[Evaluation Report on Year 2000 Readiness of Automated Information Systems at the Bureau of Land Management (No.99-i-231)]
[From the U.S. Government Printing Office, www.gpo.gov]

Title: Evaluation Report on Year 2000 Readiness of Automated Information
       Systems at the Bureau of Land Management (No.99-i-231) 

Date:  February 12, 1999




                  **********DISCLAIMER**********

     This file contains an ASCII representation of an OIG report.
No attempt has been made to display graphic images
or illustrations. Some tables may be included, but may not
resemble those in the printed version.
     A printed copy of this report may be obtained by referring
to the PDF file or by calling the Office of Inspector General,
Division of Acquisition and Management Operations at
(202)208-4599.

                  ******************************






U.S. Department of the Interior
Office of Inspector General



EVALUATION REPORT


YEAR 2000 READINESS OF AUTOMATED INFORMATION SYSTEMS
AT THE BUREAU OF LAND MANAGEMENT


REPORT NO. 99-I-231

FEBRUARY 1999




MEMORANDUM

             TO:  The Secretary

           FROM:  Eljay B. Bowron
                  Inspector General

SUBJECT SUMMARY:  Final Evaluation Report -
                  "Year 2000 Readiness of Automated
                  Information Systems
                  at the Bureau of Land Management" (No.99-i-231)

Attached for your information is a copy of the subject  final
evaluation  report.  The objective of our review was to determine
whether the Bureau of Land Management (1) inventoried its
automated information systems and identified those systems that
were mission critical and were not Y2K (Year 2000) compliant; (2)
developed auditable cost estimates for renovating systems to be
Y2K compliant; (3) identified, by name, individuals responsible
for ensuring that the Bureau is Y2K compliant; (4) ensured that
responsible individuals' personnel performance evaluation plans
included critical elements related to identifying and remedying
Y2K problems; (5) developed a credible plan that included
milestones and a critical path to ensure that the Bureau is Y2K
compliant; and (6) developed a contingency plan that would
address the failure of any part of the systems not being Y2K
ready.  This review was conducted at the request of the
Department of the Interior's Chief Information Officer.

Of the six areas that the Chief Information Officer requested us
to evaluate, we concluded that the Bureau, at the end of our
fieldwork, had completed actions on two areas but had not
completed actions on four areas.  Specifically, the Bureau had
designated responsible individuals and developed contingency
plans for its mission-critical systems.  However, the Bureau had
not reported all of its mission-critical systems to the Chief
Information Officer, developed auditable cost estimates, updated
annual personnel performance evaluation plans, and developed
credible plans that included milestones.  Subsequent to our
audit, Bureau Y2K officials provided updated documentation that
indicated that the Bureau had completed  actions on all six of
the areas we reviewed.

The report did not contain any recommendations because the Bureau
said that it was taking actions which should enable it to meet
the required milestones for having Y2K compliant mission-critical
systems.

If you have any questions concerning this matter, please contact
me at (202) 208-5745 or Mr. Robert J. Williams, Assistant
Inspector General for Audits, at (202) 208-4252.


Attachment





EVALUATION REPORT                              A-IN-BLM-001-98-R




Memorandum

     To:  Director, Bureau of Land Management

   From:  Robert J. Williams
          Assistant Inspector General for Audits

Subject:  Evaluation Report on Year 2000
          Readiness of Automated Information Systems
          at the Bureau of Land Management (No.99-i-231)

INTRODUCTION

This report presents the results of our evaluation of year 2000
(Y2K) readiness of automated information systems at the Bureau of
Land Management.  The objective of our review was to determine
whether the Bureau (1) inventoried its automated information
systems and identified those systems that were mission critical
and were not Y2K compliant; (2) developed auditable cost
estimates for renovating systems to be Y2K compliant; (3)
identified, by name, individuals responsible for ensuring that
the Bureau is Y2K compliant; (4) ensured that responsible
individuals' personnel performance evaluation plans included
critical elements related to identifying and remedying Y2K
problems; (5) developed a credible plan that included milestones
and a critical path to ensure that the Bureau is Y2K compliant;
and (6) developed a contingency plan that would address the
failure of any part of the systems not being Y2K ready.  We also
reviewed the Bureau's progress in inventorying automated
information systems components, including computer software and
hardware; telecommunications systems; facilities; and data
exchanges between the Bureau and other Department of the Interior
agencies or external entities for Y2K problems.  This review was
conducted at the request of the Department of the Interior's
Chief Information Officer to assist the Information Officer in
monitoring the progress of Departmental agencies in ensuring Y2K
readiness, implementing Y2K compliant systems, and validating the
accuracy of the information reported by the Departmental agencies
to the Chief Information Officer.

