Y2k presented at Towson University December 1998

Year 2000 Year 2000 A Reality Check and Game A Reality Check and Game

PlanPlan

Year 2000 Year 2000 A Reality Check and Game A Reality Check and Game

PlanPlan

presented bypresented by

Chaim Yudkowsky, CPAChaim Yudkowsky, CPA

410-296-6300 www.gnco.com www.byteofadvice.com

December 1, 1998 - Only 396 days!

Ed Yardeni (Chief economist for Deutsche Morgan Grenfell)

“The recession odds are now up 60% because of millennial computer failures. And there is even a chance of a depression. . . I am a Y2K alarmist.”

Singer Pat Boone

“I want to help bring Y2K to the family dinner table”

Spokesperson of the Year 2000National Educational Task Force

Who are you?

Who are you auditing? Domestic or international? PCs or mainframes? Department

– Aviation MVA– Port State Highway– Mass transit Other

What do expect to learn today?

The schedule Overview Description of the problem Y2K Statistics, risks, and myths Defining compliance Break (10-15 minutes) Plan of attack Break (10-15 minutes) Legal & Y2K Legislative and Y2K Case study (time permitting)

The calendar

December 31, 1999 - Friday January 1, 2000 - Saturday January 2, 2000 - Sunday January 3, 2000 - Monday

The Millenium Bug?

One problem or many? Storage Data entry Interpretation

Dates and more dates

Problem: 00 instead of 0000 Leap Year thing

– The Gregorian calendar (1582) The 1999 thing

– 4/9/99 (Julian calendar)– 4/21/99– 9/9/99

The 2000 thing

Dates and more dates

Two web sites for testing methodologies with long lists of dates.

www.fdic.gov/banknews/fils/1998/fil9838b.html

www.mardon-y2k.com

The Y10K problem

400 Generations Windows 98 may be fixed by then Fewer than 2,922,400 days! Almost 8,000 years of experience!

Year 2000 statistics - Overall

Loss of economic output (1998-2001): $119 billion Cost of repair in the U.S.: $500 billion (equal to cost of

Vietnam War) U.S. economic growth rate decrease in 1999: 0.3% Number of person years to fix and test: 700,000 Number of pre-1997 PCs unable to handle: 97% Number of vacancies for computer scientists and

programmers: 350,000

Year 2000 statistics - Government & Corp.

Cost to fix the IRS’ problem: $1 billion and in Aug 1998 only 44% complete

Earliest year for readiness by the Dept. of Defense’s critical systems: 2012

Of America’s largest companies:– <33% considered impact– 20% done anything– 7% have problems now

Small business (under 100 people)

Number estimated to fail because of problem - 7%

Estimated number aware of problem: 80%

Estimated number planning to address: <50%

Y2K in the recent news USA Today (11/13) - US Reaches Out to Avert

Y2K-Induced Nuclear War CNNfn (10/28) - The Newest Year 2000 Problem is

the Media– Only 2 out of 10 Northeast power utilities have made

public statements News.com (11/20) - “Of those surveyed, 16%

reported that they have already deployed Y2K remedial programs.”

Y2K in the recent news

News.com (11/13) - Bennett: SEC should report on Y2K filings

News.com (11/20) - “23 states are still planning their Year 2000 strategies . . .”

News.com (11/24) - Government scores “D” on Y2K readiness

The Sun (11/23) - Year 2000 threat not as serious as feared

Experiences - Real life

10,000 medical bills (1972) Invitation to school (1988) Emergency room abnormal blood count (1989) Swedish food wholesaler Golf Power outages - 1984 (Oregon) September 17, 1991 - brown out + telephone outage

and airports

Videotape break

December 31, 1999 @ 11:59 p.m.

Discussion of potential risks to your constituencies

What is the risk to you?

Systems that you control Systems that you rely on, but do not control

Example risk areas Information systems Manufacturing control systems Facilities Supplier / customer chain Transportation Power grid / electric continuity Communication networks

– don’t forget e-mail

Discussion of transportation system risks

Embedded chips Power and telecommunications reliance Congressional hearings and readiness

Building control systems Mechanical Electrical Utility monitoring Fire / life safety Vertical transportation Security Building automation Leak detection

Building control concerns

Access system failure Preventative maintenance shutdown Energy management system malfunction Time / date logs not functioning

Hardware and software

Hardware and the microchip (embedded systems)– Real-time clocks (RTC) & NT 4.0

Software– Quicken– even the Mac

Networking– Network operating systems

4/21/99 - GPS Rollover

Devices emit erroneous data or shut down Digital cell phones Factory machines Landing and navigational data for aircraft

and ground transportation (containers and trucks)

Customer power allotments

The myths - Part I A silver bullet exists It’s just a mainframe problem It’s just a software application problem It’s just a COBOL problem If your application is compliant - no need to

worry A fixed system will not have problems

The myths - Part II

No one outside cares No need to discuss this issue with an attorney It’s not your responsibility - it’s your business

advisor’s There’s plenty of time January 1, 2000 (or 3) will be an ordinary day The problem will not begin until 1/1/00

Compliance

Many definitions Many nomenclatures to avoid compliance

terminology– certification– conformity– approved– tested

Definition of compliance (1)

Technology . . . when used in accordance with its associated documentation, is capable of accurately processing, providing, and/or receiving, data from, into and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including leap year calculations; provided all other technology used in combination with said technology properly exchanges the date data with it. The technology itself must independently meet these requirements and the interfaces when it exchanges date data, must properly exchange date data as defined herein.

