ITAA's Year 2000 Outlook March 13, 1998 Volume 3, No. 10 Published by the Information Technology Association of America, Arlington, VA Bob Cohen, Editor bcohen@itaa.org ITAA's Year 2000 Outlook is sponsored in part by BDM International, Inc., CACI International Inc., DMR Consulting Group Inc., IBS Conversions, Inc., Softworks, Inc. and Y2Kplus, Inc. OMB Raises Federal Y2K Estimate to $4.7 Billion The federal government will spend 100 percent more than was estimated just one year ago to make its Y2K corrections. The Office of Management and Budget (OMB) released its fourth quarterly status report this week, indicating that Uncle Sam will now pay o ut $4.7 billion to get over the century date processing hump. OMB ascribes the rise to increasingly accurate projections. The federal government’s original estimate pegged costs at $2.3 billion. "Overall, the Federal government continues to make progress in addressing the Y2K problem," the latest OMB report says, adding, "Virtually all agencies have accelerated their target dates to conform to the new government-wide goals of September 1998 for c ompletion of renovation and March 1999 for implementation. The percentage of mission-critical systems that are compliant has increased from 27 percent in November’s report to 35 percent in this report. However, while good progress is being made, it is not rapid enough overall." Those agencies in the less than rapid category are the Departments of Education, Energy, Health and Human Services, Labor and Transportation, and the U.S. Agency for International Development. These "tier one" agencies are described as making insufficien t progress. Nine "tier two" agencies still raise cause for concern, according to OMB. OMB says federal agencies have identified 7,850 mission-critical systems, of which 35 percent are now Y2K compliant, 45 percent are being repaired, 14.6 percent are being replace, and 4.6 percent are being retired. IFAC Offers Draft Auditing Guidance; Sees Gap The International Federation of Accountants has released draft auditing guidance to clarify the role of auditors in Y2K. IFAC represents national accountancy groups and seeks to harmonize international accounting standards. "There is a risk of an ‘expectation gap’ arising between auditors and what preparers and users of financial statements may expect an auditor to do in regard to the year 2000 issue. The effects of the year 2000 date change can be widespread throughout a bu siness and may be far removed from the recording of transactions normally reflected in the financial statements. The most significant effects may relate to the operating functions of an entity and may not have any direct impact on the process for recordin g transactions," the guidance document notes. With the new draft guidance, which it hopes to finalize next year, IFAC seeks to help clarify the respective responsibilities of the auditor and management; to offer suggestions about what auditors should be asking management; to propose the type of infor mation which might be reported to management; to help apply international standards; to specify circumstances in which a modified report may be warranted; and to help close what it calls "the risk of an audit expectation gap." IFAC clearly wants the auditor’s role limited to financial statements. "To avoid doubt or misunderstanding, the auditor explains to management that the year 2000 issue does not create any new responsibilities for the auditor, and that it will be addresse d by the auditor only in so far as it affects existing audit responsibilities," the document notes. "Those responsibilities relate to the auditor expressing an opinion whether the financial statements are prepared in all material respects, in accordance with the appropriate financial reporting framework. Therefore the auditor's responsibility relates to the detection of material misstatements in the financial statements being audited, whether caused by the year 2000 issue or some other cause." The document is available on the web at http://www.ifac.org/StandardsAndGuidance/ExposureDrafts/IAPC/ImplicationsOfTheYear2000Issue/index.html#2. Y2K Brings New Twist to Contingency Planning Funny thing about the Year 2000. Unlike Hurricane Andrew or the World Trade Center bombing, it's the disaster waiting to happen. Everyone can see it coming; no one can get completely out of the way. Good time to be in the contingency planning business. And as it turns out, contingency planning is a business, complete with several professional associations, including the Association of Contingency Planners. Contingency planning consultant Mary Carrido is president of the national group, which maintains 18 chapters across the country and 2800 members. According to Carrido, companies with the best chance of avoiding Y2K-related disasters are those which have involved a contingency planner from the beginning. Even though