacies in the central part of
Connecticut.
And basically what I would like to talk about today is how
it affects us pharmacists at the local level. You have heard
some comments certainly from the manufacturers. McKesson is a
wholesaler for our company, a very fine wholesaler, and we have
done some due diligence with a lot of our companies to ask them
if they are ready for this problem, and McKesson has responded
very favorably. So we feel fairly confident and in talking to
Ms. West regarding her testimony and how this might affect us
and her as far as delivery of medications. I feel more
confident today now talking strictly to McKesson and to the
NDWA and to Merck that we do have in the pharmaceutical
industry many of these situations readily taken care of.
What I do see, though, as far as a problem for some of us
in the pharmacy industry is some of our systems where we in-
house have already worked to get this compliance done. There
are some systems, not necessarily related to the dispensing of
a prescription which is obviously our most important function,
those systems I can honestly say to you right now from our
vendors, they are saying that they will be compliant. We have
checked our pharmacy system as of last month and we were able
to fill a prescription dated February 1, 1999 with a refill
date of 2/1/00. So that prescription would have gone through
that computer so we feel confident there.
We also are very involved in the whole home health area and
obviously have concerns with those computers because now we
also are tracking besides record keeping for pharmacy patients
and medications and drug interactions, we are also tracking
medical equipment and trying to do inventory control and
billing. So we are looking to get compliance from those
computer vendors also. An interesting situation that has just
developed for us--it is more from a business standpoint, maybe
not quite as much from the pharmaceutical standpoint--is our
point of sale computer for our registers.
If we fill the prescriptions and we cannot collect for
those prescriptions, obviously we will not be in business very
long. Currently we have a vendor, a software vendor, who has
provided us with a point of sale system who is going out of
business, and it is interesting to note that they are going out
of business because of the Year 2000 problem. They have decided
that it is too cost prohibitive to address that problem as a
company for their customers and they are going to get out of
that part of the business. So we have roughly a $100,000 piece
of equipment that is going to be relegated to some hardware
very shortly.
We are in the process of working with other software
vendors to hopefully assure us that we can upgrade that system
to the tune of probably $40 to $50,000 in expense to become
compliant. So again the pressures of a small business trying to
stay viable and having to spend that kind of money.
In summary, again I feel fairly confident in the
pharmaceutical end. Our big brothers have come to the table and
I am very confident that we will continue to be able to deliver
the products. If I can just comment, Ms. West and I talked
about having medication available. A suggestion possibly to
avoid some of the over stockpiling on a huge basis which I
could see happening if a scare like this were to come out,
pharmacists have generally been able to take care of individual
clients with extra amounts of medication at our expense
inventorying those medications and keeping them on hand to
ensure that those patients that critically need lifesaving
medication can have them. So as a general rule, I do not think
we should go towards across-the-board overstocking or
oversupplying but try to focus on those critical areas and help
patients like Ms. West have that medication available. And with
this group here, I think you have a group that is committed to
doing that. Thank you.
[The prepared statement of Mr. Carbray can be found in the
appendix.]
Chairman Bennett. So if I understand what you are saying
about the overstocking, you are saying that at the pharmacy
level, you identify critical substances and have an adequate
supply of that instead of having to have each individual
patient have an unusual supply?
Mr. Carbray. Correct. We can identify groups of patients
through our system and whether it be an AIDS patient or be a
kidney transplant patient to make sure that we have plenty of
supply on hand for that particular group. If it happens to be a
kidney transplant patient as opposed to--and it can be specific
to a patient also certainly. You may only have one kidney
transplant patient that needs that medication so we would
ensure that that medication is in ample supply although to be
honest with you in most cases our wholesalers have an adequate
supply.
I think what we are trying to avoid is a scare that forces
the supply to change drastically and that people get an excess
supply who do not necessarily need that excess supply and I
think that could happen.
Chairman Bennett. Dr. Popper, do you want to comment on
this issue? I know pharmaceutical companies are concerned about
the stockpiling challenge. One of the reasons for this hearing
is to deal with what makes the most sense for consumers like
Ms. West.
Dr. Popper. Yes, I concur with the last comment that just
stockpiling out of almost a panic situation is likely to create
more harm than good, that it really distorts our ability to
distribute product. Our position at Merck, actually even
upstream of us, the companies that we get our raw materials
from, the supply chain is very well engineered today and it is
based on a certain expectation in terms of what supply is
necessary in the marketplace and that ripples all the way back
through the chain. If supply were to double or triple in the
short-term, that kind of disruption to the supply chain could
really, as I say, do more harm than good.
What I think we need to do is study the problem a little
more. As I mentioned in the testimony, the Vital Signs 2000
survey will give us some good data on where we may see
sensitivities in the supply chain and where we may see some
risk. And I think on more of a rifle shot approach, we can
understand where we want to take steps. So whether it is in
certain cases at the local pharmacy, in certain cases at the
distributors, in certain cases at our warehouses, we can make
sure that we have the situation covered, but rather than take
an across-the-board solution, which could be counterproductive,
I think we need to work from facts which we have to gather over
these next couple of months and then work out a plan that may
entail some government help to make sure that we can get the
cooperation together.
This now moves us perhaps away from the standard
marketplace forces and I do not know where that may lead quite
frankly. I just want to make sure that we do is based on a real
analysis of data as opposed to just fear and panic.
Chairman Bennett. One of the functions of this committee is
to see to it that accurate information about all aspects of Y2K
replaces some of the myths that are out there and the myths go
all the way from the article in Time magazine that was
headlined ``Apocalypse Not'' that basically said there is no
problem to the folks that are digging up their backyards and
putting in propane tanks because they assume they will not have
any power for 5 years. And the best way to deal with both of
those extremes of misinformation is hearings like this and
witnesses like you that can give us that detail.
Mr. Popper or Dr. Popper, Merck & Co. is probably about as
international as an American company is going to get, both in
terms of your supply chain coming in and your distribution
chain going out. I assume you sat here and listened to the
Gartner Group presentation. Do you have any reactions or
comments on Gartner's view of what is going to happen around
the world?
Dr. Popper. From a Merck perspective, we continually review
the risks on a worldwide basis. In fact, last week I spent 2
days with my senior staff devoted to yet another exhaustive
review of all of our Y2K programs including the business
continuity planning. And we have pushed down into each of the
geographies beyond the United States, Europe, Mideast, Africa,
Far East, Asia, and each of the countries is engaging in a
similar activity.
So we are looking at the supply chain within each country
and at our customer base in each country, the distribution
chains, and doing what we need to in terms of contingency
planning. So from a strictly health care perspective, we think
we are engaged in the right level of planning to deal with the
problem.
What I cannot really comment on is whether there will be
systematic failures in some countries of the infrastructure.
Our planning assumption is that the more advanced countries
that are more heavily computerized are typically further along
in the planning stage. I think Gartner had some countries that
I want to go back and double-check on because it sort of goes
counter to that assumption, and then some of the countries
where they are less developed there is actually less reliance
on that infrastructure and that I think mitigates the risk. So
that has been our approach to it and as I say, we will look at
their data very carefully and make sure that there are no
surprises there that we have to worry about.
Chairman Bennett. Well, let me put on my CEO hat that I
wore and say, all right, we are sitting in my corner office now
and we are 6 months away from New Year's Eve in 1999. I am
saying to you, OK, doctor, it looks like Country X--I will not
fill in the name here lest anybody get excited--is going to
have insoluble Y2K problems. You have been developing plans and
I assume that means we start buying whatever someplace else. Is
that, in fact, the kind of conversation you are going to have
with your CEO? If it is, do you have a list of someplace else?
Dr. Popper. On the supply side, we have that covered on a
worldwide basis. We have looked at every single supplier. We
have categorized them in terms of criticality of the supply,
uniqueness of the supply, and are dealing with that. Most of
our production is focused in a small number of countries. We
have 30 plants worldwide including I think about 8 in the
United States. So it is on the order of 20, 25 plants outside
of the United States and those are situated in places where we
are pretty confident that the infrastructure will survive and
we will not have any problem with that. So I think the bigger
risk in the smaller countries is on our ability to supply
downstream and the ability to distribute through the network
then.
Chairman Bennett. I see. You are concerned more about your
customer chain that your supply chain?
Dr. Popper. Exactly.
Chairman Bennett. Well, I am coming back to the theme that
I mentioned when I was talking to the small business group. The
more this unfolds, the more convinced I am that we are going to
see a flight to quality with corresponding dislocations on the
part of marginal producers, marginal companies, marginal
countries. Every one of these hearings teaches me something. I
have now sat through I do not know how many with the
combination in this committee and the subcommittee that I chair
on banking for financial services and technology. I guess we
are approaching 20 hearings total; are we not? 18. All right.
Well, in Washington-speak, that is 20. And I learn something
from each one.
Sometimes I am reassured by what I learn. There are some
things we have heard today that are quite reassuring. Sometimes
I am more frightened by what I learn and there are some things
we have learned today that are frightening. But I recently have
come to the conclusion that as a result of Y2K, we are going to
see significant shifts in where people go for materials, where
people go for markets, and it will produce some very
challenging social problems all over the world. Then those
countries and companies that survive and thrive as a result of
the long-range planning that they have done will be called upon
to provide aid and assistance in those parts of the world where
challenges exist. I think the social impact of this is beyond
anything we had previously thought it might be.
Closing Remarks
I would like to thank today's witnesses for their valuable
contribution to our growing understanding of Year 2000 issues.
Let me take just a moment before we close to quickly
summarize the committee's activities this session. In the 6
months of our existence, we have accomplished a great deal. The
committee has held nine hearings on critical infrastructure and
industry sectors including energy utilities, health care,
telecommunications, transportation, financial institutions,
general government, and today--general business. And against
impossible odds, we also managed a bi-partisan effort that
passed the Year 2000 Information Disclosure Act (S. 2392). In
addition, our CRASH protection legislation (S. 1518) forced the
SEC to require meaningful Y2K corporate disclosure to
shareholders. This disclosure will help maintain faith in our
markets, and ensure the availability of accurate Y2K
information from publicly traded companies.
Raising awareness, highlighting potential Y2K problems and
prompting action on Y2K have been of central concern to the
committee. We have maintained a bipartisan approach to the
committee's activities, and worked closely with the President's
Council on Year 2000 Conversion, as well as numerous industry
groups. All of us have a common goal--to minimize the impact of
this potentially devastating problem.
While awareness of the Year 2000 problem is growing, we
still have much work to do. Our research indicates that many
organizations critical to our safety and well being are not
fully engaged in solving the problem. For example, over 90
percent of the doctor's offices and 50 percent of the small and
medium sized businesses have yet to address the problem. Like
ostriches, they are burying their heads in the sand--unwilling
to believe that the problem is real, or content to think that
someone else will solve it. This complacency is very dangerous.
While larger firms have to some extent grasped how a Y2K
failure could severely impact their future, smaller firms seem
to be more focused on their immediate problems.
The findings of our committee do not just indicate a
division between small and large organizations. First, nearly
all affected industries and organizations started too late. As
a result, most organizations must exercise triage--focusing on
what is critical to sustain the life of the enterprise as
opposed to finding long-term solutions. Second, there are still
no overall assessments of infrastructure or industry sectors.
Consequently, we still cannot answer the fundamental questions
that everyone is asking--How bad will it be? Which systems are
most at risk? And, what should I do personally to be prepared?
Third, this is a global problem. That means that any business,
government agency, or other organization that has international
operations must pay attention to the affects of Y2K in other
countries. If the United States is the leader in addressing the
Y2K problem, and the situation is as gloomy as it is here, then
the prospects for the rest of the world are positively
frightening. Fourth, if it becomes increasingly evident next
year that we cannot finish the job, contingency planning will
become even more criticalessential. Finally, the fear of legal
liability, while it has stirred some to action, has discouraged
organizations from openly sharing information. As a result,
those trying to address the problem have found themselves
inventing their version of the wheel instead of collaborating
with their industry counterparts.
Just last Thursday the Congress passed the Year 2000
Information Disclosure Act. Having received the
administration's proposal with only 25 legislative days
remaining in this Congress, there were those that doubted our
ability to pass this bill. It was a pleasure to prove them
wrong! We are convinced that the Year 2000 Information
Disclosure Act will encourage the exchange of Y2K information
and, thus, give organizations invaluable access to information
that they would not otherwise have had. This information should
save companies precious time in their Y2K remediation efforts,
and greatly aid those companies who are grossly behind on their
Y2K planning.
While we are out of session and back in our home States, we
will continue to work closely with our staff investigating
potential Year 2000 problems, pushing for assessments of our
critical infrastructures and researching the implications of
international Y2K failures. I look with guarded optimism toward
1999. We all must be relentless in our pursuit of the Y2K bug.
We end this congressional session hoping for the best, but
preparing for the worst.
Thank you all very much. Again, I apologize for the
somewhat disjointed fashion of this particular hearing, but it
has been very useful and I am particularly grateful to those of
you who are willing to come forward and share your information.
The committee is adjourned.
[Whereupon, at 12:38 p.m., the committee adjourned.]
A P P E N D I X
------
ALPHABETICAL LISTING AND MATERIAL SUBMITTED
______
Prepared Statement of Chairman Robert F. Bennett
Today marks the Committee's ninth and final hearing this year. In
all of our hearings we have strived to increase awareness, disseminate
reliable preparedness information, and help facilitate solutions. This
Committee has spent the last 6 months trying to raise public awareness
of this oncoming challenge. Despite our best efforts, recent polls tell
us that only 30 percent of our fellow Americans have heard about the
year 2000 problem. Only 450 days stand between us and the new century.
Our work--the work of everyone participating in this hearing today--
becomes more urgent with each passing day.
General business--the subject of today's hearing--is a term that
encompasses the spectrum of American commerce ranging from over 5
million small firms at one end of the spectrum to global corporations
at the other end. All of these companies face Year 2000 challenges--
from the PC's and networks automating their offices to their dependence
on credit card transactions, just-in-time inventory supply systems,
Electronic Data Interchange (EDI) transactions, and other technologies.
One of today's witnesses warns that over 700,000 small firms are at
risk of either closing their doors or being severely crippled by Y2K
problems.
Global corporations face complex problems because of their
dependence on thousands of suppliers, distributors, and customers, both
domestically and internationally. They must be concerned not only about
the Y2K readiness of these business partners, but the infrastructure of
the countries where they reside. Today, the Gartner Group is releasing
some alarming new research data which shows that 66 percent of the
companies in critical industries such as healthcare and food processing
will likely experience at least one mission critical systems failure.
In addition, 50 percent of the companies in critical trading partner
countries such as Germany, Japan, Saudi Arabia, and Venezuela will
experience similar failures. If these predictions are correct, Y2K
could deliver a devastating blow to an already troubled global economy.
I would like to relay an example that shows how even the smallest
of businesses are completely reliant on technology, and, thus, highly
susceptible to Y2K risks. Recently, an acquaintance cracked his car
windshield. He replaced it by calling his insurance company whose
national computer directory located a local glass installer for him.
This two-employee business received an electronic purchase order from
the insurance company authorizing the replacement of the windshield.
The glass installer in turn compared the year and model number of the
car to his database in order to place the appropriate EDI purchase with
a large supplier of windshields. When the windshield was installed on
site at my friend's home, less than 24 hours later, my friend marveled
at the efficiency of the process. The small businessman replied that
his company, like most others is striving to improve service and reduce
costs.
For exactly that reason, small businesses, like the one in this
example, depend heavily on EDI to eliminate paperwork and reduce
transaction time. Electronic purchase orders, inventory control and
payments processing are greatly facilitated by EDI. This story also
highlights the critical role that just-in-time inventories play in many
small businesses. Unlike their large, corporate counterparts, small
businesses cannot afford to store and maintain the thousands of non-
standard parts and supplies. While EDI makes just-in-time inventories
possible, the use of this and other technologies heightens our concern
about the impact of Y2K, and, thus, the viability of America's
businesses. One recent study estimates that over 600,000 firms are at
risk of either close their doors or be severely crippled by Y2K
problems.
This micro example of modern commerce demonstrates not only the
central role that technology plays in today's commercial world, but
also the mutual dependency of large and small businesses. To small
businesses, we offer this caution from the editor of CIO magazine, a
witness at our recent Telecommunications hearing. He stated, ``Large
companies are starting to perform Y2K triage work with their partners
connected in massive EDI or other telecommunications networks where
they are abandoning entirely those companies not essential to their
critical business processes that may not be Y2K compliant.'' This is a
real and present danger that small firms must address. When the first
EDI transaction is placed on January 3rd of the year 2000 the small
business on the receiving end may only have one opportunity to respond.
If it fails to do so, the competitive environment will quickly force
that small firm out of business.
As we examine each industry in detail we are discovering that
inter-connectivity among businesses is one of the most difficult Y2K
issues to address. You can be ready for the Year 2000, but your key
business partners may not. In addition, any break in the electronic
link between you and your partners both here or abroad could be equally
disruptive. Companies must assess these issues and find alternative
partners if they are to remain viable after the Year 2000.
The frustration that Vice Chairman Dodd and I share along with the
other members of this Special Committee, is that many of those who are
dragging their feet on the Y2K issue defend their lack of activity on
the perception that we lack adequate information to justify serious
action. Perhaps 6 months ago we were flying blindly into the year 2000,
but thanks to the many publicly-spirited Americans who have testified
before this Committee, patterns are emerging. We do not need absolute,
100 percent certain evidence for us to recognize that we have a serious
Y2K problem any more than a citizen of Key West or Mobile needed the
National Weather Service to tell them that they were in the middle of a
hurricane. The Weather Service did, however, provide an absolutely
invaluable function by warning of the oncoming danger. Like the Weather
Service, this Committee cannot provide an absolute prediction of the
future. We cannot know what will happen on January 1, 2000. We can,
however, provide a real and useful warning for individuals and
industries, and that, after all, is one of the most important aspects
of our work.
Our hearing today is intended to be a catch-all for general
business Y2K issues--from small businesses to global corporations. We
have a panel to represent small business concerns, and a pharmaceutical
industry panel to represent articulate the Y2K problems facing global
corporations. We welcome today's witnesses and thank them in advance
for their contribution to this extremely important issue.
__________
Prepared Statement of Richard T. Carbray, Jr.
Good morning. Mr. Chairman and Members of the Committee, thank you
for the opportunity to present the views of pharmacist caregivers
across the country on the impact of the ``Year Two Thousand'' (Y2K)
problem on the pharmacy profession and the patients we serve. I am
Richard Carbray, a pharmacist, and I am speaking today on behalf of the
American Pharmaceutical Association (APhA), the national professional
society of pharmacists, and the Connecticut Pharmacists Association.
This topic is important to me and my profession for one central reason:
perhaps more than any other part of the health care industry, pharmacy
is the most reliant on computers for nearly every component of day-to-
day activity.
Pharmacists rely on computer technology to maintain patient drug
therapy records, identify potential drug interactions, and provide
clinical information about medication use. Computers are used to print
out relevant patient information about prescription medications at the
time of dispensing in community pharmacies, used to track drug therapy
within the hospital and long-term care facility, and to submit claims
for third party payment. Nearly every one of the more than two billion
prescriptions dispensed in the United States is prepared with the
assistance and support of a computer. Pharmacists will directly feel
the impact of any failure in these systems due to the Y2K problem. The
issue this Committee addresses today will have some relevance for
nearly every one of the 118,000 pharmacies located in communities,
hospitals, and home health clinics in the United States, including more
than 40,000 retail pharmacies.
use of computers in pharmacies
Pharmacy is likely the most computerized segment of the health care
industry, with an estimated 99 percent of prescriptions dispensed using
computers. Let me quantify this for you: in 1995, prescriptions filled
in retail, long term care and mail service pharmacies totaled more than
2.3 billion. This does not include prescription medications dispensed
in hospitals and other settings. With advancements in medication
therapy and increasing reliance on these agents, these numbers will
only increase and increase the use of computers in these settings. Most
pharmacies use computers for virtually every aspect of day-to-day
operation. For example, in any given pharmacy there may be different
systems to track sales and inventory and maintain patient profiles,
check for drug interactions, track prescription refills and maintain
patient records.
In addition to this use within the pharmacy, on-line, real-time
transmission of claims for third-party coverage of prescription drugs
is a normal component of pharmacy practice. The claim for third party
coverage of the prescription is transmitted to a claims processor, such
as a State Medicaid agency, for on-line, real-time review of the
prescription to confirm eligibility of the patient for coverage and
conduct some drug utilization review activities. In 1996, more than one
billion prescription claims were processed in this manner, supported by
the industry telecommunication standard as developed by the National
Council for Prescription Drug Programs.
challenges with year 2000 compliance
Like many other health professions, pharmacists rely on outside
software vendors to develop and maintain the various operating systems
used by the pharmacy. Many vendors have indicated that their products
are Year 2000 compliant, but what assurance does the pharmacist have?
This uncertainty, likely typical of many approaching this daunting
problem, places the pharmacist in a somewhat vulnerable position--he or
she must trust that the software is compliant, but will not know for
sure until the first prescription is entered that could trigger a
problem. An error in the in-store system or in the third-party
processing system will likely stop progress on preparing that patient's
medication, and likely cause delays for other patients. At a minimum,
concern about these problems and dealing with them as they arise will
distract these health care professionals from their core function--
working with patients to make the best use of their medications--to
focus on challenges with the systems designed to support that practice.
The problems for pharmacy will not wait for January 1, 2000,
either. Many pharmacists will confirm or discover their challenges with
Y2K compliance in early January of 1999. Let me explain. Most
prescriptions for chronic medications, like a drug to control high
cholesterol or blood pressure, are valid for one year. In entering a
new prescription into the pharmacy operating system, an expiration date
for the prescription is also entered. When Mrs. Smith brings in her
prescriptions on Saturday January 2, 1999, I will know pretty quickly
if the system is compliant. If it is not, the expiration date of
January 2, 2000, will cause an error and reject the prescription.
This is not, however, the first time the profession of pharmacy has
faced date-related challenges. In the early stages of computerization
end expansion of clinical systems to support pharmacy practice, the
inclusion of patient birth dates provided necessary information to
confirm patient identity and focus clinical information provided to the
pharmacist. Communicating the birth date of patients born in the late
1800's created a preview of the expiration date problem we expect.
Obviously, a birth year reflected by ``87'' and interpreted as a birth
year of 1987 will yield different clinical recommendations than the
more accurate birth year: 1887. This problem was addressed at that time
for the birth year, and we hope all Y2K problems will also be
addressed. Pharmacists may have varying comfort levels that the systems
have dealt with the problem before, but are concerned about the impact
on other data fields, such as the expiration date.
external computer systems
Beyond the operating systems within a pharmacy, pharmacists must
also rely on the compliance efforts of a number of systems involved in
processing claims and third party payments. To secure third party
payment for prescription medications, the information is transmitted
from the pharmacy system to the system of the third party payer--often
through a ``switch'' to direct the information. Some of this
information stays within the originating state, for processing by the
State Medicaid program, for example, but other information may pass
through a company located in a city hundreds of miles away, and then
onto its final destination in yet another system located in yet another
state. The claim is then processed at the remote location--verifying
patient eligibility, coverage for the specific product, and some
utilization review procedures conducted. Approval for payment and/or
relevant clinical or administrative information is then transmitted
back to the pharmacy.
This process occurs on-line, in real-time at the pharmacy--
literally while the patient is waiting for their prescription. Any
glitches in the system from the third party processors or the switch
company will create problems in my pharmacy--and delays for my
patients. Again, this diverts my attention from clinical activities and
patient education to trying to release the prescription and verify
coverage and payment. I communicate with a number of third party
processors every day, and must rely on those companies to ensure Y2K
compliance.
In this overview, I have not even begun to address the additional
challenges created in other areas of my pharmacy outside of the
prescription dispensing area. Similar to other small businesses, I must
also be concerned about challenges with credit card processing,
inventory control systems, and the myriad of other computers with which
I work every day.
conclusion
The impact of Year 2000 compliance will be felt in many areas of
pharmacy practice--the retail side with the cash registers and
inventory programs, in the home health care and durable medical
equipment area, and for prescription processing and record-keeping.
Beyond the challenges in one's own pharmacy, there is interaction with
other computers constantly--and pharmacists must trust that those
systems will be compliant.
Pharmacy will experience the impact of glitches in Year 2000
compliance sooner than other health care providers, with January 1 of
1999 the first date for potential problems. We are working to alert
pharmacists to check on the compliance of their systems--and take
action to avoid problems. Thank you for conducting this hearing, and
for listening to the concerns of the nation's pharmacists.
______
Responses of Richard T. Carbray, Jr. to Questions Submitted by
Chairman Bennett
Question 1. The monitoring of expiration dates is an important
safety control in the pharmaceutical business. What are the Y2K
vulnerabilities of your business in the area of inventory control?
Answer. The absence or delay in providing expiration dates on drug
products would certainly affect inventory levels in that drug products
with slower movement would require additional re-order processing to
ensure full potency. Although this would not necessarily require more
amounts of drug product in stock at one time, the frequency of ordering
would certainly increase.
Question 2. Drug interaction information and patient drug
sensitivity information are an important part of pharmaceutical
records. What is the potential impact of Y2K in this area?
Answer. If the clinical information regarding patient drug therapy
is restricted or unavailable, there will be significant impact on the
pharmacists' ability to not only dispense medication, but also to
consult with patients as to the proper use of that medication,
particularly if potential drug interactions exist. If these systems are
not in place it would be virtually impossible to provide drug products
to a patient in a timely and precise manner. The checks and balances of
the information available in the data base is critical to proper
medication dispensing.
Question 3. What are the electronic data interchanges do you rely
on for the receipt and transmittal of information in your business?
What vulnerabilities do you see in this area?
Answer. Currently almost 65-70 percent of all prescriptions
dispensed are covered under some form of insurance company (private,
Medicare, Medicaid, HMO). Since 99 percent of the prescriptions filled
are done through computer, pharmacies must rely on third party claims
processors for on-line, real-time review of the prescriptions filled.
In 1996 over 1 billion prescriptions were processed in this manner,
supported by telecommunications systems. the vulnerability is that the
pharmacist must trust that these vendors have complied with the Y2K
requirements. The result of non-compliance leaves the pharmacist with
no adjudication of the claim and the patient without the medication.
Question 4. As a customer, what are your main concerns regarding
the Y2K readiness of pharmaceutical manufacturers?
Answer. The overall concern would be that manufacturers would not
be able to supply pharmacies with the needed drug product for our
patients. A huge potential for stockpiling by larger chains and mass
merchandisers could cause a supply shortage and impact the ability of
smaller pharmacies to get the needed products for their patients.
Question 5. What is your reliance on foreign produced
pharmaceutical products? How does this reliance factor into your risk
assessment related to your Y2K exposure?
Answer. Currently our company has a very small volume of foreign
produced pharmaceutical products. However, there are some manufacturers
who have foreign subsidiaries which could affect some product flow if a
problem arose. Although we have some concern we will rely heavily on
the U.S. manufacturers to ensure that product is available.
Question 6. We've heard earlier today that one effective way of
reaching small businesses is through their trade associations. The web
page for the American Pharmaceutical Association (APhA) states that
APhA represents 50,000 pharmacists, pharmaceutical scientists, etc.
However, we could not find any reference on this web site to Y2K or
Millennium Bug. What can Congress or the government do to increase Y2K
awareness and encourage greater outreach on the part of trade
associations?
Answer. I think that trade associations are an excellent way of
disseminating information regarding issues like the Y2K problem. I have
received information from APhA on this issue and feel that they have
been diligent in notifying members of this situation. Congress should
continue to contact trade associations for their input on these issues.
The associations in turn will filter down the information to its
constituents. Requests from Congress to associations for individuals to
present testimony certainly is valuable. The lines of communication
must flow in both directions to be sure.
__________
Prepared Statement of Senator Susan M. Collins
I wanted to first thank you Mr. Chairman for your continued
leadership on this critical issue facing our nation. Over the past four
months, this Committee has examined vital areas of our country's
technology infrastructure.
We started in June with our utilities hearing, and since that time
the Committee has focused on telecommunications, banking/finance,
transportation, and emergency preparedness. But of all the hearings we
have held, today's hearing, with its focus on Y2K's impact on business,
and especially small business, might be our most important.
Our nation's 23 million small businesses create two out of every
three new jobs, represent over 99 percent of all employers, and are
responsible for more than half of the nation's technological
innovation. In my home State of Maine, they are the backbone of our
economy.
While we have received assurances of other industry sectors'
preparedness for Y2K, there is great concern about small business. Many
small businesses are having difficulty in determining how they will be
affected by Y2K and what they should do about it. Many of them face not
only technological but also financial challenges in becoming Y2K-
compliant. Most of all, they need practical information about what to
do.
The good news is that information resources are available for small
businesses to assist them in figuring out what to do. In fact, I wanted
to welcome two people who know how to help small businesses and are
working every day to tackle the Y2K problem. First of all, I wanted to
welcome Fred Hochberg, Deputy Administrator of the Small Business
Administration, an organization I am very familiar with having served
as its New England Administrator during the Bush Administration.
Mr. Hochberg joined Senator Snowe in Maine in August rolling out
his agency's ``Are You Y2K OK?'' program, encouraging the small
businesses in my State to identify potential Y2K problems, take action
on them, and stay informed about new developments. This is an excellent
outreach program, and I commend the SBA for its leadership role on Y2K.
