This Web page has been archived on the Web.

1997 October Report of the Auditor General of Canada

Assistant Auditor General: Douglas Timmins
Responsible Auditor: Nancy Cheng

Main Points

12.1 The "Year 2000" crisis is a global phenomenon. It refers to the potential for systems errors, malfunction and failure as a result of the past practice by computer professionals and the information technology community of representing the year as a two-digit code. Year 2000 can threaten the functioning of government systems that support the delivery of programs and services to the public, as well as internal operations. The costs of dealing with Year 2000 issues have been estimated at as high as US $600 billion globally. In Canada, total costs are estimated to range from $30 billion to $50 billion. The Treasury Board Secretariat has estimated the costs for the Canadian government at $1 billion.

12.2 Year 2000 has been widely recognized as one of the largest information technology projects. The deadline is immovable and the next millennium is less than three years away. We concluded, as of the end of April 1997, that the rate of progress in mitigating the risks of systems errors and failure has generally been slow, and the residual risks are high. In addition, significant exposures such as competing priorities for systems development and insufficient technical resources could, if they materialize, jeopardize Year 2000 efforts.

12.3 The Treasury Board Secretariat has helped to raise awareness across government and facilitated the exchange of views and experiences on Year 2000 efforts. Its Year 2000 project office has been working with departments and agencies to identify and find solutions to common problems. The Secretariat advised us that its submission for funding government-wide initiatives was approved in late June for presentation to the Treasury Board during the summer of 1997.

12.4 However, if progress were to continue at the rate we observed at the time of the audit, it would likely be too slow to ensure that the government systems, including those that are critical to supporting major programs and essential services, will be ready in time. We are concerned that systems supporting government programs and services remain at risk. Failure of critical systems could affect public health and safety and essential services to the public. In our view, Year 2000 is a serious threat that requires urgent and aggressive action.

12.5 We have recommended that Year 2000 projects, including the development of contingency plans, be ranked among top priorities of departments and agencies. In addition, we have recommended that the Secretariat give high priority to its initiative on overseeing the successful implementation of the most critical systems for the government as a whole. We have also emphasized the need for sustained commitment and support from senior management and for continued engagement of ministers, as appropriate, to address exposures and roadblocks that can derail Year 2000 projects.

Introduction

The "Year 2000" crisis
12.6 During the past decades, Canadians have placed ever-increasing reliance on information technology in various aspects of our lives. Today, businesses depend on information systems for continuous operations but, more importantly, for competitive advantage and business survival. Similarly, governments rely on systems to deliver programs and services to the public and to support operations. The Year 2000 crisis threatens those systems on which we have come to rely.

12.7 Since the 1960s, it has been a common practice among programmers and computer professionals to represent a year by a two-digit code. Under this practice, the year 1997 would typically be represented as "97". If left unchecked, upon reaching the year 2000 a system could interpret "00" to represent the year 1900. In addition, a system could revert to a "beginning-of-time" date, such as 1980 or the date on which the system was first implemented.

12.8 The date code, including the year, is used extensively in systems. In many applications, the date value is used in labelling, sorting, updating and other data manipulation functions. As a result, an incorrect interpretation of the date can play havoc with system outputs and results.

12.9 For example, Year 2000 could affect interest calculation on loans and mortgages. Other business applications, such as workload management, could also be affected. These applications often depend on proper sorting of casework by date. Cases beginning in 2000 could be listed as the least current if the year is interpreted to be 1900. Similarly, aging of accounts for credit and collection purposes could create reports that contain meaningless or inappropriate information.

12.10 Further, misinterpretation of dates could generate undefined outcomes, causing transactions to be rejected as errors, or processing to be aborted. It is also possible for the Year 2000 effect to be felt in advance; applications that generate expiry dates could fail well before 2000.

12.11 Overall, the consequences of the Year 2000 issue could range from something as innocuous as an incorrect date display on a screen or computer listing to a situation much more severe, such as processing being aborted or erroneous results that may not be readily detected by users.

12.12 Year 2000, also known as the millennium bug, century date change, Y2K (a registered trademark) and other variations, is not limited to large-scale, mainframe or older systems. All other systems could also be affected, including recent acquisitions and updates to systems as well as personal computers and work stations that are on the desks of most employees in many organizations. In fact, the threat extends to all micro-processors that support systems and embedded devices, beyond the traditional computer application systems.

12.13 The best-known examples are probably elevators and ventilation systems in facilities where system functionality may depend on micro-processors. Other, less obvious examples include bank vaults and components of an automobile that are controlled by computer chips. All of them can be vulnerable to the Year 2000 threat.

12.14 An independent research firm has estimated the costs worldwide to address the Year 2000 challenge at US $300 billion to US $600 billion. The estimates have been widely acknowledged within the computer industry and information technology community. The same firm has also predicted that some 90 percent of systems and codes will be affected by Year 2000.

12.15 This challenge comes with some unique characteristics. Most significant, the available time remaining to assess the situation and implement necessary changes is limited; there is no room for flexibility in deadlines or for extension of time. Moreover, Year 2000 transcends all industry and service sectors and has no geographical boundaries. The same project management and technical skills and resources will be needed everywhere at the same time. It is widely anticipated that the demand for these resources will exceed the supply as we get closer to 2000.

Possible effect on government services and operations
12.16 For the federal government, the stakes are high. If systems are not tested and made compliant where appropriate, Year 2000 could threaten the continuous delivery of programs and services. Systems that are critical in supporting major programs and essential services may fail as we approach the next millennium. The potential consequences for the government could be manifest as health and safety concerns, financial implications, disruption to essential services for the public or legal ramifications.

12.17 We prepared the following scenarios to illustrate the potential impact of Year 2000 on government programs and services. The scenarios are hypothetical and are possible only if the systems are not made compliant in time for Year 2000 purposes.

  • Systems supporting search and rescue efforts may cease to function properly, which could cause undue delay in emergency situations.
  • The Canadian Customs systems may not be able to support commercial cargo clearance and release processes at the border. The impact could be a choice between disruption to businesses and reduced or random inspection without systems support, possibly jeopardizing health and safety or assessment and collection of duties and taxes, which total billions of dollars annually.
  • The system supporting the Employment Insurance program may not be able to generate proper payments, which could result in errors or delays in providing relief to beneficiaries of the program.
  • The systems supporting the Receiver General functions may fail, which could lead to disruption or delay in paying vendors and suppliers for goods and services provided to the government.
  • The system to enforce family orders and agreements may fail to trace and intercept federal payments to individuals who are in default of family support payments. Consequently, it could not redirect the payments to those who are owed the support, causing them financial hardship.
With appropriate and timely action, scenarios such as these can be avoided.

