ebook img

Phase 2 follow-up report on the preparedness of the Commonwealth of Massachusetts to address the year 2000 computer date issue : October 22, 1997 to October 20, 1998 PDF

94 Pages·1998·4.7 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Phase 2 follow-up report on the preparedness of the Commonwealth of Massachusetts to address the year 2000 computer date issue : October 22, 1997 to October 20, 1998

^———1 9AUDITOROFTHECOMMONWEALTH 1, STATEHOUSE,BOSTON 02133 ApR lQ1999 ' No.99-7055-4Y °! ^Sachuselts De Copy' POsiiory PHASE2FOLLOW-UPREPORT ONTHEPREPAREDNESSOFTHECOMMONWEALTHOFMASSACHUSETTS TOADDRESSTHEYEAR2000COMPUTERDATEISSUE October22,1997toOctober20,1998 A. Joseph DeNuccL Auditor The Office ofthe State Auditor Information Technology Audit Division REPORT OFFICIAL OCT 3 0 1998 IssuedByThe Department oi the State Auditor AUDITOROFTHECOMMONWEALTH fit STATEHOUSE,BOSTON 02133 TEL (617) 727-2075 A.JOSEPHDeNUCCI AUDITOR 99-7055-4Y October30, 1998 HonorableA.PaulCellucci,Governor HonorableThomasF.Birmingham,PresidentoftheSenate HonorableThomasM.Finneran,SpeakeroftheHouseofRepresentatives HonorableStanleyC.Rosenberg,ChairmanoftheSenateCommitteeonWaysandMeans HonorablePaulR.Haley,ChairmanoftheHouseCommitteeonWaysandMeans HonorableDavidP.Magnani,SenateCommitteeonScienceandTechnology HonorableLidaE.Harkins,HouseCommitteeonScienceandTechnology HonorableMembersoftheGeneralCourt Iampresentingthisreportonafollow-upreviewofthepreparednessoftheCommonwealthof Massachusettstoaddresstheyear2000computerdateissue. Ourphase2surveywasundertakentohelp assesstheextenttowhichstateagenciesandauthoritiesoftheCommonwealthhadprogressedintheirefforts toassesstheimpactofyear2000ontheirautomatedsystemsandtechnologyandtotakestepstomake mission-criticalandessentialinformationsystemsyear2000compliant. InmyFebruary3, 1998report,IhadconcludedthattheCommonwealth,overall,wasnotadequately positionedtoensurethatallmission-criticalandimportantautomatedsystemsandsupportingtechnology wouldbeyear2000compliantintime. Baseduponevidenceobtainedovermyinitialreport'sApril 17, 1997 toOctober21, 1997auditperiod,lessthanhalfofstateentitieshadcompletedtheiryear2000impact assessments,andfarfewerhaddevelopedyear2000projectplans. Thepurposeofmyphase2review,which coverstheperiodofOctober22, 1997toOctober20, 1998,istodeterminewhethersufficientprogressisbeing madebystateentitiestoaddresstheyear2000problem. Mostindividualsinthepublicandprivatesectorshavenowrecognizedtheriskposedbytheyear2000 dateproblemtotheoperationalviabilityoftheirorganizations. Overthepastfewyears,theyear2000issue hasreceivedagreatdealofattention. Theinitialfocusonlargeapplicationsystemssupportedbymainframe platformsmayhavehelpedtoensurethatthesesystemswillbecompliant. However,formanyoperations,the problemgoesbeyondtheimmediateboundariesofthecoresystemswithineachentity. Wearequickly learningthattheinter-dependenciesofallsystemcomponents,beyondtheindividualapplicationsystem,need tobeaddressedtoensureoperationalviability. Operatingsystems,systemsoftwarepackages,communication networks,externalsystems,andahostofperipheralsareallimpactedbytheyear2000problem. Inaddition, thehealthandsafetyofouremployeesandthepublic,aswellastheabilitytoprocess,aredependentuponthe properfunctioningofequipmentwithembeddedchips. Clearly,theupcomingchangeofcenturyposesaseriousrisktovirtuallyallbusinessandoperational functionsthatrelyoncomputersystemsandtechnology. AlthoughtheCommonwealthhasmadeprogressin addressingtheproblem,muchremainstobeaccomplishedtoavoiddisruptionofcertainmission-criticaland essentialservicesprovidedbystateentities. Withthatinmind,Iwouldliketosharewithyoutheresultsofmy phase2surveyandtopresentrecommendationstoassisttheCommonwealthinaddressingthissignificant issue. 