Vertical Markets Behind the Eight-Ball as Y2K Compliance Moves to New Realm
With only 14 months to go before the witching hour of January 1, 2000,
companies in all major vertical markets and the government sector are planning
an end game for their Year 2000 compliance efforts that includes contingency
planning. As organizations gear up for the final year before the deadline, a
number of key trends - including assessment of worst-case scenarios - are
emerging in both the government and commercial sectors. These trends will
affect how organizations attack Y2K during the final year’s march to 2000.
Clearly, the focus on Y2K that has spawned a new market sector within the
information technology industry is now moving from testing and remediation of
systems toward validation and planning for worst-case scenarios. No longer are
organizations simply talking about making fixes to their software code to
render them Year 2000 date-compliant, but they are focusing on contingencies
in case they’ve missed something.
"You can’t anticipate everything. You have to be adaptive. As you work on
these issues, the challenges seem to grow and grow. It’s beyond finding
needles in haystacks. It becomes, to a certain extent, finding the haystacks
first before you can look for the needles," says John Ogens, Director of the
Global Year 2000 Program for Monsanto Corp.
With companies in virtually every vertical industry sector reporting they are
still behind the curve on testing, remediation and verification, according to
a quarterly Y2K survey from consultant Cap Gemini America, the key now for
organizations is to cover their bases - especially with mission-critical
business applications that could affect financial bottom lines and bring risk
Going into 1999, corporations in the private sector are starting to prioritize
what they can or can’t get done, says Stephen Frycki, Managing Director, U.S.
Year 2000 Marketing for DMR Consulting Group Inc. "They will be asking, ‘What
can we do to minimize any impact on humans or environment. Have we missed
anything? What do we need to do?’ You’re going to see a lot of companies
making decisions based on real factors and revenue," Frycki says.
But even with efforts underway to prioritize Y2K tasks, time remains a
formidable adversary. Approaching the one-year-to-go-mark, there is "very
little room for error, very little room for rework," says Howard Rubin, Chief
Executive Officer, Rubin Systems Inc., which surveys Y2K compliance efforts.
In the federal sector, which has been roundly criticized in and out of
government for generally lagging behind industry in Y2K readiness, political
fighting for funds remains the order of the day. Congress, which holds the
purse strings, has been reluctant to release the monies the agencies say they
need, says Robert Deller, President, Market Access International Inc., which
tracks federal IT procurement.
Congress has complained it has not seen adequate General Accounting Office
assessments of where agencies are or where they should be. On the other hand,
federal agencies have politicized the process in order to create a "drama"
about Y2K in order to receive congressional allocations for their
organizations, Deller says.
Although Deller believes the federal sector has taken Y2K as seriously as the
commercial sector, he says the politics of money and the proliferation of
legacy computing systems have caused agencies to struggle on the issue.
By any measurement, resolution of the Y2K problem will not come cheap. The
GartnerGroup, an information technology consultant, has estimated that the
worldwide cost for fixing the Y2K bug among organizations and governments will
ring up a bill of $300 billion to $600 billion. This estimate does not include
costs for product compliance, business modification, bailouts, bankruptcies,
litigation and municipal deficiencies, according to Gartner.
In addition to the focus on contingency planning, some other emerging trends
among industry and government on the Y2K landscape include the following:
* Testing among major companies in commercial sectors is largely expected to
be completed at the end of 1998.
* Organizations are getting tougher with vendors and business partners that
have been slow or secretive on Y2K compliance.
* Emergency response teams are being set up within organizations to resolve
last-minute Y2K problems that might arise.
* More Y2K remediation work is starting to come in-house as organizations are
starting to look more closely at how they spend their Y2K budgets.
* Increasingly, an organization’s Y2K compliance status is starting to show
up in marketing messages as a way to gain strategic advantage over competitors.
* More sharing of information about Y2K testing and remediation is expected
to occur among organizations.
Financial Services Sector Appears Strongest in Y2K Compliance
Although much can be said in general terms about the level of Y2K readiness
among corporations and government entities, that preparedness varies greatly
within different vertical markets and the public sector.
The financial services sector ranks at the top among industries in the best
shape for Y2K compliance efforts, many analysts believe. While banks,
brokerage houses, credit unions and other financial institutions will
rightfully claim foresight in recognizing, testing and starting remediation,
information technology observers note that the nature of the problem is
different in financial services compared with other sectors.
