United States General Accounting Office GAO Report to the Acting Director, Defense Finance and Accounting Service August 1997 DEFENSE COMPUTERS DFAS Faces Challenges in Solving the Year 2000 Problem GAO/AIMD-97-117 United States GAO General Accounting Office Washington, D.C. 20548 Accounting and Information Management Division B-276288 August 11, 1997 Mr. Gary W. Amlin Acting Director Defense Finance and Accounting Service Dear Mr. Amlin: On June 20, 1997, we briefed members of your staff on the results of our review to date of the Defense Finance and Accounting Service (DFAS) program for solving the Year 2000 computer systems problem. The problem results from the inability of computer programs at the year 2000 to interpret the correct century from a recorded or calculated date having only two digits to indicate the year. Unless corrected, DFAS’ computer systems could malfunction or produce incorrect information when the year 2000 is encountered during automated data processing. The impact of these failures would be widespread, costly, and potentially debilitating to the DFAS accounting and financial reporting mission. Our briefing was based on work we performed as part of our review of the Department of Defense’s (DOD) Year 2000 computer systems efforts for the Chairman, Senate Committee on Governmental Affairs; the Chairman and Ranking Minority Member of the Subcommittee on Government Management, Information and Technology, House Committee on Government Reform and Oversight; and the Honorable Thomas M. Davis, III, House of Representatives. During the review, we concentrated on determining (1) the status of DFAS’ efforts to identify and correct its Year 2000 systems problems and (2) the appropriateness of DFAS’ strategy and actions for ensuring that problems will be successfully addressed. This letter summarizes the concerns we raised and provides recommendations for addressing these issues. DFAS managers have recognized the importance of solving the Year 2000 Results in Brief problem. If not successfully addressed it could potentially impact DFAS’ mission. For example, DFAS systems may be unable to (1) pay millions of active and retired military and civilian personnel and annuitants accurately and on time, (2) disburse funds to pay millions of contractor and vendor invoices, or (3) account for DOD’s worldwide operations. To help ensure that services are not disrupted, DFAS has developed a Year 2000 strategy which is based on the generally accepted five-phased government methodology for addressing the Year 2000 problem. This approach is also Page 1 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 consistent with our guidelines for planning, managing, and evaluating Year 2000 programs. In carrying out its Year 2000 strategy, DFAS has assigned accountability for ensuring that Year 2000 efforts are completed, established a Year 2000 systems inventory, implemented a quarterly tracking process to report the status of individual systems, estimated the cost of renovating systems, begun assessing its systems to determine the extent of the problems, and started to renovate and test some applications. Recently, DFAS also established a Year 2000 certification program that defines the conditions that must be met for automated systems to be considered Year 2000 compliant. While initial progress has been made, there are several critical issues facing DFAS, that if left unaddressed, may well result in the failure of its systems to successfully operate at the Year 2000. First, DFAS has not identified in its Year 2000 plan all critical tasks for achieving its objectives or established milestones for completing all tasks, specifically the actions that will be needed during the validation (testing) and implementation phases. Second, DFAS has not performed formal risk assessments of all systems to be renovated or ensured that contingency plans are in place in the event that renovations are not completed in time, or if renovated or replacement systems fail to operate properly. Third, DFAS has not identified all system interfaces, including those of external users who have established system connections with DFAS, and has completed written interface agreements with only 230 of 904 interface partners. Fourth, DFAS has not adequately ensured that testing resources will be available when needed to determine if all operational systems are compliant before the year 2000. DFAS’risk of failure in these areas is increased due to its reliance on other DOD components, such as central design activities, to perform Year 2000 renovations for many of its systems and on the Defense Information Systems Agency (DISA)1 to ensure that its megacenters can operate in a Year 2000 environment. DFAS is also dependent on military services and DOD components to ensure that their systems are Year 2000 compliant since these entities’ systems provide an estimated 80 percent of the financial data that DFAS ultimately uses in its finance and accounting processes. Therefore, it is essential that DFAS take every possible measure 1 DISA is responsible for DOD information resources management, including the management of data processing facilities and information technology resources at centralized Defense megacenters. DFAS utilizes DISA megacenter computer facilities for processing finance and accounting data and testing changes to information systems. Page 2 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 to ensure that it is well-positioned as it approaches the year 2000 to mitigate these risks and ensure that Defense finance and accounting operations are not disrupted. During our review, we compared DFAS’ efforts to plan and manage its Year Scope and 2000 program to our Year 2000 assessment guide for evaluating the Methodology awareness and assessment phases. We also performed limited work in areas where DFAS had progressed to the renovation and validation (testing) phases. Specific audit work was performed at DFAS headquarters and three of the five DFAS centers—Cleveland, Denver, and Indianapolis—that, as of April 1997, maintained responsibility over about 83 percent (179 of 216) of the systems that are currently being tracked under the Year 2000 program. Of the 179 systems at these locations, we discussed with system and technical managers the status of 48 systems, about 27 percent of the total. We selected these systems because they cover the three categories of active systems—those to be replaced, those to be renovated, and those already compliant—that DFAS is tracking under its Year 2000 program. Additional factors included consideration of the system size, number of system interfaces, and whether systems were intended to replace existing legacy systems. Appendix I provides a list of the systems that we reviewed. At DFAS headquarters, we met with the Deputy Director for Information Management, who is responsible for the guidance and direction for the Year 2000 program, to discuss DFAS’ strategy for meeting the Year 2000 mandate. We also met with the Year 2000 project manager, who is responsible for the coordination, dissemination, and reporting for the DFAS Year 2000 program, to get an understanding of ongoing activities and requirements. To determine the status of DFAS’ contingency planning for automated systems, and its relationship to the Year 2000 program, we obtained DFAS’ Corporate Contingency Plan and discussed contingency provisions with officials from the DFAS Plans and Management Deputate and their associates at the DFAS Denver center. We also met with functional managers for six systems DFAS reported as being noncompliant that were the responsibility of the Information Management and Finance Deputates to determine the status of their efforts to achieve Year 2000 compliance. At the three DFAS centers, we met with individual center directors, who had been given responsibility for ensuring that the systems under their respective centers are Year 2000 compliant. Also, we met with Financial Systems Activity (FSA) Directors, who have technical responsibility for systems maintenance at