Year 2000 Computing CrisisDefense Has Made Progress, But Additional Management Controls Are Needed Gao ID: T-AIMD-99-101 March 2, 1999
The Defense Department (DOD) has recently taken steps to strengthen management of its Year 2000 program by providing the controls and guidance needed to fix and test systems. It has also appropriately shifted its focus to core business readiness and operational risks through (1) planning for the performance of end-to-end tests of key functional area business processes, (2) executing a series of simulated Year 2000 operational exercises, and (3) conducting system integration tests at the military service level. In addition, the Deputy Secretary has become actively involved in directing and monitoring Year 2000 efforts. However, DOD still faces two significant challenges and a fast-approaching deadline. First, DOD must still catch up and complete remediation and testing of mission critical systems. Second, it needs to be reasonably confident that key processes will continue to work on a day-to-day basis and key operational missions essential to national defense can be successfully accomplished. Consequently, DOD needs to take steps to improve its visibility over the status of key business processes. The information is critical to identify those areas where DOD faces the greatest risk of failure and critical to providing the necessary data for preparing overall business continuity plans.
GAO noted that: (1) DOD's efforts to confront the year 2000 problem is particularly daunting because: (a) DOD's size and scope of operations, criticality of mission, and heavy reliance on a diverse portfolio of information technology is unparalleled in either the public or private sector; and (b) despite considerable progress in the last 3 months, DOD is still well behind schedule; (2) this is largely because DOD did not have the necessary oversight and management framework for handling large-scale departmentwide information technology projects; (3) DOD has recently taken steps to strengthen management of its year 2000 program by providing the controls and guidance needed to fix and test systems; (4) it also has appropriately shifted its focus to core business readiness and operational risks through: (a) planning for the performance of end-to-end tests of key functional business processes; (b) executing a series of simulated year 2000 operational exercises; and (c) conducting system integration tests at the military service level; (5) the key to DOD's success rests in putting in place effective controls for DOD to have the timely and reliable information to know what is going right or wrong so that corrective action can be swift and effective; and (6) for DOD to minimize risks in the 305 days remaining before the year 2000 deadline, it must act quickly and decisively to implement and enforce these controls.