High-Risk Series: Information Management and Technology (Letter Report,
02/01/97, GAO/HR-97-9).

In 1990, GAO began a special effort to identify federal programs at high
risk for waste, fraud, abuse, and mismanagement. GAO issued a series of
reports in December 1992 on the fundamental causes of the problems in
the high-risk areas; it followed up on the status of these areas in
February 1995. This, GAO's third series of high-risk reports, revisits
these troubled government programs and designates five additional areas
as high-risk (defense infrastructure, information security, the year
2000 problem, supplemental security income, and the 2000 decennial
census), bringing to 25 the number of high-risk programs on GAO's list.
The high-risk series includes an overview, a quick reference guide, and
12 individual reports. The high-risk series may be ordered as a full
set, a two-volume package including the overview and the quick reference
guide, or as 12 separate reports describing in detail these vulnerable
government programs. GAO summarized the high-risk series in testimony
before Congress (GAO/T-HR-97-22).

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  HR-97-9
     TITLE:  High-Risk Series: Information Management and Technology
      DATE:  02/01/97
   SUBJECT:  Private sector practices
	     Y2K
	     Congressional oversight
	     Computer security
	     Data integrity
	     ADP procurement
	     Risk management
	     Systems design
	     Systems conversions
	     Strategic information systems planning
IDENTIFIER:  High Risk Series 1997
	     IRS Tax System Modernization Program
	     FAA Air Traffic Control Modernization Program
	     NWS Modernization Program
	     DOD Corporate Information Management Initiative
	     IRS Compliance 2000 Initiative
	     GAO High Risk Program
	     FAA Advanced Automation System
	     CIM
	     DOD Defense Entitlement Eligibility Report System
	     TSM

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
ai99234t A Testimony Before the Subcommittee on Government
Management, Information and Technology, Committee on Government
Reform, House of Representatives

For Release on Delivery Expected at

YEAR 2000 COMPUTING 9 a. m. EDT Friday,

CHALLENGE July 9, 1999

Important Progress Made, Yet Much Work Remains to Avoid Disruption
of Critical Services Statement of Joel C. Willemssen Director,
Civil Agencies Information Systems Accounting and Information
Management Division

Mr. Chairman and Members of the Subcommittee: Thank you for
inviting us to participate in today's hearing on the Year 2000
problem. According to the report of the President's Commission on
Critical Infrastructure Protection, the United States-- with close
to half of all

computer capacity and 60 percent of Internet assets-- is the
world's most advanced and most dependent user of information
technology. 1 Should these systems-- which perform functions and
services critical to our nation-- suffer problems, it could create
widespread disruption. Accordingly, the upcoming change of century
is a sweeping and urgent challenge for public- and private- sector
organizations alike.

Because of its urgent nature and the potentially devastating
impact it could have on critical government operations, in
February 1997 we designated the Year 2000 problem a high- risk
area for the federal government. 2 Since that time, we have issued
over 120 reports and testimony statements detailing specific
findings and numerous recommendations related to the Year 2000
readiness of a wide range of federal agencies. 3 We have also
issued guidance to help organizations successfully address the
issue. 4 Today I will highlight the Year 2000 risks facing the
nation, discuss the federal government's progress and challenges
that remain in correcting its system, identify state and local
government Year 2000 issues, and provide

an overview of available information on the readiness of key public infrastructure and economic sectors. 1 Critical Foundations: Protecting America's Infrastructures (President's Commission on Critical Infrastructure Protection, October 1997). 2 High- Risk Series: Information Management and Technology (

GAO/HR-97-9
, February 1997). 3 A list of these publications is included as an attachment to this statement. These publications can be obtained through GAO's World Wide Web page at www. gao. gov/ y2kr. htm.
an overview of available information on the readiness of key
public infrastructure and economic sectors. 1 Critical
Foundations: Protecting America's Infrastructures (President's
Commission on Critical Infrastructure Protection, October 1997). 2
High- Risk Series: Information Management and Technology (
GAO/HR-97-9 , February 1997). 3 A list of these publications is
included as an attachment to this statement. These publications
can be obtained through GAO's World Wide Web page at www. gao.
gov/ y2kr. htm.

4 Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD- 10.
1. 14, issued as an exposure draft in February 1997 and in final
form in September 1997), which addresses the key tasks needed to
complete each phase of a Year 2000 program (awareness, assessment,
renovation, validation, and implementation); Year 2000 Computing
Crisis: Business Continuity and Contingency Planning (GAO/ AIMD-
10.1.19, issued as an exposure draft in March 1998 and in final
form in August 1998), which describes the tasks needed to ensure
the continuity of agency operations; and Year 2000 Computing
Crisis: A Testing Guide (GAO/ AIMD- 10.1.21, issued as an exposure
draft in June 1998 and in final form in November 1998), which
discusses the need to plan and conduct Year 2000 tests in a
structured and disciplined fashion.

The Public Faces Risk The public faces the risk that critical
services provided by the government of Year 2000 and the private
sector could be severely disrupted by the Year 2000 computing
problem. Financial transactions could be delayed, flights
Disruptions grounded, power lost, and national defense affected.
Moreover, America's infrastructures are a complex array of public
and private enterprises with many interdependencies at all levels.
These many interdependencies among governments and within key
economic sectors could cause a single failure to have adverse
repercussions in other sectors. Key sectors that

could be seriously affected if their systems are not Year 2000
compliant include information and telecommunications; banking and
finance; health, safety, and emergency services; transportation;
power and water; and manufacturing and small business.

The following are examples of some of the major disruptions the
public and private sectors could experience if the Year 2000
problem is not corrected.  With respect to aviation, there could
be grounded or delayed flights, degraded safety, customer
inconvenience, and increased airline costs. 5  Aircraft and other
military equipment could be grounded because the

computer systems used to schedule maintenance and track supplies
may not work. Further, the Department of Defense could incur
shortages of vital items needed to sustain military operations and
readiness. 6  Medical devices and scientific laboratory equipment
may experience

problems beginning January 1, 2000, if their software applications
or embedded chips use two- digit fields to represent the year.
Recognizing the seriousness of the Year 2000 problem, on February
4, 1998, the President signed an executive order that established
the President's Council on Year 2000 Conversion, chaired by an
Assistant to the President and consisting of one representative
from each of the executive departments and from other federal
agencies as may be determined by the Chair. The Chair of the
Council was tasked with the following Year 2000

roles: (1) overseeing the activities of agencies, (2) acting as
chief spokesperson in national and international forums, (3)
providing policy 5 FAA Systems: Serious Challenges Remain in
Resolving Year 2000 and Computer Security Problems (GAO/T-AIMD-98-
251, August 6, 1998). 6 Defense Computers: Year 2000 Computer
Problems Threaten DOD Operations (GAO/AIMD-98-72, April 30, 1998).

coordination of executive branch activities with state, local, and
tribal governments, and (4) promoting appropriate federal roles
with respect to private- sector activities.

Improvements Made Addressing the Year 2000 problem is a tremendous
challenge for the federal But Much Work government. Many of the
federal government's computer systems were

originally designed and developed 20 to 25 years ago, are poorly
Remains

documented, and use a wide variety of computer languages, many of
which are obsolete. Some applications include thousands, tens of
thousands, or even millions of lines of code, each of which must
be examined for date- format problems. To meet this challenge and
monitor individual agency efforts, the Office of Management and
Budget (OMB) directed the major departments and agencies to submit
quarterly reports on their progress, beginning May 15, 1997. These
reports contain information on where agencies stand with respect
to the assessment, renovation, validation, and implementation of
mission- critical systems, as well as other management information
on items such as costs and business continuity and contingency
plans. The federal government's most recent reports show
improvement in addressing the Year 2000 problem. While much work
remains, the federal government has significantly increased its
percentage of mission- critical systems that are reported to be
Year 2000 compliant, as chart 1 illustrates. In particular, while
the federal government did not meet its goal of having

all mission- critical systems compliant by March 1999, as of mid-
May 1999, 93 percent of these systems were reported compliant.

Figure 1: Mission- Critical Systems ReportedYear 2000 Compliant,
May 1997-- May 1999

100% 93%

90% 79% 80%

70% 61%

60% 50%

50% 40%

40% 35%

27% 30%

21% 19% 20%

10% 0%

May- 97 Aug- 97 Nov- 97 Feb- 98 May- 98 Aug- 98 Nov- 98 Feb- 99
May- 99 Source: May 1997-- May 1999 data are from the OMB
quarterly reports. While this reported progress is notable, OMB
reported that 10 agencies have mission- critical systems that were
not yet compliant. 7 In addition, as we testified in April, some
of the systems that were not yet compliant

support vital government functions. 8 For example, some of the
systems that were not compliant were among the 26 mission-
critical systems that the Federal Aviation Administration (FAA)
has identified as posing the greatest risk to the National
Airspace System the network of equipment, facilities, and
information that supports U. S. aviation operations.

