Defense Computers: Issues Confronting DLA in Addressing Year 2000
Problems (Letter Report, 08/12/97, GAO/AIMD-97-106).

Pursuant to a congressional request, GAO reviewed the Defense Logistics
Agency's (DLA) program for solving its Year 2000 computer problem,
focusing on the: (1) status of DLA's efforts to correct its Year 2000
problems; and (2) appropriateness of DLA's strategy and actions for
ensuring that the problem will be successfully addressed.

GAO noted that: (1) DLA has recognized that the Year 2000 problem has
the potential to be the largest information technology dilemma it has
encountered to date and that if not successfully resolved, the supply,
technical, logistics, and contract services that DLA provides to the
military services could be severely disrupted; (2) to its credit, DLA
has already: (a) assessed the Year 2000 impact on its operations; (b)
inventoried its systems; (c) conducted pilot projects to determine Year
2000 effects on some of its major systems; and (d) developed and issued
policies, guidelines, standards, and recommendations on Year 2000
correction for the agency; (3) these steps are consistent with GAO's
guidelines and the Department of Defense's (DOD) five-phase approach for
planning, managing, and evaluating Year 2000 programs; (4) however, DLA
has not yet completed several critical steps associated with the
assessment phase of Year 2000 correction that are designed to ensure the
agency is well-positioned to deal with delays or other problems
encountered in the remaining phases; (5) DLA has not been working enough
with its customers and others who have established system connections or
interfaces to ensure consistency in handling date information passed
between systems; (6) the agency has not included thousands of
field-developed, unique programs as part of its Year 2000 systems
inventory or made these programs part of its Year 2000 program office's
responsibility; (7) these unique programs can introduce errors into
DLA's automated information systems just as easily as those systems that
have external interfaces with DLA systems; (8) in addressing these two
issues, DLA can help ensure the success of its efforts to correct the
systems within its control; (9) DLA has not: (a) prioritized the 86
automated information systems that it plans on being operational in the
year 2000 to ensure that the most mission critical systems are corrected
first; or (b) developed contingency plans to establish the course of
action that should be followed in the event that any of DLA's mission
critical systems are not corrected on time; and (10) since DLA
activities are critical to supporting military operations and readiness,
GAO believes that the agency should begin prioritizing its systems and
developing contingency plans so that logistics operations can continue
even if unforeseen problems or delays in Year 2000 corrective actions
arise.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-97-106
     TITLE:  Defense Computers: Issues Confronting DLA in Addressing 
             Year 2000 Problems
      DATE:  08/12/97
   SUBJECT:  Computer software verification and validation
             Information systems
             Systems conversions
             Data integrity
             Strategic information systems planning
             Defense operations
             Computer software
             Information resources management
IDENTIFIER:  DLA Year 2000 Program
             DOD Year 2000 Management Plan
             Defense Integration Support Tools Database
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Report to the Director of the Defense Logistics Agency

August 1997

DEFENSE COMPUTERS - ISSUES
CONFRONTING DLA IN ADDRESSING YEAR
2000 PROBLEMS

GAO/AIMD-97-106

DLA Year 2000 Challenges

(511622)


Abbreviations
=============================================================== ABBREV

  AVEDS - Automated Voucher Examination and Disbursement System
  CIO - Chief Information Officer
  DFAMS - Defense Fuels Automated Management System
  DISMS - Defense Integrated Subsistence Management System
  DIST - Defense Integration Support Tools
  DLA - Defense Logistics Agency
  DOD - Department of Defense
  FAS - Fuels Automated System
  MOCAS - Mechanization of Contract Administration Services
  OASD(C3I) - Office of the Assistant Secretary of Defense for
     Command, Control,
  Communications and Intelligence
  OUSD(A&T) - Office of the Under Secretary of Defense for
     Acquisition and Technology
  SAMMS - Standard Automated Materiel Management System

Letter
=============================================================== LETTER


B-277130

August 12, 1997

Lieutenant General Henry Glisson, USA
Director, Defense Logistics Agency

Dear General Glisson: 

On July 7, 1997, we briefed the primary action officer from the
Office of the Under Secretary of Defense for Acquisition and
Technology (OUSD(A&T)), your Deputy Chief Information Officer, and
other members of your staff on the results of our review to date of
the Defense Logistics Agency's (DLA) program for solving its Year
2000 computer problem.  If this problem is not addressed in time, DLA
computer systems could malfunction or produce incorrect information. 
The impact of these failures could be widespread, costly, and
debilitating to important logistics missions. 

