Year 2000 Computing Crisis: Readiness Improving But Much Work Remains to
Ensure Delivery of Critical Services (Testimony, 04/19/99,
GAO/T-AIMD-99-149).

Pursuant to a congressional request, GAO discussed the year 2000 risks
facing the nation, focusing on: (1) the federal government's progress
and remaining challenges in correcting its systems; (2) state and local
government year 2000 issues; and (3) an overview of the available
information on the readiness of key public infrastructure and economic
sectors.

GAO noted that: (1) the federal government's most recent reports show
improvement in addressing the year 2000 problem; (2) while much work
remains, the federal government has significantly increased the
percentage of mission-critical systems that are reported to be year 2000
compliant; (3) while the federal government did not meet its goal of
having all mission-critical systems compliant by March 1999, 92 percent
of these systems were reported to have met this goal; (4) while this
progress is notable, 11 agencies did not meet the Office of Management
and Budget's deadline for all of their mission-critical systems; (5)
additionally, not all systems have undergone an independent verification
and validation process; (6) some agencies are significantly behind
schedule and are at high risk that they will not fix their systems in
time; (7) agencies must work early and continually with their data
exchange partners to plan and execute effective end-to-end tests; (8)
given the interdependencies of federal agencies, it is imperative that
contingency plans be developed for all critical core business processes
and supporting systems, regardless of whether these systems are owned by
the agency; (9) in GAO's review of the 24 major departments and agencies
February 1999 quarterly reports found that business continuity and
contingency planning was generally well underway; (10) the government's
future actions need to be focused on its high-priority programs and
ensuring the continuity of these programs, including the continuity of
federal programs that are administered by states; (11) accordingly,
governmentwide priorities need to be based on such criteria as the
potential for adverse health and safety effects, adverse financial
effects on American citizens, detrimental effects on national security,
and adverse economic consequences; (12) state and local governments also
face a major risk of year 2000-induced failures to the many vital
services that they provide; (13) a recent survey of state year 2000
efforts indicated that much remains to be completed; (14) the year 2000
also poses a serious challenge to the public infrastructure, key
economic sectors, and to other countries; (15) the President's Council
on Year 2000 Conversion subsequently established over 25 sector-based
working groups and has been initiating outreach activities since it
became operational last spring; and (16) these sector-based working
groups will also be assessing their sectors.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-99-149
     TITLE:  Year 2000 Computing Crisis: Readiness Improving But Much 
             Work Remains to Ensure Delivery of Critical Services
      DATE:  04/19/99
   SUBJECT:  Y2K
             Computer software verification and validation
             Systems conversions
             Strategic information systems planning
             Information resources management
             Data integrity
             State-administered programs
             Computer software
             Systems compatibility
             Schedule slippages
IDENTIFIER:  Y2K
             Medicare Program
             HHS Payment Management System
             HHS Temporary Assistance for Needy Families Program
             Food Stamp Program
             FAA Year 2000 Program
             FAA National Airspace System Plan
             
Year 2000 Computing Crisis: Readiness Improving But Much Work Remains to
Ensure Delivery of Critical Services (Testimony, 04/19/99,
GAO/T-AIMD-99-149).

Pursuant to a congressional request, GAO discussed the year 2000 risks
facing the nation, focusing on: (1) the federal government's progress
and remaining challenges in correcting its systems; (2) state and local
government year 2000 issues; and (3) an overview of the available
information on the readiness of key public infrastructure and economic
sectors.

GAO noted that: (1) the federal government's most recent reports show
improvement in addressing the year 2000 problem; (2) while much work
remains, the federal government has significantly increased the
percentage of mission-critical systems that are reported to be year 2000
compliant; (3) while the federal government did not meet its goal of
having all mission-critical systems compliant by March 1999, 92 percent
of these systems were reported to have met this goal; (4) while this
progress is notable, 11 agencies did not meet the Office of Management
and Budget's deadline for all of their mission-critical systems; (5)
additionally, not all systems have undergone an independent verification
and validation process; (6) some agencies are significantly behind
schedule and are at high risk that they will not fix their systems in
time; (7) agencies must work early and continually with their data
exchange partners to plan and execute effective end-to-end tests; (8)
given the interdependencies of federal agencies, it is imperative that
contingency plans be developed for all critical core business processes
and supporting systems, regardless of whether these systems are owned by
the agency; (9) in GAO's review of the 24 major departments and agencies
February 1999 quarterly reports found that business continuity and
contingency planning was generally well underway; (10) the government's
future actions need to be focused on its high-priority programs and
ensuring the continuity of these programs, including the continuity of
federal programs that are administered by states; (11) accordingly,
governmentwide priorities need to be based on such criteria as the
potential for adverse health and safety effects, adverse financial
effects on American citizens, detrimental effects on national security,
and adverse economic consequences; (12) state and local governments also
face a major risk of year 2000-induced failures to the many vital
services that they provide; (13) a recent survey of state year 2000
efforts indicated that much remains to be completed; (14) the year 2000
also poses a serious challenge to the public infrastructure, key
economic sectors, and to other countries; (15) the President's Council
on Year 2000 Conversion subsequently established over 25 sector-based
working groups and has been initiating outreach activities since it
became operational last spring; and (16) these sector-based working
groups will also be assessing their sectors.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-99-149
     TITLE:  Year 2000 Computing Crisis: Readiness Improving But Much 
             Work Remains to Ensure Delivery of Critical Services
      DATE:  04/19/99
   SUBJECT:  Y2K
             Computer software verification and validation
             Systems conversions
             Strategic information systems planning
             Information resources management
             Data integrity
             State-administered programs
             Computer software
             Systems compatibility
             Schedule slippages
IDENTIFIER:  Y2K
             Medicare Program
             HHS Payment Management System
             HHS Temporary Assistance for Needy Families Program
             Food Stamp Program
             FAA Year 2000 Program
             FAA National Airspace System Plan
             
Year 2000 Computing Crisis: Readiness Improving But Much Work Remains to
Ensure Delivery of Critical Services (Testimony, 04/19/99,
GAO/T-AIMD-99-149).

Pursuant to a congressional request, GAO discussed the year 2000 risks
facing the nation, focusing on: (1) the federal government's progress
and remaining challenges in correcting its systems; (2) state and local
government year 2000 issues; and (3) an overview of the available
information on the readiness of key public infrastructure and economic
sectors.

GAO noted that: (1) the federal government's most recent reports show
improvement in addressing the year 2000 problem; (2) while much work
remains, the federal government has significantly increased the
percentage of mission-critical systems that are reported to be year 2000
compliant; (3) while the federal government did not meet its goal of
having all mission-critical systems compliant by March 1999, 92 percent
of these systems were reported to have met this goal; (4) while this
progress is notable, 11 agencies did not meet the Office of Management
and Budget's deadline for all of their mission-critical systems; (5)
additionally, not all systems have undergone an independent verification
and validation process; (6) some agencies are significantly behind
schedule and are at high risk that they will not fix their systems in
time; (7) agencies must work early and continually with their data
exchange partners to plan and execute effective end-to-end tests; (8)
given the interdependencies of federal agencies, it is imperative that
contingency plans be developed for all critical core business processes
and supporting systems, regardless of whether these systems are owned by
the agency; (9) in GAO's review of the 24 major departments and agencies
February 1999 quarterly reports found that business continuity and
contingency planning was generally well underway; (10) the government's
future actions need to be focused on its high-priority programs and
ensuring the continuity of these programs, including the continuity of
federal programs that are administered by states; (11) accordingly,
governmentwide priorities need to be based on such criteria as the
potential for adverse health and safety effects, adverse financial
effects on American citizens, detrimental effects on national security,
and adverse economic consequences; (12) state and local governments also
face a major risk of year 2000-induced failures to the many vital
services that they provide; (13) a recent survey of state year 2000
efforts indicated that much remains to be completed; (14) the year 2000
also poses a serious challenge to the public infrastructure, key
economic sectors, and to other countries; (15) the President's Council
on Year 2000 Conversion subsequently established over 25 sector-based
working groups and has been initiating outreach activities since it
became operational last spring; and (16) these sector-based working
groups will also be assessing their sectors.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-99-149
     TITLE:  Year 2000 Computing Crisis: Readiness Improving But Much 
             Work Remains to Ensure Delivery of Critical Services
      DATE:  04/19/99
   SUBJECT:  Y2K
             Computer software verification and validation
             Systems conversions
             Strategic information systems planning
             Information resources management
             Data integrity
             State-administered programs
             Computer software
             Systems compatibility
             Schedule slippages
IDENTIFIER:  Y2K
             Medicare Program
             HHS Payment Management System
             HHS Temporary Assistance for Needy Families Program
             Food Stamp Program
             FAA Year 2000 Program
             FAA National Airspace System Plan
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
ai99149t GAO

