Year 2000: Overview paper

 

• Are we ready?
• Awareness and Promotion
• Corporate Action and Ownership of the Problem
• Year 2000 Conversion Plan
• Year 2000 FAQs
• Glossary of Terms

© Copyright 2000 CIPS (Canadian Information Processing Society). All rights reserved. Reproduction in whole or in part strictly prohibited.

Are we ready?

• Who has the information?
• How reliable is it?
• What has not been done?
• What are the consequences?
• What can I do?
• What should I avoid?
• Readiness Checklist for Business
• Readiness Checklist for Individuals
• The View from Arizona

There is a wide range of views and opinions about our readiness for Year 2000. Predictions range from a non-event to absolute catastrophe. These wide ranging arguments have been made, based on interpretation of much of the same information. Since there is no consensus, we must conclude that we really do not know how ready we are for the change of the year to 2000. We do know that a lot of work has been completed and that much progress has been made. Has it been enough and where are the weak links in the chain?

Who has the information?
There are a number of sources of information regarding Year 2000 readiness. Statistics Canada, USA MITRE, USA Government sites, British sites, SEC, Stock exchanges, etc.

[ Back to Are We Ready? ]

How reliable is it?
When we determine the reliability of information we must ask questions such as:

How old is the information? In Year 2000 terms, times are compressed and changes are constant, so information becomes stale dated quickly.

How is the information collected? Is there a single standard or set of standards by which information is collected?

Is accuracy verified and if so by what process? Are organizations presenting their best optimistic wishful thinking or are they reporting the bare unbiased facts?

What are organizations motivated to reveal to us? What do they believe they must defend or protect?

How is the information interpreted?

[ Back to Are We Ready? ]

What has not been done?
We do hear reports regarding what has been completed and tested. These are usually limited to the scant coverage provided by the mass media of the day. But does it tell the whole story? Quite often more is disclosed by what is not said, than what is reported. There has been no overall readiness assessment identifying what crucial elements still need to be addressed.

[ Back to Are We Ready? ]

What are the consequences?
Since we do not know the overall status of our efforts to address the Year 2000 issue, we have little way of knowing what the consequences of failure will be. Why do we say this? We know that no organization works, survives or exists in isolation. Every organization is dependent upon others to survive. This relationship of dependencies between multiple organizations is referred to as the Supply Chain. Organizations either provide or receive vital goods and services from other organizations. Failure of one critical organization in the supply chain will impact upon others. Organizations live in multiple supply chains in a way that creates critical linkages between multiple supply chains. A failure in one can impact upon many in an exponential fashion. How will you be affected? We can not say for certain.

[ Back to Are We Ready? ]

What can I do?
There is a lot that can be done. First, do not panic. Second, be prudent. Third, focus on the important issues and address them.

Do not panic. The world will not come to an end. Even if it were going to, you have no power to do anything about it anyway.

Be prudent in your actions. Don't do things that will precipitate harm to yourself or to others. Be reasonable in your preparations. Regardless of what you read or hear, understand what risks are presented to you. Risks will vary depending on where you live, your age, your health, etc. Understand your situation in terms of dependency or self-sufficiency. A hermit living in the woods with all of his worldly possessions and no amenities is not likely to be adversely affected by the Year 2000 problem. Someone living in a city and being dependent upon outside sources for heat, light, transportation, food, security of their assets etc. is more vulnerable.

[ Back to Are We Ready? ]

What should I avoid?
Avoid panic and overreaction. Avoid complacency and taking no action. Avoid developing a sense of helplessness. Avoid unreasonable behavior. Avoid unreasonable demands from others.

[ Back to Are We Ready? ]

Readiness Checklist for Business

So it is not a perfect world and we cannot say with certainty that all Year 2000 problems will be solved before the year changes to 2000. There are some things we can do and there are some things that we either can't do or can't afford to do. The following list provides a general approach for readiness for business.

All mission critical systems have been:

• identified,
• remediated
• tested
• secured against reintroduction of Y2K problems

All non-mission critical systems have been:

• remediated where possible or,
• workarounds have been developed where required.

All data have been:

• Converted to align to Year 2000 ready systems or,
• Appropriate filters have been created to bridge between Year 2000 ready systems and non-compliant data.
• All information systems technology infrastructure has been made Year 2000 ready.
• All critical imbedded processors have been made Year 2000 Ready. These would include PLC's for manufacturing, environmental controls, security controls, test equipment, equipment maintenance, etc.
• External organizations that provide critical goods and services essential for your survival have been involved in your Year 2000 readiness efforts so that you have jointly ensured readiness for Year 2000.
• Appropriate contingency plans have been developed to reduce the impact of failures of external organizations outside your control, upon which you depend for survival.
• Business recovery and Business continuance processes have been developed and tested in readiness for Year 2000 events.
• A communications plan has been developed to ensure open and accurate communication with customers, suppliers and, if required, the general public.
• Staffing policies have been developed to ensure retention and availability of key staff to address Year 2000 issues.
• The number of high-risk customers with long or erratic payment patterns have been reduced or eliminated.
• Key customers who provide the bulk of your revenues have been made a part of your planning and you have been a part of theirs.
• Records to support your business have been maintained to the highest standard.
• Finally, ask yourself "Is there anything further I can do that makes sense?" If the answer is "Yes." do it.

