CS99 Pre-Y2K Report

The Effects of the Year 2000 Problem on the United States Federal Government

Cesar Ruiz and Jason Shamberger

Computer Science 99

Dartmouth College Computer Science

March 15, 1999

The United States federal government has one of the largest tasks in this country in fixing all hardware and software that will be affected by the Year 2000 problem. This is of interest because this is one organization all Americans come in contact with. To monitor progress on Year 2000 work, several administrative systems have been put into place. These include the President's Year 2000 Council, General Accounting Office guidelines and audits, Chairman Horn's quarterly report cards, and the Office of Management and Budget quarterly reports.

The government has made improvements since it first started remediation. Forward thinking agencies such as the Social Security Administration and the Department of Labor, which began work early, are prepared for the year 2000. Other agencies, such as the Department of Health and Human Services, have many systems which will not be repaired in time. Overall, the government has made much progress but still needs to continue working hard on the Year 2000 problem in several areas such as systems testing, data exchange compatibility, and contingency planning.

1. Introduction

2. Evaluation of the Federal Government

3. Department of Education

4. Department of Labor

5. United States Postal Service

6. Social Security Administration

7. Health and Human Services

8. Summary

9. References

In this paper, we will first examine how the U.S. federal government is organizing its efforts to deal with the Year 2000 problem. These efforts include implementing several systems to help individual agencies by providing guidelines, investigating progress, and reporting the current status of work. We will then examine some common problems faced by different agencies in completing Year 2000 work. Finally, we will examine the progress of five organizations, the Department of Education, the Department of Labor, the Postal Service, the Social Security Administration, and the Department of Health and Human Services.

Since the advent of the computer age in the 1940's, computer use has grown dramatically, until it now permeates every aspect of modern life. This has allowed for many improvements in daily life by simplifying some routines and completely automating others. Unfortunately, the well publicized "Year 2000" problem, which stems from representing dates with only the last two digits, will affect many of these computer systems. There is no easy fix to this problem. Every system must be carefully tested and examined to discover every bug, then each bug must be painstakingly fixed. In addition, systems written twenty years ago may use outdated programming languages in which contemporary programmers are not proficient. Software and hardware vendors who originally designed the systems may have gone out of business in the interim, leaving consumers with no upgrading options. Some organizations are choosing to scrap the entire existing system rather than repair it and design a new one from scratch. The IRS has decided to jettison 13,000 of 88,000 programs used and replace them with new ones. [Gle98]

It is impossible to determine what will actually occur when the year digits roll over on January 1, 2000. However, it is probable that many systems will be affected, either because there was not enough time to repair them, or there were unpredicted problems. The question is how serious these effects will be. Opinions vary from those of people who believe it will be hardly noticeable, to those who are storing food and buying solar ovens to prepare for the disintegration of society. One organization which all American citizens come in contact with, and which has many automated systems in risk of failure, is the United States federal government.

The federal government has extensive computer systems used to control finances, record statistics, distribute funds, and perform the vital operations in governing this country. These systems interface with systems in almost every industry, including utilities, transportation, education, finance, and state and local governments. Additionally, many of these systems have been in use since the earliest eras of computing, and use outdated hardware and software. The age of these systems can compound the government's Year 2000 problem. If the hardware is not Year 2000 compliant it may need replacement, which can be a challenge if the manufacturers are no longer in business. If the software is not Year 2000 compliant it may be difficult to find programmers who can repair it, especially if it is written in an obsolete language. Thus, the government has one of the largest tasks in this country in fixing all hardware and software that will be affected by the Year 2000 problem. To monitor progress on fixing the problem, several administrative systems have been put into place.

On February 4, 1998, President Clinton established the President's Council on Year 2000 Conversion. This Council is given the official responsibility of coordinating the Federal Government's efforts to solve the Year 2000 problem. According to John Koskinen, the Chairman of the Council, "[The Council] needs to be a catalyst, to ensure that individuals in the public and private sector are aware of the problem and doing all they can to fix it. The Council also should be a facilitator, to promote the fruitful exchange of ideas and information on best practices and the resolution of common problems. Finally, the Council should be a coordinator, to ensure that resources are being used effectively across organizational boundaries" [Com98].

To carry out these missions, the Council's representatives meet monthly. The representatives are chosen by the major federal agencies, and are normally Chief Information Officers (CIOs) or others in related positions. Therefore, they are able to share insightful information on the Year 2000 projects. The Council also offers assistance in finding financial and personnel resources to solve the problem. In addition, it provides information to the public regarding the status of the federal government, and tips for private industry on fixing their own Year 2000 problems [2KC99].

Since 1997, the General Accounting Office (GAO) of the United States has been issuing guidelines to government agencies on how to manage their programs to fix the Year 2000 problem. The guidelines lay out a five-step method, consisting of the following stages [GAO97]:

• Awareness
• Assessment
• Renovation
• Validation
• Implementation

This five step method reflects the recommendations of private consulting firms, as discussed in the lecture by James McKim of ISRG, Inc. [McK99].

During the awareness phase, an agency should determine what effect the Year 2000 problem will have on its mission, conduct an awareness campaign to inform all levels of management of the problem, and establish a program office to oversee progress in dealing with the Year 2000 problem. The assessment phase consists of determining what systems need to be repaired or replaced, and assigning priorities to these systems. Testing strategies and contingency plans should also be developed at this time. The necessary systems are repaired or replaced in the renovation phase and then tested in the validation stage, both in isolation and as a system. The implementation phase includes implementation of repaired or replaced software and hardware, as well as the implementation of contingency plans [GAO97].

The GAO also generated a Year 2000 Schedule for the federal government (the last updated revision was made in September of 1997). The schedule called for the awareness phase to be completed by the end of 1996, the assessment phase to be completed by August 1997, the renovation phase to be completed in August 1998, and implementation and validation by December of 1999. However, by September 1997 only 12 of the 24 major departments and agencies had completed the assessment phase. The 50% of the departments that were behind schedule account for 70% of the estimated total cost for the Year 2000 program in the entire federal government. This indicates that the agencies which are behind schedule are those that have the most extensive repair work to do [GAO97].

