ITAA's Year 2000 Outlook June 12, 1998 Volume 3, No. 23 Published by the Information Technology Association of America, Arlington, VA Bob Cohen, Editor bcohen@itaa.org Read in over 70 countries around the world ITAA's Year 2000 Outlook is published every Friday to help all organizations deal more effectively with the Year 2000 software conversion. To receive a subscription to this free publication, please sign up on the web at https://www.itaa.org/transact/2kout looksub.htm. ITAA's Year 2000 Outlook is sponsored in part by CACI International Inc., DMR Consulting Group Inc., and Y2Kplus Bennett Hearing Finds Y2K Disclosure Lacking If public companies really understand the extent of their Year 2000 exposure, many are not saying so. At least that appears to be the conclusion of a hearing held this week by Sen. Bob Bennett (R-UT) and his Subcommittee on Financial Services and Technol ogy. Although Bennett said the stock market has replaced real estate as America's "nest egg," the information being provided by numerous public companies on the status of their Y2K efforts is coming up goose eggs. Is public disclosure on Y2K in danger of becoming one big yolk? Sen. Bennett said that revised Security and Exchange Commission (SEC) guidelines to provoke more meaningful Year 2000 information from public companies has had a limited impact and said he is disappointed with the results to date. Appearing before the subcommittee, SEC Commissioner Laura Unger shared some of Bennett's dissatisfaction. According to Unger, "the quantity of disclosures is up, the quality is not." In her testimony, Unger tried to unscramble some of the confusion abo ut the Commission's disclosure expectations. The issue is whether companies consider Y2K "material" to their operations, either because costs incurred to address the situation might cause reported financial information "to be not necessarily indicative o f future operating results," or because the "cost or consequences of incomplete or untimely resolution" constitutes a material event which could be "reasonably expected" to affect future results or the accuracy of financial information. Referring to an SEC Staff Legal Bulletin revised last January, Unger said that the Commission provided guidance on determining whether or not Y2K should be considered material. According to Unger, "If a company has not made an assessment of its Year 2000 issues or has not determined whether it has material Year 2000 issues, the staff states that the company must disclose this known uncertainty. In addition, the staff states that the determination as to whether a company should disclose its Year 2000 iss ues should be based on whether these issues would be material to a company's business, operations, or financial condition irrespective of any remediation plans or insurance coverage." If companies find Y2K is material, the SEC wants to know "the nature and potential impact of these issues as well as the countervailing circumstances." Unger said disclosure should include general plans to address the issue as it pertains to business, op erations and, as appropriate, relationships with suppliers, customers and other constituents. Disclosure should include the schedule for conducting the plan, an estimate of Y2K costs and an assessment of the material impact of such expenditures on operat ions, liquidity and capital resources. Boilerplate disclosures are to be avoided, Unger said, and information updated quarterly. Although Unger said that 70 percent of companies now include the term "Year 2000" in their annual reports, she indicated that most are still walking on eggshells when it comes to making meaningful statements. "The Commission is concerned," she said, "tha t while a greater number of companies mention Year 2000 in their annual reports, much of the disclosure is not informative. Perhaps many companies are not providing the type of disclosure specified in Staff Legal Bulletin No. 5 because companies are conc erned that forward-looking disclosures would be a lightening rod for the plaintiffs' bar." Unger said an SEC review of annual reports filed by more than 1000 public companies found many not following the Commission's guidance for disclosure. The SEC results indicate that 65 percent of companies are either just starting or are in the process of determining the seriousness of the problem if no corrective action is taken. Forty-three percent failed to describe plans to remedy the situation. Sixty-four percent failed to provide a timetable for correction. Fifty-one percent did not describe mate rial relationships with outside parties. Ninety-two percent made no mention of amounts spent to date. Seventy-eight percent failed to discuss future Y2K expenditures. Eight-six percent said