Our briefing was based on work we performed as part of our review of
the Department of Defense's (DOD) Year 2000 computer systems efforts
for the Chairman, Senate Committee on Governmental Affairs; the
Chairman and Ranking Minority Member, Subcommittee on Government
Management, Information and Technology, House Committee on Government
Reform and Oversight; and the Honorable Thomas M.  Davis, III, House
of Representatives.  During our review, we concentrated on
determining (1) the status of DLA's efforts to correct its Year 2000
problems and (2) the appropriateness of DLA's strategy and actions
for ensuring that the problem will be successfully addressed.  This
letter summarizes the concerns we raised, provides recommendations
that should alleviate those concerns, and documents the actions
representatives from the OUSD(A&T) and your office agreed to for
correcting DLA's Year 2000 problems. 


   RESULTS IN BRIEF
------------------------------------------------------------ Letter :1

DLA has recognized that the Year 2000 problem has the potential to be
the largest information technology dilemma it has encountered to date
and that if not successfully resolved, the supply, technical,
logistics, and contract services that DLA provides to the military
services could be severely disrupted.  To its credit, DLA has already
assessed the Year 2000 impact on its operations; inventoried its
systems; conducted pilot projects to determine Year 2000 effects on
some of its major systems; and developed and issued policies,
guidelines, standards, and recommendations on Year 2000 correction
for the agency.  These steps are consistent with our guidelines and
DOD's five-phase approach for planning, managing, and evaluating Year
2000 programs. 

However, DLA has not yet completed several critical steps associated
with the assessment phase of Year 2000 correction that are designed
to ensure the agency is well-positioned to deal with delays or other
problems encountered in the remaining phases.  First, DLA has not
been working enough with its customers and others who have
established system connections or interfaces to ensure consistency in
handling date information passed between systems.  Second, the agency
has not included thousands of field-developed, unique programs as
part of its Year 2000 systems inventory or made these programs part
of its Year 2000 program office's responsibility.  These unique
programs can introduce errors into DLA's automated information
systems just as easily as those systems that have external interfaces
with DLA systems.  In addressing these two issues, DLA can help
ensure the success of its efforts to correct the systems within its
control. 

In addition, DLA has not (1) prioritized the 86 automated information
systems that it plans on being operational in the year 2000 to ensure
that the most mission critical systems are corrected first or (2)
developed contingency plans to establish the course of action that
should be followed in the event that any of DLA's mission critical
systems are not corrected on time.  Since DLA activities are critical
to supporting military operations and readiness, we believe that the
agency should begin prioritizing its systems and developing
contingency plans so that logistics operations can continue even if
unforeseen problems or delays in Year 2000 corrective actions arise. 


   SCOPE AND METHODOLOGY
------------------------------------------------------------ Letter :2

During our review, we compared DLA's efforts to plan and manage its
Year 2000 program to GAO's Year 2000 Assessment Guide.\1 We also
reviewed DOD's Year 2000 Management Plan;\2 related DLA policies,
directives, and strategies; and public and private sector Year 2000
guidance.  We focused our review on Year 2000 work being carried out
by (1) DOD's Office of the Assistant Secretary of Defense for
Command, Control, Communications and Intelligence (OASD(C3I)), which
is responsible for promulgating DOD guidance on the year 2000 and
providing assistance to DOD components, such as DLA, (2) DLA's
headquarters, and (3) DLA's Systems Design Center, which develops and
maintains the agency's standard automated information systems. 

To discuss OASD(C3I) efforts in providing Year 2000 support to DLA,
we met with the Deputy Assistant Secretary for Command, Control, and
Communications; the Principal Director for Information Management;
the Director for Information Technology; and the OASD(C3I) Point of
Contact for Year 2000.  We reviewed the OASD(C3I)'s Year 2000
guidance and other documentation on Year 2000 funding, reporting, and
date format requirements. 

To assess DLA headquarters efforts to correct the Year 2000 computer
problem, we (1) met with DLA's Chief Information Officer (CIO),
Deputy CIO, Chief of the Customer Support Team, headquarters Year
2000 lead official, and a headquarters Year 2000 Test and Evaluation
Support Team official, (2) analyzed documents issued by these offices
that describe organizational structure and responsibilities for
carrying out DLA's Year 2000 efforts, and analyzed business
requirements, resource management, and DLA's automated information
systems, and (3) reviewed the DLA CIO's Year 2000 compliance
directive\3 that provides guidance and direction and assigns
responsibility to the DLA Systems Design Center and all other DLA
components. 