I also wanted to welcome Rod Rodrigue from Maine. I had the
opportunity to meet with Rod last month in my of floe and was impressed
by the tremendous amount of knowledge and energy he brings to this
issue. Thanks to his leadership, the Maine Manufacturing Extension
Partnership has taken the initiative in reaching out to small
businesses to help them cope with the Y2K challenge.
The Maine MEP uses a diagnostic software tool to assist businesses
in identifying specific Y2K problem areas and then provides a road map
for businesses to find further information in their Y2K remediation
process, including links to SBA loans if necessary. Congress should
take a very close look at this model program funded through the
National Institute of Standards and Technology and the Department of
Commerce.
Mr. Chairman, by their very definition, entrepreneurs are risk
managers. In the years that I have been working with small businesses,
I am aware of countless experiences where the entrepreneurial spirit
has propelled business owners to overcome major obstacles to succeed.
While we will hear about reasons for concern about small businesses
and Y2K in today's hearing, we should not lose sight of their ability
to adapt. Coupled with tools and resources from organizations like the
SBA and Maine MEP, it is my expectation that small businesses will
succeed in solving their Y2K problem. I look forward to learning more
from today's witnesses about how the federal government can assist in
achieving this goal.
__________
Prepared Statement of William J. Dennis, Jr.
Thank you, Mr. Chairman, for the opportunity to present evidence on
the preparedness of small business owners for the Y2K problem. The bulk
of my testimony consists of the attached report. It outlines and
quantifies the status of small business owner preparedness as of late
April. These data will be updated later this month meaning that new
numbers will be available around the first of December, perhaps sooner.
My judgement is that the late October/early November update will be
more encouraging than last spring's baseline. A year and one-half,
i.e., the time between the baseline survey and January 1, 2000, can be
an eternity to a small business owner. Immediate problems are usually
those tackled first. As we near the critical date, I anticipate Y2K
will begin to move up the priority scale. However, this is speculation
based on experience rather than the statistical evidence NFIB will soon
be collecting again.
The critical finding from the April survey is that just over 80
percent of small employers in the United States are exposed to a
possible Y2K problem through their computers. A non-mutually exclusive
35 percent believe that they have devices with embedded chips. Despite
this extensive exposure, a majority of small business owners plan no
action.
Think of the small employer population as divided into fifths. One-
fifth has taken action or is in the processing of taking action on Y2K.
One-fifth plans to take action prior to January 1, 2000, but has not
yet done so. Two-fifths have not taken action and do not plan to do so.
And, the final fifth has not heard of Y2K.
At one extreme are the one in five small employers who do not need
to take direct action. No equipment in their businesses exposes them.
Their concern rests with others, e.g., their suppliers, their financial
institutions, their utilities, etc. Joining them are another one in
five who are in the process of resolving any problems they may have.
The result is that about 40 percent of the population now appears to be
clear of direct problems.
Should nothing change, approximately 330,000 businesses will
inhabit the other extreme. They will have to shut down for all intents
and purposes on January 1, 2000, and stay closed until their Y2K
problem is fixed. These firms are exposed, would suffer an 85 percent
or more loss of production or sales should their computers malfunction,
and whose owners in April planned no action. The severity of the
individual impact will depend the speed and the cost of rectifying the
problems, and/or the costs of alternative production or sales systems.
Small employers in this situation must understand, however, that the
supply of people who can correct Y2K problems are limited and that on
January 1, 2000, the demand for their services (and their fees) will be
great leaving these business owners at the end of the line. I must
emphasize that this is a worst case scenario. It means that serious
malfunctions occur in all of the firms possessing the characteristics
outlined above. That almost assuredly will not happen, but it clearly
suggests the potential impacts are not trivial.
A majority of small businesses fall in the middle. They may be
impacted and if they are, some damage will ensue. But, the damage will
not cripple the operation. Still, this group, too, will require people
who can solve Y2K problems. And, they too will have to wait in line and
pay dearly to get them.
Aside from liability and an assumption that the credit markets
don't suddenly ``go into the tank,'' the Federal government's role
toward small business should principally be one of the village nag.
Washington should use its pulpit and encourage others to do so as well.
Let me point out that the SBA's Office of Advocacy sponsored research
(How Small Businesses Learn) in 1994 that outlines the most effective
means for government to communicate with small business owners. I can
find no evidence that anyone outside Advocacy and a handful of others
have ever read the report. But it offers useful insights useful for the
present situation.
``How Small Businesses Learn'' documents that government isn't
particularly credible with small business owners nor are it
communications. However, industry-specific trade associations are and
their literature is read. Moreover, industry-specific trade
associations have some knowledge of the specific equipment used by
businesses in the industry. Many of these groups can, therefore,
identify and offer suggestions on embedded chip problems that those
outside the industry almost certainly cannot. Suppliers and business
associates are another source of credible information. Larger firms and
financial institution are now often asking their customers about Y2K
``compliance.'' The certain effect of these actions by business
associates is to make small business owners increasingly aware of the
problem and the seriousness with which their peers people take the
problem.
The upshot is that government might do well to focus its pulpit
activities on leaders of trade groups and larger businesses with large
supplier networks. They reach deeply into the small business community
are have notable credibility. While they do not reach everyone
directly, they do reach a critical mass.
I would be remiss in failing to explicitly mention the contribution
of the Wells Fargo Bank in the Y2K activities outlined. Wells Fargo has
underwritten NFIB's small business Y2K surveys and has prepared a Y2K
booklet for small business owners. Copies of the booklet are available
for the committee and staff.
______
Small Business and the Y2K Problem
[William J. Dennis, Jr., NFIB Education Foundation, May 26, 1998]
Key Words:
--Automated Processes
--Computers
--Liability
--Microchips
--Size of Business
--Small Business
--Small Employer
--Timing/Dating Mechanism
--Urban/Rural
--Y2K (Year 2000) Problem
The Wells Fargo Bank sponsored the research on which this report is
based.
1. introduction
More than eight of 10 (82 percent) small businesses face direct
exposure to a Year 2000 (Y2K) problem. Eighty-one (81 percent) of their
owners say that they are aware of it. However, fewer than one in four
(23 percent) consider Y2K a serious problem. This gap between exposure
and perceived problem severity is not necessarily inconsistent. A
timely, measured response to a looming problem is the optimal method of
resolving difficulties. Yet, just 41 percent have taken action or plan
to take action to address the potential Y2K problem. The resulting
interval between exposure and plans to address the potential problem
has adverse implications for small business owners. If the experts are
correct about the consequences of Y2K and small business owners are not
prepared, many could face significant repercussions that, at a minimum,
will make their business lives uncomfortable.
2. most small businesses exposed to y2k
The Y2K problem is located in computers--hardware and software,
timing/dating mechanisms, and various types of automated equipment. Not
every computer in operation nor every piece of software, nor every
timing/dating mechanism will yield a Y2K problem. However, it is not
always possible to easily determine which devices contain the problem
and which don't. The small business population that will be (or would
be) impacted--in contrast to the potentially impacted or exposed
population--is not obvious.
The same is true for the organizations with which a small business
transacts its affairs. These business partners may be large or small,
profit or non-profit, public or private. But since these entities face
the same Y2K problem, and since it takes at least two to conduct a
business transaction, the effect of Y2K on any individual business is a
function of the individual business's problem as well as the problems
of its partners.
2.1 Direct impacts
Eighty-two (82) percent of small business owners \1\ are exposed
directly to the Y2K problem. Exhibit 1 presents the sources of
exposure. It includes the percent of small business owners who use at
least one computer in their businesses (78 percent), the percent using
other equipment or devices that might be impacted (34 percent), and the
percentage selling, leasing, or installing equipment that could be
affected (11 percent). These categories are not mutually exclusive.
Exposure overlaps in many organizations. The ``Not Exposed'' category
on Exhibit 1 quantifies the percentage of firms which appear to have no
direct exposure. This 18 percent of firms possess none of the suspect
equipment nor do they sell/lease/install any of it.
---------------------------------------------------------------------------
\1\ The survey covers only those who employ other people. It does
not include self-employed individuals who employ no others. The Y2K
problem of the six million full-time self-employed without employees
probably resembles that of the smallest employers, and is in addition
to it.
---------------------------------------------------------------------------
The large majority of small employers, an estimated 4\3/4\ million,
are exposed to the Y2K problem. Computers are the primary reason.
Virtually every firm facing Y2K has an exposure through its computers.
Other devices and equipment increase the total exposed by only four
percentage points.\2\ The final exposure category comes in those firms
which sell devices and products that may contain the Y2K problem. These
firms appear liable for their products and services, not just for
replacement or repair, but for the damage a malfunctioning product
might cause. Virtually all the firms in this category fall in at least
one of the other two categories as well.
---------------------------------------------------------------------------
\2\ The other equipment and devices category presents definitional
problems for those de signing the questionnaire as well as for
respondents, and therefore is the response most likely to contain bias
(though in which direction we do not know). The difficulty probably has
little impact on the estimate of total firms exposed since computers
make most firms exposed in any event. The difficulty arises in
quantifying the nature of exposure.
---------------------------------------------------------------------------
exhibit 1.--percent of small businesses with direct y2k exposure by
source of exposure
[GRAPHIC] [TIFF OMITTED] T7OC98G.001
Larger small firms are those most likely to be exposed. Businesses
employing 25 or more people use computers almost universally. They are
also more likely to possess other timing/dating devices (46 percent)
and to sell, lease or install products with potential exposure (19
percent). Small business owners employing 1-4 people lie at the other
extreme. Only 70 percent of this group use computers in their
businesses, and their potential exposure in other ways is
proportionately less as well. Still, 2\1/4\ million of these small
employers face a potential impact. The same phenomenon appears when
substituting annual gross sales as the measure of size (Exhibit 2).
About \2/3\'s of those grossing less than $250,000 are exposed. Once
revenues reach $500,000, everyone is exposed for all intents and
purposes.
Exposed small businesses are also more likely to be located in
metropolitan areas than in rural areas (Exhibit 2). Just, eight percent
of firms in metropolitan areas (defined as city and surrounding suburbs
with 500,000 or more) are without computers in their businesses
compared to 37 percent in rural areas (defined as community of less
than 5,000 or a rural area). The survey contains four geographic size
measures. The frequency of computer use grows in every category as the
resident population becomes larger.
Other demographic characteristics of the business and/or the owner
show no relationship to the Y2K problem.
EXHIBIT 2.--EXPOSED SMALL BUSINESSES BY ANNUAL GROSS SALES AND URBAN/RURAL DESIGNATION
----------------------------------------------------------------------------------------------------------------
Exposed to Exposed to
Annual gross sales Y2K Urban/Rural Y2K
(percent) (percent)
----------------------------------------------------------------------------------------------------------------
<$250,000..................................... 67 Metropolitan
$250,000-$499,999............................. 87 (500,000+).......................... 92
$500,000-$999,999............................. 96 Large city (50,000-
500,000)............................ 86
$1,000,000-$1,999,999......................... 95 Small city (5,000-
$2,000,000+................................... 100 49,999)........................... 76
No Answer..................................... 96 Rural (<5,000)........................ 67
No answer............................. 100
All Businesses................................ 82 All businesses........................ 82
----------------------------------------------------------------------------------------------------------------
2.1.1 Size of the direct impact
Exposure to a Y2K problem does not necessarily translate into
serious problems. A piece of equipment lost for a day or two may be
more of an inconvenience than a serious liability. Exposed small
business owners on average estimate that one-quarter (24 percent) of
their sales or production would be lost for the period that affected
equipment or devices did not operate. That impact estimate is
consistent across size and geographic area, with the production
industries, i.e., construction and manufacturing, impacted marginally
less than services. An affected business, grossing $750,000 annually,
could expect to lose $3600 or 0.5 percent of sales directly if a Y2K
problem took one week to resolve. Indirect losses, such as good-will,
are more difficult to calculate, but would add to the total.
The impact estimates diverge wildly among firms. Seven percent
would have to virtually shut down if, as forecast, these small business
owners experience impacts at 91 to 100 percent of sales or production.
Another eight percent gauge impacts between 71 and 90 percent. Those
figures translate into over 330,000 businesses shut down and a slightly
larger number crippled. But 330,000 is the worst case and assumes that
everyone exposed is impacted. Everyone exposed will not be impacted as
many in the group will take preventive measures and others will prove
to have non-affected equipment. Yet, only one-quarter of the group who
believe that their sales or production would be down by 71 percent or
more if their systems malfunction have taken action though another 40
percent plan it. These latter figures are based on a very small n
(n=52) and therefore must be used with considerable caution. But the
numbers do suggest that far from all who attach significant dependence
to their computer and automated systems are convinced that Y2K is worth
addressing.
Forty (40) percent of the directly exposed owners estimate their
sales or production would be impacted by less than one percent. This
group will bear any impact of Y2K through the cost side only, at least
initially. Handwork will substitute for computers or other automated
processes. For example, payroll checks may have to be individually
handwritten rather than produced automatically. Such substitution will
add to costs. (The survey captured no data on the size of these costs,
though they obviously could range substantially.) Added costs at some
point must be passed on in the form of higher prices. Higher prices
make affected businesses less competitive which can subsequently impact
sales or production.
The unknown variable is the length of time impacted businesses will
``be down.'' Affected devices will malfunction 9/9/99 or 1/1/00.
Unfortunately, everyone's Y2K problem will occur at the same time. A
limited number of people will be capable of detecting and fixing the
conditions, at least the more serious ones. Demand for these experts
will exceed supply. Their fees will rise sharply. Even then these
experts may not be available for some time. The alternative is to have
the owner or an employee do the work. The success of this latter
strategy will vary enormously.
The more businesses impacted by the Y2K problem, the greater the
number of small business owners who will face ``down-time.'' Small
business owners, therefore, have an interest in having as many
businesses as possible resolve their Y2K problems early.
2.1.2 Types of activities affected
Several business functions could be adversely affected by a Y2K
malfunction. For example, 21 percent of small business owners report
that their business is ``very dependent'' on automated processes.
Another 27 percent say they are ``somewhat dependent'' on them. Many of
these processes require timing/dating devices or computers. Automated
processes are now spread throughout the economy and their
malfunctioning would have wide repercussions. These processes are
commonly associated with the manufacturing industry. The survey sample
included too few manufacturers to report separately. However, the
production industry of which manufacturing is an important component
was the industry least likely to be dependent on automated processes.
Both the distribution and service industries appear more dependent on
them.
Malfunctioning computers also could severely impact small
businesses. Exhibit 3 presents the frequency with which small business
owners use computers for selected functions. The striking point of
Exhibit 3 is the dependence on computers to perform multiple functions
within the firm. In fact, small businesses with computers use them to
perform an average of 5\1/2\ functions. Administration, record-keeping,
and word processing is the most common application; operating machinery
or equipment is the least.
EXHIBIT 3.--USE OF COMPUTERS FOR SELECTED BUSINESS FUNCTIONS AS A
PERCENT OF SMALL EMPLOYERS WHO OWN COMPUTERS AND ALL SMALL EMPLOYERS
------------------------------------------------------------------------
All small
Function Computer Owners employers
(percent) (percent)
------------------------------------------------------------------------
Billing/Accounts Receivable..... 74 57
Inventory Control............... 41 32
Accounting/Gen. Ledger.......... 76 59
Payroll......................... 45 35
Admin/Record-Keeping/Word 84 65
Processing.....................
E-Mail/Internet Access.......... 61 47
Customer--Prospect Lists/Sales 70 54
Tracking.......................
Design/Product Development...... 28 22
Operating Machinery/Equip....... 20 15
Check Reconciliation............ 51 40
------------------------------------------------------------------------
Software makes a computer run. It is generally believed that
standard, off-the-shelf software packages are more likely to be free of
Y2K problems than is custom software. A potentially important
consideration and area for small employers to investigate then, is the
kind of software they are using. Almost two of five owners who employ
computers (39 percent) claim that at least half of their software is
custom; 55 percent say that they use at least some custom products.
Just 38 percent report that they use off-the-shelf software
exclusively. The significant use of custom software in the mix
magnifies small business exposure.
It is highly likely that more problems are buried in older
software. In this sense, small business owners are in good position.
Eighty-one (81) percent have updated their most critical software in
the last two years. Only a handful have not updated in more than five.
Owners of larger, small firms are more likely to have modernized than
are the others.
2.2 Indirect Impacts
It takes two separate entities to make a business deal. Even if a
small business does not have a Y2K problem, the other partner in the
transaction may. The partner's problem may, therefore, force
interruption or cancellation of a deal. Exhibit 4 examines some of
these linkages and their subsequent problems. It shows that 75 percent
of those with a computer (59 percent of small business owners) deal
electronically with important business partners. Fifty-four (54)
percent of small business owners with a computer (42 percent of the
small business population) interact electronically with their
suppliers. Eighteen (18) percent interact with them a lot. Thirty-five
(35) percent of those using a computer electronically interact with
their primary financial institution. Fourteen (14) percent interact a
lot. Finally, 49 percent of small business owners with a computer
interact electronically with their customers. Seventeen (17) percent do
so frequently. Each of these are points of exposure to the Y2K problem
could doom a potential transaction.
exhibit 4.--percent of small businesses with indirect y2k exposure by
source of indirect exposure
[GRAPHIC] [TIFF OMITTED] T7OC98G.002
The indirect exposure to Y2K problems is broader than the numbers
presented here. Survey figures only include fully electronic
transactions. A number of business transactions occur which are
electronic on one end but not on the other. An example might involve a
small business owner placing a telephone order and the distributor
processing it electronically. The primary implication is that the 75
percent noted earlier does not represent the full scope of indirect
exposure of small business owners to Y2K. It must be amplified by
partially electronic transactions which affect small business owners
beyond those directly exposed and include practically everyone.
3. awareness of the y2k problem
Most small business owners claim to be aware of the Y2K problem.
Fifty-three (53) percent say that they are ``very aware'' of it and
another 28 percent say they are ``somewhat aware.'' Just 8 percent are
``not very aware'' and 10 percent are ``not at all aware.'' That means
more than one million employers have limited or no awareness of Y2K.
One hopes that those most at risk (and with the capacity to take
corrective action) are the same people who are most aware of the
problem. The correlation between the two proves high, but not perfect.
Eighty-six (86) percent of small business owners exposed directly are
aware of Y2K, 59 percent are ``very aware.'' Just 56 percent of those
not exposed to direct risk are equally well aware. Thus, even if
everyone is not aware, at least the overwhelming majority of the most
vulnerable appear to be.
Though considerable awareness of the Y2K problem exists among small
business owners, comparatively few of those aware believe the problem
is serious for their business. Just six percent of those aware term Y2K
a ``very serious'' problem and 23 percent of those aware call it
``somewhat serious.'' Most see Y2K as a rather minor affair with modest
or non-existent consequences. One respondent used the phrase, ``blown
out of proportion.'' In fact, 70 percent of aware small business owners
term Y2K either ``not very serious'' or ``not at all serious.''
Incorporating those not aware of Y2K, the number of small employers who
believe the looming problem is negligible or non-existent approximates
77 percent of the small employer population or about 4\1/2\ million
business.
Awareness of the Y2K problem does not necessarily translate into
alarm or even concern. Those who claim to be ``very aware'' are no more
or less likely than are others to believe Y2K is a serious problem.
Efforts to increase general awareness of Y2K, therefore, will probably
have little impact on a small business owner's level of concern over
its impact. Instead, those wishing to stimulate action should shift the
focus to the consequences for unprepared firms.
4. addressing the y2k problem
The number of owners who are taking action to address Y2K
approximates the number who believe the problem is ``very serious'' or
``somewhat serious.'' Twenty-three (23) percent of those who are aware
of the problem report action taken or in progress. Another 27 percent
say that they plan to take action before 2000, though they have yet to
initiate any. If this latter group follows through on its plans, one-
half of small business owners who are aware of the problem will have
taken steps to address Y2K in advance. That figure represents 41
percent of the entire small business population.
The relationship between the level of action and perceived severity
of the problem suggests that perceptions change once action is taken.
Exhibit 4 shows, as expected, that those who plan no action generally
regard Y2K as ``not at all serious'' or ``not very serious.'' Again, as
expected, those who plan action, but have not yet taken, any consider
the problem more serious than do those not planning any. The
interesting group, however, is the one whose members either have taken
action or are in the process of doing so. Owners taking action should
be the group who consider the Y2K problem most severe, and indeed it
produces the greatest percentage (15 percent) reporting the problem,
``very serious.'' But, Exhibit 5 shows that the most frequent response
(34 percent) from this action-oriented group is ``not at all serious.''
One-third of those taking action think they have no Y2K problem to
speak of. The remainder of responses among those taking action are
distributed across the other possible answers. An explanation for this
unexpected distribution is that action influenced their assessments.
Once they acted, some owners learned the Y2K problem was very serious
for their firms while other found it inconsequential. If that opinion
occurs among those who acted, one could argue that a similar division
of opinion will arise among those who have not yet moved but are
exposed. A likely result is that some who take no action will not even
notice 9/9/99 or 1/1/00 while others will be very unhappy.
EXHIBIT 5.--PERCEIVED SERIOUSNESS OF THE Y2K PROBLEM BY ACTION TO RESOLVE THE Y2K PROBLEM
----------------------------------------------------------------------------------------------------------------
Problem seriousness
-----------------------------------------------------------------------------------------------------------------
Not at all Not very Somewhat Very
Action level serious serious serious serious Total
(percent) (percent) (percent) (percent)
----------------------------------------------------------------------------------------------------------------
Not serious enough to worry about......... 70 25 3 2 100
No action taken/planned................... 46 34 18 2 100
Action planned............................ 13 41 40 6 100
Action taken.............................. 34 24 27 15 100
---------------------------------------------------------------------
Total............................... 39 31 23 6 100
----------------------------------------------------------------------------------------------------------------
4.1 Expenditures on Y2K
The money spent by small employers taking action on the Y2K problem
is comparatively modest. Twenty-nine (29) percent have made no outlays
to date and another 27 percent have spent less than $1,000. (``No
outlays'' might consist of an inspection taken by in-house personnel.)
Twelve (12) percent reported spending between $1,000 and $4,999. Thus,
over \2/3\'s of those taking action have expended less than $5,000.
Another 13 percent don't know how much they have invested. These sums
do not necessarily represent the entire cost, however. Thirty-nine (39)
percent report plans for future outlays, though these investments will
be generally small as well. Their expected median value is about
$2,000.
The amounts spent on Y2K by owners taking action are notably less
than their annual expenditures for computer equipment, software and
maintenance. The annual median expenditure for these items is $7,500.
Thus, much of their Y2K investment appears to have been made part of
routine maintenance and upgrades.
Those planning action before the year 2000 intend to spend even
less. Virtually none in this group (5 percent) have reported any
expenditures to date. Their plans include 12 percent who anticipate
spending nothing, 27 percent who plan to spend less than $1,000, and 20
percent who will spend between $1,000 and $4,999. One in three still
doesn't know how much they will spend, leaving just eight percent of
this group planning expenditures of more than $5,000. That is about the
median annual expenditure among the group for computers, software and
maintenance.
4.2 Plans to address Y2K
Plans to address Y2K often appear fragmented. The group taking
action exhibits somewhat more structure in its approach to Y2K than
those still planning it. The most notable differences between the two
groups occurs in the areas of budgeting and verification of key vendor
Y2K prevention steps. Small business owners taking action more
frequently include a budget. Forty (40) percent of the action-oriented
group have a budget for Y2K compared to 27 percent of the planning
group. The planning group is more likely to check with key venders (49
percent compared to 32 percent). However, a majority do not have either
element as part of their plans. Infrequent budgeting might be explained
by the relatively small expenditures as well as the possible use of
monies previously budgeted for computer maintenance and upgrades. The
failure to check with key vendors can only be attributed to oversight
or hesitancy to ``interfere'' in the internal affairs of another. Three
of four from each group have designated a person to be in charge and
somewhat fewer intend to test all changes made in response to Y2K.
Small business owners are about evenly split among those who will
tackle the problem in-house and those who will contract it out. The
ones who have taken action tilt toward keeping the task in-house. It is
logical that those with expertise within their firms would be more
likely to address the problem before others.
5. information to help small business owners
Over half (58 percent) of the small employers who are aware of the
Y2K problem believe that they have adequate information concerning the
problem, its potential impact on their business, and how to protect
themselves from any adverse consequences. At the same time, 47 percent
indicate that additional information would be helpful.
Those most likely to feel that they have adequate information are
found on both ends of the action continuum. Almost four of five (79
percent) owners who have taken action feel that additional information
would not be helpful. Meanwhile, 62 percent of the small employers who
aren't worried about Y2K feel the same. Those in the middle of the
action continuum, particularly those planning action before 2000, are
most likely to believe that they need more information.
Small employers say that the most helpful information would be a
general description of the problem and the difficulties it may cause as
well as information on specific remedies for the most common ailments.
Previously, it was noted that there was a general feeling that the
problem lacks importance. Therefore, information describing the problem
needs to address consequences of inaction if it is to stimulate action.
Few express interested in obtaining information containing the names
and addresses of people or organizations that can help them resolve
problems, or a detailed check-list of potential problem areas.
6. conclusion
Virtually all save a healthy minority of the smallest, small
businesses face direct exposure to a Y2K problem. Should their computer
systems or other equipment/devices operated by a timing/dating
mechanism malfunction, the consequences for about one in seven of those
exposed are severe by the owners' own assessment. Though more than 80
percent are aware of the Y2K problem including most of those with the
most serious exposure, just 23 percent of them have taken action to
determine and correct the problem. Another 27 percent plan to do so
prior to the year 2000. Thus, half of those aware of Y2K currently
appear ready to leave their fate to the forethought (or lack thereof)
of computer programmers.
The primary circumstance intervening between awareness of the Y2K
problem and action appears to be the pervasive belief among small
businessmen and women that Y2K is not a serious problem for their
firms. Less than 30 percent believe the problem is ``very'' (6 percent)
or ``somewhat'' (23 percent) serious. If the situation is not serious,
the need to take action soon, if ever, is not a priority. Those
attempting to help small business owners avoid Y2K problems, therefore,
need to worry less about general awareness and focus on the likelihood
and consequences of Y2K affecting their firms.
The survey data cannot yield an estimated Y2K impact for the small
business population. Issues like the cost of substituting handwork for
automation, average ``downtime'' during a malfunction, and the percent
of firms exposed but not impacted are just three of the primary
outstanding issues which are essential to the estimate and for which
respondents could not provide reliable data. Still, the number of small
businesses adversely impacted, if only modestly, will likely be very
large. The survey shows that 4\3/4\ million small employers are
directly exposed with additional owners indirectly (and often
unknowingly) exposed as well. It also shows that only half of the those
aware of Y2K have taken or plan to take action in response. Thus even
if all of those planning to take action follow-through and another
million (about one in five of the exposed population) eventually make
plans and carry-out preventive measures, over one million small,
employing businesses will be directly exposed to the Y2K problem having
taken no precautions.
7. survey methodology
The telephone survey on which this report is based was conducted
during the latter part of April, 1998, by The Gallup Organization. The
Dun & Bradstreet file constituted the survey's sampling frame. The
sample itself was a stratified random design. Half was drawn randomly
from owners of small businesses employing between one and 9 people
(n=250); the other half was drawn randomly from those employing between
10 and 99 employees (n=250). Sampling error for the population is --4.4
percent. Unless otherwise noted, the data presented in the report are
weighted to reflect the distribution of the entire small employer
population.
______
Year 2000 (Y2K) Problem
(Survey Results)
[Sponsored by Wells Fargo Bank, Conducted by The Gallup Organization in
late April, 1998. Sample included small business owners employing from
1 to 99 people not including owners. n=500]
1. How dependent is the operation of your business on the use of
computers? Would you say that your business is very dependent, somewhat
dependent, not dependent, or you don't use computers in your business?
Percent
Very dependent.................................................... 44
Somewhat dependent................................................ 29
Not dependent..................................................... 5
Don't use computers............................................... 22
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
2. Do you have any equipment or devices in your business other than
a computer that operate on an internal timing/dating mechanism or a
micro-chip? Examples of such equipment might include automatic lighting
and watering systems, elevators, scanning devices and card-readers. Do
you have any?
Percent
Yes............................................................... 34
No................................................................ 65
Dont know......................................................... 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
3. Do you sell, lease, or install as part of your business any
devices that operate with an internal electronic timing/dating
mechanism or a micro-chip?
Percent
Yes............................................................... 11
No................................................................ 89
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
3a. What portion of your sales involve those kinds of devices?
Percent
All............................................................... 10
More than half.................................................... 29
About half........................................................ 3
Less than half.................................................... 38
Almost none....................................................... 19
N/A............................................................... 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=53
4. How dependent is your business on automated processes? Would you
say that your core business operation is very dependent, somewhat
dependent, or not dependent?
Percent
Very dependent.................................................... 21
Somewhat dependent................................................ 27
Not dependent..................................................... 49
Not applicable.................................................... 1
Don't know........................................................ 2
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
5. If your computers, the devices operating on an internal timing/
dating mechanism, automated processes, in your business were to
malfunction, about what percent of your business sales or production
would be lost for the period you were down?
