oversight

Year 2000 Computing Challenge: Readiness Improving, But Critical Risks Remain

Published by the Government Accountability Office on 1999-01-20.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Committee on Appropriations, U.S. Senate




For Release on Delivery
Expected at
9:30 a.m.
                          YEAR 2000 COMPUTING
Wednesday,
January 20, 1999          CHALLENGE

                          Readiness Improving, But
                          Critical Risks Remain
                          Statement of David M. Walker
                          Comptroller General of the United States




GAO/T-AIMD-99-49
Mr. Chairman and Members of the Committee:

I am pleased to appear today to discuss progress being made in addressing
the Year 2000 computing challenge and to outline actions needed to ensure
a smooth conversion to the next century. While our country is considered
among the leaders in addressing this issue, the fact remains that both
public and private organizations still face a daunting task in providing
reasonable assurance that it will truly be business as usual beginning on
January 1, 2000, and continuing throughout this pivotal transition year.

The federal government—with its widespread dependence on large-scale,
complex computer systems to deliver vital public services and carry out its
massive operations—faces an especially enormous and difficult task.
Unless adequately confronted, Year 2000—or Y2K—computing problems
could lead to serious disruptions in key federal operations, ranging from
national defense to benefits payments to air traffic management.

Consequently, in February 1997, GAO designated the Year 2000 computing
problem as a high-risk area. Our purpose was to stimulate greater attention
to assessing the government’s exposure to Year 2000 risks and to
strengthen planning for achieving Year 2000 compliance for mission-critical
systems. Fortunately, the past 2 years have witnessed marked
improvement in preparedness as the government has revised and
intensified its approach to this problem.

Significant challenges, however, remain—and time is running out. In
particular, complete and thorough Year 2000 testing is essential to
providing reasonable assurance that new or modified systems will be able
to process dates correctly and not jeopardize agencies’ ability to perform
core business operations. Moreover, adequate business continuity and
contingency plans must be successfully completed throughout
government.

The scope of the Year 2000 problem extends well beyond federal
operations; it spans the entire spectrum of our national as well as global
economy. Accordingly, in concert with our recommendations, the
President’s Council on Year 2000 Conversion has been reaching out to the
private sector, state and local governments, and to other countries to
increase awareness. Working with these entities, the Council also has
begun to assess the readiness of various sectors, including power, water,
telecommunications, health care, and emergency services.




Page 1                                                     GAO/T-AIMD-99-49
                        At this juncture, however, a comprehensive picture of the nation’s
                        readiness is lacking. A great deal more needs to be done—both
                        domestically and internationally—to effectively determine readiness and
                        prepare necessary contingency plans. Such actions are imperative to
                        ensure that technology-dependent services continue to operate reliably
                        after the turn of the century, with minimal disruption.



The Federal             Since February 1997, action to address the Year 2000 threat has intensified.
                        In response to a growing recognition of the challenge and urging from
Government Has          congressional leaders and others, the administration strengthened the
Enhanced Its Approach   government’s Year 2000 preparation and expanded its outlook beyond
                        federal agencies. In February 1998, the President took a major step in
                        establishing the President’s Council on Year 2000 Conversion. He
                        established the goal that no system critical to the federal government’s
                        mission experience disruption because of the Year 2000 problem, and
                        charged agency heads with ensuring that this issue receives the highest
                        priority attention.

                        Further, the President tasked the Chair of the Council with

                        • being chief spokesperson on Year 2000 issues in national and
                          international forums;
                        • overseeing Year 2000 activities of federal agencies;
                        • providing Year 2000 policy coordination of executive branch activities
                          with state, local, and tribal governments; and
                        • promoting appropriate federal roles with respect to private-sector
                          activities.

                        Among the initiatives the Chair has implemented in carrying out these
                        responsibilities are attending monthly meetings with senior managers of
                        agencies that are not making sufficient progress, establishing numerous
                        working groups to increase awareness of and gain cooperation in
                        addressing the Year 2000 problem in various economic sectors, and
                        emphasizing the importance of federal/state data exchanges.

