oversight

Year 2000 Computing Crisis: Readiness Improving But Much Work Remains to Ensure Delivery of Critical Services

Published by the Government Accountability Office on 1999-04-19.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Committee on Government Reform, House of
                          Representatives




For Release on Delivery

Expected at               YEAR 2000 COMPUTING
                          CRISIS
9 a.m.

Monday,

April 19, 1999




                          Readiness Improving But
                          Much Work Remains to
                          Ensure Delivery of Critical
                          Services
                          Statement of Joel C. Willemssen
                          Director, Civil Agencies Information Systems
                          Accounting and Information Management Division




GAO/T-AIMD-99-149
Mr. Chairman and Members of the Committee:


Thank you for inviting us to participate in today’s hearing on the Year 2000
problem. According to the report of the President’s Commission on Critical
Infrastructure Protection, the United States—with close to half of all
computer capacity and 60 percent of Internet assets—is the world’s most
                                                             1
advanced and most dependent user of information technology. Should
these systems—which perform functions and services critical to our
nation—suffer problems, it could create widespread disruption.
Accordingly, the upcoming change of century is a sweeping and urgent
challenge for public- and private-sector organizations alike.


Because of its urgent nature and the potentially devastating impact it could
have on critical government operations, in February 1997, we designated
                                                                      2
the Year 2000 problem as a high-risk area for the federal government.
Since that time, we have issued over 90 reports and testimony statements
detailing specific findings and numerous recommendations related to the
                                                        3
Year 2000 readiness of a wide range of federal agencies. We have also
                                                                      4
issued guidance to help organizations successfully address the issue.


Today, I will highlight the Year                2000 risks facing the nation, discuss the
federal government’s progress and remaining challenges in correcting its
systems, identify state and local government Year 2000 issues, and provide
an overview of the available information on the readiness of key public
infrastructure and economic sectors.




1
    Critical Foundations:   Protecting America's Infrastructures   (President's Commission on Critical

Infrastructure Protection, October 1997).



2
    High-Risk Series:   Information Management and Technology       (GAO/HR-97-9, February 1997).



3
    A list of these publications is included in appendix II of this statement.



4
    Year 2000 Computing Crisis: An Assessment Guide       (GAO/AIMD-10.1.14, issued as an exposure draft in

February 1997 and in final form in September 1997), which addresses the key tasks needed to complete

each phase of a Year 2000 program (awareness, assessment, renovation, validation, and implementa-

tion); Year 2000 Computing Crisis: Business Continuity and Contingency Planning          (GAO/AIMD-10.1.19,

issued as an exposure draft in March 1998 and in final form in August 1998), which describes the tasks

needed to ensure the continuity of agency operations; and        Year 2000 Computing Crisis: A Testing Guide

(GAO/AIMD-10.1.21, issued as an exposure draft in June 1998 and in final form in November 1998),

which discusses the need to plan and conduct Year 2000 tests in a structured and disciplined fashion.




Page 1                                                                                 GAO/T-AIMD-99-149
The Public Faces Risks   The public faces a risk that critical services provided by the government
                         and the private sector could be severely disrupted by the Year 2000
of Year 2000             computing problem. Financial transactions could be delayed, flights
Disruptions              grounded, power lost, and national defense affected. Moreover, America’s
                         infrastructures are a complex array of public and private enterprises with
                         many interdependencies at all levels. These many interdependencies
                         among governments and within key economic sectors could cause a single
                         failure to have adverse repercussions in other sectors. Key sectors that
                         could be seriously affected if their systems are not Year 2000 compliant
                         include information and telecommunications; banking and finance; health,
                         safety, and emergency services; transportation; power and water; and
                         manufacturing and small business.


                         The following are examples of some of the major disruptions the public and
                         private sectors could experience if the Year 2000 problem is not corrected.


                         •     With respect to aviation, there could be grounded or delayed flights,
                                                                                                                              5
                               degraded safety, customer inconvenience, and increased airline costs.
                         •     Aircraft and other military equipment could be grounded because the
                               computer systems used to schedule maintenance and track supplies
                               may not work. Further, the Department of Defense could incur
                               shortages of vital items needed to sustain military operations and
                                          6
                               readiness.
                         •     Medical devices and scientific laboratory equipment may experience
                               problems beginning January 1, 2000, if their software applications or
                               embedded chips use two-digit fields to represent the year.


                         Recognizing the seriousness of the Year 2000 problem, on February 4, 1998,
                         the President signed an executive order that established the President’s
                         Council on Year 2000 Conversion led by an Assistant to the President and
                         consisting of one representative from each of the executive departments
                         and from other federal agencies as may be determined by the Chair. The
                         Chair of the Council was tasked with the following Year 2000 roles:
                         (1) overseeing the activities of agencies, (2) acting as chief spokesperson in
                         national and international forums, (3) providing policy coordination of



                         5
                             FAA Systems:   Serious Challenges Remain in Resolving Year 2000 and Computer Security Problems

                         (GAO/T-AIMD-98-251, August 6, 1998).



                         6
                             Defense Computers:   Year 2000 Computer Problems Threaten DOD Operations     (GAO/AIMD-98-72,

                         April 30, 1998).




                         Page 2                                                                           GAO/T-AIMD-99-149
                    executive branch activities with state, local, and tribal governments, and
                    (4) promoting appropriate federal roles with respect to private-sector
                    activities.




Improvements Made   Addressing the Year 2000 problem is a tremendous challenge for the federal
                    government. Many of the federal government’s computer systems were
But Much Work       originally designed and developed 20 to 25 years ago, are poorly
Remains             documented, and use a wide variety of computer languages, many of which
                    are obsolete. Some applications include thousands, tens of thousands, or
                    even millions of lines of code, each of which must be examined for date-
                    format problems.


                    To meet this challenge and monitor individual agency efforts, the Office of
                    Management and Budget (OMB) directed the major departments and
                    agencies to submit quarterly reports on their progress, beginning May 15,
                    1997. These reports contain information on where agencies stand with
                    respect to the assessment, renovation, validation, and implementation of
                    mission-critical systems, as well as other management information on
                    items such as business continuity and contingency plans and costs.


                    The federal government’s most recent reports show improvement in
                    addressing the Year 2000 problem. While much work remains, the federal
                    government has significantly increased the percentage of mission-critical
                    systems that are reported to be Year 2000 compliant, as figure 1 illustrates.
                    In particular, while the federal government did not meet its goal of having
                    all mission-critical systems compliant by March 1999, 92 percent of these
                    systems were reported to have met this goal.




                    Page 3                                                       GAO/T-AIMD-99-149
Figure 1: Mission-Critical Systems Reported Year 2000 Compliant, May 1997-March
1999
Percent

100%

                                                                                                         92%
    90%

    80%                                                                                      79%

    70%
                                                                            61%
    60%
                                                                  50%
    50%
                                                        40%
    40%                                       35%

    30%                           27%
               21%    19%
    20%

    10%

     0%
          May-97     Aug-97       Nov-97    Feb-98     May-98    Aug-98     Nov-98      Feb-99     Mar-99

Source: May 1997 through February 1999 data are from the OMB quarterly reports. The March 1999
data are from the President’s Council on Year 2000 Conversion and OMB.