Legacy systems in other industries present significant challenges for most
other industries as well as for the government sector. For instance,
manufacturing, utilities, pharmaceuticals and telecommunications have had to
cope with the daunting task of identifying and fixing code in embedded chips
and systems. And government has had to cope with the old, outdated but
workable legacy systems in their computing environments, in addition to the
challenge of public-based funding.
Rubin of Rubin Systems Inc., which conducts Y2K tracking surveys for Cap
Gemini America, puts only the software industry ahead of financial services in
Y2K compliance efforts. Generally, industries that appear high on tracking
surveys for Y2K progress started their Y2K testing earlier than other
industries, Rubin says. "Testing is the insurance policy that underwrites the
quality of the Year 2000 projects, and ensures that the problem simply isn’t
under remission," says Jim Woodward, Senior Vice President, Cap Gemini
Tom Wilkie, Director of Risk Management for Household International, a
consumer lending and financial services company that offers credit card
accounts, says the Chicago company began its Y2K planning efforts in late
1995, early 1996 when "some small system errors caused us to take a closer
look at overall exposure."
Household International, which runs 25,000 workstations on its corporate
network and has 1,200 branch locations, identified 2,000 trackable items in
its database that would have Y2K ramifications. Seven-hundred items, Wilkie
says, were determined to be critical to maintaining business continuity.
A key to getting ahead of the problem was getting the ear and endorsement of
senior management in the company, Wilkie says. Household’s IT staff set up a
central repository to substantially document the company’s efforts. "It was
important to develop early and continuous communications with Household senior
management," Wilkie says. "Obviously, they have challenges and priorities
equally as, or more important to, the Year 2000 Project, like shareholder value
and major initiatives. Obviously, we want to be heard and we want to be seen,
and, at the same time, we can’t get in the way of making a profit."
Another factor in the financial industry’s Y2K preparedness has been the clear
focus the industry has received from regulators, observers say. The Securities
and Exchange Commission, for instance, recently issued stricter guidelines on
what publicly traded companies had to report in their quarterly 10-K filings
about their efforts to solve internal Y2K problems. "You can’t just make
blanket statements, like, ‘Yeah, things are good,’" says Frycki of DMR
Consulting. "You have to get down to the nuts and bolts and say what the
potential risks are."
Additionally, the Federal Financial Institutions Examinations Council has
offered firm guidance to banks, credit unions and other similar institutions
about the dire need to rectify Y2K situations. "Time is critical," an April
1998 council brief noted. "The Year 2000 cannot be deferred and neither can
commitments to action and funding." For those desiring a survivalist posture,
the Federal Reserve announced in August 1998, that by the end 1999, it would
place an additional $50 billion cash in government vaults. Normally about $150
billion is held in reserve in the United States by the central bank.
To the credit of financial services companies, the word is out to the public
that the industry is diligently working on Y2K, Frycki says. Rubin notes that
while major financial institutions got started early on Y2K, many secondary
and smaller institutions started later and are farther behind. However, that
position is mitigated by the fact that the scope of their remediation problems
is smaller, he says.
Manufacturing Sector’s Y2K Challenges Are More Complex
Where the financial services industry has received kudos for its Y2K
compliance efforts, Rubin ranks the manufacturing industry a bit farther down
the Y2K compliance scale. Although the industry has been diligent in its
efforts, Rubin ranks manufacturing fourth in the recent Cap Gemini survey of
Y2K readiness among 12 industry segments. One contributing factor lies in the
sheer complexity of the manufacturing computing environment, which boasts a
plethora of embedded systems.
In the manufacturing environment, companies typically have multiple legacy
systems - some of which may have been around for decades - that are still
critical to the process. "You have a lot of instruments that are collecting
data and then making decisions on what the next step is depending on what that
data shows. Some of these things could be very old, and there has been no
reason to change because they are stable," says Frycki of DMR Consulting.
Unlike some other sectors, manufacturers are also more dependent on suppliers
for raw materials since they create products rather than services. In many
cases, manufacturers are as closely linked with their suppliers’ information
systems as their products are with the raw materials themselves, since the
information about inventory, replenishment and other issues is equally
critical to the manufacturing process. As a result, manufacturers are
vulnerable not only to their own Y2K compliance challenges, but to those of
their suppliers as well. Because of this interdependence, the manufacturing
industry is a leader in the trend of large companies taking a harder stand on
their suppliers and business partners who have lagged on compliance.
