Y2K-ARE WE READY TO MEET THE CHALLENGE?

Cover Story Y2K-ARE WE READY TO MEET THE CHALLENGE? Y2K compliance is mandatory

Due to paucity of time now the only recourse is to work on contingency plans

By SHABBIR H. KAZMI
August 23 - 29, 1999

There may be reasonable comfort that listed companies are 'plugged on' in their internal critical system for year 2000 (Y2K) compliance. Every one seems to be taking care of its 'own shop' and relying on others to do their part. However, the real concern is that many companies will be affected or disconnected from global access in the year 2000. The most affected group, due to non-compliance, will be the poorly funded government entities and the small and medium size enterprises.

The most significant issue is the concern over public sector readiness specifically the power generation, transmission and distribution entities working in the public sector. The ongoing financial problems could have other knock-on effects, given the interconnection of electricity generation, transmission and distribution companies and consumers. On paper, it is inconceivable that critical systems are not checked and tested. The key issue for these complex organizations is whether sufficient time and resources have been put into weeding out embedded chips in the older plants to prevent unforeseen glitches.

The Issue

The transition to the year 2000 could potentially affect any computer system or software application that uses date-related data. The issue refers to the fact that some computer systems store the year portion of dates in two-digit — identifying '1997' as '97'. It was common practice years ago for programmers to use this approach because it conserved costly memory space.

The two-digit system will work fine until a change in the century. Then computers or other electronic devices programmed or designed in the above mentioned manner could misinterpret the digits '00' to mean the year is 1900 rather than 2000. Some systems also might not recognize year 2000 as a leap year or may not be able to transition properly from February 28 to February 29 and to March 1, 2000.

To ensure comparability of Y2K readiness, the users of computer based equipment need to focus on four key issues:

1) the level awareness and commitment,

2) the implementation progress,

3) the extent of internal and external testing,

4) the availability of contingency plans,

The commitment of government and regulators in ensuring Y2K compliance will play a vital role. For example Singapore and Hong Kong stand out as being clearly ahead of the game. These are also the only two Asian countries which have been given the 'green' rating by the 'Global 2000 Coordinating Group' for their high level of public information and progress towards Y2K compliance in six major sectors:

1- financial services

2- clearing and settlement

3- transport

4- telecommunication

5- basic utilities

6- government entities

 

GETTING STARTED

Preparing to Y2K should be a high priority for any business. It will have a broad impact on business operations affecting every thing from simple processing of data and security system to payroll and billing — including interface with suppliers and customers.

If one is just getting started, it is necessary to turn to other resources for information and assistance in developing a Y2K strategy. Organizations within and outside the country are willing to share their knowledge. Since the impacts are far-reaching no company can work in isolation. Some of resources for possible assistance are:

* computer hardware and software sellers

* major customers and suppliers

* companies known to be leaders in their Y2K
        preparations,

* trade organizations,

* industry groups focused on Y2K issue,

* government agencies,

* external consultants

If any one has not begun Y2K preparations as yet the first step is to evaluate and assess the risks and allocate budget for updating the systems. The second step is to reduce the risk by updating the systems and testing the updated hardware and software. The third step is to prepare and test contingency plans.

 

PREPARING PCs AND NETWORK

It is important to ensure that PCs and network are ready for Y2K. It requires four steps to be followed.

1) identify all PCs and network components including hardware operating system, network operating system and all other software,

2) check all of the components for Y2K capability,

3) update the components that are not Y2K capable,

4) test updated components and the networked PC system as a whole

Testing updated system is the most time and resource-intensive. The purpose is to ensure that hardware, including those which have been updated, are Y2K capable individually and as an integrated system. A number of precautions should be taken before testing. These are:

* before beginning the test, prepare back up of all
        software applications including operating system and          data files,

* be aware of potential expirations of users' passwords,

* do not conduct tests while operating within a network           or production environment,

* ensure that none of software licences or trial software           expires during the test,

It is generally recommended that testing be carried out in a test environment separate from production (actual working) environment. By testing on separate system daily operations will not be interrupted and there will be no risk of bad date data. All this requires detailed planning to ensure that the deployment is smooth. There should also be plans to return to operational status after completing test.