United States General Accounting Office

Testimony Before the Committee on Government Reform, House of
Representatives

For Release on Delivery Expected at 9 a.m. Monday, April 19, 1999

YEAR 2000 COMPUTING CRISIS

Readiness Improving But Much Work Remains to Ensure Delivery of
Critical Services

Statement of Joel C. Willemssen Director, Civil Agencies
Information Systems Accounting and Information Management Division

GAO/T-AIMD-99-149

Page 1 GAO/T-AIMD-99-149

Mr. Chairman and Members of the Committee: Thank you for inviting
us to participate in today's hearing on the Year 2000 problem.
According to the report of the President's Commission on Critical
Infrastructure Protection, the United Stateswith close to half of
all computer capacity and 60 percent of Internet assetsis the
world's most advanced and most dependent user of information
technology. 1 Should these systemswhich perform functions and
services critical to our nationsuffer problems, it could create
widespread disruption. Accordingly, the upcoming change of century
is a sweeping and urgent challenge for public- and private-sector
organizations alike.

Because of its urgent nature and the potentially devastating
impact it could have on critical government operations, in
February 1997, we designated the Year 2000 problem as a high-risk
area for the federal government. 2

Since that time, we have issued over 90 reports and testimony
statements detailing specific findings and numerous
recommendations related to the Year 2000 readiness of a wide range
of federal agencies. 3 We have also issued guidance to help
organizations successfully address the issue. 4

Today, I will highlight the Year 2000 risks facing the nation,
discuss the federal government's progress and remaining challenges
in correcting its systems, identify state and local government
Year 2000 issues, and provide an overview of the available
information on the readiness of key public infrastructure and
economic sectors.

1 Critical Foundations: Protecting America's Infrastructures
(President's Commission on Critical Infrastructure Protection,
October 1997).

2 High-Risk Series: Information Management and Technology (GAO/HR-
97-9, February 1997).

3 A list of these publications is included in appendix II of this
statement.

4 Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-
10.1.14, issued as an exposure draft in February 1997 and in final
form in September 1997), which addresses the key tasks needed to
complete each phase of a Year 2000 program (awareness, assessment,
renovation, validation, and implementa- tion); Year 2000 Computing
Crisis: Business Continuity and Contingency Planning (GAO/AIMD-
10.1.19, issued as an exposure draft in March 1998 and in final
form in August 1998), which describes the tasks needed to ensure
the continuity of agency operations; and Year 2000 Computing
Crisis: A Testing Guide (GAO/AIMD-10.1.21, issued as an exposure
draft in June 1998 and in final form in November 1998), which
discusses the need to plan and conduct Year 2000 tests in a
structured and disciplined fashion.

Page 2 GAO/T-AIMD-99-149

The Public Faces Risks of Year 2000 Disruptions

The public faces a risk that critical services provided by the
government and the private sector could be severely disrupted by
the Year 2000 computing problem. Financial transactions could be
delayed, flights grounded, power lost, and national defense
affected. Moreover, America's infrastructures are a complex array
of public and private enterprises with many interdependencies at
all levels. These many interdependencies among governments and
within key economic sectors could cause a single failure to have
adverse repercussions in other sectors. Key sectors that could be
seriously affected if their systems are not Year 2000 compliant
include information and telecommunications; banking and finance;
health, safety, and emergency services; transportation; power and
water; and manufacturing and small business.

The following are examples of some of the major disruptions the
public and private sectors could experience if the Year 2000
problem is not corrected.

 With respect to aviation, there could be grounded or delayed
flights, degraded safety, customer inconvenience, and increased
airline costs. 5

 Aircraft and other military equipment could be grounded because
the computer systems used to schedule maintenance and track
supplies may not work. Further, the Department of Defense could
incur shortages of vital items needed to sustain military
operations and readiness. 6

 Medical devices and scientific laboratory equipment may
experience problems beginning January 1, 2000, if their software
applications or embedded chips use two-digit fields to represent
the year.

Recognizing the seriousness of the Year 2000 problem, on February
4, 1998, the President signed an executive order that established
the President's Council on Year 2000 Conversion led by an
Assistant to the President and consisting of one representative
from each of the executive departments and from other federal
agencies as may be determined by the Chair. The Chair of the
Council was tasked with the following Year 2000 roles: (1)
overseeing the activities of agencies, (2) acting as chief
spokesperson in national and international forums, (3) providing
policy coordination of

5 FAA Systems: Serious Challenges Remain in Resolving Year 2000
and Computer Security Problems (GAO/T-AIMD-98-251, August 6,
1998).

6 Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

Page 3 GAO/T-AIMD-99-149

executive branch activities with state, local, and tribal
governments, and (4) promoting appropriate federal roles with
respect to private-sector activities.

Improvements Made But Much Work Remains

Addressing the Year 2000 problem is a tremendous challenge for the
federal government. Many of the federal government's computer
systems were originally designed and developed 20 to 25 years ago,
are poorly documented, and use a wide variety of computer
languages, many of which are obsolete. Some applications include
thousands, tens of thousands, or even millions of lines of code,
each of which must be examined for date- format problems.

To meet this challenge and monitor individual agency efforts, the
Office of Management and Budget (OMB) directed the major
departments and agencies to submit quarterly reports on their
progress, beginning May 15, 1997. These reports contain
information on where agencies stand with respect to the
assessment, renovation, validation, and implementation of mission-
critical systems, as well as other management information on items
such as business continuity and contingency plans and costs.

The federal government's most recent reports show improvement in
addressing the Year 2000 problem. While much work remains, the
federal government has significantly increased the percentage of
mission-critical systems that are reported to be Year 2000
compliant, as figure 1 illustrates. In particular, while the
federal government did not meet its goal of having all mission-
critical systems compliant by March 1999, 92 percent of these
systems were reported to have met this goal.

Page 4 GAO/T-AIMD-99-149

Figure 1: Mission- Critical Systems Reported Year 2000 Compliant,
May 1997- March 1999

Source: May 1997 through February 1999 data are from the OMB
quarterly reports. The March 1999 data are from the President's
Council on Year 2000 Conversion and OMB.

While this progress is notable, 11 agencies did not meet OMB's
deadline for all of their mission-critical systems. 7 In addition,
as we testified last week, some of the systems that were not yet
compliant support vital government functions. 8 For example, among
the systems that did not meet the March 1999 deadline were those
operated by Health Care Financing Administration (HCFA)
contractors. As we testified in February 1999, these systems are
critical to processing Medicare claims. 9

7 The 11 agencies were the Departments of Agriculture, Commerce,
Defense, Energy, Health and Human Services, Justice, State,
Transportation, and the Treasury and the National Aeronautics and
Space Administration and the U.S. Agency for International
Development.

