Gary Beach testimony to the Senate (July 22)greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
Senate Y2K CommitteeTestimony of:
GARY BEACH
PUBLISHER
CIO MAGAZINE
GLOBAL CORPORATIONS & THEIR EXPOSURE TO Y2K
Before the
UNITED STATES SENATE SPECIAL COMMITTEE
ON THE YEAR 2000 TECHNOLOGY PROBLEM
Washington, DC
July 22, 1999
My name is Gary Beach and I am publisher of CIO magazine, the leading publication for chief information officers (CIOs) and other senior executives who use information technology (IT) to
improve their business. CIO magazine provides current information and case studies on the effective use of technology. Our readers work in major corporations, primarily Fortune 1000, and in federal, state and local government agencies.
My Year 2000 expertise includes daily dialogues with business and technology executives as publisher of CIO magazine, and my work on the Steering Committee of YES Corps, an international network of voluntary Y2K experts supported by the International Y2K Cooperation Center, the United Nations and the World Bank. The subject of my testimony is "Global Corporations and Their Exposure to Y2K."
In June of this year, a public-interest coalition of CIO magazine; Dr. Ed Yardeni's Y2K Center, a public service of the chief economist of Deutsche Bank Securities; and Information Systems Audit and Control Association (ISACA), a recognized global leader in information technology governance, control and assurance, conducted a Y2K Experts Poll. The coalition polled Y2K experts in an effort to help the public and their policy officials assess the Year 2000 readiness of organizations around the world. The survey addressed Y2K corporate issues of readiness, confidence, third-party failures, contingency planning, legal issues, economic impact and the personal at-home actions of executives close to the Y2K remediation process.
The poll was conducted via the Web. An e-mail invitation from the three coalition members asked recipients to participate only if they were professionally and actively involved in Y2K
projects. Respondents linked to an electronic polling form in the e-mail solicitation. CIO magazine invited CIOs and other high-level executives from its subscriber list to participate;
ISACA invited its worldwide members. The titles of respondents included accountant/auditor, chief executive officer, president, chief financial officer, chief technology officer, information
technology consultant, management consultant, Y2K projects consultant, and manager, director, or vice president of information technology or information systems. The online poll closed June 16 with a final, qualified sample size of 892 respondents, a very respectable sample with a plus or minus error of 3.3 percent.
The majority or 55 percent of respondents were from large, U.S.-based corporations. Forty-five percent represented firms outside the United States. Sixty-one percent of respondents reported their firm employed more than 1,000 employees. The majority of poll participants were from the financial sector (26 percent), followed by manufacturing (17 percent), government (9 percent), and healthcare (5 percent). Respondents were roughly split three ways among IT executives, finance executives and corporate management.
The Y2K Experts Poll is a snapshot of Y2K readiness among large global firms with an average of 1,300 partners or suppliers connected in a worldwide, electronic domino chain.
Now, I would like to present the major findings from the Y2K Experts Poll that are particularly relevant to this hearing. For your edification, complete findings of the poll are included with this testimony.
In the survey, we asked respondents when they expected to finish all phases of their Y2K projects, including testing. Their responses indicate 1999 Y2K project completion is moving along, but not completed. Eighty percent reported they were more than three-quarters finished. However, 33 percent admitted they were behind schedule. In addition, 8 percent, or almost one in ten, said they will not complete their Y2K work until the Year 2000 or beyond.
Keep in mind these are huge, global firms with significant fiscal and human resources to focus on Y2K. I am concerned that many companies are behind schedule with only six months left until the immovable deadline. If a significant number of large, global companies are lagging, what does that say for small businesses here and abroad? Small companies simply do not have the same level of manpower and resources as big companies.
Nowhere have I seen data, until this poll, that quantifies the percentage of large firms that admit they are not going to make the turn-of-the-century deadline. The fact remains, no one knows
what will happen if organizations are not ready for the millennium. What this data does show us is that some large, global companies already know their computerized systems will not be ready in time. The consequences could range from minor inconveniences like a disruption in utility service to widespread economic, social and political upheaval. Given the range of outcomes, businesses should obviously make every effort to prepare for the Year 2000.