BACKGROUND

The "Y2K problem" is the term used to describe the potential
failure of information technology systems, applications, and
hardware related to the change to the year 2000.  Many computer
systems that use two digits to keep track of the date will, on
January 1, 2000, recognize "double zero" not as 2000 but as 1900.
This could cause computer systems to stop running or to start
generating erroneous data.  The problem has been recognized as
nationally significant by the President in Executive Order 13073,
issued in February 1998.  The Secretary of the Interior, in a
December 1997 memorandum, stated that the Y2K problem was
critical to the Department in meeting its mission and that
resolution of the problem was one of his highest priorities.
Further, Office of Management and Budget Memorandum 98-02,
"Progress Reports on Fixing Year 2000 Difficulties," issued on
January 20, 1998, requires all Federal executive branch agencies
to ensure that Federal Government systems do not fail because of
the change to the year 2000 and to have all systems,
applications, and hardware renovated by September 1998; validated
by January 1999; and implemented (that is,"fixes to all
systems--both mission critical and non-mission critical") by
March 31, 1999.  The Office of Management and Budget states in
Memorandum 98-02 that it is to provide "information to the
Congress and the public as part of its [Office of Management and
Budget's] quarterly summary reports on agency progress . . .
[and] to report on the status of agency validation and
contingency planning efforts and on the progress in fixing . . .
equipment that is date sensitive."

The Department has developed the "Department of the Interior Year
2000 Management Plan," which focuses on the resolution of the Y2K
problem and provides an overall strategy for managing
Departmental mission-critical systems and infrastructure.  The
Department has a multitiered approach to managing the Y2K problem
that includes a top tier, which comprises the Secretary of the
Interior; the Information Technology Steering Committee, which
consists of the Chief of Staff and the Assistant Secretaries; and
the Chief Information Officer, who is responsible for the
Department's Y2K issues.  This tier, which represents
senior-level Departmental managers, provides the Y2K project's
direction and resources and ensures accurate reporting to
external organizations, such as the Office of Management and
Budget and the Congress.  A Departmentwide Y2K project team,
which reports to the Chief Information Officer and comprises
representatives from each agency and the Office of the Secretary,
is tasked with developing the Department's Year 2000 Management
Plan, refining inventory data on the Department's
mission-critical and information technology portfolio systems,[1]
and monitoring and reporting on the progress of each conversion.
In addition, a Y2K Embedded Microchip[2] Coordinators Team has
been established to inventory and monitor embedded microchip
technology Y2K problems.  The team is led by the Office of
Managing Risk and Public Safety and comprises representatives of
the eight Departmental agencies, the Denver Administrative
Service Center, and various Departmental offices.

The Department's August 1998 "Quarterly Progress Report," which
was submitted to the Office of Management and Budget, reported
that the Department had 91 mission-critical systems, of which the
Bureau had 13 systems (see Appendix 1).  The Bureau has a project
management team that comprises a Y2K executive who is the Acting
Assistant Director for Business and Fiscal Resources; a Y2K
coordinator; Y2K managers at the Washington office, the 12 state
offices, and the 6 centers;[3] and individual project managers
for mission-critical systems, telecommunications, and embedded
microchip technology efforts.

SCOPE OF EVALUATION

To accomplish our objective, we reviewed the documentation
available that supported the Bureau's information submitted to
the Department's Chief Information Officer for the August 1998
"Quarterly Progress Report."  We performed our evaluation during
June through September 1998 at the Bureau's Office of Information
Resources Management Office, located in Washington, D.C., and the
National Information Resources Management Center, located in
Denver, Colorado.  We interviewed personnel responsible for
project coordination to identify the Bureau's plans and progress.
We also interviewed, either in person, by telephone, or by
electronic mail, personnel involved in various aspects of the Y2K
project, including coordination, compliance identification,
software remediation, and project management.

