Business 100 Day Senate Report Part One : LUSENET : TimeBomb 2000 (Y2000) : One Thread





This section addresses business issues in two general categories: small and medium-sized enterprises (SMEs) and global corporations. Following these general categories, the specific industries of food and chemical manufacturing are addressed. Both of these specific industries have an obvious importance to the public's health, welfare, and well-being.


Background and Vulnerabilities

The Y2K preparations made by small-and medium-sized businesses

(SMEs) continue to lag. These entities generally do not have the resources available to devote large efforts towards addressing Y2K. However, when small businesses are compared with medium-sized ones, small businesses are generally in a better position to deal with problems they may encounter from Y2K, while medium-sized businesses are more likely to find themselves in difficulty.

Small firms make two indispensable contributions to the American economy: 1

First, they are an integral part of the renewal process that pervades and defines market economies. New and small firms play a crucial role in experimentation and innovation, which leads to technological change and productivity growth. In short, small firms are about change and competition because they change market structure. The U. S. economy is a dynamic organization always in the process of becoming, rather than an established one that has arrived.

Second, small firms are the essential mechanism by which millions enter the economic and social mainstream of American society. Small business is the vehicle by which millions access the American dream by creating opportunities for women, minorities and immigrants. The Small Business Administration (SBA) defines SMEs as those businesses with fewer than 500 employees. In 1995, there were 4,665,040 SMEs according to SBA statistics. 2 Between 1992 and 1996, 11.18 million new jobs were created. All of the net new jobs came from firms with fewer than 500 employees. Large firms with more than 500 employees posted a net loss of about 643,000 jobs. 3 SMEs employ 53% of the nation's private work force, contribute 47% of all sales in the country, and are responsible for 51% of the private gross domestic product.

It becomes abundantly clear that SMEs' Y2K preparedness, as well as their business continuity and contingency planning efforts, are extremely important and cannot be overlooked. SMEs play a key role as links in the supply chains upon which big business depends. In economies that run on such tight and long supply chains, the weakening of one or more links weakens the whole chain.

American business has developed and adopted just-in-time inventory as the standard. Lean manufacturing is central to the success of most large, complex factory operations. Precision farming has led to increased production with fewer resources. The supply chain from raw material/ basic ingredient production/ provider, to preliminary processing, to manufacturer, to distributor, to wholesaler or retailer, and ultimately to final customer, has become ever tighter. The ripple effect from a problem at any point in this chain can be felt throughout the length of the chain.

Due to the interdependency of businesses, prudent businesses are placing a strong emphasis on their Y2K exposure through business partners and supply chains. As supplier and partner assessments of the risks they bring are completed, a flight to quality is emerging. A large number of small business failures are attributable to management deficiencies. The Y2K problem may highlight this research finding. Despite news stories, speeches, conferences, hearings, and the like, available evidence indicates that millions of small businesses in the United States are ill prepared for the anticipated Y2K problems.

Some industries are composed of predominantly small companies, and the consequence of an accident can be disastrous. One such industry is the chemical industry. This industry has a large number of SMEs that often manufacture and handle "designer" or "specialty" chemicals. Due to the risk within this industry, and the fact that there are many thousands of SMEs involved, special attention must be paid to this industry and its Y2K efforts. More details are provided on the chemical industry later in this section of the report.



What is Being Done?

In efforts to move SMEs to action and to provide assistance, the federal government has developed outreach programs by the SBA, the U. S. Department of Agriculture (USDA), and the Manufacturing Extension Partnership of the National Institute of Standards and Technology in the Department of Commerce (DOC). These outreach efforts have included the development of a small business Y2K Help Center hotline for Small Business (1-800-Y2K-7557) and a Y2K Jump Start Kit (http:// y2khelp. nist. gov/ tool. nsf).