While this progress is notable, 11 agencies did not meet OMB’s deadline for
                                      7
all of their mission-critical systems. In addition, as we testified last week,
some of the systems that were not yet compliant support vital government
          8
functions. For example, among the systems that did not meet the March
1999 deadline were those operated by Health Care Financing
Administration (HCFA) contractors. As we testified in February 1999,
                                                          9
these systems are critical to processing Medicare claims.




7
    The 11 agencies were the Departments of Agriculture, Commerce, Defense, Energy, Health and Human

Services, Justice, State, Transportation, and the Treasury and the National Aeronautics and Space

Administration and the U.S. Agency for International Development.



8
    Year 2000 Computing Challenge:    Federal Government Making Progress But Critical Issues Must Still

Be Addressed to Minimize Disruptions       (GAO/T-AIMD-99-144, April 14, 1999).



9
    Year 2000 Computing Crisis:   Medicare and the Delivery of Health Services Are at Risk

(GAO/T-AIMD-99-89, February 24, 1999) and        Year 2000 Computing Crisis:   Readiness Status of the

Department of Health and Human Services         (GAO/T-AIMD-99-92, February 26, 1999).




Page 4                                                                                GAO/T-AIMD-99-149
                          Additionally, not all systems have undergone an independent verification
                          and validation process. For example, the Environmental Protection
                          Agency and the Department of the Interior reported that 57 and 3 of their
                          systems, respectively, deemed compliant were still undergoing
                          independent verification and validation. In some cases, independent
                          verification and validation of compliant systems have found serious
                                                                                10
                          problems. For example, as we testified this February,    none of HCFA’s 54
                          external mission-critical systems reported by the Department of Health and
                          Human Services as compliant as of December 31, 1998, was Year 2000
                          ready, based on serious qualifications identified by the independent
                          verification and validation contractor.




Reviews Show Uneven       While the Year 2000 readiness of the government has improved, our reviews

Federal Agency Progress   of federal agency Year 2000 programs have found uneven progress. Some
                          agencies are significantly behind schedule and are at high risk that they will
                          not fix their systems in time. Other agencies have made progress, although
                          risks continue and a great deal of work remains. The following are
                          examples of the results of some of our recent reviews.


                          •      In March 1999, we testified that the Federal Aviation Administration
                                                                                           11
                                 (FAA) had made tremendous progress over the prior year.      However,
                                 much remained to be done to complete validating and implementing
                                 FAA’s mission-critical systems. Specifically, the challenges that FAA
                                 faced included (1) ensuring that systems validation efforts are adequate,
                                 (2) implementing multiple systems at numerous facilities,
                                 (3) completing data exchange efforts, and (4) completing end-to-end
                                                                              12
                                 testing. In addition, last week we testified    that 10 of FAA’s 52
                                 noncompliant mission-critical systems are among the systems that it has
                                 identified as posing the greatest risk to the National Airspace System—
                                 the network of equipment, facilities, and information that supports U.S.
                                 aviation operations—should their Year 2000 repairs experience schedule
                                 delays or should the systems not be operational on January 1, 2000.
                                 Because of the risks associated with FAA’s Year 2000 program, we have
                                 advocated that the agency develop business continuity and contingency



                          10
                               GAO/T-AIMD-99-92, February 26, 1999.



                          11
                               Year 2000 Computing Crisis:   FAA Is Making Progress But Important Challenges Remain

                          (GAO/T-AIMD/RCED-99-118, March 15, 1999).



                          12
                               GAO/T-AIMD-99-144, April 14, 1999.




                          Page 5                                                                            GAO/T-AIMD-99-149
                                             13
                                    plans.        FAA agreed and has activities underway that we are currently
                                    reviewing.
                             •      Earlier this month, we reported that the Federal Reserve System—
                                    which is instrumental to our nation’s economic well-being since it
                                    provides depository institutions and government agencies services such
                                    as processing checks and transferring funds and securities—has
                                    effective controls to help ensure that its Year 2000 progress is reported
                                                             14
                                    accurately and reliably.    We also found that it is effectively managing
                                    the renovation and testing of its internal systems and the development
                                    and planned testing of contingency plans for continuity of business
                                    operations. Nevertheless, the Federal Reserve System still had much to
                                    accomplish before it is fully ready for January 1, 2000, such as
                                    completing validation and implementation of all of its internal system
                                    and completing its contingency plans.
                             •      Our work has shown that the Department of Defense and the military
                                                                        15
                                    services face significant problems.    In March 1999, we testified that,
                                    despite considerable progress made in the 3 months before the
                                                                                       16
                                    testimony, Defense was still well behind schedule.    We found that
                                    Defense faced two significant challenges: (1) it must complete
                                    remediation and testing of its mission-critical systems and (2) it must
                                    have a reasonable level of assurance that key processes will continue to
                                    work on a day-to-day basis and key operational missions necessary for
                                    national defense can be successfully accomplished. We concluded that
                                    such assurance can only be provided if Defense takes steps to improve
                                    its visibility over the status of key business processes.




End-to-End Testing Must Be   While it is important to achieve compliance for individual mission-critical

Completed                    systems, realizing such compliance alone does not ensure that business




                             13
                                  FAA Computer Systems:   Limited Progress on Year 2000 Issue Increases Risk Dramatically

                             (GAO/AIMD-98-45, January 30, 1998), GAO/T-AIMD-98-251, August 6, 1998, and GAO/T-AIMD/RCED-99-

                             118, March 15, 1999.



                             14
                                  Year 2000 Computing Crisis:   Federal Reserve Has Established Effective Year 2000 Management

                             Controls for Internal Systems Conversion      (GAO/AIMD-99-78, April 9, 1999).



                             15
                                  Defense Computers:   Year 2000 Computer Problems Put Navy Operations at Risk    (GAO/AIMD-98-150,

                             June 30, 1998), Defense Computers:      Army Needs to Greatly Strengthen Its Year 2000 Program

                             (GAO/AIMD-98-53, May 29, 1998), GAO/AIMD-98-72, April 30, 1998, and       Defense Computers:     Air Force

                             Needs to Strengthen Year 2000 Oversight      (GAO/AIMD-98-35, January 16, 1998).



                             16
                                  Year 2000 Computing Crisis:   Defense Has Made Progress, But Additional Management Controls Are

                             Needed (GAO/T-AIMD-99-101, March 2, 1999).




                             Page 6                                                                             GAO/T-AIMD-99-149
functions will continue to operate through the change of century—the
ultimate goal of Year 2000 efforts. The purpose of end-to-end testing is to
verify that a defined set of interrelated systems, which collectively support
an organizational core business area or function, will work as intended in
an operational environment. In the case of the year 2000, many systems in
the end-to-end chain will have been modified or replaced. As a result, the
scope and complexity of testing—and its importance—are dramatically
increased, as is the difficulty of isolating, identifying, and correcting
problems. Consequently, agencies must work early and continually with
their data exchange partners to plan and execute effective end-to-end tests
(our Year 2000 testing guide sets forth a structured approach to testing,
                               17
including end-to-end testing).


In January 1999, we testified that with the time available for end-to-end
testing diminishing, OMB should consider, for the government’s most
critical functions, setting target dates, and having agencies report against
them, for the development of end-to-end test plans, the establishment of
                                                 18
test schedules, and the completion of the tests.    On March 31, OMB and
the Chair of the President’s Council on Year 2000 Conversion announced
that one of the key priorities that federal agencies will be pursuing during
the rest of 1999 will be cooperative efforts regarding end-to-end testing to
demonstrate the Year 2000 readiness of federal programs with states and
other partners critical to the administration of those programs.


