Social Security Administration: Year 2000 Readiness Efforts Helped Ensure
Century Rollover and Leap Year Success (Letter Report, 04/19/2000,
GAO/AIMD-00-125).

Pursuant to a congressional request, GAO reviewed the Social Security
Administration's (SSA) final actions to ensure its year 2000 readiness,
including the actions it took during the rollover period--December
30,1999, through January 3, 2000, as well as for the February 29 leap
year date--to ensure a successful transition to the new century.

GAO noted that: (1) overall, SSA demonstrated a strong and consistent
commitment to addressing identified concerns about its year 2000
program; (2) the agency completed all of the critical tasks involved in
ensuring its readiness prior to the change of century and experienced
only minor problems during the rollover weekend; (3) for those problems
that did occur, SSA now reports that all have been mitigated by
correcting the systems involved; (4) moreover, according to SSA, none of
the problems encountered during the rollover weekend adversely affected
its ability to serve the public; (5) SSA further reported that its
systems processed data without incident during the February 29 leap year
date, another potential date for disruptions; (6) like other
organizations, SSA must still consider the possibility that additional
challenges associated with the year 2000 could occur; (7) there may
continue to be minor problems along the way as organizations process
data and transactions in the future, such as during quarterly,
end-of-year, or other critical periods; (8) while SSA's success so far
is a very positive indicator that any potential hurdles will also be
overcome, the agency nonetheless must continue its diligence in
anticipating and responding to any problems that occur; (9) further, it
will be especially important for SSA to consider how practices that it
applied in addressing the year 2000 problem can now be used to help
ensure the effective management of its broader information technology
program; and (10) SSA agreed that such action should be taken, and the
Commissioner stated that the agency had already begun to apply lessons
learned from its year 2000 experiences.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-00-125
     TITLE:  Social Security Administration: Year 2000 Readiness
	     Efforts Helped Ensure Century Rollover and Leap Year
	     Success
      DATE:  04/19/2000
   SUBJECT:  Systems conversions
	     Computer software
	     Y2K
	     Computer software verification and validation
	     Strategic information systems planning
	     Information resources management
	     Computer security
	     Federal social security programs
	     Data bases
IDENTIFIER:  Y2K
	     SSA Year 2000 Program
	     Supplemental Security Income Program
	     SSI

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************

GAO/AIMD-00-125

Accounting and Information
Management Division

B-28 4973

April 19, 2000

The Honorable E. Clay Shaw, Jr.
Chairman, Subcommittee on Social Security
Committee on Ways and Means
House of Representatives

The Honorable Charles E. Grassley
Chairman, Special Committee on Aging
United States Senate

The Social Security Administration (SSA) relies extensively on information
systems to support the processing of benefits and to provide various other
services to the public.1 The agency maintains and operates over 300
mission-critical computer systems supported by over 35 million lines of
in-house developed computer code and hundreds of commercial off-the-shelf
vendor products. Because of its heavy reliance on computers, the Year 2000
problem presented SSA with the enormous challenge of reviewing all of its
computer software and making the conversions required to ensure that its
systems could handle the first change to a new century since the computer
age began.

Since 1997, we have conducted various reviews and issued five reports and
testimony statements on SSA's efforts to ensure its readiness for the year
2000.2 Our first report, in October 1997, noted SSA's early initiatives to
address the challenge, identified critical risks that threatened the success
of these efforts, and recommended actions for mitigating the risks. Our most
recent testimony in July 1999 updated the agency's progress in implementing
our recommendations and in taking other critical steps to ensure Year 2000
(Y2K) compliance. At your request, this report summarizes our review of
SSA's final actions to ensure its Year 2000 readiness, including the actions
it took during the rollover period--December 30, 1999, through January 3,
2000, as well as for the February 29 leap year date--to ensure a successful
transition to the new century.