[ Back to Are We Ready? ]

Readiness Checklist for Individuals
So it is not a perfect world and we cannot say with certainty that all Year 200 problems will be solved before the year changes to 2000. There are some things we can do and there are some things that we either can't do or can't afford to do. The following list provides a general approach for readiness for individuals.

Protect your money. Maintain current records of what money you owe and what money is owed you. This latter category includes all money that is yours and is not in your possession. Bank accounts, investments, etc fall into this category. Also maintain records of payments made during the last few months before the year turns to 2000.

Protect your property. Ensure that you maintain insurance and mortgage records. This also includes any lease contracts you may have.

Protect your neighbors. Determine how you can assist those less able than you in time of emergency. Determine how they can assist you.

Understand and work with your community.

Protect yourself. Prepare for a bad winter storm. How would you prepare for a storm that lasted one week?

Visit with someone who is more self-sufficient than you. Plan to stay a few days.

[ Back to Are We Ready? ]

The View from Arizona
Just for the record, what follows is an actual email I received from someone in Arizona. I believe it provides some insight into the concerns felt by many as we approach the big event. I have included it and my response, since there may be some value in it.

Hello Frank.

Happy Easter from Arizona. Looks like were going to have snow for Easter.

Been snowing all week, about24 in. may be another five inches tonight.

Hope everything going well in your part of the world.

Frank you're always talking about the year 2000. I know you been working on it for the last five years or so. I sometimes wonder if that's the reason you move from the city to the country. If you have the time I would like you to write and tell me what you really know. I have a few friends really preparing. Food, water ,guns and ammo,etc.they don't think the world's coming to the end. But they do feel there may be some problems. As time gets closer you hear so many different stories. Is our government ready, other countries, Marshall law, the electrical grid, and now what's going on in Europe.the weather change ,snowing at Easter,El Nino,etc.I feel that we may have some problem,I am glad we don't live in the big cities.I feel concerned about the elderly people. I hope to have my parents here for the new year. I feel that you're parents will be with you that time of the year.

Even though this conversation can go on all night, and I'm sure that you talk about this quite a bit. I'm going to sign off for now. I'm looking forward hearing from you. Tell me the good and bad,the whole truth and nothing but the truth, and what people are doing to be prepare. Talk to you later, this year and 2000. Bob

Hi Bob,

Your questions re Y2K are the classic questions being posed by most folks these days. The big problem with Y2K now, is bad reporting by the news media, which has obfuscated the facts with hype and sensationalism. So as a result, the public is receiving a very unbalanced view of the overall situation, its underlying issues and the risks associated with it. And that is very unfortunate since it is risk that we are trying to address here.

When we deal with risk, we focus on three prime facets, namely: 1) What is the risk? 2) What is the probability of Occurrence, and 3) What is the resultant adverse consequence? There is no single answer since the same situation can present different risks depending upon where you live. City dwellers are much more dependent upon urban infrastructure such as public transportation, utilities, water supply, etc than country folk are. Generally speaking, country folk tend to be a little more self sufficient than city folk because country folk have less infrastructure provided. We get our water from wells, we burn wood, etc. so we have more control of those resources. So, the adverse consequence of having water contaminated as a result of a Y2K failure is the same in the country or the city. However the probability of the risk occurring is lower in the country since we have no dependency on the city to ensure the safety of the water supply.

You should look at all of the possibilities and assess them in a similar manner. Of course assessment is only the first step. Next you should mitigate the risk (eliminate it) or build contingencies to minimize the impact of the occurrence. The highest priority issues must be addressed first since you do not have enough time nor money to address all of them. So let's say that you believe that food shortage is a great risk. We know the consequences should that risk be realized. We also know that we cannot do much to ensure that the food supply chain operates properly. In this case we build a contingency by bringing in extra provisions. .......and so on.

You may want to inquire locally to find community or church groups that are addressing these issues in your locale.

On the wider global level, the truth is we don't know what the status really is. There are a wide variety of views and opinions supporting everything from minor blip to major catastrophe. Personally, I don't predict rioting in the streets, but I don't live in LA either. Stories about people adopting a "Bunker" mentality abound. Personally I don't subscribe to hoarding food and defending it with a gun. But, I live in Canada so my reality is different from yours. On the other hand, I am not complacently sitting by and assuming that nothing will happen either. That would be reckless since we know that this is an event with predictable timing and things will definitely go wrong. Question is how wrong?

In my opinion, prudent behavior is called for. Address the important issues. If my VCR doesn't work as a result of Y2K, who cares? The same is true for my car and my microwave oven. But if the risk of being without a daily supply of electricity to heat your home is high, you will want to address it by providing some other source of heat. Bear in mind that where there is widespread loss of a resource such as electricity, densely populated areas are usually restored before more sparsely populated areas.