99-7055-4Y October30, 1998 Page2 Theyear2000problemstemsfromthefactthat,toconserveelectronicdatastoragespace,practically allcomputersystemshaveusedtwodigitstorepresenttheyear. Aproblemariseswhendatesbeyond 1999 areused,becausethecomputersystemcannotdistinguishthecentury. Itcannottellthedifferencebetween 1900and2000,becausebothcenturieswouldberepresentedby"00." Asaresult,ifnotmodified,computer systemsthatusedatesorperformdateortime-sensitivecalculations,ordateandtimesequencingmay generateincorrectresultsbeyondtheyear 1999. Infact,suchproblemshavealreadyoccurredbecausedates affectcalculationsthatprojectintothenextcentury. Asnotedinmypriorreport,thedimensionsoftheyear2000problemfortheCommonwealthare enormous. Justabouteverysingleautomatedsystemanditsrelatedtechnology,regardlessofsize,is impacted. Inaddition,manytypesofequipmentandautomaticcontrollingdevicescontainembedded technologythatisimpactedbytheyear2000dateproblem. GiventheCommonwealth'sheavyrelianceon computersystemsandequipmentwithembeddedtechnology,theirfailuretooperateproperlycouldresultin anythingfromminorinconveniencestomajordisruptionsinservices. Virtuallyallcitizensandbusinessesin theCommonwealthwouldbeaffectedshouldstatesystemssupportingourabilitytocollectrevenue,paybills, providebenefits,supportinfrastructure,orprovidehealth,safety,andeducationalservicesbeadversely impactedbytheyear2000problem. AsIhavenotedbefore,itisamajorchallengetoidentifywhichsystemsandtechnologywillbe affected,assesstheimpactofyear2000-relateddatesoneachsystemandtechnologyconfiguration,develop appropriateremediationorreplacementstrategies,obtaintherequiredresourcesandexpertise,provide sufficienttesting,andredeploythecorrectedsystemandtechnology. Itisalsoasignificantchallengeto developworkablecontingencyplanstoensurethatmission-criticalandessentialoperationsandservices continuetobeprovided. Ironically,theenormouschallengeinachievingyear2000complianceandmaintainingoperational viabilityisnottechnical,butmanagerial. TheCommonwealth'ssuccessinaddressingtheyear2000issueis largelyinfluencedbythequalityoftheexecutiveleadershipandtheuseofstrongprojectmanagement techniques. Itisimperativethatseniormanagementbefullyawareoftheyear2000problemandthestatusof correctiveeffortsandsetcomplianceand/oroperationalviabilityobjectivesasprioritynumberone. Iwanttothankthemanystateofficialsandemployeeswhorespondedtoourphase2surveyand providedinputthroughinterviewsandtheInformationTechnologyDivisionoftheExecutiveOfficefor AdministrationandFinancefortheirassistance. Shouldyouhavequestionsorconcernsregardingthisreport,wewouldbepleasedtoprovideany additionalinformationrequired. Ilookforwardtocontinuingtoworkwithyouonthisandotherimportant issuesaffectingthequalityofservicesprovidedbytheCommonwealth. 3681 99-7055-4Y TABLEOFCONTENTS Page INTRODUCTION 1 SURVEYSCOPE,OBJECTIVES,ANDMETHODOLOGY 5 EXECUTIVESUMMARY 7 SURVEYRESULTS 1 Awareness 12 Year2000Understanding 1 Assessment 14 Planning 1 ResponsibilitiesandAccountability 1 ProgramManagementOffice 20 Year2000Funding 24 ContingencyPlans 24 SystemModification 26 SystemAccessSecurity 28 Documentation 28 Testing 29 ImplementationofRemediatedSoftware 32 Reporting 33 LegalIssues 33 StatewideIssues 35 AdditionalRecommendationsBroughtForwardfromPriorReport 40 APPENDICES 1. SurveyResponses 45 2. SurveyPopulationandRespondents 53 3. DocumentationRequestedfromAgencies 61 4. ListofRecommendations 70 5. ExampleofPlacingYear2000ImpactinPerspective 78 6. SecretaryCharlesBaker'sletter 79 7. Glossary 80 Digitized by the Internet Archive 2014 in https://archive.org/details/phase2followupre00mass 99-7055-4Y - 1 " INTRODUCTION Background Inrecentyears,whathasbecomeknownastheyear2000,orY2K,problemhasreceivedagreatdealof attention. Inthenotsodistantfuture,ifnotalready,computersystemsoriginallyprogrammedtoprocessdates usingtwodigitstorepresenttheyearwilleithermakegrosserrorsincalculationsorwillnotfunctionwhen processingyear2000-relateddates. Ifnotproperlymodified,thesecomputersystemswillbeunabletocorrectly processdate-relatedinformation,orthesystemsmayfailtooperateatall. Stateentitiesandprivatesector