Columns DCWatch
Archives Elections Government and People Budget issues Organizations |
Statement of Jack L. Brock, Jr., Director,
Governmentwide and Defense Information Systems Accounting and Information Management
Division Testimony before the Subcommittee on the District of Columbia, Committee on Government Reform, House of Representatives Mr. Chairman and Members of the Subcommittee: Thank you for inviting me to participate in today's hearing on the challenges facing the District of Columbia in addressing the Year 2000 problem. As you know, the District of Columbia, like many public and private organizations, is extremely vulnerable to Year 2000 problems due to its widespread dependence on computer systems to deliver vital public services and carry out its operations. If these problems are not addressed in time, the District may be unable to effectively ensure public safety, collect revenue, educate students, and provide health care services. Today, I will discuss the District's progress in fixing its systems and the risks it now faces. In October 1998 we testified that the District was seriously behind, but noted that a number of positive steps were underway to accelerate its progress on the Year 2000 problem.1 At that time, the District had hired a new chief technology officer, appointed a full-time Year 2000 program manager, established a Year 2000 program office, launched an aggressive strategy to compensate for lost tune, assigned more resources, and contracted with an information technology firm to assist with all phases of the Year 2000 correction process. Still, we stressed that because the District was so far behind in addressing the problem, it was at significant risk that critical processes could fail. Consequently, we recommended that the District promptly identify its most important operations, determine which systems supporting these operations could be fixed before the Year 2000 deadline, and ensure that business continuity and contingency plans were developed for core business operations for which supporting systems would not be renovated on time. Since we last testified, the District has started implementing these recommendations and has taken additional steps to address the Year 2000 problem. Nevertheless, the District remains far behind, but is not alone in its predicament. According to a November 1998 National Association of Counties survey of 500 counties representing 46 states, about two-thirds of counties had not yet completed the assessment phase of their Year 2000 work and about half did not yet have a county wide plan for addressing Year 2000 conversion issues. States are also experiencing Year 2000 challenges. A recent survey of state Year 2000 efforts2 indicates that over 40 percent of the states are less than halfway through remediating their mission- critical systems.3 To prepare for this testimony, we conducted a quick overview of the District's recent efforts to address risks associated with the Year 2000 date change and compared these efforts to criteria detailed in our Year 2000 Assessment Guide,4 Business Continuity Contingency Planning Guide,5 and Testing Guide.6 We reviewed a number of key project documents including the District's Enterprise Project Plan, Contingency Planning Workbook (that describes the District's approach to contingency planning), and Test Strategy. We interviewed District officials responsible for overseeing the Year 2000 effort, including the Year 2000 Program Manager, the Year 2000 Contingency Planning Manager, the Director for Systems Audits in the Office of the Inspector General, and the Year 2000 contractor's Program Executive and Contingency Planning Manager. Finally, we reviewed information collected by the National Association of State Information Resource Executives and a study of county government Year 2000 preparedness conducted by the National Association of Counties. We performed our work in Washington, D.C., between February 2 and February 17, 1999, in accordance with generally accepted government auditing standards. THE DISTRICT OF COLUMBIA EFFORTS TO ADDRESS THE YEAR 2000 PROBLEMSince our initial assessment, the District Year 2000 Program Office has established an orderly process for addressing the Year 2000 problem and has been working hard to develop an understanding of its core business processes and supporting information systems. For example, the District has:
The Year 2000 Program Manager holds weekly meetings to review deviations from schedule baselines and monitor the overall program status. Additionally, the Program Office recently began preparing Year 2000 report cards for all systems included in the District's Year 2000 effort. These report cards, which are provided to each agency, summarize the progress being made on each system. THE DISTRICT IS STILL BEHIND SCHEDULEThe District's recent actions reflect a commitment to protect its key business processes from Year 2000 failure. However, its schedule for fulfilling this commitment is highly compressed and moves through four phases of the Year 2000 process in less than one year-assessment by the end of February, renovation and contingency planning by the end of September, and system validation by the end of November. Currently, the District remains over one year behind our recommended schedule and is just now transitioning from the assessment to the renovation phase of the Year 2000 conversion model. By contrast, our Assessment