the Year 2000 is either not material as to repair costs or ope rations or made no disclosure on materiality. The SEC official said that the Commission will publish an interpretive release in the near future to "formalize current staff guidance…[and] remedy the apparent misconception that the Year 2000 issue is material…only if the costs of remediation are materi al. The interpretive release will clarify that companies must, in addition to considering costs, determine materiality based on the potential consequences of inadequately resolving their Year 2000 issues." She said the forthcoming release may also form the basis of Commission enforcement actions against companies that fail to make adequate disclosures. Hearing Lights Up Y2K Power Grid Issue The Senate Special Committee on the Year 2000 held its first public hearing today and released results of a survey that may dim the lights of the more sanguine Y2K prognosticators. The survey of the ten largest oil, gas and utilities companies found onl y 20 percent had completed their assessments of automated systems. Four of these firms were not able to identify how many embedded systems they have in service. One firm that had done its counting reported over 300,000 systems in service. The Committe e survey found that these firms are not confident of their completeness or accuracy of assessments to date, "making assurances of timely Y2K compliance little more than a hope." Moreover, the Committee finds that the utilities' "ignorance" of supplier an d vendor status creates "additional uncertainty for utility consumers." None of the companies surveyed had contingency plans completed. "I am genuinely concerned about the very real prospects of power shortages as a consequence of the millennial date change," said Committee Chairman Bob Bennett (R-UT). The chairman also expressed his concern that the Y2K issues is igniting so little spa rk with the general public. "I am concerned that when it does become a matter of general public concern it will be too late to bring public pressure to bear on the timely correction of the many Y2K problems that exist. My greatest fear is that when it d oes become a matter of general public conern, it will bring with it a measure of panic that will be deterimental to effective and efficient remediation…" "If tomorrow [were] January 1, 2000, it would be a 100 percent fact the power grid would fail…there's no question about it," Bennett said. Witnesses at the hearing were Department of Energy (DOE) Deputy Secretary Elizabeth Moler, Federal Energy Regulatory Commission (FERC) Chairman James Hoecker, Nuclear Regulatory Commission Chairman Shirley Ann Jackson, Y2K Czar John Koskinen, Consultant L ou Marcoccia, North America Electric Reliability Council (NERC) President Michehl Gent, Electric Power Research Institute Y2K Program Manager Charles Siebenthal, Sonat Inc. Executive Vice President James Rubright, and Gary Gardner, CIO, American Gas Assoc iation. Government officials appearing before the Committee generally described themselves as facilitating private sector action on the issue. "Let me emphasize that the Federal government cannot solve this problem," DOE Deputy Secretary Elizabeth Moler said. FE RC Chairman James Hoecker said the Year 2000 is an "unusal challenge" for his agency because "the Commission does not exercise direct authority over these kinds of internal operations within regulated energy companies…The Commission's role is primarily to act as a facilitator and advocate, not regulator, on the Year 2000 matter." One of the primary focus points for action will be the network of interconnected electricity systems. NERC coordinates the reliability and adequacy of bulk electric systems in North America and NERC President Michehl Gent said "A major disturbance within one part of an Interconnection has the potential to cascade through the entire Interconnection. He added, however, that the loss of a facility or two would not trigger such a cascading effect. Rather, he said, the problem, if it comes, will take the sh ape of common mode failures "such as all generator protection relays of a particular model failing simultaneously, or the coincident loss of multiple facilities…" He called the possibility of such events extremely low, but conceivable. He also pointed out that an individual electric utility investing big bucks in its Y2K correction could see its investment trip over the less than diligent efforts of neighboring systems. Gent said the greatest Y2K threats for the electricity supply are power plants with digital controls, energy management systems used to operate transmission facilities and control generating units, telecommunications, and relay protection devices. Gent called maintaining the operability