Year 2000 Computing Challenge: Readiness Improving, But Critical Risks
Remain (Testimony, 01/20/99, GAO/T-AIMD-99-49).

The federal government, with its dependence on large-scale, complex
computer systems to deliver vital public services, faces an especially
enormous and difficult task in overcoming the Year 2000 computing
problem. Unless adequately addressed, Year 2000 problems could seriously
disrupt key federal operations--from national defense to benefits
payments to air traffic control. Although the government's preparedness
to deal with the Year 2000 problem has improved markedly during the past
two years, significant challenges remain and time is running out.
Complete and thorough Year 2000 testing is essential to ensure that new
or modified systems are able to process dates correctly and that
technology-dependent services operate reliably after the turn of the
century. Moreover, adequate business continuity and contingency plans
must be in place throughout government. The scope of the Year 2000
problem extends well beyond federal operations, however, affecting both
the U.S. and the global economies. In concert with GAO's
recommendations, the President's Council on Year 2000 Conversion has
been reaching out to the private sector, state and local governments,
and other countries to increase awareness of the problem. The Council
has also begun to address the readiness of specific economic sectors,
including power, water, telecommunications, health care, and emergency
services. At this juncture, however, a comprehensive picture of the
nation's readiness is lacking. Much more needs to be done--both
domestically and internationally--to determine readiness and prepare
contingency plans.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-99-49
     TITLE:  Year 2000 Computing Challenge: Readiness Improving, But 
             Critical Risks Remain
      DATE:  01/20/99
   SUBJECT:  Y2K
             Systems conversions
             Computer software verification and validation
             Information resources management
             Strategic information systems planning
             Computer software
             Data integrity
IDENTIFIER:  Medicare Program
             Medicaid Program
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
AI99049t.book GAO United States General Accounting Office

Testimony Before the Committee on Appropriations, U. S. Senate

For Release on Delivery Expected at 9: 30 a. m. Wednesday, January
20, 1999

YEAR 2000 COMPUTING CHALLENGE

Readiness Improving, But Critical Risks Remain

Statement of David M. Walker Comptroller General of the United
States




GAO/T-AIMD-99-49

  GAO/T-AIMD-99-49

Page 1 GAO/T-AIMD-99-49

Mr. Chairman and Members of the Committee: I am pleased to appear
today to discuss progress being made in addressing the Year 2000
computing challenge and to outline actions needed to ensure a
smooth conversion to the next century. While our country is
considered

among the leaders in addressing this issue, the fact remains that
both public and private organizations still face a daunting task
in providing reasonable assurance that it will truly be business
as usual beginning on January 1, 2000, and continuing throughout
this pivotal transition year. The federal government with its
widespread dependence on large- scale, complex computer systems to
deliver vital public services and carry out its massive operations
faces an especially enormous and difficult task.

Unless adequately confronted, Year 2000 or Y2K computing problems
could lead to serious disruptions in key federal operations,
ranging from national defense to benefits payments to air traffic
management. Consequently, in February 1997, GAO designated the
Year 2000 computing problem as a high- risk area. Our purpose was
to stimulate greater attention to assessing the government's
exposure to Year 2000 risks and to strengthen planning for
achieving Year 2000 compliance for mission- critical

systems. Fortunately, the past 2 years have witnessed marked
improvement in preparedness as the government has revised and
intensified its approach to this problem.

Significant challenges, however, remain and time is running out.
In particular, complete and thorough Year 2000 testing is
essential to providing reasonable assurance that new or modified
systems will be able to process dates correctly and not jeopardize
agencies' ability to perform core business operations. Moreover,
adequate business continuity and contingency plans must be
successfully completed throughout

government. The scope of the Year 2000 problem extends well beyond
federal operations; it spans the entire spectrum of our national
as well as global economy. Accordingly, in concert with our
recommendations, the President's Council on Year 2000 Conversion
has been reaching out to the private sector, state and local
governments, and to other countries to increase awareness. Working
with these entities, the Council also has

begun to assess the readiness of various sectors, including power,
water, telecommunications, health care, and emergency services.

Page 2 GAO/T-AIMD-99-49

At this juncture, however, a comprehensive picture of the nation's
readiness is lacking. A great deal more needs to be done both
domestically and internationally to effectively determine
readiness and prepare necessary contingency plans. Such actions
are imperative to ensure that technology- dependent services
continue to operate reliably after the turn of the century, with
minimal disruption.