those locations. We also met with each center’s Page 3 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 Year 2000 point of contact who is to disseminate Year 2000 information, and coordinate and consolidate Year 2000 reporting at the center level. Finally, we met with functional and technical managers of 42 separate systems who are being held accountable for ensuring that the systems they are responsible for are Year 2000 compliant. Using the assessment guide, we reviewed the status of DFAS’ Year 2000 awareness by obtaining information on and discussing DFAS’ strategy and program management initiatives with top management. We also obtained Year 2000 guidance provided to headquarters and center-level staff, and discussed this guidance with DFAS management responsible for administering the Year 2000 program and ensuring the compliance of DFAS systems. To determine the extent of assessment and renovation activities being performed, we identified Year 2000 policies and procedures that had been issued, reviewed the status of systems inventories, systems priority processes, risk assessments and contingency planning, and reporting and oversight activities. We interviewed functional and technical managers responsible for specific DFAS systems to discuss the status of their system assessments, the use of assessment tools, and the completeness and reliability of quarterly status report information such as identified milestones, adequacy of resources, interfaces and written agreements, and potential obstacles to meeting Year 2000 compliance. We also discussed with DFAS staff responsible for assessing DFAS’ hardware and systems software infrastructure, including its mid-level and communications processors, the status of their efforts to compile an inventory and plan for testing. We also spoke with several systems managers to obtain the status of DFAS’ efforts to test and validate commercial-off-the-shelf (COTS) applications. In evaluating the extent of DFAS’ validation phase activities, we met with selected technical managers for six systems classified as compliant to determine the extent of testing that had been performed for asserting compliance. In addition, we tracked the status of DFAS’ progress in actually replacing 18 systems that were scheduled to be replaced during a 3-month period. Our audit work was performed from August 1996 through May 1997 using generally accepted government auditing standards. The Department of Defense provided written comments on a draft of this report. These comments are discussed in the “Agency Comments and Our Evaluation” section and are reprinted in appendix III. Page 4 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 DFAS is the accounting firm of the Department of Defense. It was Background established in January 1991 to strengthen DOD’s financial management operations by standardizing, consolidating, and streamlining finance and accounting policies, procedures, and systems. DFAS accounts for DOD’s worldwide operations with assets totalling well in excess of $1 trillion. Each year, DFAS pays nearly 4 million active military and civilian personnel, 2 million retirees and annuitants, and approximately 23 million invoices to contractors and vendors. Due to DFAS’ reliance on computer systems to carry out its operations, the Year 2000 issue has the potential to impact virtually every aspect of the DFAS accounting and finance mission. The majority of DFAS finance and accounting systems are 20 or more years old and are primarily written in the Common Business Oriented Language (COBOL) programming language. DFAS recognizes that millions of lines of code must be analyzed and rewritten in systems that will still be operational in the year 2000. The Year 2000 problem is rooted in the way dates are recorded and computed in automated information systems. For the past several decades, systems have typically used two digits to represent the year, such as “97” representing 1997, in order to conserve on electronic data storage and reduce operating costs. With this two-digit format, however, the year 2000 is indistinguishable from 1900, or 2001 from 1901. As a result of this ambiguity, system or application programs that use dates to perform calculations, comparisons, or sorting could generate incorrect results when working with years after 1999. Although DFAS is responsible for the majority of DOD’s finance and accounting systems, DFAS is not responsible for all the systems that produce financial data. Systems that support other functional areas such as acquisition, medical, logistics, and personnel originate and process a significant amount of financial data that is ultimately reported on financial statements. These military service and Defense component systems provide financial data to DFAS through systems interfaces that DFAS needs to consider in addressing the Year 2000 problem. The systems that interface with DFAS systems are just as vulnerable to the Year 2000 problem as its own systems. Accordingly, DFAS’ ability to sustain operations in the Year 2000 time frame is dependent not only on its own systems, but also on a host of Defense component systems upon which it is largely reliant for accounting transaction data. Page 5 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 In February 1997, we published the Year 2000 Computing Crisis: An Assessment Guide2 that addresses common issues affecting most federal agencies and presents a structured approach and a checklist to aid them in planning, managing, and evaluating their year 2000 programs. The guide describes five phases—supported by program and project management activities—with each phase representing a major year 2000 program activity or segment. The guidance draws heavily on the work of the Best Practices Subcommittee of the Interagency Year 2000 Committee, and incorporates guidance and practices identified by leading organizations in the information technology industry. The five phases are consistent with those prescribed by DOD in its Year 2000 Management Plan.3 The phases and a description of each phase follows: • Awareness—Define the Year 2000 problem and gain executive-level support and sponsorship. Establish a Year 2000 program team and develop an overall strategy. Ensure that everyone in the organization is fully aware of the issue. • Assessment—Assess the Year 2000 impact on the enterprise. Identify core business areas and processes, inventory and analyze systems supporting the core business areas, and prioritize their conversion or replacement. Develop contingency plans to handle data exchange issues, lack of data, and bad data. Identify and secure the necessary resources. • Renovation—Convert, replace, or eliminate selected platforms, applications, databases, and utilities. Modify interfaces. • Validation—Test, verify, and validate converted or replaced platforms, applications, databases, and utilities. Test the performance, functionality, and integration of converted or replaced platforms, applications, databases, utilities, and interfaces in an operational environment. • Implementation—Implement converted or replaced platforms, applications, databases, utilities, and interfaces. Implement data exchange contingency plans, if necessary. In addition to following the five phases described, the Year 2000 program should also be planned and managed as a single large information system development effort. Agencies should promulgate and enforce good management practices on the program and project levels. 2 Year 2000 Computing Crisis: An Assessment Guide (Exposure Draft) (GAO/AIMD-10.1.14, February 1997). 