We also assessed Year 2000 efforts being carried out by DLA's Systems
Design Center located in Columbus, Ohio.  At the Center, we
interviewed (1) the Deputy Commander, Deputy Director for Corporate
Administration, Executive Director of Product Management, and the DLA
Systems Design Center's Year 2000 Program Manager and (2) product
managers for two of DLA's largest automated information systems--the
Mechanization of Contract Administration Services (MOCAS) and the
Standard Automated Materiel Management System (SAMMS).  We analyzed
the Center's documentation on its Year 2000 strategy, implementation
status, test and evaluation, certification, and resource allocation
and its report on pilot studies.  In addition, we reviewed documents
describing systems' platforms;\4 languages;\5 databases; date
formats; and other Year 2000 information relevant to DLA's automated
information systems. 

We performed our work primarily at DLA Headquarters at Fort Belvoir,
Virginia; the DLA Systems Design Center in Columbus, Ohio; and the
Office of the Assistant Secretary of Defense for Command, Control,
Communications, and Intelligence at Arlington, Virginia.  We
conducted our work between November 1996 and July 1997, in accordance
with generally accepted government auditing standards. 

The Department of Defense provided written comments on a draft of
this report.  These comments are discussed in the "Agency Comments
and Our Evaluation" section and are reprinted in appendix I. 


--------------------
\1 Year 2000 Computing Crisis:  An Assessment Guide (Exposure Draft)
(GAO/AIMD-10.1.14, February 1997). 

\2 Department of Defense Year 2000 Management Plan (Version 1.0,
April 1997). 

\3 Directive Memorandum from Thomas J.  Knapp, DLA CIO, to DLA
Components/Business Areas, Subject:  CIO Letter 96-7, DLA Information
Systems Year 2000 Compliance, dated August 7, 1996. 

\4 Any configuration of hardware and software used in computer
processing. 

\5 A set of alphabetic, numeric, and symbolic character elements used
with a rule structure to communicate between people and machines. 


   BACKGROUND
------------------------------------------------------------ Letter :3

Defense logistics is the acquisition, management, distribution, and
maintenance of DOD materiel inventory, consumable items, and some
replacement parts used for sustaining the readiness of ships,
aircraft, tanks, and other weapon systems, as well as supporting
military personnel.  As DOD's logistics manager for consumable items,
DLA is responsible for a range of complex and important DOD
operations, including providing supply support, contract
administration services, and technical and logistics services to all
branches of the military and to civilian agencies.  DLA reported in
1997 that these operations involve processing more than 20 million
supply requisitions a year, which result in more than $11 billion in
sales annually; managing more than 380,000 prime contracts valued at
more than $950 billion and involving 24,000 contractors; and
coordinating 31 million transactions involving receiving, storing,
and issuing of materiel. 

Like all large businesses, DLA relies heavily on computer systems to
carry out these operations.  Most of these systems are vulnerable to
the Year 2000 problem.  The Year 2000 problem is rooted in the way
dates are recorded and computed in automated information systems. 
For the past several decades, systems have typically used two digits
to represent the year, such as "97" representing 1997, in order to
conserve on electronic data storage and reduce operating costs.  With
this two-digit format, however, the year 2000 is indistinguishable
from 1900, or 2001 from 1901.  As a result of this ambiguity, system
or application programs that use dates to perform calculations,
comparisons, or sorting may generate incorrect results. 

Should DLA's computer systems fail because of the Year 2000 problem,
Defense logistics operations could be affected by the incorrect
processing of inventory and contracts, corrupted databases, or even
massive system failures.  For example, if a system is corrupted with
bad data, is not compliant on time, or fails, it could result in
shortages of critical items needed to sustain military operations and
readiness--such as food, fuel, medical supplies, clothing, spare and
repair parts, and support for over 1,400 weapons systems. 

In addressing the Year 2000 problem, DLA also must consider the
hundreds of computer systems that interface with, or connect to, its
own systems.  These systems belong to the military services, DOD
components, and other federal agencies that DLA does business with,
and they play a critical role in carrying out logistics services. 
For example, supply orders originating from the military services are
filled and payments to contractors are made with the help of these
interfaces.  The systems that interface with DLA systems are just as
vulnerable to the Year 2000 problem as DLA's own systems. 

