oversight

Year 2000 Computing Challenge: Readiness Improving Yet Avoiding Disruption of Critical Services Will Require Additional Work

Published by the Government Accountability Office on 1999-07-08.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Subcommittee on Government Management,
                          Information and Technology, Committee on Government
                          Reform, House of Representatives


For Release on Delivery
Expected at
9 a.m. CDT
                          YEAR 2000 COMPUTING
Thursday,
July 8, 1999              CHALLENGE

                          Readiness Improving Yet
                          Avoiding Disruption of
                          Critical Services Will
                          Require Additional Work
                          Statement of Joel C. Willemssen
                          Director, Civil Agencies Information Systems
                          Accounting and Information Management Division




GAO/T-AIMD-99-233
        Mr. Chairman and Members of the Subcommittee:

        Thank you for inviting us to participate in today's hearing on the Year 2000
        problem. According to the report of the President's Commission on
        Critical Infrastructure Protection, the United States--with close to half of all
        computer capacity and 60 percent of Internet assets--is the world's most
        advanced and most dependent user of information technology.1 Should
        these systems--which perform functions and services critical to our
        nation--suffer problems, it could create widespread disruption.
        Accordingly, the upcoming change of century is a sweeping and urgent
        challenge for public- and private-sector organizations alike.

        Because of its urgent nature and the potentially devastating impact it could
        have on critical government operations, in February 1997 we designated
        the Year 2000 problem a high-risk area for the federal government.2 Since
        that time, we have issued over 120 reports and testimony statements
        detailing specific findings and numerous recommendations related to the
        Year 2000 readiness of a wide range of federal agencies.3 We have also
        issued guidance to help organizations successfully address the issue.4

        Today I will highlight the Year 2000 risks facing the nation; discuss the
        federal government's progress and challenges that remain in correcting its
        systems; identify state and local government Year 2000 issues; and provide
        an overview of available information on the readiness of key public
        infrastructure and economic sectors.




        1
         Critical Foundations: Protecting America's Infrastructures (President's Commission on Critical
        Infrastructure Protection, October 1997).
        2
         High-Risk Series: Information Management and Technology (GAO/HR-97-9, February 1997).
        3
          A list of these publications is included as an appendix to this statement. These publications can be
        obtained through GAO’s World Wide Web page at www.gao.gov/y2kr.htm.
        4
          Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, issued as an exposure draft in
        February 1997 and in final form in September 1997), which addresses the key tasks needed to complete
        each phase of a Year 2000 program (awareness, assessment, renovation, validation, and
        implementation); Year 2000 Computing Crisis: Business Continuity and Contingency Planning
        (GAO/AIMD-10.1.19, issued as an exposure draft in March 1998 and in final form in August 1998), which
        describes the tasks needed to ensure the continuity of agency operations; and Year 2000 Computing
        Crisis: A Testing Guide (GAO/AIMD-10.1.21, issued as an exposure draft in June 1998 and in final form
        in November 1998), which discusses the need to plan and conduct Year 2000 tests in a structured and
        disciplined fashion.




Leter   Page 1                                                                            GAO/T-AIMD-99-233
The Public Faces Risk   The public faces the risk that critical services provided by the government
                        and the private sector could be severely disrupted by the Year 2000
of Year 2000            computing problem. Financial transactions could be delayed, flights
Disruptions             grounded, power lost, and national defense affected. Moreover, America's
                        infrastructures are a complex array of public and private enterprises with
                        many interdependencies at all levels. These many interdependencies
                        among governments and within key economic sectors could cause a single
                        failure to have adverse repercussions in other sectors. Key sectors that
                        could be seriously affected if their systems are not Year 2000 compliant
                        include information and telecommunications; banking and finance; health,
                        safety, and emergency services; transportation; power and water; and
                        manufacturing and small business.

                        The following are examples of some of the major disruptions the public and
                        private sectors could experience if the Year 2000 problem is not corrected.

                        • With respect to aviation, there could be grounded or delayed flights,
                          degraded safety, customer inconvenience, and increased airline costs. 5
                        • Aircraft and other military equipment could be grounded because the
                          computer systems used to schedule maintenance and track supplies
                          may not work. Further, the Department of Defense could incur
                          shortages of vital items needed to sustain military operations and
                          readiness.6
                        • Medical devices and scientific laboratory equipment may experience
                          problems beginning January 1, 2000, if their software applications or
                          embedded chips use two-digit fields to represent the year.

                        Recognizing the seriousness of the Year 2000 problem, on February 4, 1998,
                        the President signed an executive order that established the President's
                        Council on Year 2000 Conversion, chaired by an Assistant to the President
                        and consisting of one representative from each of the executive
                        departments and from other federal agencies as may be determined by the
                        Chair. The Chair of the Council was tasked with the following Year 2000
                        roles: (1) overseeing the activities of agencies, (2) acting as chief
                        spokesperson in national and international forums, (3) providing policy


                        5
                          FAA Systems: Serious Challenges Remain in Resolving Year 2000 and Computer Security Problems
                        (GAO/T-AIMD-98-251, August 6, 1998).
                        6
                          Defense Computers: Year 2000 Computer Problems Threaten DOD Operations (GAO/AIMD-98-72,
                        April 30, 1998).




            Leter       Page 2                                                                     GAO/T-AIMD-99-233
                    coordination of executive branch activities with state, local, and tribal
                    governments, and (4) promoting appropriate federal roles with respect to
                    private-sector activities.



Improvements Made   Addressing the Year 2000 problem is a tremendous challenge for the federal
                    government. Many of the federal government's computer systems were
But Much Work       originally designed and developed 20 to 25 years ago, are poorly
Remains             documented, and use a wide variety of computer languages, many of which
                    are obsolete. Some applications include thousands, tens of thousands, or
                    even millions of lines of code, each of which must be examined for
                    date-format problems.

                    To meet this challenge and monitor individual agency efforts, the Office of
                    Management and Budget (OMB) directed the major departments and
                    agencies to submit quarterly reports on their progress, beginning May 15,
                    1997. These reports contain information on where agencies stand with
                    respect to the assessment, renovation, validation, and implementation of
                    mission-critical systems, as well as other management information on
                    items such as costs and business continuity and contingency plans.

                    The federal government's most recent reports show improvement in
                    addressing the Year 2000 problem. While much work remains, the federal
                    government has significantly increased its percentage of mission-critical
                    systems that are reported to be Year 2000 compliant, as figure 1 illustrates.
                    In particular, while the federal government did not meet its goal of having
                    all mission-critical systems compliant by March 1999, as of mid-May 1999,
                    93 percent of these systems were reported compliant.




                    Page 3                                                      GAO/T-AIMD-99-233
Figure 1: Mission-Critical Systems Reported Year 2000 Compliant, May 1997-May
1999
100%                                                                                      93%

    90%
                                                                               79%
    80%

    70%
                                                                    61%
    60%
                                                          50%
    50%
                                               40%
    40%                             35%
                         27%
    30%
          21%   19%
    20%

    10%

    0%
     May-97     Aug-97   Nov -97   Feb-98     May -98    Aug-98     Nov -98   Feb-99     May-99

Source: May 1997 through May 1999 data are from the OMB quarterly reports.


While this reported progress is notable, OMB reported that 10 agencies
have mission-critical systems that were not yet compliant. 7 In addition, as
we testified in April, some of the systems that were not yet compliant
support vital government functions.8 For example, some of the systems
that were not compliant were among the 26 mission-critical systems that
the Federal Aviation Administration (FAA) has identified as posing the
greatest risk to the National Airspace System—the network of equipment,
facilities, and information that supports U.S. aviation operations.

Additionally, not all systems have undergone an independent verification
and validation process. For example, in April 1999 the Department of
Commerce awarded a contract for independent verification and validation
reviews of approximately 40 mission-critical systems that support that



7
 The 10 agencies were the departments of Agriculture, Commerce, Defense, Energy, Health and Human
Services, Justice, Transportation, Treasury; the National Aeronautics and Space Administration; and the
U.S. Agency for International Development.
8
Year 2000 Computing Challenge: Federal Government Making Progress But Critical Issues Must Still
Be Addressed to Minimize Disruptions (GAO/T-AIMD-99-144, April 14, 1999).




Page 4                                                                          GAO/T-AIMD-99-233
                          department’s most critical business processes. These reviews are to
                          continue through the summer of 1999. In some cases, independent
                          verification and validation of compliant systems have found serious
                          problems. For example, as we testified this past February, 9 none of
                          54 external mission-critical systems of the Health Care Financing
                          Administration (HCFA) reported by the Department of Health and Human
                          Services (HHS) as compliant as of December 31, 1998, was Year 2000 ready,
                          based on serious qualifications identified by the independent verification
                          and validation contractor.