Monsanto’s Ogens says the multinational corporation has determined that 10
percent of its suppliers and partners are at risk of non-Y2K readiness. For
partners deemed essential to Monsanto’s business operations, the corporation
will work with those suppliers to try to help get them up to speed. For
others, the company will make a business decision on a case-by-case basis on
whether to continue the relationships and for how long, Ogens says.
"The area of business continuity and contingency planning is critical for our
success," says Ogens. "If there’s a small or mid-size company that’s a
critical supplier that’s not easy to replace, then it’s our view that we need
to have a dialogue and partnership with them and provide whatever assistance
we can within reason to make them successful." Ogens says Monsanto has
determined that 42 percent of its partners are already compliant or are on a
good path for compliance. Thirty-six percent of suppliers have been reluctant
to communicate their status with the company. "We basically say that anybody
we’re doing business with who can’t be compliant by the end of the first
quarter of 1999 is putting us at risk," he says.
Monsanto, which runs 100 IT organizations in 33 countries, says its
applications portfolio numbers 1,200 applications, including process control
devices, embedded systems devices and laboratory systems. Thirty-five percent
of applications are currently compliant and 19 percent of the portfolio is
considered compliant or awaiting testing for confirmation. Thirty-one percent
of the portfolio will be replaced via major upgrades and 3 percent
Frycki says he expects the supply-chain issue to come to a head in 1999. While
federal regulations curtail the amount of information competitive companies
can share, the consultant believes some rules may be eased to allow large
corporations to trade information on supplier-compliance status. "Obviously if
someone is out there and they have 20,000 suppliers and they’ve evaluated
them, why shouldn’t that information be made available to other companies,
even if it is sold to them. You see more and more of that now with companies
offering things on embedded chips. Suppliers become another issue," he says.
The Clinton Administration has sponsored so-called "Good Samaritan legislation
that would ease liability on companies sharing information on Y2K solutions
but fall short. The bipartisan Year 2000 Readiness Act, which also is being
considered in Congress, largely would do the same thing but offer companies
Government Sector Under Criticism for Lack of Preparedness
No vertical sector has been as maligned on the Y2K compliance front as the
federal government. According to Cap Gemini America’s tracking survey,
government ranks at the bottom of the 12 sectors judged for Y2K readiness.
Some of the criticism is deserved and some undeserved, Deller of Market Access
International contends. Municipal governments, which have been aggressive at
pursuing cooperative Y2K solutions with other governmental entities and
vendors, seemed to have fared better.
As with most things in Washington, the issue of Y2K preparedness has political
overtones. While acknowledging that federal government agencies by and large
are behind the curve in Y2K readiness because of starting too late - which
Deller says is largely due to political wrangling over funds - he notes that
the market spawned by Y2K remediation work has created additional angst for
agencies. "They have been bullied and pressured by a lot of people on the
outside who have the feeling that the government will be unable to solve its
problem," Deller says, adding that the IT industry has zeroed in on agencies
"because they want to promote their own business."
Observers credit the work U.S. Rep. Steven Horn, (R-Calif.), for bringing the
government’s Y2K woes to the public. Since Horn began his work, the White
House has taken a much more proactive stance on readiness, even appointing
John Koskinen as a sort of Y2K czar to coordinate efforts among the agencies.
The highest ranking agency in terms of testing and readiness, according to
Horn’s evaluations, has been the Social Security Administration. Horn has
ranked the efforts at the Defense Department and Transportation Department
among the lowest.
"In the federal government, the organizations that have an engaged leadership
at the highest levels seem to be doing better with more of a focus than the
organizations that don’t," says Wes Naqvi, Division Vice President for Y2K for
the Federal Division of Computer Associates International Inc., which sells
business-critical software systems.
Even so, Lt. Gen. (Ret.) Otto Guenther, Director of Strategic Planning for
Computer Associates’ Federal Division and a former chief information officer
of the U.S. Army, says he expects that federal agencies will have their
critical systems tested and remediated by Jan. 1, 1999. The concept of setting
up emergency response teams to ensure that unforeseen things don’t cause
monumental problems is gaining momentum in government circles, Guenther says.
Deller believes that the federal government’s task has been more difficult
than that facing the commercial sector, given the large numbers of legacy
computing systems that have been deployed in agencies. Because funds are being
shifted over to Y2K efforts, modernization projects have been placed on hold
at a number of agencies, he says. "There are a number of major infrastructure
operational problems in the federal government that are going unaddressed
because of the preoccupation with the Y2K problem," Deller says. "If you look
in the commercial markets, they can replace a whole system and they don’t have
all these archaic technologies sitting around that have to be converted."