8 Year 2000 Computing Challenge: Federal Government Making
Progress But Critical Issues Must Still Be Addressed to Minimize
Disruptions (GAO/T-AIMD-99-144, April 14, 1999).

9 Year 2000 Computing Crisis: Medicare and the Delivery of Health
Services Are at Risk (GAO/T-AIMD-99-89, February 24, 1999) and
Year 2000 Computing Crisis: Readiness Status of the Department of
Health and Human Services (GAO/T-AIMD-99-92, February 26, 1999).

79% 92%

61% 50% 40% 35%

27% 19% 21%

0% 10%

20% 30%

40% 50%

60% 70%

80% 90%

100% May- 97 Aug- 97 Nov- 97 Feb- 98 May- 98 Aug- 98 Nov- 98 Feb-
99 Mar- 99 Percent

Page 5 GAO/T-AIMD-99-149

Additionally, not all systems have undergone an independent
verification and validation process. For example, the
Environmental Protection Agency and the Department of the Interior
reported that 57 and 3 of their systems, respectively, deemed
compliant were still undergoing independent verification and
validation. In some cases, independent verification and validation
of compliant systems have found serious problems. For example, as
we testified this February, 10 none of HCFA's 54 external mission-
critical systems reported by the Department of Health and Human
Services as compliant as of December 31, 1998, was Year 2000
ready, based on serious qualifications identified by the
independent verification and validation contractor.

Reviews Show Uneven Federal Agency Progress

While the Year 2000 readiness of the government has improved, our
reviews of federal agency Year 2000 programs have found uneven
progress. Some agencies are significantly behind schedule and are
at high risk that they will not fix their systems in time. Other
agencies have made progress, although risks continue and a great
deal of work remains. The following are examples of the results of
some of our recent reviews.

 In March 1999, we testified that the Federal Aviation
Administration (FAA) had made tremendous progress over the prior
year. 11 However, much remained to be done to complete validating
and implementing FAA's mission-critical systems. Specifically, the
challenges that FAA faced included (1) ensuring that systems
validation efforts are adequate, (2) implementing multiple systems
at numerous facilities, (3) completing data exchange efforts, and
(4) completing end-to-end testing. In addition, last week we
testified 12 that 10 of FAA's 52 noncompliant mission-critical
systems are among the systems that it has identified as posing the
greatest risk to the National Airspace System the network of
equipment, facilities, and information that supports U.S. aviation
operationsshould their Year 2000 repairs experience schedule
delays or should the systems not be operational on January 1,
2000. Because of the risks associated with FAA's Year 2000
program, we have advocated that the agency develop business
continuity and contingency

10 GAO/T-AIMD-99-92, February 26, 1999.

11 Year 2000 Computing Crisis: FAA Is Making Progress But
Important Challenges Remain (GAO/T-AIMD/RCED-99-118, March 15,
1999).

12 GAO/T-AIMD-99-144, April 14, 1999.

Page 6 GAO/T-AIMD-99-149

plans. 13 FAA agreed and has activities underway that we are
currently reviewing.  Earlier this month, we reported that the
Federal Reserve System

which is instrumental to our nation's economic well-being since it
provides depository institutions and government agencies services
such as processing checks and transferring funds and securitieshas
effective controls to help ensure that its Year 2000 progress is
reported accurately and reliably. 14 We also found that it is
effectively managing the renovation and testing of its internal
systems and the development and planned testing of contingency
plans for continuity of business operations. Nevertheless, the
Federal Reserve System still had much to accomplish before it is
fully ready for January 1, 2000, such as completing validation and
implementation of all of its internal system and completing its
contingency plans.  Our work has shown that the Department of
Defense and the military

services face significant problems. 15 In March 1999, we testified
that, despite considerable progress made in the 3 months before
the testimony, Defense was still well behind schedule. 16 We found
that Defense faced two significant challenges: (1) it must
complete remediation and testing of its mission-critical systems
and (2) it must have a reasonable level of assurance that key
processes will continue to work on a day-to-day basis and key
operational missions necessary for national defense can be
successfully accomplished. We concluded that such assurance can
only be provided if Defense takes steps to improve its visibility
over the status of key business processes.

End-to-End Testing Must Be Completed

While it is important to achieve compliance for individual
mission-critical systems, realizing such compliance alone does not
ensure that business

13 FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998),
GAO/T-AIMD-98-251, August 6, 1998, and GAO/T-AIMD/RCED-99- 118,
March 15, 1999.

14 Year 2000 Computing Crisis: Federal Reserve Has Established
Effective Year 2000 Management Controls for Internal Systems
Conversion (GAO/AIMD-99-78, April 9, 1999).

15 Defense Computers: Year 2000 Computer Problems Put Navy
Operations at Risk (GAO/AIMD-98-150, June 30, 1998), Defense
Computers: Army Needs to Greatly Strengthen Its Year 2000 Program
(GAO/AIMD-98-53, May 29, 1998), GAO/AIMD-98-72, April 30, 1998,
and Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998).

16 Year 2000 Computing Crisis: Defense Has Made Progress, But
Additional Management Controls Are Needed (GAO/T-AIMD-99-101,
March 2, 1999).

Page 7 GAO/T-AIMD-99-149

functions will continue to operate through the change of
centurythe ultimate goal of Year 2000 efforts. The purpose of end-
to-end testing is to verify that a defined set of interrelated
systems, which collectively support an organizational core
business area or function, will work as intended in an operational
environment. In the case of the year 2000, many systems in the
end-to-end chain will have been modified or replaced. As a result,
the scope and complexity of testingand its importanceare
dramatically increased, as is the difficulty of isolating,
identifying, and correcting problems. Consequently, agencies must
work early and continually with their data exchange partners to
plan and execute effective end-to-end tests (our Year 2000 testing
guide sets forth a structured approach to testing, including end-
to-end testing). 17

In January 1999, we testified that with the time available for
end-to-end testing diminishing, OMB should consider, for the
government's most critical functions, setting target dates, and
having agencies report against them, for the development of end-
to-end test plans, the establishment of test schedules, and the
completion of the tests. 18 On March 31, OMB and the Chair of the
President's Council on Year 2000 Conversion announced that one of
the key priorities that federal agencies will be pursuing during
the rest of 1999 will be cooperative efforts regarding end-to-end
testing to demonstrate the Year 2000 readiness of federal programs
with states and other partners critical to the administration of
those programs.

We are also encouraged by some agencies' recent actions. For
example, we testified this March that the Department of Defense's
Principal Staff Assistants are planning to conduct end-to-end
tests to ensure that systems that collectively support core
business areas can interoperate as intended in a Year 2000
environment. 19 Further, our March 1999 testimony 20 found that
FAA had addressed our prior concerns with the lack of detail in
its draft end-to-end test program plan and had developed a
detailed end-to-end testing strategy and plans. 21

17 GAO/AIMD-10.1.21, November 1998.

18 Year 2000 Computing Crisis: Readiness Improving, But Much Work
Remains to Avoid Major Disruptions (GAO/T-AIMD-99-50, January 20,
1999).