Reviews Show Uneven       While the overall Year 2000 readiness of the government has improved, our
Federal Agency Progress   reviews of federal agency Year 2000 programs have found uneven progress.
                          Some agencies are significantly behind schedule and are at high risk that
                          they will not fix their systems in time. Other agencies have made progress,
                          although risks continue and a great deal of work remains. For example:

                          • In March we testified that FAA had made tremendous progress over the
                            prior year.10 However, much remained to be done to complete validating
                            and implementing FAA’s mission-critical systems. Specifically, the
                            challenges that FAA faced included (1) ensuring that systems validation
                            efforts were adequate, (2) implementing multiple systems at numerous
                            facilities, (3) completing data exchange efforts, and (4) completing
                            end-to-end testing. Because of the risks associated with FAA’s Year 2000
                            program, we have advocated that the agency develop business
                            continuity and contingency plans.11 FAA agreed and has activities
                            underway, which we are currently reviewing.
                          • In April 1999, we testified12 that HCFA had been responsive to prior
                            recommendations.13 For example, HCFA had (1) more effectively


                          9
                            Year 2000 Computing Crisis: Readiness Status of the Department of Health and Human Services
                          (GAO/T-AIMD-99-92, February 26, 1999).
                          10
                           Year 2000 Computing Crisis: FAA Is Making Progress But Important Challenges Remain
                          (GAO/T-AIMD/RCED-99-118, March 15, 1999).
                          11
                           FAA Computer Systems: Limited Progress on Year 2000 Issue Increases Risk Dramatically
                          (GAO/AIMD-98-45, January 30, 1998), GAO/T-AIMD-98-251, August 6, 1998, and
                          GAO/T-AIMD/RCED-99-118, March 15, 1999.
                          12
                            Year 2000 Computing Crisis: Readiness of Medicare and the Health Care Sector (GAO/T-AIMD-99-160,
                          April 27, 1999).
                          13
                           Medicare Computer Systems: Year 2000 Challenges Put Benefits and Services in Jeopardy
                          (GAO/AIMD-98-284, September 28, 1998).




                          Page 5                                                                       GAO/T-AIMD-99-233
                               managed its electronic data exchanges, (2) continued to define its
                               testing procedures, (3) begun to use several Year 2000 analysis tools to
                               measure testing thoroughness, and (4) demonstrated progress in its
                               business continuity and contingency planning. Nevertheless, HCFA still
                               faced many risks and challenges. For example, although reported
                               compliant, HCFA’s mission-critical systems were due to undergo a
                               significant amount of change, which would require a complete retest to
                               ensure that they were not contaminated by the changes and that they
                               were still compliant. Another risk that HCFA faced was that its
                               thousands of data exchanges were not yet compliant. We concluded
                               that given the considerable amount of work that HCFA faces, it is crucial
                               that development and testing of its business continuity and contingency
                               plans move forward rapidly to avoid the interruption of Medicare claims
                               processing next year.
                             • Our work has shown that the Department of Defense and the military
                               services face significant problems. 14 In March we testified that, despite
                               considerable progress made in the preceding 3 months, Defense was
                               still well behind schedule.15 We found that Defense faced two significant
                               challenges: (1) completing remediation and testing of its
                               mission-critical systems and (2) having a reasonable level of assurance
                               that key processes will continue to work on a day-to-day basis and key
                               operational missions necessary for national defense can be successfully
                               accomplished. We concluded that such assurance could only be
                               provided if Defense took steps to improve its visibility over the status of
                               key business processes.


End-to-End Testing Must Be   While it is important to achieve compliance for individual mission-critical
Completed                    systems, realizing such compliance alone does not ensure that business
                             functions will continue to operate through the change of century—the
                             ultimate goal of Year 2000 efforts. The purpose of end-to-end testing is to
                             verify that a defined set of interrelated systems, which collectively support
                             an organizational core business area or function, will work as intended in
                             an operational environment. In the case of the year 2000, many systems in
                             the end-to-end chain will have been modified or replaced. As a result, the

                             14
                              Defense Computers: Year 2000 Computer Problems Put Navy Operations at Risk (GAO/AIMD-98-150,
                             June 30, 1998); Defense Computers: Army Needs to Greatly Strengthen Its Year 2000 Program
                             (GAO/AIMD-98-53, May 29, 1998); GAO/AIMD-98-72, April 30, 1998; and Defense Computers: Air Force
                             Needs to Strengthen Year 2000 Oversight (GAO/AIMD-98-35, January 16, 1998).
                             15
                              Year 2000 Computing Crisis: Defense Has Made Progress, But Additional Management Controls Are
                             Needed (GAO/T-AIMD-99-101, March 2, 1999).




                             Page 6                                                                     GAO/T-AIMD-99-233
scope and complexity of testing--and its importance--are dramatically
increased, as is the difficulty of isolating, identifying, and correcting
problems. Consequently, agencies must work early and continually with
their data exchange partners to plan and execute effective end-to-end tests.
(Our Year 2000 testing guide sets forth a structured approach to testing,
including end-to-end testing.16)

In January we testified that with the time available for end-to-end testing
diminishing, OMB should consider, for the government’s most critical
functions, setting target dates, and having agencies report against them, for
the development of end-to-end test plans, the establishment of test
schedules, and the completion of the tests. 17 On March 31, OMB and the
Chair of the President’s Council on Year 2000 Conversion announced that
one of the key priorities that federal agencies will be pursuing during the
rest of 1999 will be cooperative end-to-end testing to demonstrate the Year
2000 readiness of federal programs with states and other partners.

Agencies have also acted to address end-to-end testing. For example, our
March FAA testimony 18 found that the agency had addressed our prior
concerns about the lack of detail in its draft end-to-end test program plan
and had developed a detailed end-to-end testing strategy and plans.19 At the
Department of Defense, last month we reported 20 that the department had
underway or planned hundreds of related Year 2000 end-to-end test and
evaluation activities and that, thus far, it was taking steps to ensure that
these related end-to-end tests were effectively coordinated. However, we
concluded that Defense was far from successfully finishing its various Year
2000 end-to-end test activities and that it must complete efforts to establish
end-to-end management controls, such as establishing an independent
quality assurance program.




16
     GAO/AIMD-10.1.21, November 1998.
17
 Year 2000 Computing Crisis: Readiness Improving, But Much Work Remains to Avoid Major
Disruptions (GAO/T-AIMD-99-50, January 20, 1999).
18
 GAO/T-AIMD/RCED-99-118, March 15, 1999.
19
 GAO/T-AIMD-98-251, August 6, 1998.
20
  Defense Computers: Management Controls Are Critical To Effective Year 2000 Testing
(GAO/AIMD-99-172, June 30, 1999).




Page 7                                                                       GAO/T-AIMD-99-233
Business Continuity and   Business continuity and contingency plans are essential. Without such
Contingency Plans Are     plans, when unpredicted failures occur, agencies will not have well-defined
                          responses and may not have enough time to develop and test alternatives.
Needed                    Federal agencies depend on data provided by their business partners as
                          well as on services provided by the public infrastructure (e.g., power,
                          water, transportation, and voice and data telecommunications). One weak
                          link anywhere in the chain of critical dependencies can cause major
                          disruptions to business operations. Given these interdependencies, it is
                          imperative that contingency plans be developed for all critical core
                          business processes and supporting systems, regardless of whether these
                          systems are owned by the agency. Accordingly, in April 1998 we
                          recommended that the Council require agencies to develop contingency
                          plans for all critical core business processes.21

                          OMB has clarified its contingency plan instructions and, along with the
                          Chief Information Officers Council, has adopted our business continuity
                          and contingency planning guide.22 In particular, on January 26, 1999, OMB
                          called on federal agencies to identify and report on the high-level core
                          business functions that are to be addressed in their business continuity and
                          contingency plans, as well as to provide key milestones for development
                          and testing of such plans in their February 1999 quarterly reports. In
                          addition, on May 13 OMB required agencies to submit high-level versions of
                          these plans by June 15. According to an OMB official, OMB has received
                          almost all of the agency plans. This official stated that OMB planned to
                          review the plans, discuss them with the agencies, determine whether there
                          were any common themes, and report on the plans’ status in its next
                          quarterly report.

                          To provide assurance that agencies’ business continuity and contingency
                          plans will work if needed, on January 20 we suggested that OMB may want
                          to consider requiring agencies to test their business continuity strategy and
                          set a target date, such as September 30, 1999, for the completion of this
                          validation. 23 Our review of the 24 major departments’ and agencies’ May
                          1999 quarterly reports found 14 cases in which agencies did not identify



                          21
                           Year 2000 Computing Crisis: Potential for Widespread Disruption Calls for Strong Leadership and
                          Parternships (GAO/AIMD-98-85, April 30, 1998).
                          22
                           GAO/AIMD-10.1.19, August 1998.
                          23
                           GAO/T-AIMD-99-50, January 20, 1999.




                          Page 8                                                                       GAO/T-AIMD-99-233
                            test dates for their business continuity and contingency plans or reported
                            test dates subsequent to September 30, 1999.

                            On March 31, OMB and the Chair of the President’s Council announced that
                            completing and testing business continuity and contingency plans as
                            insurance against disruptions to federal service delivery and operations
                            from Year 2000-related failures will be one of the key priorities that federal
                            agencies will be pursuing through the rest of 1999. Accordingly, OMB
                            should implement our suggestion and establish a target date for the
                            validation of these business continuity and contingency plans.


Recent OMB Action Could     While individual agencies have been identifying and remediating
Help Ensure Business        mission-critical systems, the government’s future actions need to be
                            focused on its high-priority programs and ensuring the continuity of these
Continuity of High-Impact   programs, including the continuity of federal programs that are
Programs                    administered by states. Accordingly, governmentwide priorities need to be
                            based on such criteria as the potential for adverse health and safety effects,
                            adverse financial effects on American citizens, detrimental effects on
                            national security, and adverse economic consequences. In April 1998 we
                            recommended that the President’s Council on Year 2000 Conversion
                            establish governmentwide priorities and ensure that agencies set
                            agencywide priorities.24

                            On March 26, OMB implemented our recommendation by issuing a
                            memorandum to federal agencies designating lead agencies for the
                            government’s 42 high-impact programs (e.g., food stamps, Medicare, and
                            federal electric power generation and delivery). (OMB later added a 43rd
                            high-impact program.) Appendix I lists these programs and their lead
                            agencies. For each program, the lead agency was charged with identifying
                            to OMB the partners integral to program delivery; taking a leadership role
                            in convening those partners; assuring that each partner has an adequate
                            Year 2000 plan and, if not, helping each partner without one; and
                            developing a plan to ensure that the program will operate effectively.
                            According to OMB, such a plan might include testing data exchanges
                            across partners, developing complementary business continuity and
                            contingency plans, sharing key information on readiness with other
                            partners and the public, and taking other steps necessary to ensure that the
                            program will work. OMB directed the lead agencies to provide a schedule


                            24
                             GAO/AIMD-98-85, April 30, 1998.




                            Page 9                                                       GAO/T-AIMD-99-233
                        and milestones of key activities in the plan by April 15. OMB also asked
                        agencies to provide monthly progress reports. As you know, we are
                        currently reviewing agencies’ progress in ensuring the readiness of their
                        high-impact programs for this subcommittee.