Additionally, not all systems have undergone an independent
verification and validation process. For example, in April 1999
the Department of Commerce awarded a contract for independent
verification and validation reviews of approximately 40 mission-
critical systems that support that 7 The 10 agencies were the
departments of Agriculture, Commerce, Defense, Energy, Health and
Human Services, Justice, Transportation, Treasury; the National
Aeronautics and Space Administration; and the U. S. Agency for
International Development. 8 Year 2000 Computing Challenge:
Federal Government Making Progress But Critical Issues Must Still
Be Addressed to Minimize Disruptions (GAO/T-AIMD-99-144, April 14,
1999).

department's most critical business processes. These reviews are
to continue through the summer of 1999. In some cases, independent
verification and validation of compliant systems have found
serious problems. For example, as we testified this past February,
9 none of 54 external mission- critical systems of the Health Care
Financing Administration reported by the Department of Health and
Human Services (HHS) as compliant as of December 31, 1998, was
Year 2000 ready, based on serious qualifications identified by the
independent verification and validation contractor. Reviews Show
Uneven  In March we testified that FAA had made tremendous
progress over the Federal Agency Progress

prior year. 10 However, much remained to be done to complete
validating and implementing FAA's mission- critical systems.
Specifically, the challenges that FAA faced included (1) ensuring
that systems validation efforts were adequate, (2) implementing
multiple systems at numerous facilities, (3) completing data
exchange efforts, and (4) completing

end- to- end testing. Because of the risks associated with FAA's
Year 2000 program, we have advocated that the agency develop
business continuity and contingency plans. 11 FAA agreed and has
activities underway, which we are currently reviewing.  In May we
testified 12 that the Department of Education had made progress
toward addressing the significant risks we had identified in
September 1998 13 related to systems testing, exchanging data with
internal and external partners, and developing business continuity
and contingency plans. Nevertheless, work remained ongoing in
these

areas. For example, Education had scheduled a series of tests with
its data exchange partners, such as schools, through the early
part of the fall. 9 Year 2000 Computing Crisis: Readiness Status
of the Department of Health and Human Services (GAO/T-AIMD-99-92,
February 26, 1999). 10 Year 2000 Computing Crisis: FAA Is Making
Progress But Important Challenges Remain (GAO/ T- AIMD/ RCED- 99-
118, March 15, 1999).

11 FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998),
GAO/T-AIMD-98-251, August 6, 1998, and GAO/ T- AIMD/ RCED- 99-
118, March 15, 1999. 12 Year 2000 Computing Challenge: Education
Taking Needed Actions But Work Remains (GAO/T-AIMD-99-180, May 12,
1999). 13 Year 2000 Computing Crisis: Significant Risks Remain to
Department of Education's Student Financial Aid Systems (GAO/T-
AIMD-98-302, September 17, 1998).

 Our work has shown that the Department of Defense and the
military services face significant problems. 14 In March we
testified that, despite considerable progress made in the
preceding 3 months, Defense was still well behind schedule. 15 We
found that Defense faced two significant challenges: (1)
completing remediation and testing of its mission- critical
systems and (2) having a reasonable level of assurance that key
processes will continue to work on a day- to- day basis and key
operational missions necessary for national defense can be
successfully accomplished. We concluded that such assurance could
only be provided if Defense took steps to improve its visibility
over the status of key business processes. End- to- End Testing
Must Be While it is important to achieve compliance for individual
mission- critical

Completed systems, realizing such compliance alone does not ensure
that business

functions will continue to operate through the change of century
the ultimate goal of Year 2000 efforts. The purpose of end- to-
end testing is to verify that a defined set of interrelated
systems, which collectively support an organizational core
business area or function, will work as intended in an operational
environment. In the case of the year 2000, many systems in the
end- to- end chain will have been modified or replaced. As a
result, the scope and complexity of testing--- and its importance-
- are dramatically increased, as is the difficulty of isolating,
identifying, and correcting problems. Consequently, agencies must
work early and continually with their data exchange partners to
plan and execute effective end- to- end tests. (Our Year 2000
testing guide sets forth a structured approach to testing,
including end- to- end testing. 16 )

In January we testified that with the time available for end- to-
end testing diminishing, OMB should consider, for the government's
most critical functions, setting target dates, and having agencies
report against them, for the development of end- to- end test
plans, the establishment of test

14 Defense Computers: Year 2000 Computer Problems Put Navy
Operations at Risk (GAO/AIMD-98-150, June 30, 1998); Defense
Computers: Army Needs to Greatly Strengthen Its Year 2000 Program
(GAO/AIMD-98-53, May 29, 1998); GAO/AIMD-98-72, April 30, 1998;
and Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998). 15 Year 2000
Computing Crisis: Defense Has Made Progress, But Additional
Management Controls Are Needed (GAO/T-AIMD-99-101, March 2, 1999).
16 GAO/ AIMD- 10.1.21, November 1998.

schedules, and the completion of the tests. 17 On March 31, OMB
and the Chair of the President's Council on Year 2000 Conversion
announced that one of the key priorities that federal agencies
will be pursuing during the

rest of 1999 will be cooperative end- to- end testing to
demonstrate the Year 2000 readiness of federal programs with
states and other partners. Agencies have also acted to address
end- to- end testing. For example, our March FAA testimony 18
found that the agency had addressed our prior concerns about the
lack of detail in its draft end- to- end test program plan and had
developed a detailed end- to- end testing strategy and plans. 19
At the Department of Defense, last month we reported 20 that the
department had

underway or planned hundreds of related Year 2000 end- to- end
test and evaluation activities and that, thus far, it was taking
steps to ensure that these related end- to- end tests were
effectively coordinated. However, we concluded that Defense was
far from successfully finishing its various Year

2000 end- to- end test activities and that it must complete
efforts to establish end- to- end management controls, such as
establishing an independent quality assurance program. Business
Continuity and

Business continuity and contingency plans are essential. Without
such Contingency Plans Are plans, when unpredicted failures occur,
agencies will not have well- defined Needed responses and may not
have enough time to develop and test alternatives. Federal
agencies depend on data provided by their business partners as
well as on services provided by the public infrastructure (e. g.,
power, water, transportation, and voice and data
telecommunications). One weak

link anywhere in the chain of critical dependencies can cause
major disruptions to business operations. Given these
interdependencies, it is imperative that contingency plans be
developed for all critical core

business processes and supporting systems, regardless of whether
these systems are owned by the agency. Accordingly, in April 1998
we

17 Year 2000 Computing Crisis: Readiness Improving, But Much Work
Remains to Avoid Major Disruptions (GAO/T-AIMD-99-50, January 20,
1999). 18 GAO/ T- AIMD/ RCED- 99- 118, March 15, 1999. 19 GAO/T-
AIMD-98-251, August 6, 1998. 20 Defense Computers: Management
Controls Are Critical To Effective Year 2000 Testing (GAO/AIMD-99-
172, June 30, 1999).

recommended that the Council require agencies to develop
contingency plans for all critical core business processes. 21 OMB
has clarified its contingency plan instructions and, along with
the Chief Information Officers Council, has adopted our business
continuity and contingency planning guide. 22 In particular, on
January 26, 1999, OMB called on federal agencies to identify and
report on the high- level core

business functions that are to be addressed in their business
continuity and contingency plans, as well as to provide key
milestones for development and testing of such plans in their
February 1999 quarterly reports. In addition, on May 13 OMB
required agencies to submit high- level versions of these plans by
June 15. According to an OMB official, OMB has received

almost all of the agency plans. This official stated that OMB
planned to review the plans, discuss them with the agencies,
determine whether there were any common themes, and report on the
plans' status in its next quarterly report.

To provide assurance that agencies' business continuity and
contingency plans will work if needed, on January 20 we suggested
that OMB may want to consider requiring agencies to test their
business continuity strategy and set a target date, such as
September 30, 1999, for the completion of this validation. 23 Our
review of the 24 major departments and agencies' May

1999 quarterly reports found 14 cases in which agencies did not
identify test dates for their business continuity and contingency
plans or reported test dates subsequent to September 30, 1999. On
March 31, OMB and the Chair of the President's Council announced
that completing and testing business continuity and contingency
plans as insurance against disruptions to federal service delivery
and operations from Year 2000- related failures will be one of the
key priorities that federal agencies will be pursuing through the
rest of 1999. Accordingly, OMB should implement our suggestion and
establish a target date for the

validation of these business continuity and contingency plans. 21
Year 2000 Computing Crisis: Potential for Widespread Disruption
Calls for Strong Leadership and Parternships (GAO/AIMD-98-85,
April 30, 1998). 22 GAO/ AIMD- 10.1.19, August 1998. 23 GAO/T-
AIMD-99-50, January 20, 1999.

Recent OMB Action Could While individual agencies have been
identifying and remediating

Help Ensure Business mission- critical systems, the government's
future actions need to be Continuity of High- Impact focused on
its high- priority programs and ensuring the continuity of these

Programs programs, including the continuity of federal programs
that are

administered by states. Accordingly, governmentwide priorities
need to be based on such criteria as the potential for adverse
health and safety effects, adverse financial effects on American
citizens, detrimental effects on national security, and adverse
economic consequences. In April 1998 we recommended that the
President's Council on Year 2000 Conversion establish
governmentwide priorities and ensure that agencies set agencywide
priorities. 24 On March 26, OMB implemented our recommendation by
issuing a memorandum to federal agencies designating lead agencies
for the government's 42 high- impact programs (e. g., food stamps,
Medicare, and federal electric power generation and delivery).
(OMB later added a 43rd high- impact program.) Appendix I lists
these programs and their lead agencies. For each program, the lead
agency was charged with identifying to OMB the partners integral
to program delivery; taking a leadership role in convening those
partners; assuring that each partner has an adequate Year 2000
plan and, if not, helping each partner without one; and developing
a plan to ensure that the program will operate effectively.
According to OMB, such a plan might include testing data exchanges
across partners, developing complementary business continuity and
contingency plans, sharing key information on readiness with other

partners and the public, and taking other steps necessary to
ensure that the program will work. OMB directed the lead agencies
to provide a schedule and milestones of key activities in the plan
by April 15. OMB also asked agencies to provide monthly progress
reports. As you know, we are currently reviewing agencies'
progress in ensuring the readiness of their

high- impact programs for this subcommittee. 24 GAO/AIMD-98-85,
April 30, 1998.