So what are WE doing? For us it will not be very different from normal. We will have our usual load of firewood, usually enough to last two years. We will have our normal supply of drinking water. We fill 5 gallon bottles from a local spring because it so delicious. We have a generator as a result of last year's ice storm, so I will have gas and oil for it. It is the Christmas and New Year season so we will have lots of food. Maybe this year we will stock a little more, but no big deal. I make my own beer!!! LOL. We have no plans to travel. That is normal for us. My Mother and Father may or may not join us. And I will have a few hundred bucks in cash in the event that ATM's fail and banks don't open for a few days. I will also ensure that I have records of money owed by me and to me, including bank records investments, etc. But that is fairly normal, don't you think? Most people keep track of things like that.

From a business perspective, I am ensuring that my A/R for high-risk clients is small to non-existent. I would also ensure that any suppliers of material critical to my ongoing operation are Y2K ready, or that I know where alternate suppliers can be found. In some cases I would switch to ready suppliers now to ensure my place in the queue.

Apart from that, I plan to relax and enjoy the holiday. We have a few friends within a short drive from here and we need very little excuse to have a spontaneous party.

And finally consider this. No matter how often you hear that 1999 is the last year of the century and the millennium, it is not. That's just another example of bad reporting by the news media. In fact 2001, not 2000, is the first year of the new century and the millennium. "Why?" You may be saying. 3BC, 2BC, 1BC, 1AD, 2AD, 3AD. The first year AD was the first year of the first century. Hard to know who or what to believe ain't it?

Great yakin' at ya.

BCNU,

Frank

[ Back to Are We Ready? ]

Awareness & Promotion

• Defining the Problem
• Where Did the Problem Originate?
• How Big is the Problem?
• Is There a Simple Fix?
• Is the Problem More than a Technical Issue?

Defining the Problem
Computing and telecommunications play a central role in modern life. Virtually all organizations, from multinational corporations and national governments to home businesses and local libraries, depend on information technology to manage their operations and deliver core services.

A world in which these vital technologies no longer function -- or even worse, function incorrectly -- is hard to imagine. But unless we are soon able to solve a simple but ubiquitous programming problem, critical information and communications systems may no longer operate reliably, or may cease to operate entirely.

The implications range from the merely inconvenient to the catastrophic. Errors may occur in programs that compute interest, organize information chronologically, or determine a person's age. Permits and licenses may not be issued on time. Payrolls and pension benefits might be miscalculated. Inventory systems could order stock at the wrong time and in the wrong quantity. Financial deadlines could be missed. For many organizations, failure to address the problem may result in chaotic record-keeping, interruptions in service, and in extreme situations, business failures.

At the root of this potentially disastrous problem is a seemingly innocuous programming convention for dealing with date-related transactions. It's known by a number of names -- the "Millennium Bug", the "Y2K Virus", or most frequently, the "Year 2000 Problem".

Simply explained, the difficulty is that many information technology systems store dates in a format which uses only two digits instead of four to identify a given year. For example, January 10, 1999 is typically recorded as 01/01/99 rather than 01/01/1999. In most cases, such systems will interpret January 1, 2000 as January 1, 1900 (01/01/00).

[ Back to Awareness and Promotion ]

Where Did the Problem Originate?
The practice of using two digits to express a given 4-digit year identify the year began decades ago when computer memory and storage were expensive commodities. The ability to save space in databases which often contained millions of date-related records enabled programmers to reduce costs substantially. At the same time, many early programming languages did not support the use of four-digit years. The result is that the two-digit year convention remains in effect even though memory costs are no longer a significant factor in programming costs.

The practice affects programs which calculate age, sort by date, compare dates or perform other tasks associated with a specified year date. It occurs in micro-code, operating systems, software compilers, applications, queries, procedures, databases and data. It affects mainframe, mid-range and desk-top computers alike.

The IT industry and many of its customers have been aware of the problem for some time. At first it was not considered to be a problem because computer applications were expected to have a much shorter lifespan. Most IT experts generally anticipated that applications developed in the '60s and '70s would become obsolete long before the turn of the century. Instead, old computer code has been migrated to new applications and has remained at the core of many IT infrastructures.

[ Back to Awareness and Promotion ]

How Big is the Problem?
From a technical perspective, fixing the problem is relatively simple. The scope and scale of the work involved, however, is enormous. Literally millions of lines of computer code, some written years ago in programming languages now obsolete, must be checked, re-written and tested. For many organizations, this means that millions of dollars and thousands of work-days must be dedicated to the problem. Some analysts believe that, on a world-wide basis, Year 2000 conversion efforts will cost more than $500 billion.

Many larger companies, have been working on the problem for several years. Companies operating on lengthy timespans - financial institutions engaged in mortgage, insurance and pension programs, for example - were among the first to recognize the problem and begin taking corrective action.

A significant number of organizations, however, seem to have been ignoring the problem, in part because senior management has not fully assessed the business risks involved. Information technology professionals are well aware of the issue but senior executives appear to have difficulty understanding the potential impact on business operations or accepting the high cost of Year-2000 solutions.

A study of 100 Canadian firms conducted in early 1997 by ITAC revealed that more than a third had yet to develop formal plans to address Year 2000 issues. Considering the extent to which the global economy is now integrated and interdependent, this is a far more serious issue than the statistics may suggest. Increasing dependence on electronic commerce and the widespread application of "just-in-time" management techniques, mean that organizations are more closely tied to their customers, suppliers and business partners than ever before. If one part of the system fails, it will inevitably affect other elements that rely on precise timing and integrated operations.