                        OMB, for its part, has tightened requirements on agency reporting of Year
                        2000 progress. It now requires that beyond the original 24 major
                        departments and agencies that have been reporting, 9 additional agencies
                        (such as the Tennessee Valley Authority and the Postal Service) report
                        quarterly on their Year 2000 progress, and that additional information be
                        reported from all agencies. OMB has also clarified instructions for



                        Page 2                                                        GAO/T-AIMD-99-49
agencies relative to preparing business continuity and contingency plans.
Further, OMB places each of the 24 major agencies into one of three tiers
after receiving its quarterly progress report, determined by OMB’s
judgment of whether evidence of the agency’s reported progress is
sufficient.

Several agencies have reported substantial progress in repairing or
replacing systems to be Year 2000 compliant. For example, in October 1997
we had reported that the Social Security Administration (SSA) had made
significant progress in assessing and renovating mission-critical mainframe
software, although certain areas of risk remained.1 Accordingly, we made
several recommendations to address these risks, including the
development of business continuity and contingency plans. SSA agreed; in
July 1998, we reported that actions to implement these recommendations
had either been taken or were underway.2

As federal agencies have more fully realized the complexities and extent of
necessary Year 2000 activities, their costs have correspondingly risen. As
figure 1 illustrates, the government’s 24 major departments and agencies’
Year 2000 cost estimates more than tripled from February 1997 through
November 1998.

There are too many uncertainties to determine whether this cost escalation
trend has ended. One of the most essential ongoing tasks, testing, could
consume additional resources; experience is showing that testing is taking
between 50 and 70 percent of a project’s time and resources. In addition,
agencies may find that the planning and possible implementation of
business continuity and contingency plans could increase costs. As a result
of these factors, the Congress needs to continue to keep apprised of
agencies’ Year 2000 efforts and their associated costs.




1Social
      Security Administration: Significant Progress Made in Year 2000 Effort, But Key Risks Remain
(GAO/AIMD-98-6, October 22, 1997).

2
 Social Security Administration: Subcommittee Questions Concerning Information Technology
Challenges Facing the Commissioner (GAO/AIMD-98-235R, July 10, 1998).




Page 3                                                                        GAO/T-AIMD-99-49
Figure 1: Federal Government’s Estimated Year 2000 Costs (Dollars in Billions)




Note: The August 1998 figure of $6.3 billion and the November 1998 figure of $7.2 billion are the totals
of all individual submissions from the 24 major departments and agencies that were generally
submitted on August 14th and November 13th, respectively. In its summaries of the agency reports,
OMB reported the government’s total estimated Year 2000 costs as $5.4 billion and $6.4 billion,
respectively. For the August 1998 costs, OMB did not include all costs in its estimate because, for
example, it was still reviewing some of the estimates provided by the agencies. For the November
1998 costs, OMB did not provide explanations in its report for the discrepancies between the agency
reports and its estimates for 15 of the 18 agencies with differences.
Source: February 1997 data are from OMB’s report Getting Federal Computers Ready for 2000,
February 6, 1997. May 1997 through May 1998 data are from OMB’s quarterly reports. The August
and November 1998 data are from the quarterly reports of the 24 major federal departments and
agencies.


Many congressional committees have played a central role in addressing
the Year 2000 challenge by holding agencies accountable for demonstrating
progress and by heightening public appreciation of the problem. As you
know, the Senate formed a Special Committee on the Year 2000 Technology
Problem, under the chairmanship of Senator Bennett, which held hearings
on the readiness of key economic sectors, including power, health care,
telecommunications, transportation, financial services, emergency
services, and general business. The House called on the Subcommittee on
Government Management, Information and Technology of the Committee
on Government Reform and the Subcommittee on Technology of the




Page 4                                                                            GAO/T-AIMD-99-49
                        Committee on Science to co-chair the House’s Year 2000 monitoring.3
                        These committees and others have held many hearings to obtain
                        information on the Year 2000 readiness of federal agencies, states,
                        localities, and other important nonfederal entities, such as the securities
                        industry.

                        The Congress also passed important Year 2000 legislation. In October 1998,
                        it passed—and the President signed—the Year 2000 Information and
                        Readiness Disclosure Act. Its purposes include (1) promoting the free
                        disclosure and exchange of information related to Year 2000 readiness and
                        (2) lessening the burdens on interstate commerce by establishing certain
                        uniform legal principles in connection with the disclosure and exchange of
                        information related to Year 2000 readiness. In addition, the Congress
                        passed (and the President signed) the Omnibus Consolidated and
                        Emergency Supplemental Appropriations Act, 1999, which included
                        $3.35 billion in contingent emergency funding for Year 2000 conversion
                        activities.



