United States General Accounting Office GAO Report to the Director of the Defense Logistics Agency August 1997 DEFENSE COMPUTERS Issues Confronting DLA in Addressing Year 2000 Problems GAO/AIMD-97-106 United States GAO General Accounting Office Washington, D.C. 20548 Accounting and Information Management Division B-277130 August 12, 1997 Lieutenant General Henry Glisson, USA Director, Defense Logistics Agency Dear General Glisson: On July 7, 1997, we briefed the primary action officer from the Office of the Under Secretary of Defense for Acquisition and Technology (OUSD(A&T)), your Deputy Chief Information Officer, and other members of your staff on the results of our review to date of the Defense Logistics Agency’s (DLA) program for solving its Year 2000 computer problem. If this problem is not addressed in time, DLA computer systems could malfunction or produce incorrect information. The impact of these failures could be widespread, costly, and debilitating to important logistics missions. Our briefing was based on work we performed as part of our review of the Department of Defense’s (DOD) Year 2000 computer systems efforts for the Chairman, Senate Committee on Governmental Affairs; the Chairman and Ranking Minority Member, Subcommittee on Government Management, Information and Technology, House Committee on Government Reform and Oversight; and the Honorable Thomas M. Davis, III, House of Representatives. During our review, we concentrated on determining (1) the status of DLA’s efforts to correct its Year 2000 problems and (2) the appropriateness of DLA’s strategy and actions for ensuring that the problem will be successfully addressed. This letter summarizes the concerns we raised, provides recommendations that should alleviate those concerns, and documents the actions representatives from the OUSD(A&T) and your office agreed to for correcting DLA’s Year 2000 problems. DLA has recognized that the Year 2000 problem has the potential to be the Results in Brief largest information technology dilemma it has encountered to date and that if not successfully resolved, the supply, technical, logistics, and contract services that DLA provides to the military services could be severely disrupted. To its credit, DLA has already assessed the Year 2000 impact on its operations; inventoried its systems; conducted pilot projects to determine Year 2000 effects on some of its major systems; and developed and issued policies, guidelines, standards, and recommendations on Year 2000 correction for the agency. These steps are consistent with our guidelines and DOD’s five-phase approach for planning, managing, and evaluating Year 2000 programs. Page 1 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 However, DLA has not yet completed several critical steps associated with the assessment phase of Year 2000 correction that are designed to ensure the agency is well-positioned to deal with delays or other problems encountered in the remaining phases. First, DLA has not been working enough with its customers and others who have established system connections or interfaces to ensure consistency in handling date information passed between systems. Second, the agency has not included thousands of field-developed, unique programs as part of its Year 2000 systems inventory or made these programs part of its Year 2000 program office’s responsibility. These unique programs can introduce errors into DLA’s automated information systems just as easily as those systems that have external interfaces with DLA systems. In addressing these two issues, DLA can help ensure the success of its efforts to correct the systems within its control. In addition, DLA has not (1) prioritized the 86 automated information systems that it plans on being operational in the year 2000 to ensure that the most mission critical systems are corrected first or (2) developed contingency plans to establish the course of action that should be followed in the event that any of DLA’s mission critical systems are not corrected on time. Since DLA activities are critical to supporting military operations and readiness, we believe that the agency should begin prioritizing its systems and developing contingency plans so that logistics operations can continue even if unforeseen problems or delays in Year 2000 corrective actions arise. During our review, we compared DLA’s efforts to plan and manage its Year Scope and 2000 program to GAO’s Year 2000 Assessment Guide.1 We also reviewed Methodology DOD’s Year 2000 Management Plan;2 related DLA policies, directives, and strategies; and public and private sector Year 2000 guidance. We focused our review on Year 2000 work being carried out by (1) DOD’s Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence (OASD(C3I)), which is responsible for promulgating DOD guidance on the year 2000 and providing assistance to DOD components, such as DLA, (2) DLA’s headquarters, and (3) DLA’s Systems Design Center, which develops and maintains the agency’s standard automated information systems. 1 Year 2000 Computing Crisis: An Assessment Guide (Exposure Draft) (GAO/AIMD-10.1.14, February 1997). 