[Evaluation Report on Year 2000 Readiness of Automated Information Systems at the U.S. Fish and Wildlife Service]
[From the U.S. Government Printing Office, www.gpo.gov]

Report No. 98-I-701

Title: Evaluation Report on Year 2000 Readiness of Automated Information
       Systems at the U.S. Fish and Wildlife Service

Date:  September 28, 1998




                  **********DISCLAIMER**********

This file contains an ASCII representation of an OIG report.
No attempt has been made to display graphic images or illustrations.
Some tables may be included, but may not resemble those in the printed version.

A printed copy of this report may be obtained by referring to the PDF
file or by calling the Office of Inspector General, Division of
Acquisition and Management Operations at (202) 208-4599.

                  ******************************







U.S. Department of the Interior
Office of Inspector General






EVALUATION REPORT


YEAR 2000 READINESS OF
AUTOMATED INFORMATION SYSTEMS
AT THE U.S. FISH AND WILDLIFE SERVICE


REPORT NO. 98-I-701
SEPTEMBER 1998








                  MEMORANDUM


             TO:  The Secretary

           FROM:  Richard N. Reback
                  Acting Inspector General

SUBJECT SUMMARY:  Final Evaluation Report for
                  Your Information - "Year 2000
                  Readiness  of  Automated Information Systems
                  at the U.S. Fish and Wildlife
                  Service" (No. 98-I-701)

Attached for your information is a copy of the subject final
evaluation report.  The objective of our evaluation  was  to
determine  whether  the  U.S.  Fish and Wildlife Service (1)
inventoried its automated information systems and identified
those systems that were mission  critical  and  were not Y2K
compliant;  (2)  developed  auditable  cost  estimates   for
renovating  systems to be Y2K compliant; (3) identified,  by
name,   individuals    responsible  for  ensuring  that  the
Service  is  Y2K compliant;  (4)  ensured  that  responsible
individuals' personnel performance evaluation plans included
critical elements  related  to identifying and remedying Y2K
problems;  (5)  developed  a  credible  plan  that  included
milestones and a critical path to ensure that the Service is
Y2K compliant;  and (6) developed  a  contingency  plan that
would  address  the  failure of any part of the systems  not
being Y2K ready.  This  review  was conducted at the request
of  the  Department  of  the  Interior's  Chief  Information
Officer.

Of  the  six  areas  that  the  Chief   Information  Officer
requested us to evaluate, we concluded that the  Service had
completed  actions  for  all  six areas.  Specifically,  the
Service   had   identified  its  mission-critical   systems,
developed auditable  cost  estimates, designated responsible
individuals  for ensuring Y2K  compliance,   updated  annual
personnel performance  evaluation  plans to include critical
elements  relating  to  remedying  Y2K  problems,  developed
credible  plans  that  included  milestones,  and  developed
contingency  plans  for its mission-critical  systems.   The
report did not contain any recommendations.

If you have any questions  concerning  this  matter,  please
contact  me  at  (202)  208-5745 or  Mr. Robert J. Williams,
Assistant Inspector General for Audits,  at (202) 208-4252.


             Attachment







                                            A-IN-FWS-001-98-R







EVALUATION REPORT


             Memorandum


        To:  Director, U.S. Fish and Wildlife Service

      From:  Robert J. Williams
             Assistant Inspector General for Audits

   Subject:  Evaluation Report on Year 2000 Readiness of
             Automated Information Systems at the U.S.
             Fish and Wildlife Service (No. 98-I-701)


INTRODUCTION

This  report presents the results of our evaluation  of  the
year 2000  (Y2K)  readiness of automated information systems
at the U.S. Fish and Wildlife Service.  The objective of our
review was to determine  whether the Service (1) inventoried
its  automated  information  systems  and  identified  those
systems  that  were   mission  critical  and  were  not  Y2K
compliant;  (2)  developed   auditable  cost  estimates  for
renovating systems to be Y2K compliant;  (3)  identified, by
name, individuals responsible for ensuring that  the Service
is  Y2K compliant; (4) ensured that responsible individuals'
personnel  performance  evaluation  plans  included critical
elements related to identifying and remedying  Y2K problems;
(5) developed a credible plan that included milestones and a
critical  path to ensure that the Service is Y2K  compliant;
and (6) developed  a contingency plan that would address the
failure of any part  of the systems not being Y2K ready.  We
also  reviewed  the  Service's   progress   in  inventorying
automated information systems components, including computer
software,   hardware,   and   firmware;   telecommunications
systems; facilities; and data exchanges between  the Service
and  other  Department  of the Interior agencies or external
entities for Y2K problems.  This review was conducted at the
request  of  the  Department   of   the   Interior's   Chief
Information  Officer  to  assist  the Information Officer in
monitoring the progress of Departmental agencies in ensuring
Y2K  readiness,  implementing  Y2K  compliant  systems,  and
validating the accuracy of the information  reported  by the
Departmental agencies to the Chief Information Officer.