State and Local         Just as the federal government faces significant Year 2000 risks, so too do
                        state and local governments. If the Year 2000 problem is not properly
Governments Face        addressed, for example, (1) food stamps and other types of payments may
Significant Year 2000   not be made or could be made for incorrect amounts; (2) date-dependent
                        signal timing patterns could be incorrectly implemented at highway
Risks                   intersections, with safety severely compromised; and (3) prisoner release
                        or parole eligibility determinations may be adversely affected.
                        Nevertheless, available information on the Year 2000 readiness of state and
                        local governments indicates that much work remains.

                        According to information on state Year 2000 activities reported to the
                        National Association of State Information Resource Executives as of June
                        17, 1999,25 states26 reported having thousands of mission-critical systems.27
                        With respect to completing the implementation phase for these systems,

                        • 5 states 28 reported that they had completed between 25 and 49 percent,
                        • 13 states 29 reported completing between 50 and 74 percent, and
                        • 30 states 30 reported completing 75 percent or more.31


                        25
                          Individual states submit periodic updates to the National Association of State Information Resource
                        Executives. For the June 17 report, over half of the states submitted their data in May and June 1999.
                        The oldest data were provided on March 4 and the most recent data on June 16. All but three states
                        responded to the survey.
                        26
                          In the context of the National Association of State Information Resource Executives survey, the term
                        “states” includes the District of Columbia, Guam, and Puerto Rico.
                        27
                         The National Association of State Information Resource Executives defined mission-critical systems
                        as those that a state had identified as priorities for prompt remediation.
                        28
                          Three states reported on their mission-critical systems, one state reported on its processes, and one
                        reported on its functions.
                        29
                          Eleven states reported on their mission-critical systems, one reported on all systems, and one
                        reported on projects.
                        30
                          Twenty-five states reported on their mission-critical systems, two states reported on their
                        applications, one reported on its “priority business activities,” one reported on its “critical compliance
                        units,” and one reported on all systems.
                        31
                         Of the states that responded to the survey, two did not respond to this question.




                        Page 10                                                                            GAO/T-AIMD-99-233
All of the states responding to the National Association of State
Information Resource Executives survey reported that they were actively
engaged in internal and external contingency planning and that they had
established target dates for the completion of these plans; 14 (28 percent)
reported the deadline as October 1999 or later.

State audit organizations have also identified significant Year 2000
concerns. In January, the National State Auditors Association reported on
the results of its mid-1998 survey of Year 2000 compliance among states.32
This report stated that, for the 12 state audit organizations that provided
Year 2000-related reports, concerns had been raised in areas such as
planning, testing, embedded systems, business continuity and contingency
planning, and the adequacy of resources to address the problem.

We identified additional products by 15 state-level audit organizations and
Guam that discussed the Year 2000 problem and that had been issued since
October 1, 1998. Several of these state-level audit organizations noted that
progress had been made. However, the audit organizations also expressed
concerns that were consistent with those reported by the National State
Auditors Association, for example:

• In December 1998 the Vermont State Auditor reported33 that the state
  Chief Information Officer did not have a comprehensive control list of
  the state’s information technology systems. Accordingly, the audit office
  stated that, even if all mission-critical state systems were checked, these
  systems could be endangered by information technology components
  that had not been checked or by linkages with the state’s external
  electronic partners.
• In April, New York’s Division of Management Audit and State Financial
  Services reported that state agencies did not adequately control the
  critical process of testing remediated systems.34 Further, most agencies
  were in the early stages of addressing potential problems related to data
  exchanges and embedded systems and none had completed substantive
  work on contingency planning. The New York audit office subsequently



32
 Year 2000: State Compliance Efforts (National State Auditors Association, January 1999).
33
 Vermont State Auditor’s Report on State Government’s Year 2000 Preparedness (Y2K Compliance) for
the Period Ending November 1, 1998 (Office of the State Auditor, December 31, 1998).
34
  New York’s Preparation for the Year 2000: A Second Look (Office of the State Comptroller, Division of
Management Audit and State Financial Services, Report 98-S-21, April 5, 1999).




Page 11                                                                         GAO/T-AIMD-99-233
  issued 7 reports on 13 of the state’s mission-critical and high-priority
  systems that included concerns about contingency planning and testing.
• In February, the California State Auditor reported 35 that key agencies
  responsible for emergency services, corrections, and water resources,
  among other areas, had not fully addressed embedded
  technology-related threats. Regarding emergency services, the
  California report stated that if remediation of the embedded technology
  in its networks were not completed, the Office of Emergency Services
  might have to rely on cumbersome manual processes, significantly
  increasing response time to disasters.
• In March, Oregon’s Audits Division reported36 that 11 of the 12 state
  agencies reviewed did not have business continuity plans addressing
  potential Year 2000 problems for their core business functions.
• In March, North Carolina’s State Auditor reported37 that resource
  restrictions had limited the state’s Year 2000 Project Office’s ability to
  verify data reported by state agencies.

In the case of Illinois, on June 30, 1999, the Office of the Auditor General
reported38 that the state’s Department of Central Management Services had
taken the lead to increase agency awareness of the need to ensure that
computer systems are Year 2000 compliant, for example,

• monthly meetings were held with agency representatives,
• a central repository of information was developed to share information
  on, among other items, available tools, and

beginning this past April, state agencies were required to submit monthly
status reports to the Governor.

The Office of the Auditor General urged the Department of Central
Management Services to continue to work with the governor’s office and to


35
 Year 2000 Computer Problem: The State’s Agencies Are Progressing Toward Compliance but Key
Steps Remain Incomplete (California State Auditor, February 18, 1999).
36
  Department of Administrative Services Year 2000 Statewide Project Office Review (Secretary of State,
Audits Division, State of Oregon Report No. 99-05, March 16, 1999).
37
 Department of Commerce, Information Technology Services Year 2000 Project Office (Office of the
State Auditor, State of North Carolina, March 18, 1999).
38
  Department of Central Management Services Bureau of Communications and Services: Third Party
Review For The Year Ending June 30, 1999 (Office of the Auditor General, State of Illinois, June 30,
1999).




Page 12                                                                        GAO/T-AIMD-99-233
coordinate the state’s efforts in addressing and reporting on the Year 2000
issue. Further, the audit office stated that the department should
continually assess its progress in completing its conversion efforts and
develop contingency plans for any systems or applications that may not be
Year 2000 ready.

It is also critical that local government systems be ready for the change of
century since critical functions involving, for example, public safety and
traffic management, are performed at the local level. Recent reports on
local governments have highlighted Year 2000 concerns, for example:

On June 23, the National Association of Counties announced the results of
its April survey of 500 randomly selected counties. This survey found that
(1) 74 percent of respondents had a countywide plan to address Year 2000
issues, (2) 51 percent had completed system assessments, and
(3) 27 percent had completed system testing. In addition, 190 counties had
prepared contingency plans and 289 had not. Further, of the 114 counties
reporting that they planned to develop Year 2000 contingency plans,
22 planned to develop the plan in April-June, 64 in July-September, 18 in
October-December, and 10 did not yet know.

• The National League of Cities conducted a poll during its annual
  conference in March 1999 that included over 400 responses. The poll
  found that (1) 340 respondents stated that over 75 percent of their cities’
  critical systems would be Year 2000 compliant by January 1, 2000,
  (2) 35 stated that 51-75 percent would be compliant, (3) 16 stated that
  25-50 percent would be compliant, and (4) 16 stated that less than
  25 percent would be compliant. Moreover, 34 percent of respondents
  reported that they had contingency plans, 46 percent stated that they
  were in the process of developing plans, 12 percent stated that plans
  would be developed, and 8 percent said they did not intend to develop
  contingency plans.
• In January 1999, the United States Conference of Mayors reported on
  the results of its survey of 220 cities. It found that (1) 97 percent had a
  citywide plan to address Year 2000 issues, (2) 22 percent had repaired or
  replaced less than half of their systems, and (3) 45 percent had
  completed less than half of their testing.

Of critical importance to the nation are services essential to the safety and
well-being of individuals across the country, namely 9-1-1 systems and law
enforcement. For the most part, responsibility for ensuring continuity of
service for 9-1-1 calls and law enforcement resides with thousands of state



Page 13                                                     GAO/T-AIMD-99-233
                             and local jurisdictions. On April 29 we testified that not enough was known
                             about the status of either 9-1-1 systems or of state and local law
                             enforcement activities to conclude about either’s ability during the
                             transition to the year 2000 to meet the public safety and well-being needs of
                             local communities across the nation.39 While the federal government
                             planned additional actions to determine the status of these areas, we stated
                             that the President’s Council on Year 2000 Conversion should use such
                             information to identify specific risks and develop appropriate strategies
                             and contingency plans to respond to those risks.