3 Department of Defense Year 2000 Management Plan (Version 1.0, April 1997). Page 6 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 According to DFAS officials, they have been working on the Year 2000 issue Current Status of since 1991, although the Year 2000 program did not officially begin until DFAS Year 2000 March 1996.4 As of April 1997, DFAS was tracking 216 systems for Year 2000 Efforts purposes: 71 of the 216 were to be renovated to become Year 2000 compliant, 79 were expected to be replaced by migration or interim migration systems, and 66 were designated by DFAS as already compliant.5 Of the 71 systems DFAS expects to make compliant through renovation, 32 were reported as being in the assessment phase, 36 were in the renovation phase, one was in the implementation phase, and two systems did not show a phase. DFAS has estimated that it will cost $33.7 million to renovate its systems, which contain about 63 million lines of code, to meet Year 2000 requirements. DFAS has taken a number of positive steps to ensure that its personnel are fully aware of the impact should DFAS finance and accounting systems not be compliant at the turn of the century. During the awareness phase, DFAS developed a Year 2000 strategy that adopts the five-phased approach of awareness, assessment, renovation, validation, and implementation. The strategy, which is embedded in DFAS’ written executive plan, establishes accountability for Year 2000 systems compliance from DFAS headquarters management to individual system/program managers at the center level. The Deputy Director for Information Management, who serves as the DFAS Chief Information Officer (CIO), is responsible for managing the Year 2000 program, and overseeing efforts to ensure that all DFAS systems are Year 2000 compliant by December 31, 1998, and within existing funding. As of April 1997, DFAS had taken the following actions as part of its efforts to address the Year 2000 problem: • established a Year 2000 systems inventory, • prepared cost estimates for systems to be renovated, • instituted a quarterly Year 2000 status reporting process, • appointed a project manager to provide Year 2000 guidance and track Year 2000 progress, and • established a Year 2000 certification program that defines the conditions that must be met for automated systems to be considered as Year 2000 compliant. 4 DOD has instituted a decentralized approach whereby individual components are responsible for implementing their own year 2000 programs. 5 As of April 1997, none of the 66 systems that DFAS reported as being compliant had been validated. As of July 1997, DFAS officials informed us that 9 systems had been certified, however, we did not review these certifications. Page 7 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 DFAS has also performed and documented an analysis of personal computers and workstations, which covered the Year 2000 hardware problems, test procedures and results, and corrective actions. The results of the analysis were provided to DFAS centers for use in testing their hardware. As of April 1997, DFAS reported that over one-third of its nearly 20,000 personal computers had been tested, and that only about 1 percent were found to have been noncompliant. The DFAS Deputy Director for Information Management expects to replace those personal computers that failed the Year 2000 test with compliant computers during the normal equipment upgrade cycles prior to the year 2000. In addition, DFAS has reported that it has entered its major accounting and financial information systems into DOD’s Defense Integration Support Tools (DIST) database. DIST is the database that DOD uses to track its information systems and it is intended to facilitate the Year 2000 effort through its identification of functional systems interfaces and data exchange requirements.6 DFAS has taken numerous positive actions during the Year 2000 awareness Additional Year 2000 and assessment phases. However, DFAS is moving forward into renovation, Emphasis and Actions testing, and validation—the more difficult and complex phases of Year Are Needed 2000 correction—without fully addressing some critical steps associated with the assessment phase. Specifically, DFAS has not • identified, in its Year 2000 plan, all critical tasks for achieving its objectives or established milestones for completing all tasks, • performed formal risk assessments of all systems to be renovated and ensured that contingency plans are in place in the event that renovations are not completed in time or if systems fail to operate properly, • identified all systems interfaces and only a fraction of written interface agreements have been finalized with interface partners, and • adequately planned to ensure that testing resources are available when needed. DFAS’ risk in these areas is increased due to its dependence on the military services and other Defense agencies, such as DISA, to ensure that their systems and related operating environments are Year 2000 compliant. DFAS will need to work closely with these organizations to ensure that system 6 DISA acknowledges that, while it has initiated actions to improve the integrity of DIST information, DIST currently is not a reliable and accurate tool for managing the year 2000 effort. Page 8 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 renovations are performed, interface agreements are completed, and proper and timely test environments are provided. If its systems are not operational at the year 2000, DFAS’ ability to pay military and civilian personnel, retirees and annuitants, and Defense contractors and vendors could be severely impacted. In turn, DFAS’ ability to interact with other DOD components that both provide and use financial data could be jeopardized. Comprehensive Planning The Year 2000 program is expected to be the largest and most complex for Year 2000 Program system conversion effort undertaken by federal agencies. Due to the Needed complexities and scope of the Year 2000 problem, it is critical that agencies develop comprehensive plans that establish schedules for all tasks and phases of the Year 2000 program, set reporting requirements, assign conversion or replacement projects to Year 2000 project teams, provide measures for assessing performance, and anticipate the need for risk assessments and contingency plans. DFAS has issued a high-level Year 2000 executive plan that sets forth its strategy and approach. The plan covers four general areas that DFAS believes will ensure its ability to meet the Year 2000 challenge as follows. • Ensure that DFAS personnel are aware of the Year 2000 problem by establishing Year 2000 points of contact at multiple organization levels, participating in the DOD Year 2000 Working Group, and distributing Year 2000 information. • Assess the impact of Year 2000 on DFAS by establishing a systems inventory, replacing systems rather than renovating systems unless impacted prior to replacement, and developing systems as Year 2000 compliant. • Ensure that DFAS systems are Year 2000 compliant and handle renovations through standard configuration management procedures. Establish responsibility at various levels of the organization—program/system manager, center director and headquarters deputy director, and Deputy Director for Information Management—for achieving Year 2000 compliance. • Track Year 2000 progress by creating a quarterly consolidated progress report by system that contains information on each system’s Year 2000 efforts, such as target implementation date, interface information, and percentage of completion. Our review of DFAS’ Year 2000 plan disclosed that the plan includes a number of positive actions that are consistent with our assessment guide Page 9 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 and DOD’s management plan. For example, the plan assigns responsibility for achieving Year 2000 compliance, sets forth reporting requirements, and establishes an overall Year 2000 compliance date. However, the plan does not address all phases of the Year 2000 problem, specifically the actions that will be needed during the validation (testing) and implementation phases. The plan also does not establish schedules for completing each phase of the Year 2000 program or milestones for meeting critical tasks under each phase, such as identifying system interfaces and securing interface agreements, preparing contingency plans, defining requirements for and establishing operational Year 2000 compliant test facilities, completing tests of