In addition to the general guidelines, the GAO offers additional guidance in two important areas: testing and contingency planning. These areas are often overlooked in the rush to implement Year 2000 problem fixes, especially when projects are running behind schedule. However, it is necessary to determine whether the repaired system will function as expected. Data exchange networks and interdependent computer systems should be tested extensively, since the Year 2000 problem could be fixed by different parties using different methods on either side of the exchange, and it is essential to ensure the fixes are compatible. Incompatibilities on interfacing systems would be as disastrous as any other Year 2000 problem. This testing occurs in the End-to-End testing phase, which is the last phase and therefore the least likely to be complete by January 1, 2000. The testing guidelines recommend the following five steps [GAO98a]:

1. Infrastructure testing (including testing hardware devices with embedded microprocessors)
2. Software Unit Testing
3. Software Integration Testing
4. System Acceptance Testing
5. End-to-End Testing

The GAO's recommendations on contingency planning are to make preparations not only for those systems which are likely to be incomplete by January 2000, but to prepare for any systems to be down [GAO98b]. The reason is that there could be problems which were overlooked, or systems under the jurisdiction of other agencies that could be inoperative. An example is the Medicare reimbursement system. Most of the Medicare payments are sent electronically, and rely on systems run by the Treasury Department and the Federal Reserve. If either of these systems fail to function, the Medicare reimbursements must be conducted in an alternate method, so the Medicare administration should make contingency plans for non-electronic reimbursements.

In addition to providing guidelines to federal agencies, the GAO performs audits to see how well the guidelines are implemented in Year 2000 plans, and then presents the findings to Congress and the public. This is an important service to the agencies, because the internal information technology departments might not be capable of performing a thorough examination of agency-wide progress. The GAO teams are also experienced at Year 2000 preparation, so they can offer advice which they have gained through extensive work on this problem. Unfortunately, the GAO is not able to audit every agency, but those that are visited, often implement the recommendations that are made by the GAO.

An example of a typical audit is the investigation the GAO conducted of the State Department from April 1997 to July 1998. The GAO analyzed information in the State Department's Year 2000 database which contains monthly reports of Year 2000 program progress. Additionally, the GAO reviewed the quarterly status reports provided to the Office of Management and Budget. To determine how well the different bureaus of the State Department were managing the Year 2000 projects, Year 2000 managers and internal State Department documents were reviewed [GAO98d].

The GAO found severe flaws in the State Department's progress, and made the following four recommendations to the State Department:

1. Reassess all systems, and evaluate which are mission critical.
2. Ensure the mission critical systems receive the highest priority in assigning resources.
3. Focus contingency planning efforts on mission-critical systems.
4. Ensure all bureaus have identified which data-exchange interfaces are affected by the Year 2000 problem.

It is clear that the emphasis of these recommendations is on assigning resources appropriately to mission critical systems. Following the GAO's audit, the State Department hired an outside consulting firm to assist in assessing in making these assessments. Thus, the recommendations of the GAO were put into practice [GAO98d].

Chairman Stephen Horn (R-CA) of the Subcommittee on Government Management, Information and Technology of the House Committee on Government Reform and Oversight has been issuing report cards for federal departments and agencies [Hor99]. These report cards are designed to look like report cards children receive in elementary school, and reduce the progress made by each agency into an overall letter grade from ‘A' to ‘F'. The grades are based on information collected from hearings on Year 2000 progress that have been conducted by this subcommittee since April 16, 1996. The effect is a strong one— it conveys to the public very simply which agencies are solving the problem successfully and which are not.

There are several differences between these report cards and the reports given by the GAO. The GAO reports are the result of an audit conducted of the federal agency's progress, while the report card is based on information reported by the agency itself. Also, while the GAO makes recommendations to the audited agency on what changes should be made, Chairman Horn's committee does nothing of this sort. Rather, by giving an agency a bad grade, Chairman Horn hopes to raise public awareness about the poor state of progress and thereby pressure the agency to accelerate its program.

In the latest report card, the federal government received an overall grade of a C+. Though this does not appear to be a high mark, it is a substantial improvement from a grade of a D last quarter, and an F the quarter before that. Eleven of the twenty-five agencies received A's or A-‘s, indicating they will be 100% compliant by March 1999. However, among the agencies which received grades of C+ or lower were several important ones, such as the Department of Defense, the Department of State, and the Department of Health and Human Services. This definitely conveys a message to the public that though some agencies are doing well, overall the government is failing to make significant progress toward solving the Year 2000 problem [Hor99].

The following table shows the latest grades released by Chairman Horn in February of 1999:

The U.S. Office of Management and Budget (OMB) is assisting in managing the Year 2000 efforts as well. In addition to collecting yearly budget information, the OMB issued a memorandum on January 20, 1998 to 25 large departments and agencies, requesting quarterly progress reports on the Year 2000 problem [OMB98a]. These reports are collected and summarized to give overall statistics of the government's current status on fixing the Year 2000 problem.

These reports differ from those produced by the GAO and the House Subcommittee on Government Management, Information and Technology in several aspects. Unlike the GAO reports, the OMB reports are based on information the agencies report about their own progress. But unlike the Subcommittee's report cards, the OMB provides detailed information on the progress made on systems in each agency. While it is true that the GAO reports, OMB reports, and Chairman Horn's report cards overlap in the material to cover, this is a product of the government's decentralized approach to managing the Year 2000 problem. Until the President's Council was established in 1998, there was no organization charged with managing the entire federal governments' progress on the problem.

The most recent progress reports available are those collected in November of 1998 [OMB98b]. The government goal is to finish renovation by September 1998, validation by January 1999, and implementation by March of 1999, to allow significant time to work out any difficulties with the new or repaired systems before the date change occurs in January of 2000. It can be seen that this schedule was pushed back by several months from the GAO schedule released in 1997. Currently, out of 6696 systems classified as "mission-critical" by departments and agencies, 61% are deemed Year 2000 compliant. This is an increase from 50% three months ago (see chart below). While this is significant progress, if this rate does not accelerate, many systems will not be ready by the March 1999 deadline, and some may not be finished by January 1, 2000. However, all agencies report assessment is 100% complete, and 90% of those systems which have been or will be repaired have already completed the renovation phase. This is encouraging, since most of the remaining work is in the validation and implementation phases.

In its quarterly summary of government progress, the OMB classifies agencies as "Tier 1", "Tier 2", or "Tier 3". Tier 1 agencies are those that are not making adequate progress. Agencies that are making progress but still raise concerns are classified as Tier 2. Tier 3 agencies are making sufficient progress. In the November progress report, the OMB reported "There are now six Tier 1 agencies … down from seven in August, seven Tier 2 agencies … down from eight, and 11 Tier 3 agencies … up from nine" [OMB98b]. Once again, this demonstrates that some government agencies are making progress, but there are others which are lagging behind.

