Year 2000 Computing Crisis: Strong Leadership Today Needed To Prevent
Future Disruption of Government Services (Testimony, 02/24/97,
GAO/T-AIMD-97-51).

GAO discussed the potential serious disruption to critical government
functions and services that may result from the upcoming change of
century, focusing on the steps agencies can take to reduce the risk of
year 2000 computer system failures by making their systems year
2000-compliant.

GAO noted that: (1) if not modified, computer systems or applications
that use dates or perform date- or time-sensitive calculations may
generate incorrect results beyond 1999; (2) every government program
that provides benefits in any way is subject to these problems; (3)
correcting the problem will be labor-intensive and time-consuming and
must be done while systems continue to operate; (4) every federal agency
is at risk of system failures; (5) agencies must begin to address this
challenge now, if they have not already started; (6) whether agencies
succeed or fail will be largely influenced by the quality of executive
leadership and program management; (7) it will be imperative for top
agency management, including the agency head and the chief information
officer, to not only be fully aware of the importance of this
undertaking, but to communicate this awareness and urgency to all agency
personnel in such a way that everyone understands why year 2000
compliance is so important; (8) an agency's ability to successfully
manage its year 2000 program will also depend on the degree to which the
agency has institutionalized key systems development and program
management practices, and on its experience in managing large-scale
software conversion or systems development efforts; (9) to carry out
their year 2000 programs, agencies likewise need to assess their
information resources management capabilities and, if necessary, upgrade
them; (10) GAO has developed a guide that constitutes a framework that
agencies can use to assess their readiness to achieve year 2000
compliance; (11) it provides information on the scope of the challenge
and offers a structured, step-by-step approach for reviewing the
adequacy of agency planning and management of its year 2000 program;
(12) phase 1, awareness, encompasses problem definition and executive
support and sponsorship during which the year 2000 team is assembled and
an overall strategy developed; (13) in phase 2, assessment, the impact
of the century change on the organization is examined, and core business
processes are identified; (14) phase 3 is renovation, in which technical
systems elements are converted or replaced; (15) in phase 4, validation,
replaced elements are thoroughly tested, as is overall performance; (16)
finally, phase 5 is implementation where new elements are integrated as
part of the system; (17) the year 2000 program should be planned and ma*

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-97-51
     TITLE:  Year 2000 Computing Crisis: Strong Leadership Today Needed 
             To Prevent Future Disruption of Government Services
      DATE:  02/24/97
   SUBJECT:  Systems conversions
             Federal agency accounting systems
             Financial management systems
             Computer software verification and validation
             Application software
             Computer equipment management
             Strategic information systems planning
             Information resources management
             Systems evaluation

             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Before the Subcommittee on Government Management, Information and
Technology, Committee on Government Reform and Oversight, House of
Representatives

For Release on Delivery
Expected at
10 a.m.
Monday,
February 24, 1997

YEAR 2000 COMPUTING CRISIS -
STRONG LEADERSHIP TODAY NEEDED TO
PREVENT FUTURE DISRUPTION OF
GOVERNMENT SERVICES

Statement of Joel C.  Willemssen
Director, Information Resources Management
Accounting and Information Management Division

GAO/T-AIMD-97-51

GAO/AIMD-97-51T


(511415)


Abbreviations
=============================================================== ABBREV

  CIO - Chief Information Officer
  IRM - information resources management

============================================================ Chapter 0

Mr.  Chairman and Members of the Subcommittee: 

I know that you are understandably concerned about the potential
serious disruption to critical government functions and services that
may result from the upcoming change of century.  The year 2000
computing problem has received a great deal of attention, deservedly
so, in large part thanks to the pioneering work by this subcommittee
examining the potential impact of this issue on federal agencies. 

As you know, this area has recently been added to our list of
high-risk issues because of its potential for widespread adverse
impact on government operations.  There is much that needs to be done
if the federal government is to avoid the disruption of important
services on which millions of Americans depend--and, fortunately,
much that we can do.  I am pleased to share with you today
information gathered from numerous sources about the steps agencies
can take to reduce the risk of year 2000 computer system failures by
making their systems what is called year 2000-compliant. 