personal computers and servers, or identifying performance measures for evaluating DFAS and center-level progress. DFAS officials have informed us that, while this step is not included in its Year 2000 plan, its system/program managers are now required to have all systems interfaces identified and written interface agreements completed by September 30, 1997, and all personal computers tested by December 31, 1997. Without comprehensive planning of the Year 2000 project, DFAS runs the risk that it will not have the information to make proper decisions or that necessary tasks will not be addressed in a timely manner. For example, it is important that DFAS establish time frames for completing specific tasks under the Year 2000 program that can be used by DFAS Year 2000 managers as indicators to gauge the progress of individual systems. Equally important is the need to formalize what DFAS managers expect to accomplish during each phase of the Year 2000 effort and within what time frames. For instance, if DFAS system managers have performed system renovations to become Year 2000 compliant, but planning was not conducted early in the process to ensure that adequate test resources or facilities would be available, DFAS runs the risk of systems failure if systems are left untested, or the loss of flexibility to pursue other alternatives before the year 2000. Greater Emphasis Needed DFAS has initiated actions to require contingency planning for on Assessing Risks and noncompliant systems that are at risk of not being replaced prior to impact Planning for Contingencies of the year 2000. However, it has not extended its contingency planning to cover systems being renovated as Year 2000 compliant that may not operate at the turn of the century. Contingency plans are important because they identify the alternative activities, which may include manual and contract procedures, to be employed should critical systems fail to meet their Year 2000 deadlines. DOD’s Year 2000 Management Plan and our Page 10 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 Year 2000 Assessment Guide call on agencies to initiate realistic contingency plans during the assessment phase for critical systems and activities to ensure the continuity of their core business processes. From an overall agency perspective, DFAS has a Corporate Contingency Plan, which was recently updated in May 1997, that establishes policies, programs, and procedures and assigns responsibilities for the contingency planning process. The plan discusses various possible threats to DFAS activities, but does not specifically address potential year 2000 system failures, nor does it require DFAS managers to include year 2000 failures as part of the updated plan. DFAS has adopted a strategy for making all systems impacted by the Year 2000 compliant that includes (1) replacing legacy systems with compliant migration or interim migration systems and (2) renovating systems expected to be operational on and after the year 2000. However, DFAS’ strategy has two inherent risks. First, because of delays in implementing some migration or interim migration systems, all legacy systems that are expected to be replaced may not be replaced prior to the year 2000. Second, systems being renovated to be compliant may not be completed as scheduled, and renovated systems and those systems DFAS believes to already be compliant, may not correctly operate at the turn of the century. Although DFAS has begun taking steps to address alternative actions if migration systems are delayed, DFAS’ overall Year 2000 strategy has not required managers to address alternative actions should systems not operate correctly at the turn of the century. If this latter risk is not addressed and various critical applications fail to operate properly near to or at the turn of the century because of Year 2000 problems, DFAS will encounter interruptions to its accounting and financial activities with no clear alternative actions to help ensure continuity of operations. DFAS Has Begun Planning for DFAS is relying on the success of the DOD migration program to solve a Contingencies Should Legacy significant portion of its Year 2000 problem. DFAS’ April 1997 quarterly Systems Not Be Replaced status report indicates that about 80 existing legacy systems are to be replaced with 27 interim migration and migration systems, and several COTS systems. The DOD migration program, however, has a long history of problems,7 including missed milestones. Our current work has shown that many of DFAS’ legacy systems had not been replaced according to projected plans. Also, in some instances, replacement decisions had not 7 Our reports Defense IRM: Critical Risks Facing New Materiel Management Strategy (GAO/AIMD-96-109, September 6, 1996) and Defense IRM: Strategy Needed for Logistics Information Technology Improvement Efforts (GAO/AIMD-97-6, November 14, 1996), among others, point out numerous weaknesses in Defense’s migration strategy that impacted the timely development of replacement systems and the legacy systems they were to replace. Page 11 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 been finalized because of concerns over incorporating the legacy system requirements into the migration or interim migration systems. To assess the likelihood that systems already scheduled to be replaced would be replaced as planned, we identified 18 systems from DFAS’ October 1996 Year 2000 quarterly report that were scheduled for replacement or termination by January 1997 (see appendix II for the number of systems not replaced or terminated by location). Of those 18 systems, we found that 11 had not been replaced or terminated as planned. While these systems could incur additional slippage and still be replaced before being impacted by the Year 2000 problem, DFAS’ ability to meet tight deadlines for replacing systems may well become more difficult as the need for technical staff and resources increase for Year 2000 activities. One example of this problem is the deployment of the Standard Accounting and Reporting System (STARS). STARS is a DFAS interim migration system intended to replace eight noncompliant legacy accounting systems before the year 2000. In September 1996,8 we reported that the STARS migration project had experienced a number of problems over the years, including incomplete planning, missed milestones, and budget overruns. One specific system that was to have been replaced by STARS in January 1997 is the Naval Civilian Engineering Laboratory Financial Management Data System (NCEL-FMDS). However, as of April 1997, DFAS reported that NCEL-FMDS would be replaced by a COTS system by August 1997. Another system—the U.S. Naval Academy Trust Fund Accounting System (NTFAS)9—was to have been replaced by STARS as of December 1996. While the April 1997 DFAS Year 2000 quarterly status report shows that a date for replacing NTFAS with STARS had yet to be determined, recent discussions with DFAS personnel indicate that NTFAS had been terminated. At the time of our report, DFAS had not provided documentation to support this assertion. DFAS recognizes the concern that some migration and interim migration systems may be delayed, and has begun actions to renovate some legacy systems that were originally designated for replacement. DFAS has also required its systems managers, for all systems to be replaced, to assess and report the risk—using a high-; medium-; or low-risk designation—of 8 DOD Accounting Systems: Efforts to Improve System for Navy Need Overall Structure (GAO/AIMD-96-99, September 30, 1996). 