Due to paucity of time now the only recourse is to
work on contingency plans
By SHABBIR H. KAZMI
August 23 - 29, 1999
There may be reasonable comfort that listed companies are 'plugged on'
in their internal critical system for year 2000 (Y2K) compliance. Every one seems to be
taking care of its 'own shop' and relying on others to do their part. However, the real
concern is that many companies will be affected or disconnected from global access in the
year 2000. The most affected group, due to non-compliance, will be the poorly funded
government entities and the small and medium size enterprises.
The most significant issue is the concern over public sector readiness
specifically the power generation, transmission and distribution entities working in the
public sector. The ongoing financial problems could have other knock-on effects, given the
interconnection of electricity generation, transmission and distribution companies and
consumers. On paper, it is inconceivable that critical systems are not checked and tested.
The key issue for these complex organizations is whether sufficient time and resources
have been put into weeding out embedded chips in the older plants to prevent unforeseen
The transition to the year 2000 could potentially affect any computer
system or software application that uses date-related data. The issue refers to the fact
that some computer systems store the year portion of dates in two-digit identifying
'1997' as '97'. It was common practice years ago for programmers to use this approach
because it conserved costly memory space.
The two-digit system will work fine until a change in the century. Then
computers or other electronic devices programmed or designed in the above mentioned manner
could misinterpret the digits '00' to mean the year is 1900 rather than 2000. Some systems
also might not recognize year 2000 as a leap year or may not be able to transition
properly from February 28 to February 29 and to March 1, 2000.
To ensure comparability of Y2K readiness, the users of computer based
equipment need to focus on four key issues:
1) the level awareness and commitment,
2) the implementation progress,
3) the extent of internal and external testing,
4) the availability of contingency plans,
The commitment of government and regulators in ensuring Y2K compliance
will play a vital role. For example Singapore and Hong Kong stand out as being clearly
ahead of the game. These are also the only two Asian countries which have been given the
'green' rating by the 'Global 2000 Coordinating Group' for their high level of public
information and progress towards Y2K compliance in six major sectors:
1- financial services
2- clearing and settlement
5- basic utilities
6- government entities
Preparing to Y2K should be a high priority for any business. It will
have a broad impact on business operations affecting every thing from simple processing of
data and security system to payroll and billing including interface with suppliers
If one is just getting started, it is necessary to turn to other
resources for information and assistance in developing a Y2K strategy. Organizations
within and outside the country are willing to share their knowledge. Since the impacts are
far-reaching no company can work in isolation. Some of resources for possible assistance
* computer hardware and software sellers
* major customers and suppliers
* companies known to be leaders in their Y2K
* trade organizations,
* industry groups focused on Y2K issue,
* government agencies,
* external consultants
If any one has not begun Y2K preparations as yet the first step is to
evaluate and assess the risks and allocate budget for updating the systems. The second
step is to reduce the risk by updating the systems and testing the updated hardware and
software. The third step is to prepare and test contingency plans.
PREPARING PCs AND NETWORK
It is important to ensure that PCs and network are ready for Y2K. It
requires four steps to be followed.
1) identify all PCs and network components including hardware operating
system, network operating system and all other software,
2) check all of the components for Y2K capability,
3) update the components that are not Y2K capable,
4) test updated components and the networked PC system as a whole
Testing updated system is the most time and resource-intensive. The
purpose is to ensure that hardware, including those which have been updated, are Y2K
capable individually and as an integrated system. A number of precautions should be taken
before testing. These are:
* before beginning the test, prepare back up of all
software applications including operating
system and data files,
* be aware of potential expirations of users' passwords,
* do not conduct tests while operating within a network
or production environment,
* ensure that none of software licences or trial software
expires during the test,
It is generally recommended that testing be carried out in a test
environment separate from production (actual working) environment. By testing on separate
system daily operations will not be interrupted and there will be no risk of bad date
data. All this requires detailed planning to ensure that the deployment is smooth. There
should also be plans to return to operational status after completing test.
