Success Varies for Agencies Confronting Year 2000 Problem

January 1999
By Mark H. Kagan

Federal Aviation Administration and Internal Revenue Service advance from worst to best in preparing systems for date change.

Despite problems in recruiting and retaining information technology personnel, nondefense agencies may actually be ahead of the private sector in becoming year 2000 compliant before the millennium begins, according to industry analysts. However, while the U.S. government has been focusing on preparing its own information technology systems and supporting compliance within critical client industries, it has been lagging in efforts to ensure that key foreign entities will achieve year 2000 compliance in time.

Dr. Edward Yardeni, chief economist at New York-based Deutsche Bank Securities, offers that the federal government “may actually have the last laugh despite the popular impression that [it] will screw up its year 2000 compliance efforts while business will get it right.” In fact, the government has made compliance efforts a top priority, and “it may be the only organization on the planet that is publishing fairly detailed quarterly progress reports on its efforts,” Yardeni adds.

However, international year 2000 (Y2K) risks may prove to be the government’s Achilles’ heel in this matter, according to consultants at GartnerGroup, Stamford, Connecticut. They have recommended that federal agencies also launch “substantial contingency efforts in order to reduce global dependency risks prior to the third quarter of fiscal year 1999.” Otherwise, there will be a significant negative global impact on foreign companies and governments who will not be fully prepared to deal with the Y2K problem by the unyielding deadline.

The shortage of technical personnel is also impairing compliance efforts. According to a Government Accounting Office report, 13 out of 24 large U.S. government agencies have expressed great concern about the availability of information technology personnel. In addition, 10 out of 41 small agencies and independent entities are also anxious about the issue. The agencies are experiencing difficulties in recruiting and retaining key internal staff and obtaining contractor support and are losing skilled employees through retirements and increased recruitment by the private sector. However, John Koskinen, chairman of the President’s Council on Year 2000 Conversion, believes that the federal government is actually in relatively good shape regarding Y2K personnel. The Office of Personnel Management, for example, has allowed agencies to rehire federal retirees to work on Y2K conversion without requiring that their salaries or military annuities be reduced.

At the beginning of 1998, the Federal Aviation Administration (FAA) was at the top of the list of federal agencies that were considered to be farthest behind in Y2K compliance efforts. However, FAA has since “demonstrated what happens when you get some very good managers to make this a top priority, and spend lots of money, time and effort,” Yardeni says. He now believes that FAA will fix most of its Y2K problems in time.

FAA has established a schedule that requires that all mission-critical systems, including the National Airspace System (NAS), be year 2000 compliant by July of this year, agency officials state. In addition to the existing operational contingency plans for NAS, the agency is also developing strategies for each system that detail alternate courses of action in the event of system outages because of the date change. An agency-level contingency plan is also being developed. At the same time, FAA is also taking the lead among federal nondefense agencies to ensure international Y2K compliance through its Y2K International Management Team. Agency officials prefer to reduce air traffic capacity rather than compromise the safety of NAS.

The Federal Communications Commission (FCC) information technology center has a target of March 1999 to complete its Y2K compliance efforts on mission-critical systems. The commission claims that it is well along in the process of replacing its largest and most important computer software systems and hardware. It made significant purchases of new personal computers at the end of fiscal years 1997 and 1998 to replace most or all of its noncompliant hardware. FCC has also identified its data exchange links with outside agencies and is contacting the departments to negotiate mutually acceptable processes to eliminate year 2000 problems. The commission expresses concern about retaining sufficient qualified contractors to carry out needed work as the demand for year 2000 programmers increases.

FCC has been monitoring and collaborating with domestic telecommunications and broadcasting companies on their Y2K efforts. Because the communications infrastructure crosses national boundaries, the agency is working with the International Telecommunication Union and other international organizations to educate foreign governments and telecommunications companies and to facilitate information sharing on possible Y2K solutions. The results of such efforts on the domestic side have been lagging because FCC possesses limited regulatory powers to compel companies to become Y2K compliant. Even if it had such powers, smaller companies may have limited financial resources to address their Y2K problems, FCC officials say.