 

PREPARING BUSINESS OPERATIONS

In addition to preparing PCs and network for Y2K, there is a need to take care of other internal systems that depend on computers, including embedded chip operations. This includes production equipment and all other automated systems any system that relies on date. All internal systems, that may be date sensitive, are prioritized according to their importance to business and the impact of failure. In taking action to ensure that internal systems will be ready for the transition, assess the most critical system first to avoid those failures which would seriously affect business. Working with suppliers is an essential part of Y2K preparations to ensure uninterrupted production and delivery during and after the transition to year 2000. The customers will also want to know the preparation for the transition. The customers are as important as suppliers.

 

CONTINUITY PLANNING

No matter how diligently preparations for Y2K have been made, every business may experience various levels of failures during or after the transition. The goal of business continuity plan is to minimize the risk of Y2K failure and preparing to recover from actual failures as quickly as possible. It consists of two components, contingency planning and emergency response planning.

 

CONTINGENCY PLANNING

No matter how diligently one has prepared for Y2K, the could be failures during or after the transition. Therefore, contingency planning is an integral part of preparations. The objective is to minimize the risk of failure and recover as quickly as possible. This plan consist of two components:

* contingency planning focuses on taking proactive           measures to minimize risk and ensure near normal         operations in the event of failure of Y2K plan,

* emergency response planning focuses on reacting to           actual failure in order to return operations to near          normal as quickly as possible.

It is of key importance to test the contingency plan. Test the most critical contingencies. Review and update contingency plans periodically to ensure readiness for the transition.

 

EMERGENCY RESPONSE PLANNING

While the aim of contingency plans is to maintain near normal operations, the objective behind emergency response plans is to restore operations to near normal status as soon as possible, ensure safety as well as protection of property, plant and equipment. Emergency response plans are designated to be triggered when a specific event occurs i.e. power outage.

 

PAKISTAN STATUS

Pakistan cannot be an exception, like rest of the world, the users of computer-based equipment will be affected by the Y2K millennium bug problem. This is a problem which needs to be understood by all the users of microprocessor based equipment, both in their private capacity as well at their workplace. This is a problem which will affect everyone who relies on microprocessor based equipment. The range of affected equipment varies from simple things like washing machines to critical equipment like CT Scan equipment — anything to do with date calculations.

There is a general misconception that Y2K problem will affect only those computers which use COBOL based programmes or the equipment and software made before 1995. This belief is wrong and may lead to dangerous consequences. The problem may also affect embedded equipment and software, manufactured after 1995.

The most common misconception about the issue is that the Y2K problem would appear just once — at the roll over from December 31, 1999 to January 1, 2000. The other misconception about the problem is that it would only affect the large installations running legacy systems with older languages such as COBOL. And, worst of all, that it will only affect the computers!

Whereas the reality is that the millennium problem would not last for just one day. It would have continued effects well beyond the roll over on the systems and business operations. Different software and hardware systems would behave in different ways and each would have its unique millennium-related problem which has to be fixed in an appropriate manner.

While the bug would hit the legacy systems and applications in the worst form, the effect won't be confined to just these systems. The Y2K problem would hit everyone equally bad. The bug isn't just limited to computers, it can hit all embedded systems. These system are hard to reprogramme once they are made operational. Automation systems, telecommunication, oil exploration, instrumentation, aviation, and thousands of different control systems depend heavily on these embedded systems.

Embedded chips, numbering in billions, are in operation in every thing from automobiles, satellites, military hardware, airplanes, ships, trains and trucks to VCRs. These embedded chips have to be located, tested and then replaced—manually. It is a massive, time consuming and terribly expensive venture.

It is estimated that approximately 90 per cent of the IBM PC close market will malfunction or crash when the clock turns over to the year 2000. Microsoft and Intel do not guarantee that all of their products are Y2K compliant. The problem is, they sell to others who assemble 'clones' with all kinds and arrangements of equipment. This means that someone purchasing a new PC right now, may still have Y2K problems.