PREPARING BUSINESS OPERATIONS
In addition to preparing PCs and network for Y2K, there is a need to
take care of other internal systems that depend on computers, including embedded chip
operations. This includes production equipment and all other automated systems any system
that relies on date. All internal systems, that may be date sensitive, are prioritized
according to their importance to business and the impact of failure. In taking action to
ensure that internal systems will be ready for the transition, assess the most critical
system first to avoid those failures which would seriously affect business. Working with
suppliers is an essential part of Y2K preparations to ensure uninterrupted production and
delivery during and after the transition to year 2000. The customers will also want to
know the preparation for the transition. The customers are as important as suppliers.
No matter how diligently preparations for Y2K have been made, every
business may experience various levels of failures during or after the transition. The
goal of business continuity plan is to minimize the risk of Y2K failure and preparing to
recover from actual failures as quickly as possible. It consists of two components,
contingency planning and emergency response planning.
No matter how diligently one has prepared for Y2K, the could be
failures during or after the transition. Therefore, contingency planning is an integral
part of preparations. The objective is to minimize the risk of failure and recover as
quickly as possible. This plan consist of two components:
* contingency planning focuses on taking proactive
measures to minimize risk and
ensure near normal operations in the event
of failure of Y2K plan,
* emergency response planning focuses on reacting to
actual failure in order to return
operations to near normal as quickly
It is of key importance to test the contingency plan. Test the most
critical contingencies. Review and update contingency plans periodically to ensure
readiness for the transition.
EMERGENCY RESPONSE PLANNING
While the aim of contingency plans is to maintain near normal
operations, the objective behind emergency response plans is to restore operations to near
normal status as soon as possible, ensure safety as well as protection of property, plant
and equipment. Emergency response plans are designated to be triggered when a specific
event occurs i.e. power outage.
Pakistan cannot be an exception, like rest of the world, the users of
computer-based equipment will be affected by the Y2K millennium bug problem. This is a
problem which needs to be understood by all the users of microprocessor based equipment,
both in their private capacity as well at their workplace. This is a problem which will
affect everyone who relies on microprocessor based equipment. The range of affected
equipment varies from simple things like washing machines to critical equipment like CT
Scan equipment anything to do with date calculations.
There is a general misconception that Y2K problem will affect only
those computers which use COBOL based programmes or the equipment and software made before
1995. This belief is wrong and may lead to dangerous consequences. The problem may also
affect embedded equipment and software, manufactured after 1995.
The most common misconception about the issue is that the Y2K problem
would appear just once at the roll over from December 31, 1999 to January 1, 2000.
The other misconception about the problem is that it would only affect the large
installations running legacy systems with older languages such as COBOL. And, worst of
all, that it will only affect the computers!
Whereas the reality is that the millennium problem would not last for
just one day. It would have continued effects well beyond the roll over on the systems and
business operations. Different software and hardware systems would behave in different
ways and each would have its unique millennium-related problem which has to be fixed in an
While the bug would hit the legacy systems and applications in the
worst form, the effect won't be confined to just these systems. The Y2K problem would hit
everyone equally bad. The bug isn't just limited to computers, it can hit all embedded
systems. These system are hard to reprogramme once they are made operational. Automation
systems, telecommunication, oil exploration, instrumentation, aviation, and thousands of
different control systems depend heavily on these embedded systems.
Embedded chips, numbering in billions, are in operation in every thing
from automobiles, satellites, military hardware, airplanes, ships, trains and trucks to
VCRs. These embedded chips have to be located, tested and then replacedmanually. It
is a massive, time consuming and terribly expensive venture.
It is estimated that approximately 90 per cent of the IBM PC close
market will malfunction or crash when the clock turns over to the year 2000. Microsoft and
Intel do not guarantee that all of their products are Y2K compliant. The problem is, they
sell to others who assemble 'clones' with all kinds and arrangements of equipment. This
means that someone purchasing a new PC right now, may still have Y2K problems.