Percent Percent
Percent
Less than 1....................................................... 40
1-10.............................................................. 14
11-20............................................................. 5
21-30............................................................. 5
31-40............................................................. 3
41-50............................................................. 8
51-60............................................................. 1
61-70............................................................. 1
71-80............................................................. 5
81-90............................................................. 3
91-100............................................................ 7
Don't know/refused................................................ 3
Not applicable.................................................... 6
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
6. Does your business use its computers for . . .?
Percent
Billing and accounts receivable:
Yes........................................................... 74
No............................................................ 26
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Inventory control:
Yes........................................................... 41
No............................................................ 59
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Accounting and general ledger:
Yes........................................................... 76
No............................................................ 24
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Payroll:
Yes........................................................... 45
No............................................................ 55
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Administration, record-keeping, and word processing:
Yes........................................................... 84
No............................................................ 16
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
E-mail and/or Internet access:
Yes........................................................... 61
No............................................................ 39
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Maintaining customer and prospect lists and/or sales tracking:
Yes........................................................... 70
No............................................................ 30
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Design and product development:
Yes........................................................... 28
No............................................................ 72
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Operating machinery and/or equipment:
Yes........................................................... 20
No............................................................ 80
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Check reconciliation:
Yes........................................................... 51
No............................................................ 8
Don't Know..........-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
n=385
7. In a mix of custom and off-the-shelf software, would you say
that your business uses all custom software, mainly custom software,
50/50 custom and off-the-shelf, mainly off-the-shelf, all off-the-shelf
software?
Percent
All custom........................................................ 10
Mainly custom..................................................... 7
50/50 custom and off-the-shelf.................................... 22
Mainly off-the-shelf.............................................. 16
All off-the-shelf................................................. 38
Don't Know........................................................ 7
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=385
8. When was the last time your business updated its most critical
software? Was it within the last 2 years, 2-5 years ago, 6-10 years
ago, more than 10 years ago?
Percent
Within the last 2 years........................................... 81
2-5 years ago..................................................... 12
6-10 years ago.................................................... 2
More than 10 years ago............................................ 1
Don't know........................................................ 4
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=385
9. What does your business spend annually for computer equipment,
software and maintenance?
Percent
Nothing........................................................... 8
$1 to less than $1,000............................................ 26
$1,000 to $4,999.................................................. 27
$5,000 to $9,999.................................................. 14
$10,000 to $24,999................................................ 11
$25,000 to $99,999................................................ 4
$100,000 or more.................................................. 2
Don't know........................................................ 7
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
10. How frequently do you interact electronically with your
suppliers: a lot (frequently), a little (from time to time), not at all
(never)?
Percent
A lot (frequently)................................................ 18
A little (from time to time)...................................... 36
Not at all (never)................................................ 45
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
10a. How critical is the use of computers to your SUPPLIERS'
operation? Is it critical, somewhat critical, not very critical, not at
all critical?
Percent
Critical.......................................................... 30
Somewhat critical................................................. 15
Not very critical................................................. 18
Not at all critical............................................... 28
Don't know........................................................ 10
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
11. How frequently do you interact electronically with your primary
financial institution: a lot (frequently), a little (from time to
time), not at all (never)?
Percent
A lot (frequently)................................................ 14
A little (from time to time)...................................... 21
Not at all (never)................................................ 64
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
12. How frequently do you interact electronically with your
customers: a lot (frequently), a little (from time to time), not at all
(never)?
Percent
A lot (frequently)................................................ 17
A little (from time to time)...................................... 32
Not at all (never)................................................ 51
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
13. Are your sales PRIMARILY to private individuals or to other
businesses and organizations?
Percent
Private individuals............................................... 52
Businesses/organizations.......................................... 40
Don't know........................................................ 8
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=408
13a. How critical is the use of computers to your customers'
operations? Is it critical, somewhat critical, not very critical, not
at all critical?
Percent
Critical.......................................................... 40
Somewhat critical................................................. 28
Not very critical................................................. 10
Not at all critical............................................... 11
Don't know........................................................ 10
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=164
14. Are you aware of something called the ``Year 2000 Problem,''
often called the ``Millennium Bug''? The problem involves a possible
malfunction of some computer systems and similar devices on January 1,
2000. Would you say that you are very aware, somewhat aware, not very
aware, or not at all aware with the year 2000 problem?
Percent
Very aware........................................................ 53
Somewhat aware.................................................... 28
Not very aware.................................................... 8
Not at all aware.................................................. 10
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
15. How serious do you feel the Year 2000 Problem is for your
business? Would you say that it is very serious, somewhat serious, not
very serious, not at all serious?
Percent
Very serious...................................................... 6
Somewhat serious.................................................. 23
Not very serious.................................................. 31
Not at all serious................................................ 39
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=405
16. How do you intend to address the problem? Would you say it's
not serious enough to worry about, no action has been taken and none is
now planned, you plan to take action before the year 2000 but haven't
yet, you have taken or are now taking action to address the problem?
Percent
Not serious enough to worry about................................. 22
No action taken and none is planned............................... 24
Plan to take action, but haven't yet.............................. 27
Taken or are now taking action.................................... 23
Don't know........................................................ 4
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=405
16a. (Are you/will you) initially (addressing/address) the problem
on your own or (are you/will you) (bringing/bring) in someone from the
outside to help?
Percent
In-house.......................................................... 47
Contract out...................................................... 42
Don't know........................................................ 11
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=202
16b. Does your plan include . . . ?
Percent
A budget:
Yes........................................................... 33
No............................................................ 64
Don't know.................................................... 3
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
A designated person in charge:
Yes........................................................... 73
No............................................................ 26
Don't know.................................................... 1
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Testing any changes you make:
Yes........................................................... 70
No............................................................ 24
Don't know.................................................... 6
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
=================================================================
________________________________________________
Checking on your key vendors to be certain they don't have a
problem that affects you:
Yes........................................................... 41
No............................................................ 56
Don't know.................................................... 3
-----------------------------------------------------------------
________________________________________________
Total..................................................... 100
n=202
17. How much money has your business already spent addressing the
Year 2000 problem?
Percent
Nothing........................................................... 64
$1 to less than $1,000............................................ 13
$1,000 to $4,999.................................................. 7
$5,000 to $9,999.................................................. 4
$10,000 to $24,999................................................ 3
$25,000 to $99,999................................................ 1
$100,000 or more.................................................. 0
Don't know........................................................ 8
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=202
18. How much money does your business plan to spend, beyond what
you have already spent, addressing the year 2000 Problem?
Percent
Nothing........................................................... 25
$1 to less than $1,000............................................ 21
$1,000 to $4,999.................................................. 17
$5,000 to $9,999.................................................. 5
$10,000 to $24,999................................................ 2
$25,000 to $99,999................................................ 2
$100,000 or more.................................................. 1
Don't know........................................................ 29
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=202
19. How will your Year 2000 plans impact your sales? Do you think
it will increase, decrease, or have no impact on them?
Percent
Increase.......................................................... 10
Decrease.......................................................... 3
No impact......................................................... 84
Don't know........................................................ 3
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=202
20. How will your Year 2000 plans impact your employment level? Do
you think it will increase the number of people working for you,
decrease the number, or have no impact?
Percent
Increase.......................................................... 7
Decrease.......................................................... 1
No impact......................................................... 90
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=202
21. Have you verified that your suppliers and financial
institutions are taking steps to prepare for the Year 2000?
Percent
Yes............................................................... 32
No................................................................ 65
Don't Know........................................................ 3
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=405
22. Have you verified that your customers are taking steps to
prepare for the Year 2000?
Percent
Yes............................................................... 13
No................................................................ 83
Don't know 3
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=405
23. Do you believe that you have adequate information about the
Year 2000 Problem, its impact on your business, and how to protect
yourself from any adverse impact?
Percent
Yes............................................................... 58
No................................................................ 39
Don't know........................................................ 4
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=405
24. Would you be very interested, somewhat interested, not very
interested, not at all interested in learning more about the Year 2000
Problem and how it might affect your business?
Percent
Very interested................................................... 12
Somewhat interested............................................... 35
Not very interested............................................... 14
Not at all interested............................................. 39
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=405
25. What type of information about the Year 2000 Problem would you
find most helpful?
Percent
A general description of the problem and the difficulties it may
cause......................................................... 31
Specific remedies for the most common possible problems........... 22
How it would affect financial institutions (volunteered).......... 5
Names and addresses of people or organizations that can locate or
help resolve possible problems in your business............... 4
How it would affect my business (volunteered)..................... 4
A detailed check list of possible problem areas................... 3
Other............................................................. 6
Don't know........................................................ 20
Nothing........................................................... 5
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=247
demographic profile of respondents
D1. Which best describes the majority of your business activity? Do
you make, construct, extract or grow something to sell; sell goods or
products; sell services?
Percent
Make, construct, extract or grow something to sell................ 12
Sell goods or products............................................ 29
Sell services..................................................... 56
Don't know........................................................ 3
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
D2. Which BEST describes the area in which your business is located
(main headquarters)? Is it located in a city and surrounding suburbs
with more than 500,000 people, city and surrounding suburbs with 50,000
to 500,000 people, city of less than 50,000 but more than 5,000,
community of less than 5,000 or a rural area?
Percent
City and surrounding suburbs with more than 500,000 people 29
City and surrounding suburbs with 50,000 to 500,000 people........ 28
City of less than 50,000 but more than 5,000...................... 20
Community of less than 5,000 or a rural area...................... 20
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
D3. How many people do you employ?
----------------------------------------------------------------------------------------------------------------
Weighted Unweighted
(percent) (percent)
----------------------------------------------------------------------------------------------------------------
1-4..................................................................... 57 35
5-9..................................................................... 20 12
10-24................................................................... 14 28
5-99.................................................................... 8 23
Don't know.............................................................. 2 2
---------------------------------------
Total............................................................... 100 100
n=500
----------------------------------------------------------------------------------------------------------------
D4. During your last fiscal year, were your sales less than
$250,000; $250,000 to less than $500,000; $500,000 to less than $1
million; $1 million to less than $2 million; $2 million to less than $5
million; $5 million to less than $10 million; $10 million or more?
Percent
Less than $250,000................................................ 42
$250,000 to $499,999.............................................. 18
$500,000 to $999,999.............................................. 10
$1 million to $1,999,999.......................................... 12
1$2 million to $4,999,999......................................... 4
$5 million to $9,999,999.......................................... 3
$10 million or more............................................... 2
Don't know........................................................ 9
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
D5. How long have you owned or operated this business?
Percent
Less than 6 years................................................. 27
6-10 years........................................................ 23
11-20 years....................................................... 28
21+ years......................................................... 20
Don't know........................................................ 1
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
D6. Please tell me your age?
Percent
Under 30.......................................................... 4
30-39............................................................. 18
40-49............................................................. 31
50+............................................................... 45
Don't know........................................................ 2
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
D7. Gender?
Percent
Male.............................................................. 74
Female............................................................ 26
-----------------------------------------------------------------
________________________________________________
Total......................................................... 100
n=500
______
Responses of William J. Dennis to Questions Submitted by
Chairman Bennett
Question. Mr. Dennis, I find your testimony is unnecessarily
leaning to the optimistic side. The Wells-Fargo sponsored survey, which
samples approximately 4.8 million small employers, brings out these
facts, and correct me if I'm wrong:
--almost \1/3\ of small employers reported that they would lose over
30 percent of their sales or production for the period their
computers and automated processes were down. That translates to
well over 1 million small employers who are doing at best 70
percent of the business they were doing before Y2K problems
hit.
Do you think it is appropriate to focus only on the extreme cases
which is the 330,000 or so businesses you refer to in your testimony?
Wouldn't most small employers consider losing over 30 percent of sales
or production significant? For instance, in this city, a large number
of small vendors and eateries folded just due to the three week
Government furlough in 1995.
Answer. Your point is well-taken. Small businesses do not have to
be completely shut-down in order to experience significant adverse
impacts. This is particularly true if the loss of sales/production
occurs over an extended period. In fact, the length of the loss may be
more critical than the daily percentage of loss. For example, if a
small business owner lost 100 percent of sales or production for a day,
he would be unhappy. If he lost 30 percent for a month, he could be in
serious trouble. Unfortunately, we could not ask a question on the
survey about duration of downtime and expect an informed response.
The report specifically notes that the difficulty with waiting
until January 1, 2000, to resolve a Y2K incident is that a small
business owner probably will not be able to get anyone to fix the
problem right away. Other customers, probably large businesses and
governments, will have all the qualified locked-in. The small business
will have to hobble along. When it finally does get someone in, the
cost will be significantly higher than it would have been. The unknown
length of downtime is, I believe, one of the strongest arguments for
action.
Your one-third calculation is not quite correct. That figure covers
the population with direct exposure including those who have and have
not taken action. Including only those who have taken no action and who
do not plan any, the number directly impacted is under one million.
Still, that is a very large number, large enough to create considerable
concern.
Question. You state that over 80 percent of small employers are
exposed to Y2K problems though their computers, but a majority of them
plan no action as of the survey done in April of this year. You also
say that "government isn't particularly credible with small business
owners nor are its communications." You do suggest working with trade
associations to spread the Y2K message, but I'm wondering if this alone
is sufficient. Can you provide the Senate with any suggestions that the
Congress can take action on?
Your written statement astutely points out that small employers
have indirect exposure to Y2K problems as well as direct exposures, for
instance with a customer or supplier whose computers the small employer
must access. You estimate that this may extend to practically all small
employers. Yet we learn from other parts of your statement that this
group is particularly in the dark on the Y2K issue and is likely to
remain so. This is very troubling. What can be done to get this very
important part of our economy to pay more attention to this issue that
may cripple them in just 450 days from now?
Answer. The two most influential groups for small business owners
are industry-specific trade associations and peers. Small businessmen
and women are most likely to listen to and respond to these two groups.
I have no doubt that the Committee could exert considerable
influence on industry-specific associations through direct
communication. The same would be true for local organizations whether
as large as the Washington Board of Trade or neighborhood business
organizations. This is no mean task. The Encyclopedia of Associations
lists thousands of them. But I think it would be a useful endeavor.
Further, small business owners will probably be more receptive to the
message as January 1, 2000 approaches. They usually face a myriad of
business problems. Y2K is just one of them. So as the deadline nears,
owners will be paying more attention.
The second thing that you can do is to encourage larger firms and
state and local governments to use their pulpits. They do business with
millions of small firms. They could certainly provide a public service
by doing as little as enclosing a letter about Y2K to their customers
and suppliers.
I would not expend my resources on media events or national
campaigns in the traditional sense. Who has enough credibility and
visibility to be taken seriously? Y2K is a business problem and
political leaders lack credibility with Main Street on such matters.
It is also important that the Committee or any other group make a
credible case. As the survey shows, a large number of owners simply do
not believe either that a problem exists or that the Y2K problem is
serious enough to warrant attention. That means they need information
clearly outlining the costs and consequences of not taking preventive
action. For example, if I believe that I can replace an infected
computer and software for $2,000 and that a consultant will cost $1,000
to tell me I have a problem, then why shouldn't I adopt a wait and see
attitude? That is a reasonable risk. But if you tell me, the problem
will screw-up my records, perhaps irretrievably, and that I probably
won't be able to get anyone to come in and fix what I have left for a
month, you have my attention.
Though the data do not show it, I personally believe that a
substantial number also simply don't know where to begin. Many owners
are not comfortable with the technology. To draw an analogy, they can
drive it productively but don't ask them what's under the hood or how
it can be fixed.
__________
Prepared Statement of Senator Christopher J. Dodd
Thank you, Mr. Chairman, for holding this hearing. As you
mentioned, this is the ninth hearing that this Committee has held. You
have frequently compared your role in the Y2K issue to that of Paul
Revere, but you, Senator Bennet, have logged far more hours than that
legendary patriot. We know that the Y2K threat is coming. We know the
time remaining between now and the turning of the millennium to the
second. We know we must alert our citizenry. If the polls are correct,
and if only a small percentage of Americans have heard of the year 2000
computer problem, then we have an extraordinary task at hand.
This Committee has held eight hearings, covering such wide ranging
subjects as electricity grids, health care, financial markets,
telecommunications, emergency services, pensions and mutual funds, and
now we come together to examine small and large businesses.
Perhaps the single most important message coming out of these
hearings is that the hour is late and the vast majority of the planet
is not prepared. That the United States leads the world in Y2K
remediation is a thin silver lining when our hearings indicate that
many sectors within the United States are not prepared, or just
starting their Y2K planning. Just one of many areas that deeply
concerns me is the small business sector. Many small businesses are
either unaware or unconcerned about the Y2K problem. Yet they are
crucial to the welfare of the American economy. They employ nearly 18
million American workers. They provide 51 percent of the private sector
output. Despite the label ``small business,'' they are by no means
small in their importance. Whether they realize their role in our Y2K
challenge is, unfortunately, another matter. Small businesses seem to
think that they can hide from the Y2K problem. In a recent Wells Fargo
Bank survey of small business Y2K preparedness, 81 percent of small
businesses surveyed knew of the problem, but no more than 25 percent
had acted on that information. This is unacceptable.
I would like to borrow one of Senator Bennett's metaphors which
compares this committee to the National Weather Service. We have a
worldwide Y2K storm brewing which, unlike the tropical storms and other
disasters that the National Weather Service tracks, is at least
partially controllable. We still have more than a year to identify the
most critical systems and fix them. Unfortunately, we still lack the
kind of international storm warning and response system that this issue
requires. We need an international focus that can identify the global
risk and take appropriate action to protect our interests in energy,
food supplies, critical commodities and manufactured products. Until we
see this kind of joint domestic and international participation, the
Year 2000 technology problem will continue to pose a significant
physical and financial risk to American and international citizens
alike.
Interconnectivity is another appropriate theme for this hearings.
Almost all business sectors have some common Y2K factors such as
computers, software and microprocessors. As we examine each industry in
detail we are discovering that interconnectivity between businesses is
one of the greatest issues we face. Most businesses are dependent on
their suppliers, distributors, and customers through some means of
electronic data interchange. The digital device that sends and receives
these messages is connected to some kind of computer or microprocessor
that is run by software, any part of which may not be Y2K compliant. It
only takes one part of the link to break for the exchange of data to
come to an abrupt halt. Thus the hard work of many internally Y2K
compliant companies could be for naught if their suppliers and
distributors are not in synch with their respective Y2K remediation
efforts. We look forward to today's witnesses discussing this issue
with the committee.
The Senate as well as the American public have a keen interest in
monitoring the response levels that public and private organizations
have displayed with respect to the Y2K problem. Most are aware of their
civic duties, and have volunteered to tell the Y2K story, recognizing
that their experiences will be useful to others. But there are other
companies and industries that willfully and knowingly chose not to
cooperate with our efforts. In many cases, these are companies whose
products are essential for the day-to-day existence of the average
American. For example, many major representatives of the food industry
have decided that it is not in their best interest to tell the public
the Y2K status of their industry. Their industry associations were
equally unsupportive.
Based on the eight hearings that preceded this one, we have arrived
at a fairly clear picture of our Y2K strengths and weaknesses. In
general, all those affected with the Y2K bug have arrived at the party
well beyond ``fashionably late.'' However, today's hearing provides us
with one more opportunity to improve our response time for the ultimate
deadline, the one just 450 days away. The pharmaceutical industry will
give us a complete picture of what it means when we talk about Y2K
readiness. Their testimony highlights the extremely complicated and
interconnected supply lines that provide millions of Americans with
essential prescription drugs.
The pharmaceutical industry includes a large international
component. For example, diabetics can live long and healthy lives with
the help of regular doses of insulin, a substance that is mainly
produced in Denmark. If Denmark's insulin production is affected by the
Y2K bug or any other disaster, the thousands of Americans that depend
on this drug to control their diabetes will find themselves in grave
danger. Insulin is just one product that embodies the interdependent
nature of the world in terms of business and economics, as well as
health and social welfare. We hope the Danes, and the rest of the
international community are as concerned about Y2K as we are. Steps
must be taken to insure that the factories that produce insulin, and
other such life-saving drugs can function properly after January 1,
2000.
The spectrum of American business centers around major producers,
much as it has since the invention of commerce. If business history
teaches us anything, its is the symbiotic relationship between large
and small businesses. Large corporations need small companies to tailor
the delivery of goods and services to meet consumer needs. This morning
we will see Y2K issues from both ends of the business spectrum.
Representatives of the 5 million small businesses, most with less than
500 employees, have the unique challenge of meeting Y2K obligations
which, in some cases, may be just as large as the ones facing companies
with tens of thousands of employees.
Again, thank you Mr. Chairman for your leadership, and thank you to
our witnesses for their cooperation.
__________
Prepared Statement of Hon. Fred P. Hochberg
Thank you, Mr. Chairman, for inviting the U. S. Small Business
Administration (SBA) to testify before the Senate Special Committee on
the Year 2000 Technology Problem. My name is Fred P. Hochberg, Deputy
Administrator of the SBA, and I am here today on behalf of
Administrator Alvarez, who joins me in welcoming the opportunity to
discuss the so-called ``Year 2000'' or ``Y2K'' problem facing the
nation's 23.6 million small businesses and their customers. We also
look forward to providing information to the Committee on SBA's efforts
to improve awareness of this problem and to minimize its impact on
small businesses.
We at the SBA take the Year 2000 issue very seriously and the
President has directed SBA to take a lead role in addressing this
concern as it affects small business. The full extent to which the Year
2000 bug may affect businesses is unknown. However, it is clear that
the damage can be minimized with foresight and preparation. My
testimony consists of two parts--what SBA is doing to insure that our
own computer systems are Y2K compliant and what SBA is doing to help
our customers understand the problem and have some information on how
to address it in their own businesses.
sba's computer systems
The SBA's Year 2000 awareness efforts actually began in 1996 when
we realized that, in order to better serve small businesses, we should
improve our own internal computer protections. I am pleased to inform
you that as of September 1998, we have completed the renovation of the
computer programs in all of SBA's mission critical systems. By the end
of October we will have completed the validation and implementation of
these programs--well ahead of targeted goals for the federal
government. Our non-mission critical systems also have been identified
and, currently, we are working with our field offices to continue
corrections of local systems in these offices.
We are quite proud of the fact that the SBA was one of only three
agencies to earn an ``A'' for our Y2K work when the House Committee on
Government Reform and Oversight's Subcommittee on Government
Management, Information and Technology issued its report card last
month on the Federal Government's progress in addressing the Y2K issue.
Because we are ahead of schedule, we plan to conduct additional
systems integration and data exchange testing during the first quarter
of fiscal year 1999. We will correct any identified problems by the end
of the second quarter.
To avoid taking anything for granted, we have established a
Business Continuity and Contingency Planning Committee. I chair this
committee and it is composed of the SBA's top managers. Our goal is to
ensure that SBA is prepared to deliver its services regardless of
whatever problems we may encounter as a result of the Y2K issue.
sba is seeking ways to help our customers
Once our internal improvement efforts were underway, we turned our
efforts towards the private sector. We wanted to bring the seriousness
of this problem to the attention of small business owners without
creating undue panic. In addition, by educating small businesses that
they could have a problem, we sought to prevent them from making any
unnecessary expenditures toward fixing this problem.
Initially, many people--including the SBA--believed users of new
desktop hardware with off-the-shelf or ``shrink-wrapped'' software
would be protected from the Year 2000 problem. SBA convened two
separate industry review groups. The first consisted of the mainframe
computer and independent software industries and the second represented
desktop computer manufacturers and ``shrink-wrapped'' software
producers. They helped correct our perceptions of the Y2K problem and
gave us suggestions on how to present the problem to the small business
community (Participants listed in Attachment 1). These review groups
were instrumental in helping the SBA develop steps businesses can take
to better prepare themselves to address the Y2K problem.
The experts told us that even recently purchased equipment could be
threatened by the Y2K problem. Validated systems may not actually be
Year 2000-compliant if users have modified them by entering non-
compliant data.
In addition, there may be telecommunications problems associated
with the failure of microprocessors or ``embedded chips'' that are
date-sensitive. This could affect credit card readers, automatic teller
machines, fax machines, pager and e-mail service. Other items of
concern to small businesses could be the possible chip-related failures
of heating and ventilation systems, security alarms, and even
elevators.
year 2000 awareness program message
As a result of our work with the industry experts, we developed the
following advice that anchors our Y2K outreach efforts.
First, businesses are encouraged to conduct a self-assessment to
see if they may have affected computer hardware and software, as well
as any electronic equipment using date-sensitive embedded computer
chips. Operating systems, like DOS or Windows, should be evaluated for
their vulnerability to the Year 2000 bug. Products like Lotus 1-2-3,
Oracle, or Excel, which may contain date-reliant data, should also be
reviewed.
We are aware that it is not enough for small businesses just to
take care of their own Y2K problems. They need to assure themselves
that the companies in their supply and distribution network are also
Y2K compliant. As we continue to revise and enhance our message to the
small business community, we will encourage them to develop contingency
plans for keeping their businesses operating. We believe this a very
prudent action to take for ensuring business continuity in the event
their normal suppliers or other supporting vendors are unable to
provide the products and services they need.
This is not just a computer problem, however, as other equipment
with embedded computer chips could also be at risk. Anything that uses
a calendar or date record should be assessed. Thorough assessment of
elevators, machinery and other mechanized systems is key. The theme of
this message is that it is not too soon to begin evaluating one'*s
vulnerability to the Year 2000 threat.
Second, businesses are encouraged to take action immediately.
Corrective actions could range from a change in software to hiring a
consultant to repair any problems. Repairs may not necessarily be
expensive and we are encouraging businesses to contact their computer
hardware and software vendors first. Fixing any Y2K problems discovered
in the self-assessment is a must, and testing the repairs is vital.
Upon completion of repairs, businesses must test and re-test to assure
they won't have any problems. Having a contingency plan is also
necessary because businesses can never be sure if their vendors and
other contacts are themselves compliant.
Third, businesses are encouraged to stay informed about this issue.
Accurate Y2K compliance information could change and business owners
should keep abreast of any modifications they may need to make in their
equipment or operations. A change in Year 2000 compliance by one
business, regardless of size, could have a ripple effect for smaller
businesses that rely upon its services or supply inventory. Visiting
various Internet Y2K websites is a great way to stay current.
These steps form the basic context of our public awareness program.
We have prepared materials and media to notify small businesses about
the Y2K issue. They include posters, flyers, a fact sheet, a public
service announcement (PSA) and phone hotline. Each of these provides
basic information and refers people to the SBA website (www.sba.gov).
The website features information on how businesses can protect
themselves from the Year 2000 problem (Attachment 2). The website also
provides ``hyperlinks'' to major computer hardware and software
manufacturers and distributors to aid individuals in safeguarding their
equipment and software from the Y2K Problem. Since its inception in
February 1998, the site has been ``hit,'' or visited, over 840,000
times.
Additionally, the SBA is making information available through a new
toll-free phone number, 1-877-RUY2KOK. Started on June 23, 1998, the
phone line is an automated ``fax-back'' system which allows callers to
have Year 2000 information faxed back to them at the conclusion of the
call.
year 2000 awareness program outreach
Our coordinated national awareness program asks small businesses
``Are You Y2K OK?'' Our traditional resource partners, such as our
lending partners, Small Business Development Centers, SCORE volunteers
and small business trade associations, in addition to our private
sector supporters, have agreed to help spread our message. For example
the American Bankers Association included all of our materials in their
Year 2000 member resource guide. We look forward to working with the
private sector to leverage our resources, experience and knowledge with
the Y2K issue to help small businesses become compliant. Since our Year
2000 kick-off in early June, SBA's efforts have resulted in numerous
public forums with SBA representatives reaching a broad radio and TV
audience.
In addition, the SBA has conducted Y2K training events across the
country. Together with IBM and the U.S. Chamber of Commerce, the SBA
has developed a full-page advertisement on Y2K preparedness, to be
published in Nation's Business Magazine this month. As a result of the
emphasis we have placed on this issue with our district offices, the
SBA's Y2K awareness campaign has been featured in more than 200
metropolitan and local newspapers since June. Administrator Alvarez was
recently featured in a Y2K piece by Fortune magazine.
Since June, we have distributed more than 2 million Y2K flyers
through our private sector partners, such as financial institutions,
power companies and newspapers. We are also very excited that we
recently reached an agreement with the Internal Revenue Service to
distribute nationwide, through their next mailing to small business
owners, 6.5 million copies of our ``Are You Y2K OK?'' flyers. Requests
for our ``Are You Y2K OK?'' materials, as well as for public service
announcements and general Year 2000 information, continue to pour in.
We are committed to meeting these requests and have plans to update our
material later this year.
The SBA continues to work hard to build alliances with trade and
industry associations. We believe it is important to have as much help
as possible in carrying our Year 2000 message.
y2k action week
Before I conclude my testimony, let me tell you about an exciting
activity we have planned for later this month. We will sponsor a
nationwide initiative during the week of October 19th to focus
government, business and media attention on the Y2K problem. During
that week, we are asking all of SBA's district offices and resource
partners to sponsor at least one major Y2K awareness event. It is our
hope that we can reach literally tens of thousands of small businesses
during this week and motivate them to take action now on this serious
management issue.