19 GAO/T-AIMD-99-101, March 2, 1999.

20 GAO/T-AIMD/RCED-99-118, March 15, 1999.

21 GAO/T-AIMD-98-251, August 6, 1998.

Page 8 GAO/T-AIMD-99-149

Business Continuity and Contingency Plans Are Needed

Business continuity and contingency plans are essential. Without
such plans, when unpredicted failures occur, agencies will not
have well-defined responses and may not have enough time to
develop and test alternatives. Federal agencies depend on data
provided by their business partners as well as on services
provided by the public infrastructure (e.g., power, water,
transportation, and voice and data telecommunications). One weak
link anywhere in the chain of critical dependencies can cause
major disruptions to business operations. Given these
interdependencies, it is imperative that contingency plans be
developed for all critical core business processes and supporting
systems, regardless of whether these systems are owned by the
agency. Accordingly, in April 1998, we recommended that the
Council require agencies to develop contingency plans for all
critical core business processes. 22

OMB has clarified its contingency plan instructions and, along
with the Chief Information Officers Council, has adopted our
business continuity and contingency planning guide. 23 In
particular, on January 26, 1999, OMB called on federal agencies to
identify and report on the high-level core business functions that
are to be addressed in their business continuity and contingency
plans as well as to provide key milestones for development and
testing of business continuity and contingency plans in their
February 1999 quarterly reports. Accordingly, in their February
1999 reports, almost all agencies listed their high-level core
business functions. Indeed, major departments and agencies listed
over 400 core business functions. For example, the Department of
Veterans Affairs classified its core business functions into two
critical areas: benefits delivery (six business lines supported
this area) and health care.

Our review of the 24 major departments and agencies February 1999
quarterly reports found that business continuity and contingency
planning was generally well underway. However, we also found cases
in which agencies (1) were in the early stages of business
continuity and contingency planning, (2) did not indicate when
they planned to complete and/or test their plans, (3) did not
intend to complete their plans until after April 1999, or (4) did
not intend to finish testing the plans until after September 1999.
In January 1999, we testified before you that OMB could

22 Year 2000 Computing Crisis: Potential for Widespread Disruption
Call for Strong Leadership and Partnerships (GAO/AIMD-98-85, April
30, 1998).

23 GAO/AIMD-10.1.19, August 1998.

Page 9 GAO/T-AIMD-99-149

consider setting a target date, such as April 30, 1999, for the
completion of business continuity and contingency plans, and
require agencies to report on their progress against this
milestone. 24 This would encourage agencies to expeditiously
develop and finalize their plans and would provide the President's
Council on Year 2000 Conversion and OMB with more complete
information on agencies' status on this critical issue. To provide
assurance that agencies' business continuity and contingency plans
will work if they are needed, we also suggested that OMB may want
to consider requiring agencies to test their business continuity
strategy and set a target date, such as September 30, 1999, for
the completion of this validation.

On March 31, OMB and the Chair of the President's Council on Year
2000 Conversion announced that completing and testing business
continuity and contingency plans as insurance against disruptions
to federal service delivery and operations from Year 2000-related
failures will be one of the key priorities that federal agencies
will be pursuing through the rest of 1999. OMB also announced that
it planned to ask agencies to submit their business continuity and
contingency plans in June. In addition to this action, we would
encourage OMB to implement the suggestion that we made in our
January 20 testimony and establish a target date for the
validation of these business continuity and contingency plans.

Recent OMB Action Could Help Ensure Business Continuity of High-
Impact

Programs

While individual agencies have been identifying and remediating
mission- critical systems, the government's future actions need to
be focused on its high-priority programs and ensuring the
continuity of these programs, including the continuity of federal
programs that are administered by states. Accordingly,
governmentwide priorities need to be based on such criteria as the
potential for adverse health and safety effects, adverse financial
effects on American citizens, detrimental effects on national
security, and adverse economic consequences. In April 1998, we
recommended that the President's Council on Year 2000 Conversion
establish governmentwide priorities and ensure that agencies set
agencywide priorities. 25

On March 26, 1999, OMB implemented our recommendation by issuing a
memorandum to federal agencies designating lead agencies for the

24 GAO/T-AIMD-99-50, January 20, 1999.

25 GAO/AIMD-98-85, April 30, 1998.

Page 10 GAO/T-AIMD-99-149

government's 42 high-impact programs (e.g., food stamps, Medicare,
and federal electric power generation and delivery); appendix I
lists these programs and lead agencies. For each program, the lead
agency was charged with identifying to OMB the partners integral
to program delivery; taking a leadership role in convening those
partners; assuring that each partner has an adequate Year 2000
plan and, if not, helping each partner without one; and developing
a plan to ensure that the program will operate effectively.
According to OMB, such a plan might include testing data exchanges
across partners, developing complementary business continuity and
contingency plans, sharing key information on readiness with other
partners and the public, and taking other steps necessary to
ensure that the program will work. OMB directed the lead agencies
to provide a schedule and milestones of key activities in the plan
by April 15. OMB also asked agencies to provide monthly progress
reports.

State and Local Governments Face Significant Year 2000

Risks

State and local governments also face a major risk of Year 2000-
induced failures to the many vital services that they provide. For
example,

 food stamps and other types of payments may not be made or could
be made for incorrect amounts;  date-dependent signal timing
patterns could be incorrectly implemented

at highway intersections, and safety severely compromised, if
traffic signal systems run by state and local governments do not
process four- digit years correctly; and  prisoner release or
parole eligibility determinations may be adversely

affected by the Year 2000 problem. A recent survey of state Year
2000 efforts indicated that much remains to be completed. The
states 26 (except for three that did not respond to the survey)
reported to the National Association of State Information Resource
Executives that as of April 5, 1999, 27 they had thousands of
mission-critical systems. 28 With respect to the remediation of
these systems,

26 In the context of the National Association of State Information
Resource Executives survey, the term states includes Guam, Puerto
Rico, and the District of Columbia.

27 Individual states submit periodic updates to the National
Association of State Information Resource Executives. For the
April 5th report, almost all of the states submitted their data in
March 1999.

28 The National Association of State Information Resource
Executives defined mission-critical systems as those that the
state has identified as priorities for prompt remediation.

Page 11 GAO/T-AIMD-99-149

 1 state reported that it had completed between 1 and 24 percent
of the activities required to return a modified system or
renovated process to production,  13 states 29 reported that they
had completed between 25 and 49 percent,  17 states 30 reported
completing between 50 and 74 percent,  17 states 31 reported
completing more than 75 percent of these

activities, 32 and  almost all states reported that they are
actively engaged in internal and

external contingency planning but of the 50 states that
established target dates for the completion of these plans, 23 (46
percent) reported the deadline as September 1999 or later.

State audit organizations have also identified significant Year
2000 concerns. In January 1999, the National State Auditors
Association reported on the results of its mid-1998 survey of Year
2000 compliance among states. This report stated that, for the 12
state audit organizations that provided Year 2000 related reports,
concerns had been raised in areas such as planning, testing,
embedded systems, business continuity and contingency planning,
and the adequacy of resources to address the problem. We
identified additional products by 13 state-level audit
organizations and Guam that discussed the Year 2000 problem and
had been issued since October 1, 1998. Several of these audit
organizations noted that progress had been made. However, the
audit organizations also expressed concerns that were consistent
with those reported by the National State Auditors Association.
For example:

 In December 1998, the Vermont State Auditor reported 33 that the
state Chief Information Officer did not have a comprehensive
control list of the state's information technology systems.
Accordingly, the Audit Office stated that even if all mission-
critical state systems were checked, these systems could be
endangered by information technology

29 Instead of reporting on its mission-critical systems, one state
reported on its processes while another reported on its functions.

30 Instead of reporting on its mission-critical systems, one state
reported on its core business activities, another state reported
on projects, and a third state reported on all systems.

31 Instead of reporting on its mission-critical systems, one state
reported on its applications.

32 Two states did not respond to this question.

33 Vermont State Auditor's Report on State Government's Year 2000
Preparedness (Y2K Compliance) for the Period Ending November 1,
1998 (Office of the State Auditor, December 31, 1998).