2 Department of Defense Year 2000 Management Plan (Version 1.0, April 1997). Page 2 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 To discuss OASD(C3I) efforts in providing Year 2000 support to DLA, we met with the Deputy Assistant Secretary for Command, Control, and Communications; the Principal Director for Information Management; the Director for Information Technology; and the OASD(C3I) Point of Contact for Year 2000. We reviewed the OASD(C3I)’s Year 2000 guidance and other documentation on Year 2000 funding, reporting, and date format requirements. To assess DLA headquarters efforts to correct the Year 2000 computer problem, we (1) met with DLA’s Chief Information Officer (CIO), Deputy CIO, Chief of the Customer Support Team, headquarters Year 2000 lead official, and a headquarters Year 2000 Test and Evaluation Support Team official, (2) analyzed documents issued by these offices that describe organizational structure and responsibilities for carrying out DLA’s Year 2000 efforts, and analyzed business requirements, resource management, and DLA’s automated information systems, and (3) reviewed the DLA CIO’s Year 2000 compliance directive3 that provides guidance and direction and assigns responsibility to the DLA Systems Design Center and all other DLA components. We also assessed Year 2000 efforts being carried out by DLA’s Systems Design Center located in Columbus, Ohio. At the Center, we interviewed (1) the Deputy Commander, Deputy Director for Corporate Administration, Executive Director of Product Management, and the DLA Systems Design Center’s Year 2000 Program Manager and (2) product managers for two of DLA’s largest automated information systems—the Mechanization of Contract Administration Services (MOCAS) and the Standard Automated Materiel Management System (SAMMS). We analyzed the Center’s documentation on its Year 2000 strategy, implementation status, test and evaluation, certification, and resource allocation and its report on pilot studies. In addition, we reviewed documents describing systems’ platforms;4 languages;5 databases; date formats; and other Year 2000 information relevant to DLA’s automated information systems. We performed our work primarily at DLA Headquarters at Fort Belvoir, Virginia; the DLA Systems Design Center in Columbus, Ohio; and the Office of the Assistant Secretary of Defense for Command, Control, 3 Directive Memorandum from Thomas J. Knapp, DLA CIO, to DLA Components/Business Areas, Subject: CIO Letter 96-7, DLA Information Systems Year 2000 Compliance, dated August 7, 1996. 4 Any configuration of hardware and software used in computer processing. 5 A set of alphabetic, numeric, and symbolic character elements used with a rule structure to communicate between people and machines. Page 3 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 Communications, and Intelligence at Arlington, Virginia. We conducted our work between November 1996 and July 1997, in accordance with generally accepted government auditing standards. The Department of Defense provided written comments on a draft of this report. These comments are discussed in the “Agency Comments and Our Evaluation” section and are reprinted in appendix I. Defense logistics is the acquisition, management, distribution, and Background maintenance of DOD materiel inventory, consumable items, and some replacement parts used for sustaining the readiness of ships, aircraft, tanks, and other weapon systems, as well as supporting military personnel. As DOD’s logistics manager for consumable items, DLA is responsible for a range of complex and important DOD operations, including providing supply support, contract administration services, and technical and logistics services to all branches of the military and to civilian agencies. DLA reported in 1997 that these operations involve processing more than 20 million supply requisitions a year, which result in more than $11 billion in sales annually; managing more than 380,000 prime contracts valued at more than $950 billion and involving 24,000 contractors; and coordinating 31 million transactions involving receiving, storing, and issuing of materiel. Like all large businesses, DLA relies heavily on computer systems to carry out these operations. Most of these systems are vulnerable to the Year 2000 problem. The Year 2000 problem is rooted in the way dates are recorded and computed in automated information systems. For the past several decades, systems have typically used two digits to represent the year, such as “97” representing 1997, in order to conserve on electronic data storage and reduce operating costs. With this two-digit format, however, the year 2000 is indistinguishable from 1900, or 2001 from 1901. As a result of this ambiguity, system or application programs that use dates to perform calculations, comparisons, or sorting may generate incorrect results. Should DLA’s computer systems fail because of the Year 2000 problem, Defense logistics operations could be affected by the incorrect processing of inventory and contracts, corrupted databases, or even massive system failures. For example, if a system is corrupted with bad data, is not compliant on time, or fails, it could result in shortages of critical items needed to sustain military operations and readiness—such as food, fuel, Page 4 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 medical supplies, clothing, spare and repair parts, and support for over 1,400 weapons systems. In addressing the Year 2000 problem, DLA also must consider the hundreds of computer systems that interface with, or connect to, its own systems. These systems belong to the military services, DOD components, and other federal agencies that DLA does business with, and they play a critical role in carrying out logistics services. For example, supply orders originating from the military services are filled and payments to contractors are made with the help of these interfaces. The systems that interface with DLA systems are just as vulnerable to the Year 2000 problem as DLA’s own systems. In February 