[Evaluation Report on the Year 2000 Readiness of Automated Information Systems at the National Park Service]
[From the U.S. Government Printing Office, www.gpo.gov]

Report No. 98-I-498

Title: Evaluation Report on the Year 2000 Readiness of Automated
       Information Systems at the National Park Service

Date:  June 19, 1998




                  **********DISCLAIMER**********

This file contains an ASCII representation of an OIG report.
No attempt has been made to display graphic images or illustrations.
Some tables may be included, but may not resemble those in the printed version.

A printed copy of this report may be obtained by referring to the PDF
file or by calling the Office of Inspector General, Division of
Acquisition and Management Operations at (202) 208-4599.

                  ******************************




U.S. Department of the Interior
Office of Inspector General



EVALUATION REPORT



YEAR 2000 READINESS OF AUTOMATED INFORMATION SYSTEMS
AT THE NATIONAL PARK SERVICE


REPORT NO. 98-I-498

JUNE 1998








Memorandum                                                              A-IN-NPS-001-98R


To:       Director, National Park Service

From:     Robert J. Williams
          Acting Inspector General

Subject:  Evaluation Report on the Year 2000 Readiness of Automated Information
          Systems at the National Park Service (No. 98-I-498)


INTRODUCTION

This report presents the results of our evaluation of the year 2000 (Y2K) readiness of
automated information systems at the National Park Service.  The objective of our review
was to determine whether the Park Service (1) inventoried its automated information systems
and identified those systems that were mission critical and were not Y2K compliant, (2)
developed auditable cost estimates for renovating systems to be Y2K compliant, (3)
identified by name an individual responsible for ensuring that the Park Service is Y2K
compliant, (4) ensured that responsible individuals' personnel performance evaluation plans
included critical elements related to identifying and remedying Y2K problems, (5) developed
a credible plan that included milestones and a critical path to ensure that the Park Service is
Y2K compliant, and (6) developed a contingency plan that would address the failure of any
part of the systems not being Y2K ready.  This review was conducted at the request of the
Department of the Interior's Chief Information Officer to assist the Information Officer in
monitoring the progress of Departmental agencies in ensuring Y2K readiness, implementing
Y2K compliant systems, and validating the accuracy of the information reported by the
bureaus and Departmental agencies to the Chief Information Officer.


BACKGROUND

The "Y2K problem" is the term used to describe the potential failure of information
technology systems, applications, and hardware related to the change to the year 2000.  Many
computers that use two digits to keep track of the date will, on January 1, 2000, recognize
"double zero" not as 2000 but as 1900.  This could cause computers to stop running or to
start generating erroneous data.  The problem has been recognized as nationally significant
by the President in Executive Order No. 13073, issued in February 1998.   The Secretary of
the Interior, in a December 1997 memorandum, stated that the Y2K problem was critical to
the Department in meeting its mission and that resolution of the problem was one of his
highest priorities.  Further, Office of Management and Budget Memorandum 98-02,
"Progress Reports on Fixing Year 2000 Difficulties," issued on January 20, 1998, requires
all Federal executive branch agencies,  to ensure that Federal Government systems do not fail
in the year 2000, to have all systems, applications, and hardware renovated by September
1998; validated by January 1999; and implemented (that is, "fixes to all systems--both
mission critical and non-mission critical") by March 31, 1999.  The Office of Management
and Budget states in Memorandum 98-02 that it is to provide "information to the Congress
and the public as part of its [Office of Management and Budget's] quarterly summary reports
on agency progress . . . [and] to report on the status of agency validation and contingency
planning efforts and on progress in fixing . . . equipment that is date sensitive."

The Department has a multitiered approach to managing the Y2K problem that includes a
top tier comprising the Secretary of the Interior; the Information Technology Steering
Committee, which consists of  the Chief of Staff and the Assistant Secretaries; and the Chief
Information Officer, who is responsible for the Department's Y2K issues.  This tier, which
represents senior-level Departmental managers, provides the Y2K project's overall direction
and resources and ensures accurate reporting to external organizations such as the Office of
Management and Budget and the Congress.  A Departmentwide Y2K project team, which
reports to the Chief Information Officer and comprises representatives from each agency and
the Office of the Secretary, is tasked with developing the Department's Year 2000
Management Plan, refining inventory data on the Department's mission-critical and
information technology portfolio systems, and monitoring and reporting the progress of each
conversion.  In addition, a Y2K Embedded Microchip Coordinators Team has been
established to inventory and monitor embedded microchip technology Y2K problems.  The
team is led by the Office of Managing Risk and Public Safety and comprises representatives
of the eight Departmental bureaus, the Denver Administrative Service Center, and various
Departmental offices. The Department has developed the "Department of the Interior Year
2000 Management Plan," which focuses on the resolution of the Y2K problem and provides
an overall strategy for managing Departmental mission-critical systems and infrastructure.