natural disasters in the last few years have made companies more sensitive to the need for contingency planning, she indicates many firms have not made the connection to the Year 2000. "One of our biggest concerns for Year 2000 is lifelines--electric, gas, water, telephone. If they don't have the problem in order-I don't care how well prepared the rest of us are-we're dead," Carrido says. She notes that electric utilities have formed regional alliances to respond in emergency situations. That kind of prior planning should help power companies shift gears quickly, delivering the minimum acceptable power to the maximum number of customers. This is a small example of the big pictures contingency planners tend to see. Curtis Edfast, a corporate business continuance official at Great West Life Assurance Co., serves as Information Vice President of ACP. Edfast says contingency planners view Y 2K like any other disaster, except that they see it coming. Unfortunately, standard technical approaches to the Year 2000 may have an obstructed view. "IT people are the problem," he says. "They know a lot about project management and say, 'Let's find all the date fields.' That's an opportunity to miss the point. The business contingency planning function has a larger view…Such people have to cross all divisional lines to identify interdependencies or economies of scale." Edfast says contingency planners should be participating in--if not leading--the organization's Y2K efforts. Should contingency planners be running the show? That depends on the company, Edfast says. "Business contingency planners are better at vulnera bility and threat analysis than IT staff," he maintains. "IT staff performs needs analysis versus threat analysis." While the IT staff is looking for date fields and affected programs, Edfast says his colleagues are looking at the "what ifs" found outsi de the logic box. Just drawing the box around contingency planning can be a bit of a challenge. The activity combines numerous disciplines and various practitioners: emergency preparedness brings in safety directors and human resources managers; facilities management and disaster recovery calls for facilities and records managers; business resumption requires line managers from across the enterprise; information systems recovery centers around IS directors; and crisis management covers risk managers, auditors, media rela tions, and corporate executives. The work requires these individuals to anticipate what can go wrong, figure how to respond to it, how to resume normal business operations as quickly as possible and, to the greatest extent possible, how to limit losses. But traditional disasters involve traditional physical occurrences: fires, floods, hurricanes and the like. If business operations are disrupted in one physical location, much of contingency planning focuses on how to restore those operations elsewhere. That could mean setting up shop at a different company site, working with a business partner or depending on a service bureau or disaster recovery services firm. Companies use checklists in these situations to specify everything in an emergency from wh o locks the doors and calls 911 to how hot sites are established and how they will work. With the Year 2000, there is literally no place to run. Organizations unable to correct their systems will experience failures, regardless of whether they have backup software and standby sites. If the Millennium Bug lurks in production systems, chances are excellent that it will be in backup systems too. And while falling back on manual systems may sound good in theory, Edfast says that in practice many companies no longer have that expertise to access. So if turning back is not a realistic option, what does a company do keep its operations moving ahead? That’s much on the mind of Martin Myers, immediate past chairman of the Southeast Business Recovery Exchange and a Y2K contingency planner at Capital O ne. Myers earned his professional stripes with Nations Bank, spending several weeks working to restore service in the wake of Hurricane Andrew. One of just a handful of professionals across the country to hold Master Business Continuity Professional (MB CP) certification, Myers says traditional contingency planning techniques—targeting physical disasters--often don’t apply. Myers breaks his checklist down into before, during and after categories. For companies that can’t allow the systems to be down or go back to old ways of doing business, Y2K related system failures just can’t be a realistic option. That could mean devel oping a test plan so robust that no contingencies will occur. It could also mean migrating to compliant products while time remains. And for those firms not as highly leveraged IT systems, alternative business practices may be an option. Defining the o ptions must be done well in advance. Much of this pre-event