Year 2000 Computing Challenge: Important Progress Made, But Much Work
Remains to Avoid Disruption of Critical Services (Testimony, 08/14/1999,
GAO/T-AIMD-99-267).

Pursuant to a congressional request, GAO discussed the progress being
made in addressing the year 2000 computing challenge, focusing on: (1)
the federal government's progress and the challenges that remain in
correcting its systems; (2) state and local government year 2000 issues;
and (3) the readiness of key public infrastructure and economic sectors.

GAO noted that: (1) the public faces the risk that critical services
provided by the government and the private sector could be severely
disrupted by the year 2000 computing problem; (2) to meet this challenge
and monitor individual agency efforts, the Office of Management and
Budget (OMB) directed the major departments and agencies to submit
quarterly reports on their progress; (3) the federal government's most
recent reports show improvement in addressing the year 2000 problem; (4)
while much work remains, the federal government has significantly
increased its percentage of mission-critical systems that are reported
to be year 2000 compliant; (5) while this progress is notable, OMB
reported that 10 agencies have mission-critical systems that were not
yet compliant; (6) while the overall year 2000 readiness of the
government has improved, GAO's reviews of agency year 2000 programs have
found uneven progress; (7) some agencies had made good progress while
other agencies were significantly behind schedule but had taken actions
to improve their readiness; (8) on March 31, 1999, OMB and the Chair of
the President's Council on Year 2000 Conversion announced that one of
the key priorities that federal agencies will be pursuing during the
rest of 1999 will be cooperative end-to-end testing to demonstrate the
year 2000 readiness of federal programs with states and other partners;
(9) on January 26, 1999, OMB called on federal agencies to identify and
report on the high-level core business functions that are to be
addressed in their business and continuity plans; (10) according to an
OMB official, OMB has received plans from the 24 major agencies and it
will report on the plans' status in its next quarterly report; (11)
according to information on state year 2000 activities reported to the
National Association of State Information Resource Executives as of
August 3, 1999, states reported having thousands of mission-critical
systems; (12) with respect to completing the implementation phase for
these systems: (a) 2 states reported that they had completed between 25
and 49 percent; (b) 6 states reported completing between 50 and 74
percent; and (c) 38 states reported completing 75 percent or more; (13)
beyond the risks faced by federal, state, and local governments, the
year 2000 also poses a serious challenge to the public infrastructure,
key economic sectors, and to other countries; and (14) the Council
reported that important national systems will make a successful
transition to the year 2000 but that much work remains to be done.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-99-267
     TITLE:  Year 2000 Computing Challenge: Important Progress Made,
	     But Much Work Remains to Avoid Disruption of Critical
	     Services
      DATE:  08/14/1999
   SUBJECT:  Computer software verification and validation
	     Systems conversions
	     Y2K
	     Computer software
	     State-administered programs
	     Information resources management
	     Strategic information systems planning
	     Data integrity
	     Federal/state relations
	     Systems compatibility
IDENTIFIER:  Y2K

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
1-LG-BW logo.eps GAO United States General Accounting Office

Testimony Before the Subcommittee on Government Management,
Information and Technology, Committee on Government Reform, House
of Representatives

For Release on Delivery Expected at 10 a. m. PDT Saturday, August
14, 1999

YEAR 2000 COMPUTING CHALLENGE Important Progress Made, But Much
Work Remains to Avoid Disruption of Critical Services

Statement of Joel C. Willemssen Director, Civil Agencies
Information Systems Accounting and Information Management Division

GAO/T-AIMD-99-267

Page 1 GAO/T-AIMD-99-267

Mr. Chairman and Members of the Subcommittee: Thank you for
inviting us to participate in today's hearing on the Year 2000
problem. According to the report of the President's Commission on
Critical Infrastructure Protection, the United States with close
to half of

all computer capacity and 60 percent of Internet assets is the
world's most advanced and most dependent user of information
technology. 1 Should these systems which perform functions and
services critical to our nation suffer problems, it could create
widespread disruption. Accordingly, the upcoming change of century
is a sweeping and urgent challenge for public- and private- sector
organizations alike. Because of its urgent nature and the
potentially devastating impact it could have on critical
government operations, in February 1997 we designated the Year
2000 problem a high- risk area for the federal government. 2 Since
that time, we have issued over 130 reports and testimony
statements detailing specific findings and numerous
recommendations related to the

Year 2000 readiness of a wide range of federal agencies. 3 We have
also issued guidance to help organizations successfully address
the issue. 4 Today, I will highlight the Year 2000 risks facing
the nation, discuss the federal government's progress and
challenges that remain in correcting its systems, identify state
and local government Year 2000 issues, and provide

an overview of available information on the readiness of key
public infrastructure and economic sectors. 1 Critical
Foundations: Protecting America's Infrastructures (President's
Commission on Critical Infrastructure Protection, October 1997). 2
High- Risk Series: Information Management and Technology (GAO/HR-
97-9, February 1997). 3 A list of these publications is included
as an attachment to this statement. These publications can be
obtained through GAO's World Wide Web page at www. gao. gov/ y2kr.
htm.

4 Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD- 10.
1. 14, issued as an exposure draft in February 1997 and in final
form in September 1997), which addresses the key tasks needed to
complete each phase of a Year 2000 program (awareness, assessment,
renovation, validation, and implementation); Year 2000 Computing
Crisis: Business Continuity and Contingency Planning (GAO/ AIMD-
10.1.19, issued as an exposure draft in March 1998 and in final
form in August 1998), which describes the tasks needed to ensure
the continuity of agency operations; and Year 2000 Computing
Crisis: A Testing Guide (GAO/ AIMD- 10.1.21, issued as an exposure
draft in June 1998 and in final form in November 1998), which
discusses the need to plan and conduct Year 2000 tests in a
structured and disciplined fashion.

Letter

Page 2 GAO/T-AIMD-99-267

The Public Faces Risk of Year 2000 Disruptions The public faces
the risk that critical services provided by the government and the
private sector could be severely disrupted by the Year 2000

computing problem. Financial transactions could be delayed,
flights grounded, power lost, and national defense affected.
Moreover, America's infrastructures are a complex array of public
and private enterprises with many interdependencies at all levels.
These many interdependencies among governments and within key
economic sectors could cause a single failure to have adverse
repercussions in other sectors. Key sectors that could be
seriously affected if their systems are not Year 2000 compliant
include information and telecommunications; banking and finance;
health, safety, and emergency services; transportation; power and
water; and manufacturing and small business. The following are
examples of some of the major disruptions the public and private
sectors could experience if the Year 2000 problem is not
corrected.  With respect to aviation, there could be grounded or
delayed flights, degraded safety, customer inconvenience, and
increased airline costs. 5  Aircraft and other military equipment
could be grounded because the

computer systems used to schedule maintenance and track supplies
may not work. Further, the Department of Defense could incur
shortages of vital items needed to sustain military operations and
readiness. 6  Medical devices and scientific laboratory equipment
may experience problems beginning January 1, 2000, if their
software applications or embedded chips use two- digit fields to
represent the year. Recognizing the seriousness of the Year 2000
problem, on February 4, 1998, the President signed an executive
order that established the President's Council on Year 2000
Conversion, chaired by an Assistant to the President and
consisting of one representative from each of the executive
departments and from other federal agencies as may be determined
by the Chair. The Chair of the Council was tasked with the
following Year 2000 roles: (1) overseeing the activities of
agencies, (2) acting as chief spokesperson in national and
international forums, (3) providing policy

5 FAA Systems: Serious Challenges Remain in Resolving Year 2000
and Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998)
and Year 2000 Computing Crisis: FAA Is Making Progress But
Important Challenges Remain (GAO/ T- AIMD/ RCED- 99- 118, March
15, 1999). 6 Defense Computers: Year 2000 Computer Problems
Threaten DOD Operations (GAO/AIMD-98-72, April 30, 1998).

Letter

Page 3 GAO/T-AIMD-99-267

coordination of executive branch activities with state, local, and
tribal governments, and (4) promoting appropriate federal roles
with respect to private- sector activities.

Improvements Made But Much Work Remains Addressing the Year 2000
problem is a tremendous challenge for the federal

government. Many of the federal government's computer systems were
originally designed and developed 20 to 25 years ago, are poorly
documented, and use a wide variety of computer languages, many of
which are obsolete. Some applications include thousands, tens of
thousands, or even millions of lines of code, each of which must
be examined for date- format problems. To meet this challenge and
monitor individual agency efforts, the Office of Management and
Budget (OMB) directed the major departments and agencies to submit
quarterly reports on their progress, beginning May 15, 1997. These
reports contain information on where agencies stand with respect
to the assessment, renovation, validation, and implementation of
mission- critical systems, as well as other management information
on items such as costs and business continuity and contingency
plans. The federal government's most recent reports show
improvement in addressing the Year 2000 problem. While much work
remains, the federal government has significantly increased its
percentage of mission- critical systems that are reported to be
Year 2000 compliant, as figure 1 illustrates. In particular, while
the federal government did not meet its goal of having all
mission- critical systems compliant by March 1999, as of mid- May
1999,

93 percent of these systems were reported compliant.

Page 4 GAO/T-AIMD-99-267

Figure 1: Mission- Critical Systems Reported Year 2000 Compliant,
May 1997 Through May 1999

Source: May 1997 through May 1999 data are from the OMB quarterly
reports.

While this reported progress is notable, OMB also noted that 10
agencies have mission- critical systems that were not yet
compliant. 7 In addition, as we testified in April, some of the
systems that were not yet compliant support vital government
functions. 8 For example, some of the systems that were not
compliant were among the 26 mission- critical systems that the
Federal Aviation Administration (FAA) has identified as posing the
greatest risk to the National Airspace System the network of
equipment, facilities, and information that supports U. S.
aviation operations.

Additionally, not all systems have undergone an independent
verification and validation process. For example, in April 1999
the Department of Commerce awarded a contract for independent
verification and validation reviews of approximately 40 mission-
critical systems that support that 7 The 10 agencies were the
Departments of Agriculture, Commerce, Defense, Energy, Health and
Human Services, Justice, Transportation, and the Treasury and the
National Aeronautics and Space Administration and the U. S. Agency
for International Development.

8 Year 2000 Computing Challenge: Federal Government Making
Progress But Critical Issues Must Still Be Addressed to Minimize
Disruptions (GAO/T-AIMD-99-144, April 14, 1999).