The Y2K Help Center for Small Business has hours between 8: 00 a. m. and 8: 00 p. m. Eastern Time, Monday through Friday. It provides free help in the areas of Y2K Self Help-Tool (the tool is included in the JumpStart kit) technical assistance and sources of Y2K Compliance information. In addition to its toll free number, the center can be reached by email at y2khelp@ nist. gov. An analyst will respond with a follow-up call within one business day. 4

The "Conversion 2000: Y2K JumpStart Kit" contains everything one need to jumpstart a Year 2000 project. Three different versions of the kit are available for downloading: a Microsoft Access version for users with Microsoft Access 97; a Microsoft Access version for users of Windows 95 or Windows 98 without Microsoft Access; and a Microsoft Excel version for users with Microsoft Excel.

The President's Y2K Council provides outreach through the Small Business, International Trade, and Food Supply Working Groups (FSWG). Details regarding the efforts of the FSWG can be found later in this section. In addition to the SBA's outreach efforts, the agency is in the process of finalizing a Contingency Planning Guide that leverages the excellent products of the Pennsylvania Y2K office.

The President's Y2K Council sponsored its second National Small Business Action Week during the week of March 29­ April 2. Every SBA district office committed to at least one outreach event. In addition, the USDA and the DOC joined the SBA to help organize and train core Y2K teams for each state. The main purpose of these events was to help business owners assess how their businesses might be impacted by Y2K problems and to develop strategies for remediation, testing, and contingency planning.

Congress passed the Y2K Act, which is intended to encourage Y2K remediation instead of Y2K litigation by providing modest limitations on Y2K liability. It was signed into law on July 20, 1999 (Public Law Number 106-37). Among other things, the Act provides for a cap on punitive damages for individuals and small businesses (50 employees or fewer). The cap is the lesser of three times compensatory damages or $250,000, and the cap does not apply if the defendant acted with specific intent to injure the plaintiff. More details about the Act are contained in the Litigation section of this report.

More directly targeted at SMEs is the Small Business Year 2000 Readiness Act, which authorizes the SBA to provide Y2K loan guarantees that address two issues: 1) funds needed to purchase the systems, software, and services they need to become Y2K compliant, and 2) funds to assist small businesses that suffer economic injury as a result of the Y2K problem. This Act was signed into law on April 2, 1999 (Public Law Number 106-8). Further details are discussed in the Legislative Activities appendix of this report.

At the Committee's request, the Chemical Safety and Hazard Board issued a report on Y2K and the chemical industry in March 1999. In May, the Committee held a field hearing in New Jersey on the issue. In view of continuing concerns, on August 6 the Committee sent the President's Y2K Council a letter strongly recommending the convention of a Chemical Sector Summit. The Council held a Chemical Roundtable during September 1999 to address Y2K issues.

A list of very informative related Y2K WWW sites is provided as an appendix to this report, Appendix IV. Each site has a short description of its primary focus.


Industry associations with large company membership almost uniformly assert that their members will be ready. They indicate that the majority of their members are now in the process of developing business continuity and contingency plans as well as addressing supply chain and business partner risks.

A March 1999 National Association of Manufacturers (NAM)

Small Manufacturers Operating Survey, which had more than 1,700 responses, found that more than 55% had completed preparing their in-house accounting systems, design and control functions, and shop systems; 52% of small manufacturers were in the process of developing contingency plans; 40% did not think there is a need for a contingency plan; 83% do not plan on stocking additional inventory prior to December 31 in preparation for possible disruptions; and 77% are communicating their Y2K readiness to vendors, suppliers, and the public.

One of the best barometers of small business activity aimed at meeting the Y2K challenge is the National Federation of Independent Businesses (NFIB)/ Wells Fargo Bank study. Its basis is data collected from a national small business sample. The most recent, third report looked at data collected between mid-April and mid-May of 1999. That time interval is almost exactly one year after data collection for the first report, and six months after data collection for the second. As a result, it is possible to track the evolution of small business preparedness for Y2K over the last year. 5


Small business Y2K preparations are a dynamic process; the figures presented in these reports are constantly changing. Fortunately, the dynamic appears consistent over time, so reasonable projections from the data can accurately portray the current condition of small business owner preparation for Y2K.