12.18 Many of the systems supporting government programs and applications are older systems that have used two-digit coding for the year. Moreover, these systems often operate in a decentralized environment with numerous interfaces inside departments, across government or with external partners. Decentralization and system interfaces add another complex dimension to overcoming the Year 2000 challenge. These factors, along with the sheer volume of existing systems in government, the time constraint and a limited supply of technical resources, expose government programs and operations to significant risk from the Year 2000 threat.

12.19 However, the federal government is not alone in its struggle. Businesses and organizations across Canada and other levels of government also face the Year 2000 threat. The information technology community has estimated that Year 2000 efforts will cost $30 billion to $50 billion in Canada.

12.20 In the business community, many large firms such as major banking institutions have been actively addressing Year 2000 issues, but many other businesses have yet to begin. In fact, one research firm has predicted widespread business failure as a result of Year 2000. The risks are particularly high for small- and medium-sized businesses, where the potential impact of Year 2000 may not be fully appreciated yet. Should a high rate of business failure occur, it could have a detrimental effect on the Canadian economy, with repercussions on the country's revenue, debt and deficit, and employment and social issues.

Focus of the audit
12.21 The audit examined the risks and exposures as of 30 April 1997 that government programs and operations face as a result of the Year 2000 threat. We reviewed the progress and state of preparedness in mitigating the risks at a number of departments, and initiatives undertaken by the Chief Information Officer Branch of the Treasury Board Secretariat to advance government efforts concerning Year 2000. In addition, we supplemented our audit with a general survey of departments and agencies.

12.22 The purpose of the audit was to provide information to Parliament regarding Year 2000 and to prompt appropriate action to address critical systems and those that concern the interests of the Crown and the public. The audit also sought to identify and highlight issues and areas that require further attention from Parliament and from management in departments and agencies.

12.23 Further information about the audit objective, scope and criteria are in About the Audit .

Observations and Recommendations

Senior Management Awareness and Support Visible since Early 1997

12.24 Further to discussions at meetings of the interdepartmental committee for heads of information technology, the Treasury Board Secretariat conducted a preliminary survey in late 1994 to assess the impact of the Year 2000 threat. However, many departments and agencies did not respond and, among those that did, the extent of analysis and information they provided varied widely.

12.25 In May 1996, the Treasury Board Secretariat established a project office within the Chief Information Officer Branch to provide leadership for the Year 2000 issue in government. The project office has been charged with the responsibility to oversee Year 2000 efforts within government and to address horizontal issues. The Year 2000 project office also initiated an interdepartmental working group to facilitate dialogue and to exchange views and experiences in dealing with the Year 2000 threat.

12.26 At that time, the Secretary wrote to heads of all departments and agencies, asking for information on their risk and exposure with respect to Year 2000, as well as their plans to address the issue. From the responses, the Secretariat's project office concluded that most organizations were not aware of the full scope and implications of Year 2000 for their operations. Many departments and agencies had only begun to study the full ramifications of Year 2000, and about 12 had concluded that the threat would have a significant impact on their operations, with potentially major costs to manage the risks. Further, according to the project office, the responses indicated that while senior management might have viewed Year 2000 as a potentially serious threat, preliminary assessments had since reassured many that the issue would be addressed through normal operations.

12.27 In the fall, the Secretariat assisted in raising the profile of the issue by making Year 2000 a standing item on the agenda of the interdepartmental committee for heads of information technology. The subject also appeared frequently as an agenda item for the information management committee, comprising deputy ministers as members. However, by late 1996, many heads of information technology continued to express concern that senior management awareness and support were lagging.

12.28 In January 1997 the information technology industry, through the Information Technology Association of Canada and the Canadian Information Processing Society, wrote to all deputy ministers to express its growing concern about the millennium date change.

12.29 During the February 1997 meeting of deputy ministers, the Secretary of the Treasury Board presented the Year 2000 issue, providing a checklist and identifying a number of horizontal initiatives.

12.30 At Year 2000 conferences and symposia, it has been widely held that gaining senior management acknowledgment and support is not only essential but critical to the success of overcoming the Year 2000 challenge. While some information technology staff may have started to address the issue, awareness and support of senior management in most departments and agencies became evident only in early 1997. The ensuing challenge will be to sustain senior management interest and commitment over time.

Rate of Progress Has Generally Been Slow

12.31 Generic phases of a Year 2000 project. Organizations, computer professionals and consulting services have defined many models of the phases and stages in a Year 2000 project. Most have the same generic phases; some are categorized in more stages than others.

12.32 We categorized the phases as follows:

  • project management structure;
  • inventory, assessment and planning;
  • conversion; and
  • testing and implementation.
12.33 In general, the phases involve establishing a Year 2000 project office to manage the project for the organization. The project office mobilizes the project through fact finding, analysis and planning. The deliverables usually include a strategy and approach, an estimation of resources needed, an action plan with milestones and deadlines, and a contingency plan. The substantive work involves repairing, replacing or retiring existing applications and systems, followed by testing and then implementation. Exhibit 12.1 further describes the four phases.

12.34 While the phases tend to be carried out sequentially, there will be some overlaps. Project management, for example, spans the entire duration of the project.

Project management structures were generally in place
12.35 As described in About the Audit , we selected nine departments and examined the overall progress of their Year 2000 efforts. These departments deliver many of the government's major programs and essential services, such as those outlined in paragraphs 12.16 and 12.17. We also conducted a general survey of over 60 other departments and agencies to gather information on the status of their Year 2000 work. We completed our substantive examinations in April 1997. The findings reflect our assessment of the status of the nine departments as of early May 1997.

12.36 We would expect departments to put in place a formal Year 2000 project management structure to secure senior management awareness and support, and to manage and contain the risks posed by the Year 2000 threat.