The Federal Government Has Enhanced Its Approach

Since February 1997, action to address the Year 2000 threat has
intensified. In response to a growing recognition of the challenge
and urging from congressional leaders and others, the
administration strengthened the government's Year 2000 preparation
and expanded its outlook beyond federal agencies. In February
1998, the President took a major step in

establishing the President's Council on Year 2000 Conversion. He
established the goal that no system critical to the federal
government's mission experience disruption because of the Year
2000 problem, and charged agency heads with ensuring that this
issue receives the highest priority attention.

Further, the President tasked the Chair of the Council with  being
chief spokesperson on Year 2000 issues in national and

international forums;  overseeing Year 2000 activities of federal
agencies;  providing Year 2000 policy coordination of executive
branch activities with state, local, and tribal governments; and

 promoting appropriate federal roles with respect to private-
sector activities.

Among the initiatives the Chair has implemented in carrying out
these responsibilities are attending monthly meetings with senior
managers of agencies that are not making sufficient progress,
establishing numerous working groups to increase awareness of and
gain cooperation in addressing the Year 2000 problem in various
economic sectors, and

emphasizing the importance of federal/ state data exchanges. OMB,
for its part, has tightened requirements on agency reporting of
Year 2000 progress. It now requires that beyond the original 24
major departments and agencies that have been reporting, 9
additional agencies (such as the Tennessee Valley Authority and
the Postal Service) report quarterly on their Year 2000 progress,
and that additional information be reported from all agencies. OMB
has also clarified instructions for

Page 3 GAO/T-AIMD-99-49

agencies relative to preparing business continuity and contingency
plans. Further, OMB places each of the 24 major agencies into one
of three tiers after receiving its quarterly progress report,
determined by OMB's judgment of whether evidence of the agency's
reported progress is sufficient.

Several agencies have reported substantial progress in repairing
or replacing systems to be Year 2000 compliant. For example, in
October 1997 we had reported that the Social Security
Administration (SSA) had made

significant progress in assessing and renovating mission- critical
mainframe software, although certain areas of risk remained. 1
Accordingly, we made several recommendations to address these
risks, including the development of business continuity and
contingency plans. SSA agreed; in July 1998, we reported that
actions to implement these recommendations

had either been taken or were underway. 2 As federal agencies have
more fully realized the complexities and extent of necessary Year
2000 activities, their costs have correspondingly risen. As figure
1 illustrates, the government's 24 major departments and agencies'
Year 2000 cost estimates more than tripled from February 1997
through

November 1998. There are too many uncertainties to determine
whether this cost escalation trend has ended. One of the most
essential ongoing tasks, testing, could consume additional
resources; experience is showing that testing is taking between 50
and 70 percent of a project's time and resources. In addition,
agencies may find that the planning and possible implementation of

business continuity and contingency plans could increase costs. As
a result of these factors, the Congress needs to continue to keep
apprised of agencies' Year 2000 efforts and their associated
costs. 1 Social Security Administration: Significant Progress Made
in Year 2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October
22, 1997).

2 Social Security Administration: Subcommittee Questions
Concerning Information Technology Challenges Facing the
Commissioner (GAO/AIMD-98-235R, July 10, 1998).

Page 4 GAO/T-AIMD-99-49

Figure 1: Federal Government's Estimated Year 2000 Costs (Dollars
in Billions)

Note: The August 1998 figure of $6.3 billion and the November 1998
figure of $7.2 billion are the totals of all individual
submissions from the 24 major departments and agencies that were
generally submitted on August 14 th and November 13 th ,
respectively. In its summaries of the agency reports, OMB reported
the government's total estimated Year 2000 costs as $5.4 billion
and $6.4 billion, respectively. For the August 1998 costs, OMB did
not include all costs in its estimate because, for example, it was
still reviewing some of the estimates provided by the agencies.
For the November 1998 costs, OMB did not provide explanations in
its report for the discrepancies between the agency reports and
its estimates for 15 of the 18 agencies with differences.

Source: February 1997 data are from OMB's report Getting Federal
Computers Ready for 2000, February 6, 1997. May 1997 through May
1998 data are from OMB's quarterly reports. The August and
November 1998 data are from the quarterly reports of the 24 major
federal departments and agencies.