We have received strong support from John Koskinen and his staff at
the White House Y2K Office and will be joined in this effort by the
Departments of Commerce, Agriculture, Interior, Transportation, the
Social Security Administration, Internal Revenue Service and the U.S.
Postal Service. Attendees at these events will then take the message
back into their local communities. We hope that this issue will then be
raised at local chambers of commerce and other business organization's
meetings to assist us in getting the work out to the small business
community.
conclusion
As we update both our material and our messages, we plan to
continue encouraging small businesses to stay informed on this issue.
Business owners can get up-to-date information by reading the
newspapers, watching the nightly news, visiting the SBA website
(www.sba.gov) and other websites and contacting their vendors. The best
defense is staying informed and taking action accordingly. And most
important, everyone needs to take action now; it is too late to start
early. We recognize that some businesses may be Year 2000 compliant
already. However, the risks are too great not to check. Small business
owners need to make informed decisions about this issue.
The reaction to our efforts has been overwhelmingly positive. We
both need and appreciate the support we've enjoyed from Congress as
well as the businesses and trade groups who have allied themselves with
our effort. As you return to your respective states in the coming weeks
for town hall meetings and other public gatherings, we urge you to
carry forward the Year 2000 message. We are happy to provide materials
or help you communicate with your small business constituents any way
we can. The Year 2000 issue can be managed if businesses take
responsible action now while there is still time.
Thank you, Mr. Chairman, for inviting the SBA to testify. I look
forward to working with you. I will be happy to answer any questions.
[attachment 1]
Participants in SBA Year 2000 Focus Group I, March 30, 1998
Mr. John Koskinen, Assistant to the President, Chair, President's
Council on Y2K Conversion
Mr. Jim Morrison, Senior Analyst, National Association for the Self-
Employed
Ms. Heidi Hooper, Y2K Program Manager, Information Technology
Association of America
Mr. Anthony W. Powell, President, Anthony W. Powell, Inc.
Mr. Alton Turner, Next Millennium Consultant. Inc.
Mr. A. Nayab Siddiqui, President, Scientific Systems & Software
International Corporation
Mr. Jim Berish, Government Affairs, Hewlett Packard
Dr. Kam F. Tse, Contemporary Technology, Inc.
Mr. Andrew Pegalis, Next Millennium Consultant
Mr. Scott Davies, Y2K Executive, Global Government Industry, IBM
Corporation
Mr. Bob Cohen, Vice President of Communications, Information Technology
Association of America
Mr. Bob Price, Corporate Y2K Manager, Digital Equipment Corporation
Mr. Robert Wagman, Executive Editor, Millennium Information Service
Mr. David Voight Director, Small Business Center, Chamber of Commerce
Mr. Mike Roush, Small Business Technology Coalition
Ms. Susan Tuttle, Program Manager, IBM
Mr. David Y. Peyton, Director, Technology Policy, National Association
of Manufacturers
Participants in SBA Year 2000 Focus Group II, April 23, 1998
Ms. Moira Praxedes, Systems Analyst, Gateway 2000
Ms. Lynn Silver, Senior Education Policy Manager, Apple Computer, Inc.
Ms. Deborah Morse, Y2K Coordinator for Corel Products, Corel
Corporation
Mr. Dave Cunningham, Program Manager for Y2K, Dell Computer Corporation
Ms. Beth Land, Corporate Strategist, Novell Corporation
Mr. Rolin Hua, Vice President, Corporate Development SMAC Data Systems
Mr. Ted Graig, Government Account Representative, Microsoft Corporation
Mr. Roger Geides, Business Development Manager, Microsoft Corporation
Mr. Scott Davies, Y2K Executive, Global Government Industry, IBM
Corporation
Mr. Mike Roush, Small Business Technology Coalition
Ms. Heidi Hooper, Y2K Program Manager, Information Technology
Association of America
Ms. Nancy Peters, Information Technology Association of America
Mr. David Voight, Director, Small Business Center, U. S. Chamber of
Commerce
Ms. Deborah Spencer, Technical Account Manager, Lotus Development
Corporation
Mr. Bernie McKay, Intuit Corporation
[attachment 2]
The Year 2000 Problem
are you ready to do business in the year 2000?
If you think you are, have you completely tested all your systems
to make sure you won't have problems? Have you talked to your business
suppliers and other business partners to ensure that they are ready?
Whether or not you are ready, we invite you to reviewthis document on
year 2000 readiness.
what is the year 2000 problem * * *
The year 2000 problem started decades ago when earlycomputers had
very limited memory and storage space. Programmers saved space where
they could by storing the absolute minimum amount of data necessary for
business functions. One place they saved space was the date, in which
years were represented by their last two digits. So, 1946 was
represented and stored as 46, 1967 was stored as 67, and so forth.
Reducing years to two digits works well as long as the century does
not change. As the next century approaches, however, computers that
still maintain years as two digits may not recognize that the year 2000
is greater than the previous year. Although a computer may recognize
that 99 is greater than 98 (as in 1999 and 1998), it may not recognize
that 00 is greater than 99 (as in 2000 and 1999) and may consider it
1900.
and why is it so important?
Data processing systems used in all types of businesses rely
heavily on dates and date processing. If the computer code does not
recognize that one date is greater than another, it may not be able
toprocess properly and may produce erroneous results. For example, if a
loan is entered into a program with a start date of 1998 and a payoff
date of 2005 (98 and 05), the program may subtract 98 from 05 resulting
in a term of -93 years, rather than 7 years. This problem may put a
business at risk because it could effect its cash flow, inventory,
taxes, interest calculations, financial forecasting,customer relations,
and many other areas.
how big a problem?
This worldwide problem not only affects mainframe computers and
their programs, but also personal computers and every piece of hardware
that contains a microchip, including:
--manufacturing control systems
--telecommunications
--money transfer and other financial systems
--gas, water, and electrical utilities
--stock markets
--transportation
--national defense
--home computers, security systems, and appliances
Beyond your own business computer systems, there is also the
``business supply chain.'' You buy goods and services from some
businesses, and you sell goods and services to others. If your trading
partners fail, your cash flow can suffer critically.
In 1996, the Gartner Group estimated that the year 2000 problem
would cost $600 billion to fix. Later estimates by Lloyds of London
have been as high as $1 trillion. Economist Ed Yardeni has estimated
that there is a 35 percent chance of a global recession because some
businesses will be unable to deal with their year 2000 problems. And,
unlike most projects, the final due date can not be changed with the
year 2000 problem--the year 2000 will arrive whether we areready or
not.
no ``silver bullet''
According to Peter de Jager, an internationally recognized expert
in the year 2000 problem, there is no single solution, no so-called
``silver bullet.'' Because each system processes dates in different
ways, each system must be assessed and corrected.
you can't do nothing
If you do nothing to fix this problem, your business may fail.
Worse, because the year 2000 problem is a foreseeable problem, the
officers and directors of your organization could be held personally
liable in shareholder suits.
The Federal Reserve recognizes that small businesses are the
backbone of the economy and wants to ensure your business's continued
good health. With estimates predicting that 1 percent to 7 percent of
U.S. businesses will fail because of the year 2000 problem, the Federal
Reserve is encouraging all businesses to address the problem as early
as possible.
your business is at stake
Imagine if you were unable to retrieve your accounts receivable
records, or if one of your customers placed an order with you in late
1999 for delivery in early 2000, and that order was lost. Imagine if
you could not correctly calculate the taxes or insurance premiums to be
withheld for your employees, or if your inventory records were lost.
The year 2000 problem may affect your business in countless ways.
Your personal computers may reset themselves to the year 1980 or 1900
because the microchip that maintains the clock/calendar does
notrecognize 2000 as a valid year. A photocopier that records the count
of the number of copies made in a day may stop working in the year 2000
because the microchip may fail to recognize that ``00'' is a valid
year. A security system may fail to operate properly and might allow
unauthorized access to your buildings. A preprogrammed fax machine used
to send announcements to your customers may stop working after 12/31/
1999. A voice mail phone system may fail to record messages from
customers or suppliers. A preprogrammed money transfer from a savings
into a checking account to cover checks to your creditors may not take
place.
Reports of year 2000 problems are already surfacing in the media.
In early August 1997, the owners of a grocery store chain in Michigan
sued the manufacturer of their cash registers because the terminals
would not recognize credit or debit cards with an expiration date of
00. The owners claimed they had lost thousands of dollars worth of
business because the terminals rejected customers with valid debit/
credit cards.
it's not just a data processing problem
The year 2000 problem is a business problem. The decisions to spend
the money, time, and resources are business decisions. The costs of
making your organization compliant may be substantial, so the decisions
on what to fix and what to risk not fixing need to be made at the
highest levels.
managing to year 2000 readiness
Correcting the year 2000 problem in your organization will require
senior management involvement. The Board of Directors should be
involved. You may want to form a year 2000 team, and include legal and
audit representatives. If appropriate to your business, you may want to
designate one person as your year 2000 project manager with
responsibility for making your entire business ready for the century
date change. You may also want to designate one person in
eachfunctional area as a year 2000 coordinator or representative with
responsibility for tracking that area's readiness activities. Year 2000
readiness must be made a priority from the top down.
An overall project plan with milestones and deadlines will be
critical to your efforts. Each functional area should be encouraged to
develop its own plans.
Hint--A project planning and tracking tool, such as
Timeline or Microsoft Project, will help you track
tasks that are due to start, past due, or are on the critical path.
y2k steps to take
[GRAPHIC] [TIFF OMITTED] T7OC98G.003
______
Y2K Checklists for Small Business
No single Y2K checklist fits everyone's needs since businesses have
a wide variety of services and technologies. We are offering several
that focus on small business needs, starting with the one below from
the Federal Reserve Board. Links to additional checklists, definitions,
and resources are provided as well. This page is a ``work in progress''
and will grow as we come across more information. Keep in mind, there
are many excellent checklists on the Internet. Browse the internet and
if you find one you like, let us know!
suggested steps to readiness
The most important first step is to develop a strategy to make your
business ready for the year 2000. Many consulting firms have developed
different strategies with 3 to 15 steps to take to help companies deal
with the year 2000 problem. Information about these different plans can
be found on the Internet or in trade journals.
Here is a simple five-step plan to achieve year 2000 readiness.
(1) Awareness--educating and involving all levels of your organization
in solving the problem
A crucial step in awareness is creating a communication strategy to
make certain that everyone is informed and that management has the
information it needs to make decisions. Holding seminars or meetings to
educate people and bringing in outside speakers are two ways to
increase awareness.
A critical aspect of awareness is to develop an internal standard
for year 2000 readiness. The Federal Reserve uses the following
definition: ``Systems (e.g., software, hardware, firmware) are defined
as ready if they can demonstrate correct management and manipulation of
data involving dates, including single-century and multi-century
formulas, without causing an abnormally ended scenario within the
system or generating incorrect values involving such dates.''
The awareness phase never ends. As people move to other jobs, and
new people are hired, they must be educated. There is also an ongoing
need to keep your staff and business partners informed.
(2) Inventory--creating your checklist toward year 2000 readiness
In this phase, you should identify and list all of the different
computer-based systems, components (such as in-house developed systems,
purchased software, computers and associated hardware), service
providers, and hardware that contain microchips that support your
business. Each entry on your list should be ranked by how critical it
is to your business.
Indicate on your inventory whether the component is hardware,
software, or a service. It may be useful to note which components
support your telephone or data communications networks. If a computer-
based system uses a vendor-supplied package, record the name of the
vendor and the release number, if known.
Hints--Keeping your inventory on a spreadsheet or database makes it
easier to sort and report on items that are not ready. It is also
helpful to develop an identification system to help track components.
For each item on the inventory, assign a person who will be responsible
for assessing that item and preparing for the year 2000.
Reminder--Some systems will begin failing before the century date
changes because they perform forecasting or future processing. This is
called ``time horizon to failure'' and should be considered during
inventory and assessment. The ``time horizon to failure'' should be
listed on your inventory if it is known.
(3) Assessment--examining how severe and widespread the problem is in
your business and what needs to be fixed
Starting with the most critical items on the inventory, determine
which systems are date-sensitive and if they will fail when the century
changes. Systems with an imminent ``time horizon to failure'' should
also be assessed first. A date-sensitive system is one that manipulates
or works with dates in some way, or a system that operates differently
based upon the date. Please refer to the questions later in this
brochure to keep in mind when assessing your systems.
Examples of date-sensitive systems include ones that perform any
kind of forecasting or projections through time, such as calculating
interest on a loan or projecting inventory levels. Other examples of
date-sensitive systems are those which retrieve records based on a date
(such as invoices), or systems that sort items by date (such as
accounting or inventory systems). Examples of date-sensitive hardware
include lighting systems that switch on automatically on weekdays,
manufacturing control systems, and scanners or card readers that read
ID badges or credit/debit cards.
One way to assess a system is to look at the computer code and
follow the logic. If this is not possible because the system is based
on a purchased package, you should contact the vendor.
Another way to assess a system is to run it as if it were already
the year 2000. Running the system with dates other than the current
date may require resetting the system date. There are risks involved in
resetting system dates. Each organization should evaluate the impact of
resetting system dates. This testing may require that your test data be
``aged'' properly so it contains the correct internal dates.
Hint--There are risks involved in rolling the dates on your
computer systems forward. Make sure you understand what these risks are
for your organization.
For some specialized systems, such as building or manufacturing
control systems, or systems with embedded microchips, you may need to
have the vendor work with your staff to test and assess the system.
Once you have determined the state of readiness for each system and
component listed in your inventory, you should develop a strategy for
dealing with those systems that have to be fixed. There are only three
possible strategies: repair, replace, or retire the system.
If you decide to repair a system, there are two possible repair
strategies or approaches: windowing or date expansion. The date
expansion strategy involves expanding all 2-digit year fields in your
system's data files and in the programs that process those files so
they can hold the century as well as the 2-digit year. For example, a
2-digit year field YY might be expanded to a 4-digit CCYY field, where
CC is the century. The date expansion may involve increasing the size
of files that hold your data.
The windowing approach involves inserting logic into your programs
that interprets year fields to determine what century the year falls
into before the date field is used in calculations, comparisons or
sorting. An example of this logic: if the year is between 00 and 49,
the century is 20, otherwise the century is 19. This is called the 50
year window. There are other windows. You need to determine which one
is appropriate for your particular system. Whatever windowing logic is
selected, we recommend consistency throughout your organization to
avoid later errors and confusion.
Most businesses are taking a mixed approach, fixing some systems
using windowing logic and others with date expansion. Some are using
such a mixed approach to fix even large systems. Your choice depends on
your own individual needs.
If your strategy is to replace a non-ready system, you have several
choices. You can build the replacement in-house (or hire contractors to
work with your staff to build it), you can purchase a replacement
system from a vendor, or you can outsource that particular line of
business to a service bureau or other outside service provider. It is
very important to determine when the replacement will be ready. If the
replacement won't be tested and installed until after the ``time
horizon to failure,'' you may be forced into a repair strategy.
A business system that operates in isolation is very rare. Most
interface with other business systems to exchange data, and some
interface with systems outside your organization. Your strategy to
replace or repair non-ready systems should take into account those
systems' interfaces with other systems, both within and outside your
organization. For example, if you opt for date expansion, you must
consider the impact of sending larger files to all interfaces. If you
opt for windowing, all interfaces must be informed what the windowing
scheme is.
Hint--We recommend that you develop a chart that shows the systems
that have interfaces, what those interfaces are, and when they occur.
Different systems that interface with each other may have different
schedules for assessment, correction, and implementation. It may be
necessary to build ``bridges'' between systems that are ready for the
year 2000 and those that are not. These bridges, which are usually
temporary programs, take data from one system and modify it to make the
format correct for the interfacing system. Careful, detailed planning
will be required to handle these situations.
When you find that a system is not year 2000 ready, determine how
critical that system is to your business. For example, if the system
prints an invalid date on an internally used report, you may decide
that this problem is not significant enough to address. If, however,
the system loses track of inventory data or fails to forecast properly,
it should be fixed.
Hint--As you purchase new computers, packages, and other hardware,
upgrade existing packages, and develop new lines of business, remember
that this new equipment needs to be checked to ensure it is year 2000
ready. Upgraded packages also need to be checked for readiness after
upgrading.
(4) Correction and Testing--implementing the readiness strategy you
have chosen and testing the fix
Testing is a critical aspect of any year 2000 project. Testing
verifies that the repaired or replaced system operates properly when
the date changes and that existing business functions (such as
accounting, inventory control, and order tracking) continue to operate
as expected. Testing also verifies that interfacing systems are not
adversely affected. You should not confine your testing efforts solely
to computer programs. Other systems (including network operating
systems, vendor-supplied software, building infrastructure systems,
PCs, and components with embedded microchips) should be tested to
ensure they will not fail when the century changes.
There are several critical tests you should perform once you've
changed or replaced a system. The best way to see if a system is ready
for the year 2000 is to test the system as if it were already the year
2000. Test that the system will operate correctly after the date has
rolled over from 12/31/1999 to 1/1/2000. Because the year 2000 is a
leap year, you should test that your system will recognize 2/29/2000 as
a valid date and that it will roll over from 2/28/2000 to 2/29/2000,
and from 2/29/2000 to 3/1/2000. You should also test your fixed system
with a date before 2000 to insure that it works. See the attachment for
other suggested dates to test on your system.
Warning--There are risks involved in rolling dates forward on
computers. Some computer security systems keep track of the last time a
user accessed a system and will revoke or inactivate that user's
password if it has not accessed the system for a period of time.
Rolling the date forward may cause user passwords to be inactivated by
the security system.
Datasets that should be retained may be marked as expired and could
be written over. Some software packages may be leased and you may be
paying an annual fee to the vendor. Rolling the date past the end of
the lease may cause the software package to freeze up or generate error
messages.
There are several other tests that you may want to carry out,
depending on the functions your system supports. If your system does
end-of-week, end-of-month, end-of-quarter and/or end-of-year
processing, these should be tested. You should test that the system
will forecast and retrieve data properly. Set the date to a date in
1999 and check that the system will forecast into the next century. Set
the system to a date in the 21st century (any date after 12/31/1999)
and test that the system will retrieve historical data from some period
before 12/31/1999.
Hint--Whenever possible, testing should be carried out in a test
environment to minimize the chance of corrupting the production
systems. Also, be careful changing historical or backup files if you
choose date expansion. You may lose an important audit trail. We
suggest you consult with your auditors and legal staff before changing
historical or backup files.
Definition--The term ``production environment'' refers to the set
of hardware and software that supports your day-by-day operations.
``Test environment'' refers to the hardware and software where new or
changed systems can be tested without disturbing your day-to-day
operations.
Hint--Testing of changed systems should be carried out in an
environment that is ready for the year 2000. You should work with your
vendors to determine when their hardware platforms will be compliant
and use those dates to build your test plans. If your vendor cannot
supply the platform in time to meet your schedule, you should be aware
of the risks involved and be prepared to retest your changed systems
once the platform is ready.
(5) Implementation--moving your repaired or replaced system into your
production environment
Before you install your replacement or repaired system, you should
develop an installation plan and contingency plans. The installation
plan lists all the files and programs that need to be moved into
production, and all the steps to make your changed system work. Your
installation plan may include testing in production to insure that the
installed systems are working as expected. Contingency plans list the
possible problems that you can foresee and what steps you will take if
these problems occur.
Hint--You may want to make backups of the production files from the
old system. If possible, you may want to install the ready system and
run it in parallel with the old system and compare results.
Reminder--Your contingency plans should not include reverting to
the old system. The old system is not ready for the year 2000,
otherwise you would not be replacing or repairing it.
Warning--In planning to replace a system, make certain that you
allow enough time to replace all of the necessary pieces of that
system.
don't get contaminated
Once you have repaired your systems and made them year 2000
compliant, you should take steps to make sure that subsequent changes
do not contaminate those systems with year 2000 bugs. A system might
get contaminated if a programmer makes changes to a repaired system and
inadvertently changes the logic that handles the century change. A
vendor-supplied package might also become contaminated if subsequent
releases of the package don't include the year 2000 changes.
Retest the year 2000 changes as part of any subsequent system
modification effort. We recommend that you save the test data and test
cases that were used to test the original changes and use them whenever
you are testing other changes to that system. This is called regression
testing. We also suggest that any new releases of vendor-supplied
packages also be year 2000 tested.
personal computers
Today personal computers are widely used in many businesses. All
personal computers have an internal clock/calendar that maintains and
reports the date and time. In some computers, the year is stored and
processed as two rather than four digits. The year 2000 will affect
these computers just as it affects other systems. If you are running
systems on your computers that access that PC's date, these systems may
fail or produce bad results. All PCs should be tested, regardless of
how they are used.
An insert in this brochure lists the steps you can follow to test
your personal computer. You can also run PC test software that is
available on the Internet.
Take an organized approach to this problem. List all your PC's,
test them for readiness, and mark those that are not ready for later
attention. Bright fluorescent labels can be used to mark PCs as ready
or not.
There are several possible ways to correct this PC date problem.
You may contact a computer retailer to investigate purchasing a new
Basic Input/Output System (BIOS) chip that is year 2000 ready, download
software solutions from the Internet, or replace the non-ready PC with
a model that is.
Hint--Anytime you reset the date on a PC, you run the risk of
corrupting your system. You can minimize that risk either by backing up
all of the critical files or by resetting the date in a test
environment. Don't forget to reset the date to the correct date/time
after you have tested the system. If you are testing a LAN file server,
power off all of the workstations connected to that LAN before going
through the date test procedure.
Warning--Even a brand-new state-of-the-art PC may not be ready for
the year 2000. New PC's should be tested before they are installed.
your business is not alone
No business exists in a vacuum. Yours is part of a chain of
customers, suppliers, utilities, and vendors. Year 2000 failures in any
of these can impact your business. Here are some tips to protect your
business within this chain.
Vendor-supplied products--Many software vendors were caught by
surprise by the year 2000 problem and some will not be able to make
their products ready. Others may make their products ready but may not
be able to deliver the ready software until late 1999. Some vendors may
no longer support a particular product that you may be running, and
other vendors may have gone out of business.
For date-sensitive systems, contact the vendors to find out their
readiness plans. If a vendor will not give you information about the
readiness status of a package, or if a ready version will not be
available until late in 1999, you should investigate an alternate
system. Even if a vendor insists its product can handle the century
date change, you still should test and certify it to your satisfaction.
If the vendor insists that an upgraded version of a program package is
ready, that package still must be tested since the vendor may have a
different definition of readiness.
Data processing service bureaus--If you use a service bureau for
your data processing needs, contact it to discuss its plans for year
2000 readiness.
Make a list of all the services provided by your service bureau,
ranking them according to how critical they are to your business, and
then contact the service bureau in writing about each service. If a
service bureau says it is ready for the year 2000, ask it to provide
test results demonstrating this. If possible, test the service for
yourself. If it is ready for certain services but not for others, you
should determine what this means to your business. Decide if there is a
``work around'' you can implement. If the service bureau says it will
have a year 2000 version in the future, you need to assess what that
means to your business. A date late in 1999 may be too risky.
Utilities and services--If your local utility fails to provide you
with water, gas, or electricity, your buildings will not be usable and
your business will suffer. You should also contact other companies that
provide essential services such as janitorial, repair, delivery, etc.
You should contact all of your suppliers to discuss the state of their
year 2000 readiness and make contingency plans.
Record storage/retention firms--You may use such a firm to store
critical legal documents and backup tapes offsite. These firms should
be contacted to determine their state of readiness. It could be
disastrous if you have an emergency and discover that your offsite
storage firm can't find your backups.
other sources of help
There are many helpful sources you can turn to for making your
business ready for the century date change. The Internet has thousands
of web sites dedicated to the year 2000 problem. Many sites have links
to sources of freeware, planning tools, discussion groups, and so
forth.
Here is a short list of useful Web sites.
http://www.year2000.com--Peter de Jager's Web site--a good source of
links to other sites
http://www.compinfo.co.uk/y2k/manufpos.htm--contains links to
computer manufacturer's home pages where you can find Year 2000
compliance information
http://www.software.ibm.com/year2000/--IBM's Year 2000 page
http://www.microsoft.com/smallbiz/edge/yr2000/default.htm--
Microsoft's Year 2000 page
http://www.gmt-2000.com/gmt-2000/homepage--frameset.html--the link to
Greenwich Mean Time's home page with evaluations of PC testers
and BIOS chips--useful for PC evaluation
http://pw2.netcom.com/helliott/00.htm--The so-called ``Mother of all
Y2K link sites'' contains many links to other sites
http://www.jks.co.uk/y2ki/confer/notices/dtisme01.htm--link to a
report ``Helping the Small Business Tackle Year 2000''
http://www.isquare.com/y2k.htm--The Small Business Advisor Web site
http://www.bog.frb.fed.us/y2k/--The Year 2000 page of the Board of
Governors of the Federal Reserve Bank
http://www.ffiec.gov/y2k/--The Year 2000 page of the Federal
Financial Institutions Examination Council
http://www.frbsf.org/fiservices/cdc--The Federal Reserve Bank of San
Francisco's year 2000 page
Professional organizations or trade associations may be able to
provide you with support and advice. There are many consulting firms
and independent consultants who can help you get your business ready
for the century date change. Many data processing and business
magazines have articles about the year 2000 problem and most large
cities now have year 2000 user groups that meet to discuss the problem.
One magazine that is dedicated solely to the year 2000 problem is
called The Year 2000 Journal. The Journal can be reached at (214)-340-
2147; its Internet address is http://www.y2kjournal.com.
If you can't find a year 2000 user group in your area, form one. It
can become your support group and someone in your group may have
already solved problems that you are facing. If you form, or join, a
year 2000 user group, invite local political officials to become
involved. They will have to work with their local government agencies
to ensure that police and fire services, water, electricity, and other
utilities are uninterrupted.
some questions to help assess system readiness
1. Can the system perform projections through time? For example,
can it calculate interest or payments or make inventory projections?
2. Does the system allow for entering dates? If yes, is the year 2
or 4 digits? What happens if you enter ``00'' or ``01?''
3. Will the system operate differently depending on the day of the
week? Will it operate differently at month-end, quarter-end, or year-
end?
4. Can the system put things in order by date?
5. Does the system allow you to retrieve things by date?
6. Can the system perform date-based calculations?
7. Does the system have a security feature that includes date
checking?
suggested testing criteria
The following list is not all inclusive. You should add others
based on your business's needs and ignore those that are not
appropriate.
1. Test the changed system with dates before the year 2000 to
insure that it is working properly.
2. Test that the changed system rolls over from 12/31/1999 to 1/1/
2000 properly.
3. Validate the first business day of the year 2000 (1/1/2000, 1/2/
2000 or 1/3/2000 depending on your business needs).
4. Validate that the system operates correctly at end-of-month (1/
31/2000 and will roll over to 2/1/2000 properly.
5. Test that the system rolls over from 2/28/2000 to 2/29/2000
properly, operates correctly on 2/29/2000, then rolls over and operates
properly on 3/1/2000.
6. Test 3/31/2000 and 4/1/2000 to show that end-of-quarter
processing operates correctly.
7. Test 1/7/2000 and 1/10/2000 to insure that the system operates
correctly on the first Friday of the new century, and on the Monday
after the first Friday.
8. Validate year display fields, including data entry.
9. Validate the year in reports.
10. Test that the system sorts in correct order, validate all sort
processing.
11. Validate correct calculation of dates.
12. Validate the correct acceptance of dates from the operating
systems.
13. Validate calculated resultant values from dates.
14. Test that ages are calculated correctly.
15. Validate interest and other time-based financial calculations.
16. Test expiration date processing.
17. Test historical decision analysis.
18. Validate time reporting processing.
19. Test workflow/materials requisition and inventory processing.
20. Verify that billing calculations are correct.
21. Validate cycle processing, including day-of-week and/or first
business day of the month.
22. Verify that the system forecasts correctly.
23. Test forward processing--process dates after the year 2000
(2001, 2002, &c.).
24. Validate backward processing--process dates prior to 2000.
25. Verify historical or archival date processing.
26. Validate that the system purges the correct records.
27. Validate date and data error handling routines.
28. Validate date expansion, if used, both within the application
and between interfacing applications.
29. Validate windowing, if used, both within the system and between
interfacing systems.
30. Validate proper handling of special values in dates--99/99/
9999, 88/88/8888, 00/00/000.
31. Validate that the system works with the date 1/1/1999--first
date with ``99'' in the year field.
32. Validate that there are 366 days in the year 2000, and 365 days
in the year 2001.
33. Validate that 9/9/99 (September 9th, 1999) is handled properly.
Some additional dates that may impact businesses.
1. 7/1/1999--46 out of 50 states start their fiscal year 2000.
2. 10/1/1999--start of Federal Government's fiscal year 2000.
3. 2/15/2000--W2 due.
4. 4/15/2000--Tax day.
5. 4/30/2000--first month ending on a weekend.
6. 5/1/2000--tax withholding report due, unemployment tax due.
7. 9/30/2000--Federal Government's end of fiscal year 2000.
8. 10/10/2000--first ``6-digit'' date for systems storing date as
MDDYY.
9. 12/31/2000 (Sunday)--first year end--check that year contains
366 days.
10. 1/1/2001--test that the system has been instructed to roll over
to 2001.
11. 2/29/2001--invalid date.