GAO’s Efforts to Help   As you know, GAO has been very active in working with the Congress as
                        well as federal agencies to both strengthen agency processes and to
Meet the Challenge      evaluate their progress in addressing these challenges. To help agencies
                        mitigate their Year 2000 risks, we produced a series of Year 2000 guides.
                        The first of these, on enterprise readiness, provides a systematic, step-by-
                        step approach for agency planning and management of its Year 2000
                        program.4 The second, on business continuity and contingency planning,
                        provides a structured approach to helping agencies ensure minimum levels
                        of service through proper planning.5 Our third guide sets forth a
                        disciplined approach to Year 2000 testing.6 Federal agencies and other
                        organizations have used these guides widely to help organize and manage
                        their Year 2000 programs.


                        3
                         We will also be testifying today before the House Government Reform and Science Committees on
                        actions needed to address the Year 2000 computing issue.
                        4
                         Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, issued as an exposure draft in
                        February 1997 and in final form in September 1997).

                        5Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19,
                        issued as an exposure draft in March 1998 and in final form in August 1998).

                        6
                          Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21, issued as an exposure draft in June
                        1998 and in final form in November 1998).




                        Page 5                                                                         GAO/T-AIMD-99-49
In addition, we have issued over 70 reports and testimony statements
detailing specific findings and made over 100 recommendations related to
the Year 2000 readiness of the government as a whole and of a wide range
of individual agencies.7 These recommendations have been almost
universally embraced.

Our recommendations have centered on the following.

• Project planning. We have recommended better organizational
  planning and management oversight—including systems inventorying
  and analysis—in a number of programs and entities.
• Priority-setting. With over 2,600 mission-critical systems still needing
  to be made Year 2000 compliant, it is important to establish priorities.
  Resources need to be focused on those business processes and
  supporting systems that could threaten national security, the economy,
  the health and safety of Americans, or their financial well-being.
• Data exchanges. To remediate their data exchanges, agencies must
  (1) identify those that are not Year 2000 compliant, (2) reach agreement
  with exchange partners (such as states) on the date format to be used,
  (3) determine if data bridges and filters are needed and, if so, reach
  agreement on their development, (4) develop and test such bridges and
  filters, and (5) test and implement new exchange formats.
• Testing. Agencies should perform thorough testing of their systems,
  including end-to-end testing of multiple systems supporting a major
  business function.
• Business continuity and contingency planning. Given the
  interdependencies among agencies, their business partners, and the
  public infrastructure, it is imperative that contingency plans be
  developed for all critical core business processes and supporting
  systems, regardless of whether these systems are owned by the agency.

In addition to our work at federal agencies, we have promoted Year 2000
awareness and solutions—both in the United States and abroad—by
publishing our guides and reports and making them available on our World
Wide Web site. I also discussed the Year 2000 issue with the leadership of
audit organizations from around the world at a recent international
conference. I subsequently wrote to these leaders to draw greater
attention to this issue, and to share with them our recent publications.


7
 A list of reports and testimony on the Year 2000 problem is attached to this statement. It can also be
found on the Internet at GAO's World Wide Web site at www.gao.gov/y2kr.htm.




Page 6                                                                             GAO/T-AIMD-99-49
Serious Risks Remain   While much has been accomplished and real progress has been made in
                       addressing the Year 2000 problem, both risks and challenges remain. Our
                       reviews of federal Year 2000 programs have found uneven progress; some
                       major agencies are significantly behind schedule and are at high risk that
                       they will not correct all of their mission-critical systems in time. As the
                       time remaining diminishes, it becomes increasingly difficult to ensure that
                       all mission-critical systems will be compliant in time.

                       Figure 2 shows OMB’s assessment of agencies’ Year 2000 progress on the
                       basis of their November 1998 quarterly reports.



