-------------------------Indexing Terms------------------------- 
REPORTNUM:   T-AIMD-98-302		

TITLE:     Year 2000 Computing Crisis: Significant Risks Remain 
to Department of Education's Student

DATE:   09/17/1998 
				                                                                         
-----------------------------------------------------------------

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Before the Subcommittee on Oversight and Investigations, Committee on
Education and the Workforce, House of Representatives

For Release on Delivery
Expected at
10 a.m.
Thursday,
September 17, 1998

YEAR 2000 COMPUTING CRISIS -
SIGNIFICANT RISKS REMAIN TO
DEPARTMENT OF EDUCATION'S STUDENT
FINANCIAL AID SYSTEMS

Statement of Joel C.  Willemssen
Director, Civil Agencies Information Systems
Accounting and Information Management Division

GAO/T-AIMD-98-302

GAO/AIMD-98-302T


(511230)


Abbreviations
=============================================================== ABBREV

  DFAS -
  DLA -
  DOD -
  EFT99 -
  FDLP -
  FAA -
  FFELP -
  IRS -
  LSSC -
  NRC -
  OMB -
  OPE -
  SEC -
  SSG -
  USDA -
  VBA -
  Y2K -

============================================================ Chapter 0

Mr.  Chairman and Members of the Subcommittee: 

We are pleased to testify before you today on the status of the
Department of Education's efforts to ensure that its computer systems
supporting critical student financial aid activities will be able to
process information reliably after December 31, 1999.  The Year 2000
(Y2K) computing crisis has received much attention in recent
months--and deservedly so.  Virtually every organization, public and
private, that uses computers is at risk.\1 My statement today will
describe the risks to the Department of Education, with a focus on
student financial aid systems, actions the department has taken in
recent months to address these risks, and key issues the department
must deal with if its systems are to be ready for the century change: 
testing of systems, exchanging data with internal and external
partners, and developing business continuity and contingency plans. 

In brief, Education faces major risks that Year 2000 failures could
severely disrupt the student financial aid delivery process,
including delaying disbursements and application processing. 
Further, because of systems interdependencies, repercussions from
Year 2000-related problems could be felt throughout the student
financial aid community--a network including students, institutions
of higher education, financial organizations, and other government
agencies.  The department was very slow in implementing a
comprehensive Year 2000 program to address these risks--basic
awareness and assessment tasks were not completed until recently. 
Education is now accelerating its program, but with the slow start,
it remains in a position of playing catch up.  Accordingly, the
department has major challenges ahead but limited time remaining to
adequately deal with them.  Therefore, it must also focus on
developing appropriate contingency plans to ensure business
continuity in the event of key systems failures. 


--------------------
\1 For the past several decades, computer systems have typically used
two digits to represent the year, such as "98" for 1998, in order to
conserve electronic data storage and reduce operating costs.  In this
format, however, 2000 is indistinguishable from 1900 because both are
represented as "00." As a result, if not modified, systems or
applications that use dates or perform date- or time-sensitive
calculations may generate incorrect results beyond 1999. 


   OUR NATION'S YEAR 2000 RISKS
   ARE HIGH
---------------------------------------------------------- Chapter 0:1

Before I go into detail regarding the Department of Education's Year
2000 challenges, I would like to first discuss the Year 2000 issue in
broader terms to put the department's efforts into perspective.  As
the world's most advanced and most dependent user of information
technology, the United States possesses close to half of all computer
capacity and 60 percent of Internet assets.\2 Consequently, the
upcoming change of century is a sweeping and urgent challenge for
public-sector and private-sector organizations alike. 

For this reason we have designated the Year 2000 computing problem as
a high-risk area\3

for the federal government, and have published guidance\4 to help
organizations successfully address the issue.  To date, we have
issued over 60 reports and testimony statements detailing specific
findings and recommendations related to the Year 2000 readiness of a
wide range of federal agencies.\5 Our reviews of federal Year 2000
programs have found uneven progress, and our reports contain numerous
recommendations, which the agencies have almost universally agreed to
implement.  Among them are the need to establish priorities, solidify
data exchange agreements, and develop contingency plans.  While
progress has been made in addressing the federal government's Year
2000 readiness, serious vulnerabilities remain and many agencies are
behind schedule. 


