Year 2000 Computing Crisis: The District of Columbia Remains Behind Schedule
General Accounting Office
GAO/T-AIMD-99-84
February 19, 1999

Home

Bibliography

Calendar

Columns
Dorothy Brizill
Bonnie Cain
Jim Dougherty
Gary Imhoff
Phil Mendelson
Mark David Richards
Sandra Seegars

DCPSWatch

DCWatch Archives
Council Period 12
Council Period 13
Council Period 14
Election 1998
Election 2000
Election 2002

Elections
Election 2004
Election 2006

Government and People
ANC's
Anacostia Waterfront Corporation
Auditor
Boards and Com
BusRegRefCom
Campaign Finance
Chief Financial Officer
Chief Management Officer
City Council
Congress
Control Board
Corporation Counsel
Courts
DC2000
DC Agenda
Elections and Ethics
Fire Department
FOI Officers
Inspector General
Health
Housing and Community Dev.
Human Services
Legislation
Mayor's Office
Mental Health
Motor Vehicles
Neighborhood Action
National Capital Revitalization Corp.
Planning and Econ. Dev.
Planning, Office of
Police Department
Property Management
Public Advocate
Public Libraries
Public Schools
Public Service Commission
Public Works
Regional Mobility Panel
Sports and Entertainment Com.
Taxi Commission
Telephone Directory
University of DC
Water and Sewer Administration
Youth Rehabilitation Services
Zoning Commission

Issues in DC Politics

Budget issues
DC Flag
DC General, PBC
Gun issues
Health issues
Housing initiatives
Mayor’s mansion
Public Benefit Corporation
Regional Mobility
Reservation 13
Tax Rev Comm
Term limits repeal
Voting rights, statehood
Williams’s Fundraising Scandals

Links

Organizations
Appleseed Center
Cardozo Shaw Neigh.Assoc.
Committee of 100
Fed of Citizens Assocs
League of Women Voters
Parents United
Shaw Coalition

Photos

Search

What Is DCWatch?

themail archives

Testimony before the Subcommittee on the District of Columbia, Committee on Government Reform, House of Representatives

Mr. Chairman and Members of the Subcommittee:

Thank you for inviting me to participate in today's hearing on the challenges facing the District of Columbia in addressing the Year 2000 problem. As you know, the District of Columbia, like many public and private organizations, is extremely vulnerable to Year 2000 problems due to its widespread dependence on computer systems to deliver vital public services and carry out its operations. If these problems are not addressed in time, the District may be unable to effectively ensure public safety, collect revenue, educate students, and provide health care services. Today, I will discuss the District's progress in fixing its systems and the risks it now faces.

In October 1998 we testified that the District was seriously behind, but noted that a number of positive steps were underway to accelerate its progress on the Year 2000 problem.¹ At that time, the District had hired a new chief technology officer, appointed a full-time Year 2000 program manager, established a Year 2000 program office, launched an aggressive strategy to compensate for lost tune, assigned more resources, and contracted with an information technology firm to assist with all phases of the Year 2000 correction process. Still, we stressed that because the District was so far behind in addressing the problem, it was at significant risk that critical processes could fail. Consequently, we recommended that the District promptly identify its most important operations, determine which systems supporting these operations could be fixed before the Year 2000 deadline, and ensure that business continuity and contingency plans were developed for core business operations for which supporting systems would not be renovated on time. Since we last testified, the District has started implementing these recommendations and has taken additional steps to address the Year 2000 problem.

Nevertheless, the District remains far behind, but is not alone in its predicament. According to a November 1998 National Association of Counties survey of 500 counties representing 46 states, about two-thirds of counties had not yet completed the assessment phase of their Year 2000 work and about half did not yet have a county wide plan for addressing Year 2000 conversion issues. States are also experiencing Year 2000 challenges. A recent survey of state Year 2000 efforts² indicates that over 40 percent of the states are less than halfway through remediating their mission- critical systems.³

To prepare for this testimony, we conducted a quick overview of the District's recent efforts to address risks associated with the Year 2000 date change and compared these efforts to criteria detailed in our Year 2000 Assessment Guide,⁴   Business Continuity Contingency Planning Guide,⁵ and Testing Guide.⁶ We reviewed a number of key project documents including the District's Enterprise Project Plan, Contingency Planning Workbook (that describes the District's approach to contingency planning), and Test Strategy. We interviewed District officials responsible for overseeing the Year 2000 effort, including the Year 2000 Program Manager, the Year 2000 Contingency Planning Manager, the Director for Systems Audits in the Office of the Inspector General, and the Year 2000 contractor's Program Executive and Contingency Planning Manager. Finally, we reviewed information collected by the National Association of State Information Resource Executives and a study of county government Year 2000 preparedness conducted by the National Association of Counties. We performed our work in Washington, D.C., between February 2 and February 17, 1999, in accordance with generally accepted government auditing standards.

THE DISTRICT OF COLUMBIA EFFORTS TO ADDRESS THE YEAR 2000 PROBLEM

Since our initial assessment, the District Year 2000 Program Office has established an orderly process for addressing the Year 2000 problem and has been working hard to develop an understanding of its core business processes and supporting information systems. For example, the District has:

• identified 18 agencies that are critical to providing vital services to the city;
• identified and prioritized 75 core business processes and over 200 mission critical systems that support these processes;
• developed a detailed project plan for remediating, testing, and implementing its mission-critical systems;
• prepared and tested a contingency planning methodology and has begun to apply the methodology in developing business continuity and contingency plans for core business processes;
• developed a system testing strategy;
• strengthened its Year 2000 organization by hiring additional staff; and
• developed crisis management procedures to be used in the event a Year 2000 failure is imminent or occurs.