                       Figure 2: OMB’s Assessment of Agencies’ Year 2000 Progress (November 1998)




                       Page 7                                                       GAO/T-AIMD-99-49
We have made detailed recommendations to agencies responsible for some
of the government’s most essential services. For example:

• The Department of Defense (DOD) and the military services face the
  threat of significant problems.8 In April 1998 we reported that the
  department lacked complete and reliable information on systems,
  interfaces, other equipment needing repair, and the cost of its correction
  efforts.9 We found that these and other problems seriously threatened
  the department’s chances of successfully meeting the Year 2000 deadline
  for its mission-critical systems. Further, taken together, the problems in
  Defense’s Year 2000 program made failure of at least some mission-
  critical systems and the operations they support almost certain unless
  corrective actions were taken. We have recommended numerous
  improvements for critical matters such as data exchanges, testing, and
  contingency planning; DOD concurred with these recommendations and
  agreed to implement them.
• We reported10 that although the Health Care Financing Administration
  (HCFA) had made improvements in its Year 2000 management, the
  agency and its contractors were severely behind schedule in repairing,
  testing, and implementing the mission-critical systems supporting
  Medicare. Given the magnitude of the task and the risks and limited
  time remaining, in September 1998, we concluded that it was highly
  unlikely that all Medicare systems would be compliant in time to ensure
  uninterrupted delivery of benefits and services. To improve the
  prospects for success, we recommended that HCFA (1) rank its
  remaining Year 2000 work on the basis of an integrated project schedule,
  (2) ensure that all critical tasks are prioritized and completed in time to
  prevent unnecessary delays, (3) define the scope of an end-to-end test of
  the claims process and develop plans and a schedule for conducting
  such a test, (4) develop a risk management process, and (5) accelerate
  the development of business continuity and contingency plans. HCFA
  has agreed to implement these recommendations.


8
 Defense Computers: Year 2000 Computer Problems Put Navy Operations At Risk (GAO/AIMD-98-150,
June 30, 1998), Defense Computers: Army Needs to Greatly Strengthen Its Year 2000 Program (GAO/
AIMD-98-53, May 29, 1998), Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998), and Defense Computers: Air Force Needs to Strengthen
Year 2000 Oversight (GAO/AIMD-98-35, January 16, 1998).

9GAO/AIMD-98-72,   April 30, 1998.

10
 Medicare Computer Systems: Year 2000 Challenges Put Benefits and Services in Jeopardy (GAO/
AIMD-98-284, September 28, 1998).




Page 8                                                                       GAO/T-AIMD-99-49
• As we reported in August 1998,11 the Federal Aviation Administration
  (FAA) had made progress in managing its Year 2000 problem and had
  completed critical steps in defining which systems needed to be
  corrected and how to accomplish this. The agency had acted upon
  several of our recommendations from earlier in the year, including
  making final a Year 2000 strategy and setting priorities. 12 However, with
  less than 17 months to go, FAA still had to correct, test, and implement
  many of its mission-critical systems. Accordingly, FAA must determine
  how to ensure continuity of critical operations in the event that some
  systems fail.

Such examples underscore the difficulties confronting agencies in making
up for lost time; Year 2000 testing alone is consuming between 50 and 70
percent of a project’s time and resources. Thorough testing is essential to
providing reasonable assurance that new or modified systems can process
dates correctly and will not jeopardize an organization’s ability to perform
core business functions after the change of century.

Even for agencies that are making good progress, other critical issues must
be successfully resolved; these include data exchanges,
telecommunications, and embedded systems.13 First, should the
government’s hundreds of thousands of data exchanges not be Year 2000
compliant, data either will not be successfully exchanged or invalid data
could cause the receiving computer systems to malfunction or produce
inaccurate computations. Second, the government depends heavily on the
telecommunications infrastructure; reliable services are made possible by
a complex web of highly interconnected networks supported by national
and local carriers and service providers, equipment manufacturers and
suppliers, and customers. Third, the century change could cause problems
for the many embedded computer systems used to control, monitor, or
assist in operations.


11
  FAA Systems: Serious Challenges Remain in Resolving Year 2000 and Computer Security Problems
(GAO/T-AIMD-98-251, August 6, 1998).

12FAA Computer Systems: Limited Progress on Year 2000 Issue Increases Risk Dramatically (GAO/
AIMD-98-45, January 30, 1998) and Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent
Systems Failures (GAO/T-AIMD-98-63, February 4, 1998).