12.37 We found that all nine departments have established a Year 2000 project office. In most departments, the management structures are supported by an organization chart, and all but two have project charters that outline the terms of reference for the project and the relationships among stakeholders.

12.38 The project offices are led by full-time staff, primarily at the manager level. Senior sponsors for Year 2000 projects have been identified and most are at the level of assistant deputy minister.

12.39 We noted that, in seven cases, the senior sponsors are the heads of information systems and technology in their respective departments. The information systems and technology function needs to play a critical role in a Year 2000 project management structure. However, a complete alignment of a project office and its sponsorship with this function may perpetuate the belief that Year 2000 is solely an information technology problem. It has been widely held by the information technology industry that identifying Year 2000 as an information technology problem rather than a business management issue is a main obstacle in securing senior management awareness.

12.40 In one department, the information technology function issued a Year 2000 warning in June 1995 and requested that all branches submit a systems inventory; systems operation in that department is decentralized and is managed by individual program branches. Several submissions were received but were found to be inadequate. In July 1996, a working group was formed to raise awareness of the Year 2000 issue among branch management. In August, the head of information technology again requested an application inventory from the branches. In February 1997, the departmental management committee was briefed on Year 2000 and on progress in the department. The department formally established a project management office in April 1997. As of the end of April, the department had yet to complete its systems inventory and impact analysis with respect to Year 2000.

12.41 Further, there is a risk that the systems supported centrally by the information technology function could be emphasized over other systems that may also be essential in supporting programs and services delivered by the departments.

12.42 In general, we observed that the assessment and project plans for systems that support corporate services were more thorough and better documented than those for other systems. As an illustration, in one department we found that detailed plans were prepared for corporate systems. In contrast, there was limited information on applications and systems at the program branch level. As of the end of April, the identification and assessment of such applications and systems in that department had just begun. While the corporate systems are essential to support internal operations, many of the systems in the program areas are critical to sustaining program and service delivery.

12.43 We found the risk to be higher where the Year 2000 project management structure, including the senior sponsor, is part of the information technology function of the department and where systems operations are decentralized and controlled by program branches.

12.44 We noted that most departments we examined have used cross-functional committee structures to complement Year 2000 project offices. We found this practice to be an effective way to engage program branches, especially where more senior staff from these branches participate. However, as of the end of April, we had noted very few cases where Year 2000 project status and decisions had been brought to heads of departments for consideration.

12.45 We received about 50 responses to our general survey. About 70 percent of these responses indicated that a management structure for the Year 2000 project has been established. Of those organizations, about half showed that committee structures are being used, with regular briefings to senior sponsors.

12.46 In addition to managing one of the largest information technology projects, Year 2000 project teams in general face an important challenge in gaining and maintaining senior management support and commitment. In the absence of relentless efforts to engage departmental executives on an ongoing basis, the probability of success for Year 2000 projects will be greatly compromised.

Assessment of critical systems still in progress
12.47 An inventory of systems serves as the basis for establishing the nature and magnitude of a Year 2000 project. It is therefore essential that the inventory be complete and include all systems, from components and modules of application systems to infrastructure and platforms that support the systems and processors that control various devices and facilities.

12.48 We found that all nine departments had completed an inventory of their corporate systems. Seven departments were in the process of completing a departmental inventory for use in impact analysis. In two of the nine departments, however, computer-controlled devices and facilities were explicitly excluded from the Year 2000 project mandate.

12.49 During this phase, project offices are expected to analyze the potential impact of systems failure as a result of the Year 2000 threat. Based on the impact analysis, project offices are to assess and assign priorities and prepare a strategy and an action plan to address the problem.

12.50 Of the nine departments, we found that three had identified and granted priority to systems that are critical to their program delivery. Five departments were in the process of assessing the criticality of systems. In the remaining department, plans were at a general level and there were no documents identifying its critical systems.

12.51 Analyzing and ranking critical systems are important steps in a Year 2000 project. The prioritization allows efforts and resources to be devoted first and foremost to the critical systems. In the event that time or resources do not permit the conversion of all major systems, critical systems would be the first to be preserved.

12.52 The results from our general survey were generally consistent with those in the departments we audited. Only 37 percent of the departments and agencies that responded indicated that they had completed an inventory and assessment of their systems.

Most departments examined were at various stages of planning
12.53 We found that three departments had adopted a strategy for conversion. One department was in the process of piloting solutions. Another department has adopted an outsourcing strategy. Two other departments were completing general planning and scoping; one of those had started to conduct detailed analysis of application systems and available tools and solutions. The two remaining departments were developing plans to address Year 2000.

12.54 Some Year 2000 plans of the departments we examined were general; some contained more details and specificity in scoping the magnitude of the Year 2000 work. It is evident that those with detailed plans have more rigorous support for estimating efforts and resources needed for the Year 2000 project. We noted that some departments used executable lines of code in major applications as a basis for estimating the necessary effort. Two departments used the function point analysis technique to quantify the extent and complexity of conversion work required. The more detailed information a project office has on the systems inventory, the less room there will be for surprises and cost escalation at a later stage.

12.55 We would expect plans to include timetables and milestones for Year 2000 work and an overall cost estimate. Time schedules and milestones establish a reference point against which a project office can monitor progress. Cost estimation is necessary to quantify the resources needed to address Year 2000. It also serves to determine whether the organization's internal resources are sufficient for the tasks or whether it needs to request incremental funding.

12.56 We found that detailed time schedules existed in five departments. A sixth department had time schedules for its pilots and activities in the near term but not at the project level. The detailed schedules and milestones are important tools for Year 2000 project managers. Slippage and changes can then be identified and corrective action taken to keep the project on course for completion before 2000.

12.57 Given that the departments were at various stages of planning, not all had completed cost estimates for the Year 2000 project. We noted that some departments used general estimates; others based their estimates on the number of lines of code or on other measures. One department prepared estimates only for the upcoming fiscal year or immediate pilots. Another department prepared costing on the basis of incremental funding. These are funds that are over and above the approved departmental budget and that are necessary to carry out the project.

12.58 As of the end of April, some plans had not identified the major systems interfaces with other departments and outside organizations. Systems interfaces represent a major exposure to the Year 2000 threat. An inability to anticipate date format and to exchange data can significantly curtail the functionality of systems.

12.59 Departments that have project charters and plans have indicated to us that these planning documents have been presented to senior management. However, with one exception, none have been formally endorsed or approved.