Overall, SSA demonstrated a strong and consistent commitment to addressing
identified concerns about its Year 2000 program. The agency completed all of
the critical tasks involved in ensuring its readiness prior to the change of
century and experienced only minor problems during the rollover weekend. For
those problems that did occur, SSA now reports that all have been mitigated
by correcting the systems involved. Moreover, according to SSA, none of the
problems encountered during the rollover weekend adversely affected its
ability to serve the public. SSA further reported that its systems processed
data without incident during the February 29 leap year date, another
potential date for disruptions.

Like other organizations, SSA must still consider the possibility that
additional challenges associated with the year 2000 could occur. There may
continue to be minor problems along the way as organizations process data
and transactions in the future, such as during quarterly, end-of-year, or
other critical periods. While SSA's success so far is a very positive
indicator that any potential hurdles will also be overcome, the agency
nonetheless must continue its diligence in anticipating and responding to
any problems that occur. Further, it will be especially important for SSA to
consider how practices that it applied in addressing the Year 2000 problem
can now be used to help ensure the effective management of its broader
information technology program. SSA agreed that such action should be taken,
and the Commissioner stated that the agency had already begun to apply
lessons learned from its Y2K experiences.

Federal agencies faced the potential for critical computer system failures
at the turn of the century due to incorrect information processing relating
to dates. This problem was rooted in how dates were recorded and processed
in computer systems. Specifically, for the past several decades, systems
typically used two digits to represent the year--such as "97" for 1997; in
such a format, however, 2000 is indistinguishable from 1900. Hence, a
beneficiary born in 1925 and therefore turning 75 in 2000 could be seen as
being negative 25 years old (if "now" is 1900)--not even born yet--and
therefore ineligible for benefits that the individual had already been
receiving.

Correcting this problem was an enormous challenge for all agencies, since
many of the government's computer systems were developed 20 to 25 years ago,
used a wide array of computer languages, and lacked full documentation.
Complete and thorough Year 2000 testing was essential to providing
reasonable assurance that new or modified systems could process dates
correctly and would not jeopardize an organization's ability to perform core
business operations in the new millennium. This included testing systems and
operations at the century rollover and during the February 29, 2000, leap
year date.

As we previously reported,3 SSA first recognized the potential impact of the
Year 2000 problem in 1989, and therefore was able to launch an early
response to this challenge. It initiated early awareness activities and made
significant early progress in assessing and renovating mission-critical
mainframe systems that enable it to provide Social Security benefits and
other public assistance. Moreover, the agency continued to make excellent
progress on the Year 2000 problem throughout the decade. Because of the
knowledge and experience gained through its efforts, SSA was consistently
recognized as a federal leader in addressing the Year 2000 issue.

Like many other organizations, SSA faced a number of challenges to ensuring
its readiness. Our 1997 report identified three key risk areas in the
agency's Year 2000 program: (1) compliance of mission-critical systems used
by the 54 state Disability Determination Services (DDS) that help SSA
administer its disability programs, (2) compliance of SSA's data exchanges
with outside sources, such as other federal agencies, state agencies, and
private businesses, and (3) SSA's lack of contingency plans to ensure
business continuity in the event of systems failures. As a result of these
risks, we recommended several actions for improving SSA's Year 2000
vulnerability in these areas. SSA agreed with all of our recommendations,
and took a number of important actions to implement them.

Our July 1999 testimony noted SSA's progress in implementing our
recommendations and identified other vital steps that the agency had taken
to help ensure its preparedness for the year 2000. For example, SSA
established a Y2K test facility for its operating systems, vendor products,
and mission-critical systems. In addition, to ensure the delivery of
benefits payments, SSA worked jointly with the Department of the Treasury's
Financial Management Service and the Federal Reserve System to test the
transfer of electronic benefits payments from Treasury to the Federal
Reserve through the Automated Clearinghouse network. SSA also coordinated
with the U.S. Postal Service to help ensure the delivery of benefits checks.