State and Local Just as the federal government faces significant
Year 2000 risks, so too do Governments Face state and local
governments. If the Year 2000 problem is not properly addressed,
for example, (1) food stamps and other types of payments may
Significant Year 2000 not be made or could be made for incorrect
amounts; (2) date- dependent Risks

signal timing patterns could be incorrectly implemented at highway
intersections, with safety severely compromised; and (3) prisoner
release or parole eligibility determinations may be adversely
affected. Nevertheless, available information on the Year 2000
readiness of state and local governments indicates that much work
remains. According to information on state Year 2000 activities
reported to the

National Association of State Information Resource Executives as
of June 17, 1999, 25 states 26 reported having thousands of
mission- critical systems. 27 With respect to completing the
implementation phase for these systems,  5 states 28 reported that
they had completed between 25 and 49 percent,  13 states 29
reported completing between 50 and 74 percent, and  30 states 30
reported completing 75 percent or more. 31 All of the states
responding to the National Association of State

Information Resource Executives survey reported that they were
actively engaged in internal and external contingency planning and
that they had established target dates for the completion of these
plans; 14 (28 percent) reported the deadline as October 1999 or
later.

25 Individual states submit periodic updates to the National
Association of State Information Resource Executives. For the June
17 report, over half of the states submitted their data in May and
June 1999. The oldest data were provided on March 4 and the most
recent data on June 16. All but three states responded to the
survey.

26 In the context of the National Association of State Information
Resource Executives survey, the term states includes the District
of Columbia, Guam, and Puerto Rico. 27 The National Association of
State Information Resource Executives defined mission- critical
systems as those that a state had identified as priorities for
prompt remediation. 28 Three states reported on their mission-
critical systems, one state reported on its processes, and one
reported on its functions. 29 Eleven states reported on their
mission- critical systems, one reported on all systems, and one
reported on projects. 30 Twenty- five states reported on their
mission- critical systems, two states reported on their
applications, one reported on its priority business activities,
one reported on its critical compliance units, and one reported on
all systems. 31 Of the states that responded to the survey, two
did not respond to this question.

State audit organizations have also identified significant Year
2000 concerns. In January, the National State Auditors Association
reported on the results of its mid- 1998 survey of Year 2000
compliance among states. 32 This report stated that, for the 12
state audit organizations that provided

Year 2000- related reports, concerns had been raised in areas such
as planning, testing, embedded systems, business continuity and
contingency planning, and the adequacy of resources to address the
problem. We identified additional products by 15 state- level
audit organizations and Guam that discussed the Year 2000 problem
and that had been issued since October 1, 1998. Several of these
state- level audit organizations noted that progress had been
made. However, the audit organizations also expressed concerns
that were consistent with those reported by the National State
Auditors Association, for example:

 In December 1998 the Vermont State Auditor reported 33 that the
state Chief Information Officer did not have a comprehensive
control list of the state's information technology systems.
Accordingly, the audit office stated that, even if all mission-
critical state systems were checked, these systems could be
endangered by information technology components

that had not been checked or by linkages with the state's external
electronic partners.  In April, New York's Division of Management
Audit and State Financial

Services reported that state agencies did not adequately control
the critical process of testing remediated systems. 34 Further,
most agencies were in the early stages of addressing potential
problems related to data exchanges and embedded systems and none
had completed substantive work on contingency planning. The New
York audit office subsequently issued 7 reports on 13 of the
state's mission- critical and high- priority systems that included
concerns about contingency planning and testing.  In February, the
California State Auditor reported 35 that key agencies responsible
for emergency services, corrections, and water resources, among
other areas, had not fully addressed embedded

32 Year 2000: State Compliance Efforts (National State Auditors
Association, January 1999). 33 Vermont State Auditor's Report on
State Government's Year 2000 Preparedness (Y2K Compliance) for the
Period Ending November 1, 1998 (Office of the State Auditor,
December 31, 1998). 34 New York's Preparation for the Year 2000: A
Second Look (Office of the State Comptroller, Division of
Management Audit and State Financial Services, Report 98- S- 21,
April 5, 1999).

35 Year 2000 Computer Problem: The State's Agencies Are
Progressing Toward Compliance but Key Steps Remain Incomplete
(California State Auditor, February 18, 1999).

technology- related threats. Regarding emergency services, the
California report stated that if remediation of the embedded
technology in its networks were not completed, the Office of
Emergency Services might have to rely on cumbersome manual
processes, significantly increasing response time to disasters.
In March, Oregon's Audits Division reported 36 that 11 of the 12
state agencies reviewed did not have business continuity plans
addressing potential Year 2000 problems for their core business
functions.

 In March, North Carolina's State Auditor reported 37 that
resource restrictions had limited the state's Year 2000 Project
Office's ability to verify data reported by state agencies. In the
case of Michigan, in May 1999, the Office of the Auditor General
reported that the state's Year 2000 Project Office had effectively
implemented key processes to achieve Year 2000 compliance. 38
However, the report stated that because of the unprecedented
nature of the Year 2000

issue, sufficient audit evidence did not exist to conclude that
the state will be successful in its remediation efforts or that
essential business functions will not be affected by either
internal or external factors. The audit office also found that
state agencies had not reported their assessments of, for example,
the status of regulated industries' Year 2000 remediation efforts
to the Emergency Management Division. The audit office concluded
that without this information, the Emergency Management Division
would find it more difficult to assess the vulnerabilities of the
state's health and safety

infrastructure. It is also critical that local government systems
be ready for the change of century since critical functions
involving, for example, public safety and traffic management, are
performed at the local level. Recent reports on local governments
have highlighted Year 2000 concerns, for example:

 On June 23, the National Association of Counties announced the
results of its April survey of 500 randomly selected counties.
This survey found that (1) 74 percent of respondents had a
countywide plan to address

36 Department of Administrative Services Year 2000 Statewide
Project Office Review (Secretary of State, Audits Division, State
of Oregon Report No. 99- 05, March 16, 1999). 37 Department of
Commerce, Information Technology Services Year 2000 Project Office
(Office of the State Auditor, State of North Carolina, March 18,
1999). 38 Performance Audit of the Year 2000 Issues For
Information Systems, Year 2000 Project Office, Department of
Management and Budget (Office of the Auditor General, State of
Michigan, May 1999).

Year 2000 issues, (2) 51 percent had completed system assessments,
and (3) 27 percent had completed system testing. In addition, 190
counties had prepared contingency plans and 289 had not. Further,
of the 114 counties reporting that they planned to develop Year
2000 contingency plans, 22 planned to develop the plan in April-
June, 64 in July- September, 18 in October- December, and 10 did
not know.  The National League of Cities conducted a poll during
its annual conference in March 1999 that included over 400
responses. The poll found that (1) 340 respondents stated that
over 75 percent of their cities' critical systems would be Year
2000 compliant by January 1, 2000,

(2) 35 stated that 51- 75 percent would be compliant, (3) 16
stated that 25- 50 percent would be compliant, and (4) 16 stated
that less than 25 percent would be compliant. Moreover, 34 percent
of respondents reported that they had contingency plans, 46
percent stated that they were in the process of developing plans,
12 percent stated that plans would be developed, and 8 percent
said they did not intend to develop contingency plans.  In January
1999, the United States Conference of Mayors reported on the
results of its survey of 220 cities. It found that (1) 97 percent
had a

citywide plan to address Year 2000 issues, (2) 22 percent had
repaired or replaced less than half of their systems, and (3) 45
percent had completed less than half of their testing. Of critical
importance to the nation are services essential to the safety and
well- being of individuals across the country, namely 9- 1- 1
systems and law enforcement. For the most part, responsibility for
ensuring continuity of service for 9- 1- 1 calls and law
enforcement resides with thousands of state and local
jurisdictions. On April 29 we testified that not enough was known
about the status of either 9- 1- 1 systems or of state and local
law enforcement activities to conclude about either's ability
during the transition to the year 2000 to meet the public safety
and well- being needs of local communities across the nation. 39
While the federal government planned additional actions to
determine the status of these areas, we stated that the
President's Council on Year 2000 Conversion should use such
information to identify specific risks and develop appropriate
strategies and contingency plans to respond to those risks. 39
Year 2000 Computing Challenge: Status of Emergency and State and
Local Law Enforcement Systems Is Still Unknown (GAO/T-AIMD-99-163,
April 29, 1999).

Recognizing the seriousness of the Year 2000 risks facing state
and local governments, the President's Council has developed
initiatives to address the readiness of state and local
governments, for example:  The Council established working groups
on state and local governments and tribal governments.  Council
officials participate in monthly multistate conference calls.  In
July 1998 and March 1999, the Council, in partnership with the
National Governors' Association, convened Year 2000 summits with
state and U. S. territory Year 2000 coordinators.  On May 24, the
Council announced a nationwide campaign to promote

Y2K Community Conversations to support and encourage efforts of
government officials, business leaders, and interested citizens to
share information on their progress. To support this initiative,
the Council has developed and is distributing a toolkit that
provides examples of which sectors should be represented at these
events and issues that should be addressed.