BACKGROUND

The "Y2K problem" is the term used to describe the potential
failure of information technology systems, applications, and
hardware related to the change to the year 2000. Many computer
systems that use  two digits to keep track of the date will,
on January 1, 2000,  recognize"double  zero" not as 2000 but
as 1900.  This could cause computer systems  to stop running
or to start generating erroneous data.  The problem has been
recognized  as  nationally  significant by the President  in
Executive  Order  13073,  issued   in  February  1998.   The
Secretary  of the Interior, in a December  1997  memorandum,
stated that  the  Y2K problem was critical to the Department
in meeting its mission  and  that  resolution of the problem
was one of his  highest  priorities.   Further,   Office  of
Management and Budget Memorandum 98-02, "Progress Reports on
Fixing Year 2000 Difficulties," issued on January 20,  1998,
requires  all  Federal  executive  branch agencies to ensure
that Federal Government systems do not  fail  because of the
change   to   the   year  2000  and  to  have  all  systems,
applications,  and hardware  renovated  by  September  1998,
validated by January  1999,  and implemented (that is,"fixes
to  all  systems--both  mission  critical   and  non-mission
critical") by March 31, 1999.  The Office of  Management and
Budget  states  in  Memorandum  98-02 that it is to  provide
"information to the Congress and  the  public as part of its
[Office  of  Management  and  Budget's]  quarterly   summary
reports  on  agency  progress  .  . . [and] to report on the
status of agency validation and contingency planning efforts
and on the progress in fixing . . .  equipment  that is date
sensitive."

The Department has developed the "Department of the Interior
Year 2000 Management Plan," which focuses on the  resolution
of  the  Y2K  problem  and provides an overall strategy  for
managing   Departmental   mission-critical    systems    and
infrastructure.   The  Department has a multitiered approach
to managing the Y2K problem  that includes a top tier, which
comprises  the Secretary of the  Interior;  the  Information
Technology Steering  Committee,  which consists of the Chief
of  Staff  and  the  Assistant Secretaries;  and  the  Chief
Information Officer, who is responsible for the Department's
Y2K  issues.   This  tier,   which  represents  senior-level
Departmental managers, provides  the Y2K project's direction
and  resources and ensures accurate  reporting  to  external
organizations,  such  as the Office of Management and Budget
and the Congress.  A Departmentwide  Y2K project team, which
reports  to  the  Chief  Information Officer  and  comprises
representatives from each  agency  and  the  Office  of  the
Secretary,  is  tasked with developing the Department's Year
2000  Management  Plan,   refining  inventory  data  on  the
Department's  mission-critical  and  information  technology
portfolio systems,[1]  and  monitoring  and reporting on the
progress of each conversion.  In addition,  a  Y2K  Embedded
Microchip[2]  Coordinators  Team  has  been  established  to
inventory  and  monitor  embedded  microchip  technology Y2K
problems.   The  team is led by the Office of Managing  Risk
and Public Safety and comprises representatives of the eight
Departmental agencies,  the  Denver  Administrative  Service
Center, and various Departmental offices.

The  Department's  August  1998 "Quarterly Progress Report,"
which was submitted to the Office  of Management and Budget,
reported   that  the  Department  had  91   mission-critical
systems.  Of the 91 mission-critical systems reported by the
Department to  the  Office  of  Management  and  Budget, the
Service had 1 system (see the Appendix).  The Service  has a
project  management  team  that  comprises  a  Y2K executive
(Assistant  Director  for  Administration);  a  Y2K  manager
(Computer  Specialist,  Information  Resources  Management);
eight  Regional  Y2K  managers; and individual managers  for
computer   systems,   telecommunications,    and    embedded
microchips.