of bulk electric systems perhaps "the single most important step toward supporting our North American infrastructure during the Y2K transition." NERC's "defense-in-depth strategy" involves identifying and fixing k nown problems, sharing information on known and suspected problems, creating a master list of Y2K problem areas, initiating a progress reporting process, regional and individual system simulations to identify moderate and worst-case scenarios, coordinatin g development of operational preparedness and contingency plans and coordinating efforts to operate transmission and generation facilities in precautionary configurations and loadings during critical Y2K periods. Gent seemed to get charged up by the notion that some companies may be holding back on their Y2K information. "The success of the NERC Y2K program depends on unbridled cooperation, full sharing of Y2K information, and diligence of effort commensurate wit h the potential consequences of failing to adequately prepare for Y2K," he said. Later, he added, "Public exchange of information is a cornerstone of NERC's Y2K program and must not be viewed by utility participants as feeding information to potential li tigants….Any restraint in sharing known Y2K problems and solutions will be a direct challenge to the reliability of the electricity supply." He also took on the Chairman's "what if Y2K were tomorrow" formulation. "I have to take issue with the stated 100 percent failure rate of utilities," Gent said, "I know of several companies that have run tests of their systems." Referring to the fact th at the date change will make its way through several time zones before reaching the U.S., Gent said, "We have an excellent communication system, and we can take advantage of the natural time-lag to see and monitor what is happening." Sen. Jon Kyl (R-AZ) queried the government witnesses on the lack of a comprehensive assessment on the status of the grid. Some of the government executives acknowledged that such an assessment does not exist. Y2K Czar John Koskinen said that the governm ent has no regulatory authority to demand this information, and he does not propose that the federal government be granted the power to obtain it. Rather, Koskinen said the utilities should be informed that government is ready to work with them. "Time i s the vanishing resource," he said. Y2K appears to be generating a significant amount of electricity among Washington lobbyists. The hearing drew an overflow crowd, forcing Committee staff to open a second room to handle the crowd. Speaker Says Y2K will Bug White House House Speaker Newt Gingrich (R-GA) suggested this week that the Year 2000 date issue could be a significant barrier in Vice President Gore's bridge to the White House in the next presidential election. As first reported by Newsbytes, Gingrich said nothin g could be "more destructive for Gore's political future than to talk about the information superhighway" while the "largest wreck in history" occurs on January 1, 2000. California CIO Says Y2K Costs Likely to Double Speaking today at an ITAA-produced Y2K seminar in Santa Clara, CA, California CIO John Thomas Flynn predicted that the Golden State will be spending more gold than expected on its Y2K correction. He estimated that the current $243 million budget will gro w to over $500 million before the last bad date is purged from the state's information systems. Flynn said that half of the state's 3000 systems are impacted by the date change issue, and half this 1500 are considered mission critical. He said that the state appropriated an additional $55 million in Y2K fix-it funds this year, and Flynn said he was disappointed that $4 million of this total went unclaimed by state agencies. Despite the anticipated increase in Y2K expenditures, Flynn said he is sticking by the state's completion schedule, with all mission critical systems due to be done by the end of this year. He called the deadline ambitious but doable. Testing, he said, is proving difficult and some software considered ready for testing has been sent back to the bench for additional repairs. Flynn mentioned other California government initiatives, including a task force of state officials meeting regularly with municipal and county counterparts on the issue. Noting that the state's level of contingency planning is in need of work, Flynn said his Department of Information Technology has created a contingency planning template for use by other state agencies. California Assemblyman Mike Honda (D) also spoke at the seminar and said he has introduced two Y2K-related measures. AB 2458 would provide a 20 percent tax credit to small businesses grappling with the Millennium Bug. He said the measure has generated a n apathetic