State and municipal governments, meanwhile, say they are pleased with their
positioning on Y2K. A survey from the National Association of State
Information Resource Executives shows that 35 states are more than 75 percent
of the way through their Y2K assessments and more than 27 states are 30
percent complete in their implementation efforts.
The biggest problems for municipalities is securing IT talent within their MIS
organizations to address Y2K problems, says Eli Cortez, Chief Information
Officer, San Bernardino County, Calif, which has 50,000 workers, 48
departments and 8,000 workstations. "One of our main problems is the issue of
staff retention and recruitment. We have quite a bit of competition in the IT
industry. In government, we don’t pay as competitive as we do in the private
sector," Cortez says.
Health Care Industry Struggling With Y2K Compliance
The unique complexity of the health care industry - both in terms of the wide
range of packaged software and the proliferation of biomedical equipment - is
a key reason the industry lags at the bottom of consultants’ assessments of
Y2K readiness. Although most industries are behind to some degree, health
care has its own sets of problems. While the industry doesn’t have the vexing
problems with legacy systems or embedded chips, the nature of health and
medical products means that there has been an over-reliance on the packaged
That reliance is so prevalent that it has caused health care companies and
hospitals to lag on the remediation efforts of the multitude of products they
use, says Frycki of DMR Consulting. While some individual health care
organizations have sought to offer leadership to the industry through their
own readiness efforts, by and large the industry’s Y2K positioning is
precarious, adds Nigel Martin-Jones, Vice President, Corporate Development for
Y2K consultant, Data Dimensions Inc.
"The hospitals and health care providers are not in good shape," says Frycki.
"They have not really considered the problem because most of them use a lot of
packaged software. They’re making the assumption that, ‘Well, my vendor is
going to provide me with the appropriate software.’ But that’s not necessarily
Martin-Jones says that the more complex the health care organization - such
as hospital companies with extensive laboratories and research facilities -
the more difficult the Y2K task. "You have this incredible inventory of
biomedical devices and other kinds of hospital devices. If you are a health
care company that’s essentially a management organization and you have no
hospital labs, etc., then you’re probably in good shape," Martin-Jones says.
According to a GartnerGroup survey, as recently as 1997, the Year 2000 computer
crisis "was not even on the radar screen" of 340 integrated health care
delivery systems it surveyed. In 1998, Y2K has become health care’s number 1
computing systems issue, the GartnerGroup says. Because of the industry’s late
start, the survey notes that 87 percent of U.S. health care organizations are
in danger of computing systems failures over the next two years.
The medical products division of Hewlett-Packard Co. has sought to be
productive on Y2K, including setting up a Web site to disseminate information
to its clients and others. HP tracks some 2,000 medical products tracking in
its database that relate to Y2K compliance, says Roger Stein, Year 2000
program manager for HP’s medical products unit. Ninety-eight percent of all
products in the HP portfolio have been tested and 85 percent are either
compliant or have no date processing requirement.
In health care, the prevalent approach to evaluation of systems is through the
process of triage - remediating the most critical systems first, then going
to less crucial operations in decreasing importance. For instance,
defibrillator devices, which help start the heart in an emergency, are at the
top of the triage process because if the equipment fails a patient could die.
Patient monitors and imaging equipment are viewed as less critical devices.
"The hospital goes through the entire inventory of its products and assesses
what’s mission critical and triage what’s next beyond that," says Stein.
"Because there are so many dependencies on parties outside your own
organization, that’s where all of the due diligence comes in. That’s probably
the biggest challenge for all of us, whether you are the vendor or the
As industry sectors that rank lower on readiness surveys reach what Martin-
Jones calls the "end-game" of the process in 1999, their decisions
increasingly will be more difficult. Companies that started early with
testing and remediation, are approaching the last year with confidence by
moving into a validation stage of their critical systems. Another group, like
the health care industry, will be confronted by a danger of lethargy,
particularly as funding sources from the CEO’s office are being more fully
scrutinized. Compounding any lethargy is the fact that Y2K efforts to this
point really have not involved forward processing, so organizations haven’t
experienced significant failure rates in date-related software code.
"We are seeing people slow down, and, in fact, we’re seeing people cancel
components of projects because funding is tightening," Martin-Jones says. "The
people who have been very slow to move to this, as opposed to the end game
being more of an inspiration to them, are basically not moving and saying it’s
business as usual."
ABOUT THE AUTHOR:
Marvin V. Greene is a technology writer with the Washington News Bureau. He can be reached via e-mail at email@example.com.