Year 2000Year 2000
A Reality Check and GameA Reality Check and Game
PlanPlan
presented bypresented by
Chaim Yudkowsky, CPA...
Ed Yardeni
(Chief economist for Deutsche Morgan Grenfell)
“The recession odds are now up
60% because of millennial compute...
Singer Pat Boone
“I want to help bring Y2K to the
family dinner table”
Spokesperson of the Year 2000
National Educational ...
Who are you?
Who are you auditing?
Domestic or international?
PCs or mainframes?
Department
– Aviation MVA
– Port State Hi...
What do expect to learn today?
The schedule
Overview
Description of the problem
Y2K Statistics, risks, and myths
Defining compliance
Break (10-15 minutes...
The calendar
December 31, 1999 - Friday
January 1, 2000 - Saturday
January 2, 2000 - Sunday
January 3, 2000 - Monday
The Millenium Bug?
One problem or many?
Storage
Data entry
Interpretation
Dates and more dates
Problem: 00 instead of 0000
Leap Year thing
– The Gregorian calendar (1582)
The 1999 thing
– 4/9/99 (...
Dates and more dates
Two web sites for testing methodologies with
long lists of dates.
www.fdic.gov/banknews/fils/1998/fil...
The Y10K problem
400 Generations
Windows 98 may be fixed by then
Fewer than 2,922,400 days!
Almost 8,000 years of experien...
Year 2000 statistics - Overall
Loss of economic output (1998-2001): $119 billion
Cost of repair in the U.S.: $500 billion ...
Year 2000 statistics - Government &
Corp.
Cost to fix the IRS’ problem: $1 billion and
in Aug 1998 only 44% complete
Earli...
Small business
(under 100 people)
Number estimated to fail because of
problem - 7%
Estimated number aware of problem:
80%
...
Y2K in the recent news
USA Today (11/13) - US Reaches Out to Avert
Y2K-Induced Nuclear War
CNNfn (10/28) - The Newest Year...
Y2K in the recent news
News.com (11/13) - Bennett: SEC should
report on Y2K filings
News.com (11/20) - “23 states are stil...
Experiences - Real life
10,000 medical bills (1972)
Invitation to school (1988)
Emergency room abnormal blood count (1989)...
Videotape break
December 31, 1999 @ 11:59 p.m.
Discussion of potential risks to
your constituencies
What is the risk to you?
Systems that you control
Systems that you rely on, but do not control
Example risk areas
Information systems
Manufacturing control systems
Facilities
Supplier / customer chain
Transportation
P...
Discussion of transportation
system risks
Embedded chips
Power and telecommunications reliance
Congressional hearings and ...
Building control systems
Mechanical
Electrical
Utility monitoring
Fire / life safety
Vertical transportation
Security
Buil...
Building control concerns
Access system failure
Preventative maintenance shutdown
Energy management system malfunction
Tim...
Hardware and software
Hardware and the microchip
(embedded systems)
– Real-time clocks (RTC) & NT 4.0
Software
– Quicken
–...
4/21/99 - GPS Rollover
Devices emit erroneous data or shut down
Digital cell phones
Factory machines
Landing and navigatio...
The myths - Part I
A silver bullet exists
It’s just a mainframe problem
It’s just a software application problem
It’s just...
The myths - Part II
No one outside cares
No need to discuss this issue with an attorney
It’s not your responsibility - it’...
Compliance
Many definitions
Many nomenclatures to avoid compliance
terminology
– certification
– conformity
– approved
– t...
Definition of compliance (1)
Technology . . . when used in accordance with its associated
documentation, is capable of acc...
Definition of conformity (2)
Year 2000 conformity shall mean that neither
performance nor functionality is affected by
dat...
Microsoft definitions