12.60 As noted earlier, securing and sustaining senior management support and commitment are essential for success. Seeking the endorsement of senior management for Year 2000 plans and engaging it early in recognizing potential resource requirements are ways to involve management from the start. This practice is particularly important in departments that are using a decentralized approach to managing the Year 2000 project. In a decentralized setting, individual branches and system owners may assess the criticality of their systems and develop and implement their plans independently of one another. In addition to playing a co-ordinating role, a project office needs to engage senior management to ensure that systems that are critical to the department as a whole are accorded the highest priority.

12.61 Our general survey of all departments and agencies showed a similar status. Two thirds of those that responded indicated that they have yet to complete the planning phase. The survey instrument requested a copy of the inventory, assessment and plan where these activities were complete. Of the 18 departments and agencies that indicated completion, only 4 forwarded a copy of the documents to us.

Few departments among those audited have started code conversion and modifications
12.62 Through the planning phase, departments may decide to repair, replace or retire their systems to counter the Year 2000 threat. Where it has been determined that an application will be converted through repair, the affected program codes will have to be identified and modified.

12.63 Two departments advised us that code identification and repair work have been taking place for a number of years as part of regular systems maintenance. One department in particular has been conducting the necessary repair work through its maintenance program for over five years.

12.64 However, of the nine examined, we are aware of only two departments that have started program code conversion and modifications as a result of Year 2000 plans. Only one of those two was able to demonstrate progress in conversion work and presented documents for our review. The remaining seven departments have yet to commence the conversion phase of their Year 2000 project.

12.65 The Year 2000 plans from most of these departments also call for the replacement of existing non-compliant systems. Some departments have been developing the replacement systems; others contemplate acquiring and implementing third-party products. Most of these systems are large-scale and complex in nature.

12.66 Based on experience with past audits of systems under development, we are concerned that some of these replacement systems may not be implemented in time to counter the Year 2000 threat. As noted in past audit reports, historically only 16 percent of systems were delivered on time and within budget.

12.67 We noted that three departments have identified specific deadlines and milestones for these development projects. Should the milestones not be met, "drop dead" dates have been established to begin repair work on existing non-compliant systems. These dates have been established as the earlier of:

  • the latest milestone date that will allow the new system to be in place before 2000; or
  • the last start date possible for repair work on existing systems for implementation by 2000.
12.68 In our opinion, where existing systems can be repaired, it is essential to establish contingency dates and to carefully monitor the progress of projects where critical systems are to be replaced, in order to manage risks associated with systems development.

Residual Risks for Departments and Agencies Remain High

Present rate of progress would likely be too slow
12.69 Our examination of the nine departments showed that, as of the end of April 1997, most of them had not progressed beyond planning to converting their systems. Our general survey of other departments and agencies showed a similar status. With two years and eight months remaining, the race against time is on.

12.70 The generic phases outlined in Exhibit 12.1 are necessary steps in every Year 2000 project. While there may be enough time to convert systems, sufficient and appropriate testing will likely be at risk.

12.71 In setting out the stages of Year 2000 projects, independent research firms have also estimated the proportionate levels of effort and of resources associated with each stage. Exhibit 12.2 sets out the estimated proportion of resource use for the generic phases, as proposed by two research firms.

12.72 The exhibit shows that the testing and implementation phase takes 54 to 60 percent of the total level of effort, exceeding the inventory, assessment and planning phase and the conversion phase combined. When we completed our audit, most departments and agencies were in the process of completing the inventory, assessment and planning phase, and only a few had started conversion. Consequently, the federal government could yet face undertaking 65 to 90 percent of the total effort needed to overcome the Year 2000 challenge.

12.73 The information technology industry recommends that organizations have all compliant systems implemented by the start of one full business cycle in advance of 2000. The purpose is to allow for time to correct any unanticipated problems before the production cycle enters the next millennium. This practice is being followed by many private sector companies that are actively countering the Year 2000 threat.

12.74 The fiscal cycle for the government begins in April. Thus, to allow for one full fiscal cycle to address unanticipated issues, departments and agencies would need to target implementation for 1 April 1998.

12.75 Two of the nine departments examined have set the target date for full implementation at 1 April 1998. Five organizations that responded to our general survey also indicated that full implementation will be in place by that date. Of those organizations that responded to our general survey, only 35 identified target implementation dates. Exhibit 12.3 shows the range of implementation dates identified by departments and agencies.

12.76 We are concerned that the rate of progress of Year 2000 work may not allow for sufficient testing of systems and that, after the systems are implemented, there may be limited opportunity to correct any unanticipated errors before the year 2000. In our view, the residual risks for departments and agencies remain high. With less than three years to go, we are concerned that if progress continues at the existing rate it will likely be too slow to counter the Year 2000 threat effectively.

Contingency plans need to be developed
12.77 The Year 2000 plans and schedules of the departments have not provided for slippage. Thus, delays or failures in meeting milestones could result in a further compression of the testing and implementation phase or in failure to implement systems prior to 2000.

12.78 At conferences and symposia on Year 2000, the concept of systems triage has been raised - that is, where it has been determined that not all systems can be salvaged in time, priority ought to be given to those that would benefit most from the remaining time and resources. In the Year 2000 context, top priority needs to be assigned to systems that are critical to an organization's business lines or program mandate.

12.79 In general, the departments examined have been planning to carry all systems into the next millennium and have deliberately not been contemplating triage. Given the amount of work involved in Year 2000 projects, the immovable deadline and the early stages of progress in general, systems triage may become necessary for some departments and agencies.

12.80 Indirectly, a form of systems triage has been applied in some larger departments. We noted that some departments applied less rigour in identifying for inclusion in their inventory small administrative and operational systems, such as those developed and maintained locally in regions, and end-user applications at the desktop. In those departments' view, the risk and thus the priority are lower for these systems and applications. The departments indicated that these systems and applications tend not to be critical to departmental programs and operations and, should they fail, could be replaced more readily and expeditiously.

12.81 At the conclusion of the inventory, assessment and planning phase, some departments and agencies may find that there is insufficient time to convert all systems. Slippage could occur during conversion and testing and could cause project offices to re-evaluate the viability of some systems upon entering the next millennium. These circumstances may force triage upon an organization. If triage were to be applied, it would be essential for a project office to engage senior management, including the head of the department or agency, to ensure that the decisions made would best serve the organization and its program recipients.