Many congressional committees have played a central role in
addressing the Year 2000 challenge by holding agencies accountable
for demonstrating progress and by heightening public appreciation
of the problem. As you know, the Senate formed a Special Committee
on the Year 2000 Technology Problem, under the chairmanship of
Senator Bennett, which held hearings on the readiness of key
economic sectors, including power, health care,
telecommunications, transportation, financial services, emergency
services, and general business. The House called on the
Subcommittee on Government Management, Information and Technology
of the Committee on Government Reform and the Subcommittee on
Technology of the

Page 5 GAO/T-AIMD-99-49

Committee on Science to co- chair the House's Year 2000
monitoring. 3 These committees and others have held many hearings
to obtain information on the Year 2000 readiness of federal
agencies, states, localities, and other important nonfederal
entities, such as the securities industry.

The Congress also passed important Year 2000 legislation. In
October 1998, it passed and the President signed the Year 2000
Information and Readiness Disclosure Act. Its purposes include (1)
promoting the free disclosure and exchange of information related
to Year 2000 readiness and (2) lessening the burdens on interstate
commerce by establishing certain uniform legal principles in
connection with the disclosure and exchange of information related
to Year 2000 readiness. In addition, the Congress

passed (and the President signed) the Omnibus Consolidated and
Emergency Supplemental Appropriations Act, 1999, which included
$3. 35 billion in contingent emergency funding for Year 2000
conversion activities.

GAO's Efforts to Help Meet the Challenge As you know, GAO has been
very active in working with the Congress as

well as federal agencies to both strengthen agency processes and
to evaluate their progress in addressing these challenges. To help
agencies mitigate their Year 2000 risks, we produced a series of
Year 2000 guides. The first of these, on enterprise readiness,
provides a systematic, step- bystep approach for agency planning
and management of its Year 2000 program. 4 The second, on business
continuity and contingency planning, provides a structured
approach to helping agencies ensure minimum levels of service
through proper planning. 5 Our third guide sets forth a
disciplined approach to Year 2000 testing. 6 Federal agencies and
other

organizations have used these guides widely to help organize and
manage their Year 2000 programs. 3 We will also be testifying
today before the House Government Reform and Science Committees on
actions needed to address the Year 2000 computing issue. 4 Year
2000 Computing Crisis: An Assessment Guide (GAO/ AIMD- 10. 1. 14,
issued as an exposure draft in February 1997 and in final form in
September 1997).

5 Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/ AIMD- 10.1.19, issued as an exposure draft in March
1998 and in final form in August 1998). 6 Year 2000 Computing
Crisis: A Testing Guide (GAO/ AIMD- 10.1.21, issued as an exposure
draft in June 1998 and in final form in November 1998).

Page 6 GAO/T-AIMD-99-49

In addition, we have issued over 70 reports and testimony
statements detailing specific findings and made over 100
recommendations related to the Year 2000 readiness of the
government as a whole and of a wide range

of individual agencies. 7 These recommendations have been almost
universally embraced. Our recommendations have centered on the
following.  Project planning. We have recommended better
organizational planning and management oversight including systems
inventorying

and analysis in a number of programs and entities.  Priority-
setting. With over 2,600 mission- critical systems still needing

to be made Year 2000 compliant, it is important to establish
priorities. Resources need to be focused on those business
processes and supporting systems that could threaten national
security, the economy, the health and safety of Americans, or
their financial well- being.

 Data exchanges. To remediate their data exchanges, agencies must
(1) identify those that are not Year 2000 compliant, (2) reach
agreement with exchange partners (such as states) on the date
format to be used, (3) determine if data bridges and filters are
needed and, if so, reach agreement on their development, (4)
develop and test such bridges and filters, and (5) test and
implement new exchange formats.  Testing. Agencies should perform
thorough testing of their systems, including end- to- end testing
of multiple systems supporting a major business function.

 Business continuity and contingency planning. Given the
interdependencies among agencies, their business partners, and the
public infrastructure, it is imperative that contingency plans be
developed for all critical core business processes and supporting
systems, regardless of whether these systems are owned by the
agency.

In addition to our work at federal agencies, we have promoted Year
2000 awareness and solutions both in the United States and abroad
by publishing our guides and reports and making them available on
our World Wide Web site. I also discussed the Year 2000 issue with
the leadership of audit organizations from around the world at a
recent international conference. I subsequently wrote to these
leaders to draw greater

attention to this issue, and to share with them our recent
publications. 7 A list of reports and testimony on the Year 2000
problem is attached to this statement. It can also be found on the
Internet at GAO's World Wide Web site at www. gao. gov/ y2kr. htm.