                             Recognizing the seriousness of the Year 2000 risks facing state and local
                             governments, the President’s Council has developed initiatives to address
                             the readiness of state and local governments, for example:

                             • The Council established working groups on state and local governments
                               and tribal governments.
                             • Council officials participate in monthly multistate conference calls.
                             • In July 1998 and March 1999, the Council, in partnership with the
                               National Governors’ Association, convened Year 2000 summits with
                               state and U.S. territory Year 2000 coordinators.
                             • On May 24, the Council announced a nationwide campaign to promote
                               “Y2K Community Conversations” to support and encourage efforts of
                               government officials, business leaders, and interested citizens to share
                               information on their progress. To support this initiative, the Council has
                               developed and is distributing a toolkit that provides examples of which
                               sectors should be represented at these events and issues that should be
                               addressed.


State-Administered Federal   Among the critical functions performed by states are the administration of
Human Services Programs      federal human services programs. As we reported in November 1998, many
                             systems that support state-administered federal human services programs
Are At Risk                  were at risk, and much work remained to ensure that services would
                             continue.40 In February of this year, we testified that while some progress
                             had been achieved, many states’ systems were not scheduled to become



                             39
                               Year 2000 Computing Challenge: Status of Emergency and State and Local Law Enforcement Systems
                             Is Still Unknown (GAO/T-AIMD-99-163, April 29, 1999).
                             40
                              Year 2000 Computing Crisis: Readiness of State Automated Systems to Support Federal Welfare
                             Programs (GAO/AIMD-99-28, November 6, 1998).




                             Page 14                                                                     GAO/T-AIMD-99-233
compliant until the last half of 1999.41 Accordingly, we concluded that,
given these risks, business continuity and contingency planning was even
more important in ensuring continuity of program operations and benefits
in the event of systems failures.

Subsequent to our November 1998 report, OMB directed federal oversight
agencies to include the status of selected state human services systems in
their quarterly reports. Specifically, in January 1999, OMB requested that
agencies describe actions to help ensure that federally supported, state-run
programs will be able to provide services and benefits. OMB further asked
that agencies report the date when each state’s systems will be Year
2000-compliant. Tables 1 and 2 summarize the information gathered by the
Departments of Agriculture and Health and Human Services, respectively,
on the compliance status of state-level organizations. The information
indicates that a number of states do not plan to complete their Year 2000
efforts until the last quarter of 1999.



Table 1: Reported State-level Readiness for Federally Supported Programs,
Department of Agriculture, May 1999 a

                                                     April-    July- October-
Program                               Compliant      June September December Unknownb
Food Stamps                                    25        12            14              3            0
Child Nutrition                                29         9            10              4            2
Women, Infants, and                            33        11              7             3            0
Children
a
 This chart contains readiness information from the 50 states, the District of Columbia, Guam, Puerto
Rico, and the Virgin Islands.
b
    Unknown indicates the state did not provide a date or the date was unknown.
Source: Department of Agriculture.




41
  Year 2000 Computing Crisis: Readiness of State Automated Systems That Support Federal Human
Services Programs (GAO/T-AIMD-99-91, February 24, 1999).




Page 15                                                                           GAO/T-AIMD-99-233
Table 2: Reported State-levela Readiness for Federally Supported Programs,
Department of Health and Human Servicesb

                                         Jan.- April-            July-     Oct.-
Program                      Compliantc March June               Sept.     Dec. Unknownd            N/Ae
Child Care                              24          5        5        8         2              6         4
Child Support                           15          4       13        8         8              6         0
Enforcement
Child Welfare                           20          5        9       11         3              5         1
Low Income Housing                      10          0        3        7         1            32          1
Energy Assistance
Program
Medicaid – Integrated                   20          0       15       15         4              0         0
Eligibility System
Medicaid –                              17          0       19       14         4              0         0
Management
Information System
Temporary Assistance                    19          3       12       15         1              4         0
for Needy Families
a
 This chart contains readiness information from the 50 states, the District of Columbia, Guam, Puerto
Rico, and the Virgin Islands.
b
 The OMB report stated that this information was as of January 31, 1999. However, OMB provided a
draft table to the National Association of State Information Resource Executives which, in turn,
provided the draft table to the states. The states were asked to contact HHS and provide corrections
by June 1, 1999. For its part, HHS submitted updated state data to OMB in early June.
c
 In many cases the report indicated a date instead of whether the state was compliant. We assumed
that states reporting completion dates in 1998 or earlier were compliant.
d
 Unknown indicates that, according to OMB, the data reported by the states were unclear or that no
information was reported by the agency.
e
  N/A indicates that the states or territories reported that the data requested were not applicable to
them.
Source: Progress on Year 2000 Conversion: 9th Quarterly Report (OMB, issued on June 15, 1999).


In addition, in June 1999, OMB reported that, as of March 31, 1999, 27
states’ unemployment insurance systems were compliant, 11 planned to be
completed between April and June 1999, 10 planned to be completed
between July and September, and 5 planned to be completed between
October and December.

Along with obtaining readiness information from the states, agencies have
initiated additional actions to help ensure the Year 2000 compliance of
state-administered programs. About a quarter of the federal government’s
programs designated high-impact by OMB are state-administered, such as
Food Stamps and Temporary Assistance for Needy Families. In response to
OMB’s March memorandum regarding the high-impact programs, the



Page 16                                                                             GAO/T-AIMD-99-233
departments of Agriculture, Health and Human Services, and Labor
reported on various actions that they are taking or plan to take to help
ensure the Year 2000 compliance of their state-administered programs, for
example:

• The Department of Agriculture reported in May that its Food and
  Nutrition Service requested that states provide their contingency plans
  and had contracted for technical support services to review these plans,
  as needed, and to assist in its oversight of other state Year 2000
  activities.
• The Department of Health and Human Services reported that its
  Administration for Children and Families and Health Care Financing
  Administration had contracted for on-site assessments of state partners,
  which will include reviews of business continuity and contingency
  plans.
• The Department of Labor reported that states are required to submit a
  certification of Year 2000 compliance for their benefit and tax systems
  along with an independent verification and validation report. In
  addition, Labor required that state agencies prepare business continuity
  and contingency plans, which will be reviewed by Labor officials.
  Further, the department plans to design and develop a prototype
  PC-based system to be used in the event that a state’s unemployment
  insurance system is unusable due to a Year 2000-induced problem.

An example of the benefits that federal/state partnerships can provide is
illustrated by the Department of Labor’s unemployment services program.
In September 1998, we reported that many state employment security
agencies were at risk of failure as early as January 1999 and urged the
Department of Labor to initiate the development of realistic contingency
plans to ensure continuity of core business processes in the event of Year
2000-induced failures.42 Just last month, we testified that four state
agencies’ systems could have failed if systems in those states had not been
programmed with an emergency patch in December 1998. This patch was
developed by several of the state agencies and promoted to other state
agencies by the Department of Labor. 43



42
  Year 2000 Computing Crisis: Progress Made at Department of Labor, But Key Systems at Risk
(GAO/T-AIMD-98-303, September 17, 1998).
43
  Year 2000 Computing Challenge: Labor Has Progressed But Selected Systems Remain at Risk
(GAO/T-AIMD-99-179, May 12, 1999).




Page 17                                                                     GAO/T-AIMD-99-233
Year 2000 Readiness     Beyond the risks faced by federal, state, and local governments, the year
                        2000 also poses a serious challenge to the public infrastructure, key
Information Available   economic sectors, and to other countries. To address these concerns, in
in Some Sectors, But    April 1998 we recommended that the Council use a sector-based approach
                        and establish the effective public-private partnerships necessary to address
Key Information Still   this issue.44 The Council subsequently established over 25 sector-based
Missing or Incomplete   working groups and has been initiating outreach activities since it became
                        operational last spring. In addition, the Chair of the Council has formed a
                        Senior Advisors Group composed of representatives from private-sector
                        firms across key economic sectors. Members of this group are expected to
                        offer perspectives on cross-cutting issues, information sharing, and
                        appropriate federal responses to potential Year 2000 failures.

                        Our April 1998 report also recommended that the President's Council
                        develop a comprehensive picture of the nation’s Year 2000 readiness, to
                        include identifying and assessing risks to the nation's key economic
                        sectors--including risks posed by international links. In October 1998 the
                        Chair directed the Council's sector working groups to begin assessing their
                        sectors. The Chair also provided a recommended guide of core questions
                        that the Council asked to be included in surveys by the associations
                        performing the assessments. These questions included the percentage of
                        work that has been completed in the assessment, renovation, validation,
                        and implementation phases. The Chair then planned to issue quarterly
                        public reports summarizing these assessments. The first such report was
                        issued on January 7, 1999.

                        The Council’s second report was issued on April 21, 1999.45 The report
                        stated that substantial progress had been made in the prior 6 to 12 months,
                        but that there was still much work to be done. According to the Council,
                        most industries had projected completion target dates between June and
                        September and were in, or would soon be moving into, the critical testing
                        phase. Key points in the Council’s April assessment included the following:

                        • National Year 2000 failures in key U.S. infrastructures such as power,
                          banking, telecommunications, and transportation are unlikely.


                        44
                         GAO/AIMD-98-85, April 30, 1998.
                        45
                         Both of the Council’s reports are available on its web site, www.y2k.gov. In addition, the Council, in
                        conjunction with the Federal Trade Commission and the General Services Administration, has
                        established a toll-free Year 2000 information line, 1-888-USA-4Y2K. The Federal Trade Commission has
                        also included Year 2000 information of interest to consumers on its web site, www.consumer.gov.




                        Page 18                                                                         GAO/T-AIMD-99-233
• Organizations that are not paying appropriate attention to the Year 2000
  problem or that are adopting a “wait and see” strategy—an attitude
  prevalent among some small businesses and local governments—are
  putting themselves and those that depend upon them at great risk.
• International Year 2000 activity, although increasing, is lagging and will
  be the source of the greatest risk.