12.82 With or without triage, it would be prudent to plan for the possibility that some systems, upon reaching 2000, may not continue to function as designed. Therefore, we would expect departments and agencies to develop contingency plans.

12.83 As noted in paragraph 12.67, some departments have developed first-level contingency plans, by establishing "drop dead" dates to start repair work on existing systems should the development of their replacements fail to meet key milestones by those dates. Staff from some departments indicated that contingency planning has been under initial discussion. However, none of the nine departments have started preparing substantive contingency plans for their systems. In the general survey, three organizations indicated that they have prepared Year 2000 contingency plans. Although the plans were requested in the survey instrument, we received none.

12.84 Many organizations may have various forms of disaster recovery plans and backup systems in place. However, it is unlikely that these measures alone will be sufficient in the event that systems fail as a result of Year 2000.

12.85 In general terms, many such measures anticipate disaster striking and rendering systems not functional for a period of time, until they are replaced or put in order. In the meantime, processing could continue at an alternative site with backup systems and data files. However, it could take months or longer for some Year 2000 conversions and implementations to be completed, and there are no backup systems and files that could help to support programs and operations in the meantime.

12.86 The preparation of Year 2000 contingency plans can be time-consuming and onerous. Departments need to develop work-around arrangements and decide how they would be implemented. The arrangements may involve changes in staff deployment. Interim procedures and additional verification of output data may have to be developed. Staff training may be required to introduce these procedures and verification. Furthermore, there may be a need for a communication plan to inform staff, users of the program and services and other stakeholders to gain their acceptance of the changes and allow for a proper transition.

12.87 In our view, Year 2000 contingency plans need to be developed and ought to be completed with sufficient lead time for implementation, if needed, before 2000.

The Treasury Board Secretariat found that problems require more attention at many larger departments
12.88 The Year 2000 project office of the Treasury Board Secretariat undertook a survey of departments and agencies in early 1997. In March 1997, the survey instrument was sent under the Secretary's signature to all departments and agencies, seeking the following information:

  • status of Year 2000 activities;
  • identification of critical systems;
  • identification of external interfaces and system dependencies;
  • incremental funding required for Year 2000 by fiscal year; and
  • human resources requirements.
12.89 The survey instrument included detailed appendices to provide guidance to departments and agencies on elements to consider in costing Year 2000 efforts, and on factors to help determine the criticality of systems. The survey was to be completed and returned to the Secretariat by 30 April 1997. In conjunction with the survey, the project office conducted interviews at about 80 departments and agencies, primarily during March and April 1997.

12.90 Through its survey responses and interviews, the Secretariat's project office assessed the state of Year 2000 work at 70 departments and agencies ( Exhibit 12.4 ). The project office observed that, overall, 75 percent of these organizations had the situation under control or had adequate Year 2000 projects in place. The assessment further highlighted that 14 larger departments and agencies were in a state of "requiring more attention". The project office also noted that the most critical systems for the government are in the larger departments. The Secretariat advised us that its Year 2000 project office plans to focus its attention on these departments.

Significant exposures still ahead
12.91 During the audit, we noted a number of significant exposures to risks. They loom over the Year 2000 project and have the potential to derail an already tight time schedule for most departments and agencies. We identify five of them in the following paragraphs.

12.92 Competing priorities and developments. Information systems and technology functions at departments and agencies are often faced with demands for changes to existing systems and implementation of new systems through internal development or commercial off-the-shelf products. Such demands compete with Year 2000 projects for the same limited resources.

12.93 Some of the demands for change arise from existing program or operational needs; others may be driven by government-wide initiatives. Still others could be a result of legislative or other promulgated program changes. While some senior managers may be aware of the exposure to risks, senior management in all departments and agencies needs to be made fully aware and to commit to keeping other systems development work to a minimum.

12.94 Where other development work needed for government-wide initiatives or legislative and program changes threatens Year 2000 projects, senior management may have to request a delay in implementing the initiatives or seek legislative reprieve, if necessary.

12.95 Insufficient technical resources. The inability to secure sufficient technical resources to carry out a Year 2000 project is probably one of the most serious concerns to senior information technology officials. Departments and agencies can be affected in one of two ways.

12.96 Internally, they may face the risk of losing key technical staff to outside organizations. As opportunities increase for technical expertise to deal with Year 2000, compensation and remuneration in the private sector become more attractive to skilled individuals, making it increasingly difficult for departments and agencies to retain key technical staff.

12.97 There is also a risk that, as we approach 2000, private sector firms may not be able to continue to supply sufficient computer professionals to repair or replace systems, regardless of contract rates offered. Since Year 2000 is a global issue that affects and has the same deadline for all organizations, the demand for expertise is likely to exceed the supply as time passes. Some computer professionals have predicted that this will start no later than late 1997.

12.98 As we concluded our audit in early May, officials in some departments advised us that a higher than usual rate of turnover of computer staff has begun. The news media also reported that compensation for these professionals has started to rise.

12.99 On an ongoing basis, senior management needs to be kept apprised of how its department or agency is being affected. Departments and agencies may need to call upon the Treasury Board Secretariat to help address this risk.

12.100 Failure or delay in obtaining compliant upgrades from vendors. Third-party vendors supply numerous products to departments and agencies. They range from processors and devices to operating and application systems. Many of these products are not compliant for Year 2000 purposes, including, possibly, acquisitions made in recent years.

12.101 Many vendors have indicated that new versions and upgrades will be compliant and will be released at some future date. Some have yet to reply to queries from departments and agencies on the status of their products, or on whether and when some future upgrades will become compliant.

12.102 To control this risk, Year 2000 project offices need to leave sufficient time to acquire alternative compliant products should vendors fail to meet announced release dates. Depending on the implications of the specific exposure, it may need to be included in the contingency plan.

12.103 Data interface exposure. Many systems interface with one another to provide functionality to groups of users. Albeit that arrangements can be made in advance for the mode and format of data transfer, errors can occur and some partners could fail to make the changes in time.