Page 7 GAO/T-AIMD-99-49

Serious Risks Remain While much has been accomplished and real
progress has been made in addressing the Year 2000 problem, both
risks and challenges remain. Our

reviews of federal Year 2000 programs have found uneven progress;
some major agencies are significantly behind schedule and are at
high risk that they will not correct all of their mission-
critical systems in time. As the time remaining diminishes, it
becomes increasingly difficult to ensure that all mission-
critical systems will be compliant in time.

Figure 2 shows OMB's assessment of agencies' Year 2000 progress on
the basis of their November 1998 quarterly reports.

Figure 2: OMB's Assessment of Agencies' Year 2000 Progress
(November 1998)

Page 8 GAO/T-AIMD-99-49

We have made detailed recommendations to agencies responsible for
some of the government's most essential services. For example:

 The Department of Defense (DOD) and the military services face
the threat of significant problems. 8 In April 1998 we reported
that the department lacked complete and reliable information on
systems, interfaces, other equipment needing repair, and the cost
of its correction efforts. 9 We found that these and other
problems seriously threatened the department's chances of
successfully meeting the Year 2000 deadline for its mission-
critical systems. Further, taken together, the problems in
Defense's Year 2000 program made failure of at least some
missioncritical systems and the operations they support almost
certain unless corrective actions were taken. We have recommended
numerous improvements for critical matters such as data exchanges,
testing, and

contingency planning; DOD concurred with these recommendations and
agreed to implement them.  We reported 10 that although the Health
Care Financing Administration

(HCFA) had made improvements in its Year 2000 management, the
agency and its contractors were severely behind schedule in
repairing, testing, and implementing the mission- critical systems
supporting

Medicare. Given the magnitude of the task and the risks and
limited time remaining, in September 1998, we concluded that it
was highly unlikely that all Medicare systems would be compliant
in time to ensure uninterrupted delivery of benefits and services.
To improve the

prospects for success, we recommended that HCFA (1) rank its
remaining Year 2000 work on the basis of an integrated project
schedule, (2) ensure that all critical tasks are prioritized and
completed in time to prevent unnecessary delays, (3) define the
scope of an end- to- end test of the claims process and develop
plans and a schedule for conducting

such a test, (4) develop a risk management process, and (5)
accelerate the development of business continuity and contingency
plans. HCFA has agreed to implement these recommendations.

8 Defense Computers: Year 2000 Computer Problems Put Navy
Operations At Risk (GAO/AIMD-98-150, June 30, 1998), Defense
Computers: Army Needs to Greatly Strengthen Its Year 2000 Program
(GAO/AIMD-98-53, May 29, 1998), Defense Computers: Year 2000
Computer Problems Threaten DOD Operations (GAO/AIMD-98-72, April
30, 1998), and Defense Computers: Air Force Needs to Strengthen
Year 2000 Oversight (GAO/AIMD-98-35, January 16, 1998).

9 GAO/AIMD-98-72, April 30, 1998. 10 Medicare Computer Systems:
Year 2000 Challenges Put Benefits and Services in Jeopardy
(GAO/AIMD-98-284, September 28, 1998).

Page 9 GAO/T-AIMD-99-49

 As we reported in August 1998, 11 the Federal Aviation
Administration (FAA) had made progress in managing its Year 2000
problem and had completed critical steps in defining which systems
needed to be corrected and how to accomplish this. The agency had
acted upon several of our recommendations from earlier in the
year, including making final a Year 2000 strategy and setting
priorities. 12 However, with

less than 17 months to go, FAA still had to correct, test, and
implement many of its mission- critical systems. Accordingly, FAA
must determine how to ensure continuity of critical operations in
the event that some systems fail.

Such examples underscore the difficulties confronting agencies in
making up for lost time; Year 2000 testing alone is consuming
between 50 and 70 percent of a project's time and resources.
Thorough testing is essential to providing reasonable assurance
that new or modified systems can process dates correctly and will
not jeopardize an organization's ability to perform core business
functions after the change of century. Even for agencies that are
making good progress, other critical issues must be successfully
resolved; these include data exchanges,

telecommunications, and embedded systems. 13 First, should the
government's hundreds of thousands of data exchanges not be Year
2000 compliant, data either will not be successfully exchanged or
invalid data could cause the receiving computer systems to
malfunction or produce inaccurate computations. Second, the
government depends heavily on the telecommunications
infrastructure; reliable services are made possible by a complex
web of highly interconnected networks supported by national

and local carriers and service providers, equipment manufacturers
and suppliers, and customers. Third, the century change could
cause problems for the many embedded computer systems used to
control, monitor, or assist in operations.