We are also encouraged by some agencies’ recent actions. For example, we
testified this March that the Department of Defense’s Principal Staff
Assistants are planning to conduct end-to-end tests to ensure that systems
that collectively support core business areas can interoperate as intended
                             19                                    20
in a Year 2000 environment.     Further, our March 1999 testimony found
that FAA had addressed our prior concerns with the lack of detail in its
draft end-to-end test program plan and had developed a detailed end-to-end
                            21
testing strategy and plans.



17
     GAO/AIMD-10.1.21, November 1998.



18
     Year 2000 Computing Crisis:   Readiness Improving, But Much Work Remains to Avoid Major

Disruptions (GAO/T-AIMD-99-50, January 20, 1999).



19
     GAO/T-AIMD-99-101, March 2, 1999.



20
     GAO/T-AIMD/RCED-99-118, March 15, 1999.



21
     GAO/T-AIMD-98-251, August 6, 1998.




Page 7                                                                           GAO/T-AIMD-99-149
Business Continuity and   Business continuity and contingency plans are essential. Without such

Contingency Plans Are     plans, when unpredicted failures occur, agencies will not have well-defined
                          responses and may not have enough time to develop and test alternatives.
Needed                    Federal agencies depend on data provided by their business partners as
                          well as on services provided by the public infrastructure (e.g., power,
                          water, transportation, and voice and data telecommunications). One weak
                          link anywhere in the chain of critical dependencies can cause major
                          disruptions to business operations. Given these interdependencies, it is
                          imperative that contingency plans be developed for all critical core
                          business processes and supporting systems, regardless of whether these
                          systems are owned by the agency. Accordingly, in April 1998, we
                          recommended that the Council require agencies to develop contingency
                                                                          22
                          plans for all critical core business processes.


                          OMB has clarified its contingency plan instructions and, along with the
                          Chief Information Officers Council, has adopted our business continuity
                                                          23
                          and contingency planning guide.    In particular, on January 26, 1999, OMB
                          called on federal agencies to identify and report on the high-level core
                          business functions that are to be addressed in their business continuity and
                          contingency plans as well as to provide key milestones for development
                          and testing of business continuity and contingency plans in their February
                          1999 quarterly reports. Accordingly, in their February 1999 reports, almost
                          all agencies listed their high-level core business functions. Indeed, major
                          departments and agencies listed over 400 core business functions. For
                          example, the Department of Veterans Affairs classified its core business
                          functions into two critical areas: benefits delivery (six business lines
                          supported this area) and health care.


                          Our review of the 24 major departments and agencies February 1999
                          quarterly reports found that business continuity and contingency planning
                          was generally well underway. However, we also found cases in which
                          agencies (1) were in the early stages of business continuity and
                          contingency planning, (2) did not indicate when they planned to complete
                          and/or test their plans, (3) did not intend to complete their plans until after
                          April 1999, or (4) did not intend to finish testing the plans until after
                          September 1999. In January 1999, we testified before you that OMB could



                          22
                               Year 2000 Computing Crisis:   Potential for Widespread Disruption Call for Strong Leadership and

                          Partnerships (GAO/AIMD-98-85, April 30, 1998).



                          23
                               GAO/AIMD-10.1.19, August 1998.




                          Page 8                                                                               GAO/T-AIMD-99-149
                            consider setting a target date, such as April 30, 1999, for the completion of
                            business continuity and contingency plans, and require agencies to report
                                                                      24
                            on their progress against this milestone.    This would encourage agencies
                            to expeditiously develop and finalize their plans and would provide the
                            President’s Council on Year 2000 Conversion and OMB with more complete
                            information on agencies’ status on this critical issue. To provide assurance
                            that agencies’ business continuity and contingency plans will work if they
                            are needed, we also suggested that OMB may want to consider requiring
                            agencies to test their business continuity strategy and set a target date,
                            such as September 30, 1999, for the completion of this validation.


                            On March 31, OMB and the Chair of the President’s Council on Year 2000
                            Conversion announced that completing and testing business continuity and
                            contingency plans as insurance against disruptions to federal service
                            delivery and operations from Year 2000-related failures will be one of the
                            key priorities that federal agencies will be pursuing through the rest of
                            1999. OMB also announced that it planned to ask agencies to submit their
                            business continuity and contingency plans in June. In addition to this
                            action, we would encourage OMB to implement the suggestion that we
                            made in our January 20 testimony and establish a target date for the
                            validation of these business continuity and contingency plans.




Recent OMB Action Could     While individual agencies have been identifying and remediating mission-

Help Ensure Business        critical systems, the government’s future actions need to be focused on its
                            high-priority programs and ensuring the continuity of these programs,
Continuity of High-Impact   including the continuity of federal programs that are administered by
Programs                    states. Accordingly, governmentwide priorities need to be based on such
                            criteria as the potential for adverse health and safety effects, adverse
                            financial effects on American citizens, detrimental effects on national
                            security, and adverse economic consequences. In April 1998, we
                            recommended that the President’s Council on Year 2000 Conversion
                            establish governmentwide priorities and ensure that agencies set
                                                   25
                            agencywide priorities.


                            On March 26, 1999, OMB implemented our recommendation by issuing a
                            memorandum to federal agencies designating lead agencies for the



                            24
                                 GAO/T-AIMD-99-50, January 20, 1999.



                            25
                                 GAO/AIMD-98-85, April 30, 1998.




                            Page 9                                                       GAO/T-AIMD-99-149
                        government’s 42 high-impact programs (e.g., food stamps, Medicare, and
                        federal electric power generation and delivery); appendix I lists these
                        programs and lead agencies. For each program, the lead agency was
                        charged with identifying to OMB the partners integral to program delivery;
                        taking a leadership role in convening those partners; assuring that each
                        partner has an adequate Year 2000 plan and, if not, helping each partner
                        without one; and developing a plan to ensure that the program will operate
                        effectively. According to OMB, such a plan might include testing data
                        exchanges across partners, developing complementary business continuity
                        and contingency plans, sharing key information on readiness with other
                        partners and the public, and taking other steps necessary to ensure that the
                        program will work. OMB directed the lead agencies to provide a schedule
                        and milestones of key activities in the plan by April 15. OMB also asked
                        agencies to provide monthly progress reports.




State and Local         State and local governments also face a major risk of Year 2000-induced
                        failures to the many vital services that they provide. For example,
Governments Face
Significant Year 2000   •      food stamps and other types of payments may not be made or could be

Risks                   •
                               made for incorrect amounts;
                               date-dependent signal timing patterns could be incorrectly implemented
                               at highway intersections, and safety severely compromised, if traffic
                               signal systems run by state and local governments do not process four-
                               digit years correctly; and
                        •      prisoner release or parole eligibility determinations may be adversely
                               affected by the Year 2000 problem.


                        A recent survey of state Year 2000 efforts indicated that much remains to be
                                               26
                        completed. The states (except for three that did not respond to the
                        survey) reported to the National Association of State Information Resource
                                                            27
                        Executives that as of April 5, 1999, they had thousands of mission-critical
                                 28
                        systems. With respect to the remediation of these systems,




                        26
                             In the context of the National Association of State Information Resource Executives survey, the term

                        states includes Guam, Puerto Rico, and the District of Columbia.