SCOPE OF EVALUATION

To accomplish our objective, we reviewed the documentation
available that supported the Service's information submitted
to the Department's Chief  Information  Officer for the August
1998 "Quarterly  Progress Report." We performed our  evaluation
during May through  August  1998  at the Service's Office of
Information  Resources  Management,  located  in  Arlington,
Virginia.  We interviewed personnel responsible  for project
coordination  to  identify the Service's plans and progress.
We also interviewed,  either  in person, by telephone, or by
electronic mail, personnel involved  in  various  aspects of
the   Y2K   project,   including   coordination,  compliance
identification,    software   remediation,    and    project
management.

The evaluation was conducted in accordance with the "Quality
Standards  for  Inspections,"   issued  by  the  President's
Council on Integrity and Efficiency, and included such tests
and inspection procedures considered necessary to accomplish
the  objective.   Our  conclusions  on  the  status  of  the
progress made by the Service in addressing  and  remediating
Y2K   problems   were  based  on  reviews  of  documentation
maintained   by   the    Service's   Information   Resources
Management,   program,  and    regional   offices   and   on
discussions with the various Y2K coordinators throughout the
Service  and  with  individuals  performing  remediation  or
replacement of  noncompliant  applications  or hardware.  As
specifically   agreed   to  in  our  discussions  with   the
Department's Chief Information  Officer, we did not validate
or certify that the Service's systems or infrastructure were
Y2K compliant.

RESULTS OF EVALUATION

Of  the  six areas that the Chief Information Officer requested
us to evaluate,  we  concluded that the U.S. Fish and Wildlife
Service   had   completed   actions   on   all   six  areas.
Specifically,   the  Service  had  identified  its  mission-
critical  systems,   developed   auditable  cost  estimates,
designated   responsible  individuals   for   ensuring   Y2K
compliance,  had   updated   annual   personnel  performance
evaluation  plans to include critical elements  relating  to
remedying  Y2K   problems,  developed  credible  plans  that
included milestones, and developed contingency plans for its
mission-critical systems.  The specific actions taken by the
Service related to  each area and other issues affecting the
Service' readiness efforts  are  discussed in the paragraphs
that follow.

Automated Information Systems Inventory

Although the Service had performed an  inventory  of all of
its automated information systems, the Service had not
reported all of its mission-critical systems to the
Department's Chief Information Officer. According to the
Department's milestone  dates,  agencies  were required to
have mission-critical systems inventoried and systems that
were not Y2K compliant identified by June 1997.  Additionally,
Office of Management and Budget Memorandum 98-02 requires
agencies to report  on  their  total number of mission-critical
systems. In the Department's  August  1998  report  to  the
Office of Management and Budget, the Service reported that it
had one mission-critical  system,  the  Law  Enforcement
Management Information  System  (LEMIS). However, we found that
the Service had one additional system which was  critical to
the Service's mission and  was not Y2K compliant.  Specifically,
we   believe  that  either  the  Federal  Aid  Project   and
Accounting  Ledger System (FAPALS) or the replacement system
for FAPALS, the  Federal  Aid  Information Management System
(FAIMS), should have been reported as mission critical.  One
of  these  systems  should  have  been   reported   to   the
Department's Chief Information Officer as a mission-critical
system  because  of  the  system's impact on the Federal Aid
Program, which supports the  Service's mission "to conserve,
protect, and enhance fish and wildlife and their habitats."

Although the system owner and the manager had not determined
whether FAPALS or FAIMS was mission  critical  by July 1998,
one  of  the  systems  should have been reported as  mission
critical because the Federal  Aid Program is responsible for
administering the Sport Fish and  Wildlife Restoration grant
programs.  The Federal Aid Program  provides funds to states
for  various  sport fish and wildlife restoration  programs,
and in fiscal year  1998,  the Service apportioned more than
$427  million  for  these programs.   The  systems  maintain
Federal aid grant records and fiscal ledgers used to monitor
grant compliance and  to  generate  payments  to the states.
The systems also interface with the Department of Health and
Human  Services   Payment  Management  System for disbursing
Federal aid funds to states and with the  Service's  Federal
Financial   System   for   recording   Federal   aid  costs.
Therefore,  the  Service  had  not  ensured  that a thorough
assessment of mission- and nonmission-critical  systems  was
performed.   Without  a thorough assessment of its automated
information systems, the  Service cannot identify the impact
that having automated information  systems which are not Y2K
compliant  would have on the Service  in  accomplishing  its
mission and  core  capabilities.   However,  the  Service on
September  2,  1998,  identified the Federal Aid Information
Management  System as mission  critical  and  reported  this
system  to  the   Department's  Chief  Information  Officer.
Therefore, the Service subsequently completed this action.