The estimated total cost of the government work on the Year 2000 problem from fiscal year 1996 through 2000 now stands at $7.2 billion [GAO99]. This is an increase from an estimate of $6.3 billion in August (see chart below). Most of these increases are due to inaccurate estimates made early in the renovation phase. Also, additional embedded systems that need to be replaced have been discovered, raising costs further.

According to The Economist, "Most organisations [sic] seem to find that millennium work costs more than expected." The original cost estimate for the federal government's conversion was less than $3 billion in February of 1997, meaning cost estimates have more than doubled in less than two years. However, increases were expected and the 1999 budget submitted by President Clinton contained additional appropriations for these costs [Eco98].

Those federal agencies which perform a regulatory role in industry have additional Year 2000 responsibilities. As well as ensuring that their own internal operations are ready for the year 2000, they must also assess the operations of private organizations in the sector of the economy that they regulate. This is to ensure that their functions will be uninterrupted by the date change. Examples of agencies such as these include the Federal Communications Commission (FCC), Environmental Protection Agency (EPA), and the Nuclear Regulatory Commission (NRC).

The NRC has been conducting Year 2000 repair work on its own internal systems, and work is progressing on schedule, garnering them an ‘A' rating in the last government report card. As part of their regulatory responsibilities for the nuclear power industry, they requested a progress report on Year 2000 work from to all licensees of nuclear power plants. The NRC also requires a written report confirming completion of Year 2000 preparations by July 1, 1999 [NRC98a].

Since September 1998, the NRC has also been carrying out Year 2000 audits at selected nuclear power plants. These audits are intended to correlate how well the reports submitted by power plants reflect the actual state of preparation, and also to determine whether there are any aspects of Year 2000 preparation that might be overlooked in the self-reporting process. After conducting four of these power plant audits, the NRC reports that "So far, audit findings have not shown the need for further NRC regulatory action, and we have no indication that significant Y2K problems exist with safety-related systems that could directly affect the ability of nuclear power plants to safely operate and shut down" [NRC98a].

Contingency plans are an important part of a regulatory agency's mission. The NRC has generated a wide range of possible scenarios for January 1, 2000, and has organized an incident response task force. The NRC Operations Center is confident that it is designed to deal with emergencies that might happen in the nuclear power industry. Even so a schedule has already been prepared to call in additional personnel at 11pm December 31, 1999 and to operate on "Standby response mode" until 6am to ensure a smooth transition into the next century [NRC98b].

Several common problems are faced by government agencies. These include difficulties in obtaining sufficient manpower to complete the necessary work on schedule, difficulties in setting priorities at a high level, inadequate contingency plans, and false reporting of Year 2000 status.

2.8.1 Shortage of Manpower

According to the GAO, "About half of the 24 large agencies and a quarter of the 41 small agencies and independent entities reporting to the Office of Management and Budget (OMB) expressed concerns that the personnel needed to resolve the Year 2000 problem would not be available" [GAO98c]. These concerns stem from both difficulties in retaining skilled staff to work on Year 2000 projects internally, and difficulties in finding external contractors. This problem is the effect of economic supply and demand — since all industries have a need for skilled personnel to work on Year 2000 projects, the value of these personnel has gone up. The government employees have found that they can make more money by leaving their government jobs to work in the private sector. Contractors have been charging higher rates for their work for the same reason. According to Michael Harden, president of Century Technology Services, Inc., Cobol programmers can earn $100,000 or more per year outside the government [Ham98].

The Office of Personnel Management (OPM) has taken several steps to resolve this problem before it causes delays in Year 2000 work. Large signing bonuses comparable to those in private industry are offered to new employees, and other performance awards are given for progress on projects. Government employees' salaries are normally calculated according to a strict system of qualifications and length of time worked in the government. The necessary personnel would be allowed to jump up the schedule to a higher rate of pay. The most significant act was a memorandum OPM issued on March 30, 1998. This memo announced that "agencies could reemploy federal retirees to work specifically on the Year 2000 conversion without the usually required reduction in the retiree's salary or military annuity" [GAO98c]. This act was specifically intended to allow agencies to rehire retired personnel who were familiar with the older languages and systems which must be repaired to function in the year 2000.

Unfortunately, this hiring of large numbers of skilled personnel in both the government and the private sector could have a negative impact on the economy. Rather than spending money on other improvements, billions of dollars will be spend by the U.S. government on the Year 2000 problem. John Koskinen, the chair of the President's Council, describes this as "money spent primarily to stand still" [Wei98]. Manpower will also be taken away from other computer development efforts to work on this mundane task of repairing affected systems.

2.8.2 Priority Setting

Another problem government agencies face is setting priorities on which systems should get the most attention. This is more difficult than it seems, because large agencies often have varied and disparate responsibilities. Problems arise when systems are not prioritized at a high, departmental level, or when they are done so with too few levels of classification.

An example of this problem is the State Department. To classify all its systems, the State Department requested its component bureaus to rank their systems as routine, critical, or mission critical. The problem with this method was that the results reflected the priorities of the individual bureaus, not the State Department as a whole. Examples of systems reported as mission critical include REGIS, a systems to track students who attend the Foreign Service Institute, and MSE Network, a system to track unclassified mail. Clearly, these are not as "mission critical" as systems such as CLASS, a system to identify criminals and terrorists and block their entry into the United States, or ICARS, a system to control immigration. However, since all these systems were important to the individual bureaus which administer them, they all received the same priority ranking [GAO98d]. What is necessary is to evaluate which systems are critical to the core missions of the State Department, and give these the highest priority. Until this is done, resources cannot be allocated appropriately.

2.8.3 Contingency Planning

Contingency plans are a necessary part of Year 2000 preparedness, especially for situations where preparations for the year 2000 will not be completed in time. However, it is necessary to have contingency plans no matter what the state of progress, because unforeseen problems could turn up. As programmers know, it is a difficult feat to develop software and remove all bugs before the product is delivered.