planning involves figuring out where the problems will occur, decide what the fix will be, and then decide how to fix the fix. Some of it is just commonsense. For instance, if third party serv ice providers are used to perform various functions, now might be a good time to think about spreading the workload to minimize the risk of single point failures, Myers indicates. For the big New Year’s eve count down, Myers suggests having decision makers in place to monitor events and take action. If systems fail, these individuals should understand what remedy is required and how to take action. The enterprise should also have a mechanism in place to communicate trouble spots, something more robust than pagers, Myers says. That could be anything from a status board to a company war room. After the rollover, the active involvement of business process owners may be able to help the enterprise move more quickly to make the right fixes. If business continuity insurance applies, companies with a good handle on damages and active relationship with the insurance company can make a faster start on settlements. Even if insurance isn’t available, Myers says it pays to keep close tabs on losses for future business write-offs. Organizations should also be ready with a recovery timeline. The abili ty to communicate these estimates may help a company keep key customers, employees and suppliers in the loop and on the team. Closer to Home Intellution, Inc., a leading supplier of industrial automation software worldwide, has received ITAA*2000 certification. Certification indicates that Intellution has the core capabilities needed to address the Year 2000 software challenge. Intellution pa rticipated in a rigorous evaluation of its approach to date conversion, with extensive analysis in 11 discrete process areas deemed necessary to successful Year 2000 conversion. Business to Business PRC Inc., Reston, VA, has won Y2K contracts with both the United States Postal Service and the United States Department of Health and Human Services. UniComp, Inc., Marietta, GA, has entered into a Y2K partnership agreement with AIG Computer Services, Ltd. The Government of Canada, Ottawa, Canada, has awarded Y2K contracts totaling over $100 million to CGI Group Inc., Computer Sciences Canada Inc., DMR Consulting Group Inc., EDS Canada, IBM Canada Ltd., Science Applications International Corporation, SHL Sy stemhouse Inc. CommUnique Corporation, Holmdel, NJ, has announced the completion of a Y2K contract for a major educational institution in the south central United States. Ravel Software Inc., San Jose, CA, has merged with Turnkey 2000. Software Futures, Charlotte, NC, has entered into a Y2K partnership agreement with Alydaar International, a subsidiary of Alydaar Software Corporation. BRC Holdings, Inc., Dallas, TX, has been awarded a Y2K renovation contract with Dallas County, Texas. Y2K plus will participate in IST Development’s Alliance Partner Program to offer IST Year 2000 Packs. Sponsor Advertising BDM International (TRW Systems and Information Technology Group) Do you need help juggling all your Year 2000 responsibilities? With BDM and our SMART/2000+SM solutions, you have a partner to help address your most critical business priorities and technical requirements – from risk assessment, program management, and conversion, to independent test and compliance validation. We deliver project tracking, configuration management, and control metrics that help ensure enterprise-wide integrity and minimize your risk from start to finish. We have a mature process, a dedicated team, and experience that demonstrate the strength of our solutions. Gain the upper hand now by calling BDM: (800) 794-6085 e-mail: year2000@bdm.com http://www.bdm.com. e-mail: year2000@bdm.com http://www.bdm.com. CACI International Inc. -- Restore 2000 CACI leverages 35 years of information technology experience and over 10 years of reengineering systems - solving the same problems Y2K poses - to offer a total solution to the Year 2000 challenge: Restore 2000SM. The Restore 2000 methodology applies a comprehensive three-phase process to your information systems: Assess, Plan, and Remediate. Furthermore, we give you the option of buying our methodology or our services - both backed by CACI experience and Y2K expe rts. Restore 2000 is certified by the ITAA as meeting the highest standards of Y2K compliance. In addition, software development processes at CACI have been independently certified as being at Level 3 of the Software Engineering Institute (SEI) Capability Mat urity Model. Achieving SEI Level 3 provides clients further assurance that CACI solutions successfully and effectively deliver Year 2000 compliance while allowing you to save money, reduce risk, and minimize systems disruption. With approximately 3700 employees worldwide and FY97 revenues in excess of $270 million, CACI provides a depth of experience and expertise you can rely on. We've performed Year 2000 conversions for many of America's biggest enterprises, including major he alth insurance providers, retail clothing manufactures, gas companies, airlines, and government agencies. Superior functionality backed by decades of experience - CACI's Restore 2000. DMR Consulting Group Inc. DMR Consulting Group Inc.