                        27
                             Individual states submit periodic updates to the National Association of State Information Resource

                        Executives.    For the April 5th report, almost all of the states submitted their data in March 1999.



                        28
                             The National Association of State Information Resource Executives defined mission-critical systems

                        as those that the state has identified as priorities for prompt remediation.




                        Page 10                                                                               GAO/T-AIMD-99-149
•      1 state reported that it had completed between 1 and 24 percent of the
       activities required to return a modified system or renovated process to
       production,
                 29
•      13 states reported that they had completed between 25 and 49 percent,
                 30
•      17 states     reported completing between 50 and 74 percent,
                  31
•      17 states reported completing more than 75 percent of these
                  32
       activities, and
•      almost all states reported that they are actively engaged in internal and
       external contingency planning but of the 50 states that established
       target dates for the completion of these plans, 23 (46 percent) reported
       the deadline as September 1999 or later.


State audit organizations have also identified significant Year 2000
concerns. In January 1999, the National State Auditors Association
reported on the results of its mid-1998 survey of Year 2000 compliance
among states. This report stated that, for the 12 state audit organizations
that provided Year 2000 related reports, concerns had been raised in areas
such as planning, testing, embedded systems, business continuity and
contingency planning, and the adequacy of resources to address the
problem. We identified additional products by 13 state-level audit
organizations and Guam that discussed the Year 2000 problem and had
been issued since October 1, 1998. Several of these audit organizations
noted that progress had been made. However, the audit organizations also
expressed concerns that were consistent with those reported by the
National State Auditors Association. For example:

                                                                                       33
•      In December 1998, the Vermont State Auditor reported                                 that the state
       Chief Information Officer did not have a comprehensive control list of
       the state’s information technology systems. Accordingly, the Audit
       Office stated that even if all mission-critical state systems were checked,
       these systems could be endangered by information technology



29
     Instead of reporting on its mission-critical systems, one state reported on its processes while another

reported on its functions.



30
     Instead of reporting on its mission-critical systems, one state reported on its core business activities,

another state reported on projects, and a third state reported on all systems.



31
     Instead of reporting on its mission-critical systems, one state reported on its applications.



32
     Two states did not respond to this question.



33
     Vermont State Auditor’s Report on State Government’s Year 2000 Preparedness (Y2K Compliance) for

the Period Ending November 1, 1998        (Office of the State Auditor, December 31, 1998).




Page 11                                                                                 GAO/T-AIMD-99-149
       components that had not been checked or by linkages with the states’
       external electronic partners.
                                                                                             34
•      In January 1999, the Rhode Island Auditor General reported                                 that
       testing standards and a test plan had not been developed.
                                                               35
•      In February 1999, the California State Auditor reported    that key
       agencies responsible for emergency services, corrections, and water
       resources, among others, had not fully addressed embedded technology
       related threats. Regarding emergency services, the California report
       stated that if remediation of the embedded technology in its networks is
       not completed, the Office of Emergency Services may have to rely on
       cumbersome manual processes, significantly increasing response time
       to disasters.
                                                                              36
•      In March 1999, Oregon’s Audits Division reported                            that 11 of the 12
       state agencies reviewed did not have business continuation plans
       addressing potential Year 2000 problems for their core business
       functions.
                                                                                      37
•      In March 1999, North Carolina’s State Auditor reported                              that resource
       restrictions had limited the state’s Year 2000 Project Office’s ability to
       verify data reported by state agencies.


Recent reports on local governments have also highlighted Year 2000
concerns at this level. For example:


•      In January 1999, the United States Conference of Mayors reported on
       the results of their survey of 220 cities. The results of this survey of
       cities found (1) 97 percent had a citywide plan to address Year 2000
       issues, (2) 22 percent had repaired or replaced less than 50 percent of
       their systems, and (3) 45 percent had completed less than 50 percent of
       their testing.
•      A November 1998 National Association of Counties survey of a sample
       of 500 counties found that (1) 50 percent of the counties had a
       countywide Year 2000 plan, (2) 36 percent had completed assessment,


34
     State of Rhode Island, Efforts to Resolve the Year 2000 Computer Issue   (Office of the Auditor General,

January 29, 1999).



35
     Year 2000 Computer Problem:   The State’s Agencies Are Progressing Toward Compliance but Key

Steps Remain Incomplete      (California State Auditor, February 18, 1999).



36
     Department of Administrative Services Year 2000 Statewide Project Office Review       (Secretary of State,

Audits Division, State of Oregon Report No. 99-05, March 16, 1999).



37
     Department of Commerce, Information Technology Services Year 2000 Project Office         (Office of the

State Auditor, State of North Carolina, March 18, 1999).




Page 12                                                                                GAO/T-AIMD-99-149
                                 (3) 16 percent had repaired or replaced their systems, and (4) 73 percent
                                 had no contingency plans.




Status of State-          About 25 percent of the federal government’s programs designated as high-

Administered Federal      impact by OMB are state-administered, such as Food Stamps and
                          Temporary Assistance for Needy Families. One federal system that did not
Human Services Programs   make the March implementation target is critical to the implementation of
Not Clear                 several of these programs. This system, the Department of Health and
                          Human Service’s Payment Management System, processes billions of
                          dollars in grant payments to states and other recipient organizations for
                          vital programs, such as Medicaid. As we testified in February 1999, the
                          planned replacement system has encountered problems since its inception
                                                                      38
                          and, as a result, is still not operational.    Consequently, the Department of
                          Health and Human Services decided to repair the existing system, which is
                          not expected to be compliant until June 30, 1999.


                          As we reported in November 1998, many systems that support state-
                          administered federal human services programs were at risk and much work
                                                                 39
                          remained to ensure continued services.    In February of this year, we
                          testified that while some progress had been achieved, many states’ systems
                                                                                              40
                          were not scheduled to become compliant until the last half of 1999.
                          Accordingly, we concluded that given these risks, business continuity and
                          contingency planning was even more important in ensuring continuity of
                          program operations and benefits in the event of systems failures.


                          In January 1999, OMB implemented a requirement that federal oversight
                          agencies include the status of selected state human services systems in
                          their quarterly reports. Specifically, OMB requested that the agencies
                          describe actions to help ensure that federally supported, state-run
                          programs will be able to provide services and benefits. OMB further asked
                          that agencies report the date when each state’s systems will be Year 2000
                          compliant. Table 1 summarizes the information gathered by the
                          Departments of Agriculture, Health and Human Services, and Labor on how




                          38
                               GAO/T-AIMD-99-92, February 26, 1999.



                          39
                               Year 2000 Computing Crisis:   Readiness of State Automated Systems to Support Federal Welfare

                          Programs (GAO/AIMD-99-28, November 6, 1998).



                          40
                               Year 2000 Computing Crisis:   Readiness of State Automated Systems That Support Federal Human

                          Services Programs (GAO/T-AIMD-99-91, February 24, 1999).




                          Page 13                                                                            GAO/T-AIMD-99-149
                                         many state-level organizations are compliant or when in 1999 they planned
                                         to be compliant.