11 FAA Systems: Serious Challenges Remain in Resolving Year 2000
and Computer Security Problems (GAO/T-AIMD-98-251, August 6,
1998). 12 FAA Computer Systems: Limited Progress on Year 2000
Issue Increases Risk Dramatically (GAO/AIMD-98-45, January 30,
1998) and Year 2000 Computing Crisis: FAA Must Act Quickly to
Prevent Systems Failures (GAO/T-AIMD-98-63, February 4, 1998).

13 Embedded systems are special- purpose computers built into
other devices. Examples include systems in elevators, heating and
air conditioning units, and biomedical devices, such as cardiac
defibrillators, and cardiac monitoring systems, which can record,
process, analyze, display, and/ or transmit medical data. (See
Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
1998).)

Page 10 GAO/T-AIMD-99-49

If issues such as these are not adequately addressed, the impact
of Year 2000 failures could disrupt vital government operations.
Moreover, federal agencies depend on data provided by their
business partners, as well as on services provided by the public
infrastructure (power, water, transportation, and voice and data
telecommunications). One weak link

anywhere in the chain of critical dependencies can cause a
cascading effect of major shutdowns of business operations.
Consequently, it is imperative that contingency plans be developed
for all critical core business processes and supporting systems,
regardless of whether these systems are owned by the agency.
Without such plans, when unpredicted failures occur, agencies will
lack well- defined responses, and may not have enough time to
develop

and test alternatives. The Nation as a Whole Faces Significant
Year 2000 Challenges

Our nation's reliance on the complex array of public and private
enterprises having scores of system interdependencies at all
levels accentuates the potential repercussions a single failure
could cause. It is essential that Year 2000 issues be adequately
addressed in arenas beyond the federal government: state and local
governments, the public infrastructure, and

other key economic sectors. State and local governments are
responsible for the implementation of many national programs such
as food stamps and Medicaid while also providing vital local and
regional services. Accordingly, Year 2000- induced failures could
result in payment delays felt at the local level, or in the

interruption of key public services such as law enforcement,
traffic management, and emergency and health services. For
example, our survey of the state systems used in federal welfare
programs revealed that the majority of them were not yet Year 2000
compliant. 14 Failure to complete Year 2000 conversion could
result in billions of dollars in benefits payments not being
delivered. In an attempt to prevent this for Medicaid systems,

HCFA recently hired a contractor to independently verify and
validate state systems.

The public infrastructure, including critical areas such as power,
water, and telecommunications, is particularly important because
most, if not all, 14 Year 2000 Computing Crisis: Readiness of
State Automated Systems to Support Federal Welfare Programs
(GAO/AIMD-99-28, November 6, 1998). The survey was conducted in
July and August 1998 and included the following welfare programs:
Medicaid; Temporary Assistance for Needy Families; Women, Infants,
and Children; food stamps; child support enforcement; child care;
and child welfare. Forty- nine states, the District of Columbia,
and three territories responded to our survey.

Page 11 GAO/T-AIMD-99-49

major enterprises rely on these essential elements for daily
functioning. Other key economic sectors include health, safety,
and emergency services; banking and finance; transportation; and
manufacturing and small business.

These sectors are critical, yet the nation has not had a complete
picture of their readiness. Accordingly, in our April 1998 report,
15 we recommended that the President's Council on Year 2000
Conversion develop such a comprehensive picture, to include
identifying and assessing risks to the nation's key economic
sectors including risks posed by international links. We also
recommended that the Council use a sector- based approach and
establish the effective public- private partnerships necessary to
address this issue.

The Council adopted a sector- based focus and has been initiating
outreach activities since it became operational last spring. More
recently, in October 1998, the Chair directed the Council's sector
working groups to begin assessing their sectors. The Chair, in
turn, plans to issue periodic public reports summarizing these
assessments. The assessments will be used to help prepare
contingency plans and aid in crisis management, in which the
Council will respond to disruptions that may arise in critical
services. The first such report, issued on January 7, 1999,
summarizes information

collected to date by the working groups and various trade
associations. 16 The Council acknowledged that readiness data in
certain industries were not yet available and, therefore, were not
included in the report. The Council's report is a good step toward
obtaining a picture of the

nation's Year 2000 readiness. However, the Council must remain
vigilant and closely monitor and update the information in the
sectors where information is available and obtain information for
those where it is not. Particular attention should be paid to the
public infrastructure, including

critical areas such as power, water, and telecommunications, since
most, if not all, major enterprises rely on these essential
elements for daily functioning. Other key economic sectors include
health, safety, and emergency services; banking and finance;
transportation; and manufacturing and small business. In addition,
with the advent of 15 Year 2000 Computing Crisis: Potential for
Widespread Disruption Calls for Strong Leadership and

