Soon, the Chamber of Commerce in our small town is having a public discussion about Y2k. The rep from the locally owned bank will be there as well as reps from the locally owned Public Utility (which purchases its power from someone else)and town officials. What would be some good hard hitting questions I could ask them to get a sense for how prepared our small town is to weather this thing out?

My assumption is that a regional bank that didn't have any offshore investments or loans would be a safe place to have money- safer than say a larger international bank.

For the town officials, what would be good questions other than are you compliant?

What are the common dodges and gobbledygook answers that I should be aware of?

Thanks, Rick

-- RickSolinsky (rick@audioonhold.com), February 24, 1999

Answers

Rick

99.99% of all answers you get, if you don't ask the right questions, will boil down to a) we're working on it, b) we expect to be done on time, and c) we don't promise anything.

Ask: When did you start analyzing your systems for problems? How many systems a) do you have? b) have been examined to date? How much remediation (correction) work has been done? How much testing of remediated code has been done? By who? What are your backup plans for the following: County-wide loss of power? County-wide loss of telephone communications? Hospital and other emergency services backup power and communications?

You don't have to say you expect all of these things to happen, just tell them you'd feel better if you knew they had some kind of a plan in mind 'just in case.'

By the way, that's just a start on questions. There's plenty more.

-- Cowardly Lion (cl0001@hotmail.com), February 24, 1999.

With particular regard to the bank, look at how officials word their answers. For instance, Alan Greenspan was quoted in the Senate Y2K Committee Report stories:

"Yesterday, Federal Reserve Chairman Alan Greenspan assured Americans that they can keep their money in the bank over New Year's 2000 without fear."

Okay, I'll buy that we can keep our money in the bank. But can we get at it too?

"'There's almost no conceivable way . . . that computers will break down and records of people's savings accounts would disappear,' he told the Senate Banking Committee."

"Almost" no "conceivable" way. This translates to, "Well, it's not 100% certain but there's no way we can see right now. . ." The next bit says "that computers will break down and people's savings accounts would disappear." Let's translate that bit: "if computers break down, people's savings accounts won't disappear--they're stored on disks. Of course, whether we can get at them and release the money is another story." You note there's no mention of CDs, T-bonds, Money Markets, checking accounts--why didn't he just say "bank accounts"? I believe Alan Greenspan is usually very precise in his phraseology--he has to be, a misplaced word can cause markets to go into a frenzy worldwide.

Pick over every word. When they say, "We're Y2K-compliant," ask if they've tested yet. If so, what was the test. "Compliant" to me means "complies with," not "proof against."

-- Picky-picky Old Git (anon@spamproblems.com), February 24, 1999.

Ideally, you get their commitment that they will be at "ground-zero" (in an elevator, at a hospital with news-crew). They will then be motivated to make sure TSDHTF.

-- Anonymous99 (Anonymous99@anonymous.com), February 24, 1999.

Rick.........

You will get boilerplate answers..........pre-approved answers that have been written by the lawyers......nothing more.

I've tried very specific questions with my power company and even got a letter personally signed from the president of the power company. However my request for more specific details was met with a 'we'll get back to you'. This was about four months ago. I'm not holding my breath.

As with any company, their first and foremost responsibility is to their shareholders. They cannot, and will not give any information that could later return to cause them grief. They cannot nor will not make any statements that could cause them to lose share value.

They will be 'on track', 'have a plan', 'expect to be finished', 'preparing contingency plans', 'aware of the problem' and a hundred other cliches.

As with any business, they cannot sound a death knell or warning even if they expect trouble. Better in the eyes of business, if they have at least another few good months. Any warnings of problems now, and they are out of business sooner rather than later.

Whether business or government, don't expect too many profound confessions. We won't know for sure how well they did until we hit 2000.

-- Craig (craig@ccinet.ab.ca), February 24, 1999.

Sir/Madam; Do you have a plan to drill community wells, dig latrines,stockpile blankets, sleeping bags, firewood, food, water, soap, medical supplies,cots,gardening supplies,fire extinguishers,communication equipment?

-- KoFE (Whenthefecesmakescontactwith@therotating.osccilator), February 24, 1999.

In case of an extended loss of electric power, have you a plan in place to locate, retrieve, shelter and feed the elderly and infirm in homes and apartments without heat or elevator service?

-- Tom Carey (tomcarey@mindspring.com), February 24, 1999.

If you don't have good answers to these questions, can we:

a) Sue your pants off?

b) Come to your home on 1/1/2000 for a "town hall meeting"?

c) Assume you plan on doing nothing?

d) Inform the local media of your inaction?

e) Fill in the blank here

-- Steve Hartsman (hartsman@ticon.net), February 24, 1999.