As with the FAA, the Internal Revenue Service (IRS), which was one of the most problematic federal agencies at the beginning of 1998, has become one of the most improved agencies in addressing its Y2K problems. It has also gotten some “very good managers” who have spent “lots of money, time and effort [on the problem],” Yardeni says. He now believes that IRS will fix most of its Y2K problems in time. In fact, IRS plans to have all of its information technology systems Y2K compliant by the end of this month. The agency has also decreased its personnel turnover rates by using new Y2K personnel rules, which allow agencies to raise the pay of their programmers.

IRS has a three-step process for working with its “external trading partners,” with whom it exchanges data either magnetically or electronically. First, all data exchanges are inventoried. Next, partners are notified about IRS’s planned conversion date for each data exchange. The agency solicits certifications from the partners that show that they will be ready to accept files by the conversion date. Finally, the department provides ongoing communications to ensure that any problems that arise are resolved.

The National Institute of Standards and Technology (NIST) had 105 out of 109 systems Y2K compliant in November 1998 and expected to complete modifying and testing the remaining four systems by the end of December 1998, according to NIST computer specialist Gordon Gipe. Of the 109 systems, 35 were already compliant when the organization began its Y2K effort in 1996. NIST also had completed testing its telephone and facility systems to ensure that they were Y2K compliant. As a result, the NIST Y2K program has been directed almost entirely toward outreach activities to inform and assist other agencies, organizations and businesses in their own Y2K efforts.

NIST has many legacy systems that have caused major problems at other government agencies and private sector businesses because of the lack of qualified personnel to implement compliance procedures. However, NIST’s historically low personnel turnover rate has meant that most or all of the people who originally wrote the computer codes are still working at the agency and have been maintaining them for as long as the codes have been in operation. Consequently, NIST personnel who were involved in its Y2K effort have had to devote only four hours a day on Y2K activities since February 1996 and could spend the remainder of their workday on their regular duties.

The Securities and Exchange Commission (SEC) identified 53 mission-critical enterprise systems, of which eight were compliant, five were scheduled to be retired, 30 were being replaced and 10 were being repaired, as of June 1998. It plans to complete Y2K repairs by August 1999. SEC is developing contingency plans to address any problems that might arise with each system to minimize the risk that disruptions could affect the ability of the commission to carry out its regulatory activities. The commission is also assessing, replacing, repairing or retiring 54 mission-critical personal computer-based systems, of which 10 are compliant, 31 are being replaced, three were being retired and nine had not yet been categorized.

Furthermore, SEC is requesting certifications from its facilities and service vendors and does not anticipate problems involving interruptions of communications, electricity or security systems. The commission has not reported any problems retaining or hiring Y2K personnel as of August 1998.

SEC has been intensifying its efforts to furnish guidance to companies to provide increased information on their Y2K efforts on required financial disclosure statements. However, Yardeni believes that these efforts have been “totally unrewarding” to date, since the information that is provided is usually an unrevealing or unhelpful boilerplate. He continues, “I think the SEC should have been much more in the face of management at corporations on Y2K issues, instead of just establishing vague guidelines on what needs to be disclosed. We’re not getting the kind of disclosure that investors need to [be able to] assess whether companies are on the right track or not. For example, one major company has seven pages in its disclosure statement in which every other paragraph includes the phrase, ‘and therefore, we think we might get sued.’ ”

The GartnerGroup also recommends that the Congress require SEC to implement random audits as part of the year 2000 disclosure and issue reporting requirements for publicly held companies in the United States.

The Small Business Administration (SBA) had originally planned to migrate completely from its current mainframe environment to a client-server environment by the end of 1998. This move would have eliminated the need for further Y2K reprogramming of the mainframe computer code. However, shifting priorities and other interagency developments slowed the progress of the migration project. This led the agency to divert fourth-quarter fiscal year 1997 funding to a parallel effort that has focused exclusively on making the necessary changes to mission-critical systems to insure Y2K compliance. This change resulted in some duplication of effort. SBA justified the decision on the grounds that the move greatly reduces the risk that the agency will not complete its conversion of mission-critical systems by the end of 1999.

The agency had identified 40 major mission-critical systems, consisting of 1,366 common business oriented language or, COBOL, programs containing more than 1 million lines of source code. As of August 1, 1998, 70 percent of these lines of code were compliant. SBA expected to begin performing a full multisystem integration acceptance test using its current mainframe environment in the first quarter of fiscal year 1999. It plans to correct any problems identified by the second quarter of fiscal year 1999. The agency had not reported any Y2K personnel problems as of last August.