Respondents were also asked to characterize their organizations' contingency planning. The poll found 49 percent of companies had a contingency plan and 50 percent did not have one or were still in the process of creating one. Of the respondents with a contingency plan, 60 percent said they were already implementing it. Contingency plans could include training employees how to
perform tasks manually versus via computer. The poll also found contingency planning by this group of Y2K experts did not include significant stockpiling of business materials, supplies or
products. Thirty-four percent of companies said they were not stockpiling; 19 percent of companies said they were preparing to have two to seven days of extra inventory on hand. Translation: more than likely, any economic disruptions will be triggered by fear, not by additional inventory stockpiling.
We also asked firms about their supply chain, specifically how they were assessing their vendors' Y2K preparedness as well as what percentage of their vendors were not Y2K ready at the time of
the poll. We found 12 percent of large companies were verifying their business partners' Y2K readiness by conducting on-site visits. Forty-eight percent of respondents had sent out
questionnaires followed by telephone calls, 20 percent had sent out questionnaires with no telephone follow up, and 13 percent were having informal conversations with their partners about the state of their readiness. Mr. Chairman, Y2K readiness is not a topic to be relegated to the level of informal conversations.
In my face-to-face personal conversations with CIOs, many tell me they think they will be ready. But, when I ask about their partners, their eyes drift toward the floor and they say they don=t know. They cannot verify their trading partners' readiness. I am concerned that large corporations are not taking the danger of supplier failure seriously enough. Why not? Three
reasons come to mind: 1) time, there is not enough of it to verify the Y2K readiness of the supply chain, 2) expense, corporations are extended fiscally simply getting their own house in order and 3) logistics, how can they possibly manage the complexities of verifying the Y2K readiness of 1,300 other companies? Too many businesses appear to be relying heavily on trust. Companies are more rigorous when it comes to preparing routine legal contracts. In this case, we are talking about the potential for serious repercussions.
Globally speaking, supply chain readiness poses its own set of problems. While American multinational corporations may be able to exert leverage with domestic trading partners, they may have much less leverage with some of their critical supply-chain partners overseas, namely government-owned telecommunications and electrical utilities in foreign countries. Often national governments operate these services and there are few, if any, alternate commercial providers.
The supply chain, which is heavily interconnected, may seriously be affected by incomplete or no delivery of Y2K-compliant mission-critical software. Thirty-five percent of large firms said they have not received Y2K-compliant versions of mission-critical software programs from third-party vendors.
We asked respondents if any of their mission-critical systems were expected to fail or malfunction as a result of Y2K. One of the most daunting statistics from our survey was that these large firms expected 3 percent of their mission-critical systems to fail or malfunction. Again, we are talking about mission-critical systems. Some large companies, providing anything from utilities to consumer products, may not be able to provide people with the necessities they rely on like food, water and electricity. Furthermore, 3 percent of respondents said they expect major problems in their telecommunications service; and 2 percent said they expect major problems with their electrical service. So there will be problems, not widespread, but major problems nonetheless.
It is clear that not every company is going to make the January 1, 2000 deadline. There is good reason to believe that mission-critical software is not going to be delivered in time. I'd like to leave this committee with the following call to action. By September 30, 1999, organizations should be compelled to have a contingency plan in place. To help them accomplish this goal, the Senate Special Committee on the Y2K Technology Prroblem could provide answers to frequently asked questions about "How To" develop a contingency plan. This information must be made available online.
CIO magazine, ISACA and Dr. Ed Yardeni's Y2K Center will be conducting a second Y2K Experts Poll in September. At that time, it will be interesting to note the percentage of contingency plans companies have created and put into place as well as whether the mission-critical software delivery numbers change.
Thank you for the opportunity to share my testimony and the data from the Y2K Experts Poll with you.