Year 2000 Year 2000 A Reality Check and A Reality Check and Game Plan Game Plan presented by presented by Chaim Yudkowsky, CPA Chaim Yudkowsky, CPA 410-296-6300 www.gnco.com www.byteofadvice.co December 1, 1998 - Only 396 days!
Nov 18, 2014
Year 2000 Year 2000 A Reality Check and Game A Reality Check and Game
PlanPlan
Year 2000 Year 2000 A Reality Check and Game A Reality Check and Game
PlanPlan
presented bypresented by
Chaim Yudkowsky, CPAChaim Yudkowsky, CPA
410-296-6300 www.gnco.com www.byteofadvice.com
December 1, 1998 - Only 396 days!
Ed Yardeni (Chief economist for Deutsche Morgan Grenfell)
“The recession odds are now up 60% because of millennial computer failures. And there is even a chance of a depression. . . I am a Y2K alarmist.”
Singer Pat Boone
“I want to help bring Y2K to the family dinner table”
Spokesperson of the Year 2000National Educational Task Force
Who are you?
Who are you auditing? Domestic or international? PCs or mainframes? Department
– Aviation MVA– Port State Highway– Mass transit Other
What do expect to learn today?
The schedule Overview Description of the problem Y2K Statistics, risks, and myths Defining compliance Break (10-15 minutes) Plan of attack Break (10-15 minutes) Legal & Y2K Legislative and Y2K Case study (time permitting)
The calendar
December 31, 1999 - Friday January 1, 2000 - Saturday January 2, 2000 - Sunday January 3, 2000 - Monday
The Millenium Bug?
One problem or many? Storage Data entry Interpretation
Dates and more dates
Problem: 00 instead of 0000 Leap Year thing
– The Gregorian calendar (1582) The 1999 thing
– 4/9/99 (Julian calendar)– 4/21/99– 9/9/99
The 2000 thing
Dates and more dates
Two web sites for testing methodologies with long lists of dates.
www.fdic.gov/banknews/fils/1998/fil9838b.html
www.mardon-y2k.com
The Y10K problem
400 Generations Windows 98 may be fixed by then Fewer than 2,922,400 days! Almost 8,000 years of experience!
Year 2000 statistics - Overall
Loss of economic output (1998-2001): $119 billion Cost of repair in the U.S.: $500 billion (equal to cost of
Vietnam War) U.S. economic growth rate decrease in 1999: 0.3% Number of person years to fix and test: 700,000 Number of pre-1997 PCs unable to handle: 97% Number of vacancies for computer scientists and
programmers: 350,000
Year 2000 statistics - Government & Corp.
Cost to fix the IRS’ problem: $1 billion and in Aug 1998 only 44% complete
Earliest year for readiness by the Dept. of Defense’s critical systems: 2012
Of America’s largest companies:– <33% considered impact– 20% done anything– 7% have problems now
Small business (under 100 people)
Number estimated to fail because of problem - 7%
Estimated number aware of problem: 80%
Estimated number planning to address: <50%
Y2K in the recent news USA Today (11/13) - US Reaches Out to Avert
Y2K-Induced Nuclear War CNNfn (10/28) - The Newest Year 2000 Problem is
the Media– Only 2 out of 10 Northeast power utilities have made
public statements News.com (11/20) - “Of those surveyed, 16%
reported that they have already deployed Y2K remedial programs.”
Y2K in the recent news
News.com (11/13) - Bennett: SEC should report on Y2K filings
News.com (11/20) - “23 states are still planning their Year 2000 strategies . . .”
News.com (11/24) - Government scores “D” on Y2K readiness
The Sun (11/23) - Year 2000 threat not as serious as feared
Experiences - Real life
10,000 medical bills (1972) Invitation to school (1988) Emergency room abnormal blood count (1989) Swedish food wholesaler Golf Power outages - 1984 (Oregon) September 17, 1991 - brown out + telephone outage
and airports
Videotape break
December 31, 1999 @ 11:59 p.m.
Discussion of potential risks to your constituencies
What is the risk to you?
Systems that you control Systems that you rely on, but do not control
Example risk areas Information systems Manufacturing control systems Facilities Supplier / customer chain Transportation Power grid / electric continuity Communication networks
– don’t forget e-mail
Discussion of transportation system risks
Embedded chips Power and telecommunications reliance Congressional hearings and readiness
Building control systems Mechanical Electrical Utility monitoring Fire / life safety Vertical transportation Security Building automation Leak detection
Building control concerns
Access system failure Preventative maintenance shutdown Energy management system malfunction Time / date logs not functioning
Hardware and software
Hardware and the microchip (embedded systems)– Real-time clocks (RTC) & NT 4.0
Software– Quicken– even the Mac
Networking– Network operating systems
4/21/99 - GPS Rollover
Devices emit erroneous data or shut down Digital cell phones Factory machines Landing and navigational data for aircraft
and ground transportation (containers and trucks)
Customer power allotments
The myths - Part I A silver bullet exists It’s just a mainframe problem It’s just a software application problem It’s just a COBOL problem If your application is compliant - no need to
worry A fixed system will not have problems
The myths - Part II
No one outside cares No need to discuss this issue with an attorney It’s not your responsibility - it’s your business
advisor’s There’s plenty of time January 1, 2000 (or 3) will be an ordinary day The problem will not begin until 1/1/00
Compliance
Many definitions Many nomenclatures to avoid compliance
terminology– certification– conformity– approved– tested
Definition of compliance (1)
Technology . . . when used in accordance with its associated documentation, is capable of accurately processing, providing, and/or receiving, data from, into and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including leap year calculations; provided all other technology used in combination with said technology properly exchanges the date data with it. The technology itself must independently meet these requirements and the interfaces when it exchanges date data, must properly exchange date data as defined herein.