In the IRS, where computers serve a central role in processing tax documents, contingency planning has been neglected. The GAO reports that "IRS' ‘Century Date Change Contingency Management Plan' does not address the likelihood that information systems that are converted on schedule may experience system failures" [GAO98f]. This is a major problem, because with any large software project, it is difficult to eliminate all bugs before the system is put into practice. Though many of the systems will be implemented before January 2000, there is the chance that problems could be overlooked, and thus it is critical to have a contingency plan for any possible failure.

2.8.4 Falsification of Status

A fourth problem which has shown up in Year 2000 programs is falsification of results. Since the progress reports are generated by the agencies rather than outside groups, there is a self-preserving motive to not report delays or failures. This has shown up in several instances already. The GAO audit of the State Department's progress found that five mission-critical systems reported to OMB as compliant still needed additional work before they would be compliant [GAO98d]. The Defense Special Weapons Agency reported five mission-critical systems were Year 2000 compliant, when they had only tested two of the systems [USA98]. False reports such as these are troublesome, since it takes either an outside party investigating or an internal whistle-blower to uncover the deception. This is a problem both inside and outside of the government, and could result in unexpected failures on January 1, 2000 in systems thought to be remedied.

2.8.5 Reliance on Utilities

The federal government, like most private companies, relies on outside providers for basic utilities. These utilities include power, water, transportation, and voice or data telecommunications. No matter how prepared the government agencies are, loss of these services will make it difficult if not impossible to carry out their duties. Agencies must ensure that the utility providers are making progress on the Year 2000 problem, and also that alternatives such as backup generators are available for critical systems.

"The Department of Education's mission is to ensure equal access to education and to promote education excellence throughout the nation" [GAO98g]. Its activities to carry out this mission include:

• grants to institutions to improve teaching
• student loans
• enforcement of civil rights laws

The Department of Education therefore plays an important role in the lives of students, especially students of higher educational institutions. A failure to carry out these activities could have a substantial impact on these students' lives.

The system which is at most risk is the student financial aid delivery process. This is a complex process that relies on many interconnected computer systems, the loss of any of which could wreak havoc (see chart below) [GAO98g].

Possible effects could include:

• delays in disbursements
• reduction in the department's ability to transfer payments or process applications
• inability of post secondary students to verify the current status of their loans

It is clear that students would be the group most affected, but the educational institutions would suffer loss of income if students' loans were not properly processed [GAO98g].

The Department of Education reported on January 8, 1999 that 10 out of the 14 systems classified as mission-critical are now Year 2000 compliant. The systems which have work remaining are the Central Processing System, responsible for processing applicant data and calculating expected family contributions, the Multiple Data Entry System, which is responsible for inputting application data for student financial assistance, EDNET, the Department of Education's wide area network, and the Federal Family Education Loan system, used to manage payment of loans [DOE99b]. Additionally, 159 of 161 noncritical systems are now Year 2000 compliant.

The OMB classified the Department of Education as a Tier 2 agency in their November 1998 report, indicating progress had been made but concerns still remained. This was an improvement from a Tier 1 classification in the August 1998 OMB report, and they have made even more progress since November. The largest concern the OMB had was that the PELL system for operating the Federal grants program for higher education students had slipped behind schedule and had not completed the renovation phase. As of January this system was renovated, validated and implemented. In fact, the four mission critical system which are not yet compliant have all completed the renovation phase, and are either in validation, implementation, or have been completed since the filing of the report [OMB98b].

The Department of Education was slow to begin work on the Year 2000 problem, and has been working to catch up to the government mandated schedule ever since. There have been five different Year 2000 Project since the position was established in February 1995. This constant turnover of management has impeded progress in all phases, and basic assessment was not completed until March 1998. It has also led to wildly varying cost estimates from $60 million in May 1996 to $7 million in February 1997 (see chart below) [GAO98g].

External contractors have been used for the renovation of most systems. Additionally, consultants were used to assist the department in developing the original Year 2000 plan, since the turnover of personnel hampered internal development of this plan.

As well as solving Year 2000 problems with their internal systems, the Department of Education has distributed over 18,000 copies of a Year 2000 Readiness Kit for Colleges and Universities, to assist postsecondary institutions in planning for the Year 2000. A similar guide for elementary and secondary schools is in development. These outreach activities are an important component of fulfilling the department's role of promoting educational excellence.

The Department of Education has been testing the individual systems as they have completed renovation, but plans have also been made for end-to-end testing in conjunction with educational and financial institutions to ensure that the renovated systems are still compliant with those systems of the department's trading partners [GAO98g].

Contingency plans have been written for all systems, including those classified as non-critical. The Department of Education intends to test these plans by March 1999, and to revise and retest the plans through December 1999.

The status and latest estimates for completion of the four remaining systems according to the January 8, 1998 progress report written by the Department of Education are listed below [DOE99b]:

• Central Processing System was 95% implemented and was projected to be completed by January 15, 1999.
• Multiple Data Entry System was 95% implemented and was projected to be completed by January 15, 1999.
• EDNET was 77% implemented and was projected to be completed by January 31, 1999.
• Federal Family Education Loan system was 90% validated and was projected to complete validation by January 29, 1999. Implementation was scheduled to be finished in early March 1999.
• The two remaining non-critical systems were scheduled to be completed by January 19, 1999 and early March 1999.

The latest cost estimates given in the same progress report are $40.3 million for the total cost of project work from 1996 through 2000.

The Department of Education was unorganized and began work on the Year 2000 problem behind schedule. However, they have managed to catch up to the government schedule, and are in a position to meet the government goal of having all systems Year 2000 compliant by March of 1999. It is also significant to note the considerable effort that is being spent on contingency planning, including contingency plans for noncritical systems.

According to the GAO audit, "The Department of Labor's mission is to promote the welfare of job seekers, wage earners, and retirees of the United States by improving their working conditions, enhancing opportunities for profitable employment, and protecting their retirement investments" [GAO98h]. To carry out this mission, Labor has a workforce of 16,700 employees, and a yearly budget of $34.6 billion. The five central responsibilities of the Labor Department are:

• Providing employment training
• Ensuring employee health and safety
• Providing pension and welfare benefits
• Setting employment standards
• Collecting and publishing labor statistics

Thus, the activities of the Labor Department affect nearly all of this country's population which is employed, retired or seeking employment [GAO98h].

The Department of Labor has identified 61 mission-critical systems, ranging from communications and administrative functions to automation of office processes. The department has determined that without these systems functioning correctly, it cannot provide income security to millions of workers, administer nationwide employment training programs, or generate vital U.S. economic statistics. All these duties are important to the United States' economy, and will affect the economy negatively if they can not be carried out. Many financial institutions rely of the statistics collected by the Labor Department, such as the unemployment rates or consumer price index [GAO98h].