While SSA had made significant progress on its Year 2000 efforts, our
testimony, nonetheless, emphasized the need for SSA to finalize certain
tasks integral to ensuring its overall readiness for the year 2000. For
example, although SSA had developed contingency plans to support its core
business operations, it still needed to finalize testing of those plans and
implement its Day One strategy, consisting of actions to be executed during
the last days of 1999 and the first few days of 2000.

The objective of our review was to assess SSA's efforts to finalize critical
tasks required to ensure its Year 2000 readiness, including the actions that
it took during the century rollover period and the February 29 leap year
date to address Year 2000-induced disruptions. To meet this objective, we
reviewed and analyzed key Year 2000 compliance documents, including quality
assurance status reports and monthly and quarterly progress reports
submitted to Congress and the Office of Management and Budget (OMB). We also
reviewed SSA's contingency planning documents, including its Day One
strategy. Further, as part of observing the rollover, we inspected SSA's
Year 2000 command center capabilities and reviewed SSA's Year 2000 incident
reports. We used our Year 2000 guides in evaluating SSA's readiness
activities.4

We discussed SSA's Year 2000 program activities with officials in various
headquarters offices, including the offices of the deputy commissioners for
systems; operations; and finance, assessment, and management. We also met
with management and staff at SSA's program service center in Birmingham,
Alabama, and at its field office in Tucker, Georgia. In addition, we
interviewed Year 2000 program officials at the state DDS office in Decatur,
Georgia. We discussed the nature and extent of rollover and leap year
disruptions with SSA's Year 2000 program director and other appropriate
personnel.

We conducted our review from August 1999 through March 2000, in accordance
with generally accepted government auditing standards. The Commissioner of
Social Security provided comments on a draft of this report. These comments
are discussed in the "Agency Comments" section and are reprinted in appendix
I.

Following our July 1999 testimony, SSA took a number of important steps to
ensure that its Year 2000 tasks were successfully completed prior to the
century rollover. We had noted that while SSA was making excellent progress
on the Year 2000 problem, it had not completed certain tasks that were
critical to ensuring its overall readiness. These tasks included
(1) conducting specific actions required to finalize its Year 2000 business
continuity and contingency plans and (2) correcting date-field errors
identified through a quality assurance process that the agency implemented
to reduce Year 2000 risks.

Among SSA's most important responsibilities in the months leading up to the
new century was completing certain tasks required to ensure the
effectiveness of its Year 2000 business continuity and contingency plans,
and coordinating with its own staff and business partners to ensure the
timely functioning of its core business operations. This included
coordinating with its benefits delivery partners on contingency actions for
ensuring timely benefits payments, and completing various tests of the plans
to ensure their viability and usefulness in the event of a systems failure.

To ensure that Social Security and other benefits would continue to be paid
at the turn of the century, SSA assisted Treasury in establishing a number
of payment-related contingencies. These included developing alternative
disbursement processes for financial institutions that experience Y2K
disruptions and arranging to provide third-party emergency payments to
beneficiaries. In addition, SSA worked with the U.S. Postal Service to
ensure that paper checks would be delivered on time.

SSA also conducted extensive testing of its business continuity and
contingency plans to evaluate whether individual contingency plans were
capable of providing the level of support needed to the agency's core
business processes and whether the plans could be implemented within a
specified period. To accomplish this, SSA rehearsed its contingency plans at
selected field offices. These tests involved, for example, using paper
forms, rather than computers, to process Social Security and Supplemental
Security Income workloads. SSA relied on the test results to determine what
resources were required to carry out specific contingency tasks and to
familiarize staff with the required tasks prior to the rollover weekend. SSA
completed testing its business continuity and contingency plans by September
30, 1999.