9 According to DFAS, NCEL-FMDS and NTFAS are Navy systems that are being monitored by DFAS because they are sources of financial information and because they were scheduled to be replaced by STARS—a DFAS interim migration system. Page 12 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 their systems not being replaced prior to being impacted by Year 2000 problems. Systems managers for all systems to be replaced that were designated as having a high or medium risk are to have prepared plans identifying how they intend to fix the Year 2000 problem. Beginning in July 1997, DFAS reports that it intends to start monitoring the existence of these systems plans through its quarterly reporting process. Further, DFAS also intends to begin tracking other information that should help it make decisions as to whether to renovate, or take other alternative actions, for additional legacy systems that are now expected to be replaced. For example, systems managers will be required to report the latest possible start date to initiate a system renovation that would still allow them to meet the compliance deadline. This requirement calls for having contingency plans in place for over 80 percent of the systems to be replaced. However, because of the uncertainty associated with the implementation of DFAS’ migration systems, potentially there are still gaps that may necessitate DFAS extending this requirement to all systems scheduled to be replaced that support critical operations or provide data to those systems. Potential Operational Failures The year 2000 represents a great potential for operational failure to DFAS Need to Be Better Addressed that could adversely impact its core business processes as well as those of entities that depend on DFAS for accounting and financial reporting. To mitigate this risk of failure, our assessment guide and DOD’s management plan suggest that agencies perform risk assessments and prepare realistic contingency plans that identify alternatives to ensure the continuity of core business processes in the event of a failure. These alternatives could include performing automated functions manually or using the processing services of contractors. While DFAS managers have begun preparing contingency plans for legacy systems that may not be replaced by compliant systems prior to the year 2000, the DFAS Year 2000 strategy does not require managers to assess risk, or plan for contingencies, if systems being renovated fail to operate at the year 2000. Also, the recently updated DFAS Corporate Contingency Plan does not require managers to address contingencies for a potential Year 2000 failure. DFAS needs this protection to ensure that, in the event of an operational failure, major functional activities are not disrupted at the year 2000. DFAS currently has identified 71 systems that it plans to make compliant through renovation, and an additional 66 systems that are reported as being compliant, but have not yet been fully tested in a Year 2000 operating environment. Although the DFAS Year 2000 program calls for these systems to eventually be validated prior to implementation, even Page 13 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 with a structured process for assessing systems’ compliance, DFAS systems are still at risk that unanticipated operational failure could occur. In addition, DFAS systems interact with many DOD component and military service systems, and as a result, an operational failure in one system or process would not only impact functions these systems currently perform but could also impact other related activities. Because many of the continuity of operation alternatives that traditionally apply to threats, such as back-up processing sites, cannot be relied upon to address Year 2000 issues, it is important that DFAS’ functional and technical managers have policies and procedures in place to ensure that critical activities can be performed in the event of system failure. The absence of good contingency planning increases DFAS’ risk that its operations could be disrupted. System Interfaces Present The success of DFAS finance and accounting operations hinges on the Challenges proper and timely exchange of data with others. DFAS systems interface internally with hundreds of other DFAS systems and externally with military services, Defense components, and various federal government systems. DFAS receives an estimated 80 percent of the data it uses in its finance and accounting processes from non-DFAS systems. It is critically important during the Year 2000 effort that agencies protect against the potential for introducing and propagating errors from one organization to another and ensure that interfacing systems have the ability to exchange data through the transition period. This potential problem may be mitigated through formal agreements between interface partners that describe the method of interface and assign responsibility for accommodating the exchange of data. DOD’s Year 2000 Management Plan places responsibility on component heads or their designated Year 2000 points of contact to document and obtain system interface agreements in the form of memorandums of agreement (MOA) or the equivalent. DFAS’ Year 2000 strategy calls for its system managers to identify interfaces for all systems that are to be renovated for Year 2000 compliance and to obtain written MOAs between interface partners. System managers also are required to identify the number of internal and external systems interfaces10 and the number of interfaces that are covered by MOAs and include this as part of the DFAS Year 2000 quarterly reporting process. The number of interfaces not impacted by the Year 2000 problem are also reported separately for each system. 10 An internal interface transfers data between two DFAS-owned systems, whereas an external interface transfers data between a DFAS-owned and a non-DFAS-owned system. Page 14 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 As of April 1997, DFAS reported that system/program managers had identified 904 internal and external interfaces that are affected by the year 2000 problem, although managers still had not identified all interfaces. Of the 904 system interfaces that had been identified, 451 were reported as internal interfaces and 453 were identified as external interfaces. According to DFAS, written MOAs, covering how and when the interfaces are to be accomplished, had been completed for only 230 of the system interfaces. DFAS’ quarterly report shows that significantly less progress has been made in securing written MOAs for external system interfaces than for those internal to DFAS. Of the 230 completed MOAs, only 82 were with external interface partners. DFAS officials have set September 30, 1997, as the deadline for securing all MOAs, both internal and external, with interface partners. While the number of interfaces is a major Year 2000 concern to DFAS, the importance and complexity of the interface issue is compounded due to DFAS’ use of different strategies11 for making systems Year 2000 compliant. DFAS reports that about one-third of the systems it plans to renovate are using procedural code12 or sliding windows13 as the predominate strategies for becoming Year 2000 compliant. As such, the use of different strategies in systems that exchange data through interfaces may require the use of bridging.14 With these strategies, each interface partner will have to clearly understand the logical date interpretations that each is using to ensure that the appropriate century is applied when exchanging two-digit year data. Additional monitoring and oversight may be necessary to ensure that compliant date strategies that depend on date logic are implemented correctly. Timely and complete information on all system interfaces that may be affected by Year 2000 changes is critical to the success of DFAS’ Year 2000 compliance program. The amount of work required to coordinate the data 11 DOD has identified three strategies—field expansion, procedural code, and sliding windows—for purposes of renovating noncompliant systems. Field expansion increases the size of the date field generally from a two-digit year to a four-digit year. Procedural code and sliding windows derive the correct century based on the two-digit year. 12 Procedural code is code which derives the correct century based on the two-digit year (e.g., any year smaller than year 50 is a 2000 date, and any year 50 or larger is a 1900 date). 