ES, IG-99-044, Year 2000 Program Implementation Phase

YEAR 2000 PROGRAM
IMPLEMENTATION PHASE
IG-99-044

Executive Summary

Background
The Year 2000 (Y2K) date conversion problem affects computer systems worldwide. Software application programs that use a standard two-digit format (mm/dd/yy) to generate a date may not work properly after the year 2000. Systems that will continue to function properly are designated "Y2K compliant." Systems that are not "Y2K compliant" are at risk of failure and may cause other systems to fail.
To help Federal agencies prepare for possible Y2K-related failures, the Office of Management and Budget (OMB) adopted the General Accounting Office (GAO) contingency planning guide, for Federal agency use.⁽¹⁾ The guide identifies the key elements that a business continuity and contingency plan (BCCP) should contain (descriptions of the resources, staff roles, procedures, and timetables needed for implementation) and the key elements that a contingency test plan should address (test objectives, test approaches, required equipment and resources, necessary personnel, schedules and locations, test procedures, and expected results).

Objectives
The overall audit objective was to determine whether NASA had effectively managed the implementation of Year 2000 compliant systems. However, due to the short time remaining in 1999 to address Y2K issues, we limited our efforts to a review of contingency planning. Specifically, we evaluated NASA's efforts to prepare contingency plans that include procedures and timetables for continuing Agency operations in the event critical systems fail and to prepare test plans according to applicable guidance (see Appendix A). We have issued four other reports related to the Y2K issue; those reports are summarized in Appendix B.

Results of Audit
Under the leadership of the NASA Chief Information Officer (CIO), the Agency has been actively engaged in developing the BCCP's to prepare for Y2K-related failures. However, as of June 30, 1999, NASA installations⁽²⁾ had not incorporated various key elements into the BCCP's and contingency test plans. (NASA will be updating its BCCP's and test plans through November 1999.) Consequently, NASA lacks assurance that it can effectively respond to Y2K-related failures.

Recommendations
The CIO should request Center and Enterprise managers to incorporate all key elements into the BCCP's. Also, the CIO should update the Agency's BCCP guidance relating to contingency plan testing to address key test plan elements.

Management's Response
Management concurred with each recommendation. The complete text of the response is in Appendix C. We consider management's comments responsive.

FOOTNOTES

1. The GAO guide is entitled, "Year 2000 Computing Crisis: Business Continuity and Contingency Planning," August 1998.

2. We performed our review at the Ames Research Center (Ames), Jet Propulsion Laboratory, Lyndon B. Johnson Sapce Center (Johnson), and George C. Marshall Space Flight Center (Marshall).

Report in PDF

Background	The Year 2000 (Y2K) date conversion problem affects computer systems worldwide. Software application programs that use a standard two-digit format (mm/dd/yy) to generate a date may not work properly after the year 2000. Systems that will continue to function properly are designated "Y2K compliant." Systems that are not "Y2K compliant" are at risk of failure and may cause other systems to fail. To help Federal agencies prepare for possible Y2K-related failures, the Office of Management and Budget (OMB) adopted the General Accounting Office (GAO) contingency planning guide, for Federal agency use.⁽¹⁾ The guide identifies the key elements that a business continuity and contingency plan (BCCP) should contain (descriptions of the resources, staff roles, procedures, and timetables needed for implementation) and the key elements that a contingency test plan should address (test objectives, test approaches, required equipment and resources, necessary personnel, schedules and locations, test procedures, and expected results).
Objectives	The overall audit objective was to determine whether NASA had effectively managed the implementation of Year 2000 compliant systems. However, due to the short time remaining in 1999 to address Y2K issues, we limited our efforts to a review of contingency planning. Specifically, we evaluated NASA's efforts to prepare contingency plans that include procedures and timetables for continuing Agency operations in the event critical systems fail and to prepare test plans according to applicable guidance (see Appendix A). We have issued four other reports related to the Y2K issue; those reports are summarized in Appendix B.
Results of Audit	Under the leadership of the NASA Chief Information Officer (CIO), the Agency has been actively engaged in developing the BCCP's to prepare for Y2K-related failures. However, as of June 30, 1999, NASA installations⁽²⁾ had not incorporated various key elements into the BCCP's and contingency test plans. (NASA will be updating its BCCP's and test plans through November 1999.) Consequently, NASA lacks assurance that it can effectively respond to Y2K-related failures.
Recommendations	The CIO should request Center and Enterprise managers to incorporate all key elements into the BCCP's. Also, the CIO should update the Agency's BCCP guidance relating to contingency plan testing to address key test plan elements.
Management's Response	Management concurred with each recommendation. The complete text of the response is in Appendix C. We consider management's comments responsive.