Year 2000 Computing Challenge
State and USAID Need to Strengthen Business Continuity Planning Gao ID: T-AIMD-00-25 October 21, 1999The Year 2000 computer problem poses a unique challenge for the State Department and the United States Agency for International Development (USAID). Like all organizations, these agencies must remediate internal computer systems and plan for unexpected disruptions within the United States. However, they must also assess the Year 2000 status of virtually every country where the United States has a diplomatic presence and help to ensure the continuity of vital operations, such as protecting the welfare of millions of U.S. citizens traveling and living abroad, promoting economic development, providing humanitarian assistance, and achieving diplomatic agreements. This testimony discusses efforts by State and USAID to increase worldwide awareness of the Year 2000 problem, assess international preparedness, and inform American citizens of risks. GAO also discusses the agencies' progress in remediating their internal computer systems and their efforts to prepare business continuity and contingency plans to help ensure that they can continue to provide critical services.
GAO noted that: (1) the two agencies have taken a number of positive steps to address international year 2000 risks; (2) through its leadership of the President's Year 2000 Council International Relations Working Group, State has worked to increase awareness of the problem throughout the world, collected and shared information on the problem with other federal agencies and foreign nations, and encouraged the remediation of faulty computer systems; (3) State has also undertaken efforts to help ensure that Americans travelling and living abroad are informed about year 2000; (4) in addition, State has successfully tested its ability to collect and analyze information from its worldwide posts during the rollover; (5) both agencies also report that they have completed or almost completed remediation and testing of their mission critical computer systems; (6) State reports that all 59 of its mission critical systems are year 2000 compliant and according to AID, 6 of 7 are compliant; (7) however, State and AID have been much less effective in the area of business continuity and contingency planning (BCCP); (8) because of the nature of the year 2000 problem, organizations must first identify core missions and processes, decide which ones need to continue in the event of a year 2000-related emergency, and subsequently develop and test continuity and contingency plans that are clearly tied to the continuity of core processes; (9) this is especially true for State and AID since it is now clear that some countries will not be able to renovate all of their systems, and consequently may experience disruptions in critical services such as power, water, and finance--disruptions which, in turn, are likely to affect the operations of many embassies, consulates, and missions; (10) GAO's review showed that State's BCCP did not identify and link its core business processes to its year 2000 contingency plans and procedures and that the department has not yet tested its plans in year 2000 scenarios; (11) AID identified one core business process in its year 2000 BCCP, but did not identify or address other key agency functions; (12) AID also provided very little information on contingency planning activities for its missions and it is unclear when the agency expects to complete its BCCP process; and (13) consequently, both agencies lack assurance that they can sustain their worldwide operations and facilities into the new millennium.