In February 1997, we published the Year 2000 Computing Crisis:  An
Assessment Guide,\6 which addresses common issues affecting most
federal agencies and presents a structured approach and a checklist
to aid in planning, managing, and evaluating Year 2000 programs.  The
guidance is consistent with DOD's Year 2000 Management Plan.\7 The
guide describes five phases--supported by program and project
management activities--with each phase representing a major Year 2000
program activity or segment.  The phases and a description of what
each entails follows. 

  -- Awareness:  Define the Year 2000 problem and gain
     executive-level support and sponsorship.  Establish a Year 2000
     program team and develop an overall strategy.  Ensure that
     everyone in the organization is fully aware of the issue. 

  -- Assessment:  Assess the Year 2000 impact on the enterprise. 
     Identify core business areas and processes, inventory and
     analyze systems supporting the core business areas, and
     prioritize their conversion or replacement.  Develop plans to
     handle data exchange issues, lack of data, and bad data. 
     Identify and secure the necessary resources. 

  -- Renovation:  Convert, replace, or eliminate selected platforms,
     applications, databases, and utilities.  Modify interfaces. 

  -- Validation:  Test, verify, and validate converted or replaced
     platforms, applications, databases, and utilities.  Test the
     performance, functionality, and integration of converted or
     replaced platforms, applications, databases, utilities, and
     interfaces in an operational environment. 

  -- Implementation:  Implement converted or replaced platforms,
     applications, databases, utilities, and interfaces.  Implement
     data exchange contingency plans, if necessary. 

In addition to following the five phases described, a Year 2000
program should also be planned and managed as a single, large
information system development effort.  Agencies should promulgate
and enforce good management practices at the program and project
levels. 


--------------------
\6 GAO/AIMD-10.1.14, February 1997. 

\7 Version 1.0, April 1997. 


   CURRENT STATUS OF DLA YEAR 2000
   EFFORTS
------------------------------------------------------------ Letter :4

DLA reported to us in February 1997 that it completed the awareness
and assessment phases in December 1996 and is now engaged in
renovation, validation, and implementation phase activities.  DLA's
target date for having all its programs Year 2000 compliant and in
production is December 1998.  According to DLA, it will cost about
$27 million to address the Year 2000 problem.  In June 1997, DLA
reported that of the 86 automated information systems projected to be
operational after the Year 2000,\8 DLA reported that 19 were in the
renovation phase, 30 were in the validation phase, and 37 were in the
implementation phase.  The systems projected to be operational after
the Year 2000 contain approximately 39 million lines of code.  A
breakdown of DLA's systems is shown in figure 1. 

   Figure 1:  Reported Status of
   Year 2000 Efforts for DLA
   Systems as of June 1997

   (See figure in printed
   edition.)

Note:  Local unique applications/programs are not included in this
status. 

Source:  DLA.  We did not independently verify this information. 

DLA has assigned its CIO the responsibility of planning, managing,
and executing the DLA Year 2000 program.  The DLA Systems Design
Center, which is responsible for developing and maintaining DLA
automated information systems, has overall program management
responsibility for Year 2000-related efforts.  The Center, which
reports to the CIO, has established a Year 2000 program office and
designated a program manager.  The Center has taken the following
actions as part of its efforts to address the Year 2000 problem: 

  -- developed a detailed Year 2000 plan;

  -- conducted a Year 2000 impact assessment, which identified the
     number of systems owned by DLA and the lines of code associated
     with those systems;

  -- estimated which mainframe, mid-tier processors, and desktop
     computers would still be in use by the year 2000;

  -- conducted pilot projects with DLA's major automated information
     systems, including SAMMS, MOCAS, Defense Integrated Subsistence
     Management System, and Defense Fuels Automated Management
     System, to assess potential Year 2000 impact on these systems;
     and

  -- developed Year 2000 policies, guidelines, standards, and
     recommendations for the agency. 

In addition, DLA has entered its mission-critical systems into the
DOD's Defense Integration Support Tools (DIST) database.  This is a
database that DOD uses to track its information systems and plans to
use to facilitate the Year 2000 effort departmentwide.  Center
officials also told us that they are tracking their information
systems through a database created and maintained by the Center. 

Most of fiscal year 1999 is expected to be used for final system
testing.  DLA has drafted a Test and Evaluation Master Plan and
formulated detailed testing plans.  For most of the systems,
individual business area managers and technical staff will be
responsible for testing and certifying that tests have been
completed. 