Even companies which are not major users of information technology may depend on the activities of suppliers, dealers and wholesalers which depend on computerized systems. Recent surveys indicate that the majority of Canadian firms routinely exchange data with outside organizations. More significantly, few of these organizations are co-ordinating their Year 2000 activities.

[ Back to Awareness and Promotion ]

Is There a Simple Fix? Although many senior executives and even IT professionals continue to hope for a single, universal solution, it is extremely unlikely that a so-called "silver bullet" will emerge in time to deal with the problem.

In many cases date fields cannot accommodate more than two numbers. Nor can computer systems be programmed to simply insert the digits "1" and "9" into years because some dates may refer to a different century.

One approach is to find each point in a system that uses a date to trigger a calculation or routine and then re-write the source code. However, this solution requires that all applications be changed and tested on a coordinated basis to ensure that they can store and interpret dates in both the 20th and 21st centuries.

Many organizations expect to renovate the date portion of their code, a sizeable and complex task in itself. Others expect to replace their affected code with new applications packages. In neither case, however, is this a trivial exercise.

Although a number of vendors offer automated Year 2000 programming solutions, no one solution can be applied to all code to fix the problem swiftly and simply.

[ Back to Awareness and Promotion ]

Is the Problem More than a Technical Issue?
The implications of the Year 2000 problem extend far beyond the computer room. They are likely to affect the full range of business activity. Profitability, communications, process control, security, communications, employee morale and corporate reputation could all suffer if the issue is not adequately addressed. The Year 2000 problem is not simply a technical "glitch", but a fundamental and strategic business issue.

Effective responses to the problem may demand a significant investment. Financial and human resources may need to be re-allocated and re-deployed. Senior management, including the CEO and his closest advisors, must be fully informed and actively engaged in the assessment of the problem's impact and the definition of appropriate strategies. Experience has demonstrated that without strong support and commitment from the highest levels of management, Year 2000 projects have little chance of success. Senior business leaders and decision makers must provide leadership, direction, support and resources in support of Year 2000 initiatives.

[ Back to Awareness and Promotion ]

Corporate Action & Ownership of the Problem

• What Challenges will Project Managers Face?
• Is there an Upside to the Year 2000 Problem?
• What are the Key Factors to Consider?
• What Steps Need to be Taken?
• Summing Up - An Executive Checklist
• What are the Key Factors to Consider?What Can be Learned from Existing Year 2000 Initiatives?
• Quiz - Will You be Ready for Year 2000?
• Year 2000 Checklists

What Challenges will Project Managers Face?
The Year 2000 problem presents a particularly difficult challenge to project managers. An effective solution typically encompasses multiple smaller projects, the outcome of which must be managed to converge in a single, successful outcome. The sub-components of the project often involve a wide range of technologies and platforms. Complexity is further increased by the interdependencies between systems and the data they share, both internally and with external organizations.

Project managers must liaise closely with senior management to establish priorities for system conversion and to determine which systems will not be converted. Since Year 2000 activities must be coordinated with other ongoing systems operations and maintenance activities, senior management must work with the Year 2000 project manager to make the trade-offs that are likely to arise.

An immutable deadline requires that Year 2000 project managers consistently "do the right things and do things right". Project managers must ensure meticulous project planning and execution, combined with the deployment of contingency measures in response to new constraints and changing conditions.

Although Year 2000 projects and activities are in many ways similar to large systems development projects, they make even heavier demands on the project management team. This is primarily due to the large number of concurrent changes to operational systems and data, many of which are interdependent. Additionally, many of the disciplines used in the development and maintenance of systems are critical in Year 2000 projects. These include change control and configuration management as-well-as system testing on multiple levels.

Finally, communication with leaders and executives within the organization, external business partners and with all employees affected by the Year 2000 activity is essential.

[ Back to Corporate Action ]

Is there an Upside to the Year 2000 Problem?
Although Year 2000 projects will not necessarily deliver additional IT benefits or functional enhancements, they will enable organizations to develop a complete inventory of applications, hardware and software. They also provide an opportunity to analyze IT resources and terminate applications or systems which are obsolete or unnecessary. In addition, systems infrastructures will be revitalized and core skills, such as project management will be significantly enhanced.

The methodology and controls needed to ensure a successful Year 2000 project will also provide quality standards and procedures which will improve ongoing maintenance activities.

At the same time, many of the tools acquired in the Year 2000 transition will likely enhance programmer productivity.

[ Back to Corporate Action ]

What are the Key Factors to Consider?
Several key issues must be considered in dealing with the Year 2000 problem.

Time is limited. The deadline for the completion of Year 2000 projects is absolutely immovable. Ideally, Year 2000 projects should be completed by December 1998 to allow a full year of operational adjustment and fine-tuning.

Canada's IT industry is already facing critical skill shortages. Demand for Year 2000 skills will further strain the supply, resulting in increased difficulty in recruiting essential personnel, and rising labour costs. Significant financial and technical investment will be needed in most organizations. Excessively bureaucratic budgeting processes and competing Information Technology or business initiatives may impose serious delays.