12. 12/31/2001--second year end--check that year had 365 days.
how to check a personal computer for year 2000 readiness
The following steps are suggested to determine if a personal
computer will roll over to the year 2000 correctly.
The test presented here requires a bootable DOS floppy diskette.
This is a safer method to test your PC's system clock because it leaves
the data and programs on your PC's hard disk unaffected. If you boot to
your C: drive, you may end up loading Windows or Windows 95 and other
applications from your startup routine. Using a bootable diskette will
ensure the integrity of the data and programs on your PC's hard disks.
The test script presented here will check your PC's ability to
transition to the year 2000 and recognize it as a leap year.
Do not perform the tests by changing your system's BIOS Setup
screen.
Create a bootable test diskette. Insert a blank floppy diskette
into the PC's A: drive. From a DOS prompt, type FORMAT A: /S. Or from
Windows File Manager, click on DISK/FORMAT and check MAKE SYSTEM DISK.
With the bootable diskette created in Step 1 still in your PC's
floppy drive, shut down your system (close Windows) and the power off
your PC. Don't just hit the reset button or warmboot (CTL-ALT-DEL).
Turn the power on your PC, and allow the PC to boot from the
diskette.
After bootup, DOS automatically shows the current date. Make sure
that the correct date is displayed. Otherwise, you may have to set the
correct date on your PC's BIOS.
At the Enter new date (mm-dd-yy) prompt, type 12-31-1999.
After changing the date, the current time will be displayed.
At the Enter new time: prompt, type 23:55:00.
Turn the power off on your PC and wait at least 10 minutes. If you
don't, DOS will appear to transition correctly to the year 2000.
However, once you reboot the PC, it will display the incorrect date if
your system's RTC has the flaw described above.
Turn the power back on and wait for the boot process to complete.
Type in Date at the ready prompt. If Sat 01-01-2000 is displayed,
your PC's BIOS passes the test.
At the Enter new date (mm-dd-yy): prompt, type 02-28-2000.
This will test your system's ability to recognize the year 2000 as
a leap year.
After changing the date, the current time will be displayed.
At the Enter new time: prompt, type 23:55:00.
Power off your PC again and wait at least 10 minutes.
Turn the power on the PC. Type in Date at the Ready prompt.
If Tue 02-29-2000 is displayed, your PC's BIOS passes the leap year
test.
To conclude testing, at the Enter new date (mm-dd-yy): prompt,
enter the correct date, e.g., 07-04-1997.
After changing the date, the current time will be displayed. At the
Enter new time: prompt, type correct time, e.g., 06:00:00.
Remove the bootable diskette from the floppy and power off your PC.
______
Responses of Fred P. Hochberg to Questions Submitted by
Chairman Bennett
Question 1. I understand that SBA will be guaranteeing 50 percent
of the loan value up to $50,000 to help small businesses pay for Y2K
fixes. Can you characterize or project how quickly the guaranteed
funding will enable small businesses to complete remediation and
testing efforts? For example, if a typical small business were to
obtain funding and begin remediation efforts in December of 1998, what
are the chances they could reach compliance by the year 2000?
Answer. The legislation (H.R. 3412) establishing a targeted Y2K
pilot loan program at SBA failed to pass before Congress adjourned.
However, SBA believes its current loan programs are already structured
to do the type of Y2K mitigation loans envisioned in this legislation.
SBA recently changed its SBAEXPRESS and LowDoc programs to expedite and
simplify the delivery of funds to small businesses. These programs are
specifically designed for the type of loans that businesses would need
to address Y2K in an expedited manner. For example, under our
SBAEXPRESS program, small businesses can receive a loan to address Y2K-
related problems for up to $150,000 with a guaranteed turnaround time
of 36 hours or less.
With regard to the second question, the time required for Y2K
remediation efforts will vary from one small business to the next
depending upon the complexity of the Y2K issues at each small business.
If the fix happens to be solely reprogramming the internal clock of a
personal computer, then obviously the fix can be done quickly, often
within one day. If the fix involves a complete overhaul of entire
systems, including procuring new machines, then the fix will be more
complex and may take anywhere from a week to many months. If the fix is
reviewing computer programs, on a line-by-line basis involving millions
of line of computer code, the fix may be especially long and may be
dependent upon finding capable technical staff to complete the work. In
this latter case, this work will require many months. Our message to
all small businesses is to take action now, don't delay. To assist
small businesses in getting quick access to the information they need,
SBA's Y2K website (www.sba.gov/y2k) we have include direct links to
over sixty computer hardware and software manufacturers.
Question 2. What sort of figures or data can SBA provide about the
potential impact of small business failure on the supply chain? For
example, if it is expected that 50 percent of all business experience a
failure of a mission critical system, does SBA have any projections as
to how this could impact the economy in either the short term or long
term?
Answer. The SBA does not have any data regarding the impact on the
economy in either the short term or long term as a result of the Y2K
issue and possible small business failures. However, we do believe that
the Y2K issue is a management issue, not a technical issue. As such,
small businesses who exercise prudent management judgement in their
everyday operations will successfully solve their Y2K issues in a
timely fashion. Those small businesses that are unable to address
ongoing management challenges will also have a difficult time in
addressing the Y2K issue. In other words, I believe few small
businesses will fail solely because of the Y2K issue. A small business
with poor management skills is likely to fail because Y2K is just one
of many issues they have not been able to overcome. Accordingly, the
success/failure rate of small businesses will not be radically affected
and the overall effect on the economy will be minimal.
Question 3. What is the greatest concern SBA has for small
businesses?
Answer. Our greatest concern is that small businesses are not
taking action soon enough on this important issue. Small businesses
tend to focus on the ``here and now'' as they grapple with business
management issues every day. January 2000 is over a year a way and that
is an eternity for most small businesses. The longer a small firm
waits, the more costly the Y2K ``fix'' will be. Our slogan is ``Its too
late to start early.''
Question 4. How is the SBA stressing the importance of business
continuity planning? Have you identified best practices for business
continuity planning?
Answer. SBA has identified best practices and developed materials,
classes, seminars, speeches and a web site stressing the importance of
contingency planning as part of an overall Y2K strategy for every small
business. On our web site, www.sba.gov/Y2K, we offer advice on
contingency planning. Specifically, we offer information on contingency
planning in our seminar materials. These materials, developed by IBM
for our use during our national Y2K Action Week, provide an excellent
guide for small businesses as they address their Y2K issues.
Question 5. Does SBA have any estimates as to the overall cost of
Y2K for small business?
Answer. We have not conducted any independent studies of the
overall cost for small businesses. However, we are in contact with the
National Federation of Independent Businesses (NFIB) and its Y2K staff.
NFIB issued a study this past May on the preparedness of the small
business community for the Y2K problem. It is conducting a follow-up
study, which should be available by the end of this year, and has
offered us the opportunity to review the data they receive. We expect
the study to address this issue and give us insight on the overall
cost.
Question 6. Does SBA have any figures indicating the reliance of
small business on information technology? For example, do you know what
percentage of small start-up businesses rely heavily on computers.
Answer. SBA has not done any research in this area and does not
have any data readily available to make an estimate regarding the
percentage of small start-up businesses that rely heavily on computers.
In addition, we are not aware of any similar studies having been done
in the private sector.
______
[United States Small Business Administration--Small Business Research
Summary--RS Number 156 (November 1995) ISSN 1076-8904]
The Effect of Computer Use on the Earnings of Workers by Firm Size
[By Rakesh Kochhar, 1994, 104p. Completed by Joel Popkin and Co., 1101
Vermont Ave.N.W., Washington, DC 20005, under contract no. SBA-8033-OA-
93]
purpose
The use of computers by workers is an important element in the
currentt employment shift toward higher-skill jobs. The extent of
smalll businesses' participation in this shift, and the wage benefitss
by firm size to employees participating in the shift, are thee subjects
of investigation in this study.
Many policy-makers believe that the competitive potential of
U.S.businesses--both at home and abroad--will depend on the ability off
firms to incorporate computer-based technologies and to upgrade thee
skills of their workers. It is important to understand how smalll and
large firms have adapted their work places to the emergingg
information-based economy and whether they have realized similarr gains
in productivity from the use of computers. Productivity gains from the
use of computers is expected to be bestt measured by the wage
differential of computer users over otherr workers in the same
industry.
scope and methodology
Data for this research became available with the inclusion of a
question on computer use in the Current Population Survey (CPS) of
January 1991. These data were merged with data on firm size from thee
March 1991 survey and wage data from the April 1991 survey.The CPS is a
regular survey of households by the Bureau of the Census and covers
over 50,000 households. The survey panel changes fromm month to month,
so only those households included in the surveyy in all three periods
could be used. The result was 28,407 observations that matched across
all three time periods, or less thann half of the 67,374 individuals
reporting on employment in January 1991. Workers under the age of 16
and over the age of 65 were eliminated from the sample, as well as a
few workers with very low wages. The final sample was 18,009
individuals. The data permitted further analysis by worker age,
education, sex,job tenure, industry, and occupation. The analysis
revealed the wage returns to computer usage to be robust and nearly
constant acrosss firm sizes, industries, and all of the above worker
characteristics. Computer usage in information-based industries was the
highest; production occupations showed the lowest computer usage by
workers. Growth industries were analyzed separately and revealedd
higher computer usage among workers in growing industries.
highlights
--Small firms were found to be hiring college-educated workers and
creating jobs at the top end of the wage spectrum in greater
proportionss than in the past. Among new hires, small firms
employed 58.9 percent of all workers and 54.8 percent of new
hires in the top wage quartile. In the time period covered in
the report, small firms were responsible for the majority of
new hiring at the high end of the wage spectrum. The author
states, ``Between 1990 and 1991 most high-wage jobs were being
created by smalll firms.''
--Computer usage was twice as high among employees in the highest
wage quartile compared with those in the lowest quartile. This
relationship held for all firm sizes and lengths of job tenure.
The overall average was 29.6 percent of workers using computers
in the lowest wage quartile and 74.2 percent using computers in
the highest wage quartile. The wage return to computer usage
was present even among new hires in the under 25-employee firm,
where the lowest wage quartile showed 21.6 percent of workers
using computers and the highest wage quartile showed 58 percent
using computers. To the extent that wage is based on the
marginal value of worker product, computers are an important
influence for higher workerr productivity in firms of all
sizes.
--The highest premium for computer users over nonusers was found to
be in small firms in industries with the highest growth rate,
where a premium of nearly 24.8 percent in wages was observed.
Fast-growing large firms did nearly as well, with an estimated
23.8-percent wage premium for computer users.
--Computer usage was highest in fast-growing firms of more than 1,000
employees, with 69 percent of employees using computers; it was
lowest in slow growth firms with fewer than 25 employees where
less than 31 percent used computers in their occupation. The
author suggests that the 25-employee level may be a threshold
for the adoption of computer technologies.
--Occupations requiring information processing exhibit computer usage
four times as high as occupations that are mostly production-
oriented. Information-processing occupations show computer
usage to be 71.9 percent for small firms and 81.3 percent for
large firms.
--Women use computers at a higher rate than men in firms of all
sizes. More than 50 percent of women in small firms use
computers on the job; the rate for men is below 40 percent.
ordering information
The complete report is available from:
National Technical Information Service
U.S. Department of Commerce
5285 Port Royal Road
Springfield, VA 22161
(703) 487-4650
TDD: (703) 487-4639
Order number: PB95-239984
Price codes: A06 (paper); A02 (microfiche)
__________
Prepared Statement of Senator Jon Kyl
Small and medium size businesses are key elements in the robust
American economy. Experts have projected that a good number of small
and medium-sized business may very well fail because of the Year 2000
computer problem. In fact some recent news articles across the country
are citing projections that up to 12 percent of small business
employing 50 people or less may be expected to declare bankruptcy. What
would happen if 12 percent of the small businesses in the U.S. were to
fail in the first quarter of 2000? How do we ensure that the supply
chain necessary for commerce and defense remains unbroken? Making sure
that small and medium sized business are prepared and have the
resources they need is an important step.
The good news is that a small business can often fix their problems
faster; the bad news is that small businesses often do not have the
``in-house'' technical expertise or budgets to fix Y2K problems. The
Passage of the ``Year 2000 Information Disclosure Act'' (S. 2392) and
the Year 2000 Readiness and Small Business Restructuring Act of 1998
(H.R. 3412) provide important resources for the business community. S.
2392 helps increase the flow of technical information needed for
identifying and correcting problems, and H.R. 3412 helps ensure that
small business can borrow the funds they to finance Y2K fixes.
According to Frank Zarb, the chairman of the National Association
of Securities Dealers, parent of the Nasdaq stock market, ``I believe
we're in good shape but I'm still worried. We know, like everyone else
does that there are going to be some crises, so we formed crisis teams
that can parachute in after that day.'' I appreciate Mr. Zarb's well
balanced approach. I think this represents a realistic model for small
and medium sized businesses. Know your vulnerabilities, do everything
you can to prepare for Y2K and do not neglect your business continuity
plans.
It is in the best interest of every business to investigate their
Y2K vulnerabilities and build the necessary business continuity plans.
Small and medium sized businesses are the biggest employers in the
country, and it is essential that they make the transition to the next
century in a well executed fashion. Mr. Chairman, I look forward to
today's hearing.
__________
Prepared Statement of Keith Mallonee
Mr. Chairman and distinguished members of the committee: I am
pleased to appear today before the Special Committee on the Year 2000
Technology Problem. My name is Keith Mallonee. I am the vice president
of systems development for McKesson Corporation. In keeping with the
Committee's request, I will provide a brief overview of McKesson's
program to address the Year 2000 or 19Y2K' issue and respectfully
request that my full written statement be included in the record of
this hearing.
McKesson is the largest national distributor of pharmaceuticals,
health care products, medical and surgical supplies, with sales in
excess of $20 billion for our current fiscal year. Our customers are
located in all 50 states, and include hospitals, independent
pharmacies, chain drug stores, food stores, clinics, nursing homes,
government facilities, physician groups, HMO's and surgical centers.
Today I am here to share with you the importance of electronic
commerce to our company, the preparations McKesson is making for Year
2000 and the state of our developing contingency plans.
Electronic commerce is very important to the success of our
business and the business of our customers. McKesson supplies
pharmaceuticals and health care products to roughly 35,000 customers
and processes about 60,000 orders containing 1.6 million order lines
daily. Virtually all of these orders are sent to us by customers in
some electronic form or another using everything from small hand held
electronic devices that connect to phones to large mainframe computers.
In addition, all major movements of funds including customer
remittances and payroll are handled electronically through electronic
fund transfers.
On the inventory management side of our business, we are equally
dependent on electronic commerce. Roughly 80 percent of all trade goods
purchased by McKesson are ordered through electronic data interchange,
or EDI. Payments to our larger trade suppliers are also handled through
EDI with commercial bank payment services.
McKesson has become very dependent on electronic commerce and we
are taking great care to ensure the efficient functioning of this
environment continues with minimal interruption as we enter the new
millennium.
How has McKesson prepared for the Year 2000? Just as we would any
other major project. In 1996, we began with a survey of all of our
operations to get a better appreciation for the scope and skills
required. We then created a Year 2000 central project office for which
I am responsible. In 1997, we began developing corporate-wide
standards, dividing the problem into manageable projects, then
developing plans and budgets.
Today we are finalizing software and hardware changes and testing
the integrity of these changes extensively. We monitor our progress
across the enterprise through reports submitted on a regular basis to
our central project office, our Chief Information Officer, an executive
steering committee and ultimately to McKesson's Board of Directors.
McKesson's Internal Audit Department has independent staff members
conducting company-wide reviews of subsidiary and divisional Year 2000
efforts. The results of these reviews are presented to the Audit
Committee of McKesson's Board of Directors.
McKesson's executive management has identified Year 2000 as a top
corporate priority. To that end, we have an estimated 400 people,
including project managers, technicians, consultants, contractors and
business partners working on the problem and we expect to spend between
$30-40 million in making our systems ready.
How are we progressing? A recent review by our financial auditors,
Deloitte and Touche, found our progress and methods to be `best of
class', of which we are quite proud. As with any project of this
magnitude and complexity, there are challenges, but at this point,
McKesson does not foresee any serious obstacles meeting its Year 2000
requirements. In general, McKesson plans to complete the final system
changes required for Year 2000 compliance by June 1999.
While McKesson has moved at a very fast pace to solve Year 2000
problems internally, our ultimate success is very dependent on others,
particularly our trading partners and the telecommunications, electric
utilities and transportation industries. As a result, contingency
planning, while a normal part of our business, will become even more
important as we approach the Year 2000. In the sales area, we will be
capable of taking limited emergency orders manually and have provided
virtually all customers with highly reliable hand held order entry
devices to use in case their own systems fail. In our major data
center, we have a diesel generator sufficient for normal operations
with alternative telecommunication pathways and we can reroute inbound
electronic orders to off-site systems. At the distribution centers we
are prepared to pick emergency orders manually and ship product by any
one of six modes. We have identified our most critical products and
expect to have at least 45 days of supply on hand at the turn of the
millennium. In addition, we are working to certify the readiness of our
2,000 inventory suppliers, with special attention to all manufacturers
of pharmaceutical products.
McKesson has been in business since 1833. In the intervening 165
years, we have faced many challenges in supplying our customers the
product they need within the timeframe they require. As an example,
Hurricane Georges recently closed down one of our 36 distribution
centers for 5 days. Similarly, we have encountered fires, floods,
earthquakes, tornadoes, blizzards...and yes, even computer system
failures. Even in the worst disaster McKesson has taken pride in being
able to overcome the obstacles and deliver product when and where it is
needed. With Hurricane Georges we quickly rerouted critical orders to
two other distribution centers and continued to deliver without a
serious disruption to our customers. Year 2000 is just another
challenge and we will meet it just as we always have.....our customers
have grown to expect that from McKesson.
Mr. Chairman, we appreciate the opportunity to appear before the
Committee today. These are critical issues facing our industry and we
welcome your leadership in addressing them. I will be happy to respond
to any questions that members of the Committee have, either now, or in
writing following the hearing.
______
Response of Keith Mallonee to Questions Submitted by Chairman Bennett
Question. How is McKesson avoiding the generic problems of IT
interconnectivity both domestically and foreign with its EDI trading
partners?
Answer. Almost all of McKesson's 35,000 customers are using
McKesson-owned portable order entry devices that support both manual
key entry or bar-scanned entry. These units are Year 2000 tested, are
not dependent on EDI technology except for a working phone line, and
have been in use by McKesson customers as a sole or alternative order
entry device since the late 1960's.
McKesson also offers customers an opportunity to transmit limited
orders via any touch tone phone.
If we have a Year 2000 problem with our telephone carrier, we can,
to a certain degree, use alternate lines, hubs and carriers. At this
point McKesson expects that if there are telephone problems, they will
be local, if at all.
Electronic fund transfers, normally accomplished through EDI, can
be accomplished by simple wire transfer.
To limit the chance of Year 2000 EDI problems, all EDI trading
partners have or will receive an invitation to participate in test EDI
transmissions as a part of our Year 2000 effort.
There are ready alternatives to EDI. For example, orders with EDI
suppliers can be faxed, telephoned, FedEx'd, or even delivered by
regular mail.
In addition, McKesson has no suppliers using EDI with ordering
points outside the United States for its core business of domestic drug
and healthcare distribution.
Question. To what extent is McKesson dependent on foreign suppliers
and how do you expect to avoid the Year 2000 problem with them?
Answer. Our core business (domestic wholesale healthcare
distribution) purchases very little, if any, directly from foreign
suppliers and any such transactions would be handled by non-electronic
means (such as mail or fax). We do not, therefore, anticipate a direct
Year 2000 issue with foreign suppliers for our domestic wholesale
healthcare distribution business. It is difficult to fully evaluate our
indirect exposure where, perhaps, McKesson deals with a company that
purchases raw or finished goods from outside the United States.
Our foreign subsidiary, Medis in Canada, also purchases exclusively
within Canada. Medis is working on their own Year 2000 plan to include
vendor Y2K certification. McKesson also has a minority interest in
Nadro of Mexico but we have been unable to determine to what extent
they purchase from foreign suppliers.
Question. To what extent have you coordinated, negotiated or
otherwise contacted your suppliers and customers to make certain that
they will be Year 2000 ready? Will you continue to do business with
companies that are not Year 2000 ready?
Answer. A review of material relationships with suppliers of
technology and trade goods was included in the McKesson Year 2000
project.
We are participating in an industry effort organized by the
National Wholesale Druggists' Association (NWDA) to verify the Year
2000 readiness of trade suppliers with special attention to
manufacturers of branded pharmaceutical products. The NWDA is the
national trade association for pharmaceutical distributors. McKesson is
dedicated to getting Year 2000 certifications from a list of suppliers
identified as critical to our business; together these critical
suppliers represent over 85 percent of McKesson's purchases in 1997.
Within the structure of the core project office at corporate
headquarters is a team dedicated to trading partner issues. On a daily
basis McKesson is communicating by phone and letter with major
suppliers and exchanging information about mutual Year 2000 interests.
On the non-trade side of the business, Year 2000 compliance
statements were required from all suppliers of McKesson's computer
hardware and commercial software starting in early 1997. As of October
1998, 70 percent of the computer hardware and purchased software used
in the core business, wholesale drug and healthcare distribution, was
compliant. Non-compliant technology was or will be replaced by June
1999.
McKesson has just established a web site containing a section
devoted to Year 2000 information. This web site will allow McKesson
efficient and timely communication with our trading partners and the
public on key Year 2000 issues. The site is divided into 3 sub-areas:
general information of possible interest to everyone, an area dedicated
to customer concerns, and a separate area dedicated to supplier topics.
At this point we are not aware of any supplier that has expressed
serious doubt about their ability to become Year 2000 compliant. If a
trade supplier is identified with serious Year 2000 problems, the
decision to cease doing business with them will rest with our product
and inventory managers.
Question. What infrastructure availability did you assume in
planning your Year 2000 remediation and contingency plans?
Answer. Most of our customers operate on a 19just-in-time'
inventory model. They assume that they can carry a minimal level of
inventory because an order placed today will be filled by McKesson
tomorrow. Because McKesson distributes pharmaceuticals with health
sustaining, and in some cases, life dependent attributes, this
dependency is taken quite seriously. As I mentioned in my verbal and
written statement to the committee on October 7, 1998, McKesson has
been in business since 1833 and has managed to deliver critical
products despite all types of business disruptions, such as
earthquakes, tornadoes, floods, fires and hurricanes. In some of those
situations, distribution center phone lines have gone dead, power has
failed, employees have been unable to get to work, computers have
failed, and normal resupply has been disrupted. In these cases, our
local managers, administrative staff, sales people and warehouse
employees have picked critical orders by hand or shifted orders to
other distribution centers for filling. Critical product was moved from
one distribution center to another to cover short-term supplier
problems, and orders were faxed rather than transmitted by EDI. You can
be very resourceful if someone's health and your business relationships
require it.
McKesson relies heavily on technology in its infrastructure and has
moved aggressively to address both internal and external Year 2000
concerns. Because of our strong internal Year 2000 organization, we are
becoming increasingly confident that, internally, our systems will
successfully meet the Year 2000 challenge.
We currently believe that the most likely risks of Year 2000
business disruptions are external in nature and may occur in
telecommunications, electric, or transportation services and with non-
compliant smaller trading partners. Problems will probably be
localized, non-critical and hopefully short in duration. The most
serious disruption would be an extended and/or extensive communications
failure. Such an extensive communications failure is not considered
likely based on our monthly Year 2000 reviews with major communications
carriers, the flexible design of our network, and our use of backup and
off-site systems.
Question. How does your company rate the potential Year 2000 impact
of microprocessors on your business?
Answer. Internally, McKesson uses microprocessors in desktop and
laptop computers, security systems, servers, controllers, telephone
equipment, time keeping and reporting devices, portable intelligent
scanning equipment used in our warehouses, and in a multitude of other
devices. At this time we are not aware of any internal situation where
a device using a microprocessor would cause a serious impact on our
business. It's difficult to evaluate the potential external impact of
microprocessors on our business, but I am not aware of any serious
problems.
Question. What percentage of your overall time will be spent
testing as compared with time spent on remediation tasks? Will your
testing phase extend beyond June of 1999?
Answer. We estimate that at least 60 percent of our total Year 2000
effort will be devoted to testing. Testing is an important part of
McKesson's Year 2000 effort. All existing and modified computer code
has, or will be, subjected to an extensive, well-defined, multi-tiered,
series of tests. Throughout calendar year 1999 we will be conducting a
rigorous final level of review called integrated testing under post-
Year 2000 conditions.
__________
Prepared Statement of Lou Marcoccio
introduction
GartnerGroup is a worldwide business and information technology
advisory company, providing research and advice in more than 80 major
focus areas of business and technology, including Year 2000. We
research Year 2000 status, issues, and best strategies, and provide
advice and methods to companies and governments throughout the world.
Major points in this testimony:
(1) Year 2000 worldwide compliance status
(2) Predicted failures and impact
(3) The impact of embedded chips
(4) When system failures will occur throughout the duration of this
problem
(5) Risks to the United States and possible impact
(6) Accuracy of disclosures reported to the U.S. SEC
(7) Recommendations to the United States Senate
Method of Measurement of Compliance Status: COMPARE (COMpliance
Progress And REadiness): GartnerGroup uses a methodology for
determining the status of a company or government agency. It is used to
rank and compare level of completion of compliance. It consists of five
levels:
(1) Level 0--Has not started any Year 2000 effort
(2) Level I--Starting, awareness, champion identified, begin
business dependency inventory
(3) Level II--Conduct detailed inventory of all business
dependencies
(4) Level III--Detailed project plans, resources in place,
prioritize business dependencies, risk assessment, complete compliance
of 20 percent critical items
(5) Level IV--Complete compliance efforts on remaining 80 percent
of critical items
(6) Level V--Complete compliance of non-critical items and launch
policies to guard against post year 2000 failures
research methods
This information is gathered from interviews and client inquiry
meetings. GartnerGroup is prohibited from disclosing specific names of
companies or government agencies that are providers of this
information, due to agreements of disclosure, under which the
information is provided. Research data is gathered using various
research methods, e.g., client interviews, surveys, consortia groups,
user companies, equipment manufacturers, consulting firms, and legal
firms. The research covers 15,000 companies in 87 countries. An attempt
was made to equally distribute the research across small (under 2,000
employees), medium (2,000 to 20,000 employees), and large (over 20,000
employees) companies in each country, and to equally distribute across
27 vertical industries. We analyze the research and produce predictions
and analysis. This information is provided to clients in our written
research and advice. Year 2000 status of companies and governments has
been found to be quite different in each of three dimensions--size,
industry, and country.
research results
23 percent of all companies and government agencies have not
started any Year 2000 effort. 83 percent of these are small companies
with fewer than 2000 employees.
[GRAPHIC] [TIFF OMITTED] T7OC98G.004
Why Companies & Government Agencies Began to Address This Problem
(1) A failure occurred affecting a mission critical business
process
(2) Regulatory mandate and possible penalties
(3) Fear of internal litigation due to lack of due diligence
(4) Customer pressures
Since awareness and failure scenarios have reached many countries,
many companies are now getting started because of fear of interruptions
to their supply chain and pressure from customers.
[GRAPHIC] [TIFF OMITTED] T7OC98G.005
Large companies are farthest ahead. They began earlier, because
failures occurred, they had more resources to deploy, and they had
older systems critical to their continued business operation. They
spend a larger percentage of NOR (net operating revenue) on IT
(information technology) than small companies. Smaller companies have
fewer resources and less resource flexibility. A large percentage of IT
systems at large companies were built in-house. Small companies have
purchased a much larger percentage of IT systems from vendors. Since a
majority of business insurance carriers recently added Year 2000
exemptions to current active business interruption policies, companies
will not be able to rely on their insurance coverage as they planned.
Many large companies have cash reserves and internal insurance
strategies to rely upon, whereas small companies have limited safety
nets or parachutes.
As of Q3 1998, large companies have completed remediation of 20-80
percent of their internal systems, and 30-50 percent have started
significant levels of testing. Mid-size companies have 0-30 percent
remediated, and 20-40 percent have begun testing. Small companies have
0-5 percent remediated, 30 percent have begun testing, and they are
heavily reliant upon vendors to fix their systems. Large companies are
using their own internal resources and contracting only 2-7 percent to
outside vendors. Mid-size companies are contracting 25 percent to
vendors, while small companies are contracting 50 percent to vendors.
IT budgets were relatively flat from 1997 to 1998, however 30
percent of IT budgets will be spent on Year 2000 efforts in 1998. We
estimate 44 percent of IT budgets will go to Year 2000 projects in
1999.
Small companies spend 50 percent of their Year 2000 spending on
outside services, while large companies do most of the work themselves
with already-existing internal resources.
From 1996 through Q1 1998, companies were using vendor form letters
to determine supply chain risks. Many of these are not responded to,
and of the ones received, the vast majority are unusable for compliance
risk assessment. During Q1 and Q2 1998, more than 60 percent have
changed to a strategy of requesting face-to-face or telephone (direct
contact) vendor reviews. This should help in obtaining more accurate
supply chain risk information; however, many are struggling with trying
to get vendors to agree to this type of meeting. Therefore, getting
vendors to disclose accurate information related to compliance of their
products remains a challenging task.