During the assessment phase, DLA decided that it would use a sliding
window technique\9 to modify most of its systems so that they can
operate correctly after the year 2000.  DLA decided on this technique
because it allows the information system to retain the two-digit year
format and requires less time, fewer resources to implement, and
reduced risk.  However, coordination between interface partners is
necessary to ensure that each partner understands how to interpret
the two-digit year for determining the century. 

DLA has configuration management procedures and configuration control
boards both at its headquarters and its Systems Design Center to
ensure that Year 2000 efforts receive appropriate configuration
management.\10 DLA's configuration management procedures and
configuration control boards are intended to ensure that all changes
to information systems and their components are properly documented
and managed. 

DLA has recently reported that it has already experienced Year
2000-related problems in its automated information systems.  For
example, SAMMS incurred a serious Year 2000-related error when it
erroneously deactivated 90,000 inventoried items based on an
erroneous date calculation.  According to DLA, it took 400 work hours
to correct the error.  Part of the correction effort involved
preventing the erroneous catalog action transactions from being
propagated to the military services and correcting the SAMMS program
in order to prevent future problems.  DLA reported that the impact of
not addressing the Year 2000 problem for SAMMS would be catastrophic
and would seriously hamper DLA's mission to deliver materiel in a
timely manner. 


--------------------
\8 DLA currently has 86 automated information systems.  It expects to
retire 15 of these systems before the Year 2000, and, at the time of
our review, it had not yet decided whether to retire or correct three
systems. 

\9 For purposes of renovating noncompliant systems, DOD has
identified three strategies:  field expansion, procedural code, and
sliding window.  Field expansion increases the size of the year field
generally from two-digit to four-digit.  Procedural code and sliding
window derive the correct century based on the two-digit year; for
example, any year smaller than 50 is a Year 2000 date and years 50 or
greater are identified as 1900 dates. 

\10 Configuration management is the continuous control of changes
made to a system's hardware, software, and documentation throughout
the development and operational life of the system. 


   KEY ISSUES NEED PROMPT
   ATTENTION FOR DLA TO SOLVE ITS
   YEAR 2000 PROBLEM
------------------------------------------------------------ Letter :5

DLA has taken some good steps in addressing the Year 2000 problem. 
However, the agency is moving forward into renovation, testing, and
validation--the more difficult and complex phases of Year 2000
correction--without addressing some very critical steps associated
with the assessment phase.  These include (1) ensuring consistency in
handling date information passed among systems, (2) incorporating
thousands of locally developed, unique applications in the Year 2000
systems inventory and assigning responsibility to the DLA Systems
Design Center's Year 2000 program office for ensuring that the unique
applications are Year 2000 compliant, (3) prioritizing systems for
correction, and (4) developing contingency plans.  If these issues
are not promptly addressed, DLA may well negate any success it may
have in making systems within its control Year 2000 compliant, and it
will hamper its ability to deal with unanticipated problems and
delays.  Given DLA's role in supplying the military services and
supporting other federal agencies, it cannot afford this risk. 


      DLA NEEDS TO COMMUNICATE
      WITH EXTERNAL INTERFACE
      PARTNERS
---------------------------------------------------------- Letter :5.1

DLA's information systems interface with, or connect to, hundreds of
computer systems belonging to the military services, DOD components,
contractors, and other federal agencies that DLA does business with. 
Because these systems are also vulnerable to Year 2000 problems, they
can introduce and/or propagate errors into DLA systems. 

In considering these potential problems, our assessment guide, as
well as DOD's Year 2000 management plan and private sector Year 2000
experts, stress that it is extremely important for organizations to
invest time and effort in interface issues.  This is especially
critical for those agencies like DLA that are heavily dependent on
system interfaces to carry out their operations.  As two experts on
the Year 2000 problem recently noted, "Today's businesses and
government agencies have developed an integrated [interdependence]
through their information systems and computer-controlled processes. 
If one falters, there is a rapidly cascading effect on many other
stakeholders.  Failure to address this integrated [interdependence]
will compromise many Year 2000 projects."\11

For the most part, DLA is not changing the two-digit date formats
that their systems use to send and receive information.  DLA
officials told us most of their interface partners will continue
using the date formats they have always used.  DLA plans to use
filters, such as firewall protection\12 to prevent the receipt of
erroneous data into their systems.  DLA has also assigned
responsibility for interface control to the individual system level,
but it has not required system managers to execute written interface
agreements for all of their system interfaces. 