Institute of Electrical and Electronics Engineers Inc. (IEEE)
Definition of conformity (2)
Year 2000 conformity shall mean that neither performance nor functionality is affected by dates prior to, during, and after the year 2000.
UK’s IT Association
Microsoft definitions
Compliant– May have prerequisite patch or service pack for
compliance Compliant with minor issues
– . . . with some disclosed exceptions that constitute minor date issues
Data Storage and Interpretation Solutions
Four position century Key date Windowing Sliding date / encapsulation (28 year cycle) Date compression
What must be done
Have a written plan Develop a schedule Identify who is responsible for what Communicate with customers and vendors
– You must know who they are
Elements of the plan - Part 1
Awareness– get everyone’s attention– do not blame the IT people– compliance vs. triage and contingency planning
Designate someone - single point of contact– Strong institutional knowledge– Authority from the top
Elements of the plan - Part 2
Assessment– inventory of all technology including
embedded systems– identify priority– contact vendors– need proper source code for software– ownership of software
Elements of the plan - Part 3 Contact vendors / publishers / manufacturers Renovation Validation and testing
– most expensive phase / methodology– refer to web sites mentioned earlier– test prototype - not real data– for critical systems test even with letters
Elements of a plan - Part 4
Implementation of renovated systems– include a strategy for retrieval of data from
retired systems– frequent monitoring and reviewing if any new
areas must be addressed
Elements of the plan - Part 5 Anticipate contingencies Communicate
– internally – externally???
Prayer!
Videotape break
Enterprise risk and contingency planning video
To do - Remediation Upgrade off-the-shelf where appropriate Replace where appropriate Hire programmers / consultants where appropriate
– accountability and project management– outsource vs. use your staff– managing external vendors
Mitigate your risk relating to suppliers and service providers
To do - Things to think about
Consider business interruption insurance Exclusions in policies effective April 1,
1998 Contingency planning and triage
What is going on? - Disclosure
AICPA recommendations for disclosure Year 2000 and Congress for public
companies SEC requirements for disclosure for public
companies– August 4, 1998 (10K disclosures)
Banks Should you answer compliance letters?
What is going on? - Other Being forced by the consultant - liability insurance underwriting Not enough people Whole industry of topical magazines and Web sites Year 2000 warranties Statements of Year 2000 compliance Special Y2K lending by banks Accounting for costs in fixing the problem - expensed International fixes - E.U. (January 1, 1999)
Auditor questions
Is there a Y2K plan? Is it reasonable and attainable? Will there be economic impact on the
client? Does the company have adequate
resources? How vulnerable is the physical plant?
Joke
After January 1, 2000, what will all the Y2K experts be doing?
Lloyd’s of London estimates a $1 trillion litigation potential!
Litigation against whom?
Software vendors Corporate directors and officers Year 2000 consultants Breach of contract - down and up Liability against anyone
Basis for litigation Business interruption Software licensing disputes Negligence Product warranty - warranty
of merchantability Breach of express warranty Breach of implied warranty Deceptive trade practices
Litigation
Produce Palace International v. TecAmerica Corp. (POS) - product defect
Atlaz International v. SBT (accounting sw) Symantec Antivirus States suing industry (North Carolina) Anderson Consulting v. J. Baker., Inc. Issokson v. Intuit
Other legal issues
State and federal legislation Statute of limitations Reasonably how far back can it reach
Legislation
Limiting liability– Nevada, Florida, Georgia, Hawaii, Virginia
December 3 - Deadline for retroactive liability protection
Other
Year 2000 Information and Readiness Disclosure Act
Signed October 19, 1998 Retroactive protections to January 1, 1996
(December 3, 1998) “Year 2000 Readiness Disclosure” Immunity for non-fraudulent statements Limited anti-trust exemptions New written policies
Other impact
M & A– Corestates Bank
Closing down
Resources - On the web and off
Attachments Books Transportation specific Other
Top 11 reasons to do nothing (11 - 7)
You are waiting to see what happens that first morning in Australia and will then respond if it is a problem.
You’re planning to retire next year. You want to surprise the stockholders. January 1, 2000 falls on a Saturday - you’ll have lots of
time over the weekend. Government will pass legislation to roll back the clock to
1900.
Top 11 reasons to do nothing (6 - 1)
You don’t have a budget. You believe in the Tooth Fairy. Bill Gates will solve it. Nostradamus never mentioned this problem. Your multimillion-dollar company doesn’t rely on
computers. You’re already in Chapter 11.
Case study discussion
BWI Airport– How would you inform management about
what needs to be done?– What are the things that can go wrong?– How would you do (task descriptions)?– What priorities would you give?– What would be some of your contingency
plans?
Video short
Remember . . .
1. Do something now.2. Avoid analysis paralysis.3. Expect for the week of January 1, 2000 to be busy.4. “There will be plenty of work after January 1.”
Questions?