The Social Security Administration (SSA) has led both U.S. government and international Y2K compliance efforts, according to Yardeni. All of SSA’s mission-critical systems were scheduled to be certified as year 2000 compliant by the end of last year, including data exchanges between SSA and the Treasury Department, the Federal Reserve, the states and other third parties. As of August 31, 1998, 286 of its 308 mission-critical systems were year 2000 compliant; as of September 30, 1998, the claims processing systems in 38 state disability determination service agencies had been certified as year 2000 compliant. SSA will spend this year responding to any unanticipated, last-minute modifications or contingencies and working to ensure that its outside telecommunications and information technology service vendors are also Y2K compliant by the end of 1999. SSA did not report any problems related to hiring or retaining Y2K personnel.

The key agency at the Department of Veterans Affairs (VA) is the Veterans Benefits Administration (VBA), which is responsible for delivering compensation, pension, insurance, vocational rehabilitation, education and loan guaranty benefits to veterans and their dependents. These programs are administered through 58 regional offices, which are supported by three data processing centers.

By the end of last September, the VBA had completed 93 percent of its renovation phase, 65 percent of its validation phase and 58 percent of its implementation phase. Agency officials claim that 93 percent of its modules were Y2K compliant, and that all of its applications and systems were on track for implementation not later than March 1999. VA efforts address all applications and products residing on its Honeywell and IBM mainframes, Wang and personal computers, and local area network environment as well as facilities issues and voice communications. In a few cases, applications are being redesigned to make them compliant.

Last year, VA officials expressed concern that its Y2K personnel in some geographic locations might leave for the private sector because of lucrative finders fees being advertised, and that its contractors were also having difficulties finding and retaining Y2K personnel.

 

Government, Industry Team to Aid Private Sector

In addition to putting its own house in order, the federal government is actively moving year 2000 solutions into the private sector. The thrust of this effort is to promote action on the year 2000 (Y2K) problem and to foster information sharing on Y2K solutions.

Known as the National Campaign for Year 2000 Solutions, the program operates under the aegis of the President’s Council on Year 2000 Conversion. It is aimed largely at trade associations; corporations; small- and medium-size businesses; state, local and tribal governments; and foreign entities. AFCEA is a supporting organization in the campaign and is a member of the council’s information technology working group.

More than 30 federal agency working groups are actively participating in the effort with their industry and civil government counterparts. In addition to raising awareness about the Y2K problem, the campaign focuses on removing barriers to information sharing.

Campaign officials see this point as especially important for small businesses. Many of these companies, which constitute a vital portion of the economy, cannot afford the costly consulting and fixes necessary to ensure Y2K compliance. Increasing awareness and providing access to solutions can help reduce the vulnerability of small businesses to Y2K problems, campaign officials believe.

Small firms are not the only ones targeted under this effort, however. Organizers are especially concerned about electric power, oil and gas, telecommunications, transportation, the food supply, health care and financial institutions.

A focus on the electric power industry that began last summer employs the North American Electric Reliability Council to survey the Y2K preparedness of the 300 largest utility companies in the country. This effort features a three-phase program that provides for regular status reports to the Department of Energy on industry progress, the coordination of industrywide contingency efforts, and development of a master checklist for compliance and solutions.

In October, the council launched National Y2K Awareness Week to reach its target entities. Emphasizing this effort, Council Chairman John A. Koskinen stated, “Let no one be mistaken. The Y2K problem could spell doom for any small- or medium-sized company that isn’t prepared.” Government agencies and their supporting organizations used their thousands of field offices to conduct hundreds of educational and outreach events over a two-month period. The Internal Revenue Service targeted 6.5 million small businesses to receive awareness materials by mail.

The campaign is promoting potential solutions, including rewriting software code; checking embedded chips to determine which can be reprogrammed and which need to be replaced; and testing fixed systems to validate connectivity after they are reintegrated into their full system environment. The campaign also will inquire among suppliers and vendors to ensure that their products and systems are Y2K complaint.

A key element will focus on the aftereffects of January 1, 2000. This includes developing contingency plans for processes dependent on internal systems that will not be ready by that date. These plans will cover possible failures of external systems, including elements of the basic infrastructure.