We believe that DLA needs to communicate its interface plans to its
customers and contractors so that its data exchange partners will be
aware of DLA's plans and can alert the agency to possible conflicts
with their own plans.  This is consistent with DOD's management plan
and our Year 2000 assessment guide, which included written
notification of Year 2000 changes to interface partners as a step
toward Year 2000 compliance because it enables the agency and its
partners to agree early on such matters as format changes, schedules,
or the need for data bridges.  According to the DOD plan, this
notification can take the form of Memorandums of Agreement or the
equivalent.  In not placing more attention on communicating with its
external interface partners, DLA is increasing the risk of
discovering too late in the Year 2000 effort that an interfacing
system will not be able to accommodate the agency's own Year 2000
changes.  Changes would have to be made on short notice rather than
in a planned manner.  In turn, this could result in incorrect system
performance, including significant interface backlogs, rejection of
faulty data from noncompliant systems, and/or the introduction of
errors into DLA systems. 


--------------------
\11 Datamation, "Year 2000:  The Domino Effect" by Leland G.  Freeman
and C.  Lawrence Meador, January 1997. 

\12 Firewalls are defensive coding and interface presentation used to
ensure that users or external systems cannot damage an internal
system. 


      UNIQUE APPLICATIONS NEED
      MORE ATTENTION
---------------------------------------------------------- Letter :5.2

DLA has thousands of unique applications, which are nonstandard,
field-developed programs that download and process data from various
DLA standard systems.  For example, DLA has told us that more than
3,300 active SAMMS unique applications were found in 1995.  Some of
these applications transmit data back to DLA's standard systems.  As
a result, the unique applications have the potential to introduce and
propagate errors into DLA systems much like the external interfaces
do.  To date, however, these applications have not been included in
DLA's information system inventory, primarily because these systems
are not under the control of DLA's Systems Design Center.  Instead,
DLA is placing responsibility for Year 2000 corrections on the unique
application owners. 

We believe that DLA's plans with respect to these unique applications
leave the agency exposed to a host of problems as it moves into the
next century.  First, in relying on the owners of the unique
applications to make Year 2000 corrections and by not having a
complete inventory of these applications, DLA cannot adequately
ensure that all the applications will be compliant before the Year
2000 deadline.  Second, it will have difficulty ensuring that
interfaces between the unique applications and the larger standard
systems are properly identified and handled.  Third, inventorying
these programs and assigning responsibility for ensuring progress in
their correction would also help DLA raise awareness of potential
Year 2000 problems and operational impact to the managers of these
unique applications. 


      DLA HAS NOT PRIORITIZED ITS
      SYSTEMS
---------------------------------------------------------- Letter :5.3

An important aspect of Year 2000 correction is prioritizing which
systems have the highest impact on an agency's mission and thus need
to be corrected first.  This helps an agency ensure that the most
vital systems are not treated the same as systems that have little to
do with the agency's core business.  However, DLA's Systems Design
Center officials told us that they do not believe that they need to
prioritize their systems for correction because they must succeed in
correcting all their major systems by the Year 2000 deadline.  They
also told us that each of their customers believes that its system is
the most important. 

Our Year 2000 guide and DOD's plan both highlight the importance of
prioritization of system conversions and replacements.  DLA needs to
do systems prioritization and to continually revisit its systems
prioritization strategy to assure the most current appraisal of
systems importance and vulnerability estimates are being used.  An
adequate systems prioritization will help to lower the risk of
failure for the most strategically important systems in case of
unexpected delays or other problems encountered during DLA's Year
2000 effort. 


      YEAR 2000 CONTINGENCY PLANS
      NEEDED FOR DLA'S MISSION
      CRITICAL SYSTEMS
---------------------------------------------------------- Letter :5.4

DOD's Year 2000 Management Plan and our Year 2000 Assessment Guide
call on agencies to develop realistic contingency plans during the
assessment phase for critical systems and activities to ensure the
continuity of their core business processes.  Contingency plans are
important because they identify the manual or fallback procedures to
be employed should some critical systems miss their Year 2000
deadline.  They also establish a series of checkpoints that allow the
agency to identify performance problems early enough to correct them. 

DLA currently has no Year 2000 contingency plans.  Systems Design
Center officials told us that they expect all their systems to meet
their Year 2000 deadline and, for that reason, contingency plans are
not needed.  While DLA has progressed in its Year 2000 effort, there
is no guarantee that the initiative will be completed on time or be
free of unforeseen problems. 