The Department's Chief Information Officer requested that we
determine the progress  of the Service in addressing the Y2K
problem regarding telecommunications and embedded microchips
in information systems and  facilities.   We  found that the
Service  had initiated action at the time of our  review  to
inventory    telecommunications   equipment   and   embedded
microchips  in  information  systems  and  facilities.   The
Service's telecommunications  and embedded chip coordinators
had received inventory data from  Service regional and field
offices.  A national database was being  constructed  of all
of  the  data  obtained,  and  the  data will be used by the
Service to identify potential Y2K problems  and  to  develop
action plans.

Auditable Cost Estimates

We found that the Service had reported correctly that  there
were  no  applicable  Y2K costs for its one mission-critical
system, LEMIS.  LEMIS was  scheduled  for replacement with a
system that would be Y2K compliant by design.   Although  we
believe  that  FAPALS or FAIMS should be reported as mission
critical  (see  section   "Automated   Information   Systems
Inventory"),  FAIMS is scheduled to replace FAPALS in fiscal
year 1999.  However,  since the replacement was not designed
specifically for remedying Y2K problems in FAPALS,  no costs
for  Y2K compliance would  be  reportable.   Therefore,  the
Service had completed this action.

Designation of Responsible Individuals

We found  that  the  Service had specifically designated, by
name, the Y2K executive,  the  Service  Y2K coordinator, Y2K
coordinators in each of the Service's regional  offices, and
Y2K     coordinators    for    embedded    microchips    and
telecommunications.   Therefore,  the  Service had completed
this action.

Annual Personnel Performance Evaluation Plans

The  Secretary  of the Interior's December  1997  memorandum
required   that  "a   critical   performance   element   for
identifying  and  remedying"  the Y2K problem be included as
part  of  each  responsible  official's  annual  performance
evaluation plan.  Responsible  officials  are defined in the
memorandum  as  agency  directors,  agency  Y2K  executives,
agency information resources management coordinators, safety
officials,   and  all  others  as  determined  by  the   Y2K
executives.  We  found  that  the Y2K executive and managers
and   the   Service's   information   resources   management
coordinator   had   performance   elements  addressing   Y2K
objectives  in  their annual performance  evaluation  plans.
Therefore, the Service had completed this action.

Plan for Milestones

We found that the  Service  had developed a project plan for
its reported mission-critical  system,  LEMIS,  and that the
plan  included reasonable milestone dates.  Although  FAPALS
or  FAIMS  was  not  reported  by  the  Service  as  mission
critical,  the  system owner and the manager had developed a
project plan that  included  reasonable milestone dates.  As
of July 1998, LEMIS and the replacement  system  for  FAPALS
had   scheduled   implementation  dates  of  November  1998.
Therefore, the Service had completed this action.

Contingency Plans

The  Service  had  a  contingency  plan  for  its   reported
mission-critical system.   The contingency plan for LEMIS is
to enter events that occur after  December  31,  1999,  into
the  system  manually rather than electronically.  We  found
that the contingency  plan  for  LEMIS had been implemented,
and  Service officials said that it  will  remain  in  place
until  the  replacement system is implemented.  In addition,
the Service has  developed  a  contingency  plan  for FAIMS,
which  is  the  replacement system for FAPALS.  Federal  Aid
Program management  stated that the replacement system is to
be implemented in November  1998  and will be Y2K compliant.
The contingency plan for FAIMS is to create database backups
that  can  be retrieved by redundant  hardware  systems  and
manually uploaded to both the Department of Health and Human
Services and the Service's Federal Financial System systems.
Therefore, the Service had completed this action.

Other Issues

We found that  the Service's readiness efforts were affected
by other issues that should be addressed as follows:

     -  Contract   Language.   Department  of  the  Interior
Acquisition  Policy  Release  1997-6,  "Year  2000  Contract
Specification," issued  in  April 1997, requires appropriate
contract language to be included  in  all  acquisitions that
would  pertain  to  Y2K  compliance  issues.   However,  the
Service's  contract  issued  in January 1998 to replace  the
Federal Aid Project Accounting  and  Ledger  System  did not
include the appropriate contract language as required by the
policy  release  to ensure that the replacement system would
"either  be  year  2000   compliant   as   delivered  or  if
noncompliant  at  that  time  be  upgraded to be  year  2000
compliant  at  no additional cost to  the  Government."   On
September 3, 1998,  the  Service  took  action  to amend the
contract with the appropriate contract language.