13 Sliding windows are similar to procedural code in that they derive the correct century based on the two-digit year, but the numeric constant used to determine the century changes each year. Using the procedural code example above, in the current year, 50 or larger would be a 1900 date, while next year, 51 or larger would be a 1900 date. 14 Bridging involves receiving information in one format, modifying it, and outputting it in another format, such as receiving the year in a two-digit format, adding century information through the use of an algorithm, and writing the output with a four-digit year. Page 15 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 being exchanged between systems must be known as early as possible, and documented in written MOAs, in order that DFAS may complete maintenance schedules, allocate resources, plan testing, and schedule implementation. Additional Focus Needed We expect that agencies may need over a year to adequately validate and on Systems Testing test converted or replaced systems for Year 2000 compliance, and that the testing and validation process may consume over half of the Year 2000 program resources and budget. While DFAS technical managers have performed certain Year 2000 tests of individual systems as part of their normal software maintenance processes, DFAS has not yet performed sufficient planning to ensure that all necessary testing will be conducted prior to Year 2000 impact. Also, some systems that DFAS has designated as already compliant had not been fully tested to support that assertion. Our assessment guide calls on agencies to develop validation strategies and test plans, and to ensure that resources, such as facilities and tools, are available to perform adequate testing. During the assessment phase, DFAS had not yet developed test plans for all systems it plans to have operational at the year 2000, including those systems to be renovated and those already classified as compliant. DFAS also had not yet defined what Year 2000 test facilities it expected to use and ensured their availability. Much of DFAS’ testing is dependent upon others to provide the needed assurances that systems are Year 2000 compliant. For example, about 40 percent of DFAS’ systems are technically maintained by central design activities (CDAs) that are managed by another Defense component or a military service. These activities are likely to have differing processes for conducting system testing. Also, before DFAS managers can be assured that systems under their responsibility are compliant, the systems will need to be tested in an operating environment using a Year 2000 compliant operating system. DISA is responsible for providing a Year 2000 compliant operating environment and resources for testing systems, including many DFAS systems, at DISA megacenters. DFAS will also need assurances from vendors that its COTS applications are Year 2000 compliant. While DFAS’ recent establishment of a certification program should provide additional assurance that systems have been tested, the program will need to be properly implemented at all locations. Without planning for the proper and timely testing of all systems, DFAS runs the risk of potential contamination to systems data or interference with the operation of production systems. Page 16 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 Systems Asserted as Compliant On the basis of our analysis, we found that DFAS had not performed Have Not Been Fully Tested adequate testing to assert that its compliant systems are capable of transitioning into the year 2000. According to the DFAS April 1997 quarterly status report, 66 of its 216 systems tracked for Year 2000 purposes are classified as compliant. DFAS’ compliant systems can be grouped into four categories: already converted, not date sensitive, under development, and compliant COTS products. To determine if DFAS had a sufficient basis for asserting Year 2000 compliance, we selected six systems that DFAS had designated as compliant and reviewed supporting documentation provided by technical managers for three of the six that were identified as already converted. The remaining three systems were either in the process of being developed Year 2000 compliant or deemed to not be date sensitive. Managers of the already converted, compliant systems we spoke with indicated that they had performed some tests on the transfer and storage of dates, but had not completed all Year 2000 compliance tests. For example: • A technical manager for the Defense Transportation Pay System (DTRS) stated that system integration tests15 to input four-digit year data from a keyboard entry and from an electronic entry had been performed. However, system acceptance tests16 to determine Year 2000 compliance had not been performed at the time of our review. • A technical manager for another compliant system—the Uniform Microcomputer Disbursing System (UMIDS)—indicated that the system had already been converted to accommodate the year 2000, and that some testing had been performed. All systems tests, however, including those to determine if UMIDS could operate in a Year 2000 environment with its interfaces, were not scheduled to be completed until fall 1997. • A technical manager of another system reported as compliant—the Standard Army Financial Inventory Accounting and Reporting System-MOD (STARFIARS-MOD)—stated that this system could not be completely tested until a Year 2000 compliant compiler for Ada17 was available. On April 11, 1997, the DFAS Deputy Director for Information Management issued guidance for establishing a Year 2000 automated information 15 System integration tests are designed to determine if related information system components perform to specification, such as verifying that computer programs operate with equipment, subsystems, and other systems. 16 System acceptance tests are formal tests designed to determine whether or not the software end product is valid and represents what was specified by the customer. 17 Ada is a powerful software programming language that was developed under DOD’s sponsorship and used extensively in many of its systems. Page 17 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 system certification program. The intent of the certification program is to define conditions, through completion of a certification checklist, that must be met in order that systems can be considered as Year 2000 compliant.18 Under the certification program, systems identified in DFAS’ Year 2000 quarterly status report as to be renovated, being developed compliant, and compliant, are to be certified. System/program managers are to complete the certification no later than 1 month after a system acceptance test is performed and the system is deemed compliant. The certification checklist requires signatures of the technical manager responsible for performing system changes, the system/program manager responsible for ensuring that the system is compliant, and the center director or headquarters deputy director responsible for Year 2000 compliance of all systems at their respective locations. Because the certification program had only recently been established, we were unable to assess to what extent it had been implemented, and therefore, how well the process was working. If implemented effectively and consistently, the process should provide DFAS a more reliable basis for asserting compliance of its systems. Systems Still Need To Be DFAS systems have not been tested for their ability to operate in a Tested With Compliant compliant Year 2000 environment because DISA has not installed Year 2000 Operating System compliant operating systems. DISA plans to upgrade its large-scale IBM and Unisys operating systems to be Year 2000 compliant over the next 2 years. For example, DISA and DFAS plan to incrementally implement the new IBM OS/390 operating system and make necessary conversions to existing applications from April 1997 to October 1998. Once implementation is completed for a particular domain, system testing can begin. About 45 DFAS systems, many of which are processed on mainframes, are classified as already converted, compliant, or