The Council’s assessment reports have substantially increased the nation’s
understanding of the Year 2000 readiness of key industries. However, the
picture remained incomplete in certain key areas because the surveys
conducted did not have a high response rate, the assessment was general,
or the data were old. For example, according to the assessment report,
only 13 percent of the nation’s 9-1-1 centers had responded to a survey
being conducted by the Federal Emergency Management Agency in
conjunction with the National Emergency Number Association, calling into
question whether the results of the survey accurately portrayed the
readiness of the sector. In the case of drinking water, both the January and
April reports provided a general assessment but did not contain detailed
data as to the status of the sector (e.g., the average percentage of an
organization’s systems that are Year 2000 compliant or the percentage of
organizations that are in the assessment, renovation, or validation phases).
Finally, in some cases, such as the transit industry, the sector surveys had
been conducted months earlier.

The President’s Council is to be commended on the strides that it has made
to obtain Year 2000 readiness data critical to the nation’s well-being as well
as its other initiatives, such as the establishment of the Senior Advisors
Group. To further reduce the likelihood of major disruptions, in testimony
this January, we suggested that the Council consider additional actions
such as continuing to aggressively pursue readiness information in the
areas in which it is lacking. 46 If the current approach of using associations
to voluntarily collect information does not yield the necessary information,
we suggested that the Council may wish to consider whether legislative
remedies (such as requiring disclosure of Year 2000 readiness data) should
be proposed. In response to this suggestion, the Council Chair stated that
the Council has focused on collaboration and communication with
associations and other groups as a means to get industries to share
information on their Year 2000 readiness and that the Council did not



46
 GAO/T-AIMD-99-50, January 20, 1999.




Page 19                                                     GAO/T-AIMD-99-233
                believe that legislation would be necessary. The Council’s next sector
                report is expected to be released later this month.

                Subsequent to the Council’s April report, surveys in key sectors have been
                issued. In addition, we have issued several products related to several of
                these sectors. I will now discuss the results of some of these surveys and
                our reviews.


Energy Sector   In April, we reported that while the electric power industry had concluded
                that it had made substantial progress in making its systems and equipment
                ready to continue operations into the year 2000, significant risks remained
                since many reporting organizations did not expect to be Year 2000 ready
                within the June 1999 industry target date.47 We, therefore, suggested that
                the Department of Energy (1) work with the Electric Power Working Group
                to ensure that remediation activities were accelerated for the utilities that
                expected to miss the June 1999 deadline for achieving Year 2000 readiness
                and (2) encourage state regulatory utility commissions to require a full
                public disclosure of Year 2000 readiness status of entities transmitting and
                distributing electric power. The Department of Energy generally agreed
                with our suggestions. We also suggested that the Nuclear Regulatory
                Commission (1) in cooperation with the Nuclear Energy Institute, work
                with nuclear power plant licensees to accelerate the Year 2000 remediation
                efforts among the nuclear power plants that expect to meet the June 1999
                deadline for achieving readiness and (2) publicly disclose the Year 2000
                readiness of each of the nation’s operational nuclear reactors. In response,
                the Nuclear Regulatory Commission stated that it plans to focus its efforts
                on nuclear power plants that may miss the July 1, 1999, milestone and that
                it would release the readiness information on individual plants that same
                month.

                Subsequent to our report, on April 30, 1999, the North American Electric
                Reliability Council released its third status report on electric power
                systems. According to the North American Electric Reliability Council, as
                of March 31, 1999, reporting organizations, on average, had completed
                99 percent of the inventory phase, 95 percent of the assessment phase, and
                75 percent of the remediation/testing phase.



                47
                  Year 2000 Computing Crisis: Readiness of the Electric Power Industry (GAO/AIMD-99-114,
                April 6, 1999).




                Page 20                                                                     GAO/T-AIMD-99-233
               In May, we reported48 that while the domestic oil and gas industries had
               reported that they had made substantial progress in making their
               equipment and systems ready to continue operations into the year 2000,
               risks remained. In particular, a February industrywide survey found that
               over a quarter of the oil and gas industries reported that they did not expect
               to be Year 2000 ready until the second half of 1999—leaving little time for
               resolving unexpected problems. Moreover, although over half of our oil is
               imported, little was known about the Year 2000 readiness of foreign oil
               suppliers. Further, while individual domestic companies reported that they
               were developing Year 2000 contingency plans, there were no plans to
               perform a national-level risk assessment and develop contingency plans to
               deal with potential shortages or disruptions in the nation’s overall oil and
               gas supplies. We suggested that the Council’s oil and gas working group
               (1) work with industry associations to perform national-level risk
               assessments and develop and publish credible, national-level scenarios
               regarding the impact of potential Year 2000 failures and (2) develop
               national-level contingency plans. The working group generally agreed with
               these suggestions.



Water Sector   As I previously mentioned, the Council’s January and April assessment
               reports provided only a general assessment of the drinking water sector
               and did not contain detailed data. Similarly, in April we reported49 that
               insufficient information was available to assess and manage Year 2000
               efforts in the water sector, and little additional information was expected
               under the current regulatory approach. While the Council’s water sector
               working group had undertaken an awareness campaign and had urged
               national water sector associations to continue to survey their
               memberships, survey response rates had been low. Further, Environmental
               Protection Agency officials stated that the agency lacked the rules and
               regulations necessary to require water and wastewater facilities to report
               on their Year 2000 status.

               Our survey of state regulators found that a few states were proactively
               collecting Year 2000 compliance data from regulated facilities, a much
               larger group of states was disseminating Year 2000 information, while
               another group was not actively using either approach. Additionally, only a


               48
                 Year 2000 Computing Crisis: Readiness of the Oil and Gas Industries (GAO/AIMD-99-162,
               May 19, 1999).
               49
                Year 2000 Computing Crisis: Status of the Water Industry (GAO/AIMD-99-151, April 21, 1999).




               Page 21                                                                       GAO/T-AIMD-99-233
                handful of state regulators believed that they were responsible for ensuring
                facilities’ Year 2000 compliance or overseeing facilities’ business continuity
                and contingency plans. Among our suggested actions was that the Council,
                the Environmental Protection Agency, and the states determine which
                regulatory organization should take responsibility for assessing and
                publicly disclosing the status and outlook of water sector facilities’ Year
                2000 business continuity and contingency plans. The Environmental
                Protection Agency generally agreed with our suggestions but one official
                noted that additional legislation may be needed if the agency is to take
                responsibility for overseeing facilities’ Year 2000 business continuity and
                contingency plans.


Health Sector   The health sector includes health care providers (such as hospitals and
                emergency health care services), insurers (such as Medicare and
                Medicaid), and biomedical equipment. With respect to biomedical
                equipment, on June 10 we testified50 that, in response to our September
                1998 recommendation, 51 HHS, in conjunction with the Department of
                Veterans Affairs, had established a clearinghouse on biomedical equipment.
                As of June 1, 1999, 4,142 biomedical equipment manufacturers had
                submitted data to the clearinghouse. About 61 percent of these
                manufacturers reported having products that do not employ dates and
                about 8 percent (311 manufacturers) reported having date-related
                problems such as an incorrect display of date/time. According to the Food
                and Drug Administration, the 311 manufacturers reported 897 products
                with date-related problems. However, not all compliance information was
                available on the clearinghouse because the clearinghouse referred the user
                to 427 manufacturers’ web sites. Accordingly, we reviewed the web sites of
                these manufacturers and found, as of June 1, 1999, a total of
                35,446 products.52 Of these products, 18,466 were reported as not
                employing a date, 11,211 were reported as compliant, 4,445 were shown as
                not compliant, and the compliance status of 1,324 was unknown.



                50
                 Year 2000 Computing Challenge: Concerns About Compliance Information on Biomedical Equipment
                (GAO/T-AIMD-99-209, June 10, 1999).
                51
                 Year 2000 Computing Crisis: Compliance Status of Many Biomedical Equipment Items Still Unknown
                (GAO/AIMD-98-240, September 18, 1998).
                52
                  Because of limitations in many of the manufacturers web sites, our ability to determine the total
                number of biomedical equipment products reported and their compliance status was impaired.
                Accordingly, the actual number of products reported by the manufacturers could be significantly higher
                than the 35,446 products that we counted.




                Page 22                                                                        GAO/T-AIMD-99-233
                             In addition to the establishment of a clearinghouse, our September 1998
                             report also recommended that HHS and the Department of Veterans Affairs
                             take prudent steps to jointly review manufacturers’ test results for critical
                             care/life support biomedical equipment. We were especially concerned
                             that the departments review test results for equipment previously deemed
                             to be noncompliant but now deemed by manufacturers to be compliant, or
                             equipment for which concerns about compliance remained. In May 1999,
                             the Food and Drug Administration, a component agency of HHS,
                             announced that it planned to develop a list of critical care/life support
                             medical devices and the manufacturers of these devices, select a sample of
                             manufacturers for review, and hire a contractor to develop a program to
                             assess manufacturers’ activities to identify and correct Year 2000 problems
                             for these medical devices. In addition, if the results of this review indicated
                             a need for further review of manufacturer activities, the contractor would
                             review a portion of the remaining manufacturers not yet reviewed.
                             Moreover, according to the Food and Drug Administration, any
                             manufacturer whose quality assurance system appeared deficient based on
                             the contractors review would be subject to additional reviews to determine
                             what actions would be required to eliminate any risk posed by
                             noncompliant devices.

                             In April testimony53 we also reported on the results of a Department of
                             Veterans Affairs survey of 384 pharmaceutical firms and
                             459 medical-surgical firms with whom it does business. Of the 52 percent
                             of pharmaceutical firms that responded to the survey, 32 percent reported
                             that they were compliant. Of the 54 percent of the medical-surgical firms
                             that responded, about two-thirds reported that they were compliant.


