Glenn, I've read the report and below are my thoughts.
The importance of this report is that it is based upon the information of over 15,000 companies in 87 countries, spanning all size ranges of company and 27 industries. In short it represents a significant endeavor to gauge the Y2K readiness of the world's businesses and governments.
This report is difficult to read and interpret. The Gartner Group did not made this easy. Besides the analytical nature of the report the big problem is that there are almost no comment on the key objective facts gathered by Gartner, nor is there much detail.
Gartner's data deal with the level of readiness, what Gartner calls "Compliance Status" or COMPARE for short. This data is presented almost with out comment. The following are just about the only direct comments on this data:
7 "23% of all companies and government agencies have not started any Year 2000 effort. 83% of these are small companies with fewer than 2000 employees." Page2.
7 "As of Q3 1998, large companies have completed remediation of 20-80% of their internal systems, and 30-50% have started significant levels of testing. Mid-size companies have 0-30% remediated �." Page 4.
7 "In October, 1998, 15% of all companies claim to have achieved level IV compliance of mission critical systems. We predict that 50% will achieve this goal by 2000." Page 15.
7 "The majority of large companies in [the most prepared countries] will complete at least 80% of level IV by 2000." Page 15.
The rest of the "Preparedness" information is presented in three Figures, Figure 4 (page 8), Figure 5 (page 9), and Figure 7 (page 11). Figures 4 and 5 are presented with out comment. These charts are the summaries of the data Gartner has gathered. Absent Gartner's comments I'll make an attempt to interpret them.
The scale across the top of these figures shows the Level of Preparedness. The first issue to note is that the time most organizations will require to complete each of the categories, 0 - V, differ. Most opinion holds that Levels IV and V are going to take most organizations much longer to accomplish than Levels I-III.
Gartner estimates that it will take a mid-size company 30 months to complete level IV. In rough terms this means that mid-size firms should be about 50 percent completed with remediation and testing of critical systems at the time of the this study to be on schedule to merely complete mission critical systems by 2000. Larger firms should be at an even higher percentage of completion to be on target for meeting this "minimum of readiness" target. (Remember there are still all non critical systems to remediate and contingency plans and procedures to set up for problems arising from failures both internally and externally created.)
Gartner's Completion of level III represents about 25 percent completion of remediation and testing of critical systems. A mid-size firm at completing level III in September 1998 has about 22 months of work remaining to accomplish in an available 15 months of time to meet the "minimum readiness" level. Large firms in this situation are behind even further.
Examine Figure 5, on page 9, depicting the Level of Preparedness by industry group in the US. The only industry that is even close to a level of completion that suggests they might have time to address anything other than critical system is the Insurance industry. Only the Investment Services and Banking industries firms are at a level that suggest that a large group of firms will complete remediation of critical systems. Many of the firms in Investments Services and Banking and virtually all other firms (and governments) are not on schedule to complete even their critical systems by 2000.
As Figure 4, on page 8, points out the situation in the world as a whole is worse. Only the US, Canada, and possibly England, of the worlds major economic powers show as having a meaningful percentage of companies that will have all mission critical systems ready.
That's the bad news. The good news is that Gartner has "interpreted" the data they have gathered into Failure Rates and Predictions. The basis of this is the graph on page 13. This table assigns the likelihood of having a "Mission Critical Failure" as nearly 100% when the level of completion of remediation of critical systems is near 0%. The likelihood of a critical failure drops to around 60% when the level of remediation rises to around 25% completion; and drops to around 30% when remediation gets to 60%.
On the basis of these relationships the report concludes the types of failures described on pages 5-12. These predictions are surprisingly good news given the data in Figures 4,5 and 7. Particularly consider Figure 8 on page 12. It predicts the "distribution" and "severity" of disruptions to key infrastructure areas such as Power, Telephone, Natural Gas, and Government Services. The table shows predictions of "isolated and minor" or "isolated and moderate" disruptions to most infrastructure categories for the country categories that contain most of the industrialized west. The notable exception being Government Services which are predicted to experience Moderately widespread failures of Moderate to Sever intensity.
These Failure predictions are hard for me to reconcile in the light of the data in Figures 4 and 5. It is unfortunate that Gartner does not comment more on Figures 4 and 5, nor offer any explanation for the relationships of Completion Level to Failure Probabilities. It is hard for me to imagine how a firm of medium size or larger that fails to complete and test remediations on half of its mission critical systems could even open its doors in 2000. Gartner's Figure 9 shows there to be a probability of 40% that such a firm will experience at least one mission critical failure. I may be missing something here but this seems to be a gross understatement or awfully optimistic. (You might want to read Rick Cowles answer to "New Gartner Embedded Systems Article" question posted on 10-16.)
For all of its imperfections this report, and hopefully quarterly updates, are the best data of its type, by far, of which I am aware.