The evaluation was conducted in accordance with the "Quality
Standards for Inspections," issued by the President's Council on
Integrity and Efficiency, and included such tests and inspection
procedures considered necessary to accomplish the objective.  Our
conclusions on the status of the progress made by the Bureau in
addressing and remediating Y2K problems were based on reviews of
documentation maintained by the Bureau's Information Resources
Management, state, program, and center offices and on discussions
with the various Y2K coordinators throughout the Bureau and with
individuals performing remediation or replacement of noncompliant
applications or hardware.  As specifically agreed to in our
discussions with the Department's Chief Information Officer, we
did not validate or certify that the Bureau's infrastructure or
systems were Y2K compliant.

RESULTS OF EVALUATION

Of the six areas that the Chief Information Officer requested us
to evaluate, we concluded that the Bureau of Land Management, at
the end of our fieldwork, had completed actions on two areas but
had not completed actions on four areas.  Specifically, the
Bureau had designated responsible individuals and developed
contingency plans for its mission-critical systems.  However, the
Bureau had not reported all of its mission-critical systems to
the Department's Chief Information Officer, developed auditable
cost estimates, updated annual personnel performance evaluation
plans, and developed credible plans that included milestones.

During our January 5, 1999, exit conference with Bureau of Land
Management Y2K officials on the preliminary draft of this report,
the officials provided updated documentation that  would resolve
the conditions identified in the preliminary draft report. Based
on the documentation provided, we considered the actions on all
six areas of the objective to be completed, and we have changed
the report accordingly.  The specific actions taken by the Bureau
related to each area and other issues affecting the Bureau's
progress are discussed in the paragraphs that follow.

Automated Information Systems Inventory

At the time of our review, the Bureau had not performed an
inventory of all of its automated information systems.  According
to the Department's milestone dates, agencies were required to
have mission-critical systems inventoried and systems that were
not compliant identified by June 1997.  Additionally, Memorandum
98-02 requires agencies to report on their total number of
mission-critical systems.  In the Department's August 1998
"Quarterly Progress Report," the Bureau reported that it had 13
mission-critical systems (see Appendix 1).  Although the Bureau
identified and reported 13 mission-critical systems, a complete
inventory of its automated systems was not conducted and reported
because the Bureau only inventoried and reported on its
Bureauwide systems.  We found that the Bureau had at least 11
additional systems which were critical to the Bureau's mission
(see Appendix 2).  For example, Oregon State Office Y2K project
management identified eight mission-critical systems, of which
three were related to the Bureau's mission of managing forests
and wildlife habitat.  Thus, there was a risk that all
mission-critical systems had not been identified.

During the January 5, 1999, exit conference, Bureau Y2K officials
provided documentation that resolved the identification of
systems.  While we believe that the mission-critical systems
identified in Appendix 2 should have been reported to the
Department as part of the Bureau's mission-critical systems, we
also believe that the Bureau has adequately identified and
implemented procedures which should ensure Y2K compliancy for all
of the Bureau's systems.  Therefore, the Bureau has completed
this action.

The Department's Chief Information Officer requested that we
determine the progress of the Bureau in addressing the Y2K
problem regarding telecommunications and embedded microchips in
information systems and facilities.  We found, at the time of our
review, that the Bureau's telecommunications coordinator had
received inventory data from the 12 state offices and the 6
centers and that the Bureau's embedded microchip coordinator had
received complete inventory data from 6 of the 12 state offices
and the 6 centers to construct a national database of
mission-critical embedded microchip inventory data.

Auditable Cost Estimates

At the time of our review, we found that the cost estimates the
Bureau reported  to the Department's Chief Information Officer in
the August 1998 "Quarterly Progress Report" were unauditable.
The Bureau had not identified any costs for remedying the Y2K
problem for seven of its mission-critical systems.  Since these
systems were to be repaired or redesigned, we believe that there
should have been costs  associated with these actions.  The
Bureau reported total estimated costs of $250,000 to correct Y2K
problems in the six other mission-critical systems.  However, the
Bureau could not provide documentation to support its cost
estimates for correcting the Y2K problems for these six  systems.
Therefore, the cost estimates were not supported or auditable.