The Pakistan Computer Bureau, as the focal point of Y2K activities, has been playing its pivotal role in creating awareness and providing information to information technology professionals and managers in user organizations. Although, it is fundamentally a technical problem, the choice of how to address the issue is a business problem and regulatory problem.

A Task Force on Y2K, headed by Director General, Pakistan Computer Bureau, has been constituted. The Task Force has held several meetings. The measures taken so far at various levels to tackle the issue, ensure that the pace of work focused on Y2K is accelerated. Although there is already a general awareness of the problem, some business managers and administrators still do not fully appreciate the complexity of the problem and the seriousness of the consequences.

Details of an assessment survey on Y2K preparedness at major state enterprises, undertaken by the Bureau, exhibits some shocking information. Some of the findings have been taken from their website.

While the overall awareness level regarding Y2K issues has been termed high by the Bureau, many professionals termed the level poor. The level of awareness in public sector entities, particularly in the infrastructure sector, is extremely poor. The problem has been extenuated by availability of funds to take an inventory of embedded system which are the most susceptible to adverse effects.

Although, it is considered that commercial banks are at an advance stage, there is a mounting concern that some of the commercial banks may witness interruptions in smooth transition due to non-compliance of all the hardware and software. The central bank has been perusing all the commercial banks to meet the compliance deadline. Monthly meetings are being held with the respective officials of banks to obtain the updated status.

The central bank has also started the audit to ensure timely Y2K compliance. However, it is difficult to test the compliance because no standard models have been used. An important aspect of this test is the arrangement to conduct 'street test'. During the street test all the banks have to conduct transactions first with the local counterparts and second with the international correspondent banks.

However, the level of seriousness of local banks can be gauged from regular extension in deadline for Y2K compliance. The initial deadline was fixed for December 31, 1998, second extension was given upto March 31, 1999 and the third extension expired on June 30, 1999. The next deadline has been fixed for September 30 1999. The sector experts have strong apprehensions that all the hardware and software of all the commercial banks will reach Y2K compliance even by the end of the year. However, critical systems of a large number of banks have achieved Y2K compliance.

According to banking sector experts, United Bank was among the first few banks to achieve Y2K compliance by December 31, 1998. The systems are being checked and re-checked to ensure smooth transition into the next millennium. A lot of credit goes to the staff who did the maximum work. The Bank also acquired the help of an outside consultant to assist the in-house team.

Habib Bank has been making strides in automation of its branch network, focusing on connectivity. The in-house software team has been at work to ensure that the Y2K software bug is removed from all systems. Substantial progress has been made and it is expected that all bugs will be ironed out well before the mandatory compliance date set by the central bank.

While National Bank of Pakistan has awarded the contract to an outside consultant, Allied Bank may face some interruptions in smooth operations as much of the work has to be done yet to achieve Y2K compliance.

The status of power generation, transmission and distribution companies working in public sector is disappointing. Firstly because the level of comprehension of seriousness of the issue was almost nil. Secondly they do not have adequate resources at their disposal to undertake upgradation of their systems. Thirdly they have not been able to commence their work to meet the non-negotiable deadline. The status of WAPDA and KESC should be a source of serious concern as any interruption in electricity supply to consumers may disrupt all the economic activities in the country.

Similarly, Pakistan Telecommunication Company (PTCL) faces problems with its old exchanges. Its immediate concern is to achieve compliance to remain connected with other international networks. It is treated as 'third party' by all the other international players. Pakistan Telecommunication Authority, being the regulators, has the responsibility to ensure compliance by PTCL, cellular telephone companies, internet service providers and pager service providers etc.

To sum up it will be right to say that the poor level of awareness, inadequate budget and limited availability of expertise have been the major constraints in achieving Y2K compliance. Even if these organizations start now they will not be able to upgrade all the hardware and remove bugs from all the software before the turn of the century.