Table 1: Reported State-Level Readiness for Key Federally Supported Programsa
                                                             January-           April-             July-            October-
Program                                   Compliant            March            June          September            December         No report
Food Stamps                                           15             10             12                   8                    5               0
Unemployment Insurance                                21              6             13                   8                    1               1
Temporary Assistance for Needy
Families                                              7               3             12                   4                    2             22
Medicaid–Integrated Eligibility System                3               1              8                   5                    1             33
Medicaid–Management Information
Systems                                               7               7             14                  12                    2               9
Child Support                                         4               6             10                   3                    2             25
Child Care                                            4               3              8                   5                    2             31
Child Welfare                                         6               3              8                   5                    2             27
Women, Infants, and Children                          24              8              6                   6                    6               0
                                         aAccording   to OMB, the Departments of Agriculture and Health and Human Services were still
                                         collecting information from the states on the status of the Child Nutrition Program and the Low Income
                                         Home Energy Assistance Program, respectively.
                                         Note: OMB reported the status of five programs for 50 state-level organizations (Food Stamps,
                                         Unemployment Insurance, Temporary Assistance for Needy Families, Child Support, and Women,
                                         Infants, and Children). The status of two programs was provided for 51 state-level organizations
                                         (Medicaid and Child Welfare). The status of Child Care was provided for 53 state-level organizations.
                                         Source: Progress on Year 2000 Conversion, (OMB, data received February 12, 1999, issued on
                                         March 18, 1999).


                                         This table illustrates the need for federal/state partnerships to ensure the
                                         continuity of these vital services, since a considerable number of state-level
                                         organizations are not due to be compliant until the last half of 1999, and the
                                         agencies have not received reports from many states. Such partnerships
                                         could include the coordination of federal and state business continuity and
                                         contingency plans for human services programs.


                                         One agency that could serve as a model to other federal agencies in
                                         working with state partners is the Social Security Administration, which
                                         relies on states to help process claims under its disability insurance
                                         program. In October 1997, we made recommendations to the Social
                                         Security Administration to improve its monitoring and oversight of state
                                         disability determination services and to develop contingency plans that
                                         consider the disability claims processing functions within state disability




                                         Page 14                                                                        GAO/T-AIMD-99-149
                                                                         41
                        determination services systems.                       The Social Security Administration
                        agreed with these recommendations and, as we testified this February, has
                                               42
                        taken several actions.    For example, it established a full-time disability
                        determination services project team, designating project managers and
                        coordinators and requesting biweekly status reports. The agency also
                        obtained from each state disability determination service (1) a plan
                        specifying the specific milestones, resources, and schedules for completing
                        Year 2000 conversion tasks and (2) contingency plans. Such an approach
                        could be valuable to other federal agencies in helping ensure the continued
                        delivery of services.


                        In addition to the state systems that support federal programs, another
                        important aspect of the federal government’s Year 2000 efforts with the
                        states are data exchanges. For example, the Social Security Administration
                        exchanges data files with the states to determine the eligibility of disabled
                        persons for disability payments and the National Highway Traffic Safety
                        Administration provides states with information needed for drivers
                        registration. As part of addressing this issue, the General Services
                        Administration is collecting information from federal agencies and the
                        states on the status of their exchanges through a secured Internet World
                        Wide Web site. According to an official at the General Services
                        Administration, 70 percent of federal/state data exchanges are Year 2000
                        compliant. However, this official would not provide us with supporting
                        documentation for this statement nor would the General Services
                        Administration allow us access to its database. Accordingly, we could not
                        verify the status of federal/state data exchanges.




Year 2000 Readiness     Beyond the risks faced by the federal, state, and local governments, the
                        Year 2000 also poses a serious challenge to the public infrastructure, key
Information Available   economic sectors, and other countries. To address these concerns, in April
in Some Sectors, But    1998, we recommended that the Council use a sector-based approach and

Key Information Still   establish the effective public-private partnerships necessary to address this

Missing or Incomplete

                        41
                             Social Security Administration:   Significant Progress Made in Year 2000 Effort, But Key Risks Remain

                        (GAO/AIMD-98-6, October 22, 1997).



                        42
                             Year 2000 Computing Crisis:   Update on the Readiness of the Social Security Administration

                        (GAO/T-AIMD-99-90, February 24, 1999).




                        Page 15                                                                               GAO/T-AIMD-99-149
          43
issue.         The Council subsequently established over 25 sector-based
working groups and has been initiating outreach activities since it became
operational last spring. In addition, the Chair of the Council has formed a
Senior Advisors Group composed of representatives from private-sector
firms across key economic sectors. Members of this group are expected to
offer perspectives on crosscutting issues, information sharing, and
appropriate federal responses to potential Year 2000 failures.


Our April 1998 report also recommended that the President’s Council on
Year 2000 Conversion develop a comprehensive picture of the nation’s Year
2000 readiness, to include identifying and assessing risks to the nation’s key
economic sectors—including risks posed by international links. In October
1998, the Chair directed the Council’s sector working groups to begin
assessing their sectors. The Chair also provided a recommended guide of
core questions that the Council asked to be included in surveys by the
associations performing the assessments. These questions included the
percentage of work that has been completed in the assessment, renovation,
validation, and implementation phases. The Chair plans to issue quarterly
public reports summarizing these assessments. The first such report was
issued on January 7, 1999.


The January 7, 1999, report summarizes information collected to date by
                                                   44
the working groups and various trade associations.    The Council
acknowledged that readiness data in certain industries were not yet
available and, therefore, were not included in the report. Nevertheless,
based on the information available at the time, it concluded that


•      virtually all of the industry areas reported high awareness of the Year
       2000 and its potential consequences;
•      participants in several areas, particularly financial institutions, are
       mounting aggressive efforts to combat the problem;
•      it is increasingly confident that there will not be large-scale disruptions
       in the banking, power, and telecommunications areas and, if disruptions
       do occur, they are likely to be localized;
•      large organizations often have a better handle on the Year 2000 problem
       than do smaller ones, and some small-and medium-sized businesses and




43
     GAO/AIMD-98-85, April 30, 1998.



44
     First Quarterly Summary of Assessment Information   (The President’s Council on Year 2000 Conver-

sion, January 7, 1999).




Page 16                                                                          GAO/T-AIMD-99-149
                       governments continue to believe that the Year 2000 problem will not
                       affect them or are delaying action until failures occur; and
                •      international failures are likely since, despite recent increased efforts, a
                       number of countries have done little to remediate critical systems.


                The Council’s report was a good step toward obtaining a picture of the
                nation’s Year 2000 readiness. However, the picture remains substantially
                incomplete because assessments were not available in many key areas,
                such as local law enforcement and the maritime industry. Also, some
                surveys did not have a high response rate, calling into question whether
                they accurately portray the readiness of the sector. In addition, in some
                cases, such as drinking water and health care, the report provided a general
                assessment of the sector but did not contain detailed data as to the status
                of the sector (e.g., the average percentage of organization’s systems that
                are Year 2000 compliant or the percentage of organizations that are in the
                assessment, renovation, or validation phases).


                The President’s Council on Year 2000 Conversion is to be commended on
                the strides that it has made to obtain Year 2000 readiness data that are
                critical to the nation’s well-being as well as its other initiatives, such as the
                establishment of the Senior Advisors Group. However, to further reduce
                                                                                45
                the likelihood of major disruptions, in testimony this January,    we
                suggested that the Council consider additional actions such as continuing
                to aggressively pursue readiness information in the areas in which it is
                lacking. If the current approach of using associations to voluntarily collect
                information does not yield the necessary information, we suggested that
                the Council may wish to consider whether legislative remedies (such as
                requiring disclosure of Year 2000 readiness data) should be proposed. The
                Council’s next sector report is expected to be released this month. As
                discussed below, we have issued several products related to several of
                these key sectors.