The chart in Figure 1 shows the steady change in Y2K awareness by those small employers with direct exposure. The number of employers in the study with direct exposure has not changed, as expected. As the chart shows, an estimated 95% of all small employers are somewhat or very aware of Y2K. When those with direct exposure are the focus, the percentage rises to 97%; however, the percentage that is very aware rose to 5%. Therefore, awareness within the small business community does not appear to explain why it is still lagging in Y2K efforts.

According to the third NFIB/ Wells Fargo survey and report, at least 18% of all small employers directly exposed to the problem will not be prepared for Y2K if trends continue. Of those that have fixed their Y2K problems, more than two-thirds of the respondents incurred costs less than $5,000. Six percent of those surveyed reported having already experienced one or more Y2K-related malfunctions in 1999. Five out of six small businesses have some direct Y2K exposure, and 28% of those plan not to take any action. Although awareness appears to be at a high level, 97%, awareness outreach efforts are still needed and should focus on three areas:

1. many do not believe Y2K is a problem that must be addressed;

2. many do not know how to detect and resolve potential problems; and

3. many believe that costs are significant, or at least greater than the benefits.

The author of the report notes that, "suspicion rather than resources seemed to be the primary generic motivation for inaction." 6 The chart in Figure 2 shows the Y2K readiness of directly-exposed employers.

This lack of Y2K preparedness is not just an American problem. On a broader scale, it is found universally in developed countries. For example, a study released on September 6, 1999, by Novell revealed that 26% of Europe's small businesses are not ready for Y2K! Information technology managers at 1,035 companies, each with between 10 and 99 employees, in eight countries participated in a June telephone information survey that supported the study. More than 70% of respondents believed the Y2K problem would simply result in minor disruptions. Countries with small businesses lagging furthest behind are France, Poland, and Norway. 7


Largely domestic businesses will be okay, while small and medium-sized companies will see some in their ranks experience business failures.

Due to the interconnectedness of today's businesses, it is very likely that the failure of SMEs will have a ripple effect through the supply chain that will affect their bigger business partners. Those with critical international partnerships and suppliers are more likely to have disruptions caused by those relationships.

In addition to consumer purchases of additional household items in preparation for Y2K, businesses, as part of their business continuity and contingency plans, will acquire additional supplies. The markets will probably have difficulty meeting this increased demand, particularly if it all occurs during the last couple months of 1999. Furthermore, vacant storage facilities will become a scarce commodity.

As businesses have moved to just-in-time inventory and lean manufacturing processes, they have benefited from the reduced storage requirement. The result of this stocking up at the end of the year will lead to an oversupply in inventories in the first quarter of next year that will likely slow the economy.

A June study in the United Kingdom found that 60% of the business respondents admitted they were already stockpiling due to their fears of disruptions.

There is still time for SMEs to take action, but the majority of these firms that have decided not to take action will probably not change their position. Special attention must be paid to the chemical industry, especially the small-and medium-sized companies. Coordination of contingency plans with local emergency response organizations and surrounding communities is key.


Despite the SBA's efforts and some $10 million dollars spent, Y2K testing weaknesses increase the risk that SBA's mission-critical systems are not yet Y2K ready. Key business processes were not specifically tested. Systems acceptance tests are incomplete. There has been no independent validation of SBA mission-critical systems' testing and these systems have not been certified as being Y2K ready. Finally, its approach to end-to-end testing is inadequate. This leads to the concern that the SBA lacks reasonable assurance that its systems will function correctly and adequately support its key business areas and functions in 2000 and beyond for more than 490,000 small businesses nationally that use its services. 8

The Committee is also concerned that SMEs taking the wait-and-see approach may end up being the weak link in a supply chain if it experiences Y2K problems. High consequence industries must continue to bring resources to bear to identify these risks and take appropriate action to further mitigate them.