Compliant
– May have prerequisite patch or service pack for
compliance
Compliant with minor issues
–...
Data Storage and Interpretation
Solutions
Four position century
Key date
Windowing
Sliding date / encapsulation (28 year c...
What must be done
Have a written plan
Develop a schedule
Identify who is responsible for what
Communicate with customers a...
Elements of the plan - Part 1
Awareness
– get everyone’s attention
– do not blame the IT people
– compliance vs. triage an...
Elements of the plan - Part 2
Assessment
– inventory of all technology including
embedded systems
– identify priority
– co...
Elements of the plan - Part 3
Contact vendors / publishers / manufacturers
Renovation
Validation and testing
– most expens...
Elements of a plan - Part 4
Implementation of renovated systems
– include a strategy for retrieval of data from
retired sy...
Elements of the plan - Part 5
Anticipate contingencies
Communicate
– internally
– externally???
Prayer!
Videotape break
Enterprise risk and contingency
planning video
To do - Remediation
Upgrade off-the-shelf where appropriate
Replace where appropriate
Hire programmers / consultants where...
To do - Things to think about
Consider business interruption insurance
Exclusions in policies effective April 1,
1998
Cont...
What is going on? - Disclosure
AICPA recommendations for disclosure
Year 2000 and Congress for public
companies
SEC requir...
What is going on? - Other
Being forced by the consultant - liability insurance
underwriting
Not enough people
Whole indust...
Auditor questions
Is there a Y2K plan?
Is it reasonable and attainable?
Will there be economic impact on the
client?
Does ...
Joke
After January 1, 2000, what will all the
Y2K experts be doing?
Lloyd’s of London estimates a $1 trillion
litigation p...
Litigation against whom?
Software vendors
Corporate directors and officers
Year 2000 consultants
Breach of contract - down...
Basis for litigation
Business interruption
Software licensing disputes
Negligence
Product warranty - warranty
of merchanta...
Litigation
Produce Palace International v. TecAmerica Corp.
(POS) - product defect
Atlaz International v. SBT (accounting ...
Other legal issues
State and federal legislation
Statute of limitations
Reasonably how far back can it reach
Legislation
Limiting liability
– Nevada, Florida, Georgia, Hawaii, Virginia
December 3 - Deadline for retroactive
liabilit...
Year 2000 Information and
Readiness Disclosure Act
Signed October 19, 1998
Retroactive protections to January 1, 1996
(Dec...
Other impact
M & A
– Corestates Bank
Closing down
Resources - On the web and off
Attachments
Books
Transportation specific
Other
Top 11 reasons to do nothing
(11 - 7)
You are waiting to see what happens that first morning in
Australia and will then re...
Top 11 reasons to do nothing
(6 - 1)
You don’t have a budget.
You believe in the Tooth Fairy.
Bill Gates will solve it.
No...
Case study discussion
BWI Airport
– How would you inform management about
what needs to be done?
– What are the things tha...
Video short
Remember . . .
1. Do something now.
2. Avoid analysis paralysis.
3. Expect for the week of January 1,
2000 to be busy.
4. ...
Questions?
Y2k presented at Towson University   December 1998
Y2k presented at Towson University   December 1998
Y2k presented at Towson University   December 1998
Y2k presented at Towson University   December 1998
Y2k presented at Towson University   December 1998
Y2k presented at Towson University   December 1998
Y2k presented at Towson University   December 1998
Upcoming SlideShare
Loading in …5
×