12.104 The extent of dependency on other systems varies from system to system. In addition to internal interfaces, many systems in departments and agencies interface with those of other departments, other levels of government and external partners. The impact could range from rejecting a limited number of transactions that can nevertheless be rekeyed, to compromising the integrity of the recipient organization's data files.

12.105 Repairs of all necessary linkages have to be co-ordinated and made. For interfaces involving other government organizations and external partners, Year 2000 project offices need to be vigilant in confirming Year 2000 compliance prior to mutually agreed changeover dates and allowing sufficient time for testing. If a transfer of non-compliant data could be severely detrimental to departmental systems, the project offices may have to explore "what if" scenarios and include them in their contingency plans.

12.106 Risk of funding delay. As reported earlier, many departments and agencies have yet to complete cost estimates for the Year 2000 project. Without meaningful information on overall funding requirements, it would be difficult to ascertain what shortfall from existing systems maintenance budgets might arise and, in turn, for senior management to determine if it would need to request incremental funding beyond departmental budgets.

12.107 As we have noted, the costs for Year 2000 will be significant. As of early May 1997, the Treasury Board Secretariat estimated $1 billion as the overall cost of making government systems compliant for Year 2000. It was anticipated that some departments may request significant incremental funding, potentially totalling hundreds of millions of dollars.

12.108 There is a risk that tasks and action on the Year 2000 project would be delayed if funding commitment were not to be secured on a timely basis.

12.109 With or without submissions to the Treasury Board for incremental funding, senior management may have to be prepared to fund Year 2000 projects internally to ensure that they do not sustain undue delay.

Aggressive Government-wide Action Is in Order

Need to rank Year 2000 among top priorities
12.110 The Secretariat has been actively raising awareness of Year 2000 across government. The interdepartmental working group set up and chaired by its project office has provided a forum for discussing views and exchanging experiences in Year 2000 work. Through its surveys, the working group, and other interdepartmental committees involving heads of information technology and deputy ministers, the Secretariat has played a meaningful role in co-ordinating and facilitating Year 2000 issues.

12.111 However, we observed as of April 1997 that the government's rate of progress against Year 2000 has generally been slow, and the majority of the total effort required has yet to be undertaken. We have also concluded that the Year 2000 risks facing departments and agencies remain high.

12.112 The amount of work still required is staggering, and the time remaining is limited. Computer professionals have often used an average number of systems or components that need to be converted, tested and implemented every week as a reminder of the magnitude of the task at hand in relation to time that remains.

12.113 The data we gathered from the audit and our general survey showed that the target implementation date of 1 April 1998 will not be attainable for most departments and agencies. Our discussion with private sector experts indicated that 1 January 1999, which allows one calendar year for delays and unanticipated problems before 2000, is emerging as the industry standard as the last day to fully implement Year 2000-compliant systems. At the end of our audit, only 20 months remained before that date. It is not uncommon for departments and agencies to have to address hundreds of modules, components and systems for Year 2000 purposes. Assuming an inventory of 100 potentially affected systems or components, an organization would have to analyze and test, and possibly convert and implement, an average of five systems or components per month, or at least one per week on a continuous basis, to meet the Year 2000 schedule.

12.114 Moreover, we observed that substantive contingency plans have not been developed and that exposure to many significant risks could derail Year 2000 projects.

12.115 We are concerned that many systems that are critical to supporting government programs and services are at risk. The rate of progress that we observed would likely be too slow to assure continuous systems support for the delivery of these programs and services. The government needs to rank Year 2000 as one of its top priorities and develop contingency plans. There is a need for urgent and aggressive government-wide action. Subsequent to the audit, the Treasury Board Secretariat advised us that, in its view, the government's rate of progress has been accelerating and aggressive action is under way.

12.116 As noted earlier, the ability of a departmental Year 2000 project office to elicit sustained commitment and support from senior management throughout all of the phases is critical to the success of the project. From our examination of the nine departments, we identified several matters that merit attention from senior management. Exhibit 12.5 provides a sample of these matters.

12.117 In particular, at those larger departments and agencies with critical systems and where the Secretariat has determined that the Year 2000 problem requires more attention, the Secretariat needs to ensure that senior management in each of those organizations is engaged on an ongoing basis in addressing the problem.

12.118 Departments and agencies should rank Year 2000 projects among their top priorities and develop contingency plans. Senior management should provide support to the Year 2000 effort on an ongoing basis and should address roadblocks and exposure to risks as they arise.

12.119 The Treasury Board Secretariat should assist departmental efforts by continuing to engage senior management of departments and agencies in sustaining commitment and support for Year 2000 projects.

Need for a government-wide perspective
12.120 The government delivers its programs and services to the public through many departments and agencies. The departments and agencies are at various stages in their Year 2000 projects and have different capacities to address the issue. Further, while individual departments and agencies are addressing systems that are critical to their own programs and operations, it is also important that specific attention be given to systems that are most critical to the government as a whole.

12.121 Collectively, the government needs to identify and assign priority to a manageable number of systems that are most critical to supporting major programs and essential services, and to charge a specific group to oversee their successful Year 2000 implementation. These are systems that can have significant consequences in such areas as health and safety, financial implications, public interest and hardship, and legal issues.

12.122 The Secretariat's Year 2000 project office has a mandate to oversee Year 2000 efforts across government. It advised us that its work plan includes an initiative to monitor the state of readiness for all mission-critical systems. It indicated that the initiative calls for updates of departmental progress in September 1997 and January 1998, but the means through which the information will be collected and analyzed have yet to be developed.

12.123 Departments and agencies would continue to be responsible for these systems as part of their Year 2000 projects. In our view, the oversight role would be primarily to ensure that the schedule and milestones are in place, and that they allow for sufficient testing of the applications and for time after implementation to correct any detected errors before 2000. The oversight role could also include ensuring that contingency plans would be developed for these systems. On an ongoing basis, the Secretariat's project office would monitor progress for these systems and intervene strategically as appropriate.

12.124 Where systems in more than one organization interact to support a program, the Secretariat's project office would have the additional role of ensuring that all related systems and applications were identified and monitored. The functionality of these systems could be significantly curtailed if some component systems were not converted and implemented in time.

12.125 Subsequent to the audit, the Secretariat advised us that within its initiative of monitoring Year 2000 in government, it plans to focus its attention on the most critical systems. Its project office further indicated that an initial list of such systems has been prepared and is under review internally.