The Department's February 1998 "Year 2000 Management Plan," which was submitted to
the Office of Management and Budget, reported that the Department had 95 mission-critical
systems.  Of the 95 mission-critical systems reported by the Department to the Office of
Management and Budget, the National Park Service had two systems (see the Appendix).
The Park Service has a project management team that comprises a Y2K executive (Deputy
Director for the Park Service) and a coordinator (Manager, Information and
Telecommunications Center).  In addition, the Y2K executive, on March 9, 1998, notified
regional information resource offices, program offices, and support offices that they are
responsible for ensuring that the systems are Y2K compliant.  However, the Y2K coordinator
does not require the regions, program offices, and support offices to report on the status of
their Y2K efforts. Further, to assist the Information and Telecommunications Center, the
Park Service created an Information Management Council, which comprises representatives
from all Park Service organizations.  Although the Council is not directly responsible for
Y2K, certain Council members who have information resources management-specific duties
are responsible for remediation or replacement of noncompliant applications or hardware.

The National Park Service consists of the Headquarters offices, program offices, 7 regional
offices, 11 support offices, 2 administrative program centers, and 374 parks and national
monument sites.  As part of its efforts to modernize its automated information systems, the
Park Service has developed an information technology plan, "Information Management
2000," and budgeted to upgrade more than 5,000 personal computers and local area networks
at the park locations.  For fiscal years 1998 and 1999, the plan calls for the complete
replacement of these computers and for local area networks to be repaired.  With the efforts
to modernize its systems scheduled for completion by December 30, 1999, Park Service
officials said that the Park Service expects the computer replacement and local area network
repair to resolve its major Y2K software problems.


SCOPE OF EVALUATION

To accomplish our objective, we reviewed the documentation available that supported the
Park Service's information submitted to the Department's Chief Information Officer through
March 1998.  We performed our evaluation at the Park Service's Information and
Telecommunications Center, located in Washington, D.C.  We interviewed personnel
responsible for project coordination to identify the Park Service's Y2K plans and progress.
We also interviewed, either in person, by telephone, or by electronic mail, personnel
involved in various aspects of the Y2K project, including coordination, compliance
identification, software remediation, and project management.

The evaluation was conducted in accordance with the "Quality Standards for Inspections,"
issued by the President's Council on Integrity and Efficiency and, accordingly, included such
tests and inspection procedures considered necessary to accomplish the objective.  Our
conclusions on the status of the progress made by the Park Service in addressing and
remediating Y2K problems were based on reviews of documentation maintained by the
Information and Telecommunications Center, various regions, and support and program
offices and discussions with the Y2K executive, Y2K coordinator, and various Information
Management  Council members.  As specifically agreed to in our discussions  with the
Department's Chief Information Officer, we did not validate or certify that the Park Service's
systems were Y2K compliant.


RESULTS OF EVALUATION

Although the National Park Service has recently taken more aggressive actions to address
Y2K problems, we concluded that the Park Service had not completed five of the six
objectives that the Chief Information Officer requested us to evaluate.  The specific actions
taken by the Park Service related to each objective are discussed in the paragraphs that
follow.  As a result of not completing the five objectives, we believe that there is an
increased risk that the  Park Service will not meet the Office of Management and Budget's
March 1999 milestone date for having compliant Y2K systems implemented.  Because
recent actions taken by the Park Service's Y2K executive and coordinator, as well as
regional, program, and support offices, and actions planned by the Information Management
Council for its June 1998 meeting  appear to address the concerns raised in this report, we
have not made any recommendations.  However, the Park Service should ensure that
sufficient resources are made available to meet the required milestone dates.


Automated Information Systems Inventory

The Park Service had not completed an adequate inventory of all of its mission- and
nonmission-critical automated information systems.  According to the Department's
milestone dates, agencies were required to have mission-critical systems inventoried and
systems that were not Y2K compliant identified by June 1997.  The Park Service did not
identify any mission-critical systems until February 1998.  In the Department's February
1998 report to the Office of Management and Budget, the Park Service reported that it had
two mission-critical systems. However, the Park Service had additional systems that were
identified by systems owners (personnel who are responsible for the systems) as mission
critical, such as the Case Incident Reporting System and the Park Police Information
Management Automation Project.  We also believe that these systems are mission critical
because of the impact the systems have in supporting the Ranger Activities Division and the
U.S. Park Police missions.  Therefore, we believe that the Park Service had not ensured that
an adequate assessment of mission- and nonmission-critical systems was performed.
Without an adequate inventory of its automated information systems, the Park Service cannot
identify the impact that automated information systems which are not Y2K compliant would
have on the Park Service in accomplishing its mission.

