With Less than a Year to Go, Prepare for the Madness

By Joseph McKendrick

While few companies will be completely immune to year 2000 glitches, those companies that prepare responses to those glitches ahead of time will see far less downtime. In fact, companies without contingency or risk management plans are likely to "experience business interruptions lasting at least twice as long as those that do have them," predicts Matthew Hotle, analyst with GartnerGroup (Stamford, Conn.).

Hotle remains "cautiously optimistic" about the ability of most North American organizations to handle the year 2000 crisis. However, he and other experts agree that we have now entered the "crisis window" -- lasting until the first quarter of 2000 -- in which up to one-half of all companies will experience at least one interruption of a mission-critical business process as a result of a date-related failure.

Along with overt failures, organizations may be besieged by related problems and panic, predicts William Ulrich, president of Tactical Strategy Group Inc. (Soquel, Calif.). "Programmers will be bombarded with fix requests, but problem origination will be difficult to discern." He also predicts that "hotlines will be flooded with user or customer calls," and that priority setting and decision making will be chaotic. "This will not be business as usual," he says.

The key to reducing the impact of year 2000 glitches or panic is to have a contingency or risk management plan in place to prepare for worst-case scenarios in the event of systems failures, Hotle and Ulrich advocate. In fact, "businesses implementing Year 2000 risk management and business continuity projects by the first quarter of 1999 will reduce the probability that they will undergo internal litigation and business interruption by 50 percent," he believes.

GartnerGroup stands by its initial worldwide estimate of $300 billion to $600 billion to fix the year 2000 problem, Hotle proclaims. However, this only covers software, and does not include hardware, embedded devices, litigation, end-user applications and other, non-IT software-related costs. In fact, IT expenditures may only represent about a third of the total costs.

"We are unlikely to ever know the true costs involved," he adds. "Many enterprises are replacing non-Year-2000-compliant software with new packages, and not reporting the expenses incurred as being Year 2000 related. Others will have massive amounts of Year 2000-related repair expenses lasting after the century date change."

Contingency plans are based upon business process risk assessments, and include many possible scenarios -- from loss of business partners to power outages. These scenarios must be fully disclosed, planned and rehearsed, he emphasizes. Even "manual" business processes often must be planned for far in the future, such as when temporary workers must be acquired, space made available for them and any needed equipment must be purchased."

Typical disaster recovery remedies cannot be applied to year 2000 crashes, Hotle warns. "Disaster recovery plans are unlikely to be useful for Year 2000 problems, they assume that a hot site will be available to bring up their operations," he says. "Since the applications, not the data center, are at most risk, such an alternative will likely not be available."

Hotle also rails against the way supply chain relationships are being handled, which typically involve written surveys. While this may be legally proper, he believes "surveys are an enormous waste of time." Instead, Hotle advocates a risk management process in which managers sit down and determine which partners are most important, and developing a "meaningful relationship" with those partners.