Banking and Finance Sector   A large portion of the institutions that make up the banking and finance
                             sector are overseen by one or more federal regulatory agencies. In
                             September 1998 we testified on the efforts of five federal financial
                             regulatory agencies 54 to ensure that the institutions that they oversee are
                             ready to handle the Year 2000 problem. 55 We concluded that the regulators


                             53
                              Year 2000 Computing Crisis: Action Needed to Ensure Continued Delivery of Veterans Benefits and
                             Health Care Services (GAO/T-AIMD-99-136, April 15, 1999).
                             54
                               The National Credit Union Administration, the Federal Deposit Insurance Corporation, the Office of
                             Thrift Supervision, the Federal Reserve System, and the Office of the Comptroller of the Currency.
                             55
                              Year 2000 Computing Crisis: Federal Depository Institution Regulators Are Making Progress, But
                             Challenges Remain (GAO/T-AIMD-98-305, September 17, 1998).




                             Page 23                                                                        GAO/T-AIMD-99-233
had made significant progress in assessing the readiness of member
institutions and in raising awareness on important issues such as
contingency planning and testing. Regulator examinations of bank, thrift,
and credit union Year 2000 efforts found that the vast majority were doing a
satisfactory job of addressing the problem. Nevertheless, the regulators
faced the challenge of ensuring that they are ready to take swift action to
address those institutions that falter in the later stages of correction and to
address disruptions caused by international and public infrastructure
failures.

In April, we reported that the Federal Reserve System--which is
instrumental to our nation’s economic well-being, since it provides
depository institutions and government agencies services such as
processing checks and transferring funds and securities--has effective
controls to help ensure that its Year 2000 progress is reported accurately
and reliably.56 We also found that it is effectively managing the renovation
and testing of its internal systems and the development and planned testing
of contingency plans for continuity of business operations. Nevertheless,
the Federal Reserve System still had much to accomplish before it is fully
ready for January 1, 2000, such as completing validation and
implementation of all of its internal systems and completing its
contingency plans.

In addition to the domestic banking and finance sector, large U.S. financial
institutions have financial exposures and relationships with international
financial institutions and markets that may be at risk if these international
organizations are not ready for the date change occurring on
January 1, 2000. In April, we reported57 that foreign financial institutions
had reportedly lagged behind their U.S. counterparts in preparing for the
Year 2000 date change. Officials from four of the seven large foreign
financial institutions we visited said they had scheduled completion of their
Year 2000 preparations about 3 to 6 months after their U.S. counterparts,
but they planned to complete their efforts by mid-1999 at the latest.
Moreover, key international market supporters, such as those that transmit
financial messages and provide clearing and settlement services, told us
that their systems were ready for the date change and that they had begun


56
 Year 2000 Computing Crisis: Federal Reserve Has Established Effective Year 2000 Management
Controls for Internal Systems Conversion (GAO/AIMD-99-78, April 9, 1999).
57
 Year 2000: Financial Institution and Regulatory Efforts to Address International Risks
(GAO/GGD-99-62, April 27, 1999).




Page 24                                                                         GAO/T-AIMD-99-233
                        testing with the financial organizations that depended on these systems.
                        Further, we found that seven large U.S. banks and securities firms we
                        visited were taking actions to address their international risks. In addition,
                        U.S. banking and securities regulators were also addressing the
                        international Year 2000 risks of the institutions that they oversee.

                        With respect to the insurance industry, in March we concluded that
                        insurance regulator presence regarding the Year 2000 area was not as
                        strong as that exhibited by the banking and securities industry.58 State
                        insurance regulators we contacted were late in raising industry awareness
                        of potential Year 2000 problems, provided little guidance to regulated
                        institutions, and failed to convey clear regulatory expectations to
                        companies about Year 2000 preparations and milestones. Nevertheless, the
                        insurance industry is reported by both its regulators and by other outside
                        observers to be generally on track to being ready for 2000. However, most
                        of these reports are based on self-reported information and, compared to
                        other financial regulators, insurance regulators’ efforts to validate this
                        information generally began late and were more limited.

                        In a related report in April,59 we stated that variations in oversight
                        approaches by state insurance regulators also made it difficult to ascertain
                        the overall status of the insurance industry’s Year 2000 readiness. We
                        reported that the magnitude of insurers’ Year 2000-related liability
                        exposures could not be estimated at that time but that costs associated
                        with these exposures could be substantial for some property-casualty
                        insurers, particularly those concentrated in commercial-market sectors. In
                        addition, despite efforts to mitigate potential exposures, the Year
                        2000-related costs that may be incurred by insurers would remain uncertain
                        until key legal issues and actions on pending legislation were resolved.


Transportation Sector   A key component to the nation’s transportation sector are airports. This
                        January we reported on our survey of 413 airports. 60 We found that while
                        the nation’s airports are making progress in preparing for the year 2000,


                        58
                         Insurance Industry: Regulators Are Less Active in Encouraging and Validating Year 2000 Preparedness
                        (GAO/T-GGD-99-56, March 11, 1999).
                        59
                         Year 2000: State Insurance Regulators Face Challenges in Determining Industry Readiness
                        (GAO/GGD-99-87, April 30, 1999).
                        60
                         Year 2000 Computing Crisis: Status of Airports’ Efforts to Deal With Date Change Problem
                        (GAO/RCED/AIMD-99-57, January 29, 1999).




                        Page 25                                                                       GAO/T-AIMD-99-233
                          such progress varied. Of the 334 airports responding to our survey, about
                          one-third reported that they would complete their Year 2000 preparations
                          by June 30, 1999. The other two-thirds either planned on a later date or
                          failed to estimate any completion date, and half of these airports did not
                          have contingency plans for any of 14 core airport functions. Although most
                          of those not expecting to be ready by June 30 are small airports, 26 of them
                          are among the nation’s largest 50 airports.

                          On June 18, the Federal Aviation Administration issued an air industry Year
                          2000 status report that included information on airports and airline
                          carriers. Table 3 provides the assessment, renovation, validation, and
                          implementation information contained in this report.



                          Table 3: Industry Segment Percentage Completion of Year 2000 Remediation Phases

                          Industry segment                    Assessment Renovation            Validation    Implementation
                          Large hub airports                              98           63%             31%                 26%
                          Medium hub airports                         100%             70%             43%                 37%
                          Small hub airports                           94%             61%             55%                 48%
                          Non-hub airports                             93%             67%             67%                 70%
                                                                                                                               a
                          Major carriers                              100%             75%             50%
                          Low-cost carriers                            73%             38%             19%                 18%
                          Note: Airport information was based on data as of March 15, 1999, from the American Association of
                          Airport Executives and the Airports Council International/North America. The major carrier information
                          was based on data as of February 22, 1999, from the AirTransport Association of America, and the
                          low-cost carrier information was based on data as of November 30, 1998, from the National Air
                          Carriers Association, Inc.
                          a
                              Implementation was occurring as validation and testing were completed.
                          Source: Federal Aviation Administration.




Manufacturing and Small   The manufacturing and small business sector includes the entities that
Business Sector           produce or sell a myriad of products such as chemicals, electronics, heavy
                          equipment, food, textiles, and automobiles. With respect to the chemical
                          industry, table 4 contains the latest survey data by Chemical Manufacturers
                          Association--which represents over 190 primarily large chemical
                          companies--and shows that while some companies’ systems are Year 2000
                          ready, others are in varying stages of completion. This survey provided
                          information on the Year 2000 readiness stage of 123 respondents with
                          respect to their business systems, manufacturing, inventory, and




                          Page 26                                                                        GAO/T-AIMD-99-233
distribution systems, embedded systems, and supply chain as of
May 12, 1999.



Table 4: Results of May 12, 1999 Survey of Chemical Manufacturers Associationa

                            Year 2000            Inventory/
Function                        ready Planning assessment Remediation                     Validation
Business systems                     26            1                5               51               27
Manufacturing,                       18            2                7               53               28
inventory, and
distribution systems
Embedded systems                     15            2              26                52               13
Supply chain                         10            4              51                22               21
a
 Some respondents did not provide information to all questions or stated that the question was not
applicable.
Source: Chemical Manufacturers Association statement before the Senate Special Committee on the
Year 2000 Technology Problem, May 14, 1999.


Since the Chemical Manufacturers Association represented mainly large
companies, a survey of small and mid-sized chemical companies was
sponsored by several industry associations 61 to assist the Congress, the
administration, and the U.S. Chemical Safety and Hazard Investigation
Board by obtaining information on the preparedness of this segment of the
industry. Table 5 contains the results of the survey, which was conducted
between March and May 1999.




61
  The sponsors of the survey were the American Crop Protection Association, Chemical Producers &
Distributors Association, Chemical Specialties Manufacturers Association, International Sanitary
Supply Association, National Association of Chemical Distributors, Responsible Industry for a Sound
Environment, and the Synthetic Organic Chemical Manufacturers Association.




Page 27                                                                        GAO/T-AIMD-99-233
Table 5: Readiness Stage of Small and Medium-Sized Chemical Companiesa

                            Year 2000                    Inventory/
Function                        ready Planning         Assessment Remediation             Validation
Business systems                   147            8                 4               24               12
Manufacturing,                     133            8                 3               21               13
inventory, and
distribution systems
Embedded systems                    83            3                 7               13                6
Supply chain                        80           17                29               17               25
a
 Some respondents did not provide information to all questions or stated that the question was not
applicable.
Source: Year 2000 Readiness Disclosure Survey of Small & Mid-Sized Chemical Companies,
June 9, 1999.