93% 79%

61% 21% 19%

27% 35%

50% 40%

0% 10%

20% 30%

40% 50%

60% 70%

80% 90%

100% May- 97 Aug- 97 Nov- 97 Feb- 98 May- 98 Aug- 98 Nov- 98 Feb-
99 May- 99

Page 5 GAO/T-AIMD-99-267

department's most critical business processes. These reviews are
to continue through the summer of 1999. In some cases, independent
verification and validation of compliant systems have found
serious problems. For example, as we testified this past February,
9 none of 54 external mission- critical systems of the Health Care
Financing Administration reported by the Department of Health and
Human Services (HHS) as compliant as of December 31, 1998, was
Year 2000 ready at that time, based on serious qualifications
identified by the independent verification and validation
contractor. Reviews Show Uneven

Federal Agency Progress While the overall Year 2000 readiness of
the government has improved, our reviews of federal agency Year
2000 programs have found uneven progress. Some agencies had made
good progress while other agencies were significantly behind
schedule but had taken actions to improve their readiness. For
example:

 In October 1997, we reported that while the Social Security
Administration (SSA) had made significant progress in assessing
and renovating mission- critical mainframe software, certain areas
of risk in its Year 2000 program remained. 10 Accordingly, we made
several recommendations to address these risk areas, which
included the Year 2000 compliance of the systems used by the 54
state Disability Determination Services 11 that help administer
the disability programs. SSA agreed with these recommendations
and, in July 1999, we reported that actions to implement these
recommendations had either been taken or were underway. 12 For
example, regarding the state Disability

Determination Services systems, SSA enhanced its monitoring and
oversight by establishing a full- time project team, designating
project managers and coordinators, and requesting biweekly
reports. While actions such as these demonstrated SSA's leadership
in addressing the Year 2000 problem, it still needed to complete
critical tasks to ensure

9 Year 2000 Computing Crisis: Readiness Status of the Department
of Health and Human Services (GAO/T-AIMD-99-92, February 26,
1999). 10 Social Security Administration: Significant Progress
Made in Year 2000 Effort, But Key Risks Remain (GAO/AIMD-98-6,
October 22, 1997). 11 These include the systems in all 50 states,
the District of Columbia, Guam, Puerto Rico, and the Virgin
Islands. 12 Social Security Administration: Update on Year 2000
and Other Key Information Technology Initiatives (GAO/T-AIMD-99-
259, July 29, 1999).

Page 6 GAO/T-AIMD-99-267

readiness, including (1) ensuring the compliance of all external
data exchanges, (2) completing tasks outlined in its contingency
plans, (3) certifying the compliance of one remaining mission-
critical system, (4) completing hardware and software upgrades in
the Office of Telecommunications and Systems Operations, and (5)
correcting date field errors identified through its quality
assurance process.  In May 1999, we testified 13 that the
Department of Education had made progress toward addressing the
significant risks we had identified in September 1998 14 related
to systems testing, exchanging data with internal and external
partners, and developing business continuity and contingency
plans. Nevertheless, work remained ongoing in these

areas. For example, Education had scheduled a series of tests with
its data exchange partners, such as schools, through the early
part of the fall. Tests such as these are important since
Education's student financial aid environment is very large and
complex, including over 7,000 schools, 6,500 lenders, and 36
guaranty agencies, as well as other federal agencies; we have
reported that Education has experienced serious data integrity
problems in the past. 15 Accordingly, our May

testimony stated that Education needed to continue end- to- end
testing of critical business processes involving Education's
internal systems and its external data exchange partners and
continue its outreach

activities with schools, guaranty agencies, and other participants
in the student financial aid community.  Our work has shown that
the Department of Defense and the military services face
significant problems. 16 This March we testified that despite
considerable progress made in the preceding 3 months, the
Department of Defense was still well behind schedule. 17 We found
that the department faced two significant challenges: (1)
completing

13 Year 2000 Computing Challenge: Education Taking Needed Actions
But Work Remains (GAO/T-AIMD-99-180, May 12, 1999). 14 Year 2000
Computing Crisis: Significant Risks Remain to Department of
Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998). 15 Student Financial Aid Information: Systems
Architecture Needed to Improve Programs' Efficiency (GAO/AIMD-97-
122, July 29, 1997). 16 Defense Computers: Year 2000 Computer
Problems Put Navy Operations at Risk (GAO/AIMD-98-150, June 30,
1998); Defense Computers: Army Needs to Greatly Strengthen Its
Year 2000 Program (GAO/AIMD-98-53, May 29, 1998); GAO/AIMD-98-72,
April 30, 1998; and Defense Computers:

Air Force Needs to Strengthen Year 2000 Oversight (GAO/AIMD-98-35,
January 16, 1998). 17 Year 2000 Computing Crisis: Defense Has Made
Progress, But Additional Management Controls Are Needed (GAO/T-
AIMD-99-101, March 2, 1999).

Page 7 GAO/T-AIMD-99-267

remediation and testing of its mission- critical systems and (2)
having a reasonable level of assurance that key processes will
continue to work on a day- to- day basis and key operational
missions necessary for national defense can be successfully
accomplished. We concluded that such assurance could only be
provided if Defense took steps to improve its visibility over the
status of key business processes. End- to- End Testing Must Be
Completed

While it is important to achieve compliance for individual
mission- critical systems, realizing such compliance alone does
not ensure that business functions will continue to operate
through the change of century the ultimate goal of Year 2000
efforts. The purpose of end- to- end testing is to verify that a
defined set of interrelated systems, which collectively support an
organizational core business area or function, will work as
intended in an operational environment. In the case of the year
2000, many systems in the end- to- end chain will have been
modified or replaced. As a result, the scope and complexity of
testing and its importance are dramatically

increased, as is the difficulty of isolating, identifying, and
correcting problems. Consequently, agencies must work early and
continually with their data exchange partners to plan and execute
effective end- to- end tests. (Our Year 2000 testing guide sets
forth a structured approach to testing, including end- to- end
testing. 18 )

In January, we testified that with the time available for end- to-
end testing diminishing, OMB should consider, for the government's
most critical functions, setting target dates, and having agencies
report against them, for the development of end- to- end test
plans, the establishment of test schedules, and the completion of
the tests. 19 On March 31, OMB and the Chair of the President's
Council on Year 2000 Conversion announced that one of the key
priorities that federal agencies will be pursuing during the rest
of 1999 will be cooperative end- to- end testing to demonstrate
the Year 2000 readiness of federal programs with states and other
partners.

Agencies have also acted to address end- to- end testing. For
example, our March FAA testimony 20 found that the agency had
addressed our prior 18 GAO/ AIMD- 10.1.21, November 1998. 19 Year
2000 Computing Crisis: Readiness Improving, But Much Work Remains
to Avoid Major Disruptions (GAO/T-AIMD-99-50, January 20, 1999).
20 GAO/ T- AIMD/ RCED- 99- 118, March 15, 1999.

Page 8 GAO/T-AIMD-99-267

concerns about the lack of detail in its draft end- to- end test
program plan and had developed a detailed end- to- end testing
strategy and plans. 21 Also, in June 1999 we reported 22 that the
Department of Defense had underway or planned hundreds of related
Year 2000 end- to- end test and evaluation activities and that,
thus far, it was taking steps to ensure that these related end-
to- end tests were effectively coordinated. However, we concluded
that the Department of Defense was far from successfully finishing
its various

Year 2000 end- to- end test activities and that it must complete
efforts to establish end- to- end management controls, such as
establishing an independent quality assurance program. Business
Continuity and Contingency Plans Are Needed

Business continuity and contingency plans are essential. Without
such plans, when unpredicted failures occur, agencies will not
have well- defined responses and may not have enough time to
develop and test alternatives. Federal agencies depend on data
provided by their business partners as well as on services
provided by the public infrastructure (e. g., power, water,
transportation, and voice and data telecommunications). One weak
link anywhere in the chain of critical dependencies can cause
major disruptions to business operations. Given these
interdependencies, it is imperative that contingency plans be
developed for all critical core

business processes and supporting systems, regardless of whether
these systems are owned by the agency. Accordingly, in April 1998
we recommended that the Council require agencies to develop
contingency plans for all critical core business processes. 23

OMB has clarified its contingency plan instructions and, along
with the Chief Information Officers Council, has adopted our
business continuity and contingency planning guide. 24 In
particular, on January 26, 1999, OMB called on federal agencies to
identify and report on the high- level core

business functions that are to be addressed in their business
continuity and contingency plans, as well as to provide key
milestones for development and testing of such plans in their
February 1999 quarterly reports. In 21 GAO/T-AIMD-98-251, August
6, 1998. 22 Defense Computers: Management Controls Are Critical to
Effective Year 2000 Testing (GAO/AIMD-99-172, June 30, 1999). 23
Year 2000 Computing Crisis: Potential for Widespread Disruption
Calls for Strong Leadership and Partnerships (GAO/AIMD-98-85,
April 30, 1998). 24 GAO/ AIMD- 10.1.19, August 1998.

Page 9 GAO/T-AIMD-99-267

addition, on May 13 OMB required agencies to submit high- level
versions of these plans by June 15. According to an OMB official,
OMB has received plans from the 24 major departments and agencies.
This official stated that OMB planned to review the plans, discuss
them with the agencies, determine whether there were any common
themes, and report on the

plans' status in its next quarterly report. To provide assurance
that agencies' business continuity and contingency plans will work
if needed, on January 20 we suggested that OMB may want to
consider requiring agencies to test their business continuity
strategy and

set a target date, such as September 30, 1999, for the completion
of this validation. 25 Our review of the 24 major departments and
agencies' May 1999 quarterly reports found 14 cases in which
agencies did not identify test dates for their business continuity
and contingency plans or reported test dates subsequent to
September 30, 1999.

On March 31, OMB and the Chair of the President's Council
announced that completing and testing business continuity and
contingency plans as insurance against disruptions to federal
service delivery and operations from Year 2000- related failures
will be one of the key priorities that federal agencies will be
pursuing through the rest of 1999. Accordingly, OMB should
implement our suggestion and establish a target date for the
validation of agency business continuity and contingency plans.
Our reviews of specific agency business continuity and contingency
plans have found that agencies are in varying stages of
completion. For example:  We testified in July 1999 that SSA was
in the process of testing all of its contingency plans, with
expected completion in September. 26 In

addition, SSA planned to assist the Department of the Treasury in
developing alternative disbursement processes for problematic
financial institutions.  This June, we testified that the U. S.
Customs Service had implemented sound management processes for
developing business continuity and contingency plans and was in
the process of testing its plans. 27 Customs

expected to complete contingency plan testing by October 1999. 25
GAO/T-AIMD-99-50, January 20, 1999. 26 GAO/T-AIMD-99-259, July 29,
1999. 27 Year 2000 Computing Crisis: Customs Is Making Good
Progress (GAO/T-AIMD-99-225, June 29, 1999).

Page 10 GAO/T-AIMD-99-267

 In May 1999, we reported 28 that the Department of Agriculture's
component agencies were actively engaged in developing business
continuity and contingency plans but that much work remained to
complete and test these plans. Further, its December 1999
departmentwide goal of completing business continuity and
contingency plans left no room for delays or sufficient time for
correcting, revising, and retesting plans, if necessary.
Consequently, we recommended that the Department of Agriculture
advance its time frame to no later than September 30, 1999, and
develop priorities for completing and testing business continuity
and contingency plans that are aligned with the department's
highest priority business processes, to ensure that remaining work
addresses these processes first. The

Department of Agriculture's Chief Information Officer stated that
the department planned to implement our recommendations.  This
June, we reported 29 that the General Services Administration had
completed its telecommunications business continuity and
contingency

plan in September 1998. However, we made several suggestions for
enhancing this plan, including that the General Services
Administration work with its customers to ensure that the
customers' business continuity and contingency plans are fully
coordinated with the General Services Administration's plan and
that it consider the possibility of partial loss of service. The
General Services Administration agreed to implement our
suggestions.