13
  Embedded systems are special-purpose computers built into other devices. Examples include
systems in elevators, heating and air conditioning units, and biomedical devices, such as cardiac
defibrillators, and cardiac monitoring systems, which can record, process, analyze, display, and/or
transmit medical data. (See Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998).)




Page 9                                                                            GAO/T-AIMD-99-49
                         If issues such as these are not adequately addressed, the impact of Year
                         2000 failures could disrupt vital government operations. Moreover, federal
                         agencies depend on data provided by their business partners, as well as on
                         services provided by the public infrastructure (power, water,
                         transportation, and voice and data telecommunications). One weak link
                         anywhere in the chain of critical dependencies can cause a cascading effect
                         of major shutdowns of business operations. Consequently, it is imperative
                         that contingency plans be developed for all critical core business processes
                         and supporting systems, regardless of whether these systems are owned by
                         the agency. Without such plans, when unpredicted failures occur, agencies
                         will lack well-defined responses, and may not have enough time to develop
                         and test alternatives.



The Nation as a Whole    Our nation’s reliance on the complex array of public and private enterprises
                         having scores of system interdependencies at all levels accentuates the
Faces Significant Year   potential repercussions a single failure could cause. It is essential that Year
2000 Challenges          2000 issues be adequately addressed in arenas beyond the federal
                         government: state and local governments, the public infrastructure, and
                         other key economic sectors.

                         State and local governments are responsible for the implementation of
                         many national programs—such as food stamps and Medicaid—while also
                         providing vital local and regional services. Accordingly, Year 2000-induced
                         failures could result in payment delays felt at the local level, or in the
                         interruption of key public services such as law enforcement, traffic
                         management, and emergency and health services. For example, our survey
                         of the state systems used in federal welfare programs revealed that the
                         majority of them were not yet Year 2000 compliant.14 Failure to complete
                         Year 2000 conversion could result in billions of dollars in benefits payments
                         not being delivered. In an attempt to prevent this for Medicaid systems,
                         HCFA recently hired a contractor to independently verify and validate state
                         systems.

                         The public infrastructure, including critical areas such as power, water, and
                         telecommunications, is particularly important because most, if not all,


                         14
                           Year 2000 Computing Crisis: Readiness of State Automated Systems to Support Federal Welfare
                         Programs (GAO/AIMD-99-28, November 6, 1998). The survey was conducted in July and August 1998
                         and included the following welfare programs: Medicaid; Temporary Assistance for Needy Families;
                         Women, Infants, and Children; food stamps; child support enforcement; child care; and child welfare.
                         Forty-nine states, the District of Columbia, and three territories responded to our survey.




                         Page 10                                                                         GAO/T-AIMD-99-49
major enterprises rely on these essential elements for daily functioning.
Other key economic sectors include health, safety, and emergency services;
banking and finance; transportation; and manufacturing and small
business.

These sectors are critical, yet the nation has not had a complete picture of
their readiness. Accordingly, in our April 1998 report,15 we recommended
that the President’s Council on Year 2000 Conversion develop such a
comprehensive picture, to include identifying and assessing risks to the
nation’s key economic sectors—including risks posed by international
links. We also recommended that the Council use a sector-based approach
and establish the effective public-private partnerships necessary to address
this issue.

The Council adopted a sector-based focus and has been initiating outreach
activities since it became operational last spring. More recently, in October
1998, the Chair directed the Council’s sector working groups to begin
assessing their sectors. The Chair, in turn, plans to issue periodic public
reports summarizing these assessments. The assessments will be used to
help prepare contingency plans and aid in crisis management, in which the
Council will respond to disruptions that may arise in critical services. The
first such report, issued on January 7, 1999, summarizes information
collected to date by the working groups and various trade associations.16
The Council acknowledged that readiness data in certain industries were
not yet available and, therefore, were not included in the report.

The Council’s report is a good step toward obtaining a picture of the
nation’s Year 2000 readiness. However, the Council must remain vigilant
and closely monitor and update the information in the sectors where
information is available and obtain information for those where it is not.
Particular attention should be paid to the public infrastructure, including
critical areas such as power, water, and telecommunications, since most, if
not all, major enterprises rely on these essential elements for daily
functioning. Other key economic sectors include health, safety, and
emergency services; banking and finance; transportation; and
manufacturing and small business. In addition, with the advent of


15Year2000 Computing Crisis: Potential for Widespread Disruption Calls for Strong Leadership and
Partnerships (GAO/AIMD-98-85, April 30, 1998).