The potential for problems resulting from the lack of contingency
plans is already evident with DLA's plans to replace two legacy
systems, Defense Fuels Automated Management System (DFAMS) and
Automated Voucher Examination and Disbursement System (AVEDS), with a
new Fuels Automated System (FAS) in October 1997.  DLA's Systems
Design Center expressed concern as early as November 1996 that FAS
fielding slippage, the inherent risk of implementing any major level
system on time, and the long development time that would be required
to convert DFAMS to be Year 2000 compliant, increase the risk
associated with FAS not being ready by the October 1998 target.  A
recent progress review of FAS revealed a completion slippage of 4 to
5 months. 

According to the Center's Year 2000 plan for its fuel system, if the
new fuel system fails to operate, DLA will be unable to manage its $5
billion a year fuel commodity operations and perform related business
processes.  The Center stated that "this would result in serious
mission and financial impacts.  .  .[including] the inability to
establish contracts, perform billing and payment functions, and
manage the inventory." Nevertheless, project managers of the two
legacy systems are resisting investing money in the two legacy
systems Year 2000 compliance because they believe that FAS will be
delivered on time. 

While the Center has acknowledged the risks involved if its fuel
system fails to operate properly, it still has not developed
contingency plans for the fuel related information systems.  Given
the dangers associated with not having contingency plans, we believe
DLA needs to promptly develop contingency plans, especially for its
most critical systems, so that it can establish a fallback position
in case of emergencies. 


   CONCLUSIONS
------------------------------------------------------------ Letter :6

The military services and DOD components count on DLA to provide
critical logistics services, including supplying their food, fuel,
medical supplies, and clothing, as well as the support for over 1,400
weapon systems.  Other federal agencies also rely on DLA to manage
nearly a trillion dollars worth of contracts.  However, DLA is
unnecessarily putting its Year 2000 strategy at risk of failure
because it has not yet taken the fundamental steps associated with
ensuring that the proper date information is passed between systems. 
DLA must address interface issues, prioritize its systems, and plan
for contingencies so that supply management, distribution, contract
management, and other DLA operations are not disrupted. 


   RECOMMENDATIONS
------------------------------------------------------------ Letter :7

We recommend that you take the following actions: 

  -- Require the completion of signed, written interface agreements
     between DLA and its interface partners that describe the method
     of data exchange between interfacing systems, the entity
     responsible for performing the system interface modification,
     and milestones identifying when the modification is to be
     completed. 

  -- Require that DLA's business managers work with the DLA CIO to
     (1) ensure that mission-related unique applications/systems are
     included in the Year 2000 inventory, (2) determine if the year
     2000 is an issue for each system, and (3) assign responsibility
     to DLA Systems Design Center's Year 2000 program office for
     ensuring that all inventoried unique systems are made compliant
     by December 31, 1999. 

  -- Require that the DLA CIO, the Chief of Customer Support Team,
     and the DLA Systems Design Center Commander develop a Year 2000
     systems prioritization, in conjunction with respective systems'
     customers. 

  -- For standard systems under control of the Systems Design Center,
     require that the DLA CIO, the Chief of Customer Support Team,
     and the Center Commander, in coordination with respective
     systems' customers, develop and issue contingency plans for all
     critical systems. 


   AGENCY COMMENTS AND OUR
   EVALUATION
------------------------------------------------------------ Letter :8

The Department of Defense provided written comments on a draft of
this report.  DOD concurred with our recommendation on interface
agreements and contingency plans, and partially concurred with our
recommendation on unique applications.  DOD did not concur with our
recommendation on systems prioritization.  Defense's response to this
report is summarized below, along with our evaluation. 

DOD concurred with our recommendation on interface agreements.  DLA
is in the process of ensuring that documented agreements are prepared
for all interfaces requiring changes between their interface
partners.  DLA appears to be making good progress in this area.  Its
continued emphasis will be important to ensure that all parties agree
on format changes, are aware of what interface changes will occur,
and know the schedules for when changes will occur. 

DOD also concurred with our recommendation to prepare contingency
plans for DLA's critical systems requiring Year 2000 conversion and
indicated that DLA's initial contingency plans are to be prepared by
October 1997.  We are encouraged by DLA's intent to begin preparing
contingency plans within each business area.  We urge DLA to complete
these plans by its October 1997 deadline to ensure uninterrupted
service should some critical systems fall behind in meeting their
Year 2000 deadline. 