Although the Park Service had not completed its inventory and reported all mission-critical
systems to the Department's Chief Information Officer, the Park Service has an ongoing
project to inventory its major data systems.  The purpose of the project is to meet the Park
Service's goal of the Government Performance and Results Act for fiscal year 1998 to
identify 100 percent of the Park Service's local and mainframe systems by September 30,
1998.  However, we believe that this inventory may not include all of the Park Service's
mission-critical systems because the inventory will include only systems that are
Servicewide and Departmentwide.  As such, the inventory may not identify systems that
could be critical to the Park Service which are located at a particular region, program office,
or park.  Therefore, even if the Park Service's inventory of its major data systems is
completed by September 30, 1998, the Park Service will have missed the Department's
established milestone date by 15 months. As a result, the Park Service has little assurance
that all of its mission- and nonmission-critical systems have been identified and reported to
the Department's Chief Information Officer and that Y2K-compliant systems will be
implemented by March 1999.


Auditable Cost Estimates

The Park Service reported to the Department that no costs will be incurred to replace and
repair its two mission-critical systems but that costs of $760,000 would be incurred to
upgrade its personal computers and local area networks with Y2K-compliant software and
firmware.  Office of Management and Budget guidelines state that costs to rectify
noncompliant Y2K systems should be specifically related to Y2K efforts. We found that one
of the mission-critical systems, the Service Reservation System, is to be replaced in June
1998 for reasons not specifically attributable to Y2K; therefore, the reported statement that
no costs will be incurred to replace this system was accurate.  However, we also found that
the costs reported to repair the other mission-critical system, the National Register of
Historic Places System, were not accurate.  The National Register of Historic Places System
is scheduled to have its lines of source code repaired to rectify the Y2K problem by March
1999.  As such, we believe that the Park Service is incurring costs attributable to the Y2K
problem.  We found that the costs of $760,000 to replace embedded microchips and to
perform independent validation and validation of the upgraded personal computers and local
area networks were reasonable and supportable.  The Park Service's costs estimates should
be revised if additional mission-critical systems are identified (see section "Automated
Information Systems Inventory" in this report) that are not Y2K compliant and that need lines
of source code repaired.  As a result, the information reported by the Park Service to the
Department and the Office of Management and Budget was not accurate and may be
incomplete.  Additionally, the date scheduled for repair of the National Register of Historic
Places System is the same date that the Office of Management and Budget requires fully
compliant systems to be implemented.  Designation of Responsible Individuals

The Departmental Chief Information Officer requested that we determine whether
responsible officials had been specifically named.  The Park Service had identified by name
and title individuals to be the Y2K executive and the Y2K coordinator.  Therefore, the Park
Service had completed this objective.


Annual Personnel Performance Evaluation Plans

The Secretary of the Interior's December 1997 memorandum required that a "critical
performance element for identifying and remedying the Y2K" problem be included as part
of each responsible official's annual personnel performance evaluation plan.  Responsible
officials are defined in the memorandum as agency directors, agency Y2K executives, agency
information resources management coordinators, safety officials, and all others as determined
by the Y2K executive.  However, as of April 27, 1998, we found that, except for two
supervisory computer specialists in the Information and Telecommunications Center, the
elements were not included in the annual personnel performance evaluation plans of the Park
Service's Y2K executive; Y2K coordinator; and regional, program, and support office staff
who have Y2K responsibility.


Plan for Milestones

The Park Service did not have a plan to address Y2K issues, problems, or solutions with
milestones and critical paths for any of its automated information systems except for
upgrading personal computers and local area networks in park units. Park Service officials
said that they planned to address the requirement for a Servicewide Y2K plan at the Park
Service's Information Management Council meeting in June 1998 and that they anticipate
using the results of the June meeting to dictate the Park Service's Y2K approach. However,
because the Park Service had not completed an adequate inventory of automated information
systems, the Park Service will be at least 1 year behind schedule by June 1998.  Thus, all
actions to become Y2K compliant, including inventorying automated information systems,
assessing the automated information systems to determine the size and scope of any Y2K
problems, renovating and validating systems, and implementing compliant systems,  will
need to be accomplished in 9 months if the Park Service is to meet the Office of Management
and Budget's March 1999 milestone date.