12.126 The Treasury Board Secretariat should place high priority on its monitoring initiative, in particular, its effort in identifying and overseeing a manageable number of the government's most critical systems. It should intervene strategically as appropriate to ensure their successful implementation before 2000. This should include the development of related contingency plans to ensure continuous systems support for major programs and essential services into the next millennium.

A role for ministers and Parliament
12.127 Given the potential significance of the issue, we would expect ministers to be engaged in the Year 2000 challenge and Parliament to be kept informed of the issue and its potential effects on government programs and service delivery.

12.128 In examining the departments, we were not able to confirm that any briefings had been given to ministers. At the Secretariat, its project office had been preparing a presentation since early 1997 to inform Treasury Board ministers of Year 2000 and to seek funding to manage a number of related government-wide initiatives.

12.129 In late June, the Secretariat advised us that a submission had been approved for presentation to the Treasury Board ministers during the summer of 1997. The Secretariat further indicated that a second submission would be made in the fall to advise Treasury Board of the state of the government's preparedness for Year 2000 and the estimated related costs.

12.130 In our view, ministers ought to be enlisted to support the Year 2000 initiative. Their support could be invaluable in overcoming roadblocks and exposures that may materialize later. Furthermore, Parliament ought to be kept informed of this impending threat and the government's progress in countering it.

12.131 Departments and agencies should engage ministers on a timely basis, to advise them of the urgency of the Year 2000 threat to government programs and services and to gain their support in overcoming roadblocks and exposures that may arise. The Treasury Board Secretariat should continue to involve Treasury Board ministers and advise them periodically of the government's progress in managing Year 2000 projects and government-wide initiatives.

12.132 The government should keep Parliament informed of Year 2000, the potential impact on government programs and services and its progress in making systems compliant for Year 2000.

Opportunities Exist to Gain Efficiency

12.133 The primary focus of Year 2000 projects is to control the risks of systems errors and failures that could disrupt or jeopardize government programs and services to the public. At the same time, opportunities exist to gain efficiency in Year 2000 efforts across government. Acting on some of these opportunities can counter some of the exposure to risks we have identified; acting on others can help reduce duplication of effort among departments and agencies. We would expect that in countering the Year 2000 threat, initiatives would be undertaken to address common issues across government in order to maximize cost effectiveness.

12.134 Since the establishment of the Year 2000 project office at the Treasury Board Secretariat in 1996, efforts have been made to identify issues that can be managed horizontally to benefit all departments and agencies. Through establishing an interdepartmental committee, the group has been identifying horizontal issues and developing a work plan to address them.

12.135 The Secretariat intended to present the Year 2000 issue to Treasury Board ministers in March 1997 to seek endorsement and approval of funding for the work plan. As we completed our audit in early May, the Secretariat was in the process of revising its presentation and preparing the Year 2000 work plan. In late June, the Secretariat identified 12 government-wide initiatives and their related funding requirements and a list of 6 challenges. The initiatives and their funding requirements were subsequently approved for presentation to the Treasury Board.

12.136 We note in the following paragraphs some issues that, in our view, merit particular attention on a government-wide basis.

12.137 Shortage of technical resources. Retention of key staff is an area of exposure for many departments. The larger departments that conduct a significant portion of systems development in-house are particularly at risk. Private sector firms have started deploying special strategies to retain their own key technical staff for the duration of their Year 2000 projects. The nature of the issue calls for a government-wide initiative.

12.138 The Secretariat facilitated a working session with departmental representatives in May to discuss human resource issues and to identify options for retaining staff. It advised us that the Chief Information Officer Branch has also developed an action plan for managing human resources in the information technology community, and that the plan includes needs that relate directly to Year 2000 as part of La Relève, an initiative to address human resource issues in government.

12.139 General concern has also been expressed about the length of the procurement cycle. Full procurement cycles can take six to nine months to complete. The longer the cycle takes, the lower the possibility of engaging appropriate contractors and the higher the cost for their services. The Secretariat indicated that an interdepartmental group was being formed to review the procurement process and address this means of securing technical resources.

12.140 Vendor compliance. All departments and agencies require information on the state of compliance of existing versions of vendor products and the monitoring of development of future compliant releases. Efficiency can be gained by tasking a single group to communicate with vendors and monitor future development.

12.141 In 1996, a procurement group of one department started developing a repository of vendor product information. It has since been determined that more specific information will be required. At the time of our audit, that effort was being continued by another group, adding specific information on the products as they relate to various operating environments that the department supports. Resources needed to broaden the base to all departments and agencies and to share the information with them had been estimated and were awaiting approval.

12.142 Shared systems certification. A number of systems in administrative areas such as financial management and human resources have been identified as ones that will be shared across government. Since these systems will be implemented in more than one department, efficiency can be achieved by ensuring once, for all users, that the applications are compliant for Year 2000 purposes.

12.143 The Secretariat commissioned a review of these systems in early 1997 and reported that many of the applications were or would become compliant for Year 2000. The review also identified areas where the infrastructure and work station environment require changes in order for the shared systems to remain functional in 2000.

12.144 The review was not intended to and did not include validation of the commercial applications. To serve departments and agencies and allow them to focus on their own information technology infrastructure and environment, there would be merit in seeking vendor or third-party certification for the applications.

12.145 Date standards. Various date standards exist in the information technology industry and there are many Year 2000 solutions. The subject of establishing a single standard has been debated within the information technology community.

12.146 A date standard has been in place in the Treasury Board Information Technology Standards since 1988. If the date standard had been followed by departments and agencies, system interfaces internal to the government would pose a lesser threat as a result of Year 2000. However, decreeing a standard for immediate adoption could jeopardize many Year 2000 projects already under way in departments and agencies. There would be merit in the government's promulgating established standards as a target for adoption in the longer term.

12.147 Test facilities. Departments and agencies need to plan ahead for the testing phase. There will be a need for a Year 2000 test environment, separate from a production environment. Many departments and agencies will not have excess processing capacity to create such test environments. There could be duplication in the use of resources if all departments and agencies were to acquire additional capacity for testing. Through testing applications and data files at central facilities, experience could be gathered to benefit other departments and agencies.