State- Administered Federal Among the critical functions performed
by states are the administration of Human Services Programs
federal human services programs. As we reported in November 1998,
many

Are At Risk systems that support state- administered federal human
services programs were at risk, and much work remained to ensure
that services would continue. 40 In February of this year, we
testified that while some progress had been achieved, many states'
systems were not scheduled to become compliant until the last half
of 1999. 41 Accordingly, we concluded that, given these risks,
business continuity and contingency planning was even more
important in ensuring continuity of program operations and
benefits in the event of systems failures. Subsequent to our
November 1998 report, OMB directed federal oversight agencies to
include the status of selected state human services systems in
their quarterly reports. Specifically, in January 1999, OMB
requested that agencies describe actions to help ensure that
federally supported, state- run programs will be able to provide
services and benefits. OMB further asked that agencies report the
date when each state's systems will be Year 40 Year 2000 Computing
Crisis: Readiness of State Automated Systems to Support Federal
Welfare Programs (GAO/AIMD-99-28, November 6, 1998). 41 Year 2000
Computing Crisis: Readiness of State Automated Systems That
Support Federal Human Services Programs (GAO/T-AIMD-99-91,
February 24, 1999).

2000- compliant. Tables 1 and 2 summarize the information gathered
by the Departments of Agriculture and Health and Human Services
(HHS), respectively, on the compliance status of state- level
organizations. The

information indicates that a number of states do not plan to
complete their Year 2000 efforts until the last quarter of 1999.

Table 1: Reported State- level Readiness for Federally Supported
Programs, Department of Agriculture, May 1999 a AprilJune
JulySeptember OctoberDecember

Program Compliant Unknown b

Food Stamps 25 12 14 3 0 Child Nutrition 29 9 10 4 2 Women,
Infants, and

33 11 7 3 0 Children a This chart contains readiness information
from the 50 states, the District of Columbia, Guam, Puerto Rico,
and the Virgin Islands.

b Unknown indicates the state did not provide a date or the date
was unknown. Source: Department of Agriculture.

Table 2: Reported State- level a Readiness for Federally Supported
Programs, Department of Health and Human Services b Jan. March
AprilJune JulySept. Oct. Dec.

Program Compliant c Unknown N/ A e

Child Care 24 5 5 8 2 6 4 Child Support Enforcement 15 4 13 8 8 6
0

Child Welfare 20 5 9 11 3 5 1 Low Income Housing

10 0 3 7 1 32 1 Energy Assistance Program

Medicaid  Integrated Eligibility System 20 0 15 15 4 0 0 Medicaid
Management Information System 17 0 19 14 4 0 0

Temporary Assistance for Needy Families 19 3 12 15 1 4 0 a This
chart contains readiness information from the 50 states, the
District of Columbia, Guam, Puerto Rico, and the Virgin Islands.

b The OMB report stated that this information was as of January
31, 1999. However, OMB provided a draft table to the National
Association of State Information Resource Executives which, in
turn, provided the draft table to the states. The states were
asked to contact HHS and provide corrections by June 1, 1999. For
its part, HHS submitted updated state data to OMB in early June. c
In many cases the report indicated a date instead of whether the
state was compliant. We assumed

that states reporting completion dates in 1998 or earlier were
compliant. d Unknown indicates that, according to OMB, the data
reported by the states were unclear or that no information was
reported by the agency.

e N/ A indicates that the states or territories reported that the
data requested were not applicable to them. Source: Progress on
Year 2000 Conversion: 9th Quarterly Report (OMB, issued on June
15, 1999).

In addition, in June 1999, OMB reported that, as of March 31,
1999, 27 states' unemployment insurance systems were compliant, 11
planned to be completed between April and June 1999, 10 planned to
be completed between July and September, and 5 planned to be
completed between October and December.

Along with obtaining readiness information from the states,
agencies have initiated additional actions to help ensure the Year
2000 compliance of state- administered programs. About a quarter
of the federal government's programs designated high- impact by
OMB are state- administered, such as Food Stamps and Temporary
Assistance for Needy Families. In response to OMB's March
memorandum regarding the high- impact programs, the departments of
Agriculture, Health and Human Services, and Labor reported on
various actions that they are taking or plan to take to help

ensure the Year 2000 compliance of their state- administered
programs. For example:

 The Department of Agriculture reported in May that its Food and
Nutrition Service requested that states provide their contingency
plans and had contracted for technical support services to review
these plans, as needed, and to assist in its oversight of other
state Year 2000 activities.  The Department of Health and Human
Services reported that its Administration for Children and
Families and Health Care Financing

Administration had contracted for on- site assessments of state
partners, which will include reviews of business continuity and
contingency plans.  The Department of Labor reported that states
are required to submit a certification of Year 2000 compliance for
their benefit and tax systems along with an independent
verification and validation report. In addition, Labor required
that state agencies prepare business continuity and contingency
plans, which will be reviewed by Labor officials.

Further, the department plans to design and develop a prototype
PC- based system to be used in the event that a state's
unemployment insurance system is unusable due to a Year 2000-
induced problem.

An example of the benefits that federal/ state partnerships can
provide is illustrated by the Department of Labor's unemployment
services program. In September 1998, we reported that many state
employment security agencies were at risk of failure as early as
January 1999 and urged the Department of Labor to initiate the
development of realistic contingency plans to ensure continuity of
core business processes in the event of Year 2000- induced
failures. 42 Just last month, we testified that four state
agencies' systems could have failed if systems in those states had
not been programmed with an emergency patch in December 1998. This
patch was developed by several of the state agencies and promoted
to other state agencies by the Department of Labor. 43

Year 2000 Readiness Beyond the risks faced by federal, state, and
local governments, the year Information Available

2000 also poses a serious challenge to the public infrastructure,
key economic sectors, and to other countries. To address these
concerns, in in Some Sectors, But April 1998 we recommended that
the Council use a sector- based approach Key Information Still and
establish the effective public- private partnerships necessary to
address this issue. 44 The Council subsequently established over
25 sector- based Missing or Incomplete

working groups and has been initiating outreach activities since
it became operational last spring. In addition, the Chair of the
Council has formed a Senior Advisors Group composed of
representatives from private- sector firms across key economic
sectors. Members of this group are expected to offer perspectives
on cross- cutting issues, information sharing, and appropriate
federal responses to potential Year 2000 failures.

Our April 1998 report also recommended that the President's
Council develop a comprehensive picture of the nation's Year 2000
readiness, to include identifying and assessing risks to the
nation's key economic sectors-- including risks posed by
international links. In October 1998 the 42 Year 2000 Computing
Crisis: Progress Made at Department of Labor, But Key Systems at
Risk (GAO/T-AIMD-98-303, September 17, 1998).

43 Year 2000 Computing Challenge: Labor Has Progressed But
Selected Systems Remain at Risk (GAO/T-AIMD-99-179, May 12, 1999).
44 GAO/AIMD-98-85, April 30, 1998.

Chair directed the Council's sector working groups to begin
assessing their sectors. The Chair also provided a recommended
guide of core questions that the Council asked to be included in
surveys by the associations performing the assessments. These
questions included the percentage of work that has been completed
in the assessment, renovation, validation, and implementation
phases. The Chair then planned to issue quarterly

public reports summarizing these assessments. The first such
report was issued on January 7, 1999.

The Council's second report was issued on April 21, 1999. 45 The
report stated that substantial progress had been made in the prior
6 to 12 months, but that there was still much work to be done.
According to the Council, most industries had projected completion
target dates between June and September and were in, or would soon
be moving into, the critical testing phase. Key points in the
Council's April assessment included the following:  National Year
2000 failures in key U. S. infrastructures such as power, banking,
telecommunications, and transportation are unlikely.
Organizations that are not paying appropriate attention to the
Year 2000

problem or that are adopting a wait and see strategy an attitude
prevalent among some small businesses and local governments are
putting themselves and those that depend upon them at great risk.
International Year 2000 activity, although increasing, is lagging
and will be the source of the greatest risk. The Council's
assessment reports have substantially increased the nation's
understanding of the Year 2000 readiness of key industries.
However, the picture remained incomplete in certain key areas
because the surveys conducted did not have a high response rate,
the assessment was general, or the data were old. For example,
according to the assessment report, only 13 percent of the
nation's 9- 1- 1 centers had responded to a survey being conducted
by the Federal Emergency Management Agency in conjunction with the
National Emergency Number Association, calling into question
whether the results of the survey accurately portrayed the
readiness of the sector. In the case of drinking water, both the
January and

April reports provided a general assessment but did not contain
detailed data as to the status of the sector (e. g., the average
percentage of an 45 Both of the Council's reports are available on
its web site, www. y2k. gov. In addition, the Council, in
conjunction with the Federal Trade Commission and the General
Services Administration, has established a toll- free Year 2000
information line, 1- 888- USA- 4Y2K. The Federal Trade Commission
has also included Year 2000 information of interest to consumers
on its web site, www. consumer. gov.

organization's systems that are Year 2000 compliant or the
percentage of organizations that are in the assessment,
renovation, or validation phases). Finally, in some cases, such as
the transit industry, the sector surveys had been conducted months
earlier.