The Pakistan Computer Bureau, as the focal point of Y2K activities, has
been playing its pivotal role in creating awareness and providing information to
information technology professionals and managers in user organizations. Although, it is
fundamentally a technical problem, the choice of how to address the issue is a business
problem and regulatory problem.
A Task Force on Y2K, headed by Director General, Pakistan Computer
Bureau, has been constituted. The Task Force has held several meetings. The measures taken
so far at various levels to tackle the issue, ensure that the pace of work focused on Y2K
is accelerated. Although there is already a general awareness of the problem, some
business managers and administrators still do not fully appreciate the complexity of the
problem and the seriousness of the consequences.
Details of an assessment survey on Y2K preparedness at major state
enterprises, undertaken by the Bureau, exhibits some shocking information. Some of the
findings have been taken from their website.
While the overall awareness level regarding Y2K issues has been termed
high by the Bureau, many professionals termed the level poor. The level of awareness in
public sector entities, particularly in the infrastructure sector, is extremely poor. The
problem has been extenuated by availability of funds to take an inventory of embedded
system which are the most susceptible to adverse effects.
Although, it is considered that commercial banks are at an advance
stage, there is a mounting concern that some of the commercial banks may witness
interruptions in smooth transition due to non-compliance of all the hardware and software.
The central bank has been perusing all the commercial banks to meet the compliance
deadline. Monthly meetings are being held with the respective officials of banks to obtain
the updated status.
The central bank has also started the audit to ensure timely Y2K
compliance. However, it is difficult to test the compliance because no standard models
have been used. An important aspect of this test is the arrangement to conduct 'street
test'. During the street test all the banks have to conduct transactions first with the
local counterparts and second with the international correspondent banks.
However, the level of seriousness of local banks can be gauged from
regular extension in deadline for Y2K compliance. The initial deadline was fixed for
December 31, 1998, second extension was given upto March 31, 1999 and the third extension
expired on June 30, 1999. The next deadline has been fixed for September 30 1999. The
sector experts have strong apprehensions that all the hardware and software of all the
commercial banks will reach Y2K compliance even by the end of the year. However, critical
systems of a large number of banks have achieved Y2K compliance.
According to banking sector experts, United Bank was among the first
few banks to achieve Y2K compliance by December 31, 1998. The systems are being checked
and re-checked to ensure smooth transition into the next millennium. A lot of credit goes
to the staff who did the maximum work. The Bank also acquired the help of an outside
consultant to assist the in-house team.
Habib Bank has been making strides in automation of its branch network,
focusing on connectivity. The in-house software team has been at work to ensure that the
Y2K software bug is removed from all systems. Substantial progress has been made and it is
expected that all bugs will be ironed out well before the mandatory compliance date set by
the central bank.
While National Bank of Pakistan has awarded the contract to an outside
consultant, Allied Bank may face some interruptions in smooth operations as much of the
work has to be done yet to achieve Y2K compliance.
The status of power generation, transmission and distribution companies
working in public sector is disappointing. Firstly because the level of comprehension of
seriousness of the issue was almost nil. Secondly they do not have adequate resources at
their disposal to undertake upgradation of their systems. Thirdly they have not been able
to commence their work to meet the non-negotiable deadline. The status of WAPDA and KESC
should be a source of serious concern as any interruption in electricity supply to
consumers may disrupt all the economic activities in the country.
Similarly, Pakistan Telecommunication Company (PTCL) faces problems
with its old exchanges. Its immediate concern is to achieve compliance to remain connected
with other international networks. It is treated as 'third party' by all the other
international players. Pakistan Telecommunication Authority, being the regulators, has the
responsibility to ensure compliance by PTCL, cellular telephone companies, internet
service providers and pager service providers etc.