12.148 There would be merit in exploring the feasibility of creating test facilities that could serve some departments and agencies. The Secretariat's project office has identified as one of its initiatives a study of the feasibility of establishing a common test facility.

12.149 Legal implications. As of May 1997, analysis of the legal implications of Year 2000 had been primarily in the area of contracting and contract administration.

12.150 Limited work has been done to examine and analyze other possible legal implications for the government that may result from Year 2000. Possible scenarios to consider include:

  • errors in government services and information upon which businesses or the public rely;
  • interruption in services that result in delays, causing loss of business;
  • malfunction of products or devices certified by the government; and
  • defects, errors, interruption or failure of goods or services regulated by the government.
12.151 In our view, there would be merit in conducting legal analyses so that departments and agencies can receive guidance and advice on precautionary measures to take as appropriate. In late June, the Secretariat's project office identified legal issues arising from Year 2000 among its list of challenges for consideration.

12.152 Most of these opportunities and many others have been identified by the Secretariat. However, as of early May 1997, some initiatives were under way and others had yet to be started. In addition, no initiatives relating to date standards and legal implications were included in the proposed activities. If the opportunities are not pursued expeditiously, the centralized effort will lose its potential to serve departments and agencies.

12.153 The Treasury Board Secretariat should accelerate its work plan for Year 2000 and launch or expedite the projects in the plan. It should also assess the merit of initiatives concerning date standards and legal implications for inclusion in its work plan.

Conclusion

12.154 The Year 2000 issue can have a significant adverse effect on government programs and operations. The stakes for the government are high. In particular, systems that are most critical in supporting major programs may fail and could affect public health and safety and other essential services to the public. Aside from the direct fallout of systems errors or failures, Canadians' confidence in the public service may also be at stake.

12.155 Our audit of departments and our general survey showed that, as of the end of April 1997, most government departments and agencies were at early stages of their Year 2000 projects. We concluded that the rate of progress to date has generally been slow and that the residual risks to government systems remain high.

12.156 The present state of the government's readiness for Year 2000 is particularly vulnerable, given that there is limited time left to convert, test and implement systems. Using the emerging industry standard of allowing one calendar year for addressing delays and unanticipated problems, the government had only 20 months remaining at the time we completed our audit, and the magnitude of the task at hand can be overwhelming. Furthermore, there are formidable exposures ahead that can jeopardize the successful implementation of compliant systems, and substantive contingency plans have yet to be developed.

12.157 We are concerned that if progress were to continue at the rate we observed, it would likely be too slow to overcome the Year 2000 threat. Systems that support major programs and essential services may fail, and continuous delivery of these programs and services could be at risk.

12.158 In our view, there is a need for urgent and aggressive action on the part of the government, including engaging ministers and possibly parliamentary committees to champion Year 2000 projects. We also emphasize the need for substantive contingency planning to serve as a safeguard, particularly for major programs and essential services.

Treasury Board Secretariat's response: The government has accorded the Year 2000 issue the highest priority. An aggressive action plan of government-wide initiatives has been approved by the Treasury Board. The government is addressing common horizontal needs, including human resource and procurement issues to recruit and retain sufficient skilled personnel to undertake the required work. It is sharing best practices and methodologies to ensure maximum benefit from the work under way. It is also monitoring and reporting departmental progress on an ongoing basis to ensure that appropriate actions are being taken as required. The pace of government activities is accelerating and will continue to accelerate in addressing this unique challenge.

With these actions the Treasury Board Secretariat is currently examining the state of readiness of all systems that support government services that the government deems `mission-critical' to confirm that they will continue to function properly after 31 December 1999. Several steps are being taken by the Chief Information Officer Branch to understand and monitor departmental action plans for mission-critical systems, including the requirement that departments develop and submit contingency plans should such systems not be fully functional at that date.

The government generally agrees with the report's recommendations and acknowledges the Auditor General's contribution to greater awareness of this project.


About the Audit

Objective and Scope

The audit examined the risks and exposures that government programs and services face as a result of the Year 2000 threat. We reviewed the progress of Year 2000 projects at several departments to assess the government's general state of preparedness.

The audit serves to inform Parliament of the Year 2000 crisis and our assessment of the government's readiness in this regard and to prompt appropriate action on addressing critical systems and those that concern the interests of the Crown and the public. The audit also sought to identify and highlight issues and areas that require further attention from the government and Parliament in facing the Year 2000 challenge.

Nine departments were selected for examination - Agriculture and Agri-Food Canada, Correctional Service Canada, Department of National Defence, Health Canada, Human Resources Development Canada, Justice Canada, Public Works and Government Services Canada, Revenue Canada and Veterans Affairs Canada. The departments were selected because they deliver major programs and essential services to the public. Collectively, they also represent 32 percent of the government's budgetary expenditures and 94 percent of budgetary revenues forecast for 1996-97.

In order to gain a broader perspective on the state of preparedness across government, we also conducted a general survey of over 60 departments and agencies. They represent government organizations that are led by deputy ministers or those of an equivalent rank. The survey requested information and status as of 30 April 1997. About 50 responses were received; some did not address all the survey questions. We did not validate the responses provided by the participants.

We also examined initiatives undertaken by the Chief Information Officer Branch of the Treasury Board Secretariat to help mitigate Year 2000 risks to the government.

Criteria

Where appropriate, detailed criteria are discussed in sections corresponding to the observations and findings. The general criteria used in the audit are as follows:

  • Leadership initiatives should be in place on a government-wide basis to address the challenge posed by the two-digit year coding practice in information technology as the year 2000 approaches, and to oversee progress in assessing and overcoming the challenge.
  • At the departmental or agency level, there should be an organized plan and structure to secure senior management awareness and support, and to manage and contain risks in relation to the Year 2000 issue, including identifying and assessing risks and implementing and testing corrective action taken on systems, devices or facilities that may be affected.
  • Initiatives should be in place to co-ordinate and facilitate Year 2000 efforts of departments and agencies to maximize their cost effectiveness.
  • Management practices in addressing the Year 2000 issue should demonstrate due regard to economy and efficiency.
  • Parliament should be kept informed of matters of significance arising from the Year 2000 challenge and its effects on government programs and service delivery.
Audit Team

Greg Boyd
Brian Element
Joe Lajeunesse
Maria Wisniowski

For information, please contact Nancy Cheng, the responsible auditor.