OMB Action Could Help Ensure Business Continuity of High- Impact
Programs While individual agencies have been identifying and
remediating

mission- critical systems, the government's future actions need to
be focused on its high- priority programs and ensuring the
continuity of these programs, including the continuity of federal
programs that are administered by states. Accordingly,
governmentwide priorities need to be based on such criteria as the
potential for adverse health and safety effects, adverse financial
effects on American citizens, detrimental effects on national
security, and adverse economic consequences. In April 1998 we
recommended that the President's Council on Year 2000 Conversion

28 Year 2000 Computing Crisis: USDA Needs to Accelerate Time
Frames for Completing Contingency Planning (GAO/AIMD-99-178, May
21, 1999). 29 GSA's Effort to Develop Year 2000 Business
Continuity and Contingency Plans for Telecommunications Systems
(GAO/AIMD-99-201R, June 16, 1999).

Page 11 GAO/T-AIMD-99-267

establish governmentwide priorities and ensure that agencies set
agencywide priorities. 30 On March 26, OMB implemented our
recommendation by issuing a memorandum to federal agencies
designating lead agencies for the government's 42 high- impact
programs (e. g., food stamps, Medicare, and federal electric power
generation and delivery). (OMB later added a

43rd high- impact program the Department of Justice's National
Crime Information Center.) Appendix I lists these programs and
their lead agencies. For each program, the lead agency was charged
with identifying to OMB the partners integral to program delivery;
taking a leadership role

in convening those partners; assuring that each partner has an
adequate Year 2000 plan and, if not, helping each partner without
one; and developing a plan to ensure that the program will operate
effectively. According to OMB, such a plan might include testing
data exchanges across partners, developing complementary business
continuity and contingency plans, sharing key information on
readiness with other

partners and the public, and taking other steps necessary to
ensure that the program will work. OMB directed the lead agencies
to provide a schedule and milestones of key activities in their
plans by April 15. OMB also asked agencies to provide monthly
progress reports. As you know, we are currently reviewing
agencies' progress in ensuring the readiness of their high- impact
programs for this Subcommittee.

State and Local Governments Face Significant Year 2000 Risks Just
as the federal government faces significant Year 2000 risks, so
too do state and local governments. If the Year 2000 problem is
not properly addressed, for example, (1) food stamps and other
types of payments may

not be made or could be made for incorrect amounts, (2) date-
dependent signal timing patterns could be incorrectly implemented
at highway intersections, with safety severely compromised, and
(3) prisoner release or parole eligibility determinations may be
adversely affected. Nevertheless, available information on the
Year 2000 readiness of state and local governments indicates that
much work remains. According to information on state Year 2000
activities reported to the

National Association of State Information Resource Executives as
of 30 GAO/AIMD-98-85, April 30, 1998.

Page 12 GAO/T-AIMD-99-267

August 3, 1999, 31 states 32 reported having thousands of mission-
critical systems. 33 With respect to completing the implementation
phase for these systems,  2 states 34 reported that they had
completed between 25 and 49 percent,

 6 states 35 reported completing between 50 and 74 percent,  38
states 36 reported completing between 75 and 99 percent, and  3
states reported completing the implementation phase for all
mission- critical systems. 37 All of the states responding to the
National Association of State

Information Resource Executives survey reported that they were
actively engaged in internal and external contingency planning and
that they had established target dates for the completion of these
plans; 14 states

(28 percent) reported the deadline as October 1999 or later. State
audit organizations have also identified significant Year 2000
concerns. In January, the National State Auditors Association
reported on the results of its mid- 1998 survey of Year 2000
compliance among states. 38 This report stated that for the 12
state audit organizations that provided

Year 2000- related reports, concerns had been raised in areas such
as 31 Individual states submit periodic updates to the National
Association of State Information Resource Executives. For the
August 3 report, over three quarters of the states submitted their
data after July 1, 1999. The oldest data were provided on March 11
and the most recent data on August 2.

32 In the context of the National Association of State Information
Resource Executives survey, the term states includes the District
of Columbia and Puerto Rico. 33 Mission- critical systems were
defined as those that a state had identified as priorities for
prompt remediation. 34 One state reported on its mission- critical
systems and one state reported on its processes. 35 Five states
reported on their mission- critical systems and one reported on
all systems. 36 Thirty- one states reported on their mission-
critical systems, 2 states reported on their applications, 1
reported on its priority business activities, 1 reported on its
critical compliance units, 1 reported on all systems, 1 reported
on functions, and 1 reported on projects. 37 Two states did not
respond to the survey and one did not respond to this question. 38
Year 2000: State Compliance Efforts (National State Auditors
Association, January 1999).

Page 13 GAO/T-AIMD-99-267

planning, testing, embedded systems, business continuity and
contingency planning, and the adequacy of resources to address the
problem. We identified additional products by 17 state- level
audit organizations and Guam that discussed the Year 2000 problem
and that had been issued since

October 1, 1998. Several of these state- level audit organizations
noted that progress had been made. However, the audit
organizations also expressed concerns that were consistent with
those reported by the National State Auditors Association. For
example:  In December 1998 the Vermont State Auditor reported 39
that the state

Chief Information Officer did not have a comprehensive control
list of the state's information technology systems. Accordingly,
the audit office stated that even if all mission- critical state
systems were checked, these systems could be endangered by
information technology components that had not been checked or by
linkages with the state's external electronic partners.

 In April, New York's Division of Management Audit and State
Financial Services reported that state agencies did not adequately
control the critical process of testing remediated systems. 40
Further, most agencies were in the early stages of addressing
potential problems related to data exchanges and embedded systems
and none had completed substantive

work on contingency planning. The New York audit office
subsequently issued 27 reports on individual mission- critical and
high- priority systems that included concerns about, for example,
contingency planning and testing.  In August, the Mississippi
Office of the State Auditor reported that while

some state agencies had developed limited contingency plans,
others had not done so. 41  In March, North Carolina's State
Auditor reported 42 that resource restrictions had limited the
state's Year 2000 Project Office's ability to verify data reported
by state agencies. 39 Vermont State Auditor's Report on State
Government's Year 2000 Preparedness (Y2K Compliance) for the
Period Ending November 1, 1998 (Office of the State Auditor,
December 31, 1998). 40 New York's Preparation for the Year 2000: A
Second Look (Office of the State Comptroller, Division of
Management Audit and State Financial Services, Report 98- S- 21,
April 5, 1999).

41 A Performance Review of the Year 2000 (Y2K) Computer Problem:
State and Local Government (Office of the State Auditor, State of
Mississippi, August 5, 1999). 42 Department of Commerce,
Information Technology Services Year 2000 Project Office (Office
of the State Auditor, State of North Carolina, March 18, 1999).

Page 14 GAO/T-AIMD-99-267

With respect to California, in February, the California State
Auditor reported 43 that state agencies were making progress in
ensuring the uninterrupted delivery of critical services but that
many of the 14 agencies that provide the most critical services
had not completed their Year 2000

efforts. Eleven agencies had not completely tested their computer
systems and 7 had not corrected or replaced embedded systems. For
example, key agencies responsible for emergency services,
corrections, and water resources had not fully addressed embedded
technology- related threats. Regarding emergency services, the
California report stated that if remediation of the embedded
technology in its networks was not completed, the Office of
Emergency Services might have to rely on cumbersome manual
processes, significantly increasing response time to disasters.

It is also essential that local government systems be ready for
the change of century since critical functions involving, for
example, public safety and traffic management are performed at the
local level. Recent reports on local governments have highlighted
Year 2000 concerns. For example:  On July 15, we reported on the
reported Year 2000 status of the 21 largest U. S. cities. 44 On
average, cities reported completing work for 45 percent of the key
service areas in which they have responsibility. In

addition, 2 cities reported that they had completed their Year
2000 efforts, 9 cities expected to complete their Year 2000
preparations by September 30, 1999, and the remaining 10 cities
expected to complete their preparation by December 31. 45 In
addition, 7 cities reported completing Year 2000 contingency
plans, while 14 cities reported that their plans were still being
developed.

 On July 9, the National League of Cities reported on its survey
of 403 cities conducted in April 1999. This survey found that (1)
92 percent of cities had a citywide Year 2000 plan, (2) 74 percent
had completed their assessment of critical systems, and (3) 66
percent had prepared contingency plans. (Of those that had not
completed such plans, about half stated that they were planning to
develop one.) In addition, 43 Year 2000 Computer Problem: The
State's Agencies Are Progressing Toward Compliance but Key Steps
Remain Incomplete (California State Auditor, February 18, 1999).
44 Reported Y2K Status of the 21 Largest U. S. Cities (GAO/AIMD-
99-246R, July 15, 1999). 45 In most cities, the majority of city
services are scheduled to be completed before this completion
date. For example, Los Angeles plans to have all key city systems
ready by September 30, except for its wastewater treatment
systems, which are expected to be completed in November.

Page 15 GAO/T-AIMD-99-267

92 percent of the cities reported that they expect that all of
their critical systems will be compliant by January 1, 2000; 5
percent expected to have completed between 91 and 99 percent, and
3 percent expected to have completed between 81 and 90 percent of
their critical systems by January 1.  On June 23, the National
Association of Counties announced the results of its April survey
of 500 randomly selected counties. This survey found that (1) 74
percent of respondents had a countywide plan to address

Year 2000 issues, (2) 51 percent had completed system assessments,
and (3) 27 percent had completed system testing. In addition, 190
counties had prepared contingency plans and 289 had not. Further,
of the 114 counties reporting that they planned to develop Year
2000 contingency plans, 22 planned to develop the plan in April-
June, 64 in July- September, 18 in October- December, and 10 did
not yet know.

Of critical importance to the nation are services essential to the
safety and well- being of individuals across the country, namely
9- 1- 1 systems and law enforcement. For the most part,
responsibility for ensuring continuity of service for 9- 1- 1
calls and law enforcement resides with thousands of state and
local jurisdictions. On April 29, we testified that not enough was
known about the status of either 9- 1- 1 systems or of state and
local law enforcement activities to conclude about either's
ability during the transition to the year 2000 to meet the public
safety and well- being needs of local communities across the
nation. 46 While the federal government planned additional actions
to determine the status of these areas, we stated that the
President's Council on Year 2000 Conversion should use such

information to identify specific risks and develop appropriate
strategies and contingency plans to respond to those risks. We
subsequently reported 47 that the Federal Emergency Management
Agency and the Department of Justice have worked to increase the
response rate to a survey of public safety organizations. As of
June 30, 1999, of the over 2,200 9- 1- 1 sites responding, 37
percent reported that they were ready for the year 2000. Another
55 percent responded that they

expected to be Year 2000 compliant in time for the change of
century. 46 Year 2000 Computing Challenge: Status of Emergency and
State and Local Law Enforcement Systems Is Still Unknown (GAO/T-
AIMD-99-163, April 29, 1999). 47 Emergency and State and Local Law
Enforcement Systems: Committee Questions Concerning Year 2000
Challenges (GAO/AIMD-99-247R, July 14, 1999).

