Year 2000 Computing Challenge

The Office of Personnel Management (OPM), like other federal agencies, has been working to safeguard its critical computer systems against possible failures resulting from the Year 2000 problem. OPM's preparedness for the upcoming date change at the turn of the century is vital to ensuring the continuation of important functions, such as processing annuity payments to federal retirees and their survivors. In addition to preparing critical computer systems for the Year 2000, federal agencies need to develop plans to ensure the continuity of their operations in the event of systems failures. The agencies should also prepare for possible disruptions to critical services like power, water, and telecommunications. This report reviews OPM's business continuity and contingency planning efforts to manage and mitigate the risks of Year 2000-related business failures. GAO evaluates OPM's efforts to (1) develop an overall planning strategy for ensuring the continuity of agency operations, (2) assess the risk and impact of system failures on the agency's core business processes, (3) prepare contingency plans that include procedures and timetables for continuing agency operations in the event that critical systems fail, and (4) test the contingency plans to determine their effectiveness.

GAO noted that: (1) OPM has made progress in its business continuity planning efforts in preparation for the year 2000 computing problem; (2) using GAO's guidance on year 2000 business continuity planning for federal agencies, OPM developed a strong planning strategy for ensuring the continuity of critical agency operations in the event of year 2000-induced system failures; (3) to develop its planning strategy, OPM created a project structure involving representatives from the agency's major business units; (4) through the coordination of this project work group, OPM developed a master schedule and milestones for continuity planning activities, identified business processes that are critical to agency operations, established key reporting requirements, and obtained the concerted support and involvement of the agency's senior management; (5) GAO's review raised concerns, however, about OPM's implementation of the business continuity planning strategy; (6) GAO identified these concerns after reviewing key planning documents that OPM had developed according to critical milestones established by the agency in its year 2000 business continuity planning process; (7) specifically, GAO's concerns involved the approach that OPM used for: (a) assessing the risk and impact of system failures on the agency's core business processes; (b) preparing contingency plans to be used in the event of critical system failures; and (c) developing plans to test the contingency plans to determine whether they would be effective if implemented; (8) when OPM presented GAO with its written comments on a draft of this report, it provided GAO with supplemental documentation that demonstrated that the agency had taken additional actions to address GAO's concerns; (9) by taking these additional actions, OPM has improved the implementation of its business continuity planning strategy and increased the likelihood that critical agency functions can be carried out even if year 2000-induced failures occur in key computer systems; and (10) thus, GAO is not making recommendations to address the concerns originally observed.