Partnerships (GAO/AIMD-98-85, April 30, 1998). 16 First Quarterly
Summary of Assessment Information (The President's Council on Year
2000 Conversion, January 7, 1999).

Page 12 GAO/T-AIMD-99-49

electronic communication and international commerce, the United
States is also critically dependent on international Year 2000
readiness. Completing these activities is absolutely vital to
adequately understanding the full range of national and
international risks.

International concerns are underscored by a September 1998 report
by the Organization for Economic Co- operation and Development. 17
This report stated that (1) while awareness is increasing, the
amount of remediation still required is daunting, (2) significant
negative economic impact is likely in the short term, although
much uncertainty exists about the extent of Year 2000- induced
disruptions, (3) governments face a major public management
challenge requiring acceleration of their own preparations

and stronger leadership, and (4) stronger international
cooperation is essential, especially in conjunction with cross-
border testing. In addition to addressing domestic Year 2000
issues, the United States has attempted to promote international
dialogue on the problem. In June 1998, the United Nations General
Assembly adopted a resolution on the global implications of the
Year 2000 issue. The resolution recognized that effective
operation of governments, companies, and other organizations

was threatened by the century change, and coordinated efforts were
required to address it. The resolution went on to request that all
member countries attach a high priority to raising the level of
awareness and to consider appointing a nationwide coordinator to
tackle the problem.

The Chair of the President's Council also has met with the United
Nations and other international bodies, and helped organize a
December 1998 National Y2K Coordinators' meeting attended by over
120 countries, hosted by the United Nations' Working Group on
Informatics. This meeting should help encourage the establishment
of regional coordinating mechanisms and foster greater
international dialogue on the Year 2000 issue.

In conclusion, considerable progress has been made in addressing
the Year 2000 challenge. It is clear that federal agencies have
now made the Year 2000 a top priority. It is equally clear,
however, that much more needs to be 17 The Organization for
Economic Co- operation and Development surveyed its member
countries and reviewed existing studies and media reports on the
Year 2000 problem and issued a report on its findings, The Year
2000 Problem: Impacts and Actions (September 1998). The
organization's 29 member countries are Australia, Austria,
Belgium, Canada, the Czech Republic, Denmark, Finland, France,
Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Korea,
Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland,
Portugal, Spain, Sweden, Switzerland, Turkey, the United Kingdom,
and the United States.

Page 13 GAO/T-AIMD-99-49

done. It is critical that agency priorities continue to be set,
rigorous testing be completed, and thorough business continuity
and contingency plans be prepared. Further, aggressive and
sustained action must continue in assessing and mitigating
national and international risks in both the public infrastructure
and key economic sectors. Such efforts require federal leadership,
effective public- private partnerships, and international
cooperation. Congressional leadership and

oversight of the Year 2000 issue have been instrumental in raising
awareness and spurring needed action; such continued leadership on
the part of the Congress will be crucial. For our part, we will
continue to support the Congress' oversight efforts by evaluating
the effectiveness of the federal government's Year 2000 actions
and advancing constructive

suggestions for mitigating the risk of serious Year 2000
disruption. Mr. Chairman, this concludes my statement. I will be
pleased to respond to any questions that you or other members of
the Committee may have at this time.

Page 14 GAO/AIMD-99-49

Attachment GAO Reports and Testimony Addressing the Year 2000
Problem Appendi x I

Status Information: FAA's Year 2000 Business Continuity and
Contingency Planning Efforts Are Ongoing (GAO/AIMD-99-40R,
December 4, 1998). Year 2000 Computing Crisis: A Testing Guide
(GAO/ AIMD- 10.1.21, November 1998).

Year 2000 Computing Crisis: Readiness of State Automated Systems
to Support Federal Welfare Programs (GAO/AIMD-99-28, November 6,
1998). Year 2000 Computing Crisis: Status of Efforts to Deal With
Personnel Issues (GAO/ AIMD/ GGD- 99- 14, October 22, 1998). Year
2000 Computing Crisis: Updated Status of Department of Education's
Information Systems (GAO/T-AIMD-99-8, October 8, 1998).