Background and Vulnerabilities

Although large, global corporations and businesses are generally well prepared domestically, market and legal pressures continue to drive their Y2K decisions. They appear to be well into the business continuity and contingency planning process. Risks and vulnerabilities still lie in the interconnectedness and interdependency of business and industry just-in-time inventories and lean-manufacturing processes. Dr. Ed Yardeni, chief economist at Deutsche Morgan Grenfell, noted "The biggest companies, while most prepared, are also the most vulnerable to the weaker links in the global supply chain." 9 In response to this vulnerability, global corporations are spending significant resources and taking prudent actions to address supply chain and business partner Y2K risk. It is the Committee's understanding that many global corporations have already had to make or are making difficult supply chain and business partner decisions. Most often these decisions are made as business continuity and contingency planning efforts move forward. An August 1999 survey found that among major corporations 36% are "very likely" to stop doing business with product and service suppliers assessed as non-Y2K compliant. This percentage represented an increase of 41% since May 1999. 10

In the second half of the 20 th century, international businessÐ the process of conducting business across national boundariesÐ has become an important economic force. Today few, if any, countries are economically self-sufficient. Global corporations (also referred to as multinational or transnational corporations) are the principal participants in international business.

Global corporations are for-profit enterprises (public or private) that engage in enough business activities­ including sales, distribution, extraction, manufacturing, and research and developmentÐ outside the country of origin to make them financially dependent on operations in two or more countries, and whose management decisions are made based on regional or global alternatives.

While still maintaining a domestic identity and a central office in a particular country, global corporations aim to maximize profits on a worldwide basis. The corporation is so large and extended that it may be outside the control of a single government. Besides subsidiaries, a global corporation may have joint ventures with individual companies, either in its home country or foreign countries.

Global corporations are among the world's biggest economic institutions. A rough estimate suggests that the 300 largest global corporations own or control at least one-quarter of the entire world's productive assets. Global corporations' total annual sales are comparable to or greater than the yearly gross domestic product of most countries. Though based predominantly in Western Europe, North America, and Japan, global corporations' operations span the globe.

Global corporations face many of the same issues as domestic companies. These include maximizing profits, meeting customer demands, and adapting to technological change. In addition, global corporations must stay current with trends and events in the various countries where they operate.

Over the past 25 years, global corporations have proliferated. In 1970, there were some 7,000 parent global corporations, while today that number has jumped to 38,000. Ninety percent are based in the industrialized world and control over 207,000 foreign subsidiaries. Since the early 1990s, these subsidiaries' global sales have surpassed worldwide trade exports as the principal vehicle to deliver goods and services to foreign markets.

The large number of global corporations can be somewhat misleading, however, because the wealth of global corporations is concentrated among the top 100 firms (see Figure 3 for the 25 largest US Multinationals). In 1992, those 100 firms had $3.4 trillion in global assets, of which approximately $1.3 trillion was held outside their home countries.

What is Being Done?

The Committee continues to hold hearings that are focused on industry sectors and stimulating action. These hearings investigate businesses large and small, global and domestic across all industries. During the 106 th Congress, the Com-mittee has held four hearings in under the general businesses sector. Two hearings focused on the food supply sector: one in February and one in March. A field hearing in May focused on the chemical industry. And finally, a July hearing addressed global corporations and the exposure they face due to their supply and business partners particularly those abroad.

The President's Y2K Council continues related outreach efforts through the International Trade and Food Supply Working Groups. The International Trade Working Group is lead by the Department of Commerce. At the time of the Special Y2K Committee's July 1999 hearing, Department of Commerce was in the process of conducting an assessment of the economic impact of Y2K on the global economy. The Committee had hoped, fruitlessly, that the assessment would have been completed prior to its publishing this report. The activities of the Food Supply Working Group (FSWG) are discussed in its own subsection below.

As discussed in the small business subsection, legislative activity included the passage of the Y2K Act. Related to this Act is the Year 2000 Information Readiness and Disclosure Act, Public Law No. 105- 271, which was passed late during the last Congress. That Act provided a basic level of protection for Y2K ­ statements made in good faith.

The CRASH Protection Act of 1997 (S. 1518, 105 th Congress) pressured the Securities and Exchange Commission (SEC) to require more meaningful Y2K corporate disclosure to shareholders. However, despite the SEC rule requiring Y2K disclosure of public corporations, companies are reluctant to report compliance levels primarily because they fear litigation or ceding a competitive advantage. In August 1999, the SEC fined nine investment entities for failure to adequately disclose Y2K readiness information.