(formerly DMR TRECOM), an Amdahl company, is a global consulting organization of over 7,000 employees providing a comprehensive range of information technology services. Our Year 2000 Practice comprises a comprehensive offering of consulting, assessment, remediation, testing, and implementation services utilizing a formal methodology (APM/2000), best-in-class software tools, and six global conversion centers. We have mul ti-disciplinary experience in most mainframe, mid-range, and client-server/desktop environments. APM/2000 includes: · Program Management · Enterprise-Wide Assessment · Impact Analysis · Conversion Delivery · Testing and Implementation Year 2000 Risk Management Consulting Services include: Program Review, Stakeholder Readiness Assessment, Risk Management and Vendor Compliance Research. Contact: Stephen Frycki Managing Director, Year 2000 Services - US Phone: 201-200-3923 Fax: 201-200-9046 Email: fryckis@dmr.com Websites: http://www.dmr.com IBS Conversions, Inc. IBS Conversions, Inc., founded in 1982, is the first service organization to receive ITAA*2000 Certification for IBS/Solution 2000TM methodology, products and services. IBS is a recognized leader in automated conversion/migration software and consulting having translated millions of lines of code for companies worldwide. IBS/Solution 2000 IBS/Solution 2000TM is a full suite of Year 2000 services and products: Full project Analysis, Pilot Project and Repair, staffing and management/methodology Scan/Repair Conversion Factories for Mainframe and AS/400 environments Project Methodology Qwik-Sizer Analysis Licensing Scan/Repair Tools for AS/400 Y2K Projects License Conversion Factories/Tools to other Consulting Firms http://www.ibs2000.com SOFTWORKS, Inc. HOT DATE 2000/SIMULATE Preparing for the new millennium isn't easy, especially in the data center. Ensuring an accurate conversion could be a daunting task. That's why SOFTWORKS has created HotDate 2000/SIMULATE. HotDate 2000/SIMULATE is a comprehensive identification, testing, and simulation utility created to locate the programming changes needed to prepare for the Year 2000. Using a simulated Year 2000 environment, HotDate 2000/SIMULATE locates and tests poten tial date problems the Year 2000 will cause to your individual programs, applications, and entire system. HotDate 2000/SIMULATE is transparent to your applications and supports all programming languages. For more information about HotDate 2000/SIMULATE, call SOFTWORKS at 800-727-4422. Http://www.softworkscc.com Y2Kplus, Inc. Y2Kplus provides a portfolio of "best of class" software products and outsourcing services that address Year 2000 issues. These offerings are available both to IT Solution Providers and IT organizations. Y2Kplus has offerings that address the following needs: * A comprehensive Renovation Preparation offering to enable you to prepare complete and accurate packages of software components ready for mainframe code renovation. * A powerful Code Renovation set of offerings that will renovate: * multiple languages including COBOL, Assembler, Pl/1 and Natural code for mainframe systems; * mid range COBOL systems running on DEC, HP, DG, NCR, Unisys, Wang, Prime, Bull, Tandem, and IBM AS/400 platforms. * A Re-engineering tool for mid range COBOL systems that will enable you to rehost to other platforms, thereby providing "value beyond year 2000". * Code Renovation outsourcing services for all of the above systems plus IBM AS/400 RPG. * Data Commander, a testing tool that enables you to warp test data dates to allow you to do future date testing by updating your current test data stream and then compare results of test runs before and after 2000. * Services for development and management of Comprehensive test plans and strategies to help your organization create effective baseline tests, improving the quality of risk mitigation derived from forward date testing. For more information, please send email to info@y2kplus.com, visit our web site at www.y2kplus.com or call Dave Ehlke at 781-863-8111. Calendar http://www.itaa.org/y2kcal.htm ITAA's Year 2000 Outlook is published every Friday to help all organizations deal more effectively with the Year 2000 software conversion. If you would like to receive this free publication, please sign up on the web at https://www.itaa.org/transact/2koutlooksub.htm. Copyright ITAA 1998. All rights reserved. The Information Technology Association of America, 1616 N. Fort Myer Drive, Suite 1300, Arlington, VA 22209. Internet: http:\\www.itaa.org