response from the state's Chamber of Commerce. The Assemblyman has also introduced AB 1934, a bill to create incentives for organizations acting responsibly in their Y2K repairs; he said he solicits input on the measure. Business to Business PRC Inc., Reston, VA, has received an award to perform Year 2000 testing and IV&V services for the State of Colorado's Department of Human Services, in partnership with HDS Corporation. Transformation Processing Inc., Toronto, Ontario, has won a Y2K contract with Advanced Elastomers Systems (AES). Peritus Software Services, Inc., Billerica, MA, has been awarded a Y2K contract with HCL America. ITAA Y2K Information Center Solution Providers Directory http://www.itaa.org/script/2000vend.cfm ITAA*2000 Certification Program http://www.itaa.org/2000cert.htm Outlook Archive http://www.itaa.org/script/get2klet.cfm Legislative and Litigation Table http://www.itaa.org/Y2Klaw.htm Calendar http://www.itaa.org/y2kcal.htm Vendor/User Status Questionnaires http://www.itaa.org/questmain1.htm Sponsor Advertising CACI International Inc. -- Restore 2000 CACI leverages 35 years of information technology experience and over 10 years of reengineering systems - solving the same problems Y2K poses - to offer a total solution to the Year 2000 challenge: Restore 2000SM. The Restore 2000 methodology applies a comprehensive three-phase process to your information systems: Assess, Plan, and Remediate. Furthermore, we give you the option of buying our methodology or our services - both backed by CACI experience and Y2K expe rts. The Restore 2000 methodology is ITAA*2000 certified. In addition, software development processes at CACI have been independently certified as being at Level 3 of the Software Engineering Institute (SEI) Capability Maturity Model. Achieving SEI Level 3 p rovides clients further assurance that CACI solutions successfully and effectively deliver Year 2000 compliance while allowing you to save money, reduce risk, and minimize systems disruption. With approximately 3700 employees worldwide and FY97 revenues in excess of $270 million, CACI provides a depth of experience and expertise you can rely on. We've performed Year 2000 conversions for many of America's biggest enterprises, including major he alth insurance providers, retail clothing manufactures, gas companies, airlines, and government agencies. Superior functionality backed by decades of experience - CACI's Restore 2000. Worldwide Headquarters 1100 North Glebe Rd. Arlington, VA 22201 http://www.caci.com e-mail:npeters@hq.caci.com DMR Consulting Group Inc. DMR Consulting Group Inc.(formerly DMR TRECOM), an Amdahl company, is a global consulting organization of nearly 8,000 employees providing a comprehensive range of information technology services. Our Year 2000 Practice comprises a comprehensive offering of consulting, assessment, remediation, testing, and implementation services utilizing a formal methodology (APM/2000), best-in-class software tools, and six global conversion centers. We have mul ti-disciplinary experience in most mainframe, mid-range, and client-server/desktop environments. APM/2000 includes: · Program Management · Enterprise-Wide Assessment · Impact Analysis · Conversion Delivery · Testing and Implementation Year 2000 Risk Management Consulting Services include: Program Review, Stakeholder Readiness Assessment, Risk Management and Vendor Compliance Research. Contact: Stephen Frycki Managing Director, Year 2000 Services - US Phone: 201-200-3923 Fax: 201-200-9046 Email: fryckis@dmr.com Websites: http://www.dmr.com Y2Kplus Y2Kplus provides a portfolio of "best of class" software products and outsourcing services that address Year 2000 issues. These offerings are available both to IT Solution Providers and IT organizations. Y2Kplus has offerings that address the following needs: Our offerings include: * Year 2000 risk assessment * Mainframe inventory verification & code remediation (COBOL, Natural, Assembler & PL/1) * Midrange COBOL remediation (DEC, HP, UNISYS, Wang, DG, NCR, Bull & Tandem) * AS/400 remediation (RPG & COBOL) * Networked PC Year 2000 Analysis tools Applications: Access, Excel, Foxpro, Lotus 1-2-3 Languages: Basic, Visual Basic, C, C++, dBase, Clipper, Paradox PC Hardware, BIOS & Operating Systems * Testing: Tools: Data Commander for future date testing, TCS (Test Control System), Services: Test management & execution, Facilitated Test Planning, Test strategy. For more information, please send email to info@y2kplus.com, visit our web site at http://www.y2kplus.com or call Dave Ehlke at 781-863-8111. Copyright ITAA 1998. All rights reserved. The Information Technology Association of America, 1616 N. Fort Myer Drive, Suite 1300, Arlington, VA 22209. Internet: http:\\www.itaa.org