Y2k presented at Towson University December 1998

241 views

Published on

Chaim Yudkowsky, CPA, CITP, CGMA - Byte of Success

More extensive Y2K based training focused on the challenges of the time for small and midsized business preparedness technologically. Also, interesting historically based on what actually happened. Delivered in many settings over about 18 months.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
241
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Y2k presented at Towson University December 1998

  1. 1. Year 2000Year 2000 A Reality Check and GameA Reality Check and Game PlanPlan presented bypresented by Chaim Yudkowsky, CPAChaim Yudkowsky, CPA 410-296-6300 www.gnco.com www.byteofadvice.com December 1, 1998 - Only 396 days!
  2. 2. Ed Yardeni (Chief economist for Deutsche Morgan Grenfell) “The recession odds are now up 60% because of millennial computer failures. And there is even a chance of a depression. . . I am a Y2K alarmist.”
  3. 3. Singer Pat Boone “I want to help bring Y2K to the family dinner table” Spokesperson of the Year 2000 National Educational Task Force
  4. 4. Who are you? Who are you auditing? Domestic or international? PCs or mainframes? Department – Aviation MVA – Port State Highway – Mass transit Other
  5. 5. What do expect to learn today?
  6. 6. The schedule Overview Description of the problem Y2K Statistics, risks, and myths Defining compliance Break (10-15 minutes) Plan of attack Break (10-15 minutes) Legal & Y2K Legislative and Y2K Case study (time permitting)
  7. 7. The calendar December 31, 1999 - Friday January 1, 2000 - Saturday January 2, 2000 - Sunday January 3, 2000 - Monday
  8. 8. The Millenium Bug? One problem or many? Storage Data entry Interpretation
  9. 9. Dates and more dates Problem: 00 instead of 0000 Leap Year thing – The Gregorian calendar (1582) The 1999 thing – 4/9/99 (Julian calendar) – 4/21/99 – 9/9/99 The 2000 thing
  10. 10. Dates and more dates Two web sites for testing methodologies with long lists of dates. www.fdic.gov/banknews/fils/1998/fil9838b. html www.mardon-y2k.com
  11. 11. The Y10K problem 400 Generations Windows 98 may be fixed by then Fewer than 2,922,400 days! Almost 8,000 years of experience!
  12. 12. Year 2000 statistics - Overall Loss of economic output (1998-2001): $119 billion Cost of repair in the U.S.: $500 billion (equal to cost of Vietnam War) U.S. economic growth rate decrease in 1999: 0.3% Number of person years to fix and test: 700,000 Number of pre-1997 PCs unable to handle: 97% Number of vacancies for computer scientists and programmers: 350,000
  13. 13. Year 2000 statistics - Government & Corp. Cost to fix the IRS’ problem: $1 billion and in Aug 1998 only 44% complete Earliest year for readiness by the Dept. of Defense’s critical systems: 2012 Of America’s largest companies: – <33% considered impact – 20% done anything – 7% have problems now
  14. 14. Small business (under 100 people) Number estimated to fail because of problem - 7% Estimated number aware of problem: 80% Estimated number planning to address: <50%
  15. 15. Y2K in the recent news USA Today (11/13) - US Reaches Out to Avert Y2K-Induced Nuclear War CNNfn (10/28) - The Newest Year 2000 Problem is the Media – Only 2 out of 10 Northeast power utilities have made public statements News.com (11/20) - “Of those surveyed, 16% reported that they have already deployed Y2K remedial programs.”
  16. 16. Y2K in the recent news News.com (11/13) - Bennett: SEC should report on Y2K filings News.com (11/20) - “23 states are still planning their Year 2000 strategies . . .” News.com (11/24) - Government scores “D” on Y2K readiness The Sun (11/23) - Year 2000 threat not as serious as feared
  17. 17. Experiences - Real life 10,000 medical bills (1972) Invitation to school (1988) Emergency room abnormal blood count (1989) Swedish food wholesaler Golf Power outages - 1984 (Oregon) September 17, 1991 - brown out + telephone outage and airports
  18. 18. Videotape break December 31, 1999 @ 11:59 p.m.
  19. 19. Discussion of potential risks to your constituencies
  20. 20. What is the risk to you? Systems that you control Systems that you rely on, but do not control
  21. 21. Example risk areas Information systems Manufacturing control systems Facilities Supplier / customer chain Transportation Power grid / electric continuity Communication networks – don’t forget e-mail
  22. 22. Discussion of transportation system risks Embedded chips Power and telecommunications reliance Congressional hearings and readiness
  23. 23. Building control systems Mechanical Electrical Utility monitoring Fire / life safety Vertical transportation Security Building automation Leak detection
  24. 24. Building control concerns Access system failure Preventative maintenance shutdown Energy management system malfunction Time / date logs not functioning
  25. 25. Hardware and software Hardware and the microchip (embedded systems) – Real-time clocks (RTC) & NT 4.0 Software – Quicken – even the Mac Networking – Network operating systems
  26. 26. 4/21/99 - GPS Rollover Devices emit erroneous data or shut down Digital cell phones Factory machines Landing and navigational data for aircraft and ground transportation (containers and trucks) Customer power allotments
  27. 27. The myths - Part I A silver bullet exists It’s just a mainframe problem It’s just a software application problem It’s just a COBOL problem If your application is compliant - no need to worry A fixed system will not have problems
  28. 28. The myths - Part II No one outside cares No need to discuss this issue with an attorney It’s not your responsibility - it’s your business advisor’s There’s plenty of time January 1, 2000 (or 3) will be an ordinary day The problem will not begin until 1/1/00
  29. 29. Compliance Many definitions Many nomenclatures to avoid compliance terminology – certification – conformity – approved – tested