--------------------
\2 Critical Foundations:  Protecting America's Infrastructures
(President's Commission on Critical Infrastructure Protection,
October 1997). 

\3 High-Risk Series:  Information Management and Technology
(GAO/HR-97-9, February 1997). 

\4 Year 2000 Computing Crisis:  An Assessment Guide
(GAO/AIMD-10.1.14, September 1997), which addresses the key tasks
needed to complete each phase of a Year 2000 program (awareness,
assessment, renovation, validation, and implementation); Year 2000
Computing Crisis:  Business Continuity and Contingency Planning
(GAO/AIMD-10.1.19, August 1998), which describes the tasks needed to
ensure the continuity of agency operations; and Year 2000 Computing
Crisis:  A Testing Guide (GAO/AIMD-10.1.21, Exposure Draft, June
1998), which discusses the need to plan and conduct Year 2000 tests
in a structured and disciplined fashion. 

\5 A listing of our publications is included as an attachment to this
statement. 


   EDUCATION'S MISSION RELIES ON
   INFORMATION SYSTEMS
---------------------------------------------------------- Chapter 0:2

The Department of Education's mission is to ensure equal access to
education and to promote educational excellence throughout the
nation.  To carry out this mission, it works with states, schools,
communities, institutions of higher education, and financial
institutions by providing

  -- grants to education agencies and institutions to strengthen
     teaching and learning;

  -- student loans and grants to help pay the costs of postsecondary
     education;

  -- grants for literacy, employment, and self-sufficiency training
     for adults;

  -- enforcement of civil rights laws to ensure nondiscrimination by
     recipients of federal education funds; and

  -- support for research, development, evaluation, and dissemination
     of information to improve educational quality and effectiveness. 

The largest single federal elementary and secondary education grant
program is title I of the Elementary and Secondary Education Act. 
This program serves educationally disadvantaged children through
program-specific grants.  The fiscal year 1997 appropriation for the
disadvantaged was $7.3 billion. 

Student financial aid programs are administered by Education's Office
of Postsecondary Education (OPE) under title IV of the Higher
Education Act of 1965, as amended.  The department is responsible for
the collection of more than $150 billion in outstanding loans, and
its data systems track approximately 93 million student loans and 15
million grants.  Four major types of student aid are currently in
use:  the Federal Family Education Loan Program (FFELP),\6 the
Federal Direct Loan Program (FDLP), the Federal Pell Grant Program,
and campus-based programs.\7 These programs together will make
available about $51 billion to about 9 million students during the
1999-2000 academic year. 

FFELP and FDLP are the two largest postsecondary student loan
programs, and Pell is the largest postsecondary grant program.  FFELP
provides student loans, through private lending institutions, that
are guaranteed against default by some 36 guaranty agencies\8

and insured by the federal government, while FDLP provides student
loans directly from the federal government.  Pell provides grants to
disadvantaged students. 

In many ways, Education's student financial aid delivery system is
similar to functions performed in the banking industry, such as
making loans, reporting account status, and collecting payments.  As
with the banks, the department faces a serious and complex challenge
with the Year 2000 problem because of its heavy reliance on
technology.  The department currently maintains 11 major systems for
administering student financial aid programs.  These systems were
developed independently over time by multiple contractors in response
to new functions, programs, or mandates, resulting in a complex,
highly heterogeneous systems environment.\9 The systems range from
legacy mainframes, several originally developed over 15 years ago, to
recently developed client-server environments.\10 The fiscal year
1998 budget to develop, operate, and maintain these systems is $311
million, and is expected to increase to $378 million in fiscal year
1999. 


--------------------
\6 FFELP was formerly the Guaranteed and Stafford Student Loan
programs. 

\7 The campus-based programs include the Federal Work-Study Program,
the Federal Perkins Loan Program, and the Federal Supplemental
Educational Opportunity Grant Program. 

\8 State and private nonprofit guaranty agencies act as agents of the
federal government, providing a variety of services, including
payment of defaulted claims, collection of some defaulted loans,
default-avoidance activities, and counseling to schools and students. 