Another key segment of the economy are small businesses. The National
Federation of Independent Business and Wells Fargo sponsored a third
survey of the Year 2000 preparedness of small businesses between
mid-April and mid-May 1999. This survey found that 84 percent of small
businesses are directly exposed to a possible Year 2000 problem. Of the
small businesses directly exposed to the Year 2000 problem, 59 percent had
taken action, 12 percent planned to take action, and 28 percent did not plan
to take action (the other 1 percent responded that the question was not
applicable). In addition, 43 percent of the small businesses that were
aware of the Year 2000 problem had made contingency plans to minimize
the impact of potential problems.

In summary, while improvement has been shown, much work remains at
the national, federal, state, and local levels to ensure that major service
disruptions do not occur. Specifically, remediation must be completed,
end-to-end testing performed, and business continuity and contingency
plans developed. Similar actions remain to be completed by the nation’s
key sectors. Accordingly, whether the United States successfully confronts
the Year 2000 challenge will largely depend on the success of federal, state,
and local governments, as well as the private sector working separately and
together to complete these actions. Accordingly, strong leadership and
partnerships must be maintained to ensure that the needs of the public are
met at the turn of the century.

Mr. Chairman, this concludes my statement. I would be happy to respond
to any questions that you or other members of the Subcommittee may have
at this time.



Page 28                                                                        GAO/T-AIMD-99-233
Appendix I

Federal High-Impact Programs and Lead
Agencies                                                                                                                       Appenx
                                                                                                                                    Idi




Agency                                          Program
Department of Agriculture                       Child Nutrition Programs
Department of Agriculture                       Food Safety Inspection
Department of Agriculture                       Food Stamps
Department of Agriculture                       Special Supplemental Nutrition Program for Women, Infants, and Children
Department of Commerce                          Patent and trademark processing
Department of Commerce                          Weather Service
Department of Defense                           Military Hospitals
Department of Defense                           Military Retirement
Department of Education                         Student Aid
Department of Energy                            Federal electric power generation and delivery
Department of Health and Human Services         Child Care
Department of Health and Human Services         Child Support Enforcement
Department of Health and Human Services         Child Welfare
Department of Health and Human Services         Disease monitoring and the ability to issue warnings
Department of Health and Human Services         Indian Health Service
Department of Health and Human Services         Low Income Home Energy Assistance Program
Department of Health and Human Services         Medicaid
Department of Health and Human Services         Medicare
Department of Health and Human Services         Organ Transplants
Department of Health and Human Services         Temporary Assistance for Needy Families
Department of Housing and Urban Development     Housing loans (Government National Mortgage Association)
Department of Housing and Urban Development     Section 8 Rental Assistance
Department of Housing and Urban Development     Public Housing
Department of Housing and Urban Development     FHA Mortgage Insurance
Department of Housing and Urban Development     Community Development Block Grants
Department of the Interior                      Bureau of Indians Affairs programs
Department of Justice                           Federal Prisons
Department of Justice                           Immigration
Department of Justice                           National Crime Information Center
Department of Labor                             Unemployment Insurance
Department of State                             Passport Applications and Processing
Department of Transportation                    Air Traffic Control System
Department of Transportation                    Maritime Safety Program
Department of the Treasury                      Cross-border Inspection Services
Department of Veterans Affairs                  Veterans’ Benefits
Department of Veterans Affairs                  Veterans’ Health Care
Federal Emergency Management Agency             Disaster Relief
                                                                                                                      (continued)


                                          Page 29                                                            GAO/T-AIMD-99-233
                                 Appendix I
                                 Federal High-Impact Programs and Lead
                                 Agencies




Agency                                 Program
Office of Personnel Management         Federal Employee Health Benefits
Office of Personnel Management         Federal Employee Life Insurance
Office of Personnel Management         Federal Employee Retirement Benefits
Railroad Retirement Board              Retired Rail Workers Benefits
Social Security Administration         Social Security Benefits
U.S. Postal Service                    Mail Service




                                 Page 30                                      GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis

               Defense Computers: Management Controls Are Critical to Effective Year
               2000 Testing (GAO/AIMD-99-172, June 30, 1999).

               Year 2000 Computing Crisis: Customs Is Making Good Progress
               (GAO/T-AIMD-99-225, June 29, 1999).

               Year 2000 Computing Challenge: Delivery of Key Benefits Hinges on States’
               Achieving Compliance (GAO/T-AIMD/GGD-99-221, June 23, 1999).

               Year 2000 Computing Challenge: Estimated Costs, Planned Uses of
               Emergency Funding, and Future Implications (GAO/T-AIMD-99-214,
               June 22, 1999).

               GSA’s Effort to Develop Year 2000 Business Continuity and Contingency
               Plans for Telecommunications Systems (GAO/AIMD-99-201R,
               June 16, 1999).

               Year 2000 Computing Crisis: Actions Needed to Ensure Continued Delivery
               of Veterans Benefits and Health Care Services (GAO/AIMD-99-190R,
               June 11, 1999).

               Year 2000 Computing Challenge: Concerns About Compliance Information
               on Biomedical Equipment (GAO/T-AIMD-99-209, June 10, 1999).

               Year 2000 Computing Challenge: Much Biomedical Equipment Status
               Information Available, Yet Concerns Remain (GAO/T-AIMD-99-197,
               May 25, 1999).

               Year 2000 Computing Challenge: OPM Has Made Progress on Business
               Continuity Planning (GAO/GGD-99-66, May 24, 1999).

               VA Y2K Challenges: Responses to Post-Testimony Questions
               (GAO/AIMD-99-199R, May 24, 1999).

               Year 2000 Computing Crisis: USDA Needs to Accelerate Time Frames for
               Completing Contingency Planning (GAO/AIMD-99-178, May 21, 1999).

               Year 2000 Computing Crisis: Readiness of the Oil and Gas Industries
               (GAO/AIMD-99-162, May 19, 1999).

               Year 2000 Computing Challenge: Time Issues Affecting the Global
               Positioning System (GAO/T-AIMD-99-187, May 12, 1999).



       Leter   Page 31                                                  GAO/T-AIMD-99-233
        GAO Reports and Testimony Addressing the
        Year 2000 Crisis




        Year 2000 Computing Challenge: Education Taking Needed Actions But
        Work Remains (GAO/T-AIMD-99-180, May 12, 1999).

        Year 2000 Computing Challenge: Labor Has Progressed But Selected
        Systems Remain at Risk (GAO/T-AIMD-99-179, May 12, 1999).

        Year 2000: State Insurance Regulators Face Challenges in Determining
        Industry Readiness (GAO/GGD-99-87, April 30, 1999).

        Year 2000 Computing Challenge: Status of Emergency and State and Local
        Law Enforcement Systems Is Still Unknown (GAO/T-AIMD-99-163,
        April 29, 1999).

        Year 2000 Computing Crisis: Costs and Planned Use of Emergency Funds
        (GAO/AIMD-99-154, April 28, 1999).

        Year 2000: Financial Institution and Regulatory Efforts to Address
        International Risks (GAO/GGD-99-62, April 27, 1999).

        Year 2000 Computing Crisis: Readiness of Medicare and the Health Care
        Sector (GAO/T-AIMD-99-160, April 27, 1999).

        U.S. Postal Service: Subcommittee Questions Concerning Year 2000
        Challenges Facing the Service (GAO/AIMD-99-150R, April 23, 1999).

        Year 2000 Computing Crisis: Status of the Water Industry
        (GAO/AIMD-99-151, April 21, 1999).

        Year 2000 Computing Crisis: Key Actions Remain to Ensure Delivery of
        Veterans Benefits and Health Services (GAO/T-AIMD-99-152,
        April 20, 1999).

        Year 2000 Computing Crisis: Readiness Improving But Much Work
        Remains To Ensure Delivery of Critical Services (GAO/T-AIMD-99-149,
        April 19, 1999).

        Year 2000 Computing Crisis: Action Needed to Ensure Continued Delivery
        of Veterans Benefits and Health Care Services (GAO/T-AIMD-99-136,
        April 15, 1999).




Leter   Page 32                                                    GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Challenge: Federal Government Making Progress But
Critical Issues Must Still Be Addressed to Minimize Disruptions
(GAO/T-AIMD-99-114, April 14, 1999).

Year 2000 Computing Crisis: Additional Work Remains to Ensure Delivery
of Critical Services (GAO/T-AIMD-99-143, April 13, 1999).

Tax Administration: IRS’ Fiscal Year 2000 Budget Request and 1999 Tax
Filing Season (GAO/T-GGD/AIMD-99-140, April 13, 1999).

Year 2000 Computing Crisis: Federal Reserve Has Established Effective
Year 2000 Management Controls for Internal Systems Conversion
(GAO/AIMD-99-78, April 9, 1999).

Year 2000 Computing Crisis: Readiness of the Electric Power Industry
(GAO/AIMD-99-114, April 6, 1999).

Year 2000 Computing Crisis: Customs Has Established Effective Year 2000
Program Controls (GAO/AIMD-99-37, March 29, 1999).

Year 2000 Computing Crisis: FAA Is Making Progress But Important
Challenges Remain (GAO/T-AIMD/RCED-99-118, March 15, 1999).

Insurance Industry: Regulators Are Less Active in Encouraging and
Validating Year 2000 Preparedness (GAO/T-GGD-99-56, March 11, 1999).

Year 2000 Computing Crisis: Defense Has Made Progress, But Additional
Management Controls Are Needed (GAO/T-AIMD-99-101, March 2, 1999).

Year 2000 Computing Crisis: Readiness Status of the Department of Health
and Human Services (GAO/T-AIMD-99-92, February 26, 1999).

Defense Information Management: Continuing Implementation Challenges
Highlight the Need for Improvement (GAO/T-AIMD-99-93,
February 25, 1999).

IRS' Year 2000 Efforts: Status and Remaining Challenges
(GAO/T-GGD-99-35, February 24, 1999).