Page 16 GAO/T-AIMD-99-267

Recognizing the seriousness of the Year 2000 risks facing state
and local governments, the President's Council has developed
initiatives to address the readiness of state and local
governments. For example:  The Council established working groups
on state and local governments and tribal governments.  Council
officials participate in monthly multistate conference calls.  In
July 1998 and March 1999, the Council, in partnership with the
National Governors' Association, convened Year 2000 summits with
state and U. S. territory Year 2000 coordinators.  On May 24, the
Council announced a nationwide campaign to promote

Y2K Community Conversations to support and encourage efforts of
government officials, business leaders, and interested citizens to
share information on their progress. To support this initiative,
the Council has developed and is distributing a toolkit that
provides examples of which sectors should be represented at these
events and issues that should be addressed.

State- Administered Federal Human Services Programs Are at Risk
Among the critical functions performed by states are the
administration of federal human services programs. As we reported
in November 1998, many systems that support state- administered
federal human services programs were at risk, and much work
remained to ensure that services would continue. 48 In February of
this year, we testified that while some progress had been
achieved, many states' systems were not scheduled to become

compliant until the last half of 1999. 49 Accordingly, we
concluded that given these risks, business continuity and
contingency planning was even more important in ensuring
continuity of program operations and benefits in the event of
systems failures. Subsequent to our November 1998 report, OMB
directed federal oversight agencies to include the status of
selected state human services systems in their quarterly reports.
Specifically, in January 1999, OMB requested that agencies
describe actions to help ensure that federally supported, state-
run programs will be able to provide services and benefits. OMB
further asked

48 Year 2000 Computing Crisis: Readiness of State Automated
Systems to Support Federal Welfare Programs (GAO/AIMD-99-28,
November 6, 1998). 49 Year 2000 Computing Crisis: Readiness of
State Automated Systems That Support Federal Human Services
Programs (GAO/T-AIMD-99-91, February 24, 1999).

Page 17 GAO/T-AIMD-99-267

that agencies report the date when each state's systems will be
Year 2000 compliant. Table 1 summarizes the latest information on
state- administered federal human services programs reported by
OMB on June 15, 1999. 50 This information was gathered, but not
verified, by the Departments of Agriculture, HHS, and Labor. 51 It
indicates that while many states reported their programs to be
compliant, a number of states did not plan to complete Year 2000
efforts until the last quarter of 1999. For example, eight states
did not expect to be compliant until the last quarter of 1999 for
Child Support Enforcement, five states for Unemployment Insurance,
and four

states for Child Nutrition. Moreover, Year 2000 readiness
information was unknown in many cases. For example, according to
OMB, the status of 32 states' Low Income Home Energy Assistance
programs was unknown because applicable readiness information was
not available.

50 For Medicaid, OMB reports on the two primary systems that
states use to administer the program: (1) the Integrated
Eligibility System, to determine whether an individual applying
for Medicaid meets the eligibility criteria for participation, and
(2) the Medicaid Management Information System, to process claims
and deliver payments for services rendered. Integrated eligibility
systems are also often used to determine eligibility for other
public assistance programs, such as Food Stamps. 51 The Department
of Agriculture oversees the Child Nutrition, Food Stamp, and the
Women, Infants, and Children programs. HHS oversees the Child
Care, Child Support Enforcement, Child Welfare, Low Income Home
Energy Assistance, Medicaid, and Temporary Assistance for Needy
Families programs. The Department of Labor oversees the
Unemployment Insurance program.

Page 18 GAO/T-AIMD-99-267

Table 1: Reported State- Level Readiness for Federally Supported
Programs

Note: This table contains readiness information from the 50
states, the District of Columbia, Guam, Puerto Rico, and the
Virgin Islands. a According to OMB, the information regarding
Child Care, Child Support Enforcement, the Low Income Home Energy
Assistance Program, Medicaid, and Temporary Assistance for Needy
Families was as of January 31, 1999; and the information for Child
Nutrition, Food Stamps, and Women, Infants and

Children was as of March 1999. However, OMB provided a draft table
to the National Association of State Information Resource
Executives, which, in turn, provided the draft table to the
states. The states were asked to contact HHS and Agriculture and
provide corrections by June 1, 1999. For their part, HHS and
Agriculture submitted updated state data to OMB in early June. The
information regarding Unemployment Insurance was as of March 31,
1999. b In many cases, the report indicated a date instead of
whether the state was compliant. We assumed

that states reporting completion dates in 1998 or earlier were
compliant. c Unknown indicates that according to OMB, the data
reported by the states were unclear or that no information was
reported by the agency.

d N/ A indicates that the states or territories reported that the
data requested were not applicable to them. Source: Progress on
Year 2000 Conversion: 9th Quarterly Report (OMB, issued on June
15, 1999).

Although many states have reported their state- administered
programs to be compliant, additional work beyond individual system
completion likely remains, such as end- to- end testing. For
example, of the states that OMB reported as having compliant
Medicaid management information and/ or integrated eligibility
systems, at least four and five states, respectively, had not
completed end- to- end testing. Expected Date of 1999 Compliance
Program a Compliant b Jan. March

AprilJune JulySept. Oct. Dec.

Unknown c N/ A d

Child Nutrition 29 0 9 10 4 2 0 Food Stamps 25 0 12 14 3 0 0
Women, Infants, and Children 33 0 11 7 3 0 0 Child Care 24 5 5 8 2
6 4 Child Support Enforcement 15 4 13 8 8 6 0 Child Welfare 20 5 9
11 3 5 1 Low Income Home Energy Assistance Program 10 0 3 7 1 32 1

Medicaid  Integrated Eligibility System 20 0 15 15 4 0 0

Medicaid  Management Information System 17 0 19 14 4 0 0

Temporary Assistance for Needy Families 19 3 12 15 1 4 0

Unemployment Insurance 27 0 11 10 5 0 1

Page 19 GAO/T-AIMD-99-267

In addition to obtaining state- reported readiness status
information for OMB, the three federal departments are taking
other actions to assess the ability of state- administered
programs to continue into the next century. However, as table 2
shows, the approaches of the three departments in assessing the
readiness of state- administered federal human services programs
vary significantly. For example, HHS' Health Care Financing

Administration (HCFA) hired a contractor to perform comprehensive
on- site reviews in all states, some more than once, using a
standard methodology. Agriculture's Food and Nutrition Service
(FNS) approach includes such actions as having regional offices
monitor state Year 2000 efforts and obtaining state certifications
of compliance. The Department of Labor is relying on its regional
offices to monitor state Year 2000 efforts as well as requiring
states to obtain and submit independent verification and
validation reports after declaring their systems compliant.

Page 20 GAO/T-AIMD-99-267

Table 2: Number and Types of Assessments Performed Areas covered
by assessments

Agency/ program Number of states assessed Project management/
planning Test plans/ results Business continuity and

contingency plans (BCCP)

Agriculture/ Child Nutrition Program Component entity's regional
offices are monitoring all states' efforts

Varies by region Varies by region Varies by region Agriculture/
Food Stamps Component entity's

regional offices are monitoring all states' efforts

Varies by region Varies by region Varies by region Agriculture/
Women, Infants, and Children Component entity's

regional offices are monitoring all states' efforts

Varies by region Varies by region Varies by region HHS/ Child Care
As of July 2, a

contractor had conducted on- site reviews of 20 states

Yes Yes all visits included reviews of test plans and, where
applicable, test results

Partial on- site visits included reviews of states' BCCP
processes, but not their content

HHS/ Child Support Enforcement As of July 2, a contractor had
conducted on- site reviews of 20 states

Yes Yes all visits included reviews of test plans and, where
applicable, test results

Partial on- site visits included reviews of states' BCCP
processes, but not their content

HHS/ Child Welfare As of July 2, a contractor had conducted on-
site reviews of 20 states

Yes Yes all visits included reviews of test plans and, where
applicable, test results

Partial on- site visits included reviews of states' BCCP
processes, but not their content

HHS/ Low Income Housing Energy Assistance Program

As of July 2, a contractor had conducted on- site reviews of 20
states

Yes Yes all visits included reviews of test plans and, where
applicable, test results

Partial on- site visits included reviews of states' BCCP
processes, but not their content

HHS/ Medicaid A contractor conducted on- site reviews of 50 states
and the District of Columbia once, and, as of June 30, the

contractor had conducted follow- up reviews of 14 states

Yes Yes all visits included reviews of test plans and, where
applicable, test results

Partial Initial visits included reviews of states' BCCP processes,
and as of July 9, a contractor had reviewed the content of 42
states' BCCPs, either on site or at headquarters

HHS/ Temporary Assistance for Needy Families As of July 2, a

contractor had conducted on- site reviews of 20 states

Yes Yes all visits included reviews of test plans and, where
applicable, test results

Partial on- site visits included reviews of states' BCCP
processes, but not their content

Labor/ Unemployment Insurance Labor's regional offices are
monitoring all states' efforts

Unknown not specifically addressed in methodology Unknown not
specifically addressed in methodology

Reviews ongoing

Page 21 GAO/T-AIMD-99-267

In addition to the completed reviews, all of the departments have
ongoing initiatives to ensure that state- administered human
services programs will continue to function past the change of
century. These initiatives are part of the departments' overall
strategies to ensure the continued delivery of these high- impact
programs. For example:  In June 1999, the Department of
Agriculture's FNS required its regions to provide for each program
a copy of either a state letter certifying that it was Year 2000
compliant or a business continuity and contingency plan. As of
June 18, 1999, FNS had received (1) 9 certifications and 7
business continuity and contingency plans for Child Nutrition, (2)
12

certifications and 16 business continuity and contingency plans
for Food Stamps, and (3) 23 certifications and 23 business
continuity and contingency plans for Women, Infants, and Children.
In addition, to help states' Year 2000 efforts, FNS employed a
contractor to conduct on- site visits to 20 states for one or more
programs. As of July 9, FNS officials told us 16 states had been
visited. With respect to the scope of these visits, FNS' regional
offices determine for each state and program what specific areas
it should encompass. These visits are principally intended to
provide technical assistance to the states in areas such as Year
2000

project management, hardware and software testing, and contingency
planning.  In its initial round of on- site reviews conducted
between November 1998

and April 1999, the contractor hired by HHS' HCFA (1) identified
barriers to successful remediation, (2) made recommendations to
address specific areas of concern, and (3) placed Medicaid
integrated eligibility and management information systems into
low, medium, or high risk categories. HCFA's contractor is
currently conducting a second round of on- site reviews in at
least 40 states primarily those in which at least one of two
systems was categorized as a high or medium risk during the
initial visit. As of June 30, 14 states had been visited during
this round. The focus of this second round of visits is on
determining how states have resolved Year 2000 issues previously
identified, as well as reviewing activities such as data exchanges
and end- to- end testing. HCFA plans to conduct a third round of
on- site reviews in the fall of 1999 for those states that
continue to have systems categorized as high risk. Additionally,
another HCFA contractor is

reviewing the content of all states' business continuity and
contingency plans, with some of these reviews being performed in
conjunction with the second round of state visits.