Carefully defined and executed project plans with consistent, focused, processes providing measurable results are required to guide the overall Year 2000 effort.

Failure to provide Year 2000-compliant, "mission-critical" systems may, in some cases, jeopardize the operational viability of the entire organization. Mission critical systems are those systems essential for organizational survival

[ Back to Corporate Action ]

What Steps Need to be Taken?
The single most important step in addressing the Year 2000 problem is for senior leaders in business and government to take meaningful action. Meaningful action means committing human, technical and financial resources to address the Year 2000 problem. Meaningful action means empowering project managers to achieve organizational objectives.

Having done that, organizations need to develop a program which addresses the problem on three fronts -- business operations, IT systems, and automatic control systems such as fire, security and building maintenance. A senior executive should be appointed to coordinate all three areas of activity at a corporate level.

Next, an inventory should be compiled of systems and processes in all three areas with a view to assessing the impact of the problem on core business activities.

With respect to IT infrastructure, priority should be given to those programs or systems which support critical business processes. Software and hardware suppliers should be contacted to determine if current versions of packaged applications or equipment comply with Year 2000 requirements.

Data should also be reviewed to determine what needs to be changed, upgraded or discarded.

Once the inventory and analysis is completed, the project management team must analyze risks, measure costs, assign tasks, and develop schedules.

The key to success is to act immediately, consulting with vendors, advisors and consultants as soon as possible. For most organizations, there is still time to respond to the Year 2000 issue. Although some systems and applications may not be ready in time, essential core activities can be maintained.

Success, however, will depend on genuine executive commitment, meticulous preparation, punctilious planning and flawless execution.

[ Back to Corporate Action ]

Summing Up - An Executive Checklist
The checklist for any organization should include answers to the following questions:

Does executive management understand and support the actions being taken to deal with the Year 2000 problem ?

Has a decision been made to determine the appropriate mix of "make versus buy" with respect to the technical resources needed for the analysis, conversion and testing processes ?

Are there adequate levels of staffing in place or recruitment processes to address the demand for essential skills ?

Have appropriate tools been selected for all affected computer platforms and applications ?

Has a plan been established to set conversion priorities, based on the importance of selected systems to core business activities ?

Has an overall conversion methodology, including an adequate testing plan, been selected ?

Is a procedure in place to ensure that new system resources will be adequately screened to ensure that Year 2000 problems are not reintroduced ?

[ Back to Corporate Action ]

What Can be Learned from Existing Year 2000 Initiatives?
Although not exhaustive, the following list of suggestions is based on the experience of several organizations -- public and private -- which have already begun Year 2000 conversion efforts.

Stop acquiring non-compliant products !

Establish a Project Office. It will become the corner stone of the infrastructure you require to focus efforts to address the Year 2000 issue.

Recognize that management of a Year 2000 project will require special processes, skills, tools and authority.

Develop an infrastructure to manage the project. An effective infrastructure should include consistent processes and methodologies, measurable results, the effective communication of requirements and progress, and careful documentation.

Treat the Year 2000 project as the most important project you have. Failure to deal with the problem may dramatically impair business performance.

Look at the total picture. Don't hesitate to examine and acknowledge organizational, leadership, technical and systems deficiencies.

Identify critical business functions and the systems that support them.

Do only what is essential. There is no time to add other activities.

Determine whether or not you have the resources necessary to manage the project. Most organizations have not undertaken a project of this magnitude so avoid long learning curves. Don't hesitate to seek outside help.

Ensure that you regularly communicate and consult with suppliers, customers, business partners and employees.

Planning is important but long studies may be counter-productive. The longer it takes to refine cost estimates, the more expensive the solution will be. The time and resources available to address the problem are finite.

Complete one element of the project and apply what you've learned to others. Refine your process. Begin another.

It may not be necessary to fix every system. You may decide to retire some systems entirely. Other options include rebuilding existing systems, reengineering core business processes, or replacing custom applications with pre-packaged, Year 2000-ready software.

Verify all claims of compliant hardware, software, firmware and data components.

[ Back to Corporate Action ]

Quiz - Will You be Ready for Year 2000?
This simple quiz will give you a good idea of your organization's readiness for the Year 2000 date change.

Print off this page, then answer each of the following questions. Add up your score from the table which follows and then check the summary for a rough indication of your ability to deal with the problem.