Energy Sector   This month, we reported that while the electric power industry has
                reported that it has made substantial progress in making its systems and
                equipment ready to continue operations into the Year 2000, significant risks




                45
                     GAO/T-AIMD-99-50, January 20, 1999.




                Page 17                                                           GAO/T-AIMD-99-149
                             46
                remain.           In response to a November 1998 survey, the nation’s electric
                power utilities reported that on average, they were 44 percent complete
                with remediation and testing. However, almost half of the reporting
                organizations said that they did not expect to be Year 2000 ready within the
                June 1999 industry target date, and about one-sixth of the respondents
                indicated they would not be ready until the last 3 months of 1999—leaving
                little margin for resolving unexpected problems. In this report, we
                suggested that the Department of Energy (1) work with the Electric Power
                Working Group to ensure that remediation activities are accelerated for the
                utilities that expect to miss the June 1999 deadline for achieving Year 2000
                readiness and (2) encourage state regulatory utility commissions to require
                a full public disclosure of Year 2000 readiness status of entities transmitting
                and distributing electric power. We also suggested that the Nuclear
                Regulatory Commission, (1) in cooperation with the Nuclear Energy
                Institute, work with the nuclear power plant licensees to accelerate the
                Year 2000 remediation efforts among the nuclear power plants that expect
                to meet the June 1999 deadline for achieving Year 2000 readiness and
                (2) publicly disclose the Year 2000 readiness of each of the nation’s
                operational nuclear reactors.



                                       47
Health Sector   Last week, we testified that in response to our September 1998
                                 48
                recommendation, the Food and Drug Administration, in conjunction with
                the Department of Veterans Affairs, had established a clearinghouse on
                biomedical equipment. As of April 5, 1999, 4,251 biomedical equipment
                manufacturers had submitted data to the clearinghouse. About 54 percent
                of these manufacturers reported having products that do not employ dates
                and about 16 percent reported having date-related problems such as an
                incorrect display of date/time. The Food and Drug Administration was
                awaiting responses from 399 manufacturers.


                Our April testimony also reported on the results of a Department of
                Veterans Affairs survey of 384 pharmaceutical firms and 459 medical-
                surgical firms with which it does business. Of the 52 percent of


                46
                     Year 2000 Computing Crisis:   Readiness of the Electric Power Industry   (GAO/AIMD-99-114, April 6,

                1999).



                47
                     Year 2000 Computing Crisis:   Action Needed to Ensure Continued Delivery of Veterans Benefits and

                Health Care Services    (GAO/T-AIMD-99-136, April 15, 1999).



                48
                     Year 2000 Computing Crisis:   Compliance Status of Many Biomedical Equipment Items Still Unknown

                (GAO/AIMD-98-240, September 18, 1998).




                Page 18                                                                              GAO/T-AIMD-99-149
                             pharmaceutical firms that responded to the survey, 32 percent reported
                             that they were compliant. Of the 54 percent of the medical-surgical firms
                             that responded, about two-thirds of them reported that they were
                             compliant.




Banking and Finance Sector   A large portion of the institutions that make up the banking and finance
                             sector are overseen by one or more federal regulatory agencies. In
                             September 1998, we testified on the efforts of five federal financial
                                                 49
                             regulatory agencies to ensure that the institutions that they oversee are
                                                                    50
                             ready to handle the Year 2000 problem.    We concluded that the regulators
                             had made significant progress in assessing the readiness of member
                             institutions and raising awareness on important issues such as contingency
                             planning and testing. Regulator examinations of bank, thrift, and credit
                             union Year 2000 efforts found that the vast majority were doing a
                             satisfactory job of addressing the problem. Nevertheless, the regulators
                             faced the challenge of ensuring that they are ready to take swift action to
                             address those institutions that falter in the later stages of correction and to
                             address disruptions caused by international and public infrastructure
                             failures.


                             In March 1999, we concluded that insurance regulator presence regarding
                             the Year 2000 area was not as strong as that exhibited by the banking and
                                                  51
                             securities industry.    We found that the state insurance regulators we
                             contacted were late in raising industry awareness of potential Year 2000
                             problems, provided little guidance to regulated institutions, and failed to
                             convey clear regulatory expectations to companies about Year 2000
                             preparations and milestones. Nevertheless, the insurance industry is
                             reported by both its regulators and other outside observers to be generally
                             on track to being ready for 2000. However, most of these reports are based
                             on self-reported information and, compared to other financial regulators,
                             insurance regulators’ efforts to validate this information generally began
                             late and were too limited.




                             49
                                  The National Credit Union Administration, the Federal Deposit Insurance Corporation, the Office of

                             Thrift Supervision, the Federal Reserve System, and the Office of the Comptroller of the Currency.



                             50Year 2000 Computing Crisis:      Federal Depository Institution Regulators Are Making Progress, But

                             Challenges Remain     (GAO/T-AIMD-98-305, September 17, 1998).



                             51
                                  Insurance Industry:   Regulators Are Less Active in Encouraging and Validating Year 2000

                             Preparedness (GAO/T-GGD-99-56, March 11, 1999).




                             Page 19                                                                              GAO/T-AIMD-99-149
                                                                                                        52
Transportation Sector   This January we reported on our survey of 413 airports.                              We found that
                        while the nation’s airports are making progress in preparing for the year
                        2000, such progress varies among airports. Of the 334 airports responding
                        to our survey, about one-third reported that they would complete their Year
                        2000 preparations by June 30, 1999. The other two-thirds either planned on
                        a later date or failed to estimate any completion date, and half of these
                        airports did not have contingency plans for any of 14 core airport functions.
                        Although most of those not expecting to be ready by June 30 are small
                        airports, 26 of them are among the nation’s largest 50 airports.



                        In summary, while improvement has been shown, much work remains at
                        the national, federal, state, and local level to ensure that major service
                        disruptions do not occur. Specifically, remediation must be completed,
                        end-to-end testing performed, and business continuity and contingency
                        plans developed. To meet this challenge, strong leadership and
                        partnerships must be maintained to ensure that government programs meet
                        the needs of the public at the turn of the century.


                        Mr. Chairman, this concludes my statement. I would be happy to respond
                        to any questions that you or other members of the Committee may have at
                        this time.




                        52
                             Year 2000 Computing Crisis:   Status of Airports’ Efforts to Deal With Date Change Problem

                        (GAO/RCED/AIMD-99-57, January 29, 1999).