In addition, the Bureau may have underestimated the costs to
correct Y2K problems in embedded microchip technology.  The
Bureau reported costs of $400,000 to correct embedded microchip
technology Y2K problems to the Department's Chief Information
Officer.  However, we found that the estimated costs to correct
embedded microchip technology in the Nevada State Office were
estimated at more than $540,000 and that, at the time of our
review, only 6 of the 12 state offices and all 6 of the centers
had completed inventories of embedded microchips.

During the January 5, 1999, exit conference, Bureau Y2K officials
provided documentation that supported cost estimates for
remedying the Bureau's mission-critical systems and correcting
Y2K problems in its embedded microchip technology.  Therefore,
the Bureau has completed this action.

Designation of Responsible Individuals

We found that the Bureau had specifically designated, by name,
the Y2K executive, the Bureau Y2K coordinator, Y2K managers in
each of the Bureau's 12 state offices and 6 centers, and Y2K
coordinators for embedded microchips and telecommunications.
Therefore, the Bureau has completed this action.

Annual Personnel Performance Evaluation Plans

The Secretary of the Interior's December 1997 memorandum required
that "a critical performance element for identifying and
remedying" the Y2K problem be included as part of each
responsible official's annual performance evaluation plan.
Responsible officials are defined in the memorandum as agency
directors, agency Y2K executives, agency information resources
management coordinators, safety officials, and all others as
determined by the Y2K executives.  In addition, the Bureau
Director issued Instruction Memorandum No. 98-127, "Year 2000
Critical Element for Employee Performance Appraisals," dated June
25, 1998, which required that a Y2K critical element be included
in the 1998 Employee Performance Plan and Results Reports for all
responsible officials.  These individuals included deputy
directors and assistant directors, state directors, field and
district office managers, center directors, state information
resources management coordinators, official Y2K
points-of-contact, and state safety officials.  At the time of
our review, we found that the Bureau Y2K coordinator and all
responsible officials from the Idaho and Nevada State Offices and
the National Interagency Fire Center, as well as some officials
from the National Information Resources Management Center, had
elements addressing Y2K objectives in their annual Employee
Performance Plan and Results Reports.  However, no documentation
was provided to support that other Bureau Y2K responsible
officials, such as the Y2K executive, the embedded microchip
coordinator, the telecommunications coordinator, and the
mission-critical systems coordinator, had such elements in their
annual Employee Performance Plan and Results Reports.

During the January 5, 1999, exit conference, Bureau Y2K officials
provided documentation to support that the Bureau's Y2K
executive, embedded microchip coordinator, telecommunications
coordinator, and mission-critical systems coordinator had a
critical performance element for identifying and remedying the
Y2K problem in their annual performance evaluation plans.
Therefore, the Bureau has completed this action.

Plan for Milestones

At the time of our review, we found that the Bureau had not
developed credible plans which included milestones with critical
paths for the 13 mission-critical systems reported as part of the
Bureau's Y2K project.  A Y2K Master Plan, dated January 1998,
existed for 8 of the 13 mission-critical systems that included
tasks, start and finish dates, and statuses, but the Plan did not
contain procedures and milestones for each task to ensure that
finish dates were met. In addition, the Bureau developed a draft
Y2K Management Plan[4] dated July 1998 that included milestones
for completing  various Y2K phases, such as  assessment,
renovation, validation, and implementation, for its
mission-critical systems, embedded microchip technology, and
telecommunications.  However, the draft plan did not contain
detailed steps for ensuring Y2K compliance for each of the
Bureau's mission-critical systems.  Further, the Bureau had not
developed credible plans for the other 11 mission-critical
systems (see section "Automated Information Systems Inventory").

During the January 5, 1999 exit conference, Bureau Y2K officials
provided documentation to ensure that credible plans were
developed for its mission-critical systems.  In addition, Bureau
officials provided us a copy of an updated Y2K Management Plan
dated October 19, 1998, which included steps to ensure that its
systems, hardware, software, telecommunications, embedded
microchip technology, and data sharing arrangements would be Y2K
compliant by the milestone date.  Further, Y2K project management
stated that certification documentation of Y2K compliancy for 11
of the Bureau's 13 mission-critical systems had been submitted to
the Department's Chief Information Officer.  The Bureau developed
contingency plans for the other two mission-critical systems.
Therefore, the Bureau has completed this action.