The Quiz

1. Are you fully aware of the business issues and risks posed by the Year 2000 problem to your organization?
   1. Yes
   2. No / Not Sure

    

2. Do you believe you have enough time to deal with Year 2000 issues before they become a problem to your organization?
   1. Yes
   2. No / Not Sure

    

3. Are you taking an organization-wide view of Year 2000 issues, as opposed to treating it as an IT problem?
   1. Yes
   2. No / Not Sure

    

4. Have you created a Year 2000 Project Office in your organization, or appointed a Year 2000 Coordinator with the authority and resources to address the problem?
   1. Yes
   2. No / Not Sure

    

5. Which of the following actions has your organization's information systems department taken to address Year 2000 issues?
   1. No action taken
   2. Impact of problem assessed
   3. Options identified and evaluated
   4. Plan developed
   5. Plan approved by general management
   6. Budget committed and resources allocated
   7. Implementation underway

    

6. Have you asked your hardware and software suppliers whether their products are or will be Year-2000 compliant ?
   1. Yes
   2. A status report has been requested
   3. No / Not Sure

    

7. If you have critical in-house applications, how will you make sure they are ready by Year 2000 ?
   1. Upgrade current platform and applications
   2. Modify date routines in existing applications
   3. Convert them to a different platform
   4. Don't know

    

8. Do you have source code for all your critical business applications?
   1. Yes
   2. No / Not Sure

    

9. Do you have access to the resources (human, technological and financial) required to execute your Year 2000 project?
   1. Yes
   2. No / Not Sure

    

10. Have you identified the training requirements (software, project management etc.) that may be required in your organization and identified possible suppliers?
    1. Yes
    2. No / Not Sure

    Scoring
    

    1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

    a. a. a. a. a. a. a. a. a. a.

    5 5 5 5 0 10 10 10 10 10

    b b b b b b b b b b

    0 0 0 0 5 5 5 0 0 0

    c. c. c.

    10 0 5

    d. d.

    15 0

    e.

    20

    f.

    25

    g.

    30

    Results

    80-100: Congratulations ! You are well on your way to solving the Year 2000 issue in your organization.

    55-75: You are heading in the right direction, but a number of important management and organizational questions still must be answered. You need to proceed as quickly as possible.

    0-50: Your organization may be in serious trouble. You need to move quickly or key business operations may be at risk. Time is running out quickly and you need to develop a Year 2000 plan immediately.

    [ Back to Corporate Action ]

    
    Y2K Checklists

    • Checklist for CEO's: Small and Medium Sized Companies
    • Checklist for Technical Managers
    A Checklist for Chief Executive Officers of Small and Medium-Sized Enterprises
    "Many senior executives are going to find it a shocking revelation when they finally realize the risks to which their organizations are exposed" -- Information Technology Association of Canada
    Vice President Peter Broadmore.
    • Have you a board level Year 2000 champion?
      Year 2000 programs significantly impact business strategy and resources. Risk of failure is high without a senior champion to fight for funds, staff, and attention.
    • Have you communicated to your staff the goals of your Year 2000 program and your commitment to realize them?
      It is vital that business unit managers, with Year 2000 affected business systems, understand that date processing problems may cause the failure of their business process, and that they take responsibility for the solution.
    • Have you appointed a Year 2000 program manager, with sufficient authority to make difficult business decisions on behalf of your firm?
      
    • Have you provided your Year 2000 program manager with an open door to the most senior decision makers in the firm, to address situations where higher authority is required?
    • Have your contracting, purchasing, and internal system development policies been modified to block the acquisition or development of additional Year 2000 non-compliant systems?
    • Have you completed an inventory of Year 2000 date-sensitive information technology and facilities assets? The inventory should include manufacturing and business systems, computer hardware, date-sensitive communications, and facilities systems, i.e., PBXs, building access, fire, elevators, power supply, air-conditioning, etc.
    • Have your firm's mission critical systems been identified?
      Involve business unit managers early to identify business-critical systems.
      Critical to business operation -- legal compliance requirements.
      Critical to uninterrupted operation -- manufacturing, accounts receivable, etc.
    • Has responsibility for the Year 2000 compliance of each system been clearly assigned?
      Such as: a business unit manager, in-house team, out sourcing organization, software product supplier, etc.
    • Are you ready to deal with the threatened or real loss of your key Year 2000 managers and information technology professionals?
      Local and international competition for Year 2000 practitioners is cut-throat.
      Corporate compensation policies and practices must be reviewed now to create the flexibility needed to retain and replace key Year 2000 professionals
    • Is the assessment and triage of your information technology holdings complete?
      Time is becoming critically short. Many firms spend too much time in the assessment and planning phase of their program. 20 percent is reasonable.
    • Have you approved and adequately funded a Year 2000 conversion" program?
      Once into the conversion process, many firms encounter unexpected problems which can increase effort and cost, to as much as four times original plans.
      While needs vary by firm, plans resourced at less than one-third of normal information technology budgets in each of the next four years are unlikely to be adequate.
      Where resources have been diverted from other business activities, hostility to the Year 2000 program can be expected and must be managed by senior executives.
    • Is your Year 2000 conversion plan synchronized with your business partners?
    • Have all EDI or data links with customers, suppliers, and key business partners been fully addressed?
    • Is Year 2000 conversion underway?
      It is important to begin conversion of several systems quickly. Year 2000 conversions pose unfamiliar business and technical challenges. Successful firms report significant "learning by doing".
    • Does your test plan provide adequate resources, time, and contractual access to off-site test facilities?
      Few firms plan sufficient time and effort for this vital phase of their Year 2000 program; testing may require 50 percent, or more, of program time and resources.
      Few firms have sufficient in-house information technology capacity or technical expertise to complete this vital phase of their Year 2000 program without assistance. [ Back to Checklists ] [ Back to Corporate Action ]