Prior to 1998, 5 percent of companies had business participation or
business ownership of compliance efforts in their company. During 1998,
this grew to nearly 30 percent. We forecast that companies in which the
IT organization ``owns'' the Year 2000 compliance projects for the
corporation are 3-5 times more likely to have a serious mission
critical system failure (0.8 probability).
The predominant focus of Year 2000 projects differ considerably,
based upon the size of the company and country it is in. Large
companies are now focused on contingency planning and assessing
business dependency risks, while continuing to complete fixing of
internal systems and beginning to test (see Figure 2). Mid-size
companies are just beginning to address contingency planning, while
attempting to assess supply chain risks and trying to leap-frog steps
required to fix and text internal solutions (see Figure 2). Many small
companies have still not started, but the ones who have, are focusing
on vendor compliance and inventorying their business dependencies (see
Figure 2).
In April 1997, 50 percent of companies, across all industries, had
not started Year 2000 efforts. By November 1997, the number dropped to
30 percent. By October 1, 1998, 23 percent of companies throughout the
world had not started. 83 percent of those are small companies. We
predict that in January 2000, nearly 20 percent will still not be
started, and they will mostly be small companies and companies in
lagging countries (0.8 probability).
predicted failures by size
GartnerGroup defines a ``failure'' as an interruption to a business
operation, a business dependency which cannot be provided or delivered
as required, or inaccuracy of data or customer transaction. ``Mission
critical'' is defined as any business dependency which, if it were to
fail, would cause any of the following:
(1) A shutdown of business, production, or product delivery
operations
(2) Health hazard to individuals
(3) Considerable revenue loss
(4) A significant litigation expense or loss
(5) Significant loss of customers or revenue
30-50 percent of companies and government agencies worldwide will
experience at least one mission critical system failure (includes all
sizes, all industries, all countries) through Q1 2000. In the U.S., 15
percent of companies and government agencies will experience a mission
critical system failure (also see section on country status for status
of U.S. versus all other countries). 10 percent of failures will last 3
days or longer. The cost of recovering from a single failure after it
occurs will range from US $20,000--$3.5 million.
The number of companies predicted to experience at least one
mission critical system failure (0.8 probability):
--50-60 percent of small companies and government agencies
--40-50 percent of mid-size companies and government agencies
--10-20 percent of large companies
characteristics by industry sector
The second dimension used to gather Year 2000 status information is
by industry. We monitor 27 industries, and find there are distinct
issues unique to each industry. Very few of the industries are
regulated. The industries have been placed into four risk categories.
Figure 3 : Research Industries and Failure Predictions
------------------------------------------------------------------------
Category 1.--Insurance, Investment 15 percent of companies in
Services, Banking, Pharmaceuticals, these industries will
Computer Manufacturing. experience at least one
mission critical system
failure.
Category 2.--Heavy Equipment, 33 percent of companies in
Aerospace, Medical Equipment, these industries will
Software, Semiconductor, Telecom, experience at least one
Retail, Discrete Manufacturing, mission critical system
Publishing, Biotechnology, Consulting. failure.
Category 3.--Chemical Processing, 50 percent of companies in
Transportation, Power, Natural Gas, these industries will
Water, Oil, Law Practices, Medical experience at least one
Practices, Construction, mission critical system
Transportation, Pulp & Paper, Ocean failure.
Shipping, Hospitality, Broadcast News,
Television, Law Enforcement
Category 4.--Education, Healthcare, 66 percent of companies in
Government Agencies, Farming & these industries will
Agriculture, Food Processing, City & experience at least one
Town Municipal Services mission critical system
failure.
------------------------------------------------------------------------
Insurance, investment services, and banking lead all other
industries. Banking has a unique status, since small banks are lagging
and large banks in the United States are ahead of many other
industries. The insurance industry began having failures more than 10
years ago, and due to the critical impact their IT systems have on
their business operations, they began their compliance efforts early.
Banks in the U.S. began having failure problems nearly 30 years ago,
but were not driven to begin compliance efforts until they were driven
by regulation.
Infrastructure utilities and emergency services are critical for
sustaining business operations and well-being. In the U.S., we predict
that general infrastructure, power, non-wireless telephones, and
critical services will continue mostly uninterrupted, with potential
for relatively minor problems and some inconveniences. Natural gas
utilities are lagging the utility industries. Healthcare lags in areas
of medical practices, hospitals and elderly care. Public, private, and
higher education also lag far behind. Many world governments are also
far behind. The U.S. and Canadian governments are more than 40 percent
ahead of any other government in the world, but lag large, private
industry in the U.S. State governments differ widely in status. Most
U.S. states have Year 2000 projects. 50 percent have reached the start
of level III, and nearly all are being managed and driven from within
IT. 65 percent of U.S. cities and towns do not have Year 2000 projects.
Many mid-size and smaller cities and towns are lagging far behind or
have not started. An industry highly overlooked is agriculture
(farming, food processing, transportation/distribution, and import and
export of foods and food bi-products). Several agriculture sub-
industries are lagging far behind. Governments range from COMPARE level
to level III, with the majority in level 0-II. (see Figure 3).
[GRAPHIC] [TIFF OMITTED] T7OC98G.006
characteristics by country
The largest impact this problem with have on the world is related
to the global economy. Countries already plagued with financial woes,
sharp increases in inflation, limited monetary reserves, and high
unemployment are some of the same countries farthest behind with Year
2000 compliance. Figure 6 shows countries grouped according to level of
risk and the predicted percentage of companies to experience failures.
One white dot indicates that 15 percent of companies will have at least
one mission critical system failure. One solid dot indicates that 33
percent of companies will experience such a failure. Two solid dots
indicate that 50 percent will experience such a failure, and three
solid dots indicate that 66 percent will experience the same.
Infrastructure risks within a given country are shown separately in
Figure 7. There are several key non-Year 2000 interdependencies
considered when determining risks within a specific country, e.g., rate
of inflation, shortage of food or key resources, current government out
of favor with majority of people, risk of unrest, infrastructure
failure risks, ability to import/export key goods or resources, likely
dependencies on other countries for aid, and monetary reserves and
world value of their currency. A number of countries already afflicted
with several of these problems are considerably lagging in Year 2000
efforts, and will likely see even greater negative impact as a result.
[GRAPHIC] [TIFF OMITTED] T7OC98G.007
In our country status and predicted failure rates within countries
(Figure 6), the estimates include all companies and government agencies
together. Venezuela started awareness efforts months ago, but a large
number of companies and government agencies have not yet begun
compliance efforts. The new government leader may affect the rate of
progress. In Argentina, companies are finding it somewhat difficult to
get funding for Year 2000 projects and consulting firms needed to
supplement smaller companies are limited in number. Except for Israel,
Middle Eastern countries are just beginning, and are lagging. In
Russia, larger companies in just a few large cities are working on the
problem, but companies throughout the country outside those cities are
lagging far behind. Municipal services, healthcare, and other Russian
industries are far behind. In Pakistan and India, only larger companies
have begun efforts. In Mexico, the banking industry is aided by a
regulatory process that succeeds in getting relatively accurate
disclosures made. This helped to get the banking industry moving more
quickly than other industries. Two years ago, companies in Japan did
not believe they had a problem with Year 2000, but now many are trying
address compliance.
[GRAPHIC] [TIFF OMITTED] T7OC98G.008
The chart in Figure 8 shows the risk and probability of failure of
basic infrastructure by countries. It shows a ranking of 1 through 10
that describes how widespread and severe infrastructure and service
interruptions are likely to be for each group of countries (grouped in
Figure 6). Each failure effect is ranked in each country category
according to how widespread the impact will be realized, and the level
of severity expected. The chart takes into account today's (as of Q3
1998) status and risks, interdependencies, levels expected to be
reached by 2000, and likely failure results. Since some companies and
governments will slow down or speed up their compliance efforts prior
to 2000, and more and better status information is made available, this
information will be updated periodically.
[GRAPHIC] [TIFF OMITTED] T7OC98G.009
failure scenarios and predictions
Each company and government agency is ranked according to its
current status, its probability of gaining compliance, and the impact
of technical systems on its typical business operations. After
following failures and tracking status related to probabilities of
failure, we show the relationship of status to predicted mission
critical failure in Figure 9 (below). We now know that it takes
approximately 30 months for a mid-size company to complete level IV and
gain compliance of their mission critical dependencies.
[GRAPHIC] [TIFF OMITTED] T7OC98G.010
Using the chart in Figure 9, you can estimate high-level risk and
probability of at least one mission critical system failure occurring
within any company in an industry or government. This is done by using
the current COMPARE status level and assuming it takes an average of 30
months for a midsize company to complete compliance of mission critical
business dependencies.
public panic and social order
The economic and sociopolitical results from Year 2000 failures can
include panic, unrest, increased crime, food and infrastructure
interruptions, and health and safety issues. Social order may be
affected when basic needs are disrupted. These affects are controlled
by ensuring that basic needs will continue to be met and proactively
reducing fear and disorder. Social disorder will be at risk in several
countries and regions of the world, contributed to by Year 2000
failures.
core
To assess operational risk, to determine where contingency plans
are necessary, and to develop contingency strategies, GartnerGroup uses
a methodology called CORE (COMPARE Operational Risk Evaluation). It is
used to determine risks related to supply chain, interdependencies,
customers, investors, embedded systems, and IT systems. We recommend
companies and agencies use CORE to determine operational risks and
risks related to global dependencies.
CORE includes five steps or phases:
(1) Perform High Level Risk Assessment
(2) Inventory Business Dependencies
(3) Categorize Business Dependencies by Impact to the Business
(4) Perform Detailed Risk Assessment and Ranking
(5) Design and Implement Contingencies & Disaster Recovery
Use CORE to assess risks related to countries, infrastructures,
industries, supply chain, or any business dependency.
estimated cost of year 2000
We estimate the total cost of Year 2000 to be:
--Worldwide IT Cost: U.S. $300 billion to $600 billion
--U.S. IT Cost: U.S. $150 billion to $225 billion
--U.S. $1-2 trillion: Total worldwide cost
when failures will occur
System failures due to Year 2000 have been occurring for some time.
They will increase in 1999, reach their highest volumes during 2000,
and drop off during 2001. Few will continue past 2003. Contributing
factors (all are 0.8 probability):
Software
(1) 83 percent of commercial software is not yet certified
compliant--11 percent in April, 2002
(2) 4 percent of follow-on versions of commercial software will not
be compliant
(3) 70 percent of custom solutions developed by a vendor more than
seven years ago will not be supported by that vendor
Data
(1) 70 percent of archived data will not be remediated, but
attempts will be made to use this data in remediated systems
(2) Non-compliant data will be passed to/from companies
(3) Some data centers will be shut down during rollover to reduce
risk of failures
Systems
(1) Many IT systems will run non-compliant transactions during
1999, 2000, and 2001, since many are periodic transactions
(2) Some IT systems use applications that were frozen during 1999,
but will be used again some time after 2000
embedded systems
Embedded systems will have limited effect on Year 2000 problems,
and we will see a minimal number of failures from these devices. Only 1
in 100,000 free-standing microcontroller chips are likely to fail due
to Year 2000. A small percentage of real-time clock-driven chips are
affected, but these failures will be a small percentage of the non-
embedded system failures. The key issues concerning embedded chip
failures are: (1) very few will fail, and (2) of those that fail, the
majority will fail right at the millennium, and the majority of these
will only fail once--if they are active when the clock ticks over.
Embedded chips used for key infrastructure processes, life support
systems, and other critical processes should be checked and verified by
the manufacturer of the equipment, due to the potential severity and
potential result of such a failure.
number of companies & government agencies expected to gain compliance
In October, 1998, 15 percent of all companies claim to have
achieved level IV compliance of mission critical systems. We predict
that 50 percent will achieve this goal by 2000 (0.8 probability). The
majority of large companies in Category 1 countries will complete at
least 80 percent of level IV by 2000 (0.8 probability).
[GRAPHIC] [TIFF OMITTED] T7OC98G.011
possible risks to the united states
Actions and proactive programs will be needed to keep these risks
minimized, and keep them from materializing as described (see
Recommendations).
Domestic
(1) Interruptions due to failures in interdependencies and
interconnections between companies and countries produce significant
negative impact for U.S. businesses and government operations
(2) IT systems in critical industries will not be fixed in time
(3) Global impact from Year 2000 is not adequately planned for and
Year 2000 fuels global recession much more than anticipated
(4) U.S. foreign investments encounter disastrous results and
significantly impact the U.S. investment market
(5) Too many people lose confidence in the banking sector
(6) Too many interruptions occur in food or medical supply chain
(7) Local city and town governments cannot provide critical
services
(8) Foreign loans, pacts, and trade agreements are adversely
affected
Foreign
(1) Public panic or loss of confidence in the banking sector in
high risk countries
(2) Global economy impacted by foreign business and government
interruptions
(3) Foreign loans, pacts, and trade agreements are adversely
affected
(4) Aid or bail-outs are needed for highest-risk countries
(5) Foreign business interruptions impact too many U.S. companies
(6) Foreign security issues ignited by unrest or severe economic
issues
(7) Key foreign government agencies experience significant failures
recommended actions for the u.s. senate
(1) The United States has no body or group tasked with full time
monitoring and analysis of global risks the Year 2000 problem is likely
to pose to the United States. Even if advisory or consulting companies
were to provide this information to the U.S. Senate or other bodies, a
full time effort is needed to coordinate global risk assessments of
U.S. and foreign governments and other risk threats from other
countries on a regular basis--and, even more importantly, to take
subsequent emergency action and launch pre-failure contingency plans to
reduce risk and ward off possible serious effects. There also needs to
be a focal point for providing risk information and warnings to the
American public.
Recommendation: Identify one current federal agency (as a Global
Risk Management Agency) to manage and coordinate global impact of the
year 2000 problem on the United States. Economic, financial, monetary,
military, political, and other resources will need to be analyzed
regularly, and quickly-developed strategies and contingencies will need
to be launched across agencies, political governing bodies and foreign
governments. This agency should report to the Executive Office, and
have immediate access to the President's Cabinet in matters of foreign
policy, aid, funding, and national security. It should provide press
releases, information, guidelines, and warnings to the American public
with regard to industries, infrastructure, government, and personal
risks throughout 2001.
(2) Many Federal programs are administered locally, and many local
governments lag in Year 2000 readiness. Therefore, interfaces between
levels of government are at risk. These include interfaces and
transactions that occur between local, state, and Federal Government
Agencies. Local cities and towns are lagging far behind and need
expertise, information, awareness, and aid, to combat the Year 2000
problem.
Recommendation: Launch U.S.-wide program to coordinate efforts with
State and local governments and provide special local city and town
government aid and information. This effort should be guided by the
Global Risk Management Agency (described in number 1 (above).
(3) Our experiences shows that U.S. companies are not providing
accurate disclosures related to Year 2000 risks and contingencies.
There are considerable differences between the status of Year 2000
compliance and critical risks that companies disclose to the SEC, and
what the actual status and risks are within that company. This
increases the risk of public investments being made without full
understanding of Year 2000 risks.
Recommendation: Pass legislation or require the U.S. SEC to
implement random audits as part of the Year 2000 disclosure and
reporting requirements for publicly held companies in the U.S. We
suggest a sample of audits be conducted by an outside audit agency to
confirm these findings, and then change the SEC policy to include
sample audits as part of the routine process of Year 2000 disclosure,
if substantiated with the sample audits.
(4) U.S. Senate and U.S. federal government Year 2000 plans and
contingency plans seem to assume that most failures will occur when we
hit January 1st, 2000. As described in this testimony, failures will
occur heavily from 1999 through 2001, and not over one single day or
week.
Recommendation: Set correct expectations in U.S. government
agencies, with U.S. government contingency plans, and with foreign
governments that the failure window will be a three-plus-year period.
Ensure that the SEC disclosure period and other Year 2000 regulatory
government efforts are planned to last during the entire period needed.
(5) Many lagging companies and government agencies in the U.S. are
being asked to implement new regulations, rules, reports, and processes
in their IT systems and data to support new federal requirements or
legislation continually being passed by Congress (pertaining to a
specific industry or segment, e.g. healthcare, education,
telecommunications, etc.). This is a major contributor to lack of
progress in these companies. Most best-in-class companies farthest
ahead in gaining compliance have frozen or significantly reduced
enhancements to current IT systems. This has allowed them to focus on
fixing the systems and other business dependencies.
Recommendation: Question all new legislation to determine if it may
require IT modifications ( i.e., software, hardware, data, or automated
reports) in federal, state, or local government agencies, or in private
companies. Cease and desist from passing or enacting any legislation
that may affect IT systems or change reporting data. Such bills should
be put on hold for an extended period, to allow companies and agencies
to be successful in their compliance efforts. This will reduce the risk
of non-completion of compliance for healthcare, education, and federal,
state, and local government by 30-50 percent.
(6) The U.S. Government efforts appear to be focused in two areas:
(1) IT systems within federal agencies and (2) launching legislation to
help support compliance within critical industries. It is now clearly
evident that segments of companies and governments throughout the world
will not be fully prepared to deal with this problem by 2000.
Significant global impact will be realized without immediate action to
avoid moderate or worst case results.
Recommendation: We suggest adding a 3rd area of effort--managing
global dependencies and risks. It's critical to launch substantial
contingency efforts in order to reduce global dependency risks prior to
Q3 1999. These efforts may be conducted by the Global Risk Management
Agency (described above). We suggest this new and additional focus be
defined as a major component of U.S. national compliance efforts, and
directly linked to the U.S. federal agency efforts, the Executive
Office of the federal government, and the U.S. Special Committee on
Year 2000.
summary
A great deal of progress has been made during the past year in the
U.S. and in several parts of world. IT organizations in the U.S. have
increased their spending for Year 2000 projects an average of 6 times
over what was spent during 1997. Year 2000 is now prioritized at the
top, or number 2 (following Enterprise Resource Planning system
projects--to replace Legacy systems) by most U.S. companies. Large
companies in the United States have made the most significant progress,
and many of them will complete most of their compliance efforts by
2000. Even smaller companies in the United States have made significant
progress in the past year, in several industries.
Even with all of this progress, there are still very serious risks
for the United States and throughout the world. The gap is widening
even more, between companies and governments farthest ahead and the
ones farthest behind, since the laggards are moving much more slowly
toward compliance. In the United States, industry segments such as
healthcare, education, agriculture, construction, food processing,
governments, and companies under 500 employees are lagging way behind
in compliance efforts. Many of these will simply not finish critical
systems by 2000.
U.S. investors are provided very optimistic , often inaccurate,
disclosures from publicly traded companies (to the U.S. SEC), and
therefore accurate investment risk assessment data is not often
available. This is likely to affect our U.S. market and several other
economic factors as we get closer to 2000.
Interdependencies and interconnectivity between companies and
across country borders are also extremely high in significance related
to Year 2000 risks. Many of these interdependencies are not being
covered by either company, and many times these interconnections and
data transfers cannot be easily tested. These are of critical
importance in banking, government, healthcare, and for many global
manufacturers.
Even if we were to miraculously fix every one of these domestic
issues and make certain all U.S. companies and government agencies will
get themselves Year 2000 compliant before 2000, the absolute largest
risk to the United States and to U.S. citizens is the impact from
companies and governments outside the United States. Far too many
companies and governments critical to our continued strong economy, and
providers of key resources, are more than 30 months behind private
industry in the U.S. Since it takes an average of 30 months for a
midsize company to achieve compliance of their most critical systems,
many of these lagging foreign companies and governments will simply not
have enough time to get their systems fixed before 2000. Failures will
lead to a negative impact on our economy and availability of critical
resources. We'll see significant impact from failures in these regions,
including economic, sociopolitical, investment shifts, market changes,
critical resources, national security, and defaults on federal loans.
The only way now to combat this enormous issue, is for the U.S.
Government to launch significant foreign contingency strategies in
order to reduce or negate high risk dependencies on these industries
and countries before we begin to feel these ill-effects. Since failures
will increase in numbers throughout 1999, increase in volume throughout
2000, and continue at reduced levels throughout 2001, the time to act
on this is now.
__________
Prepared Statement of Senator Daniel Patrick Moynihan
As we wind up the last Year 2000 (Y2K) hearing of this Congress, I
would like to commend Senator Bennett and the Special Committee for its
work in addressing the computer problem. The Committee has done a fine
job in looking at all the aspects of society that the Y2K problem
affects: the utilities industry, the heath sector, financial services,
transportation, government, and businesses. The Committee should also
be applauded for the role it played in formulating and passing S. 2392,
The Year 2000 Information and Readiness Disclosure Act. As an original
cosponsor of this piece of legislation, I am pleased to see that its
enactment is soon at hand. The head of the President's Council on Y2K,
John Koskinen, said that passing this bill is one of the most important
things that we could do on the Y2K front. I agree. I say well done to
the Committee for all of the work it has done in such a short amount of
time.
It was almost two and a half years ago that I sounded the alarm on
the computer problem. On July 31, 1996, I sent President Clinton a
letter expressing my views and concerns about Y2K. I warned him of the
``extreme negative economic consequences of the Y2K Time Bomb,'' and
suggested that ``a presidential aide be appointed to take
responsibility for assuring that all Federal Agencies, including the
military, be Y2K compliant by January 1, 1999 [leaving a year for
`testing'] and that all commercial and industrial firms doing business
with the Federal government must also be compliant by that date.''
January 1, 1999 is quickly approaching. I believe that we have made
progress in addressing the computer problem and that the ``Good
Samaritan'' legislation will play a significant role in ameliorating
this problem. But much work remains to be done. For the next 450 days
we must continue to work on this problem with dedication and resolve.
Historically, the fin de siecle has caused quite a stir. Until now,
however, there has been little factual basis on which doomsayers and
apocalyptic fear mongers could spread their gospel. After studying the
potential impact of Y2K on the telecommunications industry, health
care, economy, and other vital sectors of our lives, I would like to
warn that we have cause for fear. For the failure to address the
millennium bug could be catastrophic.
__________
Prepared Statement of Dr. Charles Popper
Good morning Mr. Chairman and members of the Committee. My name is
Charles Popper and I am Vice President of Corporate Computer Resources
at Merck & Co., Inc. In that position, I serve as the chief information
officer of Merck.
Thank you for inviting me to participate in today's hearing on the
Year 2000 problem. I applaud this Committee's efforts in both
investigating and publicizing the potential effects of this very
serious and prevalent computer bug. I would like to discuss what my
company, Merck, is doing to deal with the problem. I would also like to
provide a broader context that you may find useful.
Merck is a global research-driven pharmaceutical company that
discovers, develops, manufactures and markets a broad range of
medicines, directly and through its joint ventures, and provides
pharmaceutical benefit services through Merck-Medco Managed Care. Merck
remains the oldest and largest U.S.-based company dedicated to
innovative vaccine research, development and manufacturing. Merck
believes in focusing its efforts on the discovery of important new
medicines. The Company will spend almost $1.9 billion on research and
development in 1998. Merck's pharmaceutical manufacturing operations
encompass 30 plants worldwide in the United States, Europe, Central and
South America, the Far East and the Pacific Rim.
y2k and merck
As you know, the Y2K bug can potentially affect any computer
program that processes dates, including software application programs,
operating system programs, and firmware programs that are embedded in
countless devices that are relied upon by companies and consumers
alike. Our task at Merck has been to ensure that all such programs that
are in use anywhere within Merck's world wide operations will operate
correctly throughout the transition to the new millennium.
But our objective all along has been a more important one,
consistent with Merck's company mission. As George W. Merck stated many
years ago, ``we try never to forget that medicine is for people.''
Merck is solving its Y2K problem is order to ensure that we can
continue to discover, develop, manufacture, and distribute medicines
that treat important human diseases. Our paramount goal is to ensure
the continuity of the supply of medicines to our patients.
merck's y2k plan
We are doing so by following a simple strategy.
--First, we have inventoried all computer systems, applications, and
devices with embedded processors.
--Second, we have assessed each of these systems to determine whether
it includes any date processing and whether its correct
operation is of serious concern to our business. As an example
of a system where we are less concerned about a possible Y2K
bug, consider a program that reports monthly sales and
organizes the columns of the report in chronological order.
While we prefer to have the report continue to show the most
recent results from right to left, if the Y2K bug were to
merely cause the columns to print in a different order, this
would be only a minor concern. We are deferring the repair of
such bugs to the final stages of our Y2K project.
--Third, we have developed a compliance strategy for each system.
That is, we have decided whether to repair the software, to
replace it with a newer version that is Y2K compliant, to
retire the system from active service, or to simply let it fail
(as in the above sales report example).
--Fourth, we are executing the strategy for the many thousands of
systems in our inventory. This is obviously a daunting task,
because of its magnitude and its geographic diversity; we have
to deal with systems in the many hundreds of Merck locations
world wide. Hence we have put in place an elaborate management
tracking and control system, to ensure that nothing falls
through the cracks.
--The fifth and final step is to thoroughly test all of our systems.
Our attitude is to trust no one but ourselves. If a system
vendor tells us that their application is Y2K compliant, we
will insist on testing it ourselves or at least auditing in
detail the test results provided by the vendor. We have already
found instances of applications certified compliant by the
vendor that, in fact, did not pass our tests initially.
Our goal has been to achieve Y2K compliance by the end of this
year, thus allowing all of 1999 for dealing with the inevitable
glitches and inconsistencies among systems. We have also planned from
the outset to use 1999 for the global deployments of remediated
systems. Many of our systems and applications are deployed in multiple
manufacturing plants, headquarters sites, and research laboratories. It
is really not necessary to deploy the corrected system everywhere this
year; it suffices to successfully test one instance of the system, so
that we can safely plan additional deployments next year. The actual
deployment schedule is designed to minimally disrupt our ongoing
operations.
As you can imagine, Merck's Y2K Project is a very significant
effort. We began reasonably early, in 1996. There are now in excess of
several hundred people involved; we are spending many tens of millions
of dollars to plan, execute, and manage this work. By starting early,
we were able to schedule the resources in such a way as to have less
impact on both ongoing business operations and the other information
technology initiatives so important to Merck's continued success.
merck's business partners and y2k
Fixing our internal systems is only part of the problem. Merck,
just as any global company, works with many thousands of business
partners, suppliers, customers, and government agencies. Our ability to
continue our company's operations successfully in January of the year
2000 depends just as much on the Y2K programs of these companies and
agencies as on our own internal systems. Hence we have organized two
other major sets of activity:
--Each business area is examining its business partners to assess its
Y2K risk. If the proper operation of that entity's systems is
essential for Merck's operations, we are both working with that
entity to better understand its Y2K remediation plans and also
developing internal contingency plans just in case that entity
fails to achieve Y2K compliance on time.
--We are also working as part of the VitalSigns 2000 Project, an
effort sponsored by the Odin Group, to gather important
information about the Y2K compliance of the entire health care
industry in which we participate. This is the only systematic
effort of its kind, whose objective is to map out the cross-
industry processes that together provide American patients with
health care services. The VitalSigns 2000 team has developed a
survey instrument for the five groups of entities comprising
the health care industry: payers, providers, suppliers,
distributors, and government agencies. The survey is collecting
information about the Y2K readiness of each of these sectors,
as well as their interdependencies. By understanding the cross-
industry processes and their Y2K vulnerabilities, we, together
with the rest of the industry, can develop the detailed
contingency plans that can assure the continuity of high
quality patient care.
y2k and the pharmaceutical industry
What about the broader American pharmaceutical industry? While I
obviously cannot testify about the detailed plans and projects of
Merck's competitors, I have had the opportunity to discuss the Y2K
problem with my colleagues in other pharmaceutical companies, as we've
worked together within PhRMA, the Pharmaceutical Research and
Manufacturers of America. These companies have all followed a
methodology similar to Merck's and are applying the level of resources
needed to deal with the problem. They have also recognized the broader
issue of the readiness of business partners and are developing
appropriate contingency plans.
We hope that our colleagues and counterparts elsewhere in industry
and government are diligent in their efforts, so that America's health
care system is unaffected by Y2K.
conclusion
Let me close with some broader context. I read periodically about
companies and agencies that are just now waking up to the severity of
the problem. Worse, I still read and hear about entities that still do
not believe that there is a serious problem. They may be right, in
their local situation, but only an organized testing program will allow
them to be sure. So I do worry about what will happen as the clock
strikes midnight December 31, 1999.
The key to success will be our overall preparedness. Hence the work
of this Committee is of vital importance. It is essential that you keep
the pressure on both industry and government, both to minimize the
number of system failures we experience and to maximize our readiness
to deal with the problems that do occur.
Again, I thank the Committee for the opportunity to be here today
and look forward to your questions.
______
Responses of Dr. Charles Popper to Questions Submitted by
Chairman Bennett
Question 1. Mr. Popper, Merck & Co. is as international in its
operations as an American company can get. You have heard Mr.
Marcoccio's comments on the severity of the international Y2K problem.
From your perspective as the CIO of an international company, what more
do you think the United States should be doing to head off this
developing storm cloud?
Answer. I believe that the U.S. should focus on two key areas.