\9 Student Financial Aid Information:  Systems Architecture Needed to
Improve Programs' Efficiency (GAO/AIMD-97-122, July 29, 1997). 

\10 In a client-server environment, individual workstations (the
client) and shared processors (the server) cooperate over a network
to complete tasks. 


   EDUCATION'S RISKS REQUIRE
   STRONG MANAGEMENT APPROACH
---------------------------------------------------------- Chapter 0:3

According to Education's own assessments of the severity of Year 2000
failures, the student financial aid delivery process could experience
major problems unless all systems are compliant in time.  These
include

  -- delays in disbursements, such that lenders might not receive
     timely interest and allowance payments, if external data
     exchanges fail;

  -- reduction in the department's ability to transfer payments,
     process applications for program benefits, or monitor program
     operations;

  -- risks that student financial aid programs may not function
     properly if they do not receive critical data for originating
     loans and for reporting payments and financial information; and

  -- risks that postsecondary education students may lack the ability
     to verify the current status of their loans or grants. 

To overcome these types of risks, Education must implement effective
Year 2000 programs.  An effective Year 2000 program requires the
disciplined, coordinated application of scarce resources to an
agencywide system conversion that must be completed by a fixed date,
and an understanding of the wide range of dependencies among
information systems. 

An organization can mitigate its risk of Year 2000 complications
through a structured approach and rigorous program management.  One
generally accepted approach, presented in our Year 2000 Computing
Crisis:  An Assessment Guide (GAO/AIMD-10.1.14), has five phases: 

  -- awareness -- defining the problem and gaining executive-level
     support;

  -- assessment -- inventorying and analyzing systems, and
     prioritizing their conversion or replacement;

  -- renovation -- converting, replacing, or eliminating selected
     systems;

  -- validation -- ensuring that all converted or replaced systems
     and interfaces will work in an operational environment; and

  -- implementation -- deploying Year 2000-compliant systems and
     components, and implementing contingency plans, if necessary. 


   EDUCATION'S YEAR 2000 PROGRAM
   STARTED VERY SLOWLY
---------------------------------------------------------- Chapter 0:4

Education was very slow to establish a comprehensive, timely Year
2000 program.  One key factor contributing to this delay was the
instability of the department's Year 2000 project manager position,
which suffered continual turnover.  The department initially
established the position in February 1995 to provide oversight and
guidance to Education's Year 2000 activities.  During the 19-month
tenure of the first project manager, a high-level Year 2000 briefing
document (dated May 1996) was developed in response to a request from
a congressional committee.  At that time, Education estimated that it
would complete a Year 2000 program strategy document and
corresponding management plan by August 1996.  However, no strategy
document or management plan was developed, either by that deadline or
during the 14-month tenure of the second project manager, which ended
in September 1997. 

The third Year 2000 project manager, who spent only 3 months in the
position, contracted with consultants to assist the department in
developing a draft Year 2000 management plan.  The fourth manager,
during his 4-month tenure, initiated many awareness and assessment
activities.  Finally, the fifth project manager was assigned on March
30 of this year, and has continued the progress started by her
predecessor. 

The frequency of turnover in project managers delayed Education in
completing basic awareness activities.  These activities included
dedicating staff to the Year 2000 effort, communicating with data
exchange partners, holding regular steering committee meetings, and
developing a management plan.  Project office staff to help the
department coordinate Year 2000 activities were not assigned until
December 1997, when the fourth project manager was appointed.  In
addition, while a draft management plan was distributed for comment
in mid-November 1997, it was not made final until April of this year. 

Education experienced a corresponding delay with basic assessment
activities, which it did not report as completed until this past
March--about 9 months after the Office of Management and Budget (OMB)
milestone.  These assessment activities included conducting an
enterprisewide inventory of information systems and data interfaces,
assessing and prioritizing systems, establishing Year 2000 project
teams for business areas and major systems, and initiating
contingency planning. 

   Figure 1:  Education's Year
   2000 Cost Estimate, May 1996
   Through August 14, 1998

   (See figure in printed
   edition.)

Source:  Department of Education. 