      
      A Checklist for Technical Managers

      • Inventory and Initial Assessment: (5 percent of time)
        • Establish a core Year 2000 Project Team, with senior management champion.
        • Adopt Year 2000 standards and contract requirements for all future software and hardware development and acquisition.
        • Inventory hardware, software, communications and facilities systems, by size, operating systems, etc.
        • Perform initial assessment of date frequency and risk exposure.
        • Identify all key EDI or data sharing interfaces with clients, suppliers, and key business partners.
        • Identify a "critical event horizon" identifying when key systems may begin to fail.
        • Develop preliminary cost and effort forecasts.
        • Develop a preliminary Year 2000 conversion strategy.
      • Impact Assessment and Conversion Planning: (20 percent of time)
        • Measure the criticality of each system to the business
          • Critical to the operation of the business: legal compliance requirements,
          • Critical to the uninterrupted operation of the business: manufacturing systems, order entry, shipping, billing, accounts receivable, etc.
          • Required to support business decision making, but less critical: sales reports, etc.
          • Desirable but not absolutely required to support the business.
        • Identify key dependencies and constraints.
          • EDI or data sharing requirements and plans of key customers, suppliers, and business partners.
          • Access to source code.
          • Terms of current contracts with value added resellers (VARS), outsourcers, and software providers.
          • Compliant software release commitments.
          • Test data sets and test facilities availability.
        • Carry out an in-depth date incidence and conversion assessment of critical systems.
        • Develop detailed cost and time estimates for year 2000 repairs.
        • Expand the core Year 2000 Team into the Year 2000 Project Team.
      • Systems Conversion: (20 percent of time)
        • Firms' experience indicates that valuable early lessons may be learned by starting out with the assessment, conversion, system test, and return to production of several systems -- "learning by doing".
        • Implement the conversion strategy for each system, if appropriate, working in parallel on more than one system at a time.
        • Implement and maintain data bridges between compliant and non-compliant systems, and internal and external business partner systems.
      • Unit and System Testing: (45 percent of time)
        • Unit test and verify subsystems: systems test groups of subsystems: undertake regression testing.
        • Verify that the systems accepts input from, and provide output to, other systems with which they share data.
        • Consider independent verification of Year 2000 compliance.
        • Install Year 2000 compliant hardware and software; undertake any necessary data conversion.
        • Verify end-user acceptance of each system as ready for production.
      • Implementation and Business Partner Links: (10 percent of time)
        • Move accepted compliant systems to production environment.
        • Run the compliant system in parallel with the old system.
        • Evaluate compliant system performance, throughput, and reliability.
        • Identify and perform necessary system tuning.
        • Evaluate user acceptance of the compliant system.
        • Phase-out the old system as the compliant system stable.
        • Test and continuously monitor the performance of all data links with customers, suppliers, and key business partners.
      [ Back to Checklists ] [ Back to Corporate Action ]

      

      
      Year 2000 Conversion Plan

      • Software:
        1. Program conversion strategies: retire, replace with a COTS system, in-house code repair, out-sourced code repair -- sliding window vs. fixed window.
        2. Year 2000 tools selection.
        3. Database management system upgrades.
        4. Data administration and database conversion requirements, strategies.
        5. Operating system upgrades.
        6. COTS systems upgrades.
        7. Network operating system and desktop software upgrades.
        8. End user-developed applications.

         

      • Hardware:
        1. Server upgrades.
        2. Workstation, PC, terminal upgrades.
        3. Routers/switches/hubs upgrades.
        4. Remote sensing, measurement, and control equipment upgrades.

         

      • Project Management:
        1. Project management infrastructure and responsibilities.
        2. Technical human resources acquisition, retention, out sourcing plans.
        3. External professional services required, sourcing strategy.
        4. Project budgets and milestones.
        5. Minimization of software development during the conversion period.
        6. Test suites, test plan, and contracting of off-site testing facilities.
        7. Bridging and interface strategies.
        8. Standards for data shared between systems and between business partners.
        9. Acceptance criteria, and deployment plans.
        10. Contingency plans should key milestones not be met: manual systems.
      

      
      Frequently Asked Questions

      Q: What is the Year 2000 problem and how did it happen?
      A: The year 2000 problem results from the common information technology practice of using two digits, rather than four, to designate the calendar year. It can lead to incorrect and potentially dangerous or expensive errors whenever a microprocessor or computer performs operations involving dates beyond 1999.

      Q: My firm isn't exposed to Year 2000 risk. Is it?
      A: Any business or person using computers or other microprocessor driven device is likely to be affected. Even firms whose own systems are fully Year 2000 compliant do not do business in isolation. If your out-sourcing organization or a key business partner finds itself in difficulty, you too may face serious business interruptions and losses.

      Q: Why should I devote personal attention to this particular issue?
      A: Unlike many business issues, firms must act on the Year 2000 problem. Imagine tying to run your business after the theft of your computerized and your back-up tapes. The Year 2000 problem may produce the same effects. Moreover, firms must complete and test their systems and links to business partners before the year 2000; the deadline is unmovable. Finally, it is important to secure necessary resources now, since unprecedented demand is developing for Year 2000 skilled people and machine time.