The quarterly progress report issued by the OMB in November of 1998 contains the most recent report of the Department of Labor's progress. Labor is classified as a Tier 2 agency, indicating that progress has been made, but concerns still remain. Out of the 61 mission-critical systems, 41 are Year 2000 compliant. Nine of the twenty remaining non-compliant systems are being repaired, the other eleven are being replaced. However, only one system that is being repaired still has renovation work to be completed. The other eight unfinished systems are in validation and implementation phases [OMB98b].

4.3.1 State Employment Security Agencies

The Unemployment Insurance Program is administered by the Unemployment Insurance Service (UIS), and has existed since 1935. Currently, 97% of wage earners are covered by this program. State Employment Security Agencies (SESA) operate the programs in each state. This is one of the largest threats to Labor's preparation for the Year 2000, since for every one UIS system which must be assessed, fixed and validated there are 53 corresponding SESA systems at risk (the 50 states, the District of Columbia, Puerto Rico and the Virgin Islands). The systems used by the SESAs vary in their state of preparation. UIS has placed two of these SESAs, the District of Columbia and Puerto Rico, in the high alert category. SESAs classified as at risk are Montana, New Mexico, Arkansas, Delaware and the Virgin Islands [GAO98h].

4.3.2 Automated Support Package

One of the Department of Labor's units, the Office of Workers' Compensation Programs (OWCP), administers the Federal Employees' Compensation Act, the Longshore and Harbor Workers' Compensation Act, and the Black Lung Benefits Act. The OWCP provides about $3 billion per year in compensation benefits distributed to workers. The system used to administer the Black Lung Program is known as the Automated Support Package (ASP). This system was scheduled to be retired in November 1999 and be replaced by a new system running on more modern hardware. However, since this schedule does not allow for any leeway if there is a slippage of schedule, the existing system is now being renovated as a backup alternative, should the new system ship late [GAO98h].

The Department of Labor realized early on that the Year 2000 problem was critical to their capabilities to conduct mission-related activities. By late 1996, Labor had already accelerated its Year 2000 activities. The CIO of the Department of Labor directed each component agency to designate a Year 2000 project manger. The CIO meets regularly with the project mangers to ensure progress is proceeding on schedule. This method of letting the individual agencies perform the repair work on the affected systems while maintaining close supervision at the departmental level has proved to be effective, keeping the Department of Labor on schedule [GAO98h].

The most recent estimate for total cost to complete Year 2000 preparations for the Department of Labor is $57.0 million. This does not include the cost spent by the individual SESAs, however [GAO98h].

The Department of Labor has made significant progress toward preparations for the Year 2000, and the department should be ready if progress continues at the current pace. This is partly due to the early start on preparations. Labor's collection of economic statistics is highly automated, but progress has been made in the Bureau of Labor Statistics which is responsible for collection of data. The major threat now is the status of the SESAs, since they administer the unemployment insurance programs at the state level. Their preparation and thus the effect of the Year 2000 will vary from state to state.

The United States Postal Service's (USPS's) "goal is to evolve into a provider of 21^st century postal communications by providing postal products and services of such quality that they will be recognized as the best value in America" [USP99a]. According to the Office of Inspector General (OIG), USPS has identified three steps to reach this goal [OIG98a]:

• Satisfy the customer with timely delivery
• Improve employee and organizational effectiveness
• Improve financial performance

Failing at any of these could cause delivery delays that impact the lives of American citizens.

It is important to note that the United States Postal Service is not an actual government agency. In 1971 the Postal Reorganization Act was passed, requiring that the Postal service cover the costs of its own operation. However, it is still regulated by the government. For example, when wanting to raise the postal rate, "the Postal Service, upon concurrence with the Board of Governors, submits a request for a recommended decision on rate and fee changes to the Postal Rate Commission. (Like the Postal Service, the Commission is an independent establishment of the executive branch of the government)" [USP99b]. Thus, unlike other government agencies, the USPS does not have the luxury of running into debt while fixing any Year 2000 errors, but must be able to at least break even.

The USPS has discovered that the Y2K problem affects thousands of automated systems, including application programs, operating systems, computer hardware, and a large variety of equipment such as mail processing equipment, heating and air conditioning controllers, telephones and more [USP98b]. We can imagine that the Year 2000 problem causes great concern when dealing with an organization that delivers more than 650 million pieces of mail a day, almost half of the world's mail [USP99b].

"The Postal Service's Y2K efforts have been a high priority issue for the Office of Inspector General (OIG)" [USP98c]. The Office of Inspector General was created in January 1997, and the Inspector General serves as a watchdog who is not under the jurisdiction of postal management, but reports directly to the nine presidentially appointed Governors instead [USP99d]. In the first OIG report, Year 2000 Initiative, issued in March 1998, it was noted that the correction of the Year 2000 problem would be "a challenge because USPS had been slow to recognize it as a corporate-wide issue" [OIG98a]. It also found that the USPS did not have sufficient planning and involvement from all departments to allow for the most effective approach to solving the problem.

5.1.1 Effects of the loss of department computer systems

Possible effects could include [USP98b]:

• delays in delivering of parcels due to automated sorting problems
• reduction in the department's ability to change addresses using its Address Change Service (ACS)
• failure of postage meters' ability to print 4 digit years
• an incentive to implement future postage rate increases

Customers of the USPS would be affected by delayed or lost parcels, but the Postal Service's financial status can also be affected if customers defect to private carriers such as Federal Express or United Parcel Service. It is therefore important for the Postal Service to make their status on the Year 2000 problem publicly known, to prevent customers from changing to other carriers out of fear that the problem will be unresolved.

"Inspector General Karla W. Corcoran recently advised the Governors of the Postal Service that her office had issued four reports to Postal management highlighting concerns and identifying areas requiring further attention to improve their Y2K readiness" [OIG98b]. The Postal Service has since then recognized the need for greater program management skills to manage the Year 2000 initiative and hired an experienced Year 2000 consultant. OIG reported on November 1998 that the USPS has identified 600 systems applications with Year 2000 problems. Of the 600 systems applications identified, 153 are severe or critical to the Postal Service's mission. The USPS expects to fix all of the severe and critical applications well in advance of the year 2000. In addition, the USPS has identified approximately 2,000 infrastructure items with Year 2000 implications and has developed a vigorous remediation plan [OIG98b].