The President's Council is to be commended on the strides that it
has made to obtain Year 2000 readiness data critical to the
nation's well- being as well as its other initiatives, such as the
establishment of the Senior Advisors Group. To further reduce the
likelihood of major disruptions, in testimony this January, we
suggested that the Council consider additional actions such as
continuing to aggressively pursue readiness information in the
areas in which it is lacking. 46 If the current approach of using
associations to voluntarily collect information does not yield the
necessary information, we suggested that the Council may wish to
consider whether legislative remedies (such as requiring
disclosure of Year 2000 readiness data) should be proposed. In
response to this suggestion, the Council Chair stated that the
Council has focused on collaboration and communication with
associations and other groups as a means to get industries to
share

information on their Year 2000 readiness and that the Council did
not believe that legislation would be necessary. The Council's
next sector report is expected to be released later this month.
Subsequent to the Council's April report, surveys in key sectors
have been issued. In addition, we have issued several products
related to several of these sectors. I will now discuss the
results of some of these surveys and our reviews. Energy Sector In
April, we reported that while the electric power industry had
concluded that it had made substantial progress in making its
systems and equipment

ready to continue operations into the year 2000, significant risks
remained since many reporting organizations did not expect to be
Year 2000 ready within the June 1999 industry target date. 47 We,
therefore, suggested that the Department of Energy (1) work with
the Electric Power Working Group to ensure that remediation
activities were accelerated for the utilities that expected to
miss the June 1999 deadline for achieving Year 2000 readiness and
(2) encourage state regulatory utility commissions to require a
full 46 GAO/T-AIMD-99-50, January 20, 1999. 47 Year 2000 Computing
Crisis: Readiness of the Electric Power Industry (GAO/AIMD-99-114,
April 6, 1999).

public disclosure of Year 2000 readiness status of entities
transmitting and distributing electric power. The Department of
Energy generally agreed with our suggestions. We also suggested
that the Nuclear Regulatory Commission (1) in cooperation with the
Nuclear Energy Institute, work with nuclear power plant licensees
to accelerate the Year 2000 remediation efforts among the nuclear
power plants that expect to meet the June 1999

deadline for achieving readiness and (2) publicly disclose the
Year 2000 readiness of each of the nation's operational nuclear
reactors. In response, the Nuclear Regulatory Commission stated
that it plans to focus its efforts on nuclear power plants that
may miss the July 1, 1999, milestone and that

it would release the readiness information on individual plants
that same month.

Subsequent to our report, on April 30, 1999, the North American
Electric Reliability Council released its third status report on
electric power systems. According to the North American Electric
Reliability Council, as of March 31, 1999, reporting
organizations, on average, had completed

99 percent of the inventory phase, 95 percent of the assessment
phase, and 75 percent of the remediation/ testing phase. In May,
we reported 48 that while the domestic oil and gas industries had
reported that they had made substantial progress in making their
equipment and systems ready to continue operations into the year
2000, risks remained. In particular, a February industrywide
survey found that over a quarter of the oil and gas industries
reported that they did not expect to be Year 2000 ready until the
second half of 1999 leaving little time for

resolving unexpected problems. Moreover, although over half of our
oil is imported, little was known about the Year 2000 readiness of
foreign oil suppliers. Further, while individual domestic
companies reported that they were developing Year 2000 contingency
plans, there were no plans to perform a national- level risk
assessment and develop contingency plans to deal with potential
shortages or disruptions in the nation's overall oil and gas
supplies. We suggested that the Council's oil and gas working
group

(1) work with industry associations to perform national- level
risk assessments and develop and publish credible, national- level
scenarios regarding the impact of potential Year 2000 failures and
(2) develop national- level contingency plans. The working group
generally agreed with these suggestions. 48 Year 2000 Computing
Crisis: Readiness of the Oil and Gas Industries (GAO/AIMD-99-162,
May 19, 1999).

Water Sector As I previously mentioned, the Council's January and
April assessment reports provided only a general assessment of the
drinking water sector and did not contain detailed data.
Similarly, in April we reported 49 that

insufficient information was available to assess and manage Year
2000 efforts in the water sector, and little additional
information was expected under the current regulatory approach.
While the Council's water sector working group had undertaken an
awareness campaign and had urged

national water sector associations to continue to survey their
memberships, survey response rates had been low. Further,
Environmental Protection Agency officials stated that the agency
lacked the rules and regulations necessary to require water and
wastewater facilities to report on their Year 2000 status. Our
survey of state regulators found that a few states were
proactively

collecting Year 2000 compliance data from regulated facilities, a
much larger group of states was disseminating Year 2000
information, while another group was not actively using either
approach. Additionally, only a handful of state regulators
believed that they were responsible for ensuring

facilities' Year 2000 compliance or overseeing facilities'
business continuity and contingency plans. Among our suggested
actions was that the Council, the Environmental Protection Agency,
and the states determine which regulatory organization should take
responsibility for assessing and publicly disclosing the status
and outlook of water sector facilities' Year 2000 business
continuity and contingency plans. The Environmental Protection
Agency generally agreed with our suggestions but one official
noted that additional legislation may be needed if the agency is
to take responsibility for overseeing facilities' Year 2000
business continuity and contingency plans.

Health Sector The health sector includes health care providers
(such as hospitals and emergency health care services), insurers
(such as Medicare and Medicaid), and biomedical equipment. With
respect to biomedical equipment, on June 10 we testified 50 that,
in response to our

49 Year 2000 Computing Crisis: Status of the Water Industry
(GAO/AIMD-99-151, April 21, 1999). 50 Year 2000 Computing
Challenge: Concerns About Compliance Information on Biomedical
Equipment (GAO/T-AIMD-99-209, June 10, 1999).

September 1998 recommendation, 51 HHS, in conjunction with the
Department of Veterans Affairs, had established a clearinghouse on
biomedical equipment. As of June 1, 1999, 4,142 biomedical
equipment manufacturers had submitted data to the clearinghouse.
About 61 percent of these manufacturers reported having products
that do not employ dates and about 8 percent (311 manufacturers)
reported having date- related problems such as an incorrect
display of date/ time. According to the Food and Drug
Administration, the 311 manufacturers reported 897 products with
date- related problems. However, not all compliance information
was available on the clearinghouse because the clearinghouse
referred the user to 427 manufacturers' web sites. Accordingly, we
reviewed the web sites of these manufacturers and found, as of
June 1, 1999, a total of 35, 446 products. 52 Of these products,
18,466 were reported as not employing a date, 11,211 were reported
as compliant, 4,445 were shown as not compliant, and the
compliance status of 1,324 was unknown. In addition to the
establishment of a clearinghouse, our September 1998 report also
recommended that HHS and the Department of Veterans Affairs take
prudent steps to jointly review manufacturers' test results for
critical care/ life support biomedical equipment. We were
especially concerned

that the departments review test results for equipment previously
deemed to be noncompliant but now deemed by manufacturers to be
compliant, or equipment for which concerns about compliance
remained. In May 1999, the Food and Drug Administration, a
component agency of HHS, announced that it planned to develop a
list of critical care/ life support medical devices and the
manufacturers of these devices, select a sample of manufacturers
for review, and hire a contractor to develop a program to assess
manufacturers' activities to identify and correct Year 2000
problems for these medical devices. In addition, if the results of
this review indicated a need for further review of manufacturer
activities, the contractor would review a portion of the remaining
manufacturers not yet reviewed. Moreover, according to the Food
and Drug Administration, any manufacturer whose quality assurance
system appeared deficient based on the contractors review would be
subject to additional reviews to determine

51 Year 2000 Computing Crisis: Compliance Status of Many
Biomedical Equipment Items Still Unknown (GAO/AIMD-98-240,
September 18, 1998). 52 Because of limitations in many of the
manufacturers web sites, our ability to determine the total number
of biomedical equipment products reported and their compliance
status was impaired. Accordingly, the actual number of products
reported by the manufacturers could be significantly higher than
the 35,446 products that we counted.

what actions would be required to eliminate any risk posed by
noncompliant devices.

In April testimony 53 we also reported on the results of a
Department of Veterans Affairs survey of 384 pharmaceutical firms
and 459 medical- surgical firms with whom it does business. Of the
52 percent of pharmaceutical firms that responded to the survey,
32 percent reported that they were compliant. Of the 54 percent of
the medical- surgical firms

that responded, about two- thirds reported that they were
compliant. Banking and Finance Sector A large portion of the
institutions that make up the banking and finance

sector are overseen by one or more federal regulatory agencies. In
September 1998 we testified on the efforts of five federal
financial regulatory agencies 54 to ensure that the institutions
that they oversee are ready to handle the Year 2000 problem. 55 We
concluded that the regulators had made significant progress in
assessing the readiness of member institutions and in raising
awareness on important issues such as contingency planning and
testing. Regulator examinations of bank, thrift,

and credit union Year 2000 efforts found that the vast majority
were doing a satisfactory job of addressing the problem.
Nevertheless, the regulators faced the challenge of ensuring that
they are ready to take swift action to

address those institutions that falter in the later stages of
correction and to address disruptions caused by international and
public infrastructure failures. In April, we reported that the
Federal Reserve System-- which is instrumental to our nation's
economic well- being, since it provides depository institutions
and government agencies services such as processing checks and
transferring funds and securities, has effective

controls to help ensure that its Year 2000 progress is reported
accurately and reliably. 56 We also found that it is effectively
managing the renovation 53 Year 2000 Computing Crisis: Action
Needed to Ensure Continued Delivery of Veterans Benefits and
Health Care Services (GAO/T-AIMD-99-136, April 15, 1999). 54 The
National Credit Union Administration, the Federal Deposit
Insurance Corporation, the Office of

Thrift Supervision, the Federal Reserve System, and the Office of
the Comptroller of the Currency. 55 Year 2000 Computing Crisis:
Federal Depository Institution Regulators Are Making Progress, But
Challenges Remain (GAO/T-AIMD-98-305, September 17, 1998). 56 Year
2000 Computing Crisis: Federal Reserve Has Established Effective
Year 2000 Management Controls for Internal Systems Conversion
(GAO/AIMD-99-78, April 9, 1999).

and testing of its internal systems and the development and
planned testing of contingency plans for continuity of business
operations. Nevertheless, the Federal Reserve System still had
much to accomplish before it is fully ready for January 1, 2000,
such as completing validation and implementation of all of its
internal systems and completing its contingency plans.