16
 First Quarterly Summary of Assessment Information (The President’s Council on Year 2000
Conversion, January 7, 1999).




Page 11                                                                       GAO/T-AIMD-99-49
electronic communication and international commerce, the United States
is also critically dependent on international Year 2000 readiness.
Completing these activities is absolutely vital to adequately understanding
the full range of national and international risks.

International concerns are underscored by a September 1998 report by the
Organization for Economic Co-operation and Development.17 This report
stated that (1) while awareness is increasing, the amount of remediation
still required is daunting, (2) significant negative economic impact is likely
in the short term, although much uncertainty exists about the extent of
Year 2000-induced disruptions, (3) governments face a major public
management challenge requiring acceleration of their own preparations
and stronger leadership, and (4) stronger international cooperation is
essential, especially in conjunction with cross-border testing.

In addition to addressing domestic Year 2000 issues, the United States has
attempted to promote international dialogue on the problem. In June 1998,
the United Nations General Assembly adopted a resolution on the global
implications of the Year 2000 issue. The resolution recognized that
effective operation of governments, companies, and other organizations
was threatened by the century change, and coordinated efforts were
required to address it. The resolution went on to request that all member
countries attach a high priority to raising the level of awareness and to
consider appointing a nationwide coordinator to tackle the problem.

The Chair of the President’s Council also has met with the United Nations
and other international bodies, and helped organize a December 1998
National Y2K Coordinators’ meeting attended by over 120 countries, hosted
by the United Nations’ Working Group on Informatics. This meeting should
help encourage the establishment of regional coordinating mechanisms
and foster greater international dialogue on the Year 2000 issue.

In conclusion, considerable progress has been made in addressing the Year
2000 challenge. It is clear that federal agencies have now made the Year
2000 a top priority. It is equally clear, however, that much more needs to be


17
  The Organization for Economic Co-operation and Development surveyed its member countries and
reviewed existing studies and media reports on the Year 2000 problem and issued a report on its
findings, The Year 2000 Problem: Impacts and Actions (September 1998). The organization's 29
member countries are Australia, Austria, Belgium, Canada, the Czech Republic, Denmark, Finland,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Korea, Luxembourg, Mexico, the
Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden, Switzerland, Turkey, the United
Kingdom, and the United States.




Page 12                                                                       GAO/T-AIMD-99-49
done. It is critical that agency priorities continue to be set, rigorous testing
be completed, and thorough business continuity and contingency plans be
prepared. Further, aggressive and sustained action must continue in
assessing and mitigating national and international risks in both the public
infrastructure and key economic sectors.

Such efforts require federal leadership, effective public-private
partnerships, and international cooperation. Congressional leadership and
oversight of the Year 2000 issue have been instrumental in raising
awareness and spurring needed action; such continued leadership on the
part of the Congress will be crucial. For our part, we will continue to
support the Congress’ oversight efforts by evaluating the effectiveness of
the federal government’s Year 2000 actions and advancing constructive
suggestions for mitigating the risk of serious Year 2000 disruption.

Mr. Chairman, this concludes my statement. I will be pleased to respond to
any questions that you or other members of the Committee may have at this
time.




Page 13                                                        GAO/T-AIMD-99-49
Attachment

GAO Reports and Testimony Addressing the
Year 2000 Problem                                                                         AppeIx
                                                                                               ndi




              Status Information: FAA’s Year 2000 Business Continuity and Contingency
              Planning Efforts Are Ongoing (GAO/AIMD-99-40R, December 4, 1998).

              Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21,
              November 1998).

              Year 2000 Computing Crisis: Readiness of State Automated Systems to
              Support Federal Welfare Programs (GAO/AIMD-99-28, November 6, 1998).

              Year 2000 Computing Crisis: Status of Efforts to Deal With Personnel
              Issues (GAO/AIMD/GGD-99-14, October 22, 1998).

              Year 2000 Computing Crisis: Updated Status of Department of Education's
              Information Systems (GAO/T-AIMD-99-8, October 8, 1998).