A critical feature of SSA's contingency planning was the development and
implementation of a Day One strategy to guide its rollover activities. SSA
included this strategy in its overall business continuity and contingency
plan to ensure, to the extent possible, that its facilities and systems
would be fully operational on January 3, 2000--the first business day of the
new century. The strategy comprised the comprehensive set of actions that
were to be executed during the last days of 1999 and the first days of 2000
and the activities leading up to the critical century rollover date, such as
the identification of key personnel involved, preparation of facilities
checklists, establishment of a Year 2000 command center, and the
identification of computer systems to be tested.

To ensure that its Day One strategy would be effective, in September 1999,
SSA conducted simulations of potential infrastructure problems that could
affect its operations (for example, telephone, electric power, and water
outages; security system failures; and the lack of mainframe computer
connectivity). Designated personnel in selected SSA offices used the Day One
strategy as a guide for mitigating the problems encountered during the
simulations. Lessons learned from the simulations became the basis for
revising the Day One strategy and for better informing SSA's personnel of
the critical activities that could be involved in ensuring continued
operations during the rollover and beyond.

Assurance Process

Our July 1999 testimony noted that SSA had instituted a change management
process to help reduce the risk of Year 2000 disruptions. One of the key
components of the change management process was the use of a quality
assurance validation tool that allowed SSA to assess the quality of its
previously renovated mission-critical applications.5 Specifically, this tool
searched application programs to identify any date defects that were
introduced into systems after they were already certified Year 2000
compliant. SSA then corrected and recertified the applications before
returning them to production.

SSA applied the validation tool to all compatible (284 of its 308)
mission-critical applications.6 At the time of our testimony, SSA had
assessed about 92 percent of those applications and had identified more than
1,500 date-field errors. However, only about 44 applications had actually
been corrected, recertified, and returned to production. SSA subsequently
made the necessary corrections to these applications, and in December 1999
recertified all of its compatible applications as having no errors.

SSA encountered few Year 2000-related errors in its transition to the new
century, reporting that the Year 2000 problem had no effect on its business
operations or the delivery of its key services. SSA's early awareness of the
Year 2000 problem and its prompt attention to addressing identified Year
2000 risks helped position it to successfully meet this challenge. SSA
enhanced its readiness by using the rollover weekend to identify and, where
necessary, correct errors before any problems could result in operational
consequences.

In guidance on planning for the rollover period,7 we stated that
organizations should activate coordination/command center(s), conduct
facility inspections, and perform postrollover tests, evaluations, and
assessments of key business processes and supporting systems. Consistent
with this guidance, SSA established several centralized centers of activity
to operate during the rollover weekend. Foremost was the agency's Year 2000
Command Center, located in its National Computer Center in Baltimore,
Maryland. The command center served as the focal point for monitoring all of
the agency's Day One activities and for providing direct access to the most
current updates on SSA's Year 2000 status. The center was staffed with key
representatives from various offices throughout SSA. These included the
office of the deputy commissioner for systems, as well as the offices of the
deputy commissioners for operations; finance, assessment and management;
disability and income security programs; communications; and legislative and
congressional affairs.

SSA's rollover activities began on December 30, 1999, and continued through
January 3, 2000. During this period, designated personnel throughout the
agency were tasked with inspecting, evaluating, and reporting on virtually
every one of SSA's offices. This included assessing infrastructure elements
such as electric power, telephones, and elevators, and monitoring the
agency's local area network operations and the status of on-line and batch
production workloads. Coordination and reporting on the overall health of
the agency's equipment and software were facilitated by the use of various
existing tools, including the Internet, Intranet, telephones, and public
television. SSA communicated (via a dedicated terminal) with the federal
Information Coordination Center in Washington, D.C., on the status of
operations during the rollover period.8

Overall, SSA identified three problems related to Y2K, but its Year 2000
project team considered each to be minor, and reported that SSA was able to
correct them with no impact on the agency's processing capabilities.9 Two of
the three problems involved electronic mail. In one incident, electronic
messages generated during the rollover weekend were erroneously dated 1900.
In the second incident, some electronic messages with return receipt
requests contained a subject line that displayed an incorrect century. SSA
stated that neither problem adversely affected actual e-mail traffic.
Further, SSA reported, it corrected the first problem on January 3, 2000,
and the second by January 21, 2000, using a vendor software patch.