organizationshavealreadyexperiencedproblemswithsystemsbeingunabletoprocessinformationcontaining datesbeyondDecember31, 1999. Duetothetremendousrelianceplacedonautomatedsystemstosupport businessfunctionsingovernment,thefailuretoprocess,orprocesscorrectly,couldhaveadevastatingimpacton thosedoingbusinesswithordependingontheservicesoftheCommonwealth. Datesarecriticaltotheintegrityofcomputersystemsandtheinformationtheyprovide. Notonlydo computershaveinternalclocksthatareanintegralpartoftheiroperatingsystemsandcertainsystemsoftware,the vastmajorityofinformationprocessingisdate-dependent. Datesareusedtoidentifyeconomiceventsand recordsofactionstakenandtoprocesscalculationsofpastandfutureevents. Ironically,tosavestoragespaceanddataentrycosts,programmersinthepastusedtwodigitstodesignate yearsoccurringinthe 1900s. MostcomputersystemsrepresentdatesintheformatMMDDYY,where 123198 wouldrepresentDecember31, 1998. Here,thecenturyisnotspecificallyrepresentedinthedateformat. Rather, itisunderstoodthatadatesuchas 12/31/98isinthetwentiethcentury. Inorderforadatetodefineayearbeyond thetwentiethcentury,afour-digitcodefortheyearwouldbenecessary. Overtime,applicationsystemsthatprojecteddatesbeyond 1999confrontedtheimpasseofthetwo-digit code. Insuchsituations,theproblemwassolvedlargelybymodifyingtheapplicationsoftware. Exceptforthis relativelysmallnumberofmodifiedsystems,thevastmajorityofcomputerprogramscurrentlyinplaceperform arithmeticandlogicoperationsondatefieldsusingonlytwodigitsfortheyear. Aslongasthedateswereinthe samecentury,astheyhavebeen,theprogramwouldworkasintended. However,problemshavearisenwhen applicationsystemshavebeenrequiredtouseortocalculatewithdatesprojectingintothenextcentury. For example,acomputersubtracting 10/30/98from 10/30/08todeterminesomeone'sagewouldnotproducethe correctanswerof10;itwouldproducearesultof-90. However,becausedate-relatedcalculationsarenotsigned (+/-),thepersonwouldappeartobe90insteadofhisorherrealageof10. Themagnitudeoftheyear2000problemfortheCommonwealthisenormous. Thedateproblemexistsfor allprocessingplatforms,includingmainframes,minicomputers,microcomputers,localareanetworks(LANs),and telecommunicationssystemssuchasprivatebranchexchanges(PBXs). Essentially,thetwo-digityearfieldcan befoundincomputerequipment,firmware,operatingsystems,softwarecompilers,jobcontrollanguage,queries, screens,procedures,callstootherprograms,microcode,databases,applicationsystems,anddata. Somecomputer MassachusettsOfficeoftheStateAuditor 99-7055-4Y -2- systems,originallydesignedanddeveloped 15to20yearsago,maynotbeadequatelydocumented;mayuse differentprogramminglanguages;andmayoperateonavarietyofhardwareplatforms. Withinthe Commonwealththerearethousandsofcomputerprogramswithmillionsoflinesofcodetobeexaminedfordate problems. EveniftheCommonwealthweretocompletelysolvetheyear2000problemforitsownsystems,data fromoutsidesourcesthatarenotyear2000compliantcouldcontaminatethem. Governmententitiesorbusiness partnerscouldeithersupplyincorrectdatabasedonerroneouscalculationsfromtheirsystemsthathavenot attainedcomplianceordatausingadifferentdateformat. Theprocessofbringingautomatedsystems,technology,andequipmentwithembeddedchipsintoyear2000 complianceiscomplicatedbythestrategicalternativesandthelogisticsinvolved. Giventhatanentityhas identifiedandassessedtheimpactofyear2000onallsystems,platforms,associatedcomponents,andequipment withembeddedchips,significanteffortremainstofinalizetheprojectplan,obtainresources,executeremediation, adequatelytest,anddevelopappropriatecontingencyplanstoensureoperationalviability. Althoughthemarketplacecontinuestomakeavailableanincreasingsetofimprovedsoftwareproductsand consultingservicestoaddresstheyear2000problem,becauseofstrongcompetitiveforcesinthemarketplace, shortagesinresourceshavealreadybeenexperienced. EstimatedcostswithintheUnitedStatestoaddresstheyear2000problemexceed$75billion. Individual