 In September 1998, the Department of Labor required that all
State Employment Security Agencies conduct independent
verification and

Page 22 GAO/T-AIMD-99-267

validation reviews of their Unemployment Insurance programs. The
department set a target date of July 1, 1999, for states to submit
independent verification and validation certifications of their
Unemployment Insurance systems to Labor's regional offices. Labor
required its regional offices to review independent verification
and validation reports and certifications of Year 2000 compliance
that State

Employment Security Agencies submitted, and to ascertain whether
the material met the department's requirements. If Labor's
requirements were met, the regional offices were to approve the
State Employment Security Agencies' certification and independent
verification and validation reports and forward copies of the
approved certification and report, along with regional office
comments, to Labor's national office. An example of the benefits
that federal/ state partnerships can provide is illustrated by the
Department of Labor's unemployment services program. In September
1998, we reported that many State Employment Security Agencies
were at risk of failure as early as January 1999 and urged the
Department of Labor to initiate the development of realistic
contingency plans to ensure continuity of core business processes
in the event of Year 2000- induced failures. 52 In May, we
testified that four state agencies' systems could have failed if
systems in those states had not been programmed with an emergency
patch in December 1998. This patch was developed by several of the
state agencies and promoted to other state agencies by the
Department of Labor. 53

Year 2000 Readiness Information Available in Some Sectors, But Key
Information Still Missing or Incomplete

Beyond the risks faced by federal, state, and local governments,
the year 2000 also poses a serious challenge to the public
infrastructure, key economic sectors, and to other countries. To
address these concerns, in April 1998 we recommended that the
Council use a sector- based approach and establish the effective
public- private partnerships necessary to address this issue. 54
The Council subsequently established over 25 sector- based working
groups and has been initiating outreach activities since it became

operational last spring. In addition, the Chair of the Council has
formed a 52 Year 2000 Computing Crisis: Progress Made at
Department of Labor, But Key Systems at Risk (GAO/T-AIMD-98-303,
September 17, 1998). 53 Year 2000 Computing Challenge: Labor Has
Progressed But Selected Systems Remain at Risk (GAO/T-AIMD-99-179,
May 12, 1999). 54 GAO/AIMD-98-85, April 30, 1998.

Page 23 GAO/T-AIMD-99-267

Senior Advisors Group composed of representatives from private-
sector firms across key economic sectors. Members of this group
are expected to offer perspectives on crosscutting issues,
information sharing, and appropriate federal responses to
potential Year 2000 failures.

Our April 1998 report also recommended that the President's
Council develop a comprehensive picture of the nation's Year 2000
readiness, to include identifying and assessing risks to the
nation's key economic sectors including risks posed by
international links. In October 1998, the Chair directed the
Council's sector working groups to begin assessing their sectors.
The Chair also provided a recommended guide of core questions that
the Council asked to be included in surveys by the associations
performing the assessments. These questions included the
percentage of

work that has been completed in the assessment, renovation,
validation, and implementation phases. The Chair then planned to
issue quarterly public reports summarizing these assessments. The
Council's most recent report was issued on August 5, 1999. 55 The
report stated that important national systems will make a
successful transition to the year 2000 but that much work, such as
contingency planning, remains to be done. In particular, the
Council expressed a high degree of confidence in five major
domestic areas: financial institutions, electric power,
telecommunications, air travel, and the federal government. For
example, the Council stated that on August 2, federal bank,
thrift, and credit union regulators reported that 99 percent of
federally insured

financial institutions have completed testing of critical systems
for Year 2000 readiness. The Council had concerns in four
significant areas: local government, health care, education, and
small businesses. For example, according to the Council report,
many school districts could move into the new century with
dysfunctional information technology systems, since

only 28 percent and 30 percent of Superintendent/ Local
Educational Agencies and postsecondary institutions, respectively,
reported that their mission- critical systems were Year 2000
compliant. Internationally, the Council stated that the Year 2000
readiness of other countries was improving but was still a
concern. The Council reported that the June 1999

meeting of National Year 2000 Coordinators held at the United
Nations found that the 173 countries in attendance were clearly
focused on the Year 55 The Council's three reports are available
on its web site, www. y2k. gov. In addition, the Council, in
conjunction with the Federal Trade Commission and the General
Services Administration, has established a toll- free Year 2000
information line, 1- 888- USA- 4Y2K. The Federal Trade Commission
has also included Year 2000 information of interest to consumers
on its web site, www. consumer. gov.

Page 24 GAO/T-AIMD-99-267

2000 problem but that many countries will likely not have enough
time or resources to finish before the end of 1999. The Council's
assessment reports have substantially increased the nation's
understanding of the Year 2000 readiness of key industries.
However, the picture remains incomplete in certain key areas
because the surveys conducted to date did not have a high response
rate or did not provide their response rate, the assessment was
general or contained projections rather than current remediation
information, or the data were old. For example, according to the
Council's latest assessment report:

 Less than a quarter of the more than 16,000 Superintendents of
Schools/ Local Educational Agencies responded to a web- based
survey of Year 2000 readiness among elementary and secondary
schools. Similarly, less than a third of the more than 6,000
presidents and/ or chancellors of postsecondary educational
institutions responded to a web- based Year 2000 survey. Also,
surveys covering areas such as small and medium- sized chemical
enterprises did not provide information on either the number of
surveys distributed or the number returned. Small response rates
or the lack of information on response rates call into question
whether the results of the survey accurately portray the

readiness of the sector.  Information in areas such as state
emergency management and broadcast television and radio provided a
general assessment or projected compliance levels as of a certain
date, but did not contain detailed data as to the current status
of the sector (e. g., the average percentage of organizations'
systems that are Year 2000 compliant or the percentage of
organizations that are in the assessment, renovation, or
validation phases).  In some cases, such as for grocery
manufacturers, cable television, hospitals, physicians' practices,
and railroads, the sector surveys had been conducted months
earlier and/ or current survey information was not yet available.
In addition to our work related to the federal, state, and local
government's Year 2000 progress, we have also issued several
products related to key economic sectors. I will now discuss the
results of these reviews.

Energy Sector In April, we reported that while the electric power
industry had concluded that it had made substantial progress in
making its systems and equipment ready to continue operations into
the year 2000, significant risks remained

Page 25 GAO/T-AIMD-99-267

since many reporting organizations did not expect to be Year 2000
ready within the June 1999 industry target date. 56 We, therefore,
suggested that the Department of Energy (1) work with the Electric
Power Working Group to ensure that remediation activities were
accelerated for the utilities that expected to miss the June 1999
deadline for achieving Year 2000 readiness and (2) encourage state
regulatory utility commissions to require a full public disclosure
of Year 2000 readiness status of entities transmitting and
distributing electric power. The Department of Energy generally
agreed

with our suggestions. We also suggested that the Nuclear
Regulatory Commission (1) in cooperation with the Nuclear Energy
Institute, work with nuclear power plant licensees to accelerate
the Year 2000 remediation efforts among the nuclear power plants
that expect to meet the June 1999

deadline for achieving readiness and (2) publicly disclose the
Year 2000 readiness of each of the nation's operational nuclear
reactors. In response, the Nuclear Regulatory Commission stated
that it plans to focus its efforts on nuclear power plants that
may miss the July 1, 1999, milestone and that it would release the
readiness information on individual plants that same

month. Subsequent to our report, on August 3, 1999, the North
American Electric Reliability Council released its fourth status
report on electric power systems. According to the Council, as of
June 30, 1999 the industry target date for organizations to be
Year 2000 ready 251 of 268 (94 percent) of bulk electric
organizations were Year 2000 ready or Year 2000 ready

withlimited exceptions. 57 In addition, this report stated that 96
percent of local distribution systems were reported as Year 2000
ready. 58 The North American Electric Reliability Council stated
that the information it uses is principally self- reported but
that 84 percent of the organizations reported that their Year 2000
programs had also been audited by internal and/ or external
auditors. On July 19, the Nuclear Regulatory Commission stated
that 68 of 103 (66 percent) nuclear power plants reported that all
of their computer systems and digital embedded components that
support plant 56 Year 2000 Computing Crisis: Readiness of the
Electric Power Industry (GAO/AIMD-99-114, April 6, 1999). 57 The
North American Electric Reliability Council reported that 64 of
these organizations had

exceptions but that it believes that the work schedule provided to
complete these exception items in the next few months represents a
prudent use of resources and does not increase risks associated
with reliable electric service into the Year 2000. 58 This was
based on the percentage of the total megawatts of the systems
reported as Year 2000 ready by investor- owned, public power, and
cooperative organizations. The report did not identify the number
of local distribution organizations that reported that they were
Year 2000 ready.

Page 26 GAO/T-AIMD-99-267

operations are Year 2000 ready. Of the 35 plants that were not
Year 2000 ready, 18 had systems or components that were not ready
that could affect power generation.

In May, we reported 59 that while the domestic oil and gas
industries had reported that they had made substantial progress in
making their equipment and systems ready to continue operations
into the year 2000, risks remained. For example, although over
half of our oil is imported, little was known about the Year 2000
readiness of foreign oil suppliers. Further, while individual
domestic companies reported that they were developing Year 2000
contingency plans, there were no plans to perform a national-
level risk assessment and develop contingency plans to deal with
potential shortages or disruptions in the nation's overall oil and
gas supplies. We suggested that the Council's oil and gas working
group (1) work with industry associations to perform national-
level risk assessments and develop and publish credible, national-
level scenarios regarding the impact of potential Year 2000
failures and (2) develop national- level contingency plans. The
working group generally agreed with these suggestions. Water
Sector In April, we reported 60 that insufficient information was
available to assess and manage Year 2000 efforts in the water
sector, and little additional information was expected under the
current regulatory approach. While

the Council's water sector working group had undertaken an
awareness campaign and had urged national water sector
associations to continue to survey their memberships, survey
response rates had been low. Further, Environmental Protection
Agency officials stated that the agency lacked the rules and
regulations necessary to require water and wastewater facilities
to report on their Year 2000 status. Our survey of state
regulators found that a few states were proactively collecting
Year 2000 compliance data from regulated facilities, a much larger
group of states was disseminating Year 2000 information, while
another group was not actively using either approach.
Additionally, only a handful of state regulators believed that
they were responsible for ensuring facilities' Year 2000
compliance or overseeing facilities' business continuity 59 Year
2000 Computing Crisis: Readiness of the Oil and Gas Industries
(GAO/AIMD-99-162, May 19, 1999). 60 Year 2000 Computing Crisis:
Status of the Water Industry (GAO/AIMD-99-151, April 21, 1999).