                        Page 20                                                                              GAO/T-AIMD-99-149
Appendix I


Federal High-Impact Programs and Lead
Agencies                                                                                                                         AppeIx
                                                                                                                                      ndi




Agency                                          Program
Department of Agriculture                       Child Nutrition Programs
Department of Agriculture                       Food Safety Inspection
Department of Agriculture                       Food Stamps
Department of Agriculture                       Special Supplemental Nutrition Program for Women, Infants, and Children
Department of Commerce                          Patent and trademark processing
Department of Commerce                          Weather Service
Department of Defense                           Military Hospitals
Department of Defense                           Military Retirement
Department of Education                         Student Aid
Department of Energy                            Federal electric power generation and delivery
Department of Health and Human Services         Child Care
Department of Health and Human Services         Child Support Enforcement
Department of Health and Human Services         Child Welfare
Department of Health and Human Services         Disease monitoring and the ability to issue warnings
Department of Health and Human Services         Indian Health Service
Department of Health and Human Services         Low Income Home Energy Assistance Program
Department of Health and Human Services         Medicaid
Department of Health and Human Services         Medicare
Department of Health and Human Services         Organ Transplants
Department of Health and Human Services         Temporary Assistance for Needy Families
Department of Housing and Urban Development     Housing loans (Government National Mortgage Association)
Department of Housing and Urban Development     Section 8 Rental Assistance
Department of Housing and Urban Development     Public Housing
Department of Housing and Urban Development     FHA Mortgage Insurance
Department of Housing and Urban Development     Community Development Block Grants
Department of the Interior                      Bureau of Indians Affairs programs
Department of Justice                           Federal Prisons
Department of Justice                           Immigration
Department of Labor                             Unemployment Insurance
Department of State                             Passport Applications and Processing
Department of Transportation                    Air Traffic Control system
Department of Transportation                    Maritime Search and Rescue
Department of the Treasury                      Cross-border Inspection Services
Department of Veterans Affairs                  Veterans’ Benefits
Department of Veterans Affairs                  Veterans’ Health Care
Federal Emergency Management Agency             Disaster Relief
Office of Personnel Management                  Federal Employee Health Benefits
Office of Personnel Management                  Federal Employee Life Insurance




                                          Page 21                                                            GAO/T-AIMD-99-149
                                 Appendix I
                                 Federal High-Impact Programs and Lead
                                 Agencies




Office of Personnel Management         Federal Employee Retirement Benefits
Railroad Retirement Board              Retired Rail Workers Benefits
Social Security Administration         Social Security Benefits
U.S. Postal Service                    Mail Service




                                 Page 22                                      GAO/T-AIMD-99-149
Appendix II


GAO Reports and Testimony Addressing the
Year 2000 Crisis                                                                              ApIpexndi




              Year 2000 Computing Crisis: Action Needed to Ensure Continued Delivery
              of Veterans Benefits and Health Care Services (GAO/T-AIMD-99-136,
              April 15, 1999).


              Year 2000 Computing Challenge: Federal Government Making Progress But
              Critical Issues Must Still Be Addressed to Minimize Disruptions
              (GAO/T-AIMD-99-114, April 14, 1999).


              Year 2000 Computing Crisis: Additional Work Remains to Ensure Delivery
              of Critical Services (GAO/T-AIMD-99-143, April 13, 1999).


              Tax Administration: IRS’ Fiscal Year 2000 Budget Request and 1999 Tax
              Filing Season (GAO/T-GGD/AIMD-99-140, April 13, 1999).


              Year 2000 Computing Crisis: Federal Reserve Has Established Effective
              Year 2000 Management Controls for Internal Systems Conversion
              (GAO/AIMD-99-78, April 9, 1999).


              Year 2000 Computing Crisis: Readiness of the Electric Power Industry
              (GAO/AIMD-99-114, April 6, 1999).


              Year 2000 Computing Crisis: Customs Has Established Effective Year 2000
              Program Controls (GAO/AIMD-99-37, March 29, 1999).


              Year 2000 Computing Crisis: FAA Is Making Progress But Important
              Challenges Remain (GAO/T-AIMD/RCED-99-118, March 15, 1999).


              Insurance Industry: Regulators Are Less Active in Encouraging and
              Validating Year 2000 Preparedness (GAO/T-GGD-99-56, March 11, 1999).


              Year 2000 Computing Crisis: Defense Has Made Progress, But Additional
              Management Controls Are Needed (GAO/T-AIMD-99-101, March 2, 1999).


              Year 2000 Computing Crisis: Readiness Status of the Department of Health
              and Human Services (GAO/T-AIMD-99-92, February 26, 1999).


              Defense Information Management: Continuing Implementation Challenges
              Highlight the Need for Improvement (GAO/T-AIMD-99-93, February 25,
              1999).


              IRS’ Year 2000 Efforts: Status and Remaining Challenges
              (GAO/T-GGD-99-35, February 24, 1999).




              Page 23                                                     GAO/T-AIMD-99-149
Appendix II
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Department of Commerce: National Weather Service Modernization and
NOAA Fleet Issues (GAO/T-AIMD/GGD-99-97, February 24, 1999).


Year 2000 Computing Crisis: Medicare and the Delivery of Health Services
Are at Risk (GAO/T-AIMD-99-89, February 24, 1999).


Year 2000 Computing Crisis: Readiness of State Automated Systems That
Support Federal Human Services Programs (GAO/T-AIMD-99-91, February
24, 1999).


Year 2000 Computing Crisis: Customs Is Effectively Managing Its Year 2000
Program (GAO/T-AIMD-99-85, February 24, 1999).


Year 2000 Computing Crisis: Update on the Readiness of the Social
Security Administration (GAO/T-AIMD-99-90, February 24, 1999).


Year 2000 Computing Crisis: Challenges Still Facing the U.S. Postal Service
(GAO/T-AIMD-99-86, February 23, 1999).


Year 2000 Computing Crisis: The District of Columbia Remains Behind
Schedule (GAO/T-AIMD-99-84, February 19, 1999).


High-Risk Series: An Update (GAO/HR-99-1, January 1999).


Year 2000 Computing Crisis: Status of Airports’ Efforts to Deal With Date
Change Problem (GAO/RCED/AIMD-99-57, January 29, 1999).


Defense Computers: DOD’s Plan for Execution of Simulated Year 2000
Exercises (GAO/AIMD-99-52R, January 29, 1999).


Year 2000 Computing Crisis: Status of Bureau of Prisons’ Year 2000 Efforts
(GAO/AIMD-99-23, January 27, 1999).


Year 2000 Computing Crisis: Readiness Improving, But Much Work
Remains to Avoid Major Disruptions (GAO/T-AIMD-99-50, January 20,
1999).


Year 2000 Computing Challenge: Readiness Improving, But Critical Risks
Remain (GAO/T-AIMD-99-49, January 20, 1999).


Status Information: FAA’s Year 2000 Business Continuity and Contingency
Planning Efforts Are Ongoing (GAO/AIMD-99-40R, December 4, 1998).




Page 24                                                    GAO/T-AIMD-99-149
Appendix II
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21,
November 1998).


Year 2000 Computing Crisis: Readiness of State Automated Systems to
Support Federal Welfare Programs (GAO/AIMD-99-28, November 6, 1998).


Year 2000 Computing Crisis: Status of Efforts to Deal With Personnel
Issues (GAO/AIMD/GGD-99-14, October 22, 1998).


Year 2000 Computing Crisis: Updated Status of Department of Education’s
Information Systems (GAO/T-AIMD-99-8, October 8, 1998).


Year 2000 Computing Crisis: The District of Columbia Faces Tremendous
Challenges in Ensuring That Vital Services Are Not Disrupted (GAO/T-
AIMD-99-4, October 2, 1998).


Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).


Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-98-
310, September 24, 1998).


Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998).


Year 2000 Computing Crisis: Significant Risks Remain to Department of
Education’s Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998).


Year 2000 Computing Crisis: Progress Made at Department of Labor, But
Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).


Year 2000 Computing Crisis: Federal Depository Institution Regulators Are
Making Progress, But Challenges Remain (GAO/T-AIMD-98-305,
September 17, 1998).


Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure Financial
Institutions Are Fixing Systems But Challenges Remain (GAO/AIMD-98-
248, September 17, 1998).




Page 25                                                   GAO/T-AIMD-99-149
Appendix II
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Responses to Questions on FAA’s Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).


Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278, September 3,
1998).


Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships
Needed to Reduce Likelihood of Adverse Impact (GAO/T-AIMD-98-277,
September 2, 1998).


Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships
Needed to Mitigate Risks (GAO/T-AIMD-98-276, September 1, 1998).


Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-162,
August 28, 1998).


Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998).


Year 2000 Computing Crisis: Progress Made in Compliance of VA Systems,
But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).


Year 2000 Computing Crisis: Avoiding Major Disruptions Will Require
Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-267,
August 19, 1998).


Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed
to Address Risk of Major Disruptions (GAO/T-AIMD-98-266, August 17,
1998).


Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed
to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262, August 13,
1998).


FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).


Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998).




Page 26                                                  GAO/T-AIMD-99-149
Appendix II
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Internal Revenue Service: Impact of the IRS Restructuring and Reform Act
on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).


Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998).


Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998).


Defense Computers: Year 2000 Computer Problems Put Navy Operations at
Risk (GAO/AIMD-98-150, June 30, 1998).


Year 2000 Computing Crisis: Testing and Other Challenges Confronting
Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998).


Year 2000 Computing Crisis: Telecommunications Readiness Critical, Yet
Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16, 1998).


GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998).


IRS’ Year 2000 Efforts: Business Continuity Planning Needed for Potential
Year 2000 System Failures (GAO/GGD-98-138, June 15, 1998).


Year 2000 Computing Crisis: Actions Must Be Taken Now to Address Slow
Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).


Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).


Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted
(GAO/T-AIMD-98-167, May 14, 1998).


Securities Pricing: Actions Needed for Conversion to Decimals
(GAO/T-GGD-98-121, May 8, 1998).


Year 2000 Computing Crisis: Continuing Risks of Disruption to Social
Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161, May 7,
1998).




Page 27                                                   GAO/T-AIMD-99-149
Appendix II
GAO Reports and Testimony Addressing the
Year 2000 Crisis




IRS’ Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7, 1998).


Air Traffic Control: FAA Plans to Replace Its Host Computer System
Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R,
May 1, 1998).


Year 2000 Computing Crisis: Potential for Widespread Disruption Calls for
Strong Leadership and Partnerships (GAO/AIMD-98-85, April 30, 1998).


Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).


Department of the Interior: Year 2000 Computing Crisis Presents Risk of
Disruption to Key Operations (GAO/T-AIMD-98-149, April 22, 1998).


Tax Administration: IRS’ Fiscal Year 1999 Budget Request and Fiscal Year
1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31, 1998).


Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24, 1998).


Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
116, March 24, 1998).


Year 2000 Computing Crisis: Office of Thrift Supervision’s Efforts to
Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-102,
March 18, 1998).


Year 2000 Computing Crisis: Strong Leadership and Effective Public/
Private Cooperation Needed to Avoid Major Disruptions
(GAO/T-AIMD-98-101, March 18, 1998).


Post-Hearing Questions on the Federal Deposit Insurance Corporation’s
Year 2000 (Y2K) Preparedness (AIMD-98-108R, March 18, 1998).


SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/GGD/AIMD-98-51, March 6, 1998).


Year 2000 Readiness: NRC’s Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998).




Page 28                                                    GAO/T-AIMD-99-149
Appendix II
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Crisis: Federal Deposit Insurance Corporation’s
Efforts to Ensure Bank Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-73, February 10, 1998).


Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems
Failures (GAO/T-AIMD-98-63, February 4, 1998).


FAA Computer Systems: Limited Progress on Year 2000 Issue Increases
Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).


Defense Computers: Air Force Needs to Strengthen Year 2000 Oversight
(GAO/AIMD-98-35, January 16, 1998).


Year 2000 Computing Crisis: Actions Needed to Address Credit Union
Systems’ Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998).


Veterans Health Administration Facility Systems: Some Progress Made In
Ensuring Year 2000 Compliance, But Challenges Remain (GAO/
AIMD-98-31R, November 7, 1997).


Year 2000 Computing Crisis: National Credit Union Administration’s
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-20, October 22, 1997).


Social Security Administration: Significant Progress Made in Year 2000
Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997).


Defense Computers: Technical Support Is Key to Naval Supply Year 2000
Success (GAO/AIMD-98-7R, October 21, 1997).


Defense Computers: LSSC Needs to Confront Significant Year 2000 Issues
(GAO/AIMD-97-149, September 26, 1997).


Veterans Affairs Computer Systems: Action Underway Yet Much Work
Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174, September 25,
1997).


Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach (GAO/T-AIMD-97-173, September 25, 1997).


Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14,
September 1997).




Page 29                                                  GAO/T-AIMD-99-149
                   Appendix II
                   GAO Reports and Testimony Addressing the
                   Year 2000 Crisis




                   Defense Computers: SSG Needs to Sustain Year 2000 Progress
                   (GAO/AIMD-97-120R, August 19, 1997).


                   Defense Computers: Improvements to DOD Systems Inventory Needed for
                   Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997).


                   Defense Computers: Issues Confronting DLA in Addressing Year 2000
                   Problems (GAO/AIMD-97-106, August 12, 1997).


                   Defense Computers: DFAS Faces Challenges in Solving the Year 2000
                   Problem (GAO/AIMD-97-117, August 11, 1997).


                   Year 2000 Computing Crisis: Time Is Running Out for Federal Agencies to
                   Prepare for the New Millennium (GAO/T-AIMD-97-129, July 10, 1997).


                   Veterans Benefits Computer Systems: Uninterrupted Delivery of Benefits
                   Depends on Timely Correction of Year-2000 Problems (GAO/
                   T-AIMD-97-114, June 26, 1997).


                   Veterans Benefits Computer Systems: Risks of VBA’s Year-2000 Efforts
                   (GAO/AIMD-97-79, May 30, 1997).


                   Medicare Transaction System: Success Depends Upon Correcting Critical
                   Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).


                   Medicare Transaction System: Serious Managerial and Technical
                   Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997).


                   Year 2000 Computing Crisis: Risk of Serious Disruption to Essential
                   Government Functions Calls for Agency Action Now (GAO/T-AIMD-97-52,
                   February 27, 1997).


                   Year 2000 Computing Crisis: Strong Leadership Today Needed To Prevent
                   Future Disruption of Government Services (GAO/T-AIMD-97-51,
                   February 24, 1997).


                   High-Risk Series: Information Management and Technology (GAO/HR-97-9,
                   February 1997).




(511752)   L
           ertet   Page 30                                                  GAO/T-AIMD-99-149
Ordering Information
The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order made
out to the Superintendent of Documents, when necessary, VISA and
MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.
Orders by mail:
U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013
or visit:
Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC
Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.
Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any list
from the past 30 days, please call (202) 512-6000 using a touchtone
phone. A recorded menu will provide information on how to obtain
these lists.
For information on how to access GAO reports on the INTERNET,
send an e-mail message with “info” in the body to:
info@www.gao.gov
or visit GAO’s World Wide Web Home Page at:
http://www.gao.gov
United States                       Bulk Mail
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. GI00
Official Business
Penalty for Private Use $300

Address Correction Requested