In a third incident, SSA encountered a problem in which the year was not
fully displayed on reports produced in the field offices to alert claims
examiners to outstanding actions. Specifically, the display date did not
show the complete year due to the suppression of one of the zeros contained
in the year 2000. As with the previous two problems, SSA did not consider
this incident to be significant, and reported it corrected on January 15,
2000, as part of its normal monthly software maintenance activities.

Another key Year 2000-related date that threatened to affect SSA was leap
day--February 29, 2000. A failure to ensure that computer systems could
recognize this date raised the potential that applications would process
data incorrectly by, for example, miscalculating the number of days between
significant dates or in a significant time frame (for example, week, month,
quarter, or year). SSA had anticipated the potential impact of this date and
had included it among the agency's critical processing dates that were
tested for Year 2000 compliance. In reporting on the status of its leap day
operations, SSA stated that the agency did not encounter any problems or
limitations in its processing capabilities as a result of this date.

Information Technology

For many federal agencies, the threat posed by the Year 2000 problem was a
much needed alert. Because of the urgency of the issue, agencies could not
afford to carry on in the same manner that had resulted in over a decade of
poor information technology planning and program management. As we reported
in October 1999,10 the Year 2000 problem laid a foundation for longer term
improvements in the way the federal government views, manages, and protects
computer systems supporting the nation's critical infrastructure.
Accordingly, it is important that agencies institutionalize the processes
that they established to contend with the Year 2000 problem so that future
information technology initiatives benefit from this massive effort. Lessons
learned from the Year 2000 challenge should be applied to agencies'
implementation of the Clinger-Cohen Act of 1996 which, in part, seeks to
strengthen executive leadership in information management and institute
sound capital investment decision-making to maximize the return on
information systems investments. As we recently testified,11 among the
lessons learned governmentwide were the importance of

ï¿½ providing high-level congressional and executive branch leadership,

ï¿½ understanding the importance of computer-supported operations,

ï¿½ providing standard guidance,

ï¿½ establishing partnerships,

ï¿½ facilitating progress and monitoring performance, and

ï¿½ implementing fundamental information technology improvements.

As part of its Year 2000 program, SSA implemented a number of practices that
hold valuable lessons about how information technology can best be managed.
It will be essential for SSA to consider how these practices can be used to
help ensure effective management of its information technology over the
longer term. For example, as a leader among federal agencies in addressing
the Year 2000 problem, SSA played a pivotal role in energizing other federal
agencies to meet the challenge. SSA's assistant deputy commissioner for
systems chaired the Chief Information Officers Council's Committee on the
Year 2000, and in this capacity, helped raise awareness about the Y2K threat
across government and provide valuable assistance to other federal agencies
in addressing the problem. For example, SSA was instrumental in supporting
federal agencies' development of Day One strategies, which were necessary to
reduce the risk to facilities, systems, programs, and services during the
critical rollover period. In testifying on the Year 2000 problem in January
1999,12 we noted that SSA had developed such a strategy and encouraged OMB
to consider requiring other agencies to develop similar strategies. OMB
agreed, subsequently requiring agencies to submit Day One strategies by
October 15, 1999. SSA's strategy became the model that many other federal
agencies and private-sector organizations used in developing their own Day
One blueprints.

As SSA proceeds with its operations in the new century, it now has the
opportunity to build upon its position as a proactive Year 2000 leader,
facilitating more effective management of information technology.
Specifically, in undertaking its own information technology planning and
program management, and because of the broad range of technology-related
information and perspectives gained from addressing the Year 2000 problem,
SSA should be better positioned to explore how technology can improve agency
performance. Further, because the Year 2000 problem demanded consistent and
persistent top management attention, SSA's leadership should now have a more
established basis for identifying, prioritizing, and evaluating the
effectiveness of information technology to best meet the agency's needs.