Page 27 GAO/T-AIMD-99-267

and contingency plans. Among our suggested actions was that the
Council, the Environmental Protection Agency, and the states
determine which regulatory organization should take responsibility
for assessing and publicly disclosing the status and outlook of
water sector facilities' Year 2000 business continuity and
contingency plans. The Environmental Protection Agency generally
agreed with our suggestions but one official noted that additional
legislation may be needed if the agency is to take responsibility
for overseeing facilities' Year 2000 business continuity and
contingency plans.

Health Sector The health sector includes health care providers
(such as hospitals and emergency health care services), insurers
(such as Medicare and Medicaid), and biomedical equipment. Last
month, we reported 61 that HCFA had taken aggressive and
comprehensive outreach efforts with regard to its over 1.1 million
healthcare providers that administer services for Medicare-
insured patients. 62 Despite these efforts, HCFA data show that
provider participation in its outreach activities has been low.
Further, although HCFA has tasked contractors that process
Medicare claims with testing with providers using future- dated
claims, such testing had been limited and the testing that had
occurred had identified problems. Our July report also found that
although many surveys had been completed in 1999 on the Year 2000
readiness of healthcare providers, none of the 11 surveys we
reviewed provided sufficient information with which to assess the
Year 2000 status of the healthcare provider community. Each of the
surveys had low response rates, and several did not address
critical questions about testing and contingency planning.

To reduce the risk of Year 2000- related failures in the Medicare
provider community, our July report suggested, for example, that
HCFA consider using additional outreach methods, such as public
service announcements, and set milestones for Medicare contractors
for testing with providers. We also made suggestions to the
President's Council on Year 2000 Conversion's healthcare sector
working group, including a suggestion to consider working with
associations to publicize those providers who respond to 61 Year
2000 Computer Crisis: Status of Medicare Providers Unknown
(GAO/AIMD-99-243, July 28, 1999). 62 Examples of such providers
are hospitals, laboratories, physicians, and skilled nursing/
long- term care facilities.

Page 28 GAO/T-AIMD-99-267

future surveys in order to increase survey response rates. The
HCFA Administrator generally agreed with our suggested actions.
With respect to biomedical equipment, on June 10 we testified 63
that in response to our September 1998 recommendation, 64 HHS, in
conjunction with the Department of Veterans Affairs, had
established a clearinghouse on biomedical equipment. As of June 1,
1999, 4,142 biomedical equipment manufacturers had submitted data
to the clearinghouse. About 61 percent of these manufacturers
reported having products that do not employ dates and about 8
percent (311 manufacturers) reported having date- related
problems, such as an incorrect display of date/ time. According to
the Food and Drug Administration, the 311 manufacturers reported
897 products with date- related problems. However, not all
compliance information was available on the clearinghouse because
the clearinghouse referred the user to 427 manufacturers' web
sites. Accordingly, we reviewed the web sites of

these manufacturers and found, as of June 1, 1999, a total of 35,
446 products. 65 Of these products, 18,466 were reported as not
employing a date, 11, 211 were reported as compliant, 4, 445 were
shown as not compliant, and the compliance status of 1, 324 was
unknown.

In addition to the establishment of a clearinghouse, our September
1998 report 66 also recommended that HHS and the Department of
Veterans Affairs take prudent steps to jointly review
manufacturers' test results for critical care/ life support
biomedical equipment. We were especially

concerned that the departments review test results for equipment
previously deemed to be noncompliant but now deemed by
manufacturers to be compliant, or equipment for which concerns
about compliance remained. In May 1999, the Food and Drug
Administration, a component agency of HHS, announced that it
planned to develop a list of critical care/ life support medical
devices and the manufacturers of these devices, select a sample of
manufacturers for review, and hire a contractor to 63 Year 2000
Computing Challenge: Concerns About Compliance Information on
Biomedical Equipment (GAO/T-AIMD-99-209, June 10, 1999). 64 Year
2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
1998). 65 Because of limitations in many of the manufacturers web
sites, our ability to determine the total number of biomedical
equipment products reported and their compliance status was
impaired.

Accordingly, the actual number of products reported by the
manufacturers could be significantly higher than the 35,446
products that we counted. 66 GAO/AIMD-98-240, September 18, 1998.

Page 29 GAO/T-AIMD-99-267

develop a program to assess manufacturers' activities to identify
and correct Year 2000 problems for these medical devices. In
addition, if the results of this review indicated a need for
further review of manufacturer activities, the contractor would
review a portion of the remaining manufacturers not yet reviewed.
Moreover, according to the Food and Drug Administration, any
manufacturer whose quality assurance system appeared deficient
based on the contractors review would be subject to

additional reviews to determine what actions would be required to
eliminate any risk posed by noncompliant devices. In April
testimony, 67 we also reported on the results of a Department of
Veterans Affairs survey of 384 pharmaceutical firms and 459
medicalsurgical firms with which it does business. Of the 52
percent of pharmaceutical firms that responded to the survey, 32
percent reported that they were compliant. Of the 54 percent of
the medical- surgical firms

that responded, about two- thirds reported that they were
compliant. Banking and Finance Sector A large portion of the
institutions that make up the banking and finance

sector are overseen by one or more federal regulatory agencies. In
September 1998, we testified on the efforts of five federal
financial regulatory agencies 68 to ensure that the institutions
that they oversee are ready to handle the Year 2000 problem. 69 We
concluded that the regulators had made significant progress in
assessing the readiness of member institutions and in raising
awareness on important issues such as contingency planning and
testing. Regulator examinations of bank, thrift, and credit union
Year 2000 efforts found that the vast majority were doing a
satisfactory job of addressing the problem. Nevertheless, the
regulators faced the challenge of ensuring that they are ready to
take swift action to address those institutions that falter in the
later stages of correction and to address disruptions caused by
international and public infrastructure failures.

67 Year 2000 Computing Crisis: Action Needed to Ensure Continued
Delivery of Veterans Benefits and Health Care Services (GAO/T-
AIMD-99-136, April 15, 1999). 68 The National Credit Union
Administration, the Federal Deposit Insurance Corporation, the
Office of

Thrift Supervision, the Federal Reserve System, and the Office of
the Comptroller of the Currency. 69 Year 2000 Computing Crisis:
Federal Depository Institution Regulators Are Making Progress, But
Challenges Remain (GAO/T-AIMD-98-305, September 17, 1998).

Page 30 GAO/T-AIMD-99-267

In April, we reported that the Federal Reserve System which is
instrumental to our nation's economic well- being, since it
provides depository institutions and government agencies services
such as processing checks and transferring funds and securities
has effective controls to help ensure that its Year 2000 progress
is reported accurately and reliably. 70 We also found that it is
effectively managing the renovation and testing of its internal
systems and the development and planned testing

of contingency plans for continuity of business operations.
Nevertheless, the Federal Reserve System still had much to
accomplish before it is fully ready for January 1, 2000, such as
completing validation and implementation of all of its internal
systems and completing its contingency plans.

In addition to the domestic banking and finance sector, large U.
S. financial institutions have financial exposures and
relationships with international financial institutions and
markets that may be at risk if these international organizations
are not ready for the date change occurring on January 1, 2000. In
April, we reported 71 that foreign financial institutions had
reportedly lagged behind their U. S. counterparts in preparing for
the Year 2000 date change. Officials from four of the seven large
foreign financial institutions we visited said they had scheduled
completion of their Year 2000 preparations about 3 to 6 months
after their U. S. counterparts, but they planned to complete their
efforts by mid- 1999 at the latest. Moreover, key international
market supporters, such as those that transmit financial

messages and provide clearing and settlement services, told us
that their systems were ready for the date change and that they
had begun testing with the financial organizations that depended
on these systems. Further, we found that seven large U. S. banks
and securities firms we visited were taking actions to address
their international risks. In addition, U. S. banking and
securities regulators were also addressing the international Year
2000 risks of the institutions that they oversee. With respect to
the insurance industry, in March, we concluded that insurance
regulator presence regarding the Year 2000 area was not as

70 Year 2000 Computing Crisis: Federal Reserve Has Established
Effective Year 2000 Management Controls for Internal Systems
Conversion (GAO/AIMD-99-78, April 9, 1999). 71 Year 2000:
Financial Institution and Regulatory Efforts to Address
International Risks (GAO/GGD-99-62, April 27, 1999).

Page 31 GAO/T-AIMD-99-267

strong as that exhibited by the banking and securities industry.
72 State insurance regulators we contacted were late in raising
industry awareness of potential Year 2000 problems, provided
little guidance to regulated institutions, and failed to convey
clear regulatory expectations to companies about Year 2000
preparations and milestones. Nevertheless, the

insurance industry is reported by both its regulators and by other
outside observers to be generally on track to being ready for
2000. However, most of these reports are based on self- reported
information and, compared to other financial regulators, insurance
regulators' efforts to validate this information generally began
late and were more limited. In a related report in April, 73 we
stated that variations in oversight approaches by state insurance
regulators also made it difficult to ascertain the overall status
of the insurance industry's Year 2000 readiness. We reported that
the magnitude of insurers' Year 2000- related liability

exposures could not be estimated at that time but that costs
associated with these exposures could be substantial for some
property- casualty insurers, particularly those concentrated in
commercial- market sectors. In addition, despite efforts to
mitigate potential exposures, the Year 2000- related costs that
may be incurred by insurers would remain uncertain until key legal
issues and actions on pending legislation were resolved.

Transportation Sector A key component to the nation's
transportation sector are airports. This January, we reported on
our survey of 413 airports. 74 We found that while the nation's
airports were making progress in preparing for the year 2000, such
progress varied. Of the 334 airports responding to our survey,
about one- third reported that they would complete their Year 2000
preparations by June 30, 1999. The other two- thirds either
planned on a later date or

failed to estimate any completion date, and half of these airports
did not have contingency plans for any of 14 core airport
functions. Although most of those not expecting to be ready by
June 30 are small airports, 26 of them are among the nation's 50
largest airports. 72 Insurance Industry: Regulators Are Less
Active in Encouraging and Validating Year 2000 Preparedness
(GAO/T-GGD-99-56, March 11, 1999). 73 Year 2000: State Insurance
Regulators Face Challenges in Determining Industry Readiness
(GAO/GGD-99-87, April 30, 1999). 74 Year 2000 Computing Crisis:
Status of Airports' Efforts to Deal With Date Change Problem (GAO/
RCED/ AIMD- 99- 57, January 29, 1999).

Page 32 GAO/T-AIMD-99-267

International In addition to the risks associated with the
nation's key economic sectors, one of the largest and most
uncertain area of risk relates to the global nature of the
problem. Table 3 summarizes the results of the Department of
State's Office of the Inspector General's analysis of Y2K Host
Country Infrastructure assessments submitted by U. S. embassies in
161 countries (98 from the developing world, 24 from former Easter
bloc countries and the New Independent States, and 39 from
industrialized countries). The following table shows that about
half of the countries are reported to be at medium or high risk of
having Year 2000- related failures in the key areas of
telecommunications, transportation, and energy. While a smaller
number of countries were reported at medium or high risk in the
finance and water sectors, at least one- third of the countries
fell into the medium or high risk categories.