Concurrent with its slowness in completing its assessment,
Education's estimated costs have fluctuated widely.  The initial cost
estimate in May 1996 was $60 million,\11 which decreased dramatically
to $7 million in February 1997 but then rose again in February 1998
with an estimate of $23 million.  Last month, the cost estimate
increased further, to $38 million, as Education continued renovating
and testing its systems.  Prior to February 1998, little
documentation existed supporting how these estimates were derived. 
Figure 1 highlights the wide variation in cost estimates over the
past 2 years. 


--------------------
\11 The $60 million cost estimate was not changed until February
1997.  For our analysis, we assumed the cost estimate remained
constant. 


   EDUCATION HAS RECENTLY
   ACCELERATED ITS PROGRESS
---------------------------------------------------------- Chapter 0:5

With its slow start, Education has been playing catch up and working
to accelerate its progress.  Management staff have regular meetings
to discuss progress on Year 2000 compliance, and principal office
staff meet biweekly to discuss progress on individual
mission-critical systems.  The biweekly meetings include Education
staff responsible for the particular system; the system contractor;
Year 2000 program office staff; and contractor staff responsible for
independently verifying and validating renovation, validation, and
implementation activities.  According to department officials, Year
2000 compliance has also now been given top priority in terms of
in-house resources. 

Education's Year 2000 management plan established the Year 2000
project manager as the focal point for monitoring progress, providing
support, and directing the plan.  The project manager works with the
program offices, which are responsible for assessing and renovating
their systems, as well as tracking and reporting progress on
compliance activities.  Senior leadership of each program office is
responsible for providing adequate support to its Year 2000 tasks and
ensuring that Year 2000 compliance is achieved. 

The Department of Education has reported to OMB that it has 14
mission-critical systems, of which 11 are student financial aid
systems.  Table 1 summarizes the Year 2000 status of each
mission-critical system as of this month.  In brief, according to the
department's September 10, 1998, report, four mission-critical
systems have been implemented and are in operation, one is in the
process of being implemented, five systems are being validated, and
the remaining four are still being renovated. 



                                Table 1
                
                Reported Year 2000 Compliance Status of
                  Education's Mission-Critical Systems

              Current          Estimated
System        status            Y2K cost  (Estimated) completion
------------  ------------  ------------  ----------------------------
Student financial aid systems
----------------------------------------------------------------------
Campus        Implemented      $ 196,426  Assessment: 02/97
Based                                     Renovation: 01/98
System                                    Validation: 06/98
                                          Implementation: 06/98

Central       In               4,000,000  Assessment: 02/98
Processing    validation                  Renovation: 06/98
System                                    Validation: (01/99)
                                          Implementation: (01/99)

Direct Loan   In             Included in  Assessment: 02/98
Central       validation     Direct Loan  Renovation: (09/98)\a
Database                       Servicing  Validation: (09/98)
                                  System  Implementation: (10/98)

Direct Loan   Implemented        877,106  Assessment: 03/98
Origination                               Renovation: 06/98\a
System                                    Validation: 06/98
                                          Implementation: 08/98

Direct Loan   In               3,601,281  Assessment: 02/98
Servicing     validation                  Renovation: (09/98)\a
System                                    Validation: (09/98)
                                          Implementation: (10/98)

Federal       In               4,400,933  Assessment: 10/97
Family        renovation                  Renovation: (09/98)
Education                                 Validation: (01/99)
Loan System                               Implementation: (03/99)

Multiple      In               1,439,935  Assessment:03/98
Data Entry    renovation                  Renovation: (09/98)
System                                    Validation: (12/98)
                                          Implementation: (01/99)

National      In               1,066,639  Assessment: 11/97
Student       validation                  Renovation: 08/98
Loan                                      Validation: (09/98)
Data System                               Implementation: (10/98)

Postsecondar  Implemented        500,000  Assessment: 10/97
y Education                               Renovation: 06/98\a
Participants                              Validation: 06/98
System                                    Implementation: 07/98

Pell Grant    In               2,091,851  Assessment: 03/98
Recipient     renovation                  Renovation: (12/98)
Financial                                 Validation: (12/98)
Mgmt System                               Implementation: (12/98)