DOD partially concurred with our recommendation that the DLA CIO
ensure that mission-related unique applications/systems be included
in the agency's Year 2000 inventory, determine if Year 2000 date
problems exist in these applications/systems, and assign
responsibility for correcting the unique applications to DLA's Year
2000 program office at the Defense Systems Design Center.  DOD
disagreed with our recommended method of assuring that the unique
applications are corrected within an appropriate time frame.  Rather,
DLA is relying on its Year 2000 Program Manager to coordinate
reporting of compliance and has assigned the responsibility for
performing the corrective actions to the numerous business areas and
field activities.  The DLA Year 2000 Program Manager is also to track
the status reported by the business areas. 

We agree with DLA's decision to include the unique
applications/systems in its Year 2000 inventory and require their
correction status to be coordinated through the DLA Year 2000 Program
Manager.  However, we are concerned that DLA's Year 2000 Program
Manager does not have the necessary resources to ensure that
appropriate tasks are scheduled, adequate resources applied, and
corrective actions completed on time.  Oversight of Year 2000 project
management functions for unique applications/systems could be more
effectively carried out by the DLA Program Manager in conjunction
with a DLA organization that actually performs these functions as its
primary mission, such as the Year 2000 program office within the DLA
Systems Design Center.  DLA's headquarters Year 2000 Program Manager
would then have a higher level of assurance that the unique
applications/systems would be corrected on time.  DLA cannot afford
the inherent risk of unique applications/systems corrupting their
standard systems if a high degree of compliance quality assurance and
oversight is not exercised, in lieu of merely reporting and
coordinating. 

DOD did not concur with our recommendation for a systems
prioritization plan.  DOD believes that DLA's planning efforts and
strategy for renovating its systems are adequate and that DLA has
adequately prioritized its mission critical systems.  In responding
to a draft of this report, DLA officials told us that each business
area within the agency had prepared a prioritized systems list that
would be used in correcting Year 2000 date problems.  We remain
concerned that without an agencywide system priority list linked with
the execution priorities of the agency's Year 2000 plan, DLA's
business area managers will continue to view their own systems as
most important to the agency.  Today, DLA lacks a Year 2000 date
correction plan that clearly identifies an integrated approach
describing DLA-wide systems priorities in the order of criticality to
the Defense missions assigned to the agency, and how corrections will
be made commensurate with these priorities.  Such a plan will be
necessary should completion target dates for the many DLA systems
slip as the Year 2000 deadline draws near. 


---------------------------------------------------------- Letter :8.1

We appreciate the courtesy and cooperation extended to our audit team
by DLA officials and staff.  Within 60 days of the date of this
letter, we would appreciate receiving a written statement on actions
taken to address these recommendations.  We are providing copies of
this letter to the Chairman and Ranking Minority Member of the Senate
Committee on Governmental Affairs; the Chairmen and Ranking Minority
Members of the Subcommittee on Oversight of Government Management,
Restructuring and the District of Columbia, Senate Committee on
Governmental Affairs, and the Subcommittee on Government Management,
Information and Technology, House Committee on Government Reform and
Oversight; the Honorable Thomas M.  Davis, III, House of
Representatives; the Secretary of Defense; the Deputy Secretary of
Defense; the Under Secretary of Defense for Acquisition and
Technology; the Acting Under Secretary of Defense (Comptroller); the
Acting Assistant Secretary of Defense for Command, Control,
Communications and Intelligence; and the Director of the Office of
Management and Budget.  Copies will be made available to others upon
request. 

If you have any questions on matters discussed in this letter, please
call me at (202) 512-6240 or Carl M.  Urie, Assistant Director, at
(202) 512-6231.  Major contributors to this report are listed in
appendix II. 

Sincerely yours,

Jack L.  Brock, Jr.
Director, Defense Information and
 Financial Management Systems




(See figure in printed edition.)Appendix I
COMMENTS FROM THE DEPARTMENT OF
DEFENSE
============================================================== Letter 



(See figure in printed edition.)



(See figure in printed edition.)



(See figure in printed edition.)


MAJOR CONTRIBUTORS TO THIS REPORT
========================================================== Appendix II

ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION, WASHINGTON,
D.C. 

Carl M.  Urie, Assistant Director
Keith A.  Rhodes, Technical Director
Madhav S.  Panwar, Technical Assistant Director
Alicia Loudis Sommers, Evaluator-in-Charge
Cristina T.  Chaplain, Communications Analyst

*** End of document. ***