Table 3: Risk of Year 2000- Related Sector Failures in 161
Countries

Source: Year 2000 Computer Problem: Global Readiness and
International Trade (Statement of the Department of State's
Inspector General before the Senate Special Committee on the Year
2000 Technology Problem, July 22, 1999).

The Department of State Inspector General concluded that the
global community is likely to experience varying degrees of Year
2000- related failures from mere annoyances to failures in key
infrastructure systems in every sector, region, and economic
level. In particular, the Inspector General testified on July 22,
1999, that  industrialized countries were generally at low risk of
having

Year 2000- related infrastructure failures, although some of these
countries were at risk;  developing countries were lagging behind
and were struggling to find

the financial and technical resources needed to resolve their Year
2000 problems; and  former Eastern bloc countries were late in
getting started and were generally unable to provide detailed
information on their Year 2000

programs.

Risk level Finance Telecommunications Transportation Energy Water

High 11 35 18 26 7 Medium 43 56 61 64 52 Low 107 70 82 71 102

Page 33 GAO/T-AIMD-99-267

The impact of Year 2000- induced failures in foreign countries
could adversely affect the United States, particularly as it
relates to the supply chain. To address the international supply
chain issue, in January 1999 we suggested 75 that the President's
Council on Year 2000 Conversion prioritize trade and commerce
activities that are critical to the nation's well- being (e. g.,
oil, food, pharmaceuticals) and, working with the private sector,
identify options for obtaining these materials through alternative
avenues in the event that Year 2000- induced failures in the other
country or in the transportation sector prevent these items from
reaching the United States. In commenting on this suggestion, the
Chair stated that the Council had (1) worked with federal agencies
to identify sectors with the greatest dependence on international
trade, (2) held industry roundtable discussions with the
pharmaceutical and food supply sectors, and (3) hosted bilateral
and trilateral meetings with the Council's counterparts in Canada
and Mexico the United States' largest trading partners.

In summary, while improvement has been shown, much work remains at
the national, federal, state, and local levels to ensure that
major service disruptions do not occur. Specifically, remediation
must be completed, end- to- end testing performed, and business
continuity and contingency plans developed. Similar actions remain
to be completed by the nation's key sectors. Accordingly, whether
the United States successfully confronts the Year 2000 challenge
will largely depend on the success of federal, state, and local
governments, as well as the private sector working separately and
together to complete these actions. Accordingly, strong leadership
and partnerships must be maintained to ensure that the needs of
the public are met at the turn of the century.

Mr. Chairman, this concludes my statement. I would be happy to
respond to any questions that you or other members of the
Subcommittee may have at this time.

Contact For information concerning this testimony, please contact
Joel Willemssen at (202) 512- 6253 or by e- mail at willemssenj.
aimd@ gao. gov. 75 GAO/T-AIMD-99-50, January 20, 1999.

Page 34 GAO/T-AIMD-99-267

Appendix I Federal High- Impact Programs and Lead Agencies Appendi
x I

Agency Program

Department of Agriculture Child Nutrition Programs Department of
Agriculture Food Safety Inspection Department of Agriculture Food
Stamps Department of Agriculture Special Supplemental Nutrition
Program for Women, Infants, and Children Department of Commerce
Patent and trademark processing Department of Commerce Weather
Service Department of Defense Military Hospitals Department of
Defense Military Retirement Department of Education Student Aid
Department of Energy Federal electric power generation and
delivery Department of Health and Human Services Child Care
Department of Health and Human Services Child Support Enforcement
Department of Health and Human Services Child Welfare Department
of Health and Human Services Disease monitoring and the ability to
issue warnings Department of Health and Human Services Indian
Health Service Department of Health and Human Services Low Income
Home Energy Assistance Program Department of Health and Human
Services Medicaid Department of Health and Human Services Medicare
Department of Health and Human Services Organ Transplants
Department of Health and Human Services Temporary Assistance for
Needy Families Department of Housing and Urban Development Housing
loans (Government National Mortgage Association) Department of
Housing and Urban Development Section 8 Rental Assistance
Department of Housing and Urban Development Public Housing
Department of Housing and Urban Development FHA Mortgage Insurance
Department of Housing and Urban Development Community Development
Block Grants Department of the Interior Bureau of Indian Affairs
programs Department of Justice Federal Prisons Department of
Justice Immigration Department of Justice National Crime
Information Center Department of Labor Unemployment Insurance
Department of State Passport Applications and Processing
Department of Transportation Air Traffic Control System Department
of Transportation Maritime Safety Program Department of the
Treasury Cross- border Inspection Services Department of Veterans
Affairs Veterans' Benefits Department of Veterans Affairs
Veterans' Health Care

(continued)

Appendix I Federal High- Impact Programs and Lead Agencies

Page 35 GAO/T-AIMD-99-267

Agency Program

Federal Emergency Management Agency Disaster Relief Office of
Personnel Management Federal Employee Health Benefits Office of
Personnel Management Federal Employee Life Insurance Office of
Personnel Management Federal Employee Retirement Benefits Railroad
Retirement Board Retired Rail Workers Benefits Social Security
Administration Social Security Benefits U. S. Postal Service Mail
Service

Page 36 GAO/T-AIMD-99-267

GAO Reports and Testimony Addressing the Year 2000 Crisis

Year 2000 Computing Challenge: Agencies' Reporting of Mision-
Critical Classified Systems (GAO/AIMD-99-218, August 5, 1999).

Social Security Administration: Update on Year 2000 and Other Key
Information Technology Initiatives (GAO/T-AIMD-99-259, July 29,
1999).

Year 2000 Computing Crisis: Status of Medicare Providers Unknown
(GAO/AIMD-99-243, July 28, 1999). Reported Y2K Status of the 21
Largest U. S. Cities (GAO/AIMD-99-246R, July 15, 1999). Year 2000
Computing Challenge: Federal Efforts to Ensure Continued Delivery
of Key State- Administered Benefits (GAO/T-AIMD-99-241, July 15,
1999).

Emergency and State and Local Law Enforcement Systems: Committee
Questions Concerning Year 2000 Challenges (GAO/AIMD-99-247R, July
14, 1999).

Year 2000 Computing Challenge: Important Progress Made, Yet Much
Work Remains to Avoid Disruption of Critical Services (GAO/T-AIMD-
99-234, July 9, 1999).

Year 2000 Computing Challenge: Readiness Improving Yet Avoiding
Disruption of Critical Services Will Require Additional Work
(GAO/T-AIMD-99-233, July 8, 1999).

Year 2000 Computing Challenge: Readiness Improving But Much Work
Remains to Avoid Disruption of Critical Services (GAO/T-AIMD-99-
232, July 7, 1999).

Defense Computers: Management Controls Are Critical to Effective
Year 2000 Testing (GAO/AIMD-99-172, June 30, 1999).

Year 2000 Computing Crisis: Customs Is Making Good Progress
(GAO/T-AIMD-99-225, June 29, 1999). Year 2000 Computing Challenge:
Delivery of Key Benefits Hinges on States' Achieving Compliance
(GAO/ T- AIMD/ GGD- 99- 221, June 23, 1999).

Letter

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 37
GAO/T-AIMD-99-267

Year 2000 Computing Challenge: Estimated Costs, Planned Uses of
Emergency Funding, and Future Implications (GAO/T-AIMD-99-214,
June 22, 1999).

GSA's Effort to Develop Year 2000 Business Continuity and
Contingency Plans for Telecommunications Systems (GAO/AIMD-99-
201R, June 16, 1999).

Year 2000 Computing Crisis: Actions Needed to Ensure Continued
Delivery of Veterans Benefits and Health Care Services (GAO/AIMD-
99-190R, June 11, 1999).

Year 2000 Computing Challenge: Concerns About Compliance
Information on Biomedical Equipment (GAO/T-AIMD-99-209, June 10,
1999).

Year 2000 Computing Challenge: Much Biomedical Equipment Status
Information Available, Yet Concerns Remain (GAO/T-AIMD-99-197, May
25, 1999).

Year 2000 Computing Challenge: OPM Has Made Progress on Business
Continuity Planning (GAO/GGD-99-66, May 24, 1999).

VA Y2K Challenges: Responses to Post- Testimony Questions
(GAO/AIMD-99-199R, May 24, 1999). Year 2000 Computing Crisis: USDA
Needs to Accelerate Time Frames for Completing Contingency
Planning (GAO/AIMD-99-178, May 21, 1999).

Year 2000 Computing Crisis: Readiness of the Oil and Gas
Industries (GAO/AIMD-99-162, May 19, 1999). Year 2000 Computing
Challenge: Time Issues Affecting the Global Positioning System
(GAO/T-AIMD-99-187, May 12, 1999).

Year 2000 Computing Challenge: Education Taking Needed Actions But
Work Remains (GAO/T-AIMD-99-180, May 12, 1999).

Year 2000 Computing Challenge: Labor Has Progressed But Selected
Systems Remain at Risk (GAO/T-AIMD-99-179, May 12, 1999).

Year 2000: State Insurance Regulators Face Challenges in
Determining Industry Readiness (GAO/GGD-99-87, April 30, 1999).

Letter

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 38
GAO/T-AIMD-99-267

Year 2000 Computing Challenge: Status of Emergency and State and
Local Law Enforcement Systems Is Still Unknown (GAO/T-AIMD-99-163,
April 29, 1999).

Year 2000 Computing Crisis: Costs and Planned Use of Emergency
Funds (GAO/AIMD-99-154, April 28, 1999). Year 2000: Financial
Institution and Regulatory Efforts to Address International Risks
(GAO/GGD-99-62, April 27, 1999).

Year 2000 Computing Crisis: Readiness of Medicare and the Health
Care Sector (GAO/T-AIMD-99-160, April 27, 1999).

U. S. Postal Service: Subcommittee Questions Concerning Year 2000
Challenges Facing the Service (GAO/AIMD-99-150R, April 23, 1999).

Year 2000 Computing Crisis: Status of the Water Industry
(GAO/AIMD-99-151, April 21, 1999). Year 2000 Computing Crisis: Key
Actions Remain to Ensure Delivery of Veterans Benefits and Health
Services (GAO/T-AIMD-99-152, April 20, 1999).

Year 2000 Computing Crisis: Readiness Improving But Much Work
Remains to Ensure Delivery of Critical Services (GAO/T-AIMD-99-
149, April 19, 1999).

Year 2000 Computing Crisis: Action Needed to Ensure Continued
Delivery of Veterans Benefits and Health Care Services (GAO/T-
AIMD-99-136, April 15, 1999).

Year 2000 Computing Challenge: Federal Government Making Progress
But Critical Issues Must Still Be Addressed to Minimize
Disruptions (GAO/T-AIMD-99-144, April 14, 1999).

Year 2000 Computing Crisis: Additional Work Remains to Ensure
Delivery of Critical Services (GAO/T-AIMD-99-143, April 13, 1999).

Tax Administration: IRS' Fiscal Year 2000 Budget Request and 1999
Tax Filing Season (GAO/ T- GGD/ AIMD- 99- 140, April 13, 1999).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 39
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: Federal Reserve Has Established
Effective Year 2000 Management Controls for Internal Systems
Conversion (GAO/AIMD-99-78, April 9, 1999).