Title IV      In               1,005,000  Assessment: 03/98
Wide Area     validation                  Renovation: 05/98
Network                                   Validation: (10/98)
                                          Implementation: (10/98)


Other mission-critical systems
----------------------------------------------------------------------
Education's   Implemented         90,000  Assessment: 06/98
Central                                   Renovation: 06/98\b
Automated                                 Validation: 06/98
Processing                                Implementation: 08/98
System

Education's   In               2,388,557  Assessment: 12/97
Local Area    renovation                  Renovation: (11/98)
Network                                   Validation: (12/98)
                                          Implementation: (01/99)

Impact Aid    In                  47,304  Assessment: 06/98
System        implementati                Renovation: 06/98\b
              on                          Validation: 06/98
                                          Implementation: (09/98)
----------------------------------------------------------------------
\a System was initially certified as compliant and not considered to
be in need of remediation; however, corrections were made as the
system was validated.  As a result, renovation and validation dates
are the same. 

\b This is a replacement for a retired system and therefore was not
assessed or renovated. 

Source:  Department of Education.  We did not independently verify
this information. 


   KEY ISSUES REMAIN THAT THREATEN
   EDUCATION'S DELIVERY OF STUDENT
   FINANCIAL AID
---------------------------------------------------------- Chapter 0:6

While there has been recent progress, the Department of Education
must mitigate critical risks that affect its ability to award and
track billions of dollars in student financial aid.  Specifically,
the department must address the need for adequate testing, the
renovation and testing of data exchanges, and the development of
business continuity and contingency plans.  Unless these issues are
effectively addressed, the ability of the department to deliver
financial aid to students will be compromised. 


      LIMITED TIME AVAILABLE FOR
      TESTING EDUCATION'S
      MISSION-CRITICAL SYSTEMS
-------------------------------------------------------- Chapter 0:6.1

Complete and thorough Year 2000 testing is essential to providing
reasonable assurance that new or modified systems process dates
correctly and will not jeopardize an organization's ability to
perform core business operations after the turn of the century. 
Moreover, since the Year 2000 computing problem is so pervasive, the
requisite testing is generally extensive and expensive.  Experience
shows that Year 2000 testing is consuming between 50 and 70 percent
of a project's time and resources. 

Agencies must not only test Year 2000 compliance of individual
applications, but also the complex interactions among numerous
converted or replaced computer platforms, operating systems,
utilities, applications, databases, and interfaces.  It is also
important to work early and continually with an organization's data
exchange partners so that end-to-end testing can be effectively
planned and executed.  The Society for Information Management Year
2000 Working Group has noted that because many enterprises do not
have experience with testing at this order of magnitude, the results
will often be significant cost overruns and missed commitments. 
Indeed, for Education, the task ahead is formidable--it requires a
cooperative, coordinated, and thorough testing process across the
disparate systems in the student financial aid delivery network. 

Because of Education's late start and the compression of its Year
2000 compliance schedule to meet the OMB deadline (mission-critical
systems to be implemented by March 31, 1999), time available for key
testing activities within the renovation, validation, and
implementation phases for individual mission-critical systems is
limited.  In fact, in some cases, the schedule for Education's
mission-critical systems has less time allocated for the renovation
and validation phases than was spent on assessment.  These are large,
often complex systems encompassing hundreds of thousands and, in some
cases, millions of lines of software code.  Accordingly, the limited
amount of time available raises concerns about Education's ability to
complete essential testing in time. 

Department officials have acknowledged that completing testing
activities within schedule will be difficult.  Indeed, the schedule
constraints placed on test activities for individual systems have
already been shown to be unrealistic in several cases.  For example,
the schedule for 7 of the 14 mission-critical systems has recently
been extended to allow more time for testing. 

Beyond the testing of individual mission-critical systems, Education
will also have to devote a significant amount of time to end-to-end
testing of its mission-critical business processes and supporting
systems, such as those associated with student financial aid
delivery.  According to Education officials, the department plans to
conduct such testing between January and March 1999, after all
individual mission-critical systems have been certified as Year 2000
compliant.  Tentatively from April to September 1999, external data
exchange partners will have time periods available for testing their
interfaces.  However, no detailed plans currently exist for this
testing.  Education officials stated that they are working on these
plans and intend to have them completed shortly, pending discussion
with the student financial aid community. 