The Year 2000 problem also compelled SSA to closely examine its
relationships with business partners critical to the delivery of its
services, especially those involving the payment of benefits. As mentioned,
SSA worked closely with its benefits payment delivery partners--the
Department of the Treasury, the Federal Reserve System, and the U.S. Postal
Service--to ensure the continuity of operations supporting Social Security
and Supplemental Security Income benefits payments. SSA's development of a
benefits payment and delivery plan that provided alternate ways of
delivering payments to Social Security beneficiaries in the event of a Year
2000-related problem was an example of how the agency effectively partnered
with Treasury and the Federal Reserve to meet this challenge.

As organizations increasingly look to electronic communications and commerce
as a means of conducting business, the need for partnerships among federal
agencies and other entities is likely to grow in importance. Electronic
interdependencies, and the potentially massive exchanges of data that are
likely to accompany them, prompt an increasing need for federal agencies and
private entities to form partnerships to deal with crosscutting issues, such
as Internet service delivery and computer security. As a result of its Year
2000 work, SSA should now have an improved basis for establishing and
building upon its partnerships with other organizations to meet this
challenge.

The Year 2000 problem resulted in many agencies' taking charge of their
information technology resources in much more active ways than they did in
the past, and provided them with the incentive and opportunity to assume
control of their information technology environments. SSA accomplished this
in part by implementing its Year 2000 quality assurance validation tool to
help reduce the risk of disruption. As part of an established series of
change management procedures, the tool enabled SSA to reexamine all of its
previously renovated mission-critical applications to make sure that date
defects were not introduced into systems that were already certified Year
2000-compliant. Beyond the Year 2000 rollover, the tool remains useful for
reducing the risk of date problems associated with SSA's future software
application modifications. SSA has recognized this potential benefit and has
begun pilot testing the tool on current software projects to determine the
best approach for institutionalizing the quality assurance mechanism within
its software development and maintenance process.

SSA's development of its Year 2000 business continuity and contingency plans
should also help in the future. In the event that an emergency occurs that
negatively affects the agency's ability to perform services electronically,
the plan contains numerous tested procedures that could help facilitate
SSA's continued operations.

At the conclusion of our review, the Year 2000 program director stated that,
beyond considering broader implementation of the quality assurance tool, SSA
had not yet undertaken nor established a plan for conducting a
postevaluation study of its Year 2000 practices. However, he acknowledged
the potential value in assessing how these practices can be applied to help
SSA effectively manage its information technology. He added that he intended
to suggest to SSA management that such an evaluation be undertaken.

Because of SSA's commitment to and leadership in addressing the Year 2000
problem, it was well-positioned to enter the new century, encountering few
difficulties during the rollover. Now that the new century has arrived, it
is important that SSA maintain this momentum. Institutionalizing the
practices established to contend with the Year 2000 problem, such as use of
the quality assurance validation tool, could assist SSA in more effectively
managing its information technology.

To help ensure the effective management of information technology, we
recommend that the Commissioner of Social Security direct the Chief
Information Officer, in conjunction with the Deputy Commissioner for
Systems, to capitalize on the lessons learned from SSA's Year 2000
initiative by

ï¿½ establishing and implementing a plan and cognizant milestones for
identifying which of its processes and practices can be applied to the
agency's existing approach toward managing information technology and

ï¿½ institutionalizing those processes and practices as part of the agency's
implementation of the Clinger-Cohen Act, where appropriate.