Year 2000 Computing Crisis: The District of Columbia Faces
Tremendous Challenges in Ensuring That Vital Services Are Not
Disrupted (GAO/T-AIMD-99-4, October 2, 1998).

Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).

Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-
98-310, September 24, 1998).

Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18,
1998). Year 2000 Computing Crisis: Significant Risks Remain to
Department of Education's Student Financial Aid Systems (GAO/T-
AIMD-98-302, September 17, 1998).

Year 2000 Computing Crisis: Progress Made at Department of Labor,
But Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).
Year 2000 Computing Crisis: Federal Depository Institution
Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-
98-305, September 17, 1998).

Attachment GAO Reports and Testimony Addressing the Year 2000
Problem

Page 15 GAO/AIMD-99-49

Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure
Financial Institutions Are Fixing Systems But Challenges Remain
(GAO/AIMD-98-248, September 17, 1998).

Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).

Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278,
September 3, 1998). Year 2000 Computing Crisis: Strong Leadership
and Effective Partnerships Needed to Reduce Likelihood of Adverse
Impact (GAO/T-AIMD-98-277, September 2, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276,
September 1, 1998).

Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-
162, August 28, 1998). Year 2000 Computing: EFT 99 Is Not Expected
to Affect Year 2000 Remediation Efforts (GAO/AIMD-98-272R, August
28, 1998).

Year 2000 Computing Crisis: Progress Made in Compliance of VA
Systems, But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).

Year 2000 Computing Crisis: Avoiding Major Disruptions Will
Require Strong Leadership and Effective Partnerships (GAO/T-AIMD-
98-267, August 19, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266,
August 17, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262,
August 13, 1998).

FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).

Attachment GAO Reports and Testimony Addressing the Year 2000
Problem

Page 16 GAO/AIMD-99-49

Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/ AIMD- 10.1.19, August 1998).

Internal Revenue Service: Impact of the IRS Restructuring and
Reform Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).

Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998). Year 2000 Computing Crisis:
Actions Needed on Electronic Data Exchanges (GAO/AIMD-98-124, July
1, 1998).

Defense Computers: Year 2000 Computer Problems Put Navy Operations
at Risk (GAO/AIMD-98-150, June 30, 1998). Year 2000 Computing
Crisis: Testing and Other Challenges Confronting Federal Agencies
(GAO/T-AIMD-98-218, June 22, 1998). Year 2000 Computing Crisis:
Telecommunications Readiness Critical, Yet Overall Status Largely
Unknown (GAO/T-AIMD-98-212, June 16, 1998).

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998).

IRS' Year 2000 Efforts: Business Continuity Planning Needed for
Potential Year 2000 System Failures (GAO/GGD-98-138, June 15,
1998).

Year 2000 Computing Crisis: Actions Must Be Taken Now to Address
Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).

Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).

Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted (GAO/T-AIMD-
98-167, May 14, 1998). Securities Pricing: Actions Needed for
Conversion to Decimals (GAO/T-GGD-98-121, May 8, 1998).

Attachment GAO Reports and Testimony Addressing the Year 2000
Problem

Page 17 GAO/AIMD-99-49

Year 2000 Computing Crisis: Continuing Risks of Disruption to
Social Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-
161, May 7, 1998).

IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7,
1998). Air Traffic Control: FAA Plans to Replace Its Host Computer
System Because Future Availability Cannot Be Assured (GAO/AIMD-98-
138R, May 1, 1998). Year 2000 Computing Crisis: Potential for
Widespread Disruption Calls for Strong Leadership and Partnerships
(GAO/AIMD-98-85, April 30, 1998).

Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

Department of the Interior: Year 2000 Computing Crisis Presents
Risk of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22,
1998).

Tax Administration: IRS' Fiscal Year 1999 Budget Request and
Fiscal Year 1998 Filing Season (GAO/ T- GGD/ AIMD- 98- 114, March
31, 1998). Year 2000 Computing Crisis: Strong Leadership Needed to
Avoid Disruption of Essential Services (GAO/T-AIMD-98-117, March
24, 1998).

Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-
98-116, March 24, 1998).

Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts
to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
102, March 18, 1998). Year 2000 Computing Crisis: Strong
Leadership and Effective Public/ Private Cooperation Needed to
Avoid Major Disruptions (GAO/T-AIMD-98-101, March 18, 1998).