1997, we published the Year 2000 Computing Crisis: An Assessment Guide,6 which addresses common issues affecting most federal agencies and presents a structured approach and a checklist to aid in planning, managing, and evaluating Year 2000 programs. The guidance is consistent with DOD’s Year 2000 Management Plan.7 The guide describes five phases—supported by program and project management activities—with each phase representing a major Year 2000 program activity or segment. The phases and a description of what each entails follows. • Awareness: Define the Year 2000 problem and gain executive-level support and sponsorship. Establish a Year 2000 program team and develop an overall strategy. Ensure that everyone in the organization is fully aware of the issue. • Assessment: Assess the Year 2000 impact on the enterprise. Identify core business areas and processes, inventory and analyze systems supporting the core business areas, and prioritize their conversion or replacement. Develop plans to handle data exchange issues, lack of data, and bad data. Identify and secure the necessary resources. • Renovation: Convert, replace, or eliminate selected platforms, applications, databases, and utilities. Modify interfaces. • Validation: Test, verify, and validate converted or replaced platforms, applications, databases, and utilities. Test the performance, functionality, and integration of converted or replaced platforms, applications, databases, utilities, and interfaces in an operational environment. 6 GAO/AIMD-10.1.14, February 1997. 7 Version 1.0, April 1997. Page 5 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 • Implementation: Implement converted or replaced platforms, applications, databases, utilities, and interfaces. Implement data exchange contingency plans, if necessary. In addition to following the five phases described, a Year 2000 program should also be planned and managed as a single, large information system development effort. Agencies should promulgate and enforce good management practices at the program and project levels. DLA reported to us in February 1997 that it completed the awareness and Current Status of DLA assessment phases in December 1996 and is now engaged in renovation, Year 2000 Efforts validation, and implementation phase activities. DLA’s target date for having all its programs Year 2000 compliant and in production is December 1998. According to DLA, it will cost about $27 million to address the Year 2000 problem. In June 1997, DLA reported that of the 86 automated information systems projected to be operational after the Year 2000,8 DLA reported that 19 were in the renovation phase, 30 were in the validation phase, and 37 were in the implementation phase. The systems projected to be operational after the Year 2000 contain approximately 39 million lines of code. A breakdown of DLA’s systems is shown in figure 1. 8 DLA currently has 86 automated information systems. It expects to retire 15 of these systems before the Year 2000, and, at the time of our review, it had not yet decided whether to retire or correct three systems. Page 6 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 Figure 1: Reported Status of Year 2000 Efforts for DLA Systems as of June 1997 Validation 30 Renovation 19 Implementation 37 Note: Local unique applications/programs are not included in this status. Source: DLA. We did not independently verify this information. DLA has assigned its CIO the responsibility of planning, managing, and executing the DLA Year 2000 program. The DLA Systems Design Center, which is responsible for developing and maintaining DLA automated information systems, has overall program management responsibility for Year 2000-related efforts. The Center, which reports to the CIO, has established a Year 2000 program office and designated a program manager. The Center has taken the following actions as part of its efforts to address the Year 2000 problem: • developed a detailed Year 2000 plan; • conducted a Year 2000 impact assessment, which identified the number of systems owned by DLA and the lines of code associated with those systems; • estimated which mainframe, mid-tier processors, and desktop computers would still be in use by the year 2000; • conducted pilot projects with DLA’s major automated information systems, including SAMMS, MOCAS, Defense Integrated Subsistence Management Page 7 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 System, and Defense Fuels Automated Management System, to assess potential Year 2000 impact on these systems; and • developed Year 2000 policies, guidelines, standards, and recommendations for the agency. In addition, DLA has entered its mission-critical systems into the DOD’s Defense Integration Support Tools (DIST) database. This is a database that DOD uses to track its information systems and plans to use to facilitate the Year 2000 effort departmentwide. Center officials also told us that they are tracking their information systems through a database created and maintained by the Center. Most of fiscal year 1999 is expected to be used for final system testing. DLA has drafted a Test and Evaluation Master Plan and formulated detailed testing plans. For most of the systems, individual business area managers and technical staff will be responsible for testing and certifying that tests have been completed. During the assessment phase, DLA decided that it would use a sliding window technique9 to modify most of its systems so that they can operate correctly after the year 2000. DLA decided on this technique because it allows the information system to retain the