The Year 2000 Program Manager holds weekly meetings to review deviations from schedule baselines and monitor the overall program status. Additionally, the Program Office recently began preparing Year 2000 report cards for all systems included in the District's Year 2000 effort. These report cards, which are provided to each agency, summarize the progress being made on each system.

THE DISTRICT IS STILL BEHIND SCHEDULE

The District's recent actions reflect a commitment to protect its key business processes from Year 2000 failure. However, its schedule for fulfilling this commitment is highly compressed and moves through four phases of the Year 2000 process in less than one year-assessment by the end of February, renovation and contingency planning by the end of September, and system validation by the end of November. Currently, the District remains over one year behind our recommended schedule and is just now transitioning from the assessment to the renovation phase of the Year 2000 conversion model. By contrast, our Assessment Guide recommends that renovation should have been completed by the end of August 1998 to allow ample time for validation and implementation and that organizations should now be well along in their contingency planning efforts-testing and implementing business continuity and contingency plans for their core business processes and mission-critical systems.⁷ As illustrated in the following figure, organizations should also now be well into validating and implementing their renovated systems.

Figure 1: The District's Reported Year 2000 Status Compared to Our Recommended Year 2000 Schedule

According to the District's Year 2000 Program Manager, at this time, the District has only renovated about 5 percent of its mission-critical systems, with less than 1 percent of its mission-critical systems completing validation. Further, only one of the District's over 200 mission-critical systems, which is responsible for paying District employees and pensioners, has been through the entire conversion process and is now implemented. Only six business continuity plans — such as the plan for documenting the manual registering of students for the University of the District of Columbia's student enrollment process — have been finalized.

THE DISTRICT OF COLUMBIA FACES A RISK THAT CRITICAL SERVICES WILL BE DISRUPTED

It will be difficult for the District to adequately compensate for its late start in initiating effective action on the Year 2000 challenge. As a result, it faces a significant risk that vital services will be disrupted-and tremendously important tasks lie ahead. For example, according to the District's project plan, testing for a majority of its mission-critical systems will peak over the next few months and finish in October. Experience shows that Year 2000 testing-the linchpin for providing reasonable assurance that systems process dates correctly — is the most time consuming and difficult phase of nearly all Year 2000 projects. Similarly, development and testing of the District's contingency plans, which are intended to reduce the risk and potential impact of Year 2000-induced information system failures on its core business processes, are likewise scheduled for completion in the fall. Given the District's compressed Year 2000 schedule-which allows no margin for error-and to have a reasonable chance of avoiding serious disruption to public services, it must be well prepared for likely project delays and/or failures of mission- critical systems.

THE DISTRICT MUST TAKE STEPS TO MITIGATE RISKS

The District's schedule for Year 2000 compliance offers little opportunity for further compression, no margin for error, and little room for corrective action if test results show continued problems with mission-critical systems.

• To partially compensate, we recommend that the District place increased emphasis on (1) completing business continuity and contingency plans as early as possible to allow time for testing and funding and (2) ensuring that contingency plans and priorities are updated to reflect information that becomes available as the Year 2000 project progresses, including new risk assessments based on the successes and failures encountered in the validation phase of the project.
• Second, efforts to address the Year 2000 problem must have continued top level attention, commitment, and input from key stakeholders (including the Mayor, department and agency heads, and the Control Board⁸) who "own" the Year 2000 process. These stakeholders must
  • participate in making critical decisions throughout the remainder of the project,
  • continue to provide resources and support for the program, and
  • take action necessary to eliminate obstacles that could reduce the Year 2000 Program Office's chances of successfully executing its project plan.

Mr. Chairman, this concludes my statement. I will be happy to answer any questions you or Members of the Subcommittee may have.

Back to top of page

1. Year 2000 Computing Crisis: The District of Columbia Faces Tremendous Challenges, in Ensuring Vital Services Are Not Disrupted (GAO/T-AIMD-99-44, October 2, 1998).

2. Individual states submit periodic Year 2000 progress updates to the National Association of State Information Resource Executives. For the January 16th report, the states submitted their data between December 7, 1998, and January 14, 1999.

3. Four states did not respond to this question.

4. Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14). Published as an exposure draft in February 1997 and finalized in September 1997, the guide was issued to help federal agencies prepare for the Year 2000 conversion.

5. Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD10.1.19). Published as an exposure draft in March 1998 and issued in August 1998, this guide provides a conceptual framework for helping organizations to manage the risk of potential Year 2000 induced disruptions to their operations. It discusses the scope and challenge and offers a structured approach for reviewing the adequacy of agency Year 2000 business continuity and contingency planning efforts.

6. Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21). Published as an exposure draft in June 1998 and issued in November 1998, this guide addresses the need to plan and conduct Year 2000 tests in a structured and disciplined fashion. The guide describes a step-by-step framework for managing, and a checklist for assessing all Year 2000 testing activities, including those activities associated with computer systems or system components (such as embedded processors) that are vendor supported.

7. Although the District has finished assessing its mission-critical systems, it does not expect to finish assessing non-IT assets until the end of February 1999. According to the District's Year 2000 Program Manager, about 36 percent of the District's non-IT assets have been assessed.

8. 'The District of Columbia Financial Responsibility and Management Assistance Authority, also known as the District of Columbia Control Board, was established in April 1996 by Public Law 104-8. The Board's responsibilities include improving the District's financial planning, budgeting, and revenue forecasting as well as ensuring the most efficient and effective delivery of city services. The Board is also responsible for conducting investigations to determine the fiscal status and operational efficiency of the District government.