Contingency Plans

We found that the Bureau had a draft contingency plan dated July
1998 for the Automated Land and Mineral Record (ALMRS) and the
Case Recordation and Mining Claims  Recordation systems.  The
plan  addressed contingencies in the event that ALMRS is not
implemented by March 1999.  The plan would require the Case
Recordation and Mining Claims Recordation systems, which would be
retired upon implementation of ALMRS, to continue operating.
However, the hardware and the software to operate these systems
need to be repaired to be Y2K compliant.  The Bureau did not have
contingency plans for any other mission-critical systems because
the systems are scheduled to be compliant prior to March 1999.
Therefore, the Bureau has completed this action.

Other Issues

We found other issues that affect the Bureau's readiness efforts
which should be addressed as follows:

        - Contract Language.  Department of the Interior
        Acquisition Policy Release 1997-6, "Year 2000 Contract
        Specification," issued in April 1997, requires
        appropriate contract language to be included in all
        acquisitions that would pertain to Y2K compliance issues.
        However, the Bureau's contract for the ALMRS
        Modernization Project did not contain an amendment that
        included the appropriate contract language required by
        the policy release to ensure that the system would
        "either be year 2000 compliant as delivered or if
        noncompliant at that time be upgraded to be year 2000
        compliant at no additional cost to the government."  The
        Bureau initiated action to amend the ALMRS contract that
        was to have become effective beginning in fiscal year
        1999.

        - Independent Verification and Validation.  According to
        the Bureau's Y2K project management, independent
        verification and validation testing of mission-critical
        and nonmission-critical systems are to be performed by an
        independent contractor.  However, the costs associated
        with acquiring a contractor to perform the independent
        verification and the validation testing had not been
        estimated and reported at the time of our review (see
        section "Auditable Cost Estimates").

        - Data Exchange.  The Department of the Interior and the
        Office of Management and Budget required that an
        inventory of all data exchanges with outside parties be
        completed by February 1, 1998, and that coordination with
        these parties to determine a transition plan occur by
        March 1, 1998.  We found that the Bureau had identified
        its data exchange partners  and that the partners had
        been contacted by Y2K coordinators.  The National
        Information Resources Management Center had identified
        five interfaces with systems external to the Bureau, and
        we verified that the inventory of data exchange partners
        was complete.  The interfaces were with the Department's
        Minerals Management Service (three interfaces), the
        Department's Office of Aircraft Services (one interface),
        and the Department of Agriculture's U.S. Forest Service
        (one interface).  Bureau Y2K project management had
        contacted these entities and determined the appropriate
        actions to take to ensure that the exchanged data will
        process correctly after the year 2000.

Since this report does not contain any recommendations, a
response is not required.

The legislation, as amended, creating the Office of Inspector
General requires semiannual reporting to the Congress on all
audit reports issued, the monetary impact of audit findings,
actions taken to implement audit recommendations, and
identification of each significant recommendation on which
corrective action has not been taken.

We appreciate the assistance of the Bureau of Land Management's
Y2K coordinator, the Y2K coordinators at the state offices and
centers, the mission-critical system coordinator, and other
Bureau personnel in the conduct of this evaluation.

APPENDIX 1
Page  of 2
BUREAU OF LAND MANAGEMENT
MISSION-CRITICAL SYSTEMS INVENTORY[5]

System Name or
Acronym

Description

Estimated Cost for Compliance

Initial Attack Management System

A system for tracking costs and resources for wildlife
suppression.

0

Automated Land and
Minerals Reporting
System (ALMRS)

A system that tracks original land title information and mine
leasing activities.

0

Case Recordation

A system that tracks land transfers, leases, and permitted uses
of Federal lands.  System will be replaced by ALMRS.

$42,000

Mining Claims Recordation

A system that tracks unpatented mining claims, mill sites, and
tunnels on Federal lands.  System will be replaced by ALMRS.