Page 12 GAO/T-AIMD-99-149

components that had not been checked or by linkages with the
states' external electronic partners.  In January 1999, the Rhode
Island Auditor General reported 34 that

testing standards and a test plan had not been developed.  In
February 1999, the California State Auditor reported 35 that key

agencies responsible for emergency services, corrections, and
water resources, among others, had not fully addressed embedded
technology related threats. Regarding emergency services, the
California report stated that if remediation of the embedded
technology in its networks is not completed, the Office of
Emergency Services may have to rely on cumbersome manual
processes, significantly increasing response time to disasters.
In March 1999, Oregon's Audits Division reported 36 that 11 of the
12

state agencies reviewed did not have business continuation plans
addressing potential Year 2000 problems for their core business
functions.  In March 1999, North Carolina's State Auditor reported
37 that resource

restrictions had limited the state's Year 2000 Project Office's
ability to verify data reported by state agencies.

Recent reports on local governments have also highlighted Year
2000 concerns at this level. For example:

 In January 1999, the United States Conference of Mayors reported
on the results of their survey of 220 cities. The results of this
survey of cities found (1) 97 percent had a citywide plan to
address Year 2000 issues, (2) 22 percent had repaired or replaced
less than 50 percent of their systems, and (3) 45 percent had
completed less than 50 percent of their testing.  A November 1998
National Association of Counties survey of a sample

of 500 counties found that (1) 50 percent of the counties had a
countywide Year 2000 plan, (2) 36 percent had completed
assessment,

34 State of Rhode Island, Efforts to Resolve the Year 2000
Computer Issue (Office of the Auditor General, January 29, 1999).

35 Year 2000 Computer Problem: The State's Agencies Are
Progressing Toward Compliance but Key Steps Remain Incomplete
(California State Auditor, February 18, 1999).

36 Department of Administrative Services Year 2000 Statewide
Project Office Review (Secretary of State, Audits Division, State
of Oregon Report No. 99-05, March 16, 1999).

37 Department of Commerce, Information Technology Services Year
2000 Project Office (Office of the State Auditor, State of North
Carolina, March 18, 1999).

Page 13 GAO/T-AIMD-99-149

(3) 16 percent had repaired or replaced their systems, and (4) 73
percent had no contingency plans.

Status of State- Administered Federal Human Services Programs Not
Clear

About 25 percent of the federal government's programs designated
as high- impact by OMB are state-administered, such as Food Stamps
and Temporary Assistance for Needy Families. One federal system
that did not make the March implementation target is critical to
the implementation of several of these programs. This system, the
Department of Health and Human Service's Payment Management
System, processes billions of dollars in grant payments to states
and other recipient organizations for vital programs, such as
Medicaid. As we testified in February 1999, the planned
replacement system has encountered problems since its inception
and, as a result, is still not operational. 38 Consequently, the
Department of Health and Human Services decided to repair the
existing system, which is not expected to be compliant until June
30, 1999.

As we reported in November 1998, many systems that support state-
administered federal human services programs were at risk and much
work remained to ensure continued services. 39 In February of this
year, we testified that while some progress had been achieved,
many states' systems were not scheduled to become compliant until
the last half of 1999. 40

Accordingly, we concluded that given these risks, business
continuity and contingency planning was even more important in
ensuring continuity of program operations and benefits in the
event of systems failures.

In January 1999, OMB implemented a requirement that federal
oversight agencies include the status of selected state human
services systems in their quarterly reports. Specifically, OMB
requested that the agencies describe actions to help ensure that
federally supported, state-run programs will be able to provide
services and benefits. OMB further asked that agencies report the
date when each state's systems will be Year 2000 compliant. Table
1 summarizes the information gathered by the Departments of
Agriculture, Health and Human Services, and Labor on how

38 GAO/T-AIMD-99-92, February 26, 1999.

39 Year 2000 Computing Crisis: Readiness of State Automated
Systems to Support Federal Welfare Programs (GAO/AIMD-99-28,
November 6, 1998).

40 Year 2000 Computing Crisis: Readiness of State Automated
Systems That Support Federal Human Services Programs (GAO/T-AIMD-
99-91, February 24, 1999).

Page 14 GAO/T-AIMD-99-149

many state-level organizations are compliant or when in 1999 they
planned to be compliant.

Table 1: Reported State- Level Readiness for Key Federally
Supported Programs a

a According to OMB, the Departments of Agriculture and Health and
Human Services were still collecting information from the states
on the status of the Child Nutrition Program and the Low Income
Home Energy Assistance Program, respectively.

Note: OMB reported the status of five programs for 50 state- level
organizations (Food Stamps, Unemployment Insurance, Temporary
Assistance for Needy Families, Child Support, and Women, Infants,
and Children). The status of two programs was provided for 51
state- level organizations

(Medicaid and Child Welfare). The status of Child Care was
provided for 53 state- level organizations. Source: Progress on
Year 2000 Conversion, (OMB, data received February 12, 1999,
issued on March 18, 1999).

This table illustrates the need for federal/state partnerships to
ensure the continuity of these vital services, since a
considerable number of state-level organizations are not due to be
compliant until the last half of 1999, and the agencies have not
received reports from many states. Such partnerships could include
the coordination of federal and state business continuity and
contingency plans for human services programs.

One agency that could serve as a model to other federal agencies
in working with state partners is the Social Security
Administration, which relies on states to help process claims
under its disability insurance program. In October 1997, we made
recommendations to the Social Security Administration to improve
its monitoring and oversight of state disability determination
services and to develop contingency plans that consider the
disability claims processing functions within state disability

Program Compliant JanuaryMarch AprilJune

JulySeptember OctoberDecember No report

Food Stamps 15 10 12 8 5 0 Unemployment Insurance 21 6 13 8 1 1
Temporary Assistance for Needy Families 7 3 12 4 2 22

Medicaid Integrated Eligibility System 3 1 8 5 1 33 Medicaid
Management Information Systems 7 7 14 12 2 9

Child Support 4 6 10 3 2 25 Child Care 4 3 8 5 2 31 Child Welfare
6 3 8 5 2 27 Women, Infants, and Children 24 8 6 6 6 0

Page 15 GAO/T-AIMD-99-149

determination services systems. 41 The Social Security
Administration agreed with these recommendations and, as we
testified this February, has taken several actions. 42 For
example, it established a full-time disability determination
services project team, designating project managers and
coordinators and requesting biweekly status reports. The agency
also obtained from each state disability determination service (1)
a plan specifying the specific milestones, resources, and
schedules for completing Year 2000 conversion tasks and (2)
contingency plans. Such an approach could be valuable to other
federal agencies in helping ensure the continued delivery of
services.

In addition to the state systems that support federal programs,
another important aspect of the federal government's Year 2000
efforts with the states are data exchanges. For example, the
Social Security Administration exchanges data files with the
states to determine the eligibility of disabled persons for
disability payments and the National Highway Traffic Safety
Administration provides states with information needed for drivers
registration. As part of addressing this issue, the General
Services Administration is collecting information from federal
agencies and the states on the status of their exchanges through a
secured Internet World Wide Web site. According to an official at
the General Services Administration, 70 percent of federal/state
data exchanges are Year 2000 compliant. However, this official
would not provide us with supporting documentation for this
statement nor would the General Services Administration allow us
access to its database. Accordingly, we could not verify the
status of federal/state data exchanges.

Year 2000 Readiness Information Available in Some Sectors, But Key
Information Still Missing or Incomplete

Beyond the risks faced by the federal, state, and local
governments, the Year 2000 also poses a serious challenge to the
public infrastructure, key economic sectors, and other countries.
To address these concerns, in April 1998, we recommended that the
Council use a sector-based approach and establish the effective
public-private partnerships necessary to address this

41 Social Security Administration: Significant Progress Made in
Year 2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22,
1997).

42 Year 2000 Computing Crisis: Update on the Readiness of the
Social Security Administration (GAO/T-AIMD-99-90, February 24,
1999).