The OIG has continued to support the USPS Year 2000 initiative to help ensure an effective transition into the next millennium. Since the OIG's previous semiannual report, USPS officials made progress on the Year 2000 challenge. However, OIG identified significant issues facing the USPS that warrant further attention. The report showed that executive operating systems, mostly different versions of MS-Windows, were not all Year 2000 compliant. Also, applications in production were not thoroughly tested and application status was not reported accurately [OIG98b].

OIG recommended that USPS [OIG98a]:

• Use a Year 2000 compliant executive operating system software release
• Develop procedures to hold USPS managers and operations personnel accountable for application testing
• Report applications as Year 2000 compliant only if they have been thoroughly tested for compliance.

5.2.1 Method of solving problems

"This is one of the most important public policy issues we are facing this year… Our entire effort is being supported by the level of financial resources necessary to address this once-in-a-lifetime issue," said U.S. Postal Service Chief Technology Officer Norman E. Lorentz, the week of March 1, 1999 in a testimony before a joint House subcommittee hearing [USP99c]. The Postal Service is making a sincere effort to be able to continue business when the Year 2000 rolls along. The Deputy Postmaster General concurred with all the findings and recommendations in the OIG's report to congress, and has planned and initiated corrective actions for the issues identified.

The Program Management Office (PMO) for Year 2000 Remediation was created to have the responsibility of overseeing the initiatives, while the local post offices have responsibility for the remediation itself. According to the USPS, the initiatives overseen by the PMO include [USPS98b]:

• Inventory Maintenance
  The PMO will develop and maintain a master inventory throughout the life of the Year 2000 Initiative.
• Business Impact Assessment Coordination
  The PMO will facilitate and communicate business decisions regarding systems to terminate, systems to repair, and work-around strategies.
• Release Planning and Testing
  The PMO will verify that all system components of the release are functioning properly and that data is transferred correctly between internal and external interfaces. Release testing will ensure that performance has not been degraded and that the release can be correctly introduced into the Postal Service production environment. Release testing is complete when approved by the PMO.
• Post Implementation Verification (PIV)
  The PMO will coordinate the independent verification of Year 2000 project compliance status.

To test the readiness of mail processing systems, USPS tested the machines in a major processing plant in Tampa, and one in Atlanta. Both tests concluded that the systems were fine for the year 2000. More than 400 postal employees and 1,300 contract technical support people are working on the Postal Service's Year 2000 problem [USP99c].

By the end of January, 127 of the 152 mission critical systems had been fully corrected and checked. The Postal Service plans to have fixes implemented on all but three systems by June of this year. The remaining three will be updated and checked by the end of September [USP99b].

Despite this apparent good news, USPS's methods are still questionable. Even in their latest "Delivering the Future" issue of the week of March 8, 1998, they mention they do not yet have any contingency plans [USP99c]. Consequently there is also no mention of helping local Post Offices with their contingency plans.

Older postage meters printing 2 digit years are acceptable to the USPS, but many of these older meters are being replaced by newer ones that can be electronically reset and provide a 4 digit year imprint. USPS is working with meter manufacturers on a electronic resetting process.

The following systems are already Year 2000 ready [USP98b]:

• The FASTforward. The code was initially designed and written to be Year 2000 ready in that all dates were written to have 4 digit years.
• National Change of Address (NCOA). NCOA is written in COBOL and calls a locally written Assembler routine to get the computer system date that contains the 4 digit year.
• Address Change Service (ACS). The windowing technique was used obtaining the 4 digit year.
• Locatable Address Conversion System (LACS) LACS is written in COBOL and calls a locally written Assembler routine to get the computer system date that contains the 4 digit year.

5.4.1 Contingency planning

The Postal Service does not currently have any contingency plans, but is identifying and developing such plans, including Enterprise wide contingency plans. This lack of contingency planning is a reason for great concern, especially when the status of many parts of the Year 2000 progress is unknown.

Though USPS has no contingency plans published as of yet, their 1998 Annual Report gave some insight regarding where they stand on the matter. According to Senior Vice President and General Counsel Mary Elcano, "Our ability to deliver mail could be disrupted by the failure of our transportation partners … airlines route planes using computers, [which we rely on for] almost 15,000 flights daily. Should [they] fail, we could move the mail using alternative means of transportation, but it would take additional time. Finally, our ability to deliver mail could be … affected by problems in ancillary services like stamp sales, postal meter operations, or in our ability to conduct automated financial transactions" [USP99b]. USPS believes that any Year 2000 problems will be confined to small geographic areas and that the contingency plans that they are currently developing will be put into effect in these places.

5.4.2 Cost Projection

Since the government does not give USPS any money, it is in a sense a private company like any other. Consequently the Year 2000 initiative is being funded completely by USPS's operating cash flows. It has gotten support from Year 2000 service providers and they expect the total cost for remediating the problem will be $500-600 million by September 2000 [USP99b].

5.4.3 Estimated completion, progress to estimates

The latest USPS report, issued in November 1998, is very vague as to an estimated completion date. The only claim is that all systems will be operational by the year 2000. The contingency plans are being developed within each USPS business area. The Postal Service expects the plans to be written "3-6 months prior to the earliest known failure date" [USP98a].

The United States Postal Service was unorganized and began work on the Year 2000 problem behind schedule. They also offered no assistance to the local Post Offices, but left them to solve the problems themselves. However, they have increased the pace of work to meet the government deadlines for completing the remaining work. They seem to be very optimistic in their Annual Report but this is a biased source. There is a lack of evidence that the work is being conducted in an organized manner, or that any contingency planning is being performed.

The Social Security Administration (SSA) provides benefits to more than 48 million Americans under the Social Security and Supplemental Security Income (SSI) programs. Unlike some other agencies, SSA realized the threat of the Year 2000 program and began working on the problem in 1989, far in advance of the rest of the government. For these efforts, the agency has long been recognized as a leader within the Federal Government in preparing systems for the Year 2000. As of September 1998, all of SSA's benefit payment systems had been renovated, tested, implemented, and certified as Year 2000 compliant [2KC99].