      DATA EXCHANGES ARE CRITICAL
-------------------------------------------------------- Chapter 0:6.2

As 2000 approaches, organizations must be diligent in implementing
measures to ensure that exchanging data across systems compromises
neither the systems nor the data.  Conflicting data exchange formats
or data processed on noncompliant systems could introduce and
propagate errors from one system to another.  To mitigate this risk,
organizations must inventory and assess their data exchanges, reach
agreements with data exchange partners on how data will be exchanged,
test and implement data exchange formats, develop and test bridges
and filters to handle nonconforming data, and develop contingency
plans in the event of failure. 

Education's student financial aid data exchange environment is
massive and complex.  It includes about 7,500 schools, 6,500 lenders,
and 36 guaranty agencies, as well as other federal agencies.  Figure
2 provides an overview of this environment. 

To address its data exchanges with schools, lenders, and guaranty
agencies, Education has dictated how the data that these entities
provide to the department should be formatted.  Education handles
this in one of two ways:  it either provides software to the entity,
such as EDExpress (which specifies the format--including dates--for
data exchanges), or provides the technical specifications for the
entity to use in developing the necessary interface. 

   Figure 2:  Education's Student
   Financial Aid Data Exchange
   Environment

   (See figure in printed
   edition.)

Source:  Department of Education. 

Education has followed up on this approach with its data exchange
partners by (1) developing memorandums of understanding with each
guaranty agency and federal agency and (2) conducting outreach on
Year 2000 awareness with schools.  Regarding its outreach to schools,
Education has shared information through memoranda (i.e., "Dear
Colleague" letters), presentations at conferences and training
sessions, and over the Internet.  The "Dear Colleague" letters
provide an overview of the Year 2000 issue and summarize the
department's approach for ensuring compliance of student financial
aid systems. 

To further ensure that Education's data exchange partners have indeed
made their interfaces compliant, the department will need to engage
in end-to-end testing of its mission-critical business processes,
including data exchanges.  As noted earlier, Education has not
completed these end-to-end test plans. 

Further complicating data exchange compliance is that Education will
need to ensure that the data it is receiving from its partners are
not just formatted correctly but are accurate.  As we have previously
reported, Education has experienced serious data integrity problems
in the past.\12

To assess how educational institutions are progressing with their
Year 2000 programs, the department recently conducted a survey of the
Year 2000 readiness of postsecondary schools participating in the
Direct Loan Program.  The preliminary results are not encouraging: 
up to one-third of the schools did not even have a compliance plan in
place. 


--------------------
\12 GAO/AIMD-97-122, July 29, 1997. 


      BUSINESS CONTINUITY AND
      CONTINGENCY PLANNING:  A
      NECESSARY SAFETY NET
-------------------------------------------------------- Chapter 0:6.3

Given the challenges Education faces in making sure that all of its
mission-critical systems are adequately tested and in addressing the
complexities of the massive number of data exchanges, it will be
difficult for the department to enter the new century without some
problems.  Therefore, it is critical that Education initiate the
development of realistic contingency plans to ensure continuity of
core business processes in the event of Year 2000-induced failures. 

Business continuity and contingency plans should be formulated to
respond to two types of failure:  those that can be predicted (e.g.,
systems renovations that are already far behind schedule) and those
that are unforeseen (e.g., systems that fail despite having been
certified Year 2000 compliant, or those that cannot be corrected by
January 1, 2000, despite appearing to be on schedule today). 
Moreover, contingency plans that focus only on agency systems are
inadequate.  Federal agencies depend on data provided by their
business partners as well as on services provided by the public
infrastructure.  Thus, one weak link anywhere in the chain of
critical dependencies can cause major disruption.  Given these
interdependencies, it is imperative that contingency plans be
developed for all critical core business processes and supporting
systems, regardless of whether these systems are owned by the agency. 

Our guide on ensuring business continuity and contingency planning,
issued last month, provides further detail on this.\13 This guide
describes four phases supported by agency Year 2000 program
management:  initiation, business impact analysis, contingency
planning, and testing.  Each phase represents a major Year 2000
business continuity planning project activity or segment. 