Department of Commerce: National Weather Service Modernization and
NOAA Fleet Issues (GAO/T-AIMD/GGD-99-97, February 24, 1999).




Page 33                                                   GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Crisis: Medicare and the Delivery of Health Services
Are at Risk (GAO/T-AIMD-99-89, February 24, 1999).

Year 2000 Computing Crisis: Readiness of State Automated Systems That
Support Federal Human Services Programs (GAO/T-AIMD-99-91,
February 24, 1999).

Year 2000 Computing Crisis: Customs Is Effectively Managing Its Year 2000
Program (GAO/T-AIMD-99-85, February 24, 1999).

Year 2000 Computing Crisis: Update on the Readiness of the Social
Security Administration (GAO/T-AIMD-99-90, February 24, 1999).

Year 2000 Computing Crisis: Challenges Still Facing the U.S. Postal Service
(GAO/T-AIMD-99-86, February 23, 1999).

Year 2000 Computing Crisis: The District of Columbia Remains Behind
Schedule (GAO/T-AIMD-99-84, February 19, 1999).

High-Risk Series: An Update (GAO/HR-99-1, January 1999)

Year 2000 Computing Crisis: Status of Airports’ Efforts to Deal With Date
Change Problem (GAO/RCED/AIMD-99-57, January 29, 1999).

Defense Computers: DOD’s Plan for Execution of Simulated Year 2000
Exercises (GAO/AIMD-99-52R, January 29, 1999).

Year 2000 Computing Crisis: Status of Bureau of Prisons’ Year 2000 Efforts
(GAO/AIMD-99-23, January 27, 1999).

Year 2000 Computing Crisis: Readiness Improving, But Much Work
Remains to Avoid Major Disruptions (GAO/T-AIMD-99-50,
January 20, 1999).

Year 2000 Computing Challenge: Readiness Improving, But Critical Risks
Remain (GAO/T-AIMD-99-49, January 20, 1999).

Status Information: FAA's Year 2000 Business Continuity and Contingency
Planning Efforts Are Ongoing (GAO/AIMD-99-40R, December 4, 1998).

Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21,
November 1998).



Page 34                                                   GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Crisis: Readiness of State Automated Systems to
Support Federal Welfare Programs (GAO/AIMD-99-28, November 6, 1998).

Year 2000 Computing Crisis: Status of Efforts to Deal With Personnel
Issues (GAO/AIMD/GGD-99-14, October 22, 1998).

Year 2000 Computing Crisis: Updated Status of Department of Education's
Information Systems (GAO/T-AIMD-99-8, October 8, 1998).

Year 2000 Computing Crisis: The District of Columbia Faces Tremendous
Challenges in Ensuring That Vital Services Are Not Disrupted
(GAO/T-AIMD-99-4, October 2, 1998).

Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).

Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information
(GAO/T-AIMD-98-310, September 24, 1998).

Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998).

Year 2000 Computing Crisis: Significant Risks Remain to Department of
Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998).

Year 2000 Computing Crisis: Progress Made at Department of Labor, But
Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).

Year 2000 Computing Crisis: Federal Depository Institution Regulators Are
Making Progress, But Challenges Remain (GAO/T-AIMD-98-305,
September 17, 1998).

Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure Financial
Institutions Are Fixing Systems But Challenges Remain
(GAO/AIMD-98-248, September 17, 1998).

Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).




Page 35                                                  GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278,
September 3, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships
Needed to Reduce Likelihood of Adverse Impact (GAO/T-AIMD-98-277,
September 2, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships
Needed to Mitigate Risks (GAO/T-AIMD-98-276, September 1, 1998).

Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-162,
August 28, 1998).

Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998).

Year 2000 Computing Crisis: Progress Made in Compliance of VA Systems,
But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).

Year 2000 Computing Crisis: Avoiding Major Disruptions Will Require
Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-267,
August 19, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed
to Address Risk of Major Disruptions (GAO/T-AIMD-98-266,
August 17, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed
to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262,
August 13, 1998).

FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).

Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998).

Internal Revenue Service: Impact of the IRS Restructuring and Reform Act
on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).




Page 36                                                  GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998).

Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998).

Defense Computers: Year 2000 Computer Problems Put Navy Operations
At Risk (GAO/AIMD-98-150, June 30, 1998).

Year 2000 Computing Crisis: Testing and Other Challenges Confronting
Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998).

Year 2000 Computing Crisis: Telecommunications Readiness Critical, Yet
Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16, 1998).

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R,
June 16, 1998).

IRS' Year 2000 Efforts: Business Continuity Planning Needed for Potential
Year 2000 System Failures (GAO/GGD-98-138, June 15, 1998).

Year 2000 Computing Crisis: Actions Must Be Taken Now to Address Slow
Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).

Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).

Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted
(GAO/T-AIMD-98-167, May 14, 1998).

Securities Pricing: Actions Needed for Conversion to Decimals
(GAO/T-GGD-98-121, May 8, 1998).

Year 2000 Computing Crisis: Continuing Risks of Disruption to Social
Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161,
May 7, 1998).

IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7, 1998).




Page 37                                                  GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Air Traffic Control: FAA Plans to Replace Its Host Computer System
Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R,
May 1, 1998).

Year 2000 Computing Crisis: Potential For Widespread Disruption Calls
For Strong Leadership and Partnerships (GAO/AIMD-98-85, April 30, 1998).

Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

Department of the Interior: Year 2000 Computing Crisis Presents Risk of
Disruption to Key Operations (GAO/T-AIMD-98-149, April 22, 1998).

Tax Administration: IRS' Fiscal Year 1999 Budget Request and Fiscal Year
1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31, 1998).

Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24, 1998).

Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-116, March 24, 1998).

Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts to
Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-102,
March 18, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective
Public/Private Cooperation Needed to Avoid Major Disruptions
(GAO/T-AIMD-98-101, March 18, 1998).

Post-Hearing Questions on the Federal Deposit Insurance Corporation's
Year 2000 (Y2K) Preparedness (AIMD-98-108R, March 18, 1998).

SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/GGD/AIMD-98-51, March 6, 1998).

Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998).




Page 38                                                  GAO/T-AIMD-99-233
GAO Reports and Testimony Addressing the
Year 2000 Crisis




Year 2000 Computing Crisis: Federal Deposit Insurance Corporation's
Efforts to Ensure Bank Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-73, February 10, 1998).

Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems
Failures (GAO/T-AIMD-98-63, February 4, 1998).

FAA Computer Systems: Limited Progress on Year 2000 Issue Increases
Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).

Defense Computers: Air Force Needs to Strengthen Year 2000 Oversight
(GAO/AIMD-98-35, January 16, 1998).

Year 2000 Computing Crisis: Actions Needed to Address Credit Union
Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998).

Veterans Health Administration Facility Systems: Some Progress Made In
Ensuring Year 2000 Compliance, But Challenges Remain
(GAO/AIMD-98-31R, November 7, 1997).

Year 2000 Computing Crisis: National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant
(GAO/T-AIMD-98-20, October 22, 1997).

Social Security Administration: Significant Progress Made in Year 2000
Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997).

Defense Computers: Technical Support Is Key to Naval Supply Year 2000
Success (GAO/AIMD-98-7R, October 21, 1997).

Defense Computers: LSSC Needs to Confront Significant Year 2000 Issues
(GAO/AIMD-97-149, September 26, 1997).

Veterans Affairs Computer Systems: Action Underway Yet Much Work
Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174,
September 25, 1997).

Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach (GAO/T-AIMD-97-173, September 25, 1997).

Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14,
September 1997).



Page 39                                                  GAO/T-AIMD-99-233
                   GAO Reports and Testimony Addressing the
                   Year 2000 Crisis




                   Defense Computers: SSG Needs to Sustain Year 2000 Progress
                   (GAO/AIMD-97-120R, August 19, 1997).

                   Defense Computers: Improvements to DOD Systems Inventory Needed for
                   Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997).

                   Defense Computers: Issues Confronting DLA in Addressing Year 2000
                   Problems (GAO/AIMD-97-106, August 12, 1997).

                   Defense Computers: DFAS Faces Challenges in Solving the Year 2000
                   Problem (GAO/AIMD-97-117, August 11, 1997).

                   Year 2000 Computing Crisis: Time is Running Out for Federal Agencies to
                   Prepare for the New Millennium (GAO/T-AIMD-97-129, July 10, 1997).

                   Veterans Benefits Computer Systems: Uninterrupted Delivery of Benefits
                   Depends on Timely Correction of Year-2000 Problems
                   (GAO/T-AIMD-97-114, June 26, 1997).

                   Veterans Benefits Computer Systems: Risks of VBA's Year-2000 Efforts
                   (GAO/AIMD-97-79, May 30, 1997).

                   Medicare Transaction System: Success Depends Upon Correcting Critical
                   Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).

                   Medicare Transaction System: Serious Managerial and Technical
                   Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997).

                   Year 2000 Computing Crisis: Risk of Serious Disruption to Essential
                   Government Functions Calls for Agency Action Now (GAO/T-AIMD-97-52,
                   February 27, 1997).

                   Year 2000 Computing Crisis: Strong Leadership Today Needed To Prevent
                   Future Disruption of Government Services (GAO/T-AIMD-97-51,
                   February 24, 1997).

                   High-Risk Series: Information Management and Technology (GAO/HR-97-9,
                   February 1997).




(511774)   Leter   Page 40                                                 GAO/T-AIMD-99-233
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order made
out to the Superintendent of Documents, when necessary, VISA and
MasterCard credit cards are accepted, also.

Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any list
from the past 30 days, please call (202) 512-6000 using a touchtone
phone. A recorded menu will provide information on how to obtain
these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with “info” in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov
United States                       Bulk Mail
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. GI00
Official Business
Penalty for Private Use $300

Address Correction Requested