  30. 30. Definition of compliance (1) Technology . . . when used in accordance with its associated documentation, is capable of accurately processing, providing, and/or receiving, data from, into and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including leap year calculations; provided all other technology used in combination with said technology properly exchanges the date data with it. The technology itself must independently meet these requirements and the interfaces when it exchanges date data, must properly exchange date data as defined herein. Institute of Electrical and Electronics Engineers Inc. (IEEE)
  31. 31. Definition of conformity (2) Year 2000 conformity shall mean that neither performance nor functionality is affected by dates prior to, during, and after the year 2000. UK’s IT Association
  32. 32. Microsoft definitions Compliant – May have prerequisite patch or service pack for compliance Compliant with minor issues – . . . with some disclosed exceptions that constitute minor date issues
  33. 33. Data Storage and Interpretation Solutions Four position century Key date Windowing Sliding date / encapsulation (28 year cycle) Date compression
  34. 34. What must be done Have a written plan Develop a schedule Identify who is responsible for what Communicate with customers and vendors – You must know who they are
  35. 35. Elements of the plan - Part 1 Awareness – get everyone’s attention – do not blame the IT people – compliance vs. triage and contingency planning Designate someone - single point of contact – Strong institutional knowledge – Authority from the top
  36. 36. Elements of the plan - Part 2 Assessment – inventory of all technology including embedded systems – identify priority – contact vendors – need proper source code for software – ownership of software
  37. 37. Elements of the plan - Part 3 Contact vendors / publishers / manufacturers Renovation Validation and testing – most expensive phase / methodology – refer to web sites mentioned earlier – test prototype - not real data – for critical systems test even with letters
  38. 38. Elements of a plan - Part 4 Implementation of renovated systems – include a strategy for retrieval of data from retired systems – frequent monitoring and reviewing if any new areas must be addressed
  39. 39. Elements of the plan - Part 5 Anticipate contingencies Communicate – internally – externally??? Prayer!
  40. 40. Videotape break Enterprise risk and contingency planning video
  41. 41. To do - Remediation Upgrade off-the-shelf where appropriate Replace where appropriate Hire programmers / consultants where appropriate – accountability and project management – outsource vs. use your staff – managing external vendors Mitigate your risk relating to suppliers and service providers
  42. 42. To do - Things to think about Consider business interruption insurance Exclusions in policies effective April 1, 1998 Contingency planning and triage
  43. 43. What is going on? - Disclosure AICPA recommendations for disclosure Year 2000 and Congress for public companies SEC requirements for disclosure for public companies – August 4, 1998 (10K disclosures) Banks Should you answer compliance letters?
  44. 44. What is going on? - Other Being forced by the consultant - liability insurance underwriting Not enough people Whole industry of topical magazines and Web sites Year 2000 warranties Statements of Year 2000 compliance Special Y2K lending by banks Accounting for costs in fixing the problem - expensed International fixes - E.U. (January 1, 1999)
  45. 45. Auditor questions Is there a Y2K plan? Is it reasonable and attainable? Will there be economic impact on the client? Does the company have adequate resources? How vulnerable is the physical plant?
  46. 46. Joke After January 1, 2000, what will all the Y2K experts be doing? Lloyd’s of London estimates a $1 trillion litigation potential!
  47. 47. Litigation against whom? Software vendors Corporate directors and officers Year 2000 consultants Breach of contract - down and up Liability against anyone
  48. 48. Basis for litigation Business interruption Software licensing disputes Negligence Product warranty - warranty of merchantability Breach of express warranty Breach of implied warranty Deceptive trade practices
  49. 49. Litigation Produce Palace International v. TecAmerica Corp. (POS) - product defect Atlaz International v. SBT (accounting sw) Symantec Antivirus States suing industry (North Carolina) Anderson Consulting v. J. Baker., Inc. Issokson v. Intuit
  50. 50. Other legal issues State and federal legislation Statute of limitations Reasonably how far back can it reach
  51. 51. Legislation Limiting liability – Nevada, Florida, Georgia, Hawaii, Virginia December 3 - Deadline for retroactive liability protection Other
  52. 52. Year 2000 Information and Readiness Disclosure Act Signed October 19, 1998 Retroactive protections to January 1, 1996 (December 3, 1998) “Year 2000 Readiness Disclosure” Immunity for non-fraudulent statements Limited anti-trust exemptions New written policies
  53. 53. Other impact M & A – Corestates Bank Closing down
  54. 54. Resources - On the web and off Attachments Books Transportation specific Other
  55. 55. Top 11 reasons to do nothing (11 - 7) You are waiting to see what happens that first morning in Australia and will then respond if it is a problem. You’re planning to retire next year. You want to surprise the stockholders. January 1, 2000 falls on a Saturday - you’ll have lots of time over the weekend. Government will pass legislation to roll back the clock to 1900.
  56. 56. Top 11 reasons to do nothing (6 - 1) You don’t have a budget. You believe in the Tooth Fairy. Bill Gates will solve it. Nostradamus never mentioned this problem. Your multimillion-dollar company doesn’t rely on computers. You’re already in Chapter 11.
  57. 57. Case study discussion BWI Airport – How would you inform management about what needs to be done? – What are the things that can go wrong? – How would you do (task descriptions)? – What priorities would you give? – What would be some of your contingency plans?
  58. 58. Video short
  59. 59. Remember . . . 1. Do something now. 2. Avoid analysis paralysis. 3. Expect for the week of January 1, 2000 to be busy. 4. “There will be plenty of work after January 1.”
  60. 60. Questions?

×