Post- Hearing Questions on the Federal Deposit Insurance
Corporation's Year 2000 (Y2K) Preparedness (AIMD- 98- 108R, March
18, 1998).

SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/ GGD/ AIMD- 98- 51, March 6, 1998).

Attachment GAO Reports and Testimony Addressing the Year 2000
Problem

Page 18 GAO/AIMD-99-49

Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998). Year 2000 Computing
Crisis: Federal Deposit Insurance Corporation's Efforts to Ensure
Bank Systems Are Year 2000 Compliant (GAO/T-AIMD-98-73, February
10, 1998).

Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent
Systems Failures (GAO/T-AIMD-98-63, February 4, 1998).

FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).
Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998). Year 2000 Computing
Crisis: Actions Needed to Address Credit Union Systems' Year 2000
Problem (GAO/AIMD-98-48, January 7, 1998).

Veterans Health Administration Facility Systems: Some Progress
Made In Ensuring Year 2000 Compliance, But Challenges Remain
(GAO/AIMD-98-31R, November 7, 1997). Year 2000 Computing Crisis:
National Credit Union Administration's Efforts to Ensure Credit
Union Systems Are Year 2000 Compliant (GAO/T-AIMD-98-20, October
22, 1997).

Social Security Administration: Significant Progress Made in Year
2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22,
1997).

Defense Computers: Technical Support Is Key to Naval Supply Year
2000 Success (GAO/AIMD-98-7R, October 21, 1997).

Defense Computers: LSSC Needs to Confront Significant Year 2000
Issues (GAO/AIMD-97-149, September 26, 1997). Veterans Affairs
Computer Systems: Action Underway Yet Much Work Remains To Resolve
Year 2000 Crisis (GAO/T-AIMD-97-174, September 25, 1997). Year
2000 Computing Crisis: Success Depends Upon Strong Management and
Structured Approach, (GAO/T-AIMD-97-173, September 25, 1997).

Attachment GAO Reports and Testimony Addressing the Year 2000
Problem

Page 19 GAO/AIMD-99-49

Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD-
10.1.14, September 1997).

Defense Computers: SSG Needs to Sustain Year 2000 Progress
(GAO/AIMD-97-120R, August 19, 1997).

Defense Computers: Improvements to DOD Systems Inventory Needed
for Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997).

Defense Computers: Issues Confronting DLA in Addressing Year 2000
Problems (GAO/AIMD-97-106, August 12, 1997).

Defense Computers: DFAS Faces Challenges in Solving the Year 2000
Problem (GAO/AIMD-97-117, August 11, 1997). Year 2000 Computing
Crisis: Time Is Running Out for Federal Agencies to Prepare for
the New Millennium (GAO/T-AIMD-97-129, July 10, 1997).

Veterans Benefits Computer Systems: Uninterrupted Delivery of
Benefits Depends on Timely Correction of Year- 2000 Problems
(GAO/T-AIMD-97-114, June 26, 1997). Veterans Benefits Computer
Systems: Risks of VBA's Year- 2000 Efforts (GAO/AIMD-97-79, May
30, 1997).

Medicare Transaction System: Success Depends Upon Correcting
Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May
16, 1997). Medicare Transaction System: Serious Managerial and
Technical Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May
16, 1997).

Year 2000 Computing Crisis: Risk of Serious Disruption to
Essential Government Functions Calls for Agency Action Now (GAO/T-
AIMD-97-52, February 27, 1997). Year 2000 Computing Crisis: Strong
Leadership Today Needed To Prevent Future Disruption of Government
Services (GAO/T-AIMD-97-51, February 24, 1997). High- Risk Series:
Information Management and Technology (GAO/HR-97-9, February
1997).

(511724) Let t er

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary,
VISA and MasterCard credit cards are accepted, also.

Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.

Orders by mail: U. S. General Accounting Office P. O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512- 6000 or by using
fax number (202) 512- 6061, or TDD (202) 512- 2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512- 6000 using a
touchtone phone. A recorded menu will provide information on how
to obtain these lists.

For information on how to access GAO reports on the INTERNET, send
an e- mail message with info in the body to: info@ www. gao. gov
or visit GAO's World Wide Web Home Page at: http:// www. gao. gov

United States General Accounting Office Washington, D. C. 20548-
0001

Official Business Penalty for Private Use $300

Address Correction Requested Bulk Rate

Postage & Fees Paid GAO Permit No. GI00

*** End of document. ***