not date sensitive, but still need to be tested to ensure that they do not encounter problems with the new operating system. No Process for Ensuring COTS DFAS has not defined a validation process for ensuring that its COTS Compliance applications are Year 2000 compliant. Since most suppliers of COTS software do not disclose their source code or the internal logic of their products, testing should be complemented by a careful review of warranties and/or guarantees. At the time of our review, DFAS had not 18 As of June 19, 1997, DFAS updated its certification program to include two certification levels. Certification level 1 is an interim certification where a system may be considered to be compliant, but one or more of its interface agreements may not be completed. In order to meet certification level 2, a system must be fully compliant and be operating in accordance with interface agreements. For systems to achieve both certification levels, all necessary systems testing must be completed. Page 18 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 required the testing of COTS applications that are being reported as compliant. Although systems managers had been given responsibility for obtaining written assurances from their vendors that COTS products are compliant, no documentation had been obtained to provide these assurances. Without an effective validation process for assuring COTS Year 2000 compliance, DFAS runs the risk that these applications will not operate correctly in the future. While initial progress has been made, there are several critical issues Conclusions facing DFAS, that if left unaddressed, may well result in the failure of its systems to operate at the year 2000. As the accounting arm of DOD, DFAS has a responsibility to its customers to ensure that its systems support their needs and produce accurate, reliable, and timely financial information on the results of DOD’s operations. At the same time, its operations hinge on the ability of systems belonging to the military services and other components to be Year 2000 compliant. Additionally, DFAS is dependent on numerous central design activities that are not under its control to perform Year 2000 renovations to many of its systems. Although DFAS managers have recognized the importance of solving Year 2000 problems in their systems, to reduce the risk of failure with its own Year 2000 effort, it is critically important that DFAS take every measure possible to ensure that it is well-positioned to deal with unexpected problems and delays. This includes promptly implementing Year 2000 project and contingency planning as well as addressing critical systems interfacing and testing issues. We recommend that you direct the DFAS Deputy Director for Information Recommendations Management to: • Build upon the existing DFAS project plan to ensure that it identifies the actions and establishes the schedules for completing each phase of the Year 2000 program, including the validation (testing) and implementation phases. The plan should also identify the milestones for meeting critical tasks under each phase, such as identifying system interfaces and securing interface agreements, preparing contingency plans, defining requirements for and establishing operational Year 2000 compliant test facilities, completing tests of personal computers and servers, and identifying performance measures for evaluating DFAS and center-level progress. • Ensure that DFAS’ Corporate Contingency Plan addresses the Year 2000 crisis and provides guidance for ensuring continuity of operations. The Page 19 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 guidance should require DFAS managers to perform risk assessments and prepare contingency plans for all critical systems impacted by the year 2000 and for all noncritical systems impacted by the year 2000 that provide data to critical systems. Specifically, risk assessments and contingency plans should be required for all critical systems, including the identification of alternatives in the event that (1) replacement systems are not available, (2) systems to be renovated are not completed, and (3) systems fail to operate as intended prior to Year 2000 impact. • Require the timely identification of all internal and external systems interfaces and the completion of signed, written interface agreements that describe the method of data exchange between interfacing systems, the entity responsible for performing the system interface modification, and milestones identifying when the modification is to be completed. • Require the full implementation of the recently established Year 2000 certification process and ensure that Year 2000 compliance is predicated on testing all systems, including COTS applications and personal computers and servers. • Devise a testing schedule that identifies the test facilities and resources needed for performing proper testing of DFAS systems to ensure that all systems can operate in a Year 2000 environment. In written comments on a draft of this report, the Office of the Under Agency Comments Secretary of Defense (Comptroller) concurred with all of our and Our Evaluation recommendations to improve the DFAS Year 2000 program. In response to our recommendations, DFAS agreed to update its existing Year 2000 Executive Plan to ensure that it identifies the actions and establishes the schedules for completing each phase of the Year 2000 program, including the validation (testing) and implementation phases, and the milestones for meeting critical tasks under each phase. DFAS also agreed to update its Corporate Contingency Plan to require a risk assessment and business impact analysis of all mission critical systems and critical direct support systems for the Year 2000 crisis, including the addition of requirements to test critical systems for Year 2000 compliance and to identify contingency strategies for dealing with noncompliant situations. In addition, DFAS agreed to have all written interface agreements with interface partners in place by September 30, 1997, and to implement its Year 2000 certification process for ensuring all systems are compliant. Further, DFAS agreed to develop a testing schedule that identified the test facilities and resources needed for performing proper testing of DFAS systems to ensure those systems can operate in a Year 2000 environment. Page 20 GAO/AIMD-97-117 DFAS Year 2000 Challenges B-276288 DFAS pointed out that it is working closely with DISA to coordinate the implementation of the Year 2000 environment, since DFAS is dependent on DISA to actually install and operate that environment. The full text of DOD’s comments are provided in appendix III. This report contains recommendations to you. Within 60 days of the date of this report, we would appreciate receiving a written statement on actions taken to address these recommendations. We appreciate the courtesy and cooperation extended to our audit team by DFAS officials and staff. We are providing copies of this letter to the Chairman and Ranking Minority Member of the Senate Committee on Governmental Affairs; the Chairmen and Ranking Minority Members of the Subcommittee on Oversight of Government Management, Restructuring and the District of Columbia, Senate Committee on Governmental Affairs, and the Subcommittee on Government Management, Information and Technology, House Committee on Government Reform and Oversight; the Honorable Thomas M. Davis, III, House of Representatives; the Deputy Secretary of Defense; the Acting Under Secretary of Defense (Comptroller); the Assistant Secretary of Defense (Command, Control, Communications and Intelligence); the Director of the Office of Management and Budget; and other interested parties. Copies will be made available to others upon request. If you have any questions on matters discussed in this letter, please call me at (202) 512-6240 or Ronald B. Bageant, Assistant Director, at (202) 512-9498. Major contributors to this report are listed in appendix IV. Sincerely yours, Jack L. Brock, Jr. Director, Defense Information