Page 16 GAO/T-AIMD-99-149

issue. 43 The Council subsequently established over 25 sector-
based working groups and has been initiating outreach activities
since it became operational last spring. In addition, the Chair of
the Council has formed a Senior Advisors Group composed of
representatives from private-sector firms across key economic
sectors. Members of this group are expected to offer perspectives
on crosscutting issues, information sharing, and appropriate
federal responses to potential Year 2000 failures.

Our April 1998 report also recommended that the President's
Council on Year 2000 Conversion develop a comprehensive picture of
the nation's Year 2000 readiness, to include identifying and
assessing risks to the nation's key economic sectorsincluding
risks posed by international links. In October 1998, the Chair
directed the Council's sector working groups to begin assessing
their sectors. The Chair also provided a recommended guide of core
questions that the Council asked to be included in surveys by the
associations performing the assessments. These questions included
the percentage of work that has been completed in the assessment,
renovation, validation, and implementation phases. The Chair plans
to issue quarterly public reports summarizing these assessments.
The first such report was issued on January 7, 1999.

The January 7, 1999, report summarizes information collected to
date by the working groups and various trade associations. 44 The
Council acknowledged that readiness data in certain industries
were not yet available and, therefore, were not included in the
report. Nevertheless, based on the information available at the
time, it concluded that

 virtually all of the industry areas reported high awareness of
the Year 2000 and its potential consequences;  participants in
several areas, particularly financial institutions, are

mounting aggressive efforts to combat the problem;  it is
increasingly confident that there will not be large-scale
disruptions

in the banking, power, and telecommunications areas and, if
disruptions do occur, they are likely to be localized;  large
organizations often have a better handle on the Year 2000 problem

than do smaller ones, and some small-and medium-sized businesses
and

43 GAO/AIMD-98-85, April 30, 1998.

44 First Quarterly Summary of Assessment Information (The
President's Council on Year 2000 Conver- sion, January 7, 1999).

Page 17 GAO/T-AIMD-99-149

governments continue to believe that the Year 2000 problem will
not affect them or are delaying action until failures occur; and
international failures are likely since, despite recent increased
efforts, a

number of countries have done little to remediate critical
systems. The Council's report was a good step toward obtaining a
picture of the nation's Year 2000 readiness. However, the picture
remains substantially incomplete because assessments were not
available in many key areas, such as local law enforcement and the
maritime industry. Also, some surveys did not have a high response
rate, calling into question whether they accurately portray the
readiness of the sector. In addition, in some cases, such as
drinking water and health care, the report provided a general
assessment of the sector but did not contain detailed data as to
the status of the sector (e.g., the average percentage of
organization's systems that are Year 2000 compliant or the
percentage of organizations that are in the assessment,
renovation, or validation phases).

The President's Council on Year 2000 Conversion is to be commended
on the strides that it has made to obtain Year 2000 readiness data
that are critical to the nation's well-being as well as its other
initiatives, such as the establishment of the Senior Advisors
Group. However, to further reduce the likelihood of major
disruptions, in testimony this January, 45 we suggested that the
Council consider additional actions such as continuing to
aggressively pursue readiness information in the areas in which it
is lacking. If the current approach of using associations to
voluntarily collect information does not yield the necessary
information, we suggested that the Council may wish to consider
whether legislative remedies (such as requiring disclosure of Year
2000 readiness data) should be proposed. The Council's next sector
report is expected to be released this month. As discussed below,
we have issued several products related to several of these key
sectors.

Energy Sector This month, we reported that while the electric
power industry has reported that it has made substantial progress
in making its systems and

equipment ready to continue operations into the Year 2000,
significant risks

45 GAO/T-AIMD-99-50, January 20, 1999.

Page 18 GAO/T-AIMD-99-149

remain. 46 In response to a November 1998 survey, the nation's
electric power utilities reported that on average, they were 44
percent complete with remediation and testing. However, almost
half of the reporting organizations said that they did not expect
to be Year 2000 ready within the June 1999 industry target date,
and about one-sixth of the respondents indicated they would not be
ready until the last 3 months of 1999leaving little margin for
resolving unexpected problems. In this report, we suggested that
the Department of Energy (1) work with the Electric Power Working
Group to ensure that remediation activities are accelerated for
the utilities that expect to miss the June 1999 deadline for
achieving Year 2000 readiness and (2) encourage state regulatory
utility commissions to require a full public disclosure of Year
2000 readiness status of entities transmitting and distributing
electric power. We also suggested that the Nuclear Regulatory
Commission, (1) in cooperation with the Nuclear Energy Institute,
work with the nuclear power plant licensees to accelerate the Year
2000 remediation efforts among the nuclear power plants that
expect to meet the June 1999 deadline for achieving Year 2000
readiness and (2) publicly disclose the Year 2000 readiness of
each of the nation's operational nuclear reactors.

Health Sector Last week, we testified 47 that in response to our
September 1998 recommendation, 48 the Food and Drug
Administration, in conjunction with

the Department of Veterans Affairs, had established a
clearinghouse on biomedical equipment. As of April 5, 1999, 4,251
biomedical equipment manufacturers had submitted data to the
clearinghouse. About 54 percent of these manufacturers reported
having products that do not employ dates and about 16 percent
reported having date-related problems such as an incorrect display
of date/time. The Food and Drug Administration was awaiting
responses from 399 manufacturers.

Our April testimony also reported on the results of a Department
of Veterans Affairs survey of 384 pharmaceutical firms and 459
medical- surgical firms with which it does business. Of the 52
percent of

46 Year 2000 Computing Crisis: Readiness of the Electric Power
Industry (GAO/AIMD-99-114, April 6, 1999).

47 Year 2000 Computing Crisis: Action Needed to Ensure Continued
Delivery of Veterans Benefits and Health Care Services (GAO/T-
AIMD-99-136, April 15, 1999).

48 Year 2000 Computing Crisis: Compliance Status of Many
Biomedical Equipment Items Still Unknown (GAO/AIMD-98-240,
September 18, 1998).

Page 19 GAO/T-AIMD-99-149

pharmaceutical firms that responded to the survey, 32 percent
reported that they were compliant. Of the 54 percent of the
medical-surgical firms that responded, about two-thirds of them
reported that they were compliant.

Banking and Finance Sector A large portion of the institutions
that make up the banking and finance sector are overseen by one or
more federal regulatory agencies. In

September 1998, we testified on the efforts of five federal
financial regulatory agencies 49 to ensure that the institutions
that they oversee are ready to handle the Year 2000 problem. 50 We
concluded that the regulators had made significant progress in
assessing the readiness of member institutions and raising
awareness on important issues such as contingency planning and
testing. Regulator examinations of bank, thrift, and credit union
Year 2000 efforts found that the vast majority were doing a
satisfactory job of addressing the problem. Nevertheless, the
regulators faced the challenge of ensuring that they are ready to
take swift action to address those institutions that falter in the
later stages of correction and to address disruptions caused by
international and public infrastructure failures.

In March 1999, we concluded that insurance regulator presence
regarding the Year 2000 area was not as strong as that exhibited
by the banking and securities industry. 51 We found that the state
insurance regulators we contacted were late in raising industry
awareness of potential Year 2000 problems, provided little
guidance to regulated institutions, and failed to convey clear
regulatory expectations to companies about Year 2000 preparations
and milestones. Nevertheless, the insurance industry is reported
by both its regulators and other outside observers to be generally
on track to being ready for 2000. However, most of these reports
are based on self-reported information and, compared to other
financial regulators, insurance regulators' efforts to validate
this information generally began late and were too limited.

49 The National Credit Union Administration, the Federal Deposit
Insurance Corporation, the Office of Thrift Supervision, the
Federal Reserve System, and the Office of the Comptroller of the
Currency.