0

Lease Management

A system that accounts for rents and fees associated with mineral
leases and land use permits.

0

Aircraft Monitoring System

A system that tracks aircraft parts inventory and aircraft used
by the Bureau of Land Management.

42,000

Cadastral Survey System

A system that tracks survey information related to public land
surveys.

42,000

Inventory Data System

The system provides soil and vegetative data for analyzing and
determining the best use of Federal lands.

40,000

System Name or Acronym

Description

Estimated Cost for Compliance

Library Reference System

The system catalogs central library material.

0

Wildlife Inventory System

A system that tracks wildlife habitats, concentrating on
endangered species.

42,000

Master Name System

The system provides a central repository of the Bureau's customer
names and addresses.

0

Bond and Surety System

A system that tracks the status of companies authorized to issue
bonds and sureties covering activities by operators on Federal
lands.

0

Wild Horse and Burro System

A system that tracks the adoption and compliancy of adoptees of
wild horses and burros.

42,000

Total

$250,000

APPENDIX 2

BUREAU OF LAND MANAGEMENT MISSION-CRITICAL SYSTEMS INVENTORY
NOT BEING REPORTED TO THE DEPARTMENT

System Name and Acronym

Organization Identifying Systems as Mission Critical

Automated Casefile Tracking System

Oregon State Office

Micro*Storms (Forest Operations Unit Information)

Oregon State Office

Procurement Information Network

Oregon State Office

Road Appraisal System

Oregon State Office

Spotted Owl Database

Oregon State Office

Transportation Information Management System

Oregon State Office

Timber Sale Information System

Oregon State Office

Timber Volume and Value System

Oregon State Office

Funds Accounting Control System (FACS)

Idaho State Office

National Automated Cache System (NACS)

National Interagency Fire Center

Automated Storage Conversion Distribution System (ASCADS)

National Interagency Fire Center

[1] The portfolio is an inventory listing of 13 crosscutting or
sensitive systemsthat are receiving attention at the Secretarial
level.

[2] Embedded microchips are "integrated circuits (miniature
circuit boards)" that control "electronic devices," which include
"elevators, heating, ventilation and air conditioning (HVAC),
water and gas flow controllers; aircraft navigational systems;
and . . . medical equipment" and office devices such as
telephones, facsimile machines, pagers, and cellular telephones.
(Department of the Interior's Office of
Managing Risk and Public Safety "Year 2000 Embedded Microchip
Hazards" [Web site])

[3] The 12 state offices are the Alaska, Arizona, California,
Colorado, Eastern States, Idaho, Montana,  New Mexico, Nevada,
Oregon, Utah, and Wyoming State Offices. The six centers are the
National Business Center, the National Human Resources Center,
the National Information Resource Management Center, the National
Interagency Fire Center, the National Applied Resource Sciences
Center, and the National Training Center.

[4] The draft Y2K Management Plan provides guidance to Bureau
management and staff for ensuring Y2K readiness.

[5] Cost information is from the "Department of the Interior Year
2000 Management Plan," issued in February 1998.  All other
information is from the Bureau's Y2K Program Coordinator as of
August 1998.




ILLEGAL OR WASTEFUL ACTIVITIES SHOULD BE REPORTED

TO THE OFFICE OF INSPECTOR GENERAL BY:

Sending written documents to:



Within the Continental United States

U.S. Department of the Interior
Office of Inspector General
1849 C Street,N.W.
Mail Stop 5341
Washington, D.C. 20240

Calling:

Our 24 hour
Telephone HOTLINE
1-800-424-5081 or
(202) 208-5300

TDD for hearing impaired
(202) 208-2420 or
1-800-354-0996



Outside the Continental United States


Caribbean Region

U.S. Department of the Interior
Office of Inspector General
Eastern Division- Investigations
1550 Wilson Boulevard
Suite 410
Arlington, Virginia 22209

Calling:
(703) 235-9221


North Pacific Region

U.S. Department of the Interior
Office of Inspector General
North Pacific Region
238 Archbishop F.C. F'lores Street
Suite 807, PDN Building
Agana, Guam 96910


Calling:
(700) 550-7428 or
COMM 9-011-671-472-7279