First, we must provide strong leadership on the Y2K issue by setting an
example for other countries. All segments of the federal government
must do whatever it takes to prepare for the Millennium Bug--there must
be adequate plans as well as determined management and follow up. We
need to demonstrate to other governments both the seriousness of the
problem and the techniques and resource commitment needed to address it
properly. Second, we should work to enable adequate international
disclosures of Y2K readiness. We can do this by encouraging other
countries to emulate the recently enacted Year 2000 Information and
Readiness Disclosure Act [S. 2392], and by working through the
appropriate international organizations to enact similar international
protection.
Question 2. Laurene West testified about her personal medication
Y2K problems, which provides a unique perspective. How do you see the
pharmaceutical supply chain responding to that kind of short shelf-life
medication issue?
Answer. I believe that the supply of short shelf-life medications
to patients can best be assured by allowing each pharmaceutical company
to address its own specific problems. Each company knows its products,
its customers, and its supply chain alternatives best. Each company can
therefore develop the contingency plan that best meets its unique
situation and the needs of its customers, including the issue of short
shelf-life medications. Any broader action--especially one that
attempts to implement a common contingency plan--would only add risk,
by putting all of our eggs into one basket.
Question 3. Recently, the CIO of another major pharmaceutical
company told our committee that in the next 3-6 months they will begin
a ``flight to excellence'' which means the company will begin cutting
off suppliers or business partners who cannot demonstrate that they Y2K
ready. Is Merck considering any similar actions? Would you consider
this ``flight to excellence'' a good way to promote Y2K readiness on a
business to business level?
Answer. Merck is certainly examining all of our suppliers and
business partners, and, if we are not satisfied with their plans for
Y2K readiness, then we are formulating contingency plans. One element
of the plan might include seeking alternate sources for those goods or
services. An alternative is assuring the availability of supply through
the expected duration of supply chain interruption. The key is to
develop and implement an effective contingency plan for each critical
product or service, drawing upon our knowledge of the state of
readiness of our suppliers and partners. In this way, we can ensure
that we continue to meet our customers' needs.
Question 4. Mr. Popper, the pharmaceutical products your company
produces are dependent on suppliers for ingredients and distributors
for sales to the ultimate consumer. Where do you see the most critical
interconnectivity points?
Answer. Our analysis of the Y2K risks created by our suppliers and
customers is an ongoing effort, which we expect to continue throughout
the balance of 1998 and all of 1999. So it is inappropriate to identify
the most critical risks on a ``once and for all'' basis. Right now, our
assessment is that the most important risks are within the power
utility, transportation, and government sectors.
Question 5. Mr. Popper you mentioned the VitalSigns 2000 Project
that Merck is participating in as a contributor. How do you see this
helping to bridge the Y2K problems in the Health Care industry?
Answer. The Vital Signs 2000 Project, sponsored by the Odin Group,
is intended to identify the major Y2K risks of the entire
pharmaceutical supply chain, including suppliers, distributors,
providers, and payers. The survey will identify those industry segments
(or their suppliers) who are less likely to be prepared, so that we can
prioritize and prepare good quality contingency plans. We are also
working to develop templates for contingency planning that will be made
available to the entire industry. We expect two benefits from this
effort. First, it will enable even small companies to prepare good
quality contingency plans. Second, it will allow all companies to more
easily examine the readiness of their business partners in a standard
way; this too will facilitate better and more consistent contingency
plans.
Question 6. Mr. Popper, we've heard a lot today about small and
medium sized businesses. We heard from another witness that these firms
tend to ``not'' pay attention to the Government and it's
communications. However, they do listen to their trade associations. Do
you think enough is being done to inform the small and medium sized
players in the pharmaceutical sector? What more can be done, say with
trade associations?
Answer. I believe that a reasonable answer to the issue of small
and medium sized players will emerge from the Vital Signs 2000 survey;
prior to analyzing the survey results, I cannot assess how ready these
industry segments will be. Using trade associations to inform and
support smaller companies is probably a good idea. Here, too, it might
be feasible to leverage the template and contingency planning expertise
developed by the Vital Signs 2000 project.
Question 7. Mr. Popper, could you please describe to the Committee
the kind of contingency planning that is required for a firm of your
size to cope with the Year 2000 problem?
Answer. In brief, our challenge is to be prepared for all
reasonable contingencies. We have identified all of our suppliers of
both goods and services, and we have assessed the risk and impact of
supply interruptions for each supplier. We then prioritized the
suppliers based upon this risk/impact assessment. Finally, we are
working through this prioritized list to prepare reasonable contingency
plans. In addition, we intend to form emergency response teams to deal
with the unexpected problems that will inevitably arise when we roll
over into the new millennium.
One caveat is in order. There are contingencies that are
impractical for even Merck to prepare for. For example, it is
conceivable that scattered electric power outages could spread via the
power grid to black out major portions of the country. We cannot
prepare to overcome such a circumstance. This is, in fact, where we
rely upon the U.S. government to help. If it were concluded that
scattered power outages are likely or even possible, we would hope that
there would be planning at the federal level to prevent these from
spreading. As our own planning proceeds, we would be happy to share
with the Committee any findings of similar contingencies that we
believe would benefit from federal attention.
__________
Prepared Statement of Rod Rodrigue
It is an honor to be before this Committee to bring to you
information with regards to the Year 2000 problem. All of you have been
inundated with studies which attest to the negative economic impact on
this country's 384,000 manufacturers.
A national study indicated that 7 percent of small manufacturers
could shut down and an even greater number would experience varying
degrees of business interruptions. The national negative impact exceeds
$150 billion. It is our estimate that if these figures hold true, Maine
would experience a negative impact in excess of a quarter of a billion
dollars.
I am here today with good news that there's a national system armed
with an effective tool to positively impact the Y2K problem. Several
months ago the Department of Commerce's NIST/MEP program developed an
assessment tool, which allows MEP engineers to quickly, and accurately
organize the broad spectrum of Y2K issues faced by today's small and
medium-size manufacturers. The use of this project management tool
gives the small manufactures a road map for addressing the most
critical issues such as accounting systems, computerized production
equipment, environmental management systems, as well as external
threats.
The most exciting aspect of this tool is that it now resides in the
hands of 2,500 men and women located in 400 offices in 50 states and
that its implementation can be coordinated under a single unified
national effort at MEP headquarters. The MEP centers are linked to over
3,500 partner agencies, which can be called upon to help disseminate
the Conversion 2000 tool. I believe that for the first time we can
present to you a viable mechanism for attacking the millennium problem.
Under the leadership of Senators Snowe and Collins Maine has
progressed beyond the design stage and proceeded directly into
implementation in over 100 companies. Utilizing a call center in
contacting 2,500 Maine manufacturers, we confirmed what many studies
have concluded. Despite having knowledge of the Year 2000 problem over
half of the small manufactures had no plan to take any action before
the turn of the century, and those who wanted to act were having great
difficulty in organizing a systematic approach to the problem. After
recognizing that between 500 to 600 small Maine manufacturers would
need immediate assistance, the Maine MEP built a broad-based coalition
which included Chambers of Commerce, Economic Development Districts,
Small Business Development Centers, volunteers and business visitation
specialists. These agencies, as well as independent consultants, will
be trained by MEP engineers to deliver the Y2K assessment tool
throughout the Maine manufacturing community.
Technical experts will staff Y2K hot lines on a 24-hours basis.
Once the assessment has been completed MEP engineers will generate a
report which clearly defines the necessary remedial steps. Accompanied
with this report will be a single-page instruction sheet on how to
apply for a Small Business Administration (SBA) LowDoc/Fastrack loan.
The finalized report will not only facilitate loan processing but will
also provide a standardized industry accepted document which will
demonstrate the manufacturers due diligence in becoming compliant for
their banks and other trading partners.
As president of the Maine MEP I have been asked what the committee
can do to assist small manufacturers at this crucial juncture. On
behalf of the millions of men and women who work in small and medium-
size manufacturing facilities, I respectfully request the committee to
appropriate the necessary funding to allow the MEP system to implement
the Y2K tool at the national level. It is important to understand that
this is an assessment tool and that we must complete this work on an
expedited basis in order to allow these manufacturers to complete the
identified problems in time.
______
Addendum to Rod Rodrigue's Testimony
Along with the testimony submitted at the Y2K hearing, I believe
that it is incumbent upon me to mention the importance of appropriating
additional funding to help the Manufacturing Extension Partnership's
(MEP) initiative in developing a national Y2K program like Maine MEP's.
The MEP is committed to helping U.S. manufacturers in addressing the
Y2K issues. To implement the Y2K program additional resources would
assist states like New Jersey. Robert Loderstedt, President of New
Jersey MEP, has indicated to me that of the 13,000 small manufacturers,
New Jersey faces a potential closure of 1,000 businesses in Year 2000
and between 2,000-3,000 others needing assistance in becoming Y2K
compliant. Although Maine needs additional appropriation to address the
Y2K problems, New Jersey, as well as other states, clearly has a great
financial need in tackling their manufacturers' Y2K issues.
______
Responses of Rod Rodrigue to Questions Submitted by
Chairman Bennett
Question. In your testimony regarding the NIST/MEP Conversion 2000
assessment tool, you indicated that within Maine you have progressed
beyond the design stage with over 100 companies engaged using the tool
and MEP assistance. When did these efforts start? How long does it take
to complete an assessment with Conversion 2000 and MEP representatives?
What can you tell the committee about the results of those efforts to
date? Are there any lessons learned to share at this point?
Answer. The efforts started in early September as soon as we had
first results from our call center that was set up to directly,
individually, and personally raise manufacturer awareness of the Y2K
problem.
Complete assessments with Conversion 2000 and a MEP representative
are determined by the size of the company and scale of their specific
problem. We have some companies that are relatively small and without
significant computing resources that feel they don't need any help at
all. We can educate them that Y2K is not just an internal computer
problem but a more generic business problem with both internal and
external considerations. These companies, once aware of all the
potential exposures, can be helped fairly quickly (one or two visits
and letters between suppliers) because of their limited exposure. For
other companies it has taken our very pointed calling awareness program
to bring focus to the Y2K process (quite late I think) and they are in
much more significant jeopardy, taking longer to complete. A case in
point is one company that sources all it's raw materials from five
different European countries with five currencies, has a third party
broker to clear customs for these products, and being a catalog company
depends on another third party mailing list provider for its market.
This company also has manufacturing operations that may have an
embedded chip concern. Considering that Europe is significantly behind
the United States in its Y2K efforts and that the Euro common currency
will be rolled out at the same time as Y2K hits, this company has a
much more complex situation than others and will take longer to assess.
This is only one case but there are many more that once a MEP
representative has called and explained the whole realm of
possibilities are finding that this is in fact a real problem for them
that they are having to deal with and are not prepared.
To date we have identified through our call center 250 Maine
companies that have indicated they would like to have a field engineer
call. We have assigned MEP representatives to 206 of these companies
and are currently working directly with 30.
There is a lot of apathy in the marketplace and it takes a
concerted effort to get businesses to recognize their exposure. This is
more of a problem for companies than they originally recognized and
they have to devote more time to it than ever envisioned. MEP needs to
be involved in the assessment phase because without some concerted
effort many of these companies will not come to the process until it's
too late. MEP needs to provide funding for the assessment phase of Y2K
because it's a good investment in our business future. A small expense
now in assessment can mitigate far larger costs later.
Question. You have asked the committee to appropriate the necessary
funding to allow the MEP system to implement the Conversion 2000, Y2K
tool, at the national level. What is the necessary funding needed at
the national level? How would you propose that the funds be
administered to discourage abuse and encourage proactive Y2K efforts?
If federal funds were made available for a national MEP effort, how
would you propose those non-manufacturing businesses are given similar
assistance? Is it appropriate for the Federal Government to accept
these costs and where should it stop?
Answer. Based upon our estimates for the needs of Maine
manufacturers, we believe the funding needed at the national level is
at least $50 million for expanding the Y2K outreach initiatives of the
MEP system. These funds would be best managed through the national MEP
program, as the federal funds added to the cooperative agreements of
the manufacturing extension centers would leverage the match funding
requirements from the states and local partners. This means that if the
Federal Government provides half of the needed total, the match funding
requirements would effectively bring $50 million in resources to bear
upon this critical need.
An expanded MEP outreach effort would benefit non-manufacturing
businesses through expanded partnerships with Export Assistance Centers
and Minority Business Development Centers within the Department of
Commerce, Small Business Development Centers (SBDC's) of the SBA, and
Department of Agriculture extension offices. We have been working with
the SBDC's of Maine to help streamline the loan approval process for
SBA Y2K remediation project loan guarantees. The Utah and Iowa MEP
centers have partnered with SBDC's to provide Y2K awareness materials
and presentations. The Department of Commerce recently signed an MOU
with the Department of Agriculture under which MEP is providing Y2K
awareness materials, Y2K Self-Help Tool, and training. Discussions are
continuing with the Department of Agriculture and SBA for replicating
these successful partnering models across the national system, if
additional funds become available.
The MEP Y2K outreach program takes a company through the awareness
phase and helps a company determine which of its systems are not Y2K
compliant. It then helps a company plan the necessary remediation and
identify the resources required to implement the corrective actions
(such as SBA loan guarantees). At that point it is the company's
decision to commit its own resources to proceed with the remediation
project. Federal funds will not be used to repair systems for
companies, but we believe that it is appropriate for the Federal
Government to expand its Y2K outreach efforts in continuing awareness
and assessment activities to help small businesses identify the extent
of their Y2K problems.
Question. As a result of the Conversion 2000 assessment process is
a report defining necessary remedial steps generated by MEP engineers,
according to your testimony. You note the report will both facilitate
SBA loan processing and demonstrate due diligence. Has the SBA agreed
to accept this report as the basis for expediting loans? How do small
manufacturing companies using Conversion 2000 generate this report?
Will the SBA accept a report not generated by a non-MEP engineer?
Answer. For matters of SBA policy please contact Kris Swedin, SBA
Associate Administrator for Legislative and Congressional Affairs. Kris
may be contacted at SBA headquarters at 202-205-6700.
Maine MMEP, Maine SBA and the Maine SBDC have developed a
partnership where the MMEP Assessment will be utilized by the SBDC to
put together the financials and business plan for any company needing
capital to meet it's Y2K needs. The SBA will work with the SBDC and
it's lending partners to ensure that no business lacks the capital for
Y2K conversion. We believe that this model could be used in other
states.
Question. The need to continue awareness campaigns at this late
date continues to trouble this committee. However, it is been more
troubling that once made aware of Y2K issues, over half of small and
medium size manufacturers in Maine plan to take ``No Action.'' Would
you please describe your sensing of why this course of action (``No
action'') is selected over 50 percent of the time? What is being done
to educate them as to the consequences of taking ``no action''?
Answer. We believe that the reason for many companies deciding not
to act is the lack of a complete understanding of the pervasiveness of
the Y2K problem and how it can effect their business. Many companies
are ``generally aware'' of the problem, but have not taken the time to
investigate the potential effects of failures within external
organizations upon which they rely, within their own embedded systems,
or in their ``relatively new'' systems which they assume are compliant.
A more proactive and detailed awareness campaign is needed to target
this large group of small businesses to break through these
misperceptions and apparent apathy about the Y2K problem. A portion of
funds made available for expanding the national MEP Y2K outreach effort
would be used for a more in-depth awareness campaign for small
businesses.
__________
Prepared Statement of Harold Schild
Chairman Bennett and committee members, I thank you for providing
me an opportunity to share with you our experience as a relatively
small, farmer owned, dairy cooperative, in dealing with the year 2000
computer problem. I'll provide you with the full text of my comments
but only recap the highlights in my remarks here before you today.
first notice
We were first made aware of possible Year 2000 problem during
February 1996 audit of our 1995 financial records by a big five
auditing firm.
At the management level, we authorized our Management Information
Services staff to research the validity of the potential for problems
in our computer systems. They reported that there was indeed a real
danger of a complete calamity when January 1, 2000 rolled around and we
should begin immediately to work toward correcting the problem.
magnitude of the problem
TCCA is a 150 member dairy cooperative nestled between the Coast
Range Mountains and the Pacific Ocean 75 miles west of the Portland,
Oregon metro area. The association has sales of about $160 million,
totally in branded, value-added dairy products, primarily cheddar
cheese, a small sample of which I've shared with you today.
At the time we became aware of the Y2K problem we had an M.I.S.
staff of two people. Despite our efforts, we have been unable to
attract additional staff to our coastal area to cope with every day
programming demands, plus deal with the Y2K bug. Many other companies,
IN THE METRO AREA, able to pay higher salaries, have engaged most of
the qualified PROGRAMMERS in the region.
Our approach was to form teams that would think of all the
potential problems in their areas. Some of our people were sent to
seminars to gain a better understanding of where to search for the Y2K
bugs. A few of the potential problem areas they found were:
1. Accounting software
2. Electronic Data Transfer (E.D.I.) between TCCA and customers
3. Member and employee payroll
4. Point of sale programs (Visitor's Center/Farm Store)
5. Were our suppliers compliant
6. Legal issues--performance agreements
7. Financial transactions--customer payments
8. Order reception and processing--customers complaint?
9. Automated product processing--would the plant produce product?
To date, our accounting department estimates that our out of
pocket, cash expenditures will exceed $1 million to avoid a major Y2K
problem. This does not include any of the internal cost of staff time
or expense for training. The loss of productivity internally, because
our people were busy with Y2K, is also not included in this cost
estimate. This cost will be directly borne by our dairy members many of
whom are struggling to make ends meet already.
current status
At the present time, we are applying a test program to all of our
software to determine if all bugs have been exterminated. We are
confident that TCCA will be Y2K ready before the fall of 1999 if we do
not experience delays in receiving software, which we have contracted
for installation April 1, 1999. We expect no problems, but then I'm
sure there will be some surprises, there always are.
food industry's readiness
Many CEO's of dairy companies I talk to express a wide range of
views on Y2K from disbelief that it is more than a computer industry
hype to stimulate business, to a view that the electronic world as we
know it will cease to operate, leaving commerce stalled, utilities shut
down, and only hand operated equipment functioning. Some project no
additional cost to complying with Y2K requirements while others
estimate their costs will, like ours, exceed $1 million.
As in many other industries, the large, well financed seemed to be
better prepared than those who are less sophisticated and more
personally operated. I would rate the dairy industry as possibly
receiving a ``C'' for overall preparedness.
what can congress do to help?
Many persons are not aware of the real potential for disaster that
exists. This committee is an excellent vehicle toward a broader
awareness level nationwide.
Some suggestions for Congress to act upon:
1. Establishing a centralized, government sponsored web page for
all U.S. companies to log on to and certify they are completely
compliant. Companies could access this page to verify if their
suppliers and customers are prepared to function after January 1, 2000.
This would reduce duplication of effort.
2. Immediate tax recovery of all program upgrade costs. I
understand that the IRS has stated that the portion of any new software
or hardware needed for Y2K compliance could be expensed in the current
year. However, much of the software and hardware needed to operate the
new upgrades will not be immediately deductible as an expense since it
is not used solely for Y2K but may incidentally improve other non-Y2K
functions of the operating systems. This upgrade must be expensed over
a longer period of time under the current IRS guidelines.
3. Assure the industry that government services will be fully
compliant. I understand many Federal, State, and local public bodies
such as utilities, emergency services, financial institutions, and
transportation services are not Y2K compliant and do not have the
resources to become compliant by January 1, 2000.
I thank you for this opportunity to express the Y2K status of our
cooperative in Oregon. Hopefully it can help others avoid a major
crises just 65 weeks from now.
______
Summary of Tillamook Cheese Y2K Issue
Upon our February 1996 audit, of our 1995 financial records, it
became apparent that we should begin immediately to address the
potential problems in our computer systems when January 1, 2000 occurs.
TCCA selected staff to attend Lucent seminar to gain understanding of
the diverse elements that will be affected by the Y2K issue (legal
issues, banking and commerce, supplier compliance, and order
processing).
Our MIS staff of two people took it upon themselves to form
internal teams to research how the Y2K issue will effect the daily
operations of our company in each department. These teams determined
that none of our major systems (Accounting System, Patron Payroll
System, EDI Software, Payroll software, other smaller applications, and
our PBX Voice Mail system) were Y2K compliant. As a result, these teams
evaluated and selected new applications to replace almost all major
systems in the organization.
MIS is also in the process of determining the general preparedness
of our contacts in the food manufacturing industry. We have received
over 10 letters of certification and surveys assessing the level of the
problem within this entity.
1. Research of the Y2K Crisis:
--Gain understanding of the impact the Y2K issue will have on our
network infrastructure, computing hardware, and major software
systems
--More specifically how will this effect plant operations (staff),
customers, manufacturing industry, and budget
-- Preparation of other companies
2. Compliance Requirements:
--Written high-level plan that outlines TCCA's procedures for Y2K
issue (include cost estimate)
--Identify and schedule staff for plan implementation
--Timetable of expected completion dates
--Prepare comprehensive inventory of financial, informational and
operational systems
--Identify critical systems and decide which are negatively impacted
--Plan for renovation, replacement and upgrade
--Contact key vendors, service providers, and customers to determine
their systems compliance
--Mitigation of risk of litigation and non-compliance
--Contingency plan for systems failing to function properly
--Delegate MIS and administration to oversee Y2K issue
3. Year-To-Date Status
--Selected new Windows Accounting Application (Platinum for MS SQL)
and implementation has begun--conversion process expected to
last through 5/99
--EDI software upgraded to Sterling Gentran (also on MS SQL) and is
ready for installation and implementation--completion of this
process is pending on the interfacing Accounting system--
expected to be in place by 12/98
--Payroll software (ADP for SQL) replaced and in use since 9/98
--Still searching for a new software application to replace Patron
Payroll system--currently assessing Windows based system
developed in New Zealand--expected implementation 6/99
--Currently upgrading PBX Phone and Voice Mail system
--On-going testing of all equipment and desktop applications for Y2K
compliance
--Currently developing three phase implementation of HMI system
(Wonderware Factory Suite) to control and monitor the
production process for all products--scheduled completion Fall
1999 (note that we can still make cheese if computer shuts
down)
--Currently assessing compliance of our suppliers, trading partners,
business associates, etc. * * * and to inform them of our plans
in progress
--Established estimated budget for implementation of plan:
Accounting.................................................... $450,000
Patron Payroll................................................ 100,000
EDVADP........................................................ 25,000
Farm Store.................................................... 40,000
Visitor's Center.............................................. 100,000
-----------------------------------------------------------------
________________________________________________
Total cost................................................ 715,000
(Cost expected to be well over a million dollars, not including
staff time)
______
Responses of Harold Schild to Questions Submitted by
Chairman Bennett
Question 1. You mentioned that you first became aware of the Y2K
problem during your company's February 1996 audit. Can you describe how
exactly the problem came to the company's attention? What problems in
your systems did you encounter which led you to believe there was a
potential problem?
Answer. The management letter comment was first made as part of the
1996 audit, with the letter released in March 1997. This was becoming
an automatic inquiry by auditors at the time to start looking at what
their clients were setting up for Y2K. It was a comment to mean that
we, along with other companies, should start addressing the Y2K
problem. I would assume the Y2K issue was in almost everybody's
management letter that year. It wasn't really that TCCA, or other
companies were oblivious to the problem, but a comment directed to
boards and management that it was an area that was going to have to be
addressed.
Question 2. You mentioned that Tillamook has been unable to attract
additional staff to cope with your programming demands. What impact
will it have on your Y2K readiness if you can't obtain the needed
assistance in the programming area? Do you have any suggestions about
how to remedy this problem?
Answer. We are looking for an additional person right now. As we
talked about, we need to get better organized, and take care of a lot
of administrative matters, such as documentation, Y2K compliance
progress, user training and procedures, etc. Without that, and if we
can't get the right person, too much of what we do will be hit or miss,
with whatever problem screams the loudest getting the most immediate
attention. I think we probably can attract the right person, unless we
run into the restraints of the overall company staffing budget which
can be adjusted administratively. It is true that programmers are in
high demand right now, and I would be scared if we weren't really
putting in brand new software-farm store, Wonderware, Platinum, retail,
etc. If we were trying to rewrite everything ourselves, I don't think
we would ever get it done. I don't really know how to remedy the
problem.
Question 3. What will the impact of Y2K costs be on your dairy
members who are already struggling to keep their business viable?
Answer. First of all, the estimated costs to TCCA as a
manufacturing and marketing cooperative are in the $1 million range for
the fiscal years of 1998 and 1999. That amount will impact each of our
150 members by about $6,500 for the year. In a cooperative, all income
that is not expended to cover operations is paid to members in either
monthly payments for milk or year-end distribution of retained
earnings.
There is no way yet to estimate how much it will cost to evaluate
and correct the on-farm equipment such as automated milkers, feeders,
environmental systems, herd record keeping, or computerized automotive
controls. Each farm could experience different impacts depending on
their level of electronic sophistication.
Question 4. You rated the dairy industry as a ``C'' for overall Y2K
preparedness. What evidence can you cite to support conclusion? What
specific steps do you recommend the dairy industry take to improve this
rating?
Answer. The grade of ``C'' was given mostly on antidotal
perception. Some fellow dairy executives readily discuss the level of
effort they have expended on the Y2K problem. Most, however, are
reluctant to discuss the issue or they openly state skepticism that the
Y2K problem is real. The higher the level of retail involvement a dairy
has, the more likely it is to be prepared for Y2K.
Question 5. One of your specific recommendations for the committee
was that the Congress should establish a web page for all U.S.
companies to log on to and certify that they were completely compliant.
Assuming the U.S. Congress could accomplish this as a requirement for
all U.S. businesses. If there were not major fines for submitting false
data and certifications, what would be the inceptive for any firm to
submit anything other than an affirmative that they were compliant?
Would you believe the statements found at such a web site?
Answer. If a web site were established it should include legal
penalties for false statements. The Commerce Department could research
any complaint and rule on the liability for misrepresentation.
I would believe few companies would make false statements of
compliance under the threat of legal action. In general, we do business
with companies we know and have experienced good relations with. Those
we do not know as well are now checked out through other companies'
experience.
The system might not be perfect, especially if implemented in a
short time frame. However, such a central clearing site would be
preferable to not having any way to know if your partners in business
are Y2K compliant.
__________
Prepared Statement of Senator Gordon Smith
Thank you Mr. Chairman. I appreciate the opportunity to lead the
effort in addressing the business sector on Y2K issues.
I would like to thank all the distinguished witnesses before us
today for taking time to testify, and for helping us address the
challenges facing the entire business sector at both the small and
large ends of the scale. And with American businesses today becoming
more and more dependent on technology, I hope this hearing will be a
stepping stone for all small businesses to inch closer to full
preparedness for the Year 2000.
Those most at risk from Y2K failures are small and medium-sized
companies, not their larger counterparts. Many small companies have not
yet realized the extent to which the Y2K computer problem will affect
their businesses. And they may not have access to capital to cure such
problems before the Y2K issue causes disastrous effects. This is why it
is so important for the federal government to both raise awareness of
the problem as well as the emerging solutions.
In my former life, before serving as a U.S. Senator, I was a pea
picker from Pendleton, and owned a small frozen food processing plant.
I can assure you that any interruption within the farm-to-fork chain
can result in not only a direct loss to those who supply food, but will
likely translate into food shortages and price increases nationwide. As
with many businesses, food suppliers are increasingly dependent on
computerized processing and information exchange.
For example, farmers and ranchers use electronically-equipped
irrigation systems, animal systems and transport systems. Food
processors rely on automated systems that help prepare and package
consumer-ready products. Distributors, wholesalers, and retailers
depend on computer-driven equipment to transport, deliver, store,
display, and sell food products. Inventory and accounting systems,
harvesting equipment, grain elevators, refrigeration and security
systems also depend on the computations of computers.
Mr. Chairman, I am aware that in preparing for this hearing, our
Committee has encountered some difficulties in securing witnesses from
the major U.S. food retailers and manufacturers. I regret that these
retailers and manufacturers cannot join us today. I would like to
extend to them another invitation to join us next year as we continue
to address the food industry and the important role they play in the
world's food market.
However, I am happy to report that we will hear from a
representative of one of Oregon's food companies, many of whom have
been working very hard to assure that they are Y2K compliant.
I am proud to introduce Harold Schild, President and CEO of
Tillamook County Creamery, who is one of our witnesses today from
Tillamook, Oregon. I look forward to hearing Mr. Schild's testimony to
address the ``real'' problems with which a typical small business is
confronted and its approaches for addressing the Y2K problem.
Another company from Oregon, Norpac Foods, has also been leading
the efforts in addressing the Y2K problem in the frozen food business.
While Norpac's representative is not present today, the company has
provided a statement to be entered into the record.
I am very pleased to see the Deputy Administrator of the Small
Business Administration, Mr. Fred Hochberg, here before us today. The
SBA has been one of the few leading federal agencies actively raising
public awareness for Year 2000, and I would like to commend the agency
for its aggressive outreach programs to small businesses. I know my
constituents in Oregon have found the SBA web site very useful and
informative.
Mr. Hochberg, I am interested in your opinion regarding the recent
legislation, passed by the Senate Small Business Committee, that
requires the SBA to establish a Y2K Loan Program. I understand this
loan program would establish a new short-term loan program under which
the SBA would guarantee up to 50 percent of the value of private-sector
loans, up to a total loan value of $50,000 for small businesses to
become Y2K-compliant. If you or any of the witnesses can testify on the
impact this legislation will have on the small businesses of America, I
would be very interested.