two-digit year format and requires less time, fewer resources to implement, and reduced risk. However, coordination between interface partners is necessary to ensure that each partner understands how to interpret the two-digit year for determining the century. DLA has configuration management procedures and configuration control boards both at its headquarters and its Systems Design Center to ensure that Year 2000 efforts receive appropriate configuration management.10 DLA’s configuration management procedures and configuration control boards are intended to ensure that all changes to information systems and their components are properly documented and managed. DLAhas recently reported that it has already experienced Year 2000-related problems in its automated information systems. For example, SAMMS 9 For purposes of renovating noncompliant systems, DOD has identified three strategies: field expansion, procedural code, and sliding window. Field expansion increases the size of the year field generally from two-digit to four-digit. Procedural code and sliding window derive the correct century based on the two-digit year; for example, any year smaller than 50 is a Year 2000 date and years 50 or greater are identified as 1900 dates. 10 Configuration management is the continuous control of changes made to a system’s hardware, software, and documentation throughout the development and operational life of the system. Page 8 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 incurred a serious Year 2000-related error when it erroneously deactivated 90,000 inventoried items based on an erroneous date calculation. According to DLA, it took 400 work hours to correct the error. Part of the correction effort involved preventing the erroneous catalog action transactions from being propagated to the military services and correcting the SAMMS program in order to prevent future problems. DLA reported that the impact of not addressing the Year 2000 problem for SAMMS would be catastrophic and would seriously hamper DLA’s mission to deliver materiel in a timely manner. DLA has taken some good steps in addressing the Year 2000 problem. Key Issues Need However, the agency is moving forward into renovation, testing, and Prompt Attention for validation—the more difficult and complex phases of Year 2000 DLA to Solve Its Year correction—without addressing some very critical steps associated with the assessment phase. These include (1) ensuring consistency in handling 2000 Problem date information passed among systems, (2) incorporating thousands of locally developed, unique applications in the Year 2000 systems inventory and assigning responsibility to the DLA Systems Design Center’s Year 2000 program office for ensuring that the unique applications are Year 2000 compliant, (3) prioritizing systems for correction, and (4) developing contingency plans. If these issues are not promptly addressed, DLA may well negate any success it may have in making systems within its control Year 2000 compliant, and it will hamper its ability to deal with unanticipated problems and delays. Given DLA’s role in supplying the military services and supporting other federal agencies, it cannot afford this risk. DLA Needs to DLA’s information systems interface with, or connect to, hundreds of Communicate With computer systems belonging to the military services, DOD components, External Interface Partners contractors, and other federal agencies that DLA does business with. Because these systems are also vulnerable to Year 2000 problems, they can introduce and/or propagate errors into DLA systems. In considering these potential problems, our assessment guide, as well as DOD’s Year 2000 management plan and private sector Year 2000 experts, stress that it is extremely important for organizations to invest time and effort in interface issues. This is especially critical for those agencies like DLA that are heavily dependent on system interfaces to carry out their operations. As two experts on the Year 2000 problem recently noted, “Today’s businesses and government agencies have developed an Page 9 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 integrated [interdependence] through their information systems and computer-controlled processes. If one falters, there is a rapidly cascading effect on many other stakeholders. Failure to address this integrated [interdependence] will compromise many Year 2000 projects.”11 For the most part, DLA is not changing the two-digit date formats that their systems use to send and receive information. DLA officials told us most of their interface partners will continue using the date formats they have always used. DLA plans to use filters, such as firewall protection12 to prevent the receipt of erroneous data into their systems. DLA has also assigned responsibility for interface control to the individual system level, but it has not required system managers to execute written interface agreements for all of their system interfaces. We believe that DLA needs to communicate its interface plans to its customers and contractors so that its data exchange partners will be aware of DLA’s plans and can alert the agency to possible conflicts with their own plans. This is consistent with DOD’s management plan and our Year 2000 assessment guide, which included written notification of Year 2000 changes to interface partners as a step toward Year 2000 compliance because it enables the agency and its partners to agree early on such matters as format changes, schedules, or the need for data bridges. According to the DOD plan, this notification can take