Contingency Plans

Although the renovated Reservation System is planned to be implemented in June 1998 and
may not require a contingency plan, we found that a formal contingency plan had not been
developed for the other mission-critical system, the National Register of Historic Places
System, or any other automated information systems within the Park Service.  The Park
Service's Y2K coordinator stated that the need for contingency plans will be determined at
the June 1998 Information Management Council meeting.  Office of Management and
Budget Memorandum 98-02 requires that contingency plans be developed for those systems
that are not expected to be implemented by March 1999.  The Park Service will not have
completed its inventory of automated information systems and determined the impact of
noncompliant Y2K systems on the Park Service's operations until at least September 30,
1998.  The Park Service has not fully deployed its personal computers and local area network
upgrades, and the planned completion of the upgrades is December 31, 1999.  Therefore, the
Park Service should develop a contingency plan for its automated information systems and
for its operations that are supported by these systems to ensure that it will be able to
perform its operations after December 31, 1999.


Other Issues

The Department of the Interior and the Office of Management and Budget required that an
inventory of all data exchanges with outside entities be completed by February 1, 1998, and
that coordination with these entities to determine a transition plan occur by March 1, 1998.
The Park Service had not identified all of  its  data  exchanges with outside entities as of
April 27, 1998.  For example, data exchanges had not been identified for the Servicewide
Traffic Accident Reporting System,  a subsystem of the Crime Incident Reporting System,
which maintains data that are provided to the  Department of Transportation's Federal
Highway Administration, the Department of Justice, and state governments.

Department of the Interior Acquisition Policy Release 1997-6, "Year 2000 Contract
Specification," issued in April 1997, requires appropriate contract language to be included
in all acquisitions where there would be Y2K compliance issues.  However, the Park
Service's contract issued in December 1997 to replace the Park Service Reservation System
did not include the appropriate contract language to ensure that the replacement system
would "either be year 2000 compliant as delivered or if noncompliant at that time be
upgraded to be year 2000 compliant, at no additional cost to the government," as required by
the Policy Release.

During a May 28, 1998, exit conference with Park Service Y2K officials on the preliminary
draft of this report, the officials agreed with all of the identified conditions.  Based on the
Park Service's comments at the conference, we clarified that the use of the $760,000 of
auditable cost estimates was for replacing embedded microchips,  as well as for performing
independent validation and validation of the upgraded personal computers and local area
networks.

The legislation, as amended, creating the Office of Inspector General requires semiannual
reporting to the Congress on all audit reports issued, the monetary impact of audit findings,
actions taken to implement audit recommendations, and identification of each significant
recommendation on which corrective action has not been taken.

We appreciate the assistance of the Park Service's Y2K executive and Y2K coordinator and
other Park Service personnel at the various regional, program, and support offices in the
conduct of this evaluation.


NATIONAL PARK SERVICE MISSION-CRITICAL SYSTEMS INVENTORY*

System Name

Brief Description
Estimated Cost
For Compliance

Reservation System  An automated, contractor run
call reservation center used in
18 national parks.
National Register of
Historic Places  An automated system of the
National Register of Historic
Places, which maintains an
inventory of the Nation's
cultural resources deemed
worthy of preservation.


________________________
*Source of this information is the "Department of the Interior Year 2000 Management Plan,"
issued in February 1998.




ILLEGAL OR WASTEFUL ACTIVITIES SHOULD BE REPORTED TO THE OFFICE OF
INSPECTOR GENERAL BY:

Sending written documents to:



Within the Continental United States

U.S. Department of the Interior
Office of Inspector General
1849 C Street,N.W.
Mail Stop 5341
Washington, D.C. 20240

Calling:

Our 24 hour
Telephone HOTLINE
1-800-424-5081 or
(202) 208-5300

TDD for hearing impaired
(202) 208-2420 or
1-800-354-0996



Outside the Continental United States


Caribbean Region

U.S. Department of the Interior
Office of Inspector General
Eastern Division- Investigations
1550 Wilson Boulevard
Suite 410
Arlington, Virginia 22209

Calling:
(703) 235-9221


North Pacific Region

U.S. Department of the Interior
Office of Inspector General
North Pacific Region
238 Archbishop F.C. F'lores Street
Suite 807, PDN Building
Agana, Guam 96910


Calling:
(700) 550-7428 or
COMM 9-011-671-472-7279