In commenting on a draft of this report, SSA agreed with our recommendations
and stated that the agency had already begun to apply lessons learned from
its Year 2000 efforts. For example, SSA stated that its Year 2000
contingency plans have been incorporated into the agency's Continuity of
Operations Plans. In addition, SSA reiterated that it has begun to pilot
test the quality assurance validation tool used for its Year 2000 program to
determine whether it can help effectively manage the agency's information
technology. SSA also stated that it plans to consider applying the lessons
learned from its Year 2000 initiative in its implementation of the
Clinger-Cohen Act.

We are sending copies of this letter to the Honorable Kenneth S. Apfel,
Commissioner of Social Security; the Honorable Jacob J. Lew, Director of the
Office of Management and Budget; appropriate congressional committees; and
other interested parties. Copies will also be made available to others upon
request.

Please contact me at (202) 512-6253 or by e-mail at [email protected]
if you have any questions concerning this report. Key contributors to this
assignment were Michael A. Alexander, Kenneth A. Johnson, and Valerie C.
Melvin.

Joel C. Willemssen
Director, Civil Agencies Information Systems

Comments From the Social Security Administration

(511833)
  

1. The Old Age Survivors Insurance and Disability Insurance programs,
together commonly known as Social Security, provide benefits to retired and
disabled workers and their dependents and survivors. The Supplemental
Security Income program provides income for aged, blind, or disabled
individuals with limited income and resources. SSA also issues Social
Security numbers to eligible individuals and maintains and provides earnings
records for individuals working under employment covered by the program.

2. Social Security Administration: Significant Progress Made in Year 2000
Effort, But Key Risks Remain (GAO/AIMD-98-6 , October 22, 1997), Social
Security Administration: Information Technology Challenges Facing the
Commissioner (GAO/T-AIMD-98-109 ,
March 12, 1998), Year 2000 Computing Crisis: Continuing Risks of Disruption
to Social Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161 , May
7, 1998), Year 2000 Computing Crisis: Update on the Readiness of the Social
Security Administration (GAO/
T-AIMD-99-90 , February 24, 1999), and Social Security Administration:
Update on Year 2000 and Other Key Information Technology Initiatives
(GAO/T-AIMD-99-259 , July 29, 1999).

3. GAO/AIMD-98-6 , October 22, 1997.

4. Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14 ,
September 1997), Year 2000 Computing Crisis: Business Continuity and
Contingency Planning (GAO/
AIMD-10.1.19 , August 1998), Year 2000 Computing Crisis: A Testing Guide
(GAO/
AIMD-10.1.21 , November 1998), and Y2K Computing Challenge: Day One Planning
and Operations Guide (GAO/AIMD-10.1.22 , October 1999).

5. The two other components of this change management process were (1)
system recertifications and (2) a moratorium on discretionary software
modifications between September 1, 1999, and March 31, 2000.

6. According to SSA, 10 of the 308 applications were not tested because they
were incompatible with the tool; 13 applications were not tested because
they are no longer in use (for example, obsolete, retired, or replaced); and
one because it is no longer a part of SSA's inventory.

7. GAO/AIMD-10.1.22 , October 1999.

8. The President created the Information Coordination Center in June 1999 to
assist the Chair of the President's Council on Year 2000 Conversion. Under
its umbrella, the federal government implemented a large-scale reporting
process to obtain information on events occurring during the rollover
weekend from major federal agencies, states, key sectors of the economy, and
foreign countries.

9. Because the identified problems did not have a significant impact on
operations, SSA did not report them to the Information Coordination Center.

10. Critical Infrastructure Protection: Comprehensive Strategy Can Draw on
Year 2000 Experiences (GAO/AIMD-00-1 , October 1, 1999).

11. Year 2000 Computing Challenge: Leadership and Partnerships Result in
Limited Rollover Disruptions (GAO/T-AIMD-00-70 , January 27, 2000).

12. Year 2000 Computing Crisis: Readiness Improving, But Much Work Remains
to Avoid Major Disruptions (GAO/T-AIMD-99-50 , January 20, 1999).
*** End of document. ***