              Year 2000 Computing Crisis: The District of Columbia Faces Tremendous
              Challenges in Ensuring That Vital Services Are Not Disrupted (GAO/
              T-AIMD-99-4, October 2, 1998).

              Medicare Computer Systems: Year 2000 Challenges Put Benefits and
              Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).

              Year 2000 Computing Crisis: Leadership Needed to Collect and
              Disseminate Critical Biomedical Equipment Information (GAO/
              T-AIMD-98-310, September 24, 1998).

              Year 2000 Computing Crisis: Compliance Status of Many Biomedical
              Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998).

              Year 2000 Computing Crisis: Significant Risks Remain to Department of
              Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
              September 17, 1998).

              Year 2000 Computing Crisis: Progress Made at Department of Labor, But
              Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998).

              Year 2000 Computing Crisis: Federal Depository Institution Regulators Are
              Making Progress, But Challenges Remain (GAO/T-AIMD-98-305,
              September 17, 1998).




              Page 14                                                     GAO/AIMD-99-49
Attachment
GAO Reports and Testimony Addressing the
Year 2000 Problem




Year 2000 Computing Crisis: Federal Reserve Is Acting to Ensure Financial
Institutions Are Fixing Systems But Challenges Remain (GAO/
AIMD-98-248, September 17, 1998).

Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998).

Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278, September 3,
1998).

Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships
Needed to Reduce Likelihood of Adverse Impact (GAO/T-AIMD-98-277,
September 2, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships
Needed to Mitigate Risks (GAO/T-AIMD-98-276, September 1, 1998).

Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-162,
August 28, 1998).

Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998).

Year 2000 Computing Crisis: Progress Made in Compliance of VA Systems,
But Concerns Remain (GAO/AIMD-98-237, August 21, 1998).

Year 2000 Computing Crisis: Avoiding Major Disruptions Will Require
Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-267,
August 19, 1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed
to Address Risk of Major Disruptions (GAO/T-AIMD-98-266, August 17,
1998).

Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed
to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262, August 13,
1998).

FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).



Page 15                                                    GAO/AIMD-99-49
Attachment
GAO Reports and Testimony Addressing the
Year 2000 Problem




Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998).

Internal Revenue Service: Impact of the IRS Restructuring and Reform Act
on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998).

Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner (GAO/
AIMD-98-235R, July 10, 1998).

Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998).

Defense Computers: Year 2000 Computer Problems Put Navy Operations at
Risk (GAO/AIMD-98-150, June 30, 1998).

Year 2000 Computing Crisis: Testing and Other Challenges Confronting
Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998).

Year 2000 Computing Crisis: Telecommunications Readiness Critical, Yet
Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16, 1998).

GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998).

IRS' Year 2000 Efforts: Business Continuity Planning Needed for Potential
Year 2000 System Failures (GAO/GGD-98-138, June 15, 1998).

Year 2000 Computing Crisis: Actions Must Be Taken Now to Address Slow
Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998).

Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998).

Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted (GAO/
T-AIMD-98-167, May 14, 1998).

Securities Pricing: Actions Needed for Conversion to Decimals (GAO/
T-GGD-98-121, May 8, 1998).




Page 16                                                    GAO/AIMD-99-49
Attachment
GAO Reports and Testimony Addressing the
Year 2000 Problem




Year 2000 Computing Crisis: Continuing Risks of Disruption to Social
Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161, May 7,
1998).

IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7, 1998).

Air Traffic Control: FAA Plans to Replace Its Host Computer System
Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R,
May 1, 1998).

Year 2000 Computing Crisis: Potential for Widespread Disruption Calls for
Strong Leadership and Partnerships (GAO/AIMD-98-85, April 30, 1998).

Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998).

Department of the Interior: Year 2000 Computing Crisis Presents Risk of
Disruption to Key Operations (GAO/T-AIMD-98-149, April 22, 1998).

Tax Administration: IRS' Fiscal Year 1999 Budget Request and Fiscal Year
1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31, 1998).

Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24, 1998).

Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/
T-AIMD-98-116, March 24, 1998).

Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts to
Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-102,
March 18, 1998).

Year 2000 Computing Crisis: Strong Leadership and Effective Public/
Private Cooperation Needed to Avoid Major Disruptions (GAO/
T-AIMD-98-101, March 18, 1998).