In addition to the domestic banking and finance sector, large U.
S. financial institutions have financial exposures and
relationships with international financial institutions and
markets that may be at risk if these international organizations
are not ready for the date change occurring on January 1, 2000. In
April, we reported 57 that foreign financial institutions had
reportedly lagged behind their U. S. counterparts in preparing for
the Year 2000 date change. Officials from four of the seven large
foreign financial institutions we visited said they had scheduled
completion of their Year 2000 preparations about 3 to 6 months
after their U. S. counterparts, but they planned to complete their
efforts by mid- 1999 at the latest. Moreover, key international
market supporters, such as those that transmit financial

messages and provide clearing and settlement services, told us
that their systems were ready for the date change and that they
had begun testing with the financial organizations that depended
on these systems. Further, we found that seven large U. S. banks
and securities firms we visited were taking actions to address
their international risks. In addition, U. S. banking and
securities regulators were also addressing the international Year
2000 risks of the institutions that they oversee.

With respect to the insurance industry, in March we concluded that
insurance regulator presence regarding the Year 2000 area was not
as strong as that exhibited by the banking and securities
industry. 58 State

insurance regulators we contacted were late in raising industry
awareness of potential Year 2000 problems, provided little
guidance to regulated institutions, and failed to convey clear
regulatory expectations to companies about Year 2000 preparations
and milestones. Nevertheless, the insurance industry is reported
by both its regulators and by other outside observers to be
generally on track to being ready for 2000. However, most of these
reports are based on self- reported information and, compared to
57 Year 2000: Financial Institution and Regulatory Efforts to
Address International Risks (GAO/GGD-99-62, April 27, 1999). 58
Insurance Industry: Regulators Are Less Active in Encouraging and
Validating Year 2000 Preparedness (GAO/T-GGD-99-56, March 11,
1999).

other financial regulators, insurance regulators' efforts to
validate this information generally began late and were more
limited. In a related report in April, 59 we stated that
variations in oversight approaches by state insurance regulators
also made it difficult to ascertain the overall status of the
insurance industry's Year 2000 readiness. We reported that the
magnitude of insurers' Year 2000- related liability exposures
could not be estimated at that time but that costs associated with
these exposures could be substantial for some property- casualty
insurers, particularly those concentrated in commercial- market
sectors. In addition, despite efforts to mitigate potential
exposures, the Year 2000- related costs that may be incurred by
insurers would remain uncertain until key legal issues and actions
on pending legislation were resolved.

Transportation Sector A key component to the nation's
transportation sector are airports. This January we reported on
our survey of 413 airports. 60 We found that while the nation's
airports are making progress in preparing for the year 2000, such
progress varied. Of the 334 airports responding to our survey,
about one- third reported that they would complete their Year 2000
preparations by June 30, 1999. The other two- thirds either
planned on a later date or failed to estimate any completion date,
and half of these airports did not have contingency plans for any
of 14 core airport functions. Although most of those not expecting
to be ready by June 30 are small airports, 26 of them

are among the nation's largest 50 airports. On June 18, the
Federal Aviation Administration issued an air industry Year 2000
status report that included information on airports and airline
carriers. Table 3 provides the assessment, renovation, validation,
and implementation information contained in this report. 59 Year
2000: State Insurance Regulators Face Challenges in Determining
Industry Readiness (GAO/GGD-99-87, April 30, 1999). 60 Year 2000
Computing Crisis: Status of Airports' Efforts to Deal With Date
Change Problem (GAO/ RCED/ AIMD- 99- 57, January 29, 1999).

Table 3: Industry Segment Percentage Completion of Year 2000
Remediation Phases Industry Segment Assessment Renovation
Validation Implementation

Large hub airports 98% 63% 31% 26% Medium hub airports 100% 70%
43% 37% Small hub airports 94% 61% 55% 48% Non- hub airports 93%
67% 67% 70% Major carriers 100% 75% 50% a Low- cost carriers 73%
38% 19% 18% Note: Airport information was based on data as of
March 15, 1999 from the American Association of Airport Executives
and the Airports Council International/ North America. The major
carrier information

based on data as of February 22, 1999 from the Air Transport
Association of America, and the low- cost carrier information was
based on data as of November 30, 1998 from the National Air
Carriers Association, Inc. a Implementation was occurring as
validation and testing were completed. Source: Federal Aviation
Administration.

Manufacturing and Small The manufacturing and small business
sector includes the entities that Business Sector

produce or sell a myriad of products such as chemicals,
electronics, heavy equipment, food, textiles, and automobiles.
With respect to the chemical industry, table 4 contains the latest
survey data by Chemical Manufacturers Association-- which
represents over 190 primarily large chemical

companies-- and shows that while some companies' systems are Year
2000 ready, others are in varying stages of completion. This
survey provided information on the Year 2000 readiness stage of
123 respondents with respect to their business systems,
manufacturing, inventory, and

distribution systems, embedded systems, and supply chain as of May
12, 1999.

Table 4: Results of May 12, 1999 Survey of Chemical Manufacturers
Association a Year 2000

Inventory/ Function Ready Planning Assessment Remediation
Validation

Business systems 26 1 5 51 27 Manufacturing,

18 2 7 53 28 inventory, and distribution systems

Embedded systems 15 2 26 52 13 Supply chain 10 4 51 22 21 a Some
respondents did not provide information to all questions or stated
that the question was not

applicable. Source: Chemical Manufacturers Association statement
before the Senate Special Committee on the Year 2000 Technology
Problem, May 14, 1999.

Since the Chemical Manufacturers Association represented mainly
large companies, a survey of small and mid- sized chemical
companies was sponsored by several industry associations 61 to
assist the Congress, the

administration, and the U. S. Chemical Safety and Hazard
Investigation Board by obtaining information on the preparedness
of this segment of the industry. Table 5 contains the results of
the survey, which was conducted between March and May 1999. 61 The
sponsors of the survey were the American Crop Protection
Association, Chemical Producers & Distributors Association,
Chemical Specialties Manufacturers Association, International
Sanitary Supply Association, National Association of Chemical
Distributors, Responsible Industry for a Sound Environment, and
the Synthetic Organic Chemical Manufacturers Association.

Table 5: Readiness Stage of Small and Medium- Sized Chemical
Companies a Year 2000

Inventory/ Function ready Planning Assessment Remediation
Validation

Business systems 147 8 4 24 12 Manufacturing, 133 8 3 21 13
inventory, and distribution systems

Embedded systems 83 3 7 13 6 Supply chain 80 17 29 17 25 a Some
respondents did not provide information to all questions or stated
that the question was not applicable.

Source: Year 2000 Readiness Disclosure Survey of Small & Mid-
Sized Chemical Companies, June 9, 1999.

Another key segment of the economy are small businesses. The
National Federation of Independent Business and Wells Fargo
sponsored a third survey of the Year 2000 preparedness of small
businesses between mid- April and mid- May 1999. This survey found
that 84 percent of small businesses are directly exposed to a
possible Year 2000 problem. Of the small businesses directly
exposed to the Year 2000 problem, 59 percent had taken action, 12
percent planned to take action, and 28 percent did not plan to
take action (the other 1 percent responded that the question was
not

applicable). In addition, 43 percent of the small businesses that
were aware of the Year 2000 problem had made contingency plans to
minimize the impact of potential problems.

In summary, while improvement has been shown, much work remains at
the national, federal, state, and local levels to ensure that
major service disruptions do not occur. Specifically, remediation
must be completed, end- to- end testing performed, and business
continuity and contingency plans developed. Similar actions remain
to be completed by the nation's key sectors. Accordingly, whether
the United States successfully confronts the Year 2000 challenge
will largely depend on the success of federal, state, and local
governments, as well as the private sector working separately and
together to complete these actions. Accordingly, strong leadership
and partnerships must be maintained to ensure that the needs of
the public are met at the turn of the century.

Mr. Chairman, this concludes my statement. I would be happy to
respond to any questions that you or other members of the
Subcommittee may have at this time.