the form of Memorandums of Agreement or the equivalent. In not placing more attention on communicating with its external interface partners, DLA is increasing the risk of discovering too late in the Year 2000 effort that an interfacing system will not be able to accommodate the agency’s own Year 2000 changes. Changes would have to be made on short notice rather than in a planned manner. In turn, this could result in incorrect system performance, including significant interface backlogs, rejection of faulty data from noncompliant systems, and/or the introduction of errors into DLA systems. Unique Applications Need DLA has thousands of unique applications, which are nonstandard, More Attention field-developed programs that download and process data from various DLA standard systems. For example, DLA has told us that more than 3,300 active SAMMS unique applications were found in 1995. Some of these 11 Datamation, “Year 2000: The Domino Effect” by Leland G. Freeman and C. Lawrence Meador, January 1997. 12 Firewalls are defensive coding and interface presentation used to ensure that users or external systems cannot damage an internal system. Page 10 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 applications transmit data back to DLA’s standard systems. As a result, the unique applications have the potential to introduce and propagate errors into DLA systems much like the external interfaces do. To date, however, these applications have not been included in DLA’s information system inventory, primarily because these systems are not under the control of DLA’s Systems Design Center. Instead, DLA is placing responsibility for Year 2000 corrections on the unique application owners. We believe that DLA’s plans with respect to these unique applications leave the agency exposed to a host of problems as it moves into the next century. First, in relying on the owners of the unique applications to make Year 2000 corrections and by not having a complete inventory of these applications, DLA cannot adequately ensure that all the applications will be compliant before the Year 2000 deadline. Second, it will have difficulty ensuring that interfaces between the unique applications and the larger standard systems are properly identified and handled. Third, inventorying these programs and assigning responsibility for ensuring progress in their correction would also help DLA raise awareness of potential Year 2000 problems and operational impact to the managers of these unique applications. DLA Has Not Prioritized Its An important aspect of Year 2000 correction is prioritizing which systems Systems have the highest impact on an agency’s mission and thus need to be corrected first. This helps an agency ensure that the most vital systems are not treated the same as systems that have little to do with the agency’s core business. However, DLA’s Systems Design Center officials told us that they do not believe that they need to prioritize their systems for correction because they must succeed in correcting all their major systems by the Year 2000 deadline. They also told us that each of their customers believes that its system is the most important. Our Year 2000 guide and DOD’s plan both highlight the importance of prioritization of system conversions and replacements. DLA needs to do systems prioritization and to continually revisit its systems prioritization strategy to assure the most current appraisal of systems importance and vulnerability estimates are being used. An adequate systems prioritization will help to lower the risk of failure for the most strategically important systems in case of unexpected delays or other problems encountered during DLA’s Year 2000 effort. Page 11 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 Year 2000 Contingency DOD’s Year 2000 Management Plan and our Year 2000 Assessment Guide Plans Needed for DLA’s call on agencies to develop realistic contingency plans during the Mission Critical Systems assessment phase for critical systems and activities to ensure the continuity of their core business processes. Contingency plans are important because they identify the manual or fallback procedures to be employed should some critical systems miss their Year 2000 deadline. They also establish a series of checkpoints that allow the agency to identify performance problems early enough to correct them. DLA currently has no Year 2000 contingency plans. Systems Design Center officials told us that they expect all their systems to meet their Year 2000 deadline and, for that reason, contingency plans are not needed. While DLA has progressed in its Year 2000 effort, there is no guarantee that the initiative will be completed on time or be free of unforeseen problems. The potential for problems resulting from the lack of contingency plans is already evident with DLA’s plans to replace two legacy systems, Defense Fuels Automated Management System (DFAMS) and Automated Voucher Examination and Disbursement System (AVEDS), with a new Fuels Automated System (FAS) in October 1997. DLA’s Systems Design Center expressed concern as early as November 1996 that FAS fielding slippage, the inherent risk of implementing any major level system on time, and the long development time that would be required to convert DFAMS to be Year 2000 compliant, increase the risk associated with FAS not being ready by the October 1998 target. A recent progress review of FAS revealed a completion slippage of 4 to 5 months. According to the Center’s Year 2000 plan for its fuel system, if the new fuel system fails to operate, DLA will be unable to manage its $5 billion a year fuel commodity operations and perform related business processes. The Center stated that “this would result in serious mission and financial impacts. . .