Industry associations with large company membership almost uniformly assess that their members will be ready. They indicate that the majority are now in the process of developing business continuity and contingency plans in addition to addressing the external risk they face from business and supply partners, both foreign and domestic.

Merrill Lynch, in a July 1999 special report, two points that bear mentioning. Firstly, "Y2K has largely disappeared from the radar screens of most of the U. S. corporations we track." Secondly, "many companies, however, have expressed concern about their ability to remain compliant with global counterparts around the world: compliance in the U. S. can be easily compromised by noncompliance in other countries. Funds flow are an especially critical focal point." 11

Great preparatory strides have been made throughout many U. S. industry sectors over the last nine months. Nonetheless, these strides have not carried any organizations, companies, or corporations far enough that complacency can be allowed to set in. Much work remains, particularly in the area of addressing external risks and contingencies. There are far two many uncertainties and complex interdependencies that exist keeping risk looming over everyone.



Gary Beach, CIO Magazine Publisher, with Dr. Ed Yardeni's Y2K Center and the Information Systems Audit and Control Association (ISACA) jointly conducted a Y2K Experts Poll in June 1999. Over half of the 892 poll respondents represented large, U. S.-based corporations. A number of the polls finding were quite revealing. On average these large corporations had 1,300 partners or suppliers interconnected, worldwide. It is clear that examining the risk exposure due to over a thousand partners/ suppliers is no simple task.

More disconcerting is the fact that almost one in ten respondents admitted "they will not complete their Y2K work until the Year 2000 or beyond." A full 33% were not meeting their schedule. On average, 3% of large firms' mission-critical systems are expected to fail or malfunction. Thirty-five percent of large firms said they were still waiting for third-party vendors to provide Y2K-compliant versions of mission-critical programs. 12 Yes, several months have passed since the data was collected for this analysis and progress has likely been made in these areas. However, it is clear there is still much work that remains.

Underscoring the findings of the June Y2K Experts Poll, an August CapGemini poll found that 48% of U. S. major corporations expect all of their critical systems to be prepared for the Year 2000. Given the expectation that many critical systems will be fixed after January 1, 2000, business continuity and contingency plans gain additional importance. Large numbers of large, global corporations are establishing Y2K management centers to handle consequence management issues. This same survey indicated that over 95% of respondents plan on setting up such centers. 13


Due to the interconnectedness of today's businesses, it is very likely that the failure of small and medium-sized businesses will have a ripple effect through the supply chain that will affect bigger business partners. Those with critical international partnerships and suppliers are more likely to have disruptions caused by those relationships.

A flood of lawsuits is a real possibility given the litigious nature of our society and the complexities of successfully addressing Y2K. In addition to consumer purchases of additional household items in preparation for Y2K, businesses, as part of their business continuity and contingency plans, will acquire additional supplies. The markets may have difficulty meeting this increased demand, particularly if it all occurs during the last couple months of 1999. Again, these preparatory actions could in aggregate cause shortages of some items if they occur in a short period of time. Furthermore, vacant storage facilities will become a scarce commodity. As businesses have moved to just-in-time inventory and lean manufacturing processes, they have benefited from reduced storage requirements. The result of this stocking-up at the end of the year will lead to an over-supply in inventories in the first quarter of next year that will slow the economy.

Significant progress has been made by businesses; some experts who had previously predicted an economic recession have reassessed the Y2K landscape. Now, they forecast an economic slowdown. For example, Merrill Lynch concludes that their survey data indicates that, "based on factual evidence, the risk of serious economic dislocation from Y2K non-compliance is diminishing." The data shows that on average the GDP impact could be as great as 0.25% each quarter. 14

"... should a large number of companies want to hold even a few extra days of inventories, the necessary, albeit temporary, increase in production (or imports) to accommodate such a stock building could be quite large. Bottlenecks could develop, and market pressure could ensue." --ALAN GREENSPAN, FEDERAL RESERVE CHAIRMAN


Although the presence global corporations have in foreign countries have caused them to make outreach efforts to high risk countries as they watch out for their own self-interest, some foreign countries that are vitally important to global corporations are likely to have critical­ failures. The Committee is concerned about how those failures will manifest themselves within U. S. global corporations, the world economy, the U. S. economy, and ultimately impact the consumer.