and Financial Management Systems Page 21 GAO/AIMD-97-117 DFAS Year 2000 Challenges Contents Letter 1 Appendix I 24 DFAS Systems Reviewed Appendix II 27 DFAS Systems That Were Not Replaced or Terminated as Scheduled in January 1997 Appendix III 28 Comments From the Department of Defense Appendix IV 31 Major Contributors to This Report Page 22 GAO/AIMD-97-117 DFAS Year 2000 Challenges Contents Abbreviations CDA central design activities CIO Chief Information Officer COBOL Common Business Oriented Language COTS commercial-off-the-shelf DFAS Defense Finance and Accounting Service DISA Defense Information Systems Agency DIST Defense Integration Support Tools DOD Department of Defense DTRS Defense Transportation Pay System FSA Financial Systems Activity IBM International Business Machines, Inc. MOA Memorandums of Agreement NCEL-FMDS Naval Civilian Engineering Laboratory Financial Management Data System NTFAS U.S. Naval Academy Trust Fund Accounting System STARFIARS-MOD Standard Army Financial Inventory Accounting and Reporting System-MOD STARS Standard Accounting and Reporting System UMIDS Uniform Microcomputer Disbursing System Page 23 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix I DFAS Systems Reviewed Year 2000 phase as of Organization acronym - name System classification January 1997 Lines of code DFAS- Headquarters 1 DCPS - Defense Civilian Pay System To be renovated Renovation 944,000 2 DJMS-AC - Defense Joint Military Pay System-Active Component To be renovated Renovation 5,134,069 3 DJMS-RC - Defense Joint Military Pay System-Reserve Component To be renovated Renovation 1,211,947 4 MCTFS - Marine Corps Total Force System To be renovated Renovation 2,532,973 5 DFAS Order Writer To be replaced N/A 58,556 6 CMIS - Configuration Management To be renovated Information System (reengineering) Renovation 223,744 DFAS-Indianapolis 7 HQARS - Headquarters Accounting and Reporting System To be replaced N/A 1,710,000 8 SOMARDS - Standard Operations and Maintenance, Army R&D System To be renovated Assessment 950,000 9 SIFS - Standard Industrial Fund System To be renovated Renovation 3,400,000 10 NAFCPS - Non-appropriated Funds Civilian Payroll System To be renovated Assessment 305,000 11 NAFISS - Non-appropriated Funds Information Standard System To be replaced N/A 200,000 12 CEFMS - Corps of Engineers Financial To be renovated Management System (reengineering) Assessment 2,250,000 13 PBAS-FD - Program and Budget Accounting System - Fund Distribution To be renovated Assessment 1,600,000 14 STARFIARS-MOD - Standard Army Financial Inventory Accounting and Reporting System - MOD Compliant N/A 840,000 15 SRD-1 - Standard Finance System -Redesign (Subsystem 1) To be renovated Renovation 1,800,000 16 COA Host - Controller of the Army Host To be replaced Terminated 9,272,500 17 EDMS - Electronic Document Management System - Loss and Damage To be renovated Assessment 40,000 18 ADARS - Automated Drill Attendance Reporting System To be replaced Transferred to Army N/R 19 JUSTIS - Jumps Terminal Input System To be replaced Transferred to Army N/R 20 TAXMRI - Tax Machine Readable Input To be replaced N/A N/R 21 UCS - Unemployment Compensation System Compliant N/A N/R 22 DTRS - Defense Transportation Pay System Compliant N/A 360,000 23 TD&RS - Transportation Disbursing and Reporting System To be replaced N/A 156,000 (continued) Page 24 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix I DFAS Systems Reviewed Year 2000 phase as of Organization acronym - name System classification January 1997 Lines of code 24 STARFIARS - Standard Army Financial Inventory Accounting and Reporting System To be replaced N/A 200,500 25 CAPS - Computerized Accounts Payable To be renovated System (reengineering) Renovation 57,000 26 STARCIPS - Standard Army Civilian Payroll System To be replaced N/A 208,430 27 SNIPS - Standard Negotiable Instrument Processing System To be replaced N/A 118,000 28 CRISPS - Consolidated Return Items Stop Payment System To be replaced N/A 57,000 29 STANFINS - Standard Financial System To be renovated Assessment 675,000 30 TUFMIS - Tactical Unit Financial Management Information System To be replaced N/A 35,000 DFAS-Denver: 31 DIFS - Defense Integrated Financial System To be renovated Assessment 1,843,041 32 CMCS - Case Management Control System - Accounting Segment To be renovated Assessment 1,833,748 33 GAFS - General Accounting and Finance System - Base Level To be renovated Assessment 975,000 34 SMAS - Standard Material Accounting System To be renovated Assessment 1,300,000 35 DRAS-APS - Defense Retiree and Annuitant Pay System - Annuitant To be renovated Renovation 921,751 36 SOF - Status of Funds System To be renovated Assessment 321,000 37 DCMS - Departmental Cash Management Compliant - being System developed N/A N/R 38 MAFR - Merged Accountability and Fund Reporting System To be replaced N/A 262,316 DFAS-Cleveland 39 NIFMS - NAVAIR Industrial Financial Management System To be renovated Renovation 2,568,018 40 FCS China Lake To be replaced N/A 3,000,000 41 STARS - Standard Accounting and 3,706,000 + new Reporting System To be renovated Assessment development 42 DFRRS - Departmental Financial Reporting Compliant - being and Reconciliation System developed N/A N/R 43 SYMIS - Shipyard Management Information System To be renovated Assessment 1,733,000 44 RIMS - Real Time Integrated Management System To be renovated Assessment 3,300,000 45 NRDPS - Naval Reserve Drill Pay System To be replaced N/A 231,000 (continued) Page 25 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix I DFAS Systems Reviewed Year 2000 phase as of Organization acronym - name System classification January 1997 Lines of code 46 UMIDS - Uniform Microcomputer Disbursing System Compliant N/A 430,000 47 DRAS-RCP - Defense Retiree and Annuitant Pay System - Retiree To be renovated Renovation 743,000 48 NJUMPS - Navy Joint Uniform Military Pay System To be replaced N/A 1,250,000 Totals Headquarters = 6 < than 1 m= 24 Indianapolis = 24 To be renovated= 25 1 m to 3 m=12 Denver = 8 To be replaced = 17 Assessment = 14 > than 3 m = 6 Cleveland = 10 Compliant = 6 Renovation = 11 Unknown = 6 Total = 48 Total = 48 Total = 25 Total = 48 Note: N/A = Not applicable; N/R = Not reported Source: DFAS Year 2000 Quarterly Status Report as of January 10, 1997. Page 26 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix II DFAS Systems That Were Not Replaced or Terminated as Scheduled in January 1997 Systems that were to be Systems that were not replaced or terminated as of replaced or terminated as of DFAS Center January 1997 January 1997 Cleveland (CL) 13 8 Indianapolis (IN) 3 2 Kansas City (KC) 2 1 Totals 18 11 Note: The October 1996 DFAS Year 2000 Quarterly Status Report did not list any systems to be terminated or replaced by January 1997 for DFAS-Headquarters, DFAS-Columbus, and DFAS-Denver. Source: DFAS Year 2000 quarterly status reports for October 1996 and January 1997. Page 27 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix III Comments From the Department of Defense Page 28 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix III Comments From the Department of Defense Page 29 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix III Comments From the Department of Defense Page 30 GAO/AIMD-97-117 DFAS Year 2000 Challenges Appendix IV Major Contributors to This Report Ronald B. Bageant, Assistant Director Accounting and Brian C. Spencer, Technical Assistant Director Information Brenda A. James, Senior Information Systems Analyst Management Division, Cristina T. Chaplain, Communications Analyst Washington, D.C. John A. Spence, Information Systems Analyst Denver Regional Office (511614) Page 31 GAO/AIMD-97-117 DFAS Year 2000 Challenges Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: firstname.lastname@example.org or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
Defense Computers: DFAS Faces Challenges in Solving the Year 2000 Problem
Published by the Government Accountability Office on 1997-08-11.
Below is a raw (and likely hideous) rendition of the original report. (PDF)