Education initiated contingency planning activities in February 1998. 
According to department officials, Education is committed to
developing business continuity and contingency plans for each
mission-critical business process and supporting systems.  As part of
this commitment, Education recently appointed a senior executive to
manage the development and testing of continuity and contingency
plans for student financial aid operations.  The department expects
to complete these plans by March 31, 1999. 


--------------------
\13 GAO/AIMD-10.1.19, August 1998. 


-------------------------------------------------------- Chapter 0:6.4

In summary, Mr.  Chairman, the Department of Education's endeavor to
make its programs and supporting systems Year 2000 compliant is of
urgent priority.  Should critical student financial aid systems not
be Year 2000 compliant in time, Education's ability to control the
award process could be compromised, with cascading effects reaching
schools, students, guaranty agencies, and lenders. 

While the department has made progress in preparing its systems for
the year 2000, initial delays have left it with significant
risks--risks that must be effectively managed. 

This concludes my statement.  I would be pleased to respond to any
questions that you or other Members of the Subcommittee may have at
this time. 


GAO REPORTS AND TESTIMONY
ADDRESSING THE YEAR 2000 CRISIS
================================================== Appendix Attachment

Year 2000 Computing Crisis:  Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278, September
3, 1998). 

Year 2000 Computing Crisis:  Strong Leadership and Effective
Partnerships Needed to Reduce Likelihood of Adverse Impact
(GAO/T-AIMD-98-277, September 2, 1998). 

Year 2000 Computing Crisis:  Strong Leadership and Effective
Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276, September
1, 1998). 

Year 2000 Computing Crisis:  State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-162,
August 28, 1998). 

Year 2000 Computing:  EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998). 

Year 2000 Computing Crisis:  Avoiding Major Disruptions Will Require
Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-267,
August 19, 1998). 

Year 2000 Computing Crisis:  Strong Leadership and Partnerships
Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266,
August 17, 1998). 

Year 2000 Computing Crisis:  Strong Leadership and Partnerships
Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262,
August 13, 1998). 

FAA Systems:  Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998). 

Year 2000 Computing Crisis:  Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998). 

Internal Revenue Service:  Impact of the IRS Restructuring and Reform
Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998). 

Social Security Administration:  Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998). 

Year 2000 Computing Crisis:  Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998). 

Defense Computers:  Year 2000 Computer Problems Put Navy Operations
at Risk (GAO/AIMD-98-150, June 30, 1998). 

Year 2000 Computing Crisis:  A Testing Guide (GAO/AIMD-10.1.21,
Exposure Draft, June 1998). 

Year 2000 Computing Crisis:  Testing and Other Challenges Confronting
Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998). 

Year 2000 Computing Crisis:  Telecommunications Readiness Critical,
Yet Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16,
1998). 

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998). 

IRS' Year 2000 Efforts:  Business Continuity Planning Needed for
Potential Year 2000 System Failures (GAO/GGD-98-138, June 15, 1998). 

Year 2000 Computing Crisis:  Actions Must Be Taken Now to Address
Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998). 

Defense Computers:  Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998). 

Year 2000 Computing Crisis:  USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted
(GAO/T-AIMD-98-167, May 14, 1998). 

Securities Pricing:  Actions Needed for Conversion to Decimals
(GAO/T-GGD-98-121, May 8, 1998). 

Year 2000 Computing Crisis:  Continuing Risks of Disruption to Social
Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161, May 7,
1998). 

IRS' Year 2000 Efforts:  Status and Risks (GAO/T-GGD-98-123, May 7,
1998). 

Air Traffic Control:  FAA Plans to Replace Its Host Computer System
Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R, May
1, 1998). 

Year 2000 Computing Crisis:  Potential for Widespread Disruption
Calls for Strong Leadership and Partnerships (GAO/AIMD-98-85, April
30, 1998). 

Defense Computers:  Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998). 

Department of the Interior:  Year 2000 Computing Crisis Presents Risk
of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22, 1998). 

Tax Administration:  IRS' Fiscal Year 1999 Budget Request and Fiscal
Year 1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31, 1998). 