The Financial Management Service (FMS) maintains payment systems that distribute 860 million payments with a value of more than $1 trillion annually on behalf of the Social Security Administration, the Department of Veterans Affairs, the Internal Revenue Service, and other agencies. Even more astonishing is that FMS systems issue more than 600 million Social Security and Supplemental Security Income Payments each year on behalf of SSA, comprising roughly 70 percent of all FMS payments [SSA99].

SSA and FMS have worked together to ensure that the entire process for providing Social Security benefits, from calculating benefits to making payments, is ready for the century date change. In October 1998, FMS began to issue monthly Social Security payments on systems that had been fixed and tested while it awaited independent verification of its testing to ensure that these systems were, in fact, Year 2000 compliant [SSA99].

According to the President's Council on the Year 2000, Social Security is now completely Year 2000 compliant [2KC99]. However, this does not mean that the SSA's Year 2000 preparation is free from concern. According to the GAO's testimony three key risks remain [GAO98e]:

• Year 2000 compliance of the 54 state Disability Determination Services that provide vital support to the agency in administering SSA's disability programs.
• The ability to ensure that information obtained from outside sources was not corrupted by being passed from systems not Year 2000 compliant.
• A lack of contingency plans to ensure business continuity.

Naturally, the citizens of the U.S. that need Social Security's benefits would be at a great disadvantage should there be a delay in payments. For this reason SSA is working with all its partners to ensure that the payments will be distributed.

SSA's involvement in year 2000 activities is not limited to internal information systems. SSA also depends on data provided by its partners, including other federal agencies such as the Department of the Treasury and the U.S. Postal Service, state governments (i.e., Disability Determination Services and Medicaid offices) and other third parties.

SSA is confident that the processing of all benefit payments will continue uninterrupted in the new century. Thus, SSA is now focusing on ensuring that these payments are delivered properly. The agency is working closely with its partners who help them produce and deliver Social Security and Supplemental Security Income (SSI) benefit payments. These include [SSA99]:

• Department of the Treasury prepares SSA's payments in the form of direct deposit transactions or checks
• Federal Reserve System delivers Social Security and SSI direct deposit transactions to beneficiaries' financial institutions through the National Automated Clearinghouse (ACH) system
• Financial community is responsible for crediting direct deposit transactions to customers' accounts
• Postal Service delivers Social Security and SSI checks to beneficiaries' homes.

6.2.1 Method of solving problems

The GAO has recommend that SSA does the following to lessen their risks. First, SSA should monitor and oversee Disability Determination Services' (DDS) Year 2000 activities and discuss DDS' Year 200 activities in the OMB reports. It also recommended that SSA continue to develop contingency plans, and coordinating data exchange with partners [GAO98e].

SSA agreed with these recommendations and last reported that 22 DDSs have had their systems renovated, tested, and implemented. SSA also has identified and checked its data exchanges, both internally and externally, and is in the process of coordinating with its external partners. The SSA already has begun working with the Department of Treasury to test check disbursement and has been doing so since March of last year [GAO98e].

6.3.1 Contingency planning

The SSA contingency plans were based on the following assumptions [SSA98]:

• SSA offices will be open on Monday January 3, 2000
• DDSs will also be open for business
• All offices and the national toll-free service will be ready for full business transactions
• January 3 is traditionally very busy
• In the event unexpected failures occur the contingency plan will be implemented

The following is data excerpted from SSA's Business Continuity and Contingency Plan [SSA98]. Note that this is not SSA's entire Contingency Plan.

Risk/Threat	Time Horizon To Failure	Risk Mitigation Strategy	Contingency and Triggers
Unable to issue SS cards, verify SSNs, or make changes to personal info.	Jan 3, 2000	Completed renovations. Completed forward date. Provide refresher training on manual forms.	In the event that the Modernized Enumeration Systems (MESs) don't work, the Business Resumption Team will analyze the problem, make corrections and retest immediately. Automated Process of Enumeration systems will be suspended. (Note: This doesn't sound like much of a contingency plan but it seems like that's all they can do. This would mean that numbers could not be given out as quickly, if at all. It would be nearly impossible to avoid the issuing of redundant numbers.)
SSA field offices unable to issue payments due to Year 2000 problems	Jan 3, 2000	Completed Renovation of system hardware and software. Developed Ensuring Continuing Payments Plan.	If such a thing does happen, SSA will coordinate actions with Department of Treasury to address the problem. If known by December 1999 that private enterprises such as local banks and the Postal Service are not ready to make delivery of payments in early January 2000, SSA will consider issuing payments early. (Note: Our feeling is, issue them early anyway if you're not sure).
SSA is unable to post earnings (W-2s), make corrections to Earnings records, or access Earnings data due to Year 2000 related problems.	Jan 3, 2000	Completed renovations of all Earnings software and related systems.	If earnings systems are unable to operate, the Business Resumption Team will analyze the problem and fix it immediately. (Note: Very optimistic). Automated Processing of Earnings systems will be suspended until corrections are made. Paper, electronic and magnetic media earnings will be held for posting until automated systems are available.

6.3.2 Estimated cost

The most recent estimate for total cost to complete Year 2000 preparations for the SSA is $42.0 million [Apf98].

The SSA is Y2K OK. "In issuing its latest report card, Congress has given the Social Security Administration an ‘A' for its efforts to have its computers ready for the year 2000" [Apf98]. The Social Security Administration will now continue to test the systems to discover and eliminate any unknown bugs. It plans to remain in close contact with the Federal Reserve System, Treasury Department and Postal Service regarding the systems used by the SSA for distributing payments.

The Department of Health and Human Services (HHS) is the United States government's principal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

HHS includes more than 300 programs, among them:

• Medical and social science research
• Preventing outbreak of infectious disease, including immunization services
• Medicare (health insurance for elderly and disabled Americans) and Medicaid (health insurance for low-income people)
• Financial assistance for low-income families
• Improvement of maternal and infant health
• Services for elderly Americans, including home-delivered meals

The possibility of a Year 2000 error within this department is a serious problem, as it deals with the health and safety of our citizens [HHS99].

Of all of 300 programs, the Health Care Financing Administration (HCFA) is the department that would be most affected by any year 2000 failures. "The HCFA provides health insurance for over 74 million Americans through Medicare, Medicaid and Child Health. The majority of these individuals receive their benefits through the fee-for-service delivery system, however, an increasing number are choosing managed care plans" [HCF99a].