Institute of Electrical and Electronics Engineers Inc. (IEEE)

Definition of conformity (2)

Year 2000 conformity shall mean that neither performance nor functionality is affected by dates prior to, during, and after the year 2000.

UK’s IT Association

Microsoft definitions

Compliant– May have prerequisite patch or service pack for

compliance Compliant with minor issues

– . . . with some disclosed exceptions that constitute minor date issues

Data Storage and Interpretation Solutions

Four position century Key date Windowing Sliding date / encapsulation (28 year cycle) Date compression

What must be done

Have a written plan Develop a schedule Identify who is responsible for what Communicate with customers and vendors

– You must know who they are

Elements of the plan - Part 1

Awareness– get everyone’s attention– do not blame the IT people– compliance vs. triage and contingency planning

Designate someone - single point of contact– Strong institutional knowledge– Authority from the top

Elements of the plan - Part 2

Assessment– inventory of all technology including

embedded systems– identify priority– contact vendors– need proper source code for software– ownership of software

Elements of the plan - Part 3 Contact vendors / publishers / manufacturers Renovation Validation and testing

– most expensive phase / methodology– refer to web sites mentioned earlier– test prototype - not real data– for critical systems test even with letters

Elements of a plan - Part 4

Implementation of renovated systems– include a strategy for retrieval of data from

retired systems– frequent monitoring and reviewing if any new

areas must be addressed

Elements of the plan - Part 5 Anticipate contingencies Communicate

– internally – externally???

Prayer!

Videotape break

Enterprise risk and contingency planning video

To do - Remediation Upgrade off-the-shelf where appropriate Replace where appropriate Hire programmers / consultants where appropriate

– accountability and project management– outsource vs. use your staff– managing external vendors

Mitigate your risk relating to suppliers and service providers

To do - Things to think about

Consider business interruption insurance Exclusions in policies effective April 1,

1998 Contingency planning and triage

What is going on? - Disclosure

AICPA recommendations for disclosure Year 2000 and Congress for public

companies SEC requirements for disclosure for public

companies– August 4, 1998 (10K disclosures)

Banks Should you answer compliance letters?

What is going on? - Other Being forced by the consultant - liability insurance underwriting Not enough people Whole industry of topical magazines and Web sites Year 2000 warranties Statements of Year 2000 compliance Special Y2K lending by banks Accounting for costs in fixing the problem - expensed International fixes - E.U. (January 1, 1999)

Auditor questions

Is there a Y2K plan? Is it reasonable and attainable? Will there be economic impact on the

client? Does the company have adequate

resources? How vulnerable is the physical plant?

Joke

After January 1, 2000, what will all the Y2K experts be doing?

Lloyd’s of London estimates a $1 trillion litigation potential!

Litigation against whom?

Software vendors Corporate directors and officers Year 2000 consultants Breach of contract - down and up Liability against anyone

Basis for litigation Business interruption Software licensing disputes Negligence Product warranty - warranty

of merchantability Breach of express warranty Breach of implied warranty Deceptive trade practices

Litigation

Produce Palace International v. TecAmerica Corp. (POS) - product defect

Atlaz International v. SBT (accounting sw) Symantec Antivirus States suing industry (North Carolina) Anderson Consulting v. J. Baker., Inc. Issokson v. Intuit

Other legal issues

State and federal legislation Statute of limitations Reasonably how far back can it reach

Legislation

Limiting liability– Nevada, Florida, Georgia, Hawaii, Virginia

December 3 - Deadline for retroactive liability protection

Other

Year 2000 Information and Readiness Disclosure Act

Signed October 19, 1998 Retroactive protections to January 1, 1996

(December 3, 1998) “Year 2000 Readiness Disclosure” Immunity for non-fraudulent statements Limited anti-trust exemptions New written policies

Other impact

M & A– Corestates Bank

Closing down

Resources - On the web and off

Attachments Books Transportation specific Other

Top 11 reasons to do nothing (11 - 7)

You are waiting to see what happens that first morning in Australia and will then respond if it is a problem.

You’re planning to retire next year. You want to surprise the stockholders. January 1, 2000 falls on a Saturday - you’ll have lots of

time over the weekend. Government will pass legislation to roll back the clock to

1900.

Top 11 reasons to do nothing (6 - 1)

You don’t have a budget. You believe in the Tooth Fairy. Bill Gates will solve it. Nostradamus never mentioned this problem. Your multimillion-dollar company doesn’t rely on

computers. You’re already in Chapter 11.

Case study discussion

BWI Airport– How would you inform management about

what needs to be done?– What are the things that can go wrong?– How would you do (task descriptions)?– What priorities would you give?– What would be some of your contingency

plans?

Video short

Remember . . .

1. Do something now.2. Avoid analysis paralysis.3. Expect for the week of January 1, 2000 to be busy.4. “There will be plenty of work after January 1.”

Questions?