Federal High- Impact Programs and Lead Appendi I x Agencies Agency
Program

Department of Agriculture Child Nutrition Programs Department of
Agriculture Food Safety Inspection Department of Agriculture Food
Stamps Department of Agriculture Special Supplemental Nutrition
Program for Women, Infants, and Children Department of Commerce
Patent and trademark processing Department of Commerce Weather
Service Department of Defense Military Hospitals Department of
Defense Military Retirement Department of Education Student Aid
Department of Energy Federal electric power generation and
delivery Department of Health and Human Services Child Care
Department of Health and Human Services Child Support Enforcement
Department of Health and Human Services Child Welfare Department
of Health and Human Services Disease monitoring and the ability to
issue warnings Department of Health and Human Services Indian
Health Service Department of Health and Human Services Low Income
Home Energy Assistance Program Department of Health and Human
Services Medicaid Department of Health and Human Services Medicare
Department of Health and Human Services Organ Transplants
Department of Health and Human Services Temporary Assistance for
Needy Families Department of Housing and Urban Development Housing
loans (Government National Mortgage Association) Department of
Housing and Urban Development Section 8 Rental Assistance
Department of Housing and Urban Development Public Housing
Department of Housing and Urban Development FHA Mortgage Insurance

Department of Housing and Urban Development Community Development
Block Grants Department of the Interior Bureau of Indians Affairs
programs Department of Justice Federal Prisons Department of
Justice Immigration Department of Justice National Crime
Information Center Department of Labor Unemployment Insurance
Department of State Passport Applications and Processing
Department of Transportation Air Traffic Control System Department
of Transportation Maritime Safety Program Department of the
Treasury Cross- border Inspection Services Department of Veterans
Affairs Veterans' Benefits Department of Veterans Affairs
Veterans' Health Care

Agency Program

Federal Emergency Management Agency Disaster Relief Office of
Personnel Management Federal Employee Health Benefits Office of
Personnel Management Federal Employee Life Insurance Office of
Personnel Management Federal Employee Retirement Benefits Railroad
Retirement Board Retired Rail Workers Benefits Social Security
Administration Social Security Benefits U. S. Postal Service Mail
Service

GAO Reports and Testimony Addressing the Year 2000 Crisis Defense
Computers: Management Controls Are Critical to Effective Year 2000
Testing (GAO/AIMD-99-172, June 30, 1999). Year 2000 Computing
Crisis: Customs Is Making Good Progress (GAO/T-AIMD-99-225, June
29, 1999). Year 2000 Computing Challenge: Delivery of Key Benefits
Hinges on States' Achieving Compliance (GAO/ T- AIMD/ GGD- 99-
221, June 23, 1999).

Year 2000 Computing Challenge: Estimated Costs, Planned Uses of
Emergency Funding, and Future Implications (GAO/T-AIMD-99-214,
June 22, 1999).

GSA's Effort to Develop Year 2000 Business Continuity and
Contingency Plans for Telecommunications Systems (GAO/AIMD-99-
201R, June 16, 1999). Year 2000 Computing Crisis: Actions Needed
to Ensure Continued Delivery of Veterans Benefits and Health Care
Services (GAO/AIMD-99-190R, June 11, 1999). Year 2000 Computing
Challenge: Concerns About Compliance Information on Biomedical
Equipment (GAO/T-AIMD-99-209, June 10, 1999).

Year 2000 Computing Challenge: Much Biomedical Equipment Status
Information Available, Yet Concerns Remain (GAO/T-AIMD-99-197, May
25, 1999).

Year 2000 Computing Challenge: OPM Has Made Progress on Business
Continuity Planning (GAO/GGD-99-66, May 24, 1999).

VA Y2K Challenges: Responses to Post- Testimony Questions
(GAO/AIMD-99-199R, May 24, 1999). Year 2000 Computing Crisis: USDA
Needs to Accelerate Time Frames for Completing Contingency
Planning (GAO/AIMD-99-178, May 21, 1999).

Year 2000 Computing Crisis: Readiness of the Oil and Gas
Industries (GAO/AIMD-99-162, May 19, 1999). Year 2000 Computing
Challenge: Time Issues Affecting the Global Positioning System
(GAO/T-AIMD-99-187, May 12, 1999).

Year 2000 Computing Challenge: Education Taking Needed Actions But
Work Remains (GAO/T-AIMD-99-180, May 12, 1999).

Year 2000 Computing Challenge: Labor Has Progressed But Selected
Systems Remain at Risk (GAO/T-AIMD-99-179, May 12, 1999).

Year 2000: State Insurance Regulators Face Challenges in
Determining Industry Readiness (GAO/GGD-99-87, April 30, 1999).

Year 2000 Computing Challenge: Status of Emergency and State and
Local Law Enforcement Systems Is Still Unknown (GAO/T-AIMD-99-163,
April 29, 1999).

Year 2000 Computing Crisis: Costs and Planned Use of Emergency
Funds (GAO/AIMD-99-154, April 28, 1999). Year 2000: Financial
Institution and Regulatory Efforts to Address International Risks
(GAO/GGD-99-62, April 27, 1999).

Year 2000 Computing Crisis: Readiness of Medicare and the Health
Care Sector (GAO/T-AIMD-99-160, April 27, 1999).

U. S. Postal Service: Subcommittee Questions Concerning Year 2000
Challenges Facing the Service (GAO/AIMD-99-150R, April 23, 1999).

Year 2000 Computing Crisis: Status of the Water Industry
(GAO/AIMD-99-151, April 21, 1999). Year 2000 Computing Crisis: Key
Actions Remain to Ensure Delivery of Veterans Benefits and Health
Services (GAO/T-AIMD-99-152, April 20, 1999).

Year 2000 Computing Crisis: Readiness Improving But Much Work
Remains To Ensure Delivery of Critical Services (GAO/T-AIMD-99-
149, April 19, 1999).

Year 2000 Computing Crisis: Action Needed to Ensure Continued
Delivery of Veterans Benefits and Health Care Services (GAO/T-
AIMD-99-136, April 15, 1999).

Year 2000 Computing Challenge: Federal Government Making Progress
But Critical Issues Must Still Be Addressed to Minimize
Disruptions (GAO/T-AIMD-99-114, April 14, 1999).

Year 2000 Computing Crisis: Additional Work Remains to Ensure
Delivery of Critical Services (GAO/T-AIMD-99-143, April 13, 1999).

Tax Administration: IRS' Fiscal Year 2000 Budget Request and 1999
Tax Filing Season (GAO/ T- GGD/ AIMD- 99- 140, April 13, 1999).

Year 2000 Computing Crisis: Federal Reserve Has Established
Effective Year 2000 Management Controls for Internal Systems
Conversion (GAO/AIMD-99-78, April 9, 1999).

Year 2000 Computing Crisis: Readiness of the Electric Power
Industry (GAO/AIMD-99-114, April 6, 1999). Year 2000 Computing
Crisis: Customs Has Established Effective Year 2000 Program
Controls (GAO/AIMD-99-37, March 29, 1999).

Year 2000 Computing Crisis: FAA Is Making Progress But Important
Challenges Remain (GAO/ T- AIMD/ RCED- 99- 118, March 15, 1999).

Insurance Industry: Regulators Are Less Active in Encouraging and
Validating Year 2000 Preparedness (GAO/T-GGD-99-56, March 11,
1999).

Year 2000 Computing Crisis: Defense Has Made Progress, But
Additional Management Controls Are Needed (GAO/T-AIMD-99-101,
March 2, 1999).

Year 2000 Computing Crisis: Readiness Status of the Department of
Health and Human Services (GAO/T-AIMD-99-92, February 26, 1999).

Defense Information Management: Continuing Implementation
Challenges Highlight the Need for Improvement (GAO/T-AIMD-99-93,
February 25, 1999).

IRS' Year 2000 Efforts: Status and Remaining Challenges (GAO/T-
GGD-99-35, February 24, 1999). Department of Commerce: National
Weather Service Modernization and NOAA Fleet Issues (GAO/ T- AIMD/
GGD- 99- 97, February 24, 1999).

Year 2000 Computing Crisis: Medicare and the Delivery of Health
Services Are at Risk (GAO/T-AIMD-99-89, February 24, 1999).

Year 2000 Computing Crisis: Readiness of State Automated Systems
That Support Federal Human Services Programs (GAO/T-AIMD-99-91,
February 24, 1999).

Year 2000 Computing Crisis: Customs Is Effectively Managing Its
Year 2000 Program (GAO/T-AIMD-99-85, February 24, 1999).

Year 2000 Computing Crisis: Update on the Readiness of the Social
Security Administration (GAO/T-AIMD-99-90, February 24, 1999).

Year 2000 Computing Crisis: Challenges Still Facing the U. S.
Postal Service (GAO/T-AIMD-99-86, February 23, 1999).

Year 2000 Computing Crisis: The District of Columbia Remains
Behind Schedule (GAO/T-AIMD-99-84, February 19, 1999).

High- Risk Series: An Update (GAO/HR-99-1, January 1999) Year 2000
Computing Crisis: Status of Airports' Efforts to Deal With Date
Change Problem (GAO/ RCED/ AIMD- 99- 57, January 29, 1999).

Defense Computers: DOD's Plan for Execution of Simulated Year 2000
Exercises (GAO/AIMD-99-52R, January 29, 1999).

Year 2000 Computing Crisis: Status of Bureau of Prisons' Year 2000
Efforts (GAO/AIMD-99-23, January 27, 1999). Year 2000 Computing
Crisis: Readiness Improving, But Much Work Remains to Avoid Major
Disruptions (GAO/T-AIMD-99-50, January 20, 1999).

Year 2000 Computing Challenge: Readiness Improving, But Critical
Risks Remain (GAO/T-AIMD-99-49, January 20, 1999).

Status Information: FAA's Year 2000 Business Continuity and
Contingency Planning Efforts Are Ongoing (GAO/AIMD-99-40R,
December 4, 1998).

Year 2000 Computing Crisis: A Testing Guide (GAO/ AIMD- 10.1.21,
November 1998).

Year 2000 Computing Crisis: Readiness of State Automated Systems
to Support Federal Welfare Programs (GAO/AIMD-99-28, November 6,
1998).