In a report issued in May 1998, the GAO found several problems with HCFA's method of conducting business. HCFA had not required systems contractors to submit Year 2000 plans for approval, nor had HCFA even identified critical areas of responsibility for Year 2000 activities. The HCFA's regional offices' Year 2000 responsibilities had not been defined, nor had guidance been prepared to monitor or evaluate contractors. HCFA has assessed internal systems but has not reviewed Medicare contractors' claims processing systems. There were no contingency plans and the HCFA had no control over what the contractors' actions and relied "on the contractors themselves to identify and complete the necessary work in time to avoid problems." To make things wore there has been no documentation of the severity of impact of Y2K related failures. If Medicare systems failed, the number of health services "providers who would not be paid, paid late, or in incorrect amounts is unknown" [GAO98e].

But health care is not the sole problem. As the United States' largest provider of health care coverage, Medicare is one of the nation's largest purchasers of telecommunications services. These services link Medicare carriers, fiscal intermediaries, managed care plans to HCFA, hundreds of thousands of health care providers to their carriers and intermediaries, Medicare data exchanges with hundreds of other insurers, state Medicaid agencies and banks. These telecommunications systems and data exchanges must also be fixed and tested for Medicare's mission critical computer systems [HCF99b].

HHS classified 287 systems as mission critical, including those that pay Medicare benefits, provide billions of dollars in grant payments, collect and analyze epidemiological, clinical trial, and other public health data, and track health care spending and other data [HHS98b]. About 45% of these systems are now Year 2000 compliant. HCFA had only 28% of its mission critical systems compliant as of September 1998. HHS is closely monitoring progress and maintaining a monthly reporting system to track progress on all of its data systems. It maintains that more than 75 percent of its internal systems will have been compliant by January 1999 [HHS98a]. While the most current Quarterly Report is not available to prove whether or not HHS has met it's goal, it will be a great feat to ensure that the 50 million plus lines of code that compose the HCFA's mission critical systems truly are ready by their deadline [HCF98a].

78 of the mission critical systems are ones that Medicare uses, and the majority of these were expected to be ready in January 1999. There is no current documentation to prove these allegations one way or another until the next quarterly report is released. However, Medicare recently published a notice implying that they were Year 2000 compliant. In it they stated that its major concern since "the Spring of 1998, has been working with its contractors to begin preparing providers and suppliers for the requirement that they submit all claims using 8-digit date fields. On January 13, 1999, HCFA notified Medicare contractors that, beginning April 5, 1999, claims not submitted in the Y2K format must be returned to providers as unprocessable. On February 1, 1999, the Medicare contractors issued bulletins to all providers detailing this April 5, 1999, compliance deadline" [HCF99b]. HHS has taken a series of strong administrative actions, such as reallocating available fiscal resources to meet their Year 2000 compliance deadlines.

7.2.1 Method of solving problems

The GAO made several recommendations to HHS to address the deficiencies in HCFA's approach [GAO98e]:

• Identify responsibilities for managing and monitoring Year 2000 actions
• Prepare an assessment of the severity of impact and timing of potential Year 2000 problems
• Develop contingency plans

HCFA has followed the GAO's recommendations and established the position of CIO. According to HHS' February 1998 quarterly Year 2000 report, "HCFA's Medicare contractor systems continue to be of great concern to the department" [HHS98a]. HCFA will draft a business continuity and contingency plan in the fall of 1998 and then begin to discuss it with its major business partners and customers. They expect these discussions will help identify the major risks and ensure that the proposed contingency plans are realistic and practical.

For the most part, HHS plans to repair the date fields to achieve year 2000 compliance, using the date expansion method. It involves changing computer code so that it uses a four digit year instead of assuming the first two digits are "19" [HHS98a].

7.3.1 Contingency planning

Contingency plans have not been written and consequently have not been tested. Because these plans are still being developed there is no documentation of what the contingency plans will consist. HHS intends to have the plans finished by June of 1999, and testing would commence soon after completion [HHS98a].

7.3.2 Estimated completion, progress to estimates

HHS believes that all mission critical systems can be repaired by March 1999. The total cost for ensuring HHS systems are Year 2000 compliant is currently estimated at $1.1 billion. To help the Medicare program meet the Secretary's goal, HHS allocated an extra $41.5 million in 1998 by drawing on discretionary funds from each HHS operating division. The FY 1999 budget provides HHS with $189 million in emergency funds for Year 2000 conversion, $112 million of which goes to HCFA [HCF98b].

HHS has taken action to retain, re-employ, and attract qualified tech professionals [HCF98a]. They have been held back mainly because of HCFA and its Medicare problems. HCFA was too late to realize it was a big problem and is now trying to rush things out. A great deal of funds has been dedicated to solving these problems, but it remains to be seen whether more money can make up for less time.

The United States federal government is working on a fast-paced schedule to complete Year 2000 preparations in time. Many agencies' plans were started behind schedule, or suffered from poor management which did not comprehend the immensity of the problem. However, some programs have overcome these obstacles to achieve the original deadlines specified. Others have slipped further behind schedule, and are in risk of serious shortfalls with less than a year left to prepare.

Overall, the government was late in realizing the magnitude of the Year 2000 problem, and the wide reaching effects it would have on the services the government provides. Consequently, costs have risen dramatically as more and more necessary work was uncovered. Additionally, the cost of hiring help to remedy the affected systems has increased. The state of preparation differs dramatically from agency to agency, and some such as the Social Security Administration will clearly be as ready as possible for the century date change. Other agencies such as Health and Human Services are running out of time to correct problems in critical systems. Most agencies seem to be preparing adequately for the Year 2000, however the quality of these preparations will not be truly known until January 1, 2000.

[2KC99]

[Apf98]

[Com98]

[DOE99a]

[DOE99b]

[Eco98]

[GAO97]

[GAO98a]

[GAO98b]

[GAO98c]

[GAO98d]

[GAO98e]

[GAO98f]

[GAO98g]

[GAO98h]

[GAO98i]

[GAO99]

[Gle98]

[Ham98]

[Hor99]

[HCF98a]

[HCF98b]

[HCF99a]

[HCF99b]

[HHS98a]

[HHS98b]

[HHS99]

[McK99]

[NRC98a]

[NRC98b]

[OIG98a]

[OIG98b]

[OMB98a]

[OMB98b]

[SSA98]

[SSA99]

[USA98]

[USP98a]

[USP98b]

[USP98c]

[USP99a]

[USP99b]

[USP99c]

[USP99d]

[Wei98]