[including] the inability to establish contracts, perform billing and payment functions, and manage the inventory.” Nevertheless, project managers of the two legacy systems are resisting investing money in the two legacy systems Year 2000 compliance because they believe that FAS will be delivered on time. While the Center has acknowledged the risks involved if its fuel system fails to operate properly, it still has not developed contingency plans for the fuel related information systems. Given the dangers associated with not having contingency plans, we believe DLA needs to promptly develop Page 12 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 contingency plans, especially for its most critical systems, so that it can establish a fallback position in case of emergencies. The military services and DOD components count on DLA to provide critical Conclusions logistics services, including supplying their food, fuel, medical supplies, and clothing, as well as the support for over 1,400 weapon systems. Other federal agencies also rely on DLA to manage nearly a trillion dollars worth of contracts. However, DLA is unnecessarily putting its Year 2000 strategy at risk of failure because it has not yet taken the fundamental steps associated with ensuring that the proper date information is passed between systems. DLA must address interface issues, prioritize its systems, and plan for contingencies so that supply management, distribution, contract management, and other DLA operations are not disrupted. We recommend that you take the following actions: Recommendations • Require the completion of signed, written interface agreements between DLA and its interface partners that describe the method of data exchange between interfacing systems, the entity responsible for performing the system interface modification, and milestones identifying when the modification is to be completed. • Require that DLA’s business managers work with the DLA CIO to (1) ensure that mission-related unique applications/systems are included in the Year 2000 inventory, (2) determine if the year 2000 is an issue for each system, and (3) assign responsibility to DLA Systems Design Center’s Year 2000 program office for ensuring that all inventoried unique systems are made compliant by December 31, 1999. • Require that the DLA CIO, the Chief of Customer Support Team, and the DLA Systems Design Center Commander develop a Year 2000 systems prioritization, in conjunction with respective systems’ customers. • For standard systems under control of the Systems Design Center, require that the DLA CIO, the Chief of Customer Support Team, and the Center Commander, in coordination with respective systems’ customers, develop and issue contingency plans for all critical systems. The Department of Defense provided written comments on a draft of this Agency Comments report. DOD concurred with our recommendation on interface agreements and Our Evaluation and contingency plans, and partially concurred with our recommendation on unique applications. DOD did not concur with our recommendation on Page 13 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 systems prioritization. Defense’s response to this report is summarized below, along with our evaluation. DOD concurred with our recommendation on interface agreements. DLA is in the process of ensuring that documented agreements are prepared for all interfaces requiring changes between their interface partners. DLA appears to be making good progress in this area. Its continued emphasis will be important to ensure that all parties agree on format changes, are aware of what interface changes will occur, and know the schedules for when changes will occur. DOD also concurred with our recommendation to prepare contingency plans for DLA’s critical systems requiring Year 2000 conversion and indicated that DLA’s initial contingency plans are to be prepared by October 1997. We are encouraged by DLA’s intent to begin preparing contingency plans within each business area. We urge DLA to complete these plans by its October 1997 deadline to ensure uninterrupted service should some critical systems fall behind in meeting their Year 2000 deadline. DOD partially concurred with our recommendation that the DLA CIO ensure that mission-related unique applications/systems be included in the agency’s Year 2000 inventory, determine if Year 2000 date problems exist in these applications/systems, and assign responsibility for correcting the unique applications to DLA’s Year 2000 program office at the Defense Systems Design Center. DOD disagreed with our recommended method of assuring that the unique applications are corrected within an appropriate time frame. Rather, DLA is relying on its Year 2000 Program Manager to coordinate reporting of compliance and has assigned the responsibility for performing the corrective actions to the numerous business areas and field activities. The DLA Year 2000 Program Manager is also to track the status reported by the business areas. We agree with DLA’s decision to include the unique applications/systems in its Year 2000 inventory and require their correction status to be coordinated through the DLA Year 2000 Program Manager. However, we are concerned that DLA’s Year 2000 Program Manager does not have the necessary resources to ensure that appropriate tasks are scheduled, adequate resources applied, and corrective actions completed on time. Oversight