Year 2000 Computing Crisis:  Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24, 1998). 

Year 2000 Computing Crisis:  Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-116, March 24, 1998). 

Year 2000 Computing Crisis:  Office of Thrift Supervision's Efforts
to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-102,
March 18, 1998). 

Year 2000 Computing Crisis:  Strong Leadership and Effective
Public/Private Cooperation Needed to Avoid Major Disruptions
(GAO/T-AIMD-98-101, March 18, 1998). 

Post-Hearing Questions on the Federal Deposit Insurance Corporation's
Year 2000 (Y2K) Preparedness (AIMD-98-108R, March 18, 1998). 

SEC Year 2000 Report:  Future Reports Could Provide More Detailed
Information (GAO/GGD/AIMD-98-51, March 6, 1998). 

Year 2000 Readiness:  NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998). 

Year 2000 Computing Crisis:  Federal Deposit Insurance Corporation's
Efforts to Ensure Bank Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-73, February 10, 1998). 

Year 2000 Computing Crisis:  FAA Must Act Quickly to Prevent Systems
Failures (GAO/T-AIMD-98-63, February 4, 1998). 

FAA Computer Systems:  Limited Progress on Year 2000 Issue Increases
Risk Dramatically (GAO/AIMD-98-45, January 30, 1998). 

Defense Computers:  Air Force Needs to Strengthen Year 2000 Oversight
(GAO/AIMD-98-35, January 16, 1998). 

Year 2000 Computing Crisis:  Actions Needed to Address Credit Union
Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998). 

Veterans Health Administration Facility Systems:  Some Progress Made
In Ensuring Year 2000 Compliance, But Challenges Remain
(GAO/AIMD-98-31R, November 7, 1997). 

Year 2000 Computing Crisis:  National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-20, October 22, 1997). 

Social Security Administration:  Significant Progress Made in Year
2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997). 

Defense Computers:  Technical Support Is Key to Naval Supply Year
2000 Success (GAO/AIMD-98-7R, October 21, 1997). 

Defense Computers:  LSSC Needs to Confront Significant Year 2000
Issues (GAO/AIMD-97-149, September 26, 1997). 

Veterans Affairs Computer Systems:  Action Underway Yet Much Work
Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174, September 25,
1997). 

Year 2000 Computing Crisis:  Success Depends Upon Strong Management
and Structured Approach (GAO/T-AIMD-97-173, September 25, 1997). 

Year 2000 Computing Crisis:  An Assessment Guide (GAO/AIMD-10.1.14,
September 1997). 

Defense Computers:  SSG Needs to Sustain Year 2000 Progress
(GAO/AIMD-97-120R, August 19, 1997). 

Defense Computers:  Improvements to DOD Systems Inventory Needed for
Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997). 

Defense Computers:  Issues Confronting DLA in Addressing Year 2000
Problems (GAO/AIMD-97-106, August 12, 1997). 

Defense Computers:  DFAS Faces Challenges in Solving the Year 2000
Problem (GAO/AIMD-97-117, August 11, 1997). 

Year 2000 Computing Crisis:  Time Is Running Out for Federal Agencies
to Prepare for the New Millennium (GAO/T-AIMD-97-129, July 10, 1997). 

Veterans Benefits Computer Systems:  Uninterrupted Delivery of
Benefits Depends on Timely Correction of Year-2000 Problems
(GAO/T-AIMD-97-114, June 26, 1997). 

Veterans Benefits Computer Systems:  Risks of VBA's Year-2000 Efforts
(GAO/AIMD-97-79, May 30, 1997). 

Medicare Transaction System:  Success Depends Upon Correcting
Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16,
1997). 

Medicare Transaction System:  Serious Managerial and Technical
Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997). 

Year 2000 Computing Crisis:  Risk of Serious Disruption to Essential
Government Functions Calls for Agency Action Now (GAO/T-AIMD-97-52,
February 27, 1997). 

Year 2000 Computing Crisis:  Strong Leadership Today Needed To
Prevent Future Disruption of Government Services (GAO/T-AIMD-97-51,
February 24, 1997). 

High-Risk Series:  Information Management and Technology
(GAO/HR-97-9, February 1997). 

*** End of document. ***