 

OUTLOOK

The poor level of awareness about Y2K and inadequate efforts in Pakistan can result in serious interruption in all spheres of life. The present situation does not permit most of the companies to start from scratch. They can only work on contingency plans to bring their operations back to near-normal with the beginning of year 2000. It is also required that all the regulators, i.e. SECP, NEPRA and stock exchanges, should ensure that all the companies provide the latest update on their Y2K compliance. These regulators should also start conducting audit to ensure smooth transition into the next millennium.

Internationally, various sectors have been termed very prone to failures. These are, smaller companies, local and town governments, oil industry, chemical process industries, healthcare industry, agriculture, shipping and 70 per cent of the world's government offices.

The availability of extensive information and international consultants, however, provides some relief. For example Gartner Group of USA and International Telecommunication Union are in a position to provide solutions. Intel's Pakistan office has been playing a very important role in directing computer users in locating proper solution providers.

The US government's advice for the Y2K problem should be of some interest to all. It says: "Regularly assess the risk of Y2K failures, business interruption losses and market impact, for current and future investment in companies and emerging countries due to inadequate or lagging Y2K compliance efforts."

Most large banks will experience very few system failures, however, banks that are dependent on money from high risk countries are at risk of business loss. Significant interruptions in electricity and telephone system etc. may take place in nearly 30 countries that have not adequately addressed the problem.

To conclude, it is worth to quote from a report from Gartner Group: "Y2K is an unprecedented event. When you consider the number of people involved in the remedial efforts plus the number of codes being looked at, it is common sense to have strong risk management in place."

In many countries penalties for non-compliance of Y2K are adding to the pressure. For example, the Philippines enacted the Y2K Readiness Act this June to allow heads of government agencies to be 'charged administratively' if their entities fail to comply with the provisions of the Y2K law. Manufacturers/vendors will also be liable for damages for any malfunctioning or defects of their systems and products if not Y2K compliant. As early as 1998, the Monetary Authority of Singapore had held all the CEOs of banks personally responsible for their banks' Y2K compliance. The CEOs of Chinese airlines have been asked to fly on January 1, 2000 flights to attest to their airlines' Y2K compliance. Two Singapore banks that told customers that they would not be responsible for deposit losses arising from Y2K failures have had to withdraw these disclaimers because of unfavourable public opinion.

 

Year 2000 Preparedness Checklist Top Level Commitment a) Recognition of Y2K Problem b) Sense of urgency for conversion c) Budgetary/Resource Allocation for Y2K   Organizational Arrangement a) Appoint Top Level Executive b) Establish Y2K Team c) Assess Level of Skills for Y2K   Strategic Plan for Y2K Compliance Problem Scooping a) Internal Inventory b) External Inventory c) Supply Chain Linkage   Problem Prioritization a) Mission Critical b) Very Important c) Important d) Un-important   Strategy Options for Action a) Rank approach to testing based on problem prioritization b) Assessment of Scope of problem based on: i) Preliminary Testing ii) Supply Chain Information iii) Solution Delivery Options c) Delivery of Y2K Solution   Contingency plan for Y2K Compliance Failure a) Sustainability of business continuity b) Multiple Coincident Failures c) Pragmatic use of Legal Rights

 

Year 2000 Preparedness Business computers Check in your own organization where dates are used in the following applications: i) Accounting ii) Spreadsheets iii) Databases iv) Payroll v) Scheduling Applications vi) Project Management vii) Marketing viii) Point of Sale ix) Invoicing x) Sales xi) Logistics xii) Credit Control xiii) Direct Mail xiv) Distribution xv) Project Planning xvi) Pensions Scheme xvii) Order Processing xviii) Personnel xix) Purchase Ordering xx) Retail xxi) Security xxii) Stock Control xxiii) Warehousing xxiv) Management Information xxv) Decision Support Systems xxvi) Workgroup Systems Year 2000 Preparedness for Embedded Systems Check with the manufactures and/or the suppliers and obtain written confirmation as to the problems that might arise, on the turn of the century or any other date related problems. All the time consider as non-compliant until individually proven otherwise.