50 Year 2000 Computing Crisis: Federal Depository Institution
Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-
98-305, September 17, 1998). 51 Insurance Industry: Regulators Are
Less Active in Encouraging and Validating Year 2000

Preparedness (GAO/T-GGD-99-56, March 11, 1999).

Page 20 GAO/T-AIMD-99-149

Transportation Sector This January we reported on our survey of
413 airports. 52 We found that while the nation's airports are
making progress in preparing for the year

2000, such progress varies among airports. Of the 334 airports
responding to our survey, about one-third reported that they would
complete their Year 2000 preparations by June 30, 1999. The other
two-thirds either planned on a later date or failed to estimate
any completion date, and half of these airports did not have
contingency plans for any of 14 core airport functions. Although
most of those not expecting to be ready by June 30 are small
airports, 26 of them are among the nation's largest 50 airports.

In summary, while improvement has been shown, much work remains at
the national, federal, state, and local level to ensure that major
service disruptions do not occur. Specifically, remediation must
be completed, end-to-end testing performed, and business
continuity and contingency plans developed. To meet this
challenge, strong leadership and partnerships must be maintained
to ensure that government programs meet the needs of the public at
the turn of the century.

Mr. Chairman, this concludes my statement. I would be happy to
respond to any questions that you or other members of the
Committee may have at this time.

52 Year 2000 Computing Crisis: Status of Airports' Efforts to Deal
With Date Change Problem (GAO/RCED/AIMD-99-57, January 29, 1999).

Page 21 GAO/T-AIMD-99-149

Appendix I

Federal High-Impact Programs and Lead Agencies Appendi x I

Agency Program

Department of Agriculture Child Nutrition Programs Department of
Agriculture Food Safety Inspection Department of Agriculture Food
Stamps Department of Agriculture Special Supplemental Nutrition
Program for Women, Infants, and Children Department of Commerce
Patent and trademark processing Department of Commerce Weather
Service Department of Defense Military Hospitals Department of
Defense Military Retirement Department of Education Student Aid
Department of Energy Federal electric power generation and
delivery Department of Health and Human Services Child Care
Department of Health and Human Services Child Support Enforcement
Department of Health and Human Services Child Welfare Department
of Health and Human Services Disease monitoring and the ability to
issue warnings Department of Health and Human Services Indian
Health Service Department of Health and Human Services Low Income
Home Energy Assistance Program Department of Health and Human
Services Medicaid Department of Health and Human Services Medicare
Department of Health and Human Services Organ Transplants
Department of Health and Human Services Temporary Assistance for
Needy Families Department of Housing and Urban Development Housing
loans (Government National Mortgage Association) Department of
Housing and Urban Development Section 8 Rental Assistance
Department of Housing and Urban Development Public Housing
Department of Housing and Urban Development FHA Mortgage Insurance
Department of Housing and Urban Development Community Development
Block Grants Department of the Interior Bureau of Indians Affairs
programs Department of Justice Federal Prisons Department of
Justice Immigration Department of Labor Unemployment Insurance
Department of State Passport Applications and Processing
Department of Transportation Air Traffic Control system Department
of Transportation Maritime Search and Rescue Department of the
Treasury Cross- border Inspection Services Department of Veterans
Affairs Veterans' Benefits Department of Veterans Affairs
Veterans' Health Care Federal Emergency Management Agency Disaster
Relief Office of Personnel Management Federal Employee Health
Benefits Office of Personnel Management Federal Employee Life
Insurance

Appendix I Federal High-Impact Programs and Lead Agencies

Page 22 GAO/T-AIMD-99-149

Office of Personnel Management Federal Employee Retirement
Benefits Railroad Retirement Board Retired Rail Workers Benefits
Social Security Administration Social Security Benefits U. S.
Postal Service Mail Service

Page 23 GAO/T-AIMD-99-149

Appendix II

GAO Reports and Testimony Addressing the Year 2000 Crisis Appendi
x I I

Year 2000 Computing Crisis: Action Needed to Ensure Continued
Delivery of Veterans Benefits and Health Care Services (GAO/T-
AIMD-99-136, April 15, 1999).

Year 2000 Computing Challenge: Federal Government Making Progress
But Critical Issues Must Still Be Addressed to Minimize
Disruptions (GAO/T-AIMD-99-114, April 14, 1999).

Year 2000 Computing Crisis: Additional Work Remains to Ensure
Delivery of Critical Services (GAO/T-AIMD-99-143, April 13, 1999).

Tax Administration: IRS' Fiscal Year 2000 Budget Request and 1999
Tax Filing Season (GAO/T-GGD/AIMD-99-140, April 13, 1999).

Year 2000 Computing Crisis: Federal Reserve Has Established
Effective Year 2000 Management Controls for Internal Systems
Conversion (GAO/AIMD-99-78, April 9, 1999).

Year 2000 Computing Crisis: Readiness of the Electric Power
Industry (GAO/AIMD-99-114, April 6, 1999).

Year 2000 Computing Crisis: Customs Has Established Effective Year
2000 Program Controls (GAO/AIMD-99-37, March 29, 1999).

Year 2000 Computing Crisis: FAA Is Making Progress But Important
Challenges Remain (GAO/T-AIMD/RCED-99-118, March 15, 1999).

Insurance Industry: Regulators Are Less Active in Encouraging and
Validating Year 2000 Preparedness (GAO/T-GGD-99-56, March 11,
1999).

Year 2000 Computing Crisis: Defense Has Made Progress, But
Additional Management Controls Are Needed (GAO/T-AIMD-99-101,
March 2, 1999).

Year 2000 Computing Crisis: Readiness Status of the Department of
Health and Human Services (GAO/T-AIMD-99-92, February 26, 1999).

Defense Information Management: Continuing Implementation
Challenges Highlight the Need for Improvement (GAO/T-AIMD-99-93,
February 25, 1999).

IRS' Year 2000 Efforts: Status and Remaining Challenges (GAO/T-
GGD-99-35, February 24, 1999).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 24 GAO/T-AIMD-99-149

Department of Commerce: National Weather Service Modernization and
NOAA Fleet Issues (GAO/T-AIMD/GGD-99-97, February 24, 1999).

Year 2000 Computing Crisis: Medicare and the Delivery of Health
Services Are at Risk (GAO/T-AIMD-99-89, February 24, 1999).

Year 2000 Computing Crisis: Readiness of State Automated Systems
That Support Federal Human Services Programs (GAO/T-AIMD-99-91,
February 24, 1999).

Year 2000 Computing Crisis: Customs Is Effectively Managing Its
Year 2000 Program (GAO/T-AIMD-99-85, February 24, 1999).

Year 2000 Computing Crisis: Update on the Readiness of the Social
Security Administration (GAO/T-AIMD-99-90, February 24, 1999).

Year 2000 Computing Crisis: Challenges Still Facing the U.S.
Postal Service (GAO/T-AIMD-99-86, February 23, 1999).

Year 2000 Computing Crisis: The District of Columbia Remains
Behind Schedule (GAO/T-AIMD-99-84, February 19, 1999).

High-Risk Series: An Update (GAO/HR-99-1, January 1999). Year 2000
Computing Crisis: Status of Airports' Efforts to Deal With Date
Change Problem (GAO/RCED/AIMD-99-57, January 29, 1999).

Defense Computers: DOD's Plan for Execution of Simulated Year 2000
Exercises (GAO/AIMD-99-52R, January 29, 1999).

Year 2000 Computing Crisis: Status of Bureau of Prisons' Year 2000
Efforts (GAO/AIMD-99-23, January 27, 1999).

Year 2000 Computing Crisis: Readiness Improving, But Much Work
Remains to Avoid Major Disruptions (GAO/T-AIMD-99-50, January 20,
1999).