Year 2000 Computing Crisis: Status of Efforts to Deal With
Personnel Issues (GAO/ AIMD/ GGD- 99- 14, October 22, 1998).

Year 2000 Computing Crisis: Updated Status of Department of
Education's Information Systems (GAO/T-AIMD-99-8, October 8,
1998).

Year 2000 Computing Crisis: The District of Columbia Faces
Tremendous Challenges in Ensuring That Vital Services Are Not
Disrupted (GAO/T-AIMD-99-4, October 2, 1998).

Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).

Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-
98-310, September 24, 1998).

Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
1998).

Year 2000 Computing Crisis: Significant Risks Remain to Department
of Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998).

Year 2000 Computing Crisis: Progress Made at Department of Labor,
But Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).

Year 2000 Computing Crisis: Federal Depository Institution
Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-
98-305, September 17, 1998).

Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure
Financial Institutions Are Fixing Systems But Challenges Remain
(GAO/AIMD-98-248, September 17, 1998).

Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).

Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278,
September 3, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Reduce Likelihood of Adverse Impact (GAO/T-
AIMD-98-277, September 2, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276,
September 1, 1998).

Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-
162, August 28, 1998).

Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998).

Year 2000 Computing Crisis: Progress Made in Compliance of VA
Systems, But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).

Year 2000 Computing Crisis: Avoiding Major Disruptions Will
Require Strong Leadership and Effective Partnerships (GAO/T-AIMD-
98-267, August 19, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266,
August 17, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262,
August 13, 1998).

FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).

Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/ AIMD- 10.1.19, August 1998).

Internal Revenue Service: Impact of the IRS Restructuring and
Reform Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).

Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998).

Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998).

Defense Computers: Year 2000 Computer Problems Put Navy Operations
At Risk (GAO/AIMD-98-150, June 30, 1998).

Year 2000 Computing Crisis: Testing and Other Challenges
Confronting Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998).

Year 2000 Computing Crisis: Telecommunications Readiness Critical,
Yet Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16,
1998).

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998). IRS' Year 2000 Efforts: Business Continuity Planning Needed
for Potential Year 2000 System Failures (GAO/GGD-98-138, June 15,
1998).

Year 2000 Computing Crisis: Actions Must Be Taken Now to Address
Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).

Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).

Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted (GAO/T-AIMD-
98-167, May 14, 1998).

Securities Pricing: Actions Needed for Conversion to Decimals
(GAO/T-GGD-98-121, May 8, 1998). Year 2000 Computing Crisis:
Continuing Risks of Disruption to Social Security, Medicare, and
Treasury Programs (GAO/T-AIMD-98-161, May 7, 1998).

IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7,
1998).

Air Traffic Control: FAA Plans to Replace Its Host Computer System
Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R,
May 1, 1998).

Year 2000 Computing Crisis: Potential For Widespread Disruption
Calls For Strong Leadership and Partnerships (GAO/AIMD-98-85,
April 30, 1998).

Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

Department of the Interior: Year 2000 Computing Crisis Presents
Risk of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22,
1998).

Tax Administration: IRS' Fiscal Year 1999 Budget Request and
Fiscal Year 1998 Filing Season (GAO/ T- GGD/ AIMD- 98- 114, March
31, 1998).

Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24,
1998).

Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-
98-116, March 24, 1998).

Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts
to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
102, March 18, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Public/ Private Cooperation Needed to Avoid Major Disruptions
(GAO/T-AIMD-98-101, March 18, 1998).

Post- Hearing Questions on the Federal Deposit Insurance
Corporation's Year 2000 (Y2K) Preparedness (AIMD- 98- 108R, March
18, 1998).

SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/ GGD/ AIMD- 98- 51, March 6, 1998).

Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998).

Year 2000 Computing Crisis: Federal Deposit Insurance
Corporation's Efforts to Ensure Bank Systems Are Year 2000
Compliant (GAO/T-AIMD-98-73, February 10, 1998).

Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent
Systems Failures (GAO/T-AIMD-98-63, February 4, 1998).

FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).

Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998). Year 2000 Computing
Crisis: Actions Needed to Address Credit Union Systems' Year 2000
Problem (GAO/AIMD-98-48, January 7, 1998).

Veterans Health Administration Facility Systems: Some Progress
Made In Ensuring Year 2000 Compliance, But Challenges Remain
(GAO/AIMD-98-31R, November 7, 1997).

Year 2000 Computing Crisis: National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-20, October 22, 1997).

Social Security Administration: Significant Progress Made in Year
2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22,
1997).

Defense Computers: Technical Support Is Key to Naval Supply Year
2000 Success (GAO/AIMD-98-7R, October 21, 1997).

Defense Computers: LSSC Needs to Confront Significant Year 2000
Issues (GAO/AIMD-97-149, September 26, 1997). Veterans Affairs
Computer Systems: Action Underway Yet Much Work Remains To Resolve
Year 2000 Crisis (GAO/T-AIMD-97-174, September 25, 1997).

Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach (GAO/T-AIMD-97-173, September 25, 1997).

Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD-
10.1.14, September 1997).

Defense Computers: SSG Needs to Sustain Year 2000 Progress
(GAO/AIMD-97-120R, August 19, 1997). Defense Computers:
Improvements to DOD Systems Inventory Needed for Year 2000 Effort
(GAO/AIMD-97-112, August 13, 1997).

Defense Computers: Issues Confronting DLA in Addressing Year 2000
Problems (GAO/AIMD-97-106, August 12, 1997).

Defense Computers: DFAS Faces Challenges in Solving the Year 2000
Problem (GAO/AIMD-97-117, August 11, 1997).

Year 2000 Computing Crisis: Time is Running Out for Federal
Agencies to Prepare for the New Millennium (GAO/T-AIMD-97-129,
July 10, 1997).

Veterans Benefits Computer Systems: Uninterrupted Delivery of
Benefits Depends on Timely Correction of Year- 2000 Problems
(GAO/T-AIMD-97-114, June 26, 1997).

Veterans Benefits Computer Systems: Risks of VBA's Year- 2000
Efforts (GAO/AIMD-97-79, May 30, 1997). Medicare Transaction
System: Success Depends Upon Correcting Critical Managerial and
Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).

Medicare Transaction System: Serious Managerial and Technical
Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16,
1997).

Year 2000 Computing Crisis: Risk of Serious Disruption to
Essential Government Functions Calls for Agency Action Now (GAO/T-
AIMD-97-52, February 27, 1997).

Year 2000 Computing Crisis: Strong Leadership Today Needed To
Prevent Future Disruption of Government Services (GAO/T-AIMD-97-
51, February 24, 1997).

High- Risk Series: Information Management and Technology (GAO/HR-
97-9, February 1997).

GAO United States General Accounting Office

GAO/T-AIMD-99-234

Page 1 GAO/T-AIMD-99-234

Let t er

Page 2 GAO/T-AIMD-99-234

Let t er

Page 3 GAO/T-AIMD-99-234

Page 4 GAO/T-AIMD-99-234

Page 5 GAO/T-AIMD-99-234

Page 6 GAO/T-AIMD-99-234

Page 7 GAO/T-AIMD-99-234

Page 8 GAO/T-AIMD-99-234

Page 9 GAO/T-AIMD-99-234

Page 10 GAO/T-AIMD-99-234

Page 11 GAO/T-AIMD-99-234

Page 12 GAO/T-AIMD-99-234

Page 13 GAO/T-AIMD-99-234

Page 14 GAO/T-AIMD-99-234

Page 15 GAO/T-AIMD-99-234

Page 16 GAO/T-AIMD-99-234

Page 17 GAO/T-AIMD-99-234

Page 18 GAO/T-AIMD-99-234

Page 19 GAO/T-AIMD-99-234

Page 20 GAO/T-AIMD-99-234

Page 21 GAO/T-AIMD-99-234

Page 22 GAO/T-AIMD-99-234

Page 23 GAO/T-AIMD-99-234

Page 24 GAO/T-AIMD-99-234

Page 25 GAO/T-AIMD-99-234

Page 26 GAO/T-AIMD-99-234

Page 27 GAO/T-AIMD-99-234

Page 28 GAO/T-AIMD-99-234

Page 29 GAO/T-AIMD-99-234

Page 30 GAO/T-AIMD-99-234

Appendix I

Appendix I Federal High- Impact Programs and Lead Agencies

Page 31 GAO/T-AIMD-99-234

Page 32 GAO/T-AIMD-99-234

Let t er

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 33
GAO/T-AIMD-99-234

Let t er

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 34
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 35
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 36
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 37
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 38
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 39
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 40
GAO/T-AIMD-99-234

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 41
GAO/T-AIMD-99-234

(511773) Let t er

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary,
VISA and

MasterCard credit cards are accepted, also. Orders for 100 or more
copies to be mailed to a single address are discounted 25 percent.

Orders by mail: U. S. General Accounting Office P. O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512- 6000 or by using
fax number (202) 512- 6061, or TDD (202) 512- 2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512- 6000 using a
touchtone phone. A recorded menu will provide information on how
to obtain these lists. For information on how to access GAO
reports on the INTERNET, send an e- mail message with info in the
body to:

info@ www. gao. gov or visit GAO's World Wide Web Home Page at:
http:// www. gao. gov

United States General Accounting Office Washington, D. C. 20548-
0001

Official Business Penalty for Private Use $300

Address Correction Requested Bulk Mail

Postage & Fees Paid GAO Permit No. GI00

*** End of document. ***