Year 2000 Computing Crisis: Readiness of the Electric Power
Industry (GAO/AIMD-99-114, April 6, 1999). Year 2000 Computing
Crisis: Customs Has Established Effective Year 2000 Program
Controls (GAO/AIMD-99-37, March 29, 1999).

Year 2000 Computing Crisis: FAA Is Making Progress But Important
Challenges Remain (GAO/ T- AIMD/ RCED- 99- 118, March 15, 1999).

Insurance Industry: Regulators Are Less Active in Encouraging and
Validating Year 2000 Preparedness (GAO/T-GGD-99-56, March 11,
1999).

Year 2000 Computing Crisis: Defense Has Made Progress, But
Additional Management Controls Are Needed (GAO/T-AIMD-99-101,
March 2, 1999).

Year 2000 Computing Crisis: Readiness Status of the Department of
Health and Human Services (GAO/T-AIMD-99-92, February 26, 1999).

Defense Information Management: Continuing Implementation
Challenges Highlight the Need for Improvement (GAO/T-AIMD-99-93,
February 25, 1999).

IRS' Year 2000 Efforts: Status and Remaining Challenges (GAO/T-
GGD-99-35, February 24, 1999). Department of Commerce: National
Weather Service Modernization and NOAA Fleet Issues (GAO/ T- AIMD/
GGD- 99- 97, February 24, 1999).

Year 2000 Computing Crisis: Medicare and the Delivery of Health
Services Are at Risk (GAO/T-AIMD-99-89, February 24, 1999).

Year 2000 Computing Crisis: Readiness of State Automated Systems
That Support Federal Human Services Programs (GAO/T-AIMD-99-91,
February 24, 1999).

Year 2000 Computing Crisis: Customs Is Effectively Managing Its
Year 2000 Program (GAO/T-AIMD-99-85, February 24, 1999).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 40
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: Update on the Readiness of the Social
Security Administration (GAO/T-AIMD-99-90, February 24, 1999).

Year 2000 Computing Crisis: Challenges Still Facing the U. S.
Postal Service (GAO/T-AIMD-99-86, February 23, 1999). Year 2000
Computing Crisis: The District of Columbia Remains Behind Schedule
(GAO/T-AIMD-99-84, February 19, 1999).

High- Risk Series: An Update (GAO/HR-99-1, January 1999). Year
2000 Computing Crisis: Status of Airports' Efforts to Deal With
Date Change Problem (GAO/ RCED/ AIMD- 99- 57, January 29, 1999).

Defense Computers: DOD's Plan for Execution of Simulated Year 2000
Exercises (GAO/AIMD-99-52R, January 29, 1999).

Year 2000 Computing Crisis: Status of Bureau of Prisons' Year 2000
Efforts (GAO/AIMD-99-23, January 27, 1999). Year 2000 Computing
Crisis: Readiness Improving, But Much Work Remains to Avoid Major
Disruptions (GAO/T-AIMD-99-50, January 20, 1999).

Year 2000 Computing Challenge: Readiness Improving, But Critical
Risks Remain (GAO/T-AIMD-99-49, January 20, 1999).

Status Information: FAA's Year 2000 Business Continuity and
Contingency Planning Efforts Are Ongoing (GAO/AIMD-99-40R,
December 4, 1998).

Year 2000 Computing Crisis: A Testing Guide (GAO/ AIMD- 10.1.21,
November 1998). Year 2000 Computing Crisis: Readiness of State
Automated Systems to Support Federal Welfare Programs (GAO/AIMD-
99-28, November 6, 1998).

Year 2000 Computing Crisis: Status of Efforts to Deal With
Personnel Issues (GAO/ AIMD/ GGD- 99- 14, October 22, 1998).

Year 2000 Computing Crisis: Updated Status of Department of
Education's Information Systems (GAO/T-AIMD-99-8, October 8,
1998).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 41
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: The District of Columbia Faces
Tremendous Challenges in Ensuring That Vital Services Are Not
Disrupted (GAO/T-AIMD-99-4, October 2, 1998).

Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).

Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-
98-310, September 24, 1998).

Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
1998).

Year 2000 Computing Crisis: Significant Risks Remain to Department
of Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998).

Year 2000 Computing Crisis: Progress Made at Department of Labor,
But Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).

Year 2000 Computing Crisis: Federal Depository Institution
Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-
98-305, September 17, 1998).

Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure
Financial Institutions Are Fixing Systems But Challenges Remain
(GAO/AIMD-98-248, September 17, 1998).

Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).

Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278,
September 3, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Reduce Likelihood of Adverse Impact (GAO/T-
AIMD-98-277, September 2, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276,
September 1, 1998).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 42
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-
162, August 28, 1998).

Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998).

Year 2000 Computing Crisis: Progress Made in Compliance of VA
Systems, But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).

Year 2000 Computing Crisis: Avoiding Major Disruptions Will
Require Strong Leadership and Effective Partnerships (GAO/T-AIMD-
98-267, August 19, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266,
August 17, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262,
August 13, 1998).

FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).

Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/ AIMD- 10.1.19, August 1998).

Internal Revenue Service: Impact of the IRS Restructuring and
Reform Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).

Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998).

Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998).

Defense Computers: Year 2000 Computer Problems Put Navy Operations
at Risk (GAO/AIMD-98-150, June 30, 1998).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 43
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: Testing and Other Challenges
Confronting Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998).

Year 2000 Computing Crisis: Telecommunications Readiness Critical,
Yet Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16,
1998).

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998). IRS' Year 2000 Efforts: Business Continuity Planning Needed
for Potential Year 2000 System Failures (GAO/GGD-98-138, June 15,
1998).

Year 2000 Computing Crisis: Actions Must Be Taken Now to Address
Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).

Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).

Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted (GAO/T-AIMD-
98-167, May 14, 1998).

Securities Pricing: Actions Needed for Conversion to Decimals
(GAO/T-GGD-98-121, May 8, 1998). Year 2000 Computing Crisis:
Continuing Risks of Disruption to Social Security, Medicare, and
Treasury Programs (GAO/T-AIMD-98-161, May 7, 1998).

IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7,
1998). Air Traffic Control: FAA Plans to Replace Its Host Computer
System Because Future Availability Cannot Be Assured (GAO/AIMD-98-
138R, May 1, 1998).

Year 2000 Computing Crisis: Potential for Widespread Disruption
Calls for Strong Leadership and Partnerships (GAO/AIMD-98-85,
April 30, 1998).

Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 44
GAO/T-AIMD-99-267

Department of the Interior: Year 2000 Computing Crisis Presents
Risk of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22,
1998).

Tax Administration: IRS' Fiscal Year 1999 Budget Request and
Fiscal Year 1998 Filing Season (GAO/ T- GGD/ AIMD- 98- 114, March
31, 1998).

Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24,
1998).

Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-
98-116, March 24, 1998).

Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts
to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
102, March 18, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Public/ Private Cooperation Needed to Avoid Major Disruptions
(GAO/T-AIMD-98-101, March 18, 1998).

Post- Hearing Questions on the Federal Deposit Insurance
Corporation's Year 2000 (Y2K) Preparedness (AIMD- 98- 108R, March
18, 1998).

SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/ GGD/ AIMD- 98- 51, March 6, 1998).

Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998).

Year 2000 Computing Crisis: Federal Deposit Insurance
Corporation's Efforts to Ensure Bank Systems Are Year 2000
Compliant (GAO/T-AIMD-98-73, February 10, 1998).

Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent
Systems Failures (GAO/T-AIMD-98-63, February 4, 1998).

FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).

Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 45
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: Actions Needed to Address Credit Union
Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998).

Veterans Health Administration Facility Systems: Some Progress
Made in Ensuring Year 2000 Compliance, But Challenges Remain
(GAO/AIMD-98-31R, November 7, 1997).

Year 2000 Computing Crisis: National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-20, October 22, 1997).

Social Security Administration: Significant Progress Made in Year
2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22,
1997).

Defense Computers: Technical Support Is Key to Naval Supply Year
2000 Success (GAO/AIMD-98-7R, October 21, 1997).

Defense Computers: LSSC Needs to Confront Significant Year 2000
Issues (GAO/AIMD-97-149, September 26, 1997). Veterans Affairs
Computer Systems: Action Underway Yet Much Work Remains To Resolve
Year 2000 Crisis (GAO/T-AIMD-97-174, September 25, 1997).

Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach (GAO/T-AIMD-97-173, September 25, 1997).

Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD-
10.1.14, September 1997). Defense Computers: SSG Needs to Sustain
Year 2000 Progress (GAO/AIMD-97-120R, August 19, 1997). Defense
Computers: Improvements to DOD Systems Inventory Needed for Year
2000 Effort (GAO/AIMD-97-112, August 13, 1997).

Defense Computers: Issues Confronting DLA in Addressing Year 2000
Problems (GAO/AIMD-97-106, August 12, 1997).

Defense Computers: DFAS Faces Challenges in Solving the Year 2000
Problem (GAO/AIMD-97-117, August 11, 1997).

GAO Reports and Testimony Addressing the Year 2000 Crisis Page 46
GAO/T-AIMD-99-267

Year 2000 Computing Crisis: Time Is Running Out for Federal
Agencies to Prepare for the New Millennium (GAO/T-AIMD-97-129,
July 10, 1997).

Veterans Benefits Computer Systems: Uninterrupted Delivery of
Benefits Depends on Timely Correction of Year- 2000 Problems
(GAO/T-AIMD-97-114, June 26, 1997).

Veterans Benefits Computer Systems: Risks of VBA's Year- 2000
Efforts (GAO/AIMD-97-79, May 30, 1997). Medicare Transaction
System: Success Depends Upon Correcting Critical Managerial and
Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).

Medicare Transaction System: Serious Managerial and Technical
Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16,
1997).

Year 2000 Computing Crisis: Risk of Serious Disruption to
Essential Government Functions Calls for Agency Action Now (GAO/T-
AIMD-97-52, February 27, 1997).

Year 2000 Computing Crisis: Strong Leadership Today Needed To
Prevent Future Disruption of Government Services (GAO/T-AIMD-97-
51, February 24, 1997).

High- Risk Series: Information Management and Technology (GAO/HR-
97-9, February 1997).

(511788) Letter

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary,
VISA and

MasterCard credit cards are accepted, also. Orders for 100 or more
copies to be mailed to a single address are discounted 25 percent.

Orders by mail: U. S. General Accounting Office P. O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512- 6000 or by using
fax number (202) 512- 6061, or TDD (202) 512- 2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512- 6000 using a
touchtone phone. A recorded menu will provide information on how
to obtain these lists. For information on how to access GAO
reports on the INTERNET, send an e- mail message with info in the
body to: info@ www. gao. gov or visit GAO's World Wide Web Home
Page at: http:// www. gao. gov

United States General Accounting Office Washington, D. C. 20548-
0001

Official Business Penalty for Private Use $300

Address Correction Requested Bulk Mail

Postage & Fees Paid GAO Permit No. GI00

*** End of document. ***