The Committee is concerned about temporary fixes to Y2K problems that have been made to 'survive' the actual date transition and system specific date horizons. Many large corporations, as well as numerous federal agencies, performed a triage process to identify their mission-critical systems. Subsequently, they identified the type of solution that they would use to solve any Y2K problems identified in mission-critical systems.

"There is significant potential for cascading failures in global corporations which have interdependent parts that span multiple borders."


Those solutions ranged from permanent solutions, using date expansion, to temporary ones, using some type of sliding or fixed windowing. Those that performed temporary fixes must have a process for tracking the time at which the fix will no longer work. Many are hoping that the systems will be replaced prior to that time and/ or they will retire before that time and it will be someone else's problem. To some extent, this is how Y2K got to be such a major problem in the first place. Another output of a triage approach to Y2K is a list of non-mission critical systems. Companies and organizations are finding that systems they had believed to be non-mission critical actually interfaced with a critical system. After assessing the interdependency of the two systems, often they have found the system originally classified as non-mission critical actually was critical by virtue of its interconnection. The Committee is concerned about the possible number of mission-critical systems that were incorrectly identified as non-mission critical and have yet to be remediated, tested, and implemented.

The issue of bad actors having breached security during Y2K remediation is of growing Committee concern. The Gartner Group predicts that Year 2000 remediation activities will cause security lapses that allow at least one publicly reported electronic theft by 2004 in excess of $1 billion. 15 The issue of information assurance and computer security is a growth area for the next millennium.

Corporate Y2K disclosures are less forthcoming than they should be. Corporations have expressed numerous reasons for not providing full disclosure. Some claim that it is a competitive advantage issue. Others, that Y2K is material to the business and thus does not require detailed reporting. Still others express concern over legal liabilities. The list goes on.

Most global corporations are heavily engaged in continuity of operation and contingency planning activities as they further their Y2K preparations. The Committee is increasingly concerned with the lack of coordination of these contingency plans externally with other stakeholders within industries. Furthermore, if there may be a need for emergency responders that may have to react in the event the need arises for contingency implementation, they must be familiar with contingency plans and their key assumptions. This lack of coordination could result in sufficiently large numbers of organizations or companies planning on a particular alternative support/ supply source such that the source could never meet the demand if it was called upon.

During the Committee's July 22, hearing on global Corporations, the Department of State Inspector General highlighted a Committee concern. She noted that in 1998, the U. S. accounted for almost 13% of over $5 trillion in total world trade. Addressing the possible impact of Y2K on world trade, she said, "our assessments suggest that the global community is likely to experience varying degrees of Y2K-related failures in every sector, in every region, and at every economic level." 16

Coordinated, realistic, tested, contingency and continuity of operations plans are key to ameliorating the situation.

-- Brian (, September 23, 1999


I have compiled the Senate Report (links below), please use the link;

*****Senate 100 Day Report in HTML*****  Home Page (TB 2000)

to communicate the report to others. This is a very important document for all folks. Please link it, Email it or print out sections for others to read.


Brian Henderson

 Y2K in Canada and Beyond

Senate Report

*****Senate 100 Day Report in HTML*****  Home Page (TB 2000)

Executive Summary of 100 day report

 Business 100 Day Senate Report Part One

 Business 100 Day Senate Report Part Two

 Financial Services 100 Day Senate Report

 Transportation 100 Day Senate Report

 Telecommunications 100 Day Senate Report

 Health Care 100 Day Senate Report

 Utilities 100 Day report

 International 100 Day Senate Report Part One

 International 100 Day Senate Report Part Two

 Preparedness 100 Day Senate Report

Senate Y2K Committee 100 Day report  Senate Report Home Page (PDF)

-- Brian (, September 23, 1999.

Moderation questions? read the FAQ