To sum up it will be right to say that the poor level of awareness,
inadequate budget and limited availability of expertise have been the major constraints in
achieving Y2K compliance. Even if these organizations start now they will not be able to
upgrade all the hardware and remove bugs from all the software before the turn of the
The poor level of awareness about Y2K and inadequate efforts in
Pakistan can result in serious interruption in all spheres of life. The present situation
does not permit most of the companies to start from scratch. They can only work on
contingency plans to bring their operations back to near-normal with the beginning of year
2000. It is also required that all the regulators, i.e. SECP, NEPRA and stock exchanges,
should ensure that all the companies provide the latest update on their Y2K compliance.
These regulators should also start conducting audit to ensure smooth transition into the
Internationally, various sectors have been termed very prone to
failures. These are, smaller companies, local and town governments, oil industry, chemical
process industries, healthcare industry, agriculture, shipping and 70 per cent of the
world's government offices.
The availability of extensive information and international
consultants, however, provides some relief. For example Gartner Group of USA and
International Telecommunication Union are in a position to provide solutions. Intel's
Pakistan office has been playing a very important role in directing computer users in
locating proper solution providers.
The US government's advice for the Y2K problem should be of some
interest to all. It says: "Regularly assess the risk of Y2K failures, business
interruption losses and market impact, for current and future investment in companies and
emerging countries due to inadequate or lagging Y2K compliance efforts."
Most large banks will experience very few system failures, however,
banks that are dependent on money from high risk countries are at risk of business loss.
Significant interruptions in electricity and telephone system etc. may take place in
nearly 30 countries that have not adequately addressed the problem.
To conclude, it is worth to quote from a report from Gartner Group:
"Y2K is an unprecedented event. When you consider the number of people involved in
the remedial efforts plus the number of codes being looked at, it is common sense to have
strong risk management in place."
countries penalties for non-compliance of Y2K are adding to the pressure. For example, the
Philippines enacted the Y2K Readiness Act this June to allow heads of government agencies
to be 'charged administratively' if their entities fail to comply with the provisions of
the Y2K law. Manufacturers/vendors will also be liable for damages for any malfunctioning
or defects of their systems and products if not Y2K compliant. As early as 1998, the
Monetary Authority of Singapore had held all the CEOs of banks personally responsible for
their banks' Y2K compliance. The CEOs of Chinese airlines have been asked to fly on
January 1, 2000 flights to attest to their airlines' Y2K compliance. Two Singapore banks
that told customers that they would not be responsible for deposit losses arising from Y2K
failures have had to withdraw these disclaimers because of unfavourable public opinion.
Year 2000 Preparedness Checklist
Top Level Commitment
a) Recognition of Y2K Problem
b) Sense of urgency for conversion
c) Budgetary/Resource Allocation for Y2K
a) Appoint Top Level Executive
b) Establish Y2K Team
c) Assess Level of Skills for Y2K
Strategic Plan for Y2K Compliance
a) Internal Inventory
b) External Inventory
c) Supply Chain Linkage
a) Mission Critical
b) Very Important
Strategy Options for Action
a) Rank approach to testing based on
b) Assessment of Scope of problem based
i) Preliminary Testing
ii) Supply Chain Information
iii) Solution Delivery Options
c) Delivery of Y2K Solution
Contingency plan for Y2K Compliance
a) Sustainability of business continuity
b) Multiple Coincident Failures
c) Pragmatic use of Legal Rights
|Year 2000 Preparedness
Check in your own
organization where dates are used in the following applications:
i) Accounting ii) Spreadsheets iii) Databases iv) Payroll v) Scheduling
Applications vi) Project Management vii) Marketing viii) Point of Sale ix) Invoicing x)
Sales xi) Logistics xii) Credit Control xiii) Direct Mail xiv) Distribution xv) Project
Planning xvi) Pensions Scheme xvii) Order Processing xviii) Personnel xix) Purchase
Ordering xx) Retail xxi) Security xxii) Stock Control xxiii) Warehousing xxiv) Management
Information xxv) Decision Support Systems xxvi) Workgroup Systems
Year 2000 Preparedness for Embedded
Check with the manufactures and/or the suppliers and obtain written confirmation as to
the problems that might arise, on the turn of the century or any other date related
problems. All the time consider as non-compliant until individually proven otherwise.