     - Independent Verification and Validation.    According
to   the   Service's   Y2K   Master   Plan,  no  independent
verification and validation tests are to be performed on the
LEMIS  replacement system being developed  by  the  Service.
Rather,  system  testing  and  validation  are to take place
throughout the development cycle of the replacement  system,
with  full  operational system test and validation occurring
before implementation.   We  believe that the Service should
have  specific independent Y2K  testing,  verification,  and
validation   performed   on  the  replacement  system.   The
Department's  draft  guidelines   require  that  independent
verification and validation, which is "a process whereby the
products of the software development  life  cycle phases are
independently  reviewed,  verified,  and  validated   by  an
organization  that is neither the developer nor the acquirer
of the software,"  be  performed.  Therefore,  the Service's
plan   did  not  meet  the  Departmental  requirements   for
independent   verification  and  validation.   However,  the
Service provided  its  draft  Independent  Verification  and
Validation (IV&V) Plans for LEMIS and FAIMS, dated September
14,   1998,   which  are  in  compliance  with  Departmental
guidelines  for   independent  verification  and  validation
testing.  The plans  state that independent verification and
validation  will  be performed  by  a  Service  organization
independent of either  the  developers of the systems or the
systems' owners.

During our September 4, 1998,  exit conference with Fish and
Wildlife ServiceY2K officials on  the  preliminary  draft of
this report, the officials provided documentation that  they
said  they  believed  would  resolve  some of the conditions
identified in the preliminary draft report.   Based  on  the
documentation, we considered the actions on all six areas of
the  objective  to  be  completed,  and  we have changed the
report accordingly.

The  legislation,  as  amended,  creating  the   Office   of
Inspector  General  requires  semiannual  reporting  to  the
Congress on all audit reports issued, the monetary impact of
audit   findings,   actions   taken   to   implement   audit
recommendations,  and  identification  of  each  significant
recommendation  on  which  corrective  action  has not  been
taken.

We appreciate the assistance of the Service's personnel   in
the conduct of this evaluation.

**FOOTNOTES**

[1]:The portfolio is an inventory listing of 13 crosscutting
or  sensitive  systems  that  are receiving attention at the
Secretarial level.

[2]:Embedded  microchips  are "integrated  circuits  (miniature  circuit
boards)" that control "electronic  devices,"  which  include "elevators,
heating,  ventilation and air conditioning (HVAC), water  and  gas  flow
controllers; aircraft navigational systems; and . . . medical equipment"
and office  devices  such as telephones, facsimile machines, pagers, and
cellular telephones. (Department  of  the  Interior's Office of Managing
Risk  and  Public  Safety  "Year 2000 Embedded Microchip  Hazards"  [Web
site])
                                                    APPENDIX

              U. S. FISH AND WILDLIFE SERVICE
            MISSION-CRITICAL SYSTEMS INVENTORY[1]



---------------------------------------------------
                                        Estimated
 System  Name                            Cost for
or                 Description          Compliance
   Acronym
---------------------------------------------------
---------------------------------------------------
Law              A law                      0
Enforcement      enforcement
Management       system for
Information      recording and
System           managing
(LEMIS)          criminal and
                 civil
                 investigations
                 conducted by the
                 U.S. Fish and
                 Wildlife
                 Service.


**FOOTNOTES**

[1]:Information is from the "Department of the Interior Year
2000 Management Plan," issued in February 1998.






ILLEGAL OR WASTEFUL ACTIVITIES SHOULD BE REPORTED

TO THE OFFICE OF INSPECTOR GENERAL BY:

Sending written documents to:



Within the Continental United States

U.S. Department of the Interior
Office of Inspector General
1849 C Street,N.W.
Mail Stop 5341
Washington, D.C. 20240

Calling:

Our 24 hour
Telephone HOTLINE
1-800-424-5081 or
(202) 208-5300

TDD for hearing impaired
(202) 208-2420 or
1-800-354-0996



Outside the Continental United States


Caribbean Region

U.S. Department of the Interior
Office of Inspector General
Eastern Division- Investigations
1550 Wilson Boulevard
Suite 410
Arlington, Virginia 22209

Calling:
(703) 235-9221


North Pacific Region

U.S. Department of the Interior
Office of Inspector General
North Pacific Region
238 Archbishop F.C. F'lores Street
Suite 807, PDN Building
Agana, Guam 96910


Calling:
(700) 550-7428 or
COMM 9-011-671-472-7279