      Q: This isn't a management issue. Shouldn't it go to the IT group?
      A: No. This is a management problem of the highest order. Its solution is likely to require substantial financial and human resources, and may necessitate deferral or cancellation of other business initiatives. Failure to act may result in business interruption, financial loss, litigation and possibly business failure.

      Q: What happens if I do nothing about Year 2000 repairs?
      A: Any computer calculation spanning the century date may cause your systems to fail -- or worse yet produce expensive or dangerous errors.

      Q: Replacing my PCs will solve the problem, won't it?
      A: No. While computers and their operating systems constitute a part of the problem, software, databases, and many microprocessor controlled devices are also at risk. Check the Year 2000 capabilities of your PBXs, building and room access, power supply, air-conditioning, fire, and elevator systems.'

      Q: Why hasn't my information technology supplier already fixed this problem? What do I pay them for?
      A: Business management has always insisted on cost effectiveness. Business users demand ease and speed of use. Until recently, computer speeds and memory costs made it reasonable to limit access times and hardware costs by avoiding "unnecessary" characters in each database record -- especially where hundreds of thousands or millions of records were involved. Programmers assumed that their programs would be replaced before the end of the century, however, legacy programs have become increasingly "immortal", and contribute to Year 2000 problems.

      Q: Isn't our supplier responsible for fixing all this?
      A: Firms will certainly want to check carefully the terms of purchase and maintenance contracts. Do not assume, however, that they will protect your business. You will want to work closely with your suppliers, but the problem cannot be delegated to them. The business at risk is yours, not theirs.

      Q: What's the rush anyway? Why can't I fix these problems in 1998 or 1999?
      A: Each firm's situation is different. Until the magnitude of the problem is known, it is impossible to know how long it will take to make the necessary changes. Firms with older and more complex systems may already have insufficient time. Many systems have failed or will do so before 2000. Year 2000 conversion projects work best with in-house staff familiar with the applications and such staff may be bid away by competitors. The limited supply of Year 2000 expertise is rapidly being booked. Firms starting late will find it difficult to secure the services they need and will pay much higher rates.

      Q: Well, the industry will come up with a fix. Hasn't it always in the past?
      A: While some tools are available to increase the productivity of the conversion effort, this problem has been explored sufficiently long and is different enough for different environments that it seems highly unlikely that a "silver bullet" will be found. In any case, do you want to bet your business on it - or get on with the job while you can?

      Q: We're replacing all our systems by 2000, aren't we?
      A: Do not confuse the replacement cycle for your office or plant PCS with your systems replacement cycle. Few firms replace all their systems in ten, let alone three years.

      Q: Well, this is a COBOL problem isn't it, and we have no COBOL systems?
      A: The Year 2000 problem is not language specific. It may be encountered in programs written in most languages.

      Q: Can't I simply tell my staff to start using four digit year dates?
      A: Adding two digits to the date fields in databases is, at best, only a partial solution -- and perhaps not the best one for your firm. Every software program that stores or recalls these data will also have to be converted. Finding all the programs that access the data and co-ordinating the needed changes can be a major task.

      Q: How can I tell which Year 2000 consultants and service providers are reliable? A: You should always ask for references and follow them up personally. It is appropriate to speak to your counterparts in as many firms, as possible, with business systems similar to your own to learn which service providers they used and what results they delivered.

      Q: I guess we've left it too late. What's the point of doing anything?
      A: Don't give up. You are not alone. A recent Ross Hutchison & Associates survey found that 43 percent of Canadian midsize firms and 60 percent of smaller firms were either unaware of the problem or had yet to make plans to deal with it. Carefully selected cost-effective preparations made now will help to soften the blow and strengthen your firm's competitiveness, in the Year 2000.

      

      
      Glossary of Terms

      Data Bridge:
      A subroutine or other type of utility used as a data interface between compliant and non-compliant systems/programs. It allows isolated changes, testing and implementation without the need for simultaneous conversions. The data bridges may be either temporary or permanent in nature.

      COTS:
      Commercial off the Shelf Software

      Data Base Management System (DBMS):
      A suite of programs which manage large structured sets of persistent data. Examples include Ingres, Oracle and Sybase.

      EDI:
      Electronic Data Interchange

      Impact Analysis:
      Analysis of your information technology portfolio to determine the scope of exposure to date problems and the cost of necessary Year 2000 conversion of your applications.

      Network Operating System (NOS):
      The operating system resident on the network server, e.g. NOVELL.

      Regression testing:
      Part of the test phase of software development where, as new modules are integrated into the system and the added functionality is tested, previously tested functionality is re-tested to assure that no new module has corrupted the system.

      Sliding Window:
      A technique for YEAR 2000 conversion that uses a self advancing pivot within a 100 year interval and which determines the century by comparing the 2-digit year to dates before and after the pivot within the 100 years. The pivot year is established by system year.

      Fixed Window:
      Similar techniques for YEAR 2000 conversion, in which the 100 year interval is not self advancing.

      Triage:
      A deliberate approach to allowing some systems to fail and prioritizing the others in accordance with its mission critical status