It is also not clear to me that this report is really covering the imbedded chip aspect of Y2K. It seems to purport to do so, but the superficiality of the comments specifically on chips and the language of the rest of the report body cause me to wonder. My inclination is to assume that this report is speaking substantively only to the software side of Y2K.
-- Anonymous, October 26, 1998
There are two small parts of the Gartner Report at http://gartner5.gartnerweb.com/public/static/aboutgg/pressrel/testimony1098.html#top which have grave implications, and which I skimmed over at first reading, in my haste to look at the charts.
The first is:
"From 1996 through Q1 1998, companies were using vendor form letters to determine supply chain risks. Many of these are not responded to, and of the ones received, the vast majority are unusable for compliance risk assessment. During Q1 and Q21998, more than 60% have changed to a strategy of requesting face-to-face or telephone (direct contact) vendor reviews. This should help in obtaining more accurate supply chain risk information; however, many are struggling with trying to get vendors to agree to this type of meeting. Therefore, getting vendors to disclose accurate information related to compliance of their products remains a challenging task."
Obviously, obtaining "supply chain risk information" is only the first step towards assessing whether a business or agency will have problems with partner data exchanges or will be able to get deliveries of critical supplies. This first step appears to be stalled, if not blocked altogether, and time is just about out for this information to have practical value. What good will it do a company to finally find out one of their key suppliers is not compliant if there is not enough time left to locate, and contract for an alternate supply? (Assuming there IS an alternate available in the first place.)
The second part of the report with serious implications is:
"3.Our experiences shows that U.S. companies are not providing accurate disclosures related to Year 2000 risks and contingencies. There are considerable differences between the status of Year 2000 compliance and critical risks that companies disclose to the SEC, and what the actual status and risks are within that company."
This little blurb appears to say, in the most diplomatic way possible, that the confidential info Gartner is getting is a far cry from what companies are telling the Securities and Exchange Commission. Boil the above statement down and you get: Companies are lying to the SEC, they're not as well off as they report they are.
This is one of the reasons I take all government assessments of progress and automatically adjust downward to get what I believe is a more accurate picture of where we stand. It's not in any business's (or government agency's) interest to divulge bad news, so information with negative content will automatically be withheld as much as possible. That's pretty much a fact of corporate life. And while I think the confidentiality of the Gartner survey promotes more honesty than a public disclosure would, I also seriously doubt if even Gartner is getting the whole truth, and nothing but the truth.
-- Anonymous, October 26, 1998
Year 2000 Risk Assessment and Planning for Individuals
http://gartner11.gartnerweb.com/public/static/home/00073955.html
I would like to see this report pulled apart like their last report.
So many holes in it.
WMO info
This site has many very informative/revealing stats on hardware, O/S, and software.
http://www.wmo.ch/web/www/y2k-info.html
Have a look at their members only section.
It shows a good global overview of problems within hardware, O/S, and software.
Lists of many defects on a global basis.
Exceedingly comprehensive.
Also worth a browse through this directory.
http://www.wmo.ch/web/www/
With y2k statements down the bottom.
Nick
My monster links webpages:
Year2000 Information links;
http://www.cairns.net.au/~sharefin/Markets/Y2k.htm
Survival & Energy Information links:
http://www.cairns.net.au/~sharefin/Markets/Alternative.htm
Food, Health & Gardening Information links:
http://www.cairns.net.au/~sharefin/Markets/AlternativeFood.htm
Lots more new links added.
Now over 3000 sites listed
-- Anonymous, November 03, 1998
Nick, thanks for pointing out Gartner's Individual Preparation site. I haven't had time to read it all yet, but the "holes" are apparent in just the introduction. Here are the first two sentences in Gartner's Bottom Line:
"The Bottom Line: Individuals should prepare for limited duration, localized failures of services and infrastructure rather than an apocalypse. The type and number of failures will vary geographically and cannot really be predicted." I got a really good laugh from this. They recommend preparations for limited duration failures and immediately say that the type and number of these failures will vary and cannot really be predicted. Then you have another whole paragraph of disclaimers:
"This Strategic Analysis Report represents the collective view of GartnerGroup as of October 1998. Special thanks to Nicki Brown, CEO of Wilton Bank in Wilton Connecticut, and a member of the American Bankers Association's Y2K committee. This report includes statements that may constitute forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Although GartnerGroup believes the expectations contained in such forward-looking statements are reasonable, it can give no assurance that such expectations will prove to be correct. This information may involve risk and uncertainties that could cause actual results to differ materially from the forward-looking statements."
My Bottom Line: Gartner admits they don't know what might happen. When I see "this information may involve risk and uncertainties that could cause actual results to differ materially .." I say, "Then the smart thing to do is to prepare for the worst case that is in your capacity to deal with." Gambling along with Gartner is not a game I want to play.
-- Anonymous, November 03, 1998