Year 2000 Computing Challenge: Readiness Improving, But Critical
Risks Remain (GAO/T-AIMD-99-49, January 20, 1999).

Status Information: FAA's Year 2000 Business Continuity and
Contingency Planning Efforts Are Ongoing (GAO/AIMD-99-40R,
December 4, 1998).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 25 GAO/T-AIMD-99-149

Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21,
November 1998).

Year 2000 Computing Crisis: Readiness of State Automated Systems
to Support Federal Welfare Programs (GAO/AIMD-99-28, November 6,
1998).

Year 2000 Computing Crisis: Status of Efforts to Deal With
Personnel Issues (GAO/AIMD/GGD-99-14, October 22, 1998).

Year 2000 Computing Crisis: Updated Status of Department of
Education's Information Systems (GAO/T-AIMD-99-8, October 8,
1998).

Year 2000 Computing Crisis: The District of Columbia Faces
Tremendous Challenges in Ensuring That Vital Services Are Not
Disrupted (GAO/T- AIMD-99-4, October 2, 1998).

Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).

Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-
98- 310, September 24, 1998).

Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
1998).

Year 2000 Computing Crisis: Significant Risks Remain to Department
of Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998).

Year 2000 Computing Crisis: Progress Made at Department of Labor,
But Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).

Year 2000 Computing Crisis: Federal Depository Institution
Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-
98-305, September 17, 1998).

Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure
Financial Institutions Are Fixing Systems But Challenges Remain
(GAO/AIMD-98- 248, September 17, 1998).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 26 GAO/T-AIMD-99-149

Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).

Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278,
September 3, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Reduce Likelihood of Adverse Impact (GAO/T-
AIMD-98-277, September 2, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276,
September 1, 1998).

Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-
162, August 28, 1998).

Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998).

Year 2000 Computing Crisis: Progress Made in Compliance of VA
Systems, But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).

Year 2000 Computing Crisis: Avoiding Major Disruptions Will
Require Strong Leadership and Effective Partnerships (GAO/T-AIMD-
98-267, August 19, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266,
August 17, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262,
August 13, 1998).

FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).

Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 27 GAO/T-AIMD-99-149

Internal Revenue Service: Impact of the IRS Restructuring and
Reform Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).

Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998).

Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998).

Defense Computers: Year 2000 Computer Problems Put Navy Operations
at Risk (GAO/AIMD-98-150, June 30, 1998).

Year 2000 Computing Crisis: Testing and Other Challenges
Confronting Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998).

Year 2000 Computing Crisis: Telecommunications Readiness Critical,
Yet Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16,
1998).

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998).

IRS' Year 2000 Efforts: Business Continuity Planning Needed for
Potential Year 2000 System Failures (GAO/GGD-98-138, June 15,
1998).

Year 2000 Computing Crisis: Actions Must Be Taken Now to Address
Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).

Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).

Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted (GAO/T-AIMD-
98-167, May 14, 1998).

Securities Pricing: Actions Needed for Conversion to Decimals
(GAO/T-GGD-98-121, May 8, 1998).

Year 2000 Computing Crisis: Continuing Risks of Disruption to
Social Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-
161, May 7, 1998).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 28 GAO/T-AIMD-99-149

IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7,
1998). Air Traffic Control: FAA Plans to Replace Its Host Computer
System Because Future Availability Cannot Be Assured (GAO/AIMD-98-
138R, May 1, 1998).

Year 2000 Computing Crisis: Potential for Widespread Disruption
Calls for Strong Leadership and Partnerships (GAO/AIMD-98-85,
April 30, 1998).

Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

Department of the Interior: Year 2000 Computing Crisis Presents
Risk of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22,
1998).

Tax Administration: IRS' Fiscal Year 1999 Budget Request and
Fiscal Year 1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31,
1998).

Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24,
1998).

Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-
98- 116, March 24, 1998).

Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts
to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
102, March 18, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Public/ Private Cooperation Needed to Avoid Major Disruptions
(GAO/T-AIMD-98-101, March 18, 1998).

Post-Hearing Questions on the Federal Deposit Insurance
Corporation's Year 2000 (Y2K) Preparedness (AIMD-98-108R, March
18, 1998).

SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/GGD/AIMD-98-51, March 6, 1998).

Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 29 GAO/T-AIMD-99-149

Year 2000 Computing Crisis: Federal Deposit Insurance
Corporation's Efforts to Ensure Bank Systems Are Year 2000
Compliant (GAO/T-AIMD-98-73, February 10, 1998).

Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent
Systems Failures (GAO/T-AIMD-98-63, February 4, 1998).

FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).

Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998).

Year 2000 Computing Crisis: Actions Needed to Address Credit Union
Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998).

Veterans Health Administration Facility Systems: Some Progress
Made In Ensuring Year 2000 Compliance, But Challenges Remain (GAO/
AIMD-98-31R, November 7, 1997).

Year 2000 Computing Crisis: National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-20, October 22, 1997).

Social Security Administration: Significant Progress Made in Year
2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22,
1997).

Defense Computers: Technical Support Is Key to Naval Supply Year
2000 Success (GAO/AIMD-98-7R, October 21, 1997).

Defense Computers: LSSC Needs to Confront Significant Year 2000
Issues (GAO/AIMD-97-149, September 26, 1997).

Veterans Affairs Computer Systems: Action Underway Yet Much Work
Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174, September
25, 1997).

Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach (GAO/T-AIMD-97-173, September 25, 1997).

Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14,
September 1997).

Appendix II GAO Reports and Testimony Addressing the Year 2000
Crisis

Page 30 GAO/T-AIMD-99-149

Defense Computers: SSG Needs to Sustain Year 2000 Progress
(GAO/AIMD-97-120R, August 19, 1997).

Defense Computers: Improvements to DOD Systems Inventory Needed
for Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997).

Defense Computers: Issues Confronting DLA in Addressing Year 2000
Problems (GAO/AIMD-97-106, August 12, 1997).

Defense Computers: DFAS Faces Challenges in Solving the Year 2000
Problem (GAO/AIMD-97-117, August 11, 1997).

Year 2000 Computing Crisis: Time Is Running Out for Federal
Agencies to Prepare for the New Millennium (GAO/T-AIMD-97-129,
July 10, 1997).

Veterans Benefits Computer Systems: Uninterrupted Delivery of
Benefits Depends on Timely Correction of Year-2000 Problems (GAO/
T-AIMD-97-114, June 26, 1997).

Veterans Benefits Computer Systems: Risks of VBA's Year-2000
Efforts (GAO/AIMD-97-79, May 30, 1997).

Medicare Transaction System: Success Depends Upon Correcting
Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May
16, 1997).

Medicare Transaction System: Serious Managerial and Technical
Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16,
1997).

Year 2000 Computing Crisis: Risk of Serious Disruption to
Essential Government Functions Calls for Agency Action Now (GAO/T-
AIMD-97-52, February 27, 1997).

Year 2000 Computing Crisis: Strong Leadership Today Needed To
Prevent Future Disruption of Government Services (GAO/T-AIMD-97-
51, February 24, 1997).

High-Risk Series: Information Management and Technology (GAO/HR-
97-9, February 1997).

(511752) Let t er

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary,
VISA and MasterCard credit cards are accepted, also.

Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.

Orders by mail: U.S. General Accounting Office P.O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512-6000 or by using
fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on how
to obtain these lists.

For information on how to access GAO reports on the INTERNET, send
an e-mail message with info in the body to:

[email protected] or visit GAO's World Wide Web Home Page at:
http://www.gao.gov

United States General Accounting Office Washington, D.C. 20548-
0001

Official Business Penalty for Private Use $300

Address Correction Requested Bulk Mail

Postage & Fees Paid GAO Permit No. GI00

*** End of document. ***