Guide recommends that renovation should have been completed by the end of August 1998 to allow ample time for validation and implementation and that organizations should now be well along in their contingency planning efforts-testing and implementing business continuity and contingency plans for their core business processes and mission-critical systems.7 As illustrated in the following figure, organizations should also now be well into validating and implementing their renovated systems. Figure 1: The District's Reported Year 2000 Status Compared to Our Recommended Year 2000 ScheduleAccording to the District's Year 2000 Program Manager, at this time, the District has only renovated about 5 percent of its mission-critical systems, with less than 1 percent of its mission-critical systems completing validation. Further, only one of the District's over 200 mission-critical systems, which is responsible for paying District employees and pensioners, has been through the entire conversion process and is now implemented. Only six business continuity plans such as the plan for documenting the manual registering of students for the University of the District of Columbia's student enrollment process have been finalized. THE DISTRICT OF COLUMBIA FACES A RISK THAT CRITICAL SERVICES WILL BE DISRUPTEDIt will be difficult for the District to adequately compensate for its late start in initiating effective action on the Year 2000 challenge. As a result, it faces a significant risk that vital services will be disrupted-and tremendously important tasks lie ahead. For example, according to the District's project plan, testing for a majority of its mission-critical systems will peak over the next few months and finish in October. Experience shows that Year 2000 testing-the linchpin for providing reasonable assurance that systems process dates correctly is the most time consuming and difficult phase of nearly all Year 2000 projects. Similarly, development and testing of the District's contingency plans, which are intended to reduce the risk and potential impact of Year 2000-induced information system failures on its core business processes, are likewise scheduled for completion in the fall. Given the District's compressed Year 2000 schedule-which allows no margin for error-and to have a reasonable chance of avoiding serious disruption to public services, it must be well prepared for likely project delays and/or failures of mission- critical systems. THE DISTRICT MUST TAKE STEPS TO MITIGATE RISKSThe District's schedule for Year 2000 compliance offers little opportunity for further compression, no margin for error, and little room for corrective action if test results show continued problems with mission-critical systems.
Mr. Chairman, this concludes my statement. I will be happy to answer any questions you or Members of the Subcommittee may have. 1. Year 2000 Computing Crisis: The District of Columbia Faces Tremendous Challenges, in Ensuring Vital Services Are Not Disrupted (GAO/T-AIMD-99-44, October 2, 1998). 2. Individual states submit periodic Year 2000 progress updates to the National Association of State Information Resource Executives. For the January 16th report, the states submitted their data between December 7, 1998, and January 14, 1999. 3. Four states did not respond to this question. 4. Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14). Published as an exposure draft in February 1997 and finalized in September 1997, the guide was issued to help federal agencies prepare for the Year 2000 conversion. 5. Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD10.1.19). Published as an exposure draft in March 1998 and issued in August 1998, this guide provides a conceptual framework for helping organizations to manage the risk of potential Year 2000 induced disruptions to their operations. It discusses the scope and challenge and offers a structured approach for reviewing the adequacy of agency Year 2000 business continuity and contingency planning efforts. 6. Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21). Published as an exposure draft in June 1998 and issued in November 1998, this guide addresses the need to plan and conduct Year 2000 tests in a structured and disciplined fashion. The guide describes a step-by-step framework for managing, and a checklist for assessing all Year 2000 testing activities, including those activities associated with computer systems or system components (such as embedded processors) that are vendor supported. 7. Although the District has finished assessing its mission-critical systems, it does not expect to finish assessing non-IT assets until the end of February 1999. According to the District's Year 2000 Program Manager, about 36 percent of the District's non-IT assets have been assessed. 8. 'The District of Columbia Financial Responsibility and Management Assistance Authority, also known as the District of Columbia Control Board, was established in April 1996 by Public Law 104-8. The Board's responsibilities include improving the District's financial planning, budgeting, and revenue forecasting as well as ensuring the most efficient and effective delivery of city services. The Board is also responsible for conducting investigations to determine the fiscal status and operational efficiency of the District government. |
Send mail with questions or comments to webmaster@dcwatch.com
Web site copyright ©DCWatch (ISSN 1546-4296)