Rick,

Here are four questions the Boston Globe asked businesses and government agencies recently...

http://www.boston.com/globe/business/packages/y2k/prepared.htm

[snip]

A What percent of your critical systems are now Y2K compliant? B By Jan. 1, 2000, will all mission-critical systems be fully Y2K compliant? C What is your target date this year for 100 percent Y2K compliance for mission-critical systems? D Do you presently have a formal, written contingency plan to serve customers and carry on operations in the event of Y2K disruptions?

[snip]

...and here are some questions to ask as suggested by Michael Hyatt:

"Where Is Investigative Journalism When You Need It?"

http://www.michaelhyatt.com/editorials/journal.htm

[snip]

"How many computer systems do you have in your inventory?" An inventory and assessment is the first phase of any Y2K project. According to most experts, it accounts for about seven percent of the total project. If a spokesperson cant answer this question off the top of his head, the reporter must assume that the organization in question has not yet completed this phase. If thats true, then it still has 93 percent of the job ahead of ita formidable, if not impossible, job for any organization in the months remaining. It is also important to ask if this number includes embedded chip systems. "How many of these systems do you consider to be mission critical?" Most organizations have given up trying to get everything fixed. Almost everyone is now engaged in a process of triage, attempting to identify which systems must work in order for the organization to fulfill its primary mission. An inability to answer this question reveals that the organization has not prioritized its work and is putting its primary mission at risk by not doing so. At this late date, any organization trying to fix everything runs the risk of not finishing anything. "What criteria did you use to determine which systems were mission critical and which ones were not?" The problem here is that some organizations will inevitably exclude systems that their customers and constituents consider mission critical. For example, lets say that my medium-sized business buys pre-printed checks from a specific supplier. However, these checks are ancillary to the suppliers core business of distributing office supplies. As an executive of a publicly-held corporation, I need to know that checks arent on the list of mission critical systems, so that I can make plans to secure an alternative source. Why? Because issuing checks to pay our vendors and employees is mission critical for my company. "How many of your mission critical systems are currently Y2K-ready?" What we dont need are more vague generalities and wishful thinking. We need information that is specific, measurable, and verifiable. If the spokesperson answers with a specific number, the reporter should ask if these systems have been independently certified. If not, does the organization plan to utilize a third-party to verify the readiness of their systems. If not, do they simply expect us to take their word for it? As Ronald Reagan suggested, our posture needs to be one of "trust but verify." Once the reporter gets a number, he should periodically follow-up and begin charting the companys progress. This is where reporters would do well to take a page out of Congressman Steve Horns playbook and begin issuing "report cards" on the progress of critical local providers (e.g., utility companies, big business, etc.). If these organizations wont voluntarily disclose their progress, perhaps public embarrassment will motivate them. "What are your critical Y2K milestones for each of your major systems?" What the public should know is when a given organization plans to (a) finish code repair, (b) begin testing, and (c) put the compliant system back into production. These specific dates should be noted and the reporter should schedule follow-up interviews to see if, in fact, the organization is on track or falling behind. If the organization is unwilling to share this information, the reporter must ask why. In the absence of this information, the public must assume the organization does not have critical milestones and therefore does not have a substantive Y2K project underway. "Have you identified, contacted, and heard back from your critical vendors and other suppliers?" Its not enough for an organization to get its own systems ready. In the kind of interdependent, interconnected world we live in, a critical, non-compliant supplier could bring an organization to its knees. For example, if a reporter is talking to a coal-burning electric utility, he should realize that the plant is obviously dependent upon tons of daily coal shipments. No coal, no power. The reporter should be asking, "What assurances have you received from your primary coal provider?" "What about the railroad system that delivers the coal?" "What kinds of specific information are you requiring from your vendors?" (Many organizations are not seeking specific information; they are simply writing the letters in order to mitigate the likelihood of lawsuits. They are trying to create the illusion that they are doing "due diligence" rather than trying to motivate and insist upon compliance.) Again, the more specificity the reporter can garner the better. "Do you have written contingency plans?" Heres reality: the code is broken. Not all of it will get fixed. There will be disruptions. As a result, business continuity plans are essential. Failure to make contingency plans is both irresponsible and reckless. For these plans to be credible, they must be written. And in the case of critical infrastructure providers, these plans should be made available to the public. If the organization does not yet have a written plan, it is reasonable to ask when it will be done. Again, the reporter should note the date and follow-up.

[snip]

-- Kevin (mixesmusic@worldnet.att.net), February 25, 1999.