Post-Hearing Questions on the Federal Deposit Insurance Corporation's
Year 2000 (Y2K) Preparedness (AIMD-98-108R, March 18, 1998).

SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/GGD/AIMD-98-51, March 6, 1998).



Page 17                                                     GAO/AIMD-99-49
Attachment
GAO Reports and Testimony Addressing the
Year 2000 Problem




Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998).

Year 2000 Computing Crisis: Federal Deposit Insurance Corporation's
Efforts to Ensure Bank Systems Are Year 2000 Compliant (GAO/
T-AIMD-98-73, February 10, 1998).

Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems
Failures (GAO/T-AIMD-98-63, February 4, 1998).

FAA Computer Systems: Limited Progress on Year 2000 Issue Increases
Risk Dramatically (GAO/AIMD-98-45, January 30, 1998).

Defense Computers: Air Force Needs to Strengthen Year 2000 Oversight
(GAO/AIMD-98-35, January 16, 1998).

Year 2000 Computing Crisis: Actions Needed to Address Credit Union
Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998).

Veterans Health Administration Facility Systems: Some Progress Made In
Ensuring Year 2000 Compliance, But Challenges Remain (GAO/
AIMD-98-31R, November 7, 1997).

Year 2000 Computing Crisis: National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant (GAO/
T-AIMD-98-20, October 22, 1997).

Social Security Administration: Significant Progress Made in Year 2000
Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997).

Defense Computers: Technical Support Is Key to Naval Supply Year 2000
Success (GAO/AIMD-98-7R, October 21, 1997).

Defense Computers: LSSC Needs to Confront Significant Year 2000 Issues
(GAO/AIMD-97-149, September 26, 1997).

Veterans Affairs Computer Systems: Action Underway Yet Much Work
Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174, September 25,
1997).

Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach, (GAO/T-AIMD-97-173, September 25, 1997).



Page 18                                                     GAO/AIMD-99-49
                   Attachment
                   GAO Reports and Testimony Addressing the
                   Year 2000 Problem




                   Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14,
                   September 1997).

                   Defense Computers: SSG Needs to Sustain Year 2000 Progress (GAO/
                   AIMD-97-120R, August 19, 1997).

                   Defense Computers: Improvements to DOD Systems Inventory Needed for
                   Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997).

                   Defense Computers: Issues Confronting DLA in Addressing Year 2000
                   Problems (GAO/AIMD-97-106, August 12, 1997).

                   Defense Computers: DFAS Faces Challenges in Solving the Year 2000
                   Problem (GAO/AIMD-97-117, August 11, 1997).

                   Year 2000 Computing Crisis: Time Is Running Out for Federal Agencies to
                   Prepare for the New Millennium (GAO/T-AIMD-97-129, July 10, 1997).

                   Veterans Benefits Computer Systems: Uninterrupted Delivery of Benefits
                   Depends on Timely Correction of Year-2000 Problems (GAO/
                   T-AIMD-97-114, June 26, 1997).

                   Veterans Benefits Computer Systems: Risks of VBA's Year-2000 Efforts
                   (GAO/AIMD-97-79, May 30, 1997).

                   Medicare Transaction System: Success Depends Upon Correcting Critical
                   Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).

                   Medicare Transaction System: Serious Managerial and Technical
                   Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997).

                   Year 2000 Computing Crisis: Risk of Serious Disruption to Essential
                   Government Functions Calls for Agency Action Now (GAO/T-AIMD-97-52,
                   February 27, 1997).

                   Year 2000 Computing Crisis: Strong Leadership Today Needed To Prevent
                   Future Disruption of Government Services (GAO/T-AIMD-97-51,
                   February 24, 1997).

                   High-Risk Series: Information Management and Technology (GAO/
                   HR-97-9, February 1997).




(511724)   L
           ertet   Page 19                                                   GAO/AIMD-99-49
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order made
out to the Superintendent of Documents, when necessary, VISA and
MasterCard credit cards are accepted, also.

Orders for 100 or more copies to be mailed to a single address are
discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any list
from the past 30 days, please call (202) 512-6000 using a touchtone
phone. A recorded menu will provide information on how to obtain
these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with “info” in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. GI00
Official Business
Penalty for Private Use $300

Address Correction Requested