enterprisesareexpendingasmuchas$100milliontoaddresstheproblem. Althoughthecosttobeincurredby theCommonwealthhasbeenestimatedat$79million,basedonourphase2survey,ithasbeenconservatively currentlyestimatedatapproximately$90million. Oncetheyear2000impacthasbeenassessed,organizationsneedtoidentifythesystemsandtechnologytobe modified,developastrategyformakingthenecessarychanges,obtaintherequiredresources,initiateremedial action,performtesting,andfinallyimplementthechanges. Thesameprocessofidentification,impact assessment,planning,remediationorreplacement,andtestingisrequiredforequipmentwithdate-sensitive embeddedtechnology. Itismanagement'sresponsibilitytoensurethatappropriateinternalcontrolsareinplacetoprovide reasonableassurancethatoperationalandcontrolobjectivesaremet. Accordingtothetenetsofgoodinternal control,asoutlinedinChapter647oftheActsof1989andothergenerally-acceptedinternalcontrolpractices,a primaryfiduciaryresponsibilityofstatemanagementistoensurethecontinuedintegrityofbusinessoperations andthattheentity'sassetsareadequatelysafeguarded. FailuretosufficientlyaddresstheCommonwealth'syear 2000probleminaprudentandtimelymannerformission-criticalandessentialsystemscouldresultinthelossof importantbusinessprocessingorcorrupttheintegrityofautomatedsystems. Citizensandotherpartieswhoare dependentonstateservicescouldbedeniedneededservices,including,butnotlimitedto,determinationof eligibilitytoprovisionofassistancebenefits,publicsafelyprotection,state-providedhighereducation,and disruptionofpublictransportationservices. Nooneshouldunderestimatetheseriousnessoftheyear2000problem. Weareheavilyrelianton informationtechnologytocapture,process,store,andprovideinformation. Technology-basedsystemssupport MassachusettsOfficeoftheStateAuditor 99-7055-4Y -3- themajorityofservicesprovided. Likebusinessesandprivatehomes,theCommonwealthisalsodependenton thepublicutilitiestoprovidepower,waterandsewerage,andcommunications,allofwhicharealsodependent upontechnologythatissubjecttodisruptionsbytheyear2000problem. Giventhepotentialrisksofnothavingautomatedsystemsortechnologyoperatecorrectly,oratall,failureto ensureoperationalviabilityformission-criticalandessentialprocessingwouldplacecitizensandpartiesdoing businesswiththeCommonwealthatjeopardy. Whilethereisavarietyofremediationstrategies,fromwork- aroundstodateexpansion,thereisbutonebottomline. Thesystemortechnologymustfunctionproperlywhen encounteringyear2000-relateddates. Failuretodosocouldresultinseriousmiscalculations,inabilitytoprocess statebusiness,operationalparalysis,potentiallycatastrophiclegalimplications,andpublicdismayoranger. TheOfficeoftheStateAuditor'sPhase2Survey TheOfficeoftheStateAuditor(OSA)initiatedasecondstatewidesurveytodeterminewhetherstateentities hadmadesufficientprogressinaddressingtheyear2000problemtoensurethatstatesystemsandtechnology wouldcontinuetooperateasintendedwhenimpactedbyyear2000-relateddates. Wereiteratethattheyear2000 problemisasignificantissue,warrantingattentionofseniormanagement,chieffinancialofficers,chief informationofficers,technologymanagers,business-processowners,andsystemusers. Theintentofourphase2 surveyistoprovideanassessmentofthelevelofyear2000preparednessandtoofferrecommendationstoassist stateentitiesinaddressingtheissue. Theobjectiveofoursurveyquestionnaire(seeAppendix 1,page46forasubsetofquestions,orwebsite (www.magnet.state.ma.us/sao/survev2.doc)foracompletesurvey)andselectedinterviewswastoobtainsufficient informationtodrawaconclusiononthelevelofthestate'syear2000preparedness. Thepurposeofthisreportistopresentourphase2surveyresultsandtoencouragepublicofficials,state administratorsfromallbranchesofgovernment,andotheraffectedpartiestotakethestepsnecessarytoensure operationalviabilityformission-criticalandessentialfunctionsandserviceswhenimpactedbythechangein century. MassachusettsOfficeoftheStateAuditor 99-7055-4Y MassachusettsOfficeoftheStateAuditor

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.