Let me begin by very briefly summarizing the problem.  For the past
several decades, systems have typically used two digits to represent
the year, such as "97" for 1997, in order to conserve electronic data
storage and reduce operating costs.  In this format, however, 2000 is
indistinguishable from 1900 because both are represented as "00." As
a result, if not modified, computer systems or applications that use
dates or perform date- or time-sensitive calculations may generate
incorrect results beyond 1999. 

Who could be affected?  Virtually every citizen.  Every government
program that provides benefits in any way is subject to these
problems, from social security and veterans' benefits to student
loans and subsidized housing.  This is not simply a government issue,
it is something that will touch us all. 

Mr.  Chairman, correcting the problem, in government as in the
private sector, will be labor-intensive and time-consuming--and must
be done while systems continue to operate.  Many of the federal
government's computer systems were originally designed and developed
20 to 25 years ago, are poorly documented, and use a wide variety of
computer languages--many of which are old or obsolete.  The systems
consist of tens or hundreds of computer programs, each with
thousands, tens of thousands, or even millions of lines of code,
which must be examined for date format problems.  In addition, the
systems have numerous components--hardware, operating systems,
communications applications, and database software--that are affected
by the date problem. 

Make no mistake:  Every federal agency is at risk of system failures. 
Modifying systems will be a massive undertaking, and agencies must
begin to address this challenge now--if they have not already
started. 

Ironically, perhaps, the enormous challenge involved in achieving
year 2000 compliance is not technical; it is, rather, managerial. 
Whether agencies succeed or fail will be largely influenced by the
quality of executive leadership and program management.  Executive
leadership sets the tone; program management makes it happen.  It
will be imperative for top agency management--including the agency
head and the chief information officer, or CIO--to not only be fully
aware of the importance of this undertaking, but to communicate this
awareness and urgency to all agency personnel in such a way that
everyone understands why year 2000 compliance is so important. 

An agency's ability to successfully manage its year 2000 program will
also depend on the degree to which the agency has institutionalized
key systems development and program management practices, and on its
experience in managing large-scale software conversion or systems
development efforts.  GAO has reported on numerous occasions that
agencies need to address and improve their management of information
technology.  Accordingly, to carry out their year 2000 programs,
agencies likewise need to assess their information resources
management, or IRM, capabilities and, if necessary, upgrade them.  In
this process agencies should also consider soliciting assistance from
organizations experienced in managing major software conversions. 

Mr.  Chairman, GAO has developed a guide that constitutes a framework
that agencies can use to assess their readiness to achieve year 2000
compliance.  It provides information on the scope of the challenge
and offers a structured, step-by-step approach for reviewing the
adequacy of agency planning and management of its year 2000 program. 
The guide draws heavily on the work of the Best Practices
Subcommittee of the Interagency Year 2000 Committee and incorporates
guidance and practices identified by leading information technology
organizations.  An exposure draft of this guide is being released at
this hearing today. 

The guide is divided into five sections that correspond with the five
phases that we see representing a year 2000 program.  Most of the
remainder of my statement today will discuss the substance of these
five phases:  awareness, assessment, renovation, validation, and
implementation.  Let me first describe each in broad terms. 
(Attached are illustrations of both the year 2000 program phases, and
a timeline showing the important milestones from awareness through
implementation.)

Phase 1, AWARENESS, encompasses problem definition and executive
support and sponsorship; the year 2000 team is assembled and an
overall strategy developed.  In phase 2, ASSESSMENT, the impact of
the century change on the organization is examined, and core business
processes are identified.  Phase 3 is RENOVATION, in which technical
system elements are converted or replaced.  In phase 4, VALIDATION,
replaced elements are thoroughly tested, as is overall performance. 
Finally, phase 5 is IMPLEMENTATION:  New elements are integrated as
part of the system. 

It must be remembered that management of the overall year 2000
program and its individual projects is ongoing, throughout all
phases.  The year 2000 program should be planned and managed as a
single, large information-systems project.  Along with planned
monitoring, policies and procedures that must be in place include
quality assurance, risk management, scheduling and tracking, and
budgeting. 

At this time, Mr.  Chairman, I'd like to highlight in more detail the
main points in each of the five phases. 