As we work toward addressing the Y2K problem, let's not forget that
many of our international neighbors are still very far behind. We need
to continue to encourage foreign countries to focus on the impacts of
Y2K, since it could potentially shut down an entire country. With this
in mind, I look forward to learning more about the specific Y2K
challenges facing both our small businesses and global corporations.
Thank you Mr. Chairman.
__________
Prepared Statement of Senator Olympia J. Snowe
Mr. Chairman: Thank you very much for holding today's hearing
regarding how the year 2000 computer problem will impact small
businesses. When I wrote to you in August, encouraging you to hold this
hearing, it was after I held a series of forums about this problem and
how this problem impacts small businesses. I planned the forums in
Maine because I felt that it was very important to bring the Year 2000
computer problem issue to the attention to small businesses.
I am very glad I did because I learned a lot about the problem. I
learned that this is a very serious problem for small businesses. I
learned that it will take a great deal of effort by the operators of
the small businesses to correct this problem. I also learned, like most
things today, a solution to this issue will require an investment of
time and money and a concerted effort to ensure that small businesses
are aware of the problem and are encouraged to solve it now, rather
than later.
As Rod Rodrique of the Maine Manufacturing Extension Partnership
will tell you during his testimony, the forums were an overwhelming
success and people who attended learned a great deal about the problem,
as I did. Mr. Chairman, I am happy to report that as a result of the
forums, many small businesses in Maine are working to ensure that they
are Year 2000 compatible. I hope they complete the work on time.
Today, as we all know, almost every aspect of our lives are
influenced by computers. Everything from buying groceries, to phoning
the office, to getting money from the ATM machine, all rely on the
computer to process information needed to conduct these transactions.
And certainly, just as small businesses form the backbone of our
economy, computers have come to form the backbone of our small business
operations.
I decided to convene these first-of-its kind in the nation forums
throughout Maine this past August because the clock is literally
ticking on our opportunity to fix the Y2K problem. As the last grains
of sand slip through the 20th century hourglass, the clocks inside an
estimated 200 million computers across America are counting down toward
what could be a disaster for the country and private enterprises across
the United States.
We've all heard the humorous twist on an old saying: ``Why do today
what you can put off until tomorrow?'' Well, after December 31 of next
year, there won't be a tomorrow for computers that, despite being able
to balance multi-million dollar ledgers, won't even know what day it
is. In other words, instead of New Years' being a time for celebration,
it could be a time for consternation--and perhaps the greatest
collective hangover this country's ever known.
In all seriousness, though, the impact on the small business
community could be significant. According to a National Federation of
Independent Business and Wells Fargo Bank study, 82 percent of small
businesses are at risk.
Fortunately, it doesn't have to be that way. With the benefit of
foresight and proper planning, we can diffuse this ticking time bomb
and ensure that the business of the nation continues on without a
hitch--or a glitch.
From a technical standpoint, the corrections are not difficult to
make. However, determining that there's a problem, finding people
qualified to fix the problem, and crafting a solution to fit the
individual needs of different computers and programs poses significant
challenges.
For one, to determine whether a system needs to be fixed, the
software code must be reviewed, which often entails reading literally
thousands or even millions of lines of computer code.
Furthermore, there is a serious shortage in this nation of workers
skilled in performing this task--especially those who can decipher
older computer languages which may no longer be taught in school, but
are likely to contain the Y2K ``bug''.
Finally, there is no set method of curing the problem. A magic
``one size fits all'' solution simply does not exist, and it will be up
to each individual technician to determine the proper course of action.
That is why it is so important that we start now to fix the problem.
On the federal level, the Senate Commerce Committee, of which I am
a member, has been working to address the situation, which poses the
threat of having a serious negative impact on the U.S. economy over the
next few years. In fact, a recent study by Standard Poor's determined
that, due to the Year 2000 computer problem, economic growth could be
cut by half a percentage point in 2000 and early 2001, a result that
would be similar to the economic damage expected from the Asian
financial crisis.
Major industry sectors must coordinate their efforts to correct
their computer systems so they continue to function as designed.
Especially among banks, credit unions, and the stock market, the perils
of inaction could be millions of transactions lost, resulting in
billions of dollars being transferred to wrong accounts, or accounts
rendered inaccessible.
These are important reasons not to wait another day to tackle this
issue, but as a member of both the Commerce and Small Business
Committees, back in April when the Commerce Committee was having a
hearing on this very topic, I began to wonder what the effects would be
on small business as well. After discussing this issue with people in
Maine, I discovered that, in fact, small businesses were aware of the
issue but have not focused on the problem.
I know many small businesses simply don't have the kind of time and
resources that many larger businesses may have at their disposal to fix
this potentially serious problem. In order to provide small businesses
assistance, I joined Senator Kit Bond as an original co-sponsor of
legislation that will help small businesses solve their Y2K problems.
Under this legislation, the Administration will establish a pilot
loan guarantee program under which it will provide loans up to $50,000
to small businesses to address the issue. I believe this is a critical
way in which the federal government can help finance the purchase or
repair of computer equipment to achieve Y2K compliance.
With that, I'd like to again thank you for holding this very
important hearing.
__________
Prepared Statement of Ronald J. Streck
introduction
Good morning. My name is Ron Streck and I am President and CEO of
the National Wholesale Druggists' Association (NWDA). NWDA appreciates
the invitation to testify today before the committee about the
implications of the Y2K ``bug.''
NWDA is the national trade association representing distributors of
pharmaceutical and related healthcare products. NWDA active member
companies operate 215 distribution centers throughout the country that
service every state, the District of Columbia and U.S. territories.
NWDA's active members provide distribution services to the 130,000
pharmacy outlets in the country, including the 21,000 independent
pharmacies, 18,000 chain pharmacies, 7,500 hospital pharmacies, 220
mail order pharmacies, 7,000 food stores, 5,000 mass merchandisers,
4,000 long-term care and home health facilities, 56,000 clinics and
1,000 HMO's.
Our most recent data indicates NWDA-member wholesale distributors,
on average, obtain products from over 750 manufacturer suppliers.
Typically, a single wholesale distribution center stocks an average of
24,000 items and will process over 13,000 order lines per day.
Virtually all orders placed by pharmacy customers to their wholesale
distributors are transmitted electronically and more and more
``electronic'' picking devices are used to fill these orders.
To service an increasingly demanding and integrated healthcare
market, practically all wholesalers provide daily deliveries with a
growing number of wholesalers providing twice-a-day deliveries to their
customers. However, today's wholesalers do so much more than ``just''
deliver product in a timely manner. Some of the value-added services
NWDA members provide to their customers include marketing and
advertising support, product sourcing programs and special handling
services. Other services provided that are especially relevant to the
Y2K discussion are the computer and information programs that include
third party claims processing and receivables services, inventory
management, pharmacy computer systems for dispensing and care, and
point-of-sale systems.
Wholesalers have been innovators and leaders in information
technology. They continue to use information technology to integrate
suppliers and customers. These programs and systems rely on automation,
connectivity, information systems, electronic linkages and network
building that allow for the prompt and efficient delivery of life
saving healthcare products. NWDA members have been methodically working
to ensure their systems and those of their customers are compliant. You
will hear more about exactly what wholesalers have been doing from
Keith Mallonee of the McKesson Corporation in a few minutes.
Based on the number of suppliers, customers and orders, it does not
take long to speculate on what would happen if there were an
interruption of electronic transfer of information. Many of these
transmissions are reliant on commercial and government
telecommunication networks--systems over which the pharmaceutical
industry has no control. NWDA and its members need to know that these
vital communication networks are Y2K compliant and ready to support the
delivery of healthcare services to the patient. This constant
electronic transfer of information is the reason I am here today.
NWDA and our members have long been concerned with the potential
for Y2K problems. This topic was first discussed in 1993 when the
association began an initiative to raise awareness of the problem in
the industry and develop a plan of action. In the subsequent years,
NWDA's Technical Standards Committee, Productivity Committee, and
Business Systems Committee have addressed the issue and it has been
highlighted numerous times in the association's newsletter. NWDA staff
have been active participants in the process that developed Y2K
standards among EDI standards' groups and in the adoption of Year 2000
compliance standards required under the Health Insurance Portability
and Accountability Act. In addition, NWDA's long-range strategic plan
includes a specific goal to ``set up a system to share information on
solutions to the Y2K problem by 1998.''
As we have developed our association's webpage, NWDA has devoted a
separate section just for dissemination of general Y2K information. We
endorse the notion of common solutions for common process problems and
we are ready to move ahead with an industry clearinghouse for Y2K
technical fixes that would allow drug wholesale trading partners to
freely share such technical information. We have been reluctant to
proceed with this project due to liability and antitrust concerns.
However, with the passage of the Year 2000 Information and Readiness
Disclosure Act (S. 2392) we understand that we will now be able to move
ahead. We commend Congress for its approval of this important
legislation and urge the President to move swiftly to sign the bill
into law.
concerns
We are greatly concerned that federal, state and local governments
are quickly running out of time to adequately test and correct all
public service and infrastructure systems. It is disturbing to read
reports from Congress and the General Accounting Office indicating that
there are serious concerns that many federal agencies will not be
ready. The July 1998 report by the GAO entitled ``Year 2000 Computing
Crisis'' concluded that ``federal agencies and state governments
suggest that the full extent of the managerial and operational
challenges posed by the heavy reliance on others for data needed to
sustain government activity is not yet known.''
Congressman Steve Horn, in his role as chairman of the House
Subcommittee on Government Management, Information and Technology, has
issued another report card on federal agencies with HCFA once again
receiving an ``F.'' We fear that federal and state government agencies
will not survive the change over to Year 2000 without interruptions in
healthcare reimbursements. Let me explain the impact a failure in the
Medicare/Medicaid programs could cause in the delivery of prescription
drugs.
Wholesalers operate on very low profit margins (1997 figures show a
net profit after taxes of 0.76 percent) and extend credit to their
customers who also operate on very tight margins. Over 75 percent of
prescription drugs are reimbursed through various third party and
government programs. Pharmacies and hospitals purchase products on
credit with the expectation that there will be a continual flow of
reimbursement to offset these expenses. If prescription drug
reimbursements for their Medicaid and Medicare patients should be
interrupted for any length of time, we are concerned that many retail
pharmacies and rural hospitals will not be able to weather the storm.
A related concern is the emerging role wholesalers have recently
taken to manage their customer's receivables. Wholesalers, as part of
their customer service program, will buy the receivables from their
pharmacy customers and pay them within three days. Typically, the
wholesaler must then wait 30 to 90 days to be reimbursed by the third
party payer. If the government or other payers are not Y2K compliant,
it will seriously imperil the cash flow for the wholesalers and their
customers.
Government reimbursement is only one area that could disrupt the
flow of life sustaining prescription drugs to patients. Even if all
parts of the prescription drug supply chain are compliant and ready, if
there are failures in other links, it would be irrelevant that we are
ready. We need assurances that government agencies will be Y2K ready so
they can seamlessly carry out their important functions. If they are
not, and drug wholesalers therefore cannot provide pharmaceuticals to
the pharmacy or hospital when they are needed, the results could be
catastrophic. Additionally, failures within the transportation,
communications, public utility or financial networks will have a great
impact on our sector. All these systems are interconnected and
disruption in one causes disruption throughout the entire system.
We are hearing that patients and providers are starting to talk
about trying to stockpile products as a contingency plan. This is not a
realistic approach and one that could prove to be very dangerous to the
patient. Not only are there cost and efficiency concerns, but more
importantly, there are safety and efficacy issues revolving around the
integrity of the product due to expiration dates and sensitive storage
requirements. In addition, if a DEA registrant suddenly increased its
normal ordering pattern for controlled substances, a ``suspicious
order'' report would be generated and investigation of these events
would put an unnecessary and avoidable drain on law enforcement
resources. Also, many patients are prohibited under their insurance
plans from obtaining more than a 30-day supply of their prescription.
Clearly, stockpiling or hoarding prescription drugs is not the answer.
conclusion
Wholesalers are making contingency plans to make sure there is not
a disruption in the availability of product. I want to emphasize that
wholesalers are just one link in the chain. If the government agencies
that play such a vital role in the health care system are not going to
be Y2K compliant, contingency plans must be quickly completed and this
information passed on to the public. How a business or industry
develops its own backup plan depends on what government services will
be available. NWDA and our member companies stand ready to work with
government, at all levels, to address these issues to ensure that life
saving medicines continue to get to those who need them when they need
them. Time is of the essence. I thank the Committee for holding this
hearing today to address this momentous issue.
______
Responses of Ronald J. Streck to Questions Submitted by
Chairman Bennett
Question. Mr. Streck, even though your industry deals with 750
pharmacy suppliers and 130,000 outlets in the country, you rate
government agencies as one of your top Y2K concerns. Will you please
tell the Committee which government agency you are most concerned about
and why?
Answer. Government agencies are not our only concern. For example,
we are concerned about the Y2K readiness of our trading partners,
pharmacy customers, utility companies and telecommunication networks.
However, we continue to hear reports from the GAO and others that
numerous government agencies are behind in their efforts to become Y2K
compliant.
We are concerned that HCFA will not be ready. Indeed, in a
September 1998 report, the GAO concluded that ``Despite its actions to
improve the direction and oversight of the Y2K effort, HCFA's Y2K
progress is significantly behind schedule.'' HCFA concerns us because
of the impact a disruption in the reimbursement schedule would have on
pharmacy providers participating in the Medicare and Medicaid programs.
It could be especially devastating for small retail pharmacies. The
ripple effect on drug wholesalers could also be dramatic due to the
emerging role they are taking in managing their customer's receivables.
As discussed in my testimony, ``Wholesalers, as part of their customer
service program, will buy the receivables from their pharmacy customers
and pay them within three days. Typically, the wholesaler must then
wait 30 to 90 days to be reimbursed by the third party payer. If the
government or other payers are not Y2K compliant, it will seriously
imperil the cash flow for the wholesalers and their customers.''
Another federal agency that has a significant impact on drug
wholesalers is the Drug Enforcement Administration (DEA), due to its
oversight responsibilities in tracking controlled substances. Drug
wholesalers need reassurance that DEA's systems will be prepared to
deal with the Y2K problem and that there will not be a disruption in
the distribution of controlled substances. Because drug wholesalers
receive and distribute products via the nation's highways, we are also
concerned that the systems related to this are compliant. It is very
disturbing to read in a GAO report (March 1998, GAO/T-AIMD-98-101) that
``highway safety could be severely compromised because of potential
Year 2000 problems in operational systems.''
The readiness of state agencies that administer programs that
complement or parallel federal programs are also of concern. For
example, if HCFA were Y2K compliant but the state agency that
administers the Medicaid program is not, there will be disruptions.
Finally, I want to clarify one of the numbers cited in the
question--on average, a wholesaler will deal with 750 suppliers;
overall, there are approximately 2,000 such suppliers in the country.
Question. Please explain to the Committee how the Drug Enforcement
Agency (DEA) becomes involved if patients or providers stockpile drugs
in anticipation of the Y2K problem?
Answer. The DEA is responsible for monitoring the distribution of
controlled substances. As you know, these drugs are particularly
susceptible to abuse and therefore the oversight is strict. For
example, the DEA, through the U.S. Attorney General, sets an annual
production quota for Schedule I drugs (high potential for abuse, no
accepted medical use, used primarily in research settings) and Schedule
II drugs (high potential for abuse, acceptable medical use with severe
restrictions, abuse may lead to severe psychological or physical
dependence). While stockpiling of Schedule I's is very unlikely, it
could happen more readily with Schedule II drugs. Based on the quota
amounts, which are established in the preceding year, orders by
manufacturers for ingredient quantities are placed, production
schedules are set, etc. well in advance of the time the product reaches
the marketplace. If stockpiling does takes place toward the end of
1999, manufacturers will not be able to meet the needs of those
patients who did not hoard and their lives will be in danger.
Under the supervision of DEA, there is also a highly regulated
method for tracking controlled substances through the supply chain.
When there is a significant change in ordering patterns or an
unaccounted for variance, it is the obligation of the drug wholesaler
to report this ``suspicious order'' to DEA. DEA then has the
prerogative to investigate. It is our concern that if there were a
marked change in ordering patterns in the final months of 1999, the DEA
would have to expend significant resources to investigate.
I would like to reiterate that I do not believe that stockpiling is
the answer. There are safety, efficacy, storage and waste issues that
must be considered. As discussed in the next question, now is the time
for health care providers and patients to be discussing alternatives to
insure that necessary medications are available if Y2K problems result
in a disruption of the regular supply channel.
Question. Does the wholesale drug industry have any plans to
provide an emergency supply of drugs to people like Laurene West who
will perish without them?
Answer. Virtually all drug wholesalers have contingency plans to
deal with emergency situations. They have a history of providing life
saving medications even when floods, earthquakes, hurricanes and other
natural disasters have disrupted the normal flow of product. I am proud
of the responsiveness and creativity of our industry in these
situations. Ms. West should be commended for her proactive stance and
recognized for raising important concerns. As always, drug wholesalers
are ready to work with health care providers and their patients, who
are especially dependent upon pharmaceuticals to maintain life, to have
ready access to them. It is incumbent upon those providers and patients
to be working together now to develop contingency plans should the Y2K
``bug'' alter the normal means of obtaining the necessary drugs.
Question. Would you please explain to the Committee your industry's
plan for a web page for an industry clearinghouse for Y2K technical
fixes?
Answer. NWDA established and maintains on our website a centralized
page of links that provides industry-specific Y2K information. With the
passage of the Year 2000 Information and Readiness Disclosure Act, we
will be enhancing the site to include a list server and discussion
forum for members to share appropriate Y2K information and solutions.
It is my hope that we will be ``up'' in the next 30 to 45 days. Once it
is operative, a major effort will be undertaken to publicize this
resource to our membership.
Additionally, I am pleased to let the committee know that NWDA may
be working with the Pharmaceutical Research and Manufacturers
Association (PhRMA), the national association representing our
country's pharmaceutical manufacturers, to facilitate dialogue between
our respective members on this topic. We have just begun our
discussions on this project and it may expand to include all segments
of the pharmaceutical supply chain.
Question. Mr. Streck, you have stated that the constant transfer of
information is the reason you are here today. Have you contacted the
major telecommunication companies to tell them of your concerns and
obtain reassurance that they will be operating on January 1, 2000?
Answer. The telecommunications sector touches virtually everyone in
our country. It is my hope that Congress has sent a strong message to
this industry that it is essential that it be Y2K ready on January 1,
2000.
__________
Prepared Statement of Laurene L. West
Standing here before you this morning I probably appear to be in
good health. I am not. Without daily medication and a coordinated
effort from the health care community, I will be a casualty of the Year
2000--I will die.
I had a tumor removed from the center of my brain and now I require
daily medication to prevent re-growth. Additionally, when I had the
first of 13 surgeries on my head, I acquired a staph infection which
does not respond to any known oral antibiotic. I am dependent on IV
antibiotics which I can not stockpile as they expire in less than 30
days. A disruption to the supply of IV antibiotics will kill me.
I am a Registered Nurse--for more than 20 years I have worked in
Critical Care areas of the hospital. Concurrently for the past 14
years, I have worked to develop and implement medical information
systems. For the past two years I have worked with various health care
organizations to help them prepare for the Year 2000 crisis.
I know health care. I know what impact the Year 2000 will have on
healthcare.
My message today is two fold * * *
First--we have all read media reports expressing concern about
potential power outages in the Year 2000 and the resulting effect on
national security, financial institutions, air traffic control, etc. *
* * all hospitals and health care facilities will be at significant
risk without power. However, today, I want to suggest that a disruption
in the medication supply will be more important than a disruption to
the power supply. Nurses can keep patients alive with manual
procedures--doing CPR for extended periods of time but we can not keep
patients alive without medications.
The second message is that all Americans will be affected if there
is a disruption in the supply and distribution of medications,
particularly for those of us who are alive only because we have
uninterrupted access to prescription medications.
Ladies and Gentlemen, my medications requirements are minimal
compared to those of many other Americans. Millions of insulin
dependent diabetics, cardiac patients, transplant patients (kidney,
heart, lung, cornea--all organs) will die if their medication
requirements are not met.
We need to begin immediately to teach the American public what they
can do to prepare. We need a massive, national public awareness/
education program so that we can minimize the number of Year 2000
related casualties. An informed and educated public will be less likely
to panic * * * causing social unrest because prescription drugs are not
available.
All medication dependent Americans are looking to you to help
mobilize national resources to help us survive. I want to help with
this process, all I need are funding and your influence.
Let's work with the RX2000 Solutions Institute, health care
organizations represented in this room, the American Medical
Association, AARP, The International Red Cross, as well as federal
resources to develop plans for a coordinated national preparedness
program so that the Year 2000 does not cause unacceptable risks.
We need legislation allowing for a one time exclusion for Medicare
or health plans allowing patients to receive a 90 day supply of
medications instead of a 30 day supply. We need creative processes for
distributions of controlled substances and radioactive isotopes. (All
health plans should volunteer this option.) Just in time inventory is a
big problem
Pharmaceutical companies--should be pressuring AMA, AHA, ANA, DOI
to allow for this exclusion * * * may loose 50-70 percent of their
client base by Q1 2000).
We need to work with the CDC (Center for Disease Control) to
prevent global epidemics from a lack of antibiotics or immunizations.
We should compose a National ``Patient Advocacy Council'' to
monitor Y2K efforts within all health care organizations. This could be
an attachment to the RX2000 Institute. (I would like to chair this
committee.)
Health care organizations should be required to stockpile
medications and supplies as well as disclose their Y2K compliance
progress with their patient population.
And, if worst case scenarios do occur, and health care is rationed,
the public needs to know what procedures and diagnoses will be treated.
Thus far, most health care organizations have taken the stance that
their liability exposure can be limited by keeping ``in check'' their
due diligence efforts. (This may be politically and legally correct but
I do not consider this to be ethical.) If WE do not teach the public,
who will? There is no harm if we over react, many may die if we do not
act.
I am willing to do whatever I can to help save as many lives as
possible--mine included. My story is not unique, there are millions of
people who know there is a problem but they do not know where to turn
for suggestions or help. Let's help them.
__________
ADDITIONAL MATERIAL SUBMMITTED FOR THE RECORD
______
NORPAC Foods, Inc.,
Stayton, Or, October 5, 1998.
Hon. Gordon Smith,
U.S. Senate,
Washington, DC.
Dear Senator Smith: It is a privilege to respond to your request
for information about how NORPAC Foods, Inc., Oregon's largest fruit
and vegetable processor, is addressing Year 2000 (Y2K) issues.
As a large food processor, we are addressing Y2K issues to meet two
long-range goals and specific near-term business objectives.
First, our actions are guided by our commitment to maintain and
improve the critical trust relationship we have with our consumers at
every level of our distribution process. This includes our 240 owner-
growers, more than 4,000 employees, countless suppliers, and the
citizens in the communities throughout Oregon where our facilities are
located. Our public holds us to a critical standard and we take that
responsibility very seriously throughout every level of our
organization.
We have placed Y2K compliance in this trust category because of the
critical interdependence NORPAC has with so many people, and the scores
of inside and outside company business functions that are served by our
computer system. There is the continuous expectation that both the
quality and access to information, and how we and others use it, must
not be adversely affected.
Second, we are a highly regulated business operating in an industry
that must continue to meet many stringent standards established by
federal, state or local governments, or the specific operating
agreements we have with our growers, suppliers or vendors.
Recognizing these two trust goals and our primary operational
objective to ensure that the goods and services we provide will flow
without interruption as we move into the next century, we established
our formal Y2K Project in 1997. This multi-phase process has been
implemented throughout every level of our company, with the ongoing
support of our board of directors.
While you will find a more specific description of our plan
attached to my letter, here is a summary of our actions.
Our initial and primary operational focus has been on our own
internal computer system. This system integrates the operation of our
company across five geographically dispersed locations and through
shared business relationships with many other businesses outside of
NORPAC. We have brought our information systems department together
with plant operations and engineering to look at both common and
specific issues and solutions.
Earlier this year, we required that any new software systems,
whether developed internally or purchased externally, be Y2K compliant.
To raise expectations with our suppliers and external business partners
about NORPAC's standards, we sent a letter and readiness survey to
prompt them to take appropriate actions.
These actions have resulted in a detailed assessment of where we
are, particularly with our progress on coding changes to our own
systems. Before the end of this year, we will have completed all
testing and verification to ensure that our software changes are Y2K
compliant.
Operationally, we are working to identify, assess and develop
responses to problems in outside-manufactured processing equipment.
This effort has been challenging, as suppliers are presenting a
declining level of information about whether this equipment has time-
dated chips. Ultimately, this will impact our re-packing of stored
fruits and vegetables into ready-to-market consumer products, and the
transportation and tracking of them more than one year from now.
Despite the fact that we have made a significant investment in
information about the Y2K issue, and developed and implemented a very
thorough and comprehensive response, many uncertainties remain.
The issues are larger than what will happen from a data processing
or operational standpoint when we enter the new millennium. For
example, what will our unknown legal exposure be? Where will a company
like NORPAC be, who has made a very thorough effort to meet this
problem, who then finds itself exposed to presently undefined legal
liabilities?
We would encourage Congress, under your leadership, to craft some
appropriate ``firewall'' legislation to acknowledge and protect those
organizations, like NORPAC, who have made significant efforts to ensure
Y2K compliance.
Senator Smith, from your own knowledge of the food processing
business, you know that all of us take these issues very seriously.
Because we are a food processor, we may hold ourselves to a standard of
public trust that is unique, but we are not asking for unique
protection.
Rather, we would encourage you and the Congress to look for ways to
clearly acknowledge Y2K compliance, and provide every American business
with an assurance that their efforts have created a foundation for the
future not a springboard for a decade of unanticipated litigation.
In the spirit of sharing information about this important issue and
reaching solutions to common problems, please look to NORPAC Foods as a
participant with Congress and other interested parties. If you, or your
distinguished colleagues, have any questions, please call me.
Thank you for your continuing leadership.
Sincerely,
Rick Jacson,
President and CEO.
______
NORPAC Foods, Inc. Action Summary
--What is the issue? (1)
--What is our OBJECTIVE? (2)
--How did we get started and what have we done? (3)
--Where are we now? (4)
--What areas are there where there might be exposure? (5)
(1) the issue
Simply stated, computers (where ever they are used) may have a
problem functioning January 1, 2000, due to a defect in date
identification. Given our exposure, we needed to identify where we use
computers and then ensure that the date issue will not negatively
impact our operations.
(2) our objective
NORPAC views Year 2000 compliance as a company-wide issue and has
a serious commitment to ensure that goods and services we provide will
flow without interruption as we move to the next century.
A major activity has been to ensure our computer systems will
function without interruption. We have involved Plant Operations and
specifically, our Engineering Department to review all of our
processing capabilities for compliance with the year 2000 issue.
(3) how did we get started and what have we done?
NORPAC established a formal Year 2000 Project in 1997. Awareness of
the Y2K problem was communicated to all areas of the company, as well
as the Board of Directors. Since 1997, our Information Systems
Department has required that any new systems, whether internally
developed or acquired from software vendors, are Year 2000 compliant
when delivered. In early 1998 NORPAC encouraged its suppliers to take
appropriate action as well. In February 1998, a letter and survey was
sent to all NORPAC suppliers and external business partners. The goal
was to raise awareness of NORPAC's expectations with its suppliers, to
determine their readiness with the Y2K issues and to gain their
commitment that they will be Year 2000 compliant.
(4) assessment (where are we now?)
INFORMATION SYSTEMS: At this point we have done an extensive
assessment as to the Y2K impact on our computer system processes. This
includes our software (in-house developed or purchased), our computer
hardware (both company computers and personal computers), and our data
communication capabilities (including EDI standards). We are rapidly
completing the ``coding'' changes to our computer systems to make them
Y2K compliant. We are now entering a testing phase, where all software
changes need to be tested and verified. This is a critical and fairly
lengthy process. We want to complete this effort, if at all possible,
by the end of this year.
OTHER AREAS: As a food processor we have extensive processing
equipment in our plants. Much of this equipment uses micro processors
and PLC's (programmable logical controllers) to monitor and control the
processing. Fortunately, for us there is very little date manipulation.
We also have the advantage that most of the control processors have
manual override capability. We have concluded that our exposure in this
area is very limited, and we have not had to conduct any rigid
verification and testing procedures.
(5) exposure/concerns
There are areas where we simply do not know if we will have a
problem. These areas lie outside our control (power, transportation,
banking systems). However, these ``gray'' areas do require us to be
attentive to any information about the potential problems that might
negatively impact us. This will be an on-going process up until 01/01/
2000.
The INTERNET continues to provide a wealth of this information. We
expect that Federal and State government will continue to provide
information as well. We have already met with our local city government
and with the state's Y2K Project Leader. Issues like electrical power
availability are now being discussed. It appears that complete
assessment of exposure in many of these areas is still underway. As new
information presents itself, and this creates concern for us on our
company's ability to carry on our business operation, contingency plans
will need to be made more formal. This is an area that can impact us
all; the private citizen, business or government. It seems appropriate
that an information sharing initiative be established (whether that be
on the INTERNET, town hall meetings or other formats).