of Year 2000 project management functions for unique applications/systems could be more effectively carried out by the DLA Program Manager in conjunction with a DLA organization that actually Page 14 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 performs these functions as its primary mission, such as the Year 2000 program office within the DLA Systems Design Center. DLA’s headquarters Year 2000 Program Manager would then have a higher level of assurance that the unique applications/systems would be corrected on time. DLA cannot afford the inherent risk of unique applications/systems corrupting their standard systems if a high degree of compliance quality assurance and oversight is not exercised, in lieu of merely reporting and coordinating. DOD did not concur with our recommendation for a systems prioritization plan. DOD believes that DLA’s planning efforts and strategy for renovating its systems are adequate and that DLA has adequately prioritized its mission critical systems. In responding to a draft of this report, DLA officials told us that each business area within the agency had prepared a prioritized systems list that would be used in correcting Year 2000 date problems. We remain concerned that without an agencywide system priority list linked with the execution priorities of the agency’s Year 2000 plan, DLA’s business area managers will continue to view their own systems as most important to the agency. Today, DLA lacks a Year 2000 date correction plan that clearly identifies an integrated approach describing DLA-wide systems priorities in the order of criticality to the Defense missions assigned to the agency, and how corrections will be made commensurate with these priorities. Such a plan will be necessary should completion target dates for the many DLA systems slip as the Year 2000 deadline draws near. We appreciate the courtesy and cooperation extended to our audit team by DLA officials and staff. Within 60 days of the date of this letter, we would appreciate receiving a written statement on actions taken to address these recommendations. We are providing copies of this letter to the Chairman and Ranking Minority Member of the Senate Committee on Governmental Affairs; the Chairmen and Ranking Minority Members of the Subcommittee on Oversight of Government Management, Restructuring and the District of Columbia, Senate Committee on Governmental Affairs, and the Subcommittee on Government Management, Information and Technology, House Committee on Government Reform and Oversight; the Honorable Thomas M. Davis, III, House of Representatives; the Secretary of Defense; the Deputy Secretary of Defense; the Under Secretary of Defense for Acquisition and Technology; the Acting Under Secretary of Defense (Comptroller); the Acting Assistant Secretary of Defense for Command, Control, Communications and Intelligence; and the Director of the Office Page 15 GAO/AIMD-97-106 DLA Year 2000 Challenges B-277130 of Management and Budget. Copies will be made available to others upon request. If you have any questions on matters discussed in this letter, please call me at (202) 512-6240 or Carl M. Urie, Assistant Director, at (202) 512-6231. Major contributors to this report are listed in appendix II. Sincerely yours, Jack L. Brock, Jr. Director, Defense Information and Financial Management Systems Page 16 GAO/AIMD-97-106 DLA Year 2000 Challenges Page 17 GAO/AIMD-97-106 DLA Year 2000 Challenges Contents Letter 1 Appendix I 20 Comments From the Department of Defense Appendix II 24 Major Contributors to This Report Figure Figure 1: Reported Status of Year 2000 Efforts for DLA Systems 7 as of June 1997 Abbreviations AVEDS Automated Voucher Examination and Disbursement System CIO Chief Information Officer DFAMS Defense Fuels Automated Management System DISMS Defense Integrated Subsistence Management System DIST Defense Integration Support Tools DLA Defense Logistics Agency DOD Department of Defense FAS Fuels Automated System MOCAS Mechanization of Contract Administration Services OASD(C3I) Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence OUSD(A&T) Office of the Under Secretary of Defense for Acquisition and Technology SAMMS Standard Automated Materiel Management System Page 18 GAO/AIMD-97-106 DLA Year 2000 Challenges Page 19 GAO/AIMD-97-106 DLA Year 2000 Challenges Appendix I Comments From the Department of Defense Page 20 GAO/AIMD-97-106 DLA Year 2000 Challenges Appendix I Comments From the Department of Defense Now on p. 13. Now on p. 13. Page 21 GAO/AIMD-97-106 DLA Year 2000 Challenges Appendix I Comments From the Department of Defense Now on p. 13. Page 22 GAO/AIMD-97-106 DLA Year 2000 Challenges Appendix I Comments From the Department of Defense Now on p. 13. Page 23 GAO/AIMD-97-106 DLA Year 2000 Challenges Appendix II Major Contributors to This Report Carl M. Urie, Assistant Director Accounting and Keith A. Rhodes, Technical Director Information Madhav S. Panwar, Technical Assistant Director Management Division, Alicia Loudis Sommers, Evaluator-in-Charge Cristina T. Chaplain, Communications Analyst Washington, D.C. (511622) Page 24 GAO/AIMD-97-106 DLA Year 2000 Challenges Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 6015 Gaithersburg, MD 20884-6015 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (301) 258-4066, or TDD (301) 413-0006. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
Defense Computers: Issues Confronting DLA in Addressing Year 2000 Problems
Published by the Government Accountability Office on 1997-08-12.
Below is a raw (and likely hideous) rendition of the original report. (PDF)