   AWARENESS
---------------------------------------------------------- Chapter 0:1

As mentioned earlier while discussing executive leadership, awareness
is a critical first step.  Many people who may have heard something
about a year 2000 computer problem do not yet fully understand what
it's about and why it matters.  For agency personnel, this is
imperative.  This is also the phase in which an organization within
the agency is identified to take the lead in correcting the problem. 
The CIO, in concert with the project teams, must select a workable
approach to the problem, examine the existing IRM infrastructure, and
obtain needed resources. 

More specifically, during this phase, agencies should focus their
energies on defining the year 2000 problem and its potential impact,
assessing the adequacy of program management capabilities, developing
a strategy, establishing an executive management council, appointing
a program manager, and establishing a program office. 


   ASSESSMENT
---------------------------------------------------------- Chapter 0:2

The main thrust of assessment is separating the mission-critical
systems--which must be converted or replaced--from important ones
that should be converted or replaced and marginal ones that may be
addressed now or deferred.  It is important to remember that the year
2000 problem is primarily a business problem, not just an issue of
information technology.  This is why it is essential to assess the
impact of potential year 2000-induced system failures on core
business functions and mission-critical processes. 

To determine specifically what must be done and when, agencies should
inventory their information systems in each business area, assign
priority to individual systems, establish project teams for business
areas and major systems, and develop a program plan.  Agencies should
also develop validation strategies and testing plans, identify and
acquire tools, and develop contingency plans.  Assessments also need
to include other systems that affect the business, such as telephone
switching systems. 


   RENOVATION
---------------------------------------------------------- Chapter 0:3

This phase deals with making actual changes, whether eliminating,
converting, or replacing hardware and software, and documenting those
changes.  In all cases, it will be important to consider the complex
interdependencies among systems and applications.  All changes also
need to be consistent agencywide, and information about changes
clearly disseminated to users. 

In addition to the conversion of selected applications and related
system components, agencies must address data exchange issues,
document code and system changes, and track and measure renovation
processes. 


   VALIDATION
---------------------------------------------------------- Chapter 0:4

The validation phase may well take agencies over a year to complete,
and consume up to half of the year 2000 program's budget and
resources.  This is due to the complex interrelationships among
scores of applications, databases, and operating systems.  Yet this
is precisely why the testing and validation are so essential:  It is
the only way to ensure that changes expected to work do in fact work. 
It will be important for agencies to satisfy themselves that their
testing procedures are indeed up to this challenge, that their
results can be trusted. 

During this phase, agencies should develop and document test plans
and schedules; develop a strategy for managing testing of
contractor-converted systems; implement a year 2000 test facility;
perform system testing; and define, collect, and use test
measurements for managing the validation process. 


   IMPLEMENTATION
---------------------------------------------------------- Chapter 0:5

Implementing year 2000-compliant systems and their components
requires extensive integration and acceptance testing to ensure that
all components perform as needed in a heterogeneous operating
environment.  In addition, since not all components will be converted
or replaced simultaneously, agencies may for a time operate with a
mix of year 2000-compliant and noncompliant systems.  To reduce risk
as systems are converted or replaced, it may be wise for agencies to
operate in a parallel processing mode for a period for selected
systems--using the old and new systems side-by-side
simultaneously--so that this redundancy may act as a fail-safe
mechanism until it is clear that all changed systems are operating
correctly. 

During this phase, agencies must also define the transition
environment and procedures, develop an implementation schedule,
resolve interagency and data exchange concerns, address database
questions, complete acceptance testing, develop contingency plans,
and update or develop disaster recovery plans. 

In closing, Mr.  Chairman, I'd like to reiterate that while the year
2000 problem is serious and could well become a crisis for any
organization--public or private--that fails to take its demands
seriously, it is correctable.  It will take long, hard effort, but it
can--and must--be done.  There is much that can be done, and the time
is now. 


-------------------------------------------------------- Chapter 0:5.1

This concludes my statement, Mr.  Chairman.  I'd be pleased to
respond to any questions you or other members of the Subcommittee may
have at this time. 


YEAR 2000 PROGRAM PHASES
=========================================================== Appendix I



   (See figure in printed
   edition.)


YEAR 2000 MILESTONES
========================================================== Appendix II


*** End of document. ***