sitemap
contact us
privacy policy
 
user id:
password:
 
 
   
   
 
 
 
 
 
 
   
 

Email:

Format:

 
 
 
       
       
 
86 Weybosset Street
5th Floor
Providence, RI 02903
401.521.6320
401.751.1915 fax


  
  Publications & Policy Areas

 
 
Other Reports

 
 
 

Rhode Island's Year 2000 Computer Program

As part of the 1998-1999 Operating Program, RIPEC conducted a review of Rhode Island State government's program to address the year 2000 computer problem. The year 2000 computer problem, also known as the millennium bug or Y2K, refers to the inability of computer hardware, software and computer chips with embedded processors to perform computations or functions involving dates later than December 31, 1999. Due to this error, some computers and computer-dependent products may shut down, malfunction and/or produce erroneous information.

Conducted during the month of September and updated through mid-November, RIPEC's review found that State government has made progress identifying potential Y2K problems and developing solutions to avoid complications associated with internal computer systems (e.g., desk-top computers, mainframe systems). The State appears less prepared, however, to deal with issues that may arise concerning infrastructure (e.g., security systems, heating and ventilation) and external data interchanges (i.e., transfer of data between two or more computer systems).

To avoid disruptions to government programs and/or health and safety-related problems caused by computer-dependent systems failing, RIPEC recommends the following:

  1. State government should convene a senior-level task force to provide oversight and executive leadership for the Y2K program;
  2. Agencies should begin submitting monthly status reports detailing Y2K compliance efforts to the State's year 2000 program manager, Chief Information Officer and the senior-level task force;
  3. An inventory and assessment, along with a detailed plan of action, must be developed to ensure all infrastructure and external data interchanges function properly;
  4. The General Assembly should conduct oversight hearings of the year 2000 computer program beginning in January and periodically thereafter;
  5. The State should offer technical assistance to Rhode Island's 39 cities and towns to make certain municipal governments and public school districts are sufficiently prepared for the date change;
  6. For each State agency potentially affected, contingency plans should be developed for the operation of State government in the event year 2000 problems arise; and
  7. A review of the State's legal liability pertaining to potential year 2000 problems should be completed, with a report prepared and delivered to the Governor, Attorney General and General Assembly by March 31, 1999.

In October RIPEC provided copies of its initial Y2K review to the Director of the State Department of Administration, Chief Information Officer and year 2000 program manager. The Chief Information Officer, year 2000 program manager and a State computer specialist presented information regarding the State's Y2K program to the RIPEC Board of Directors on November 19, 1998.


Background Information on Year 2000 Problem

The year 2000 computer problem, also known as the millennium bug or Y2K, refers to the inability of computer hardware, software and computer chips with embedded processors to perform computations or functions involving dates after December 31, 1999. Most computers and computer-dependent products designed more than five years ago store dates in space-saving six-digit formats (e.g., 11/25/98 to represent November 25, 1998). When the system attempts to recognize January 1, 2000 or some other date with "00" or later as the year, computers and computer-dependent products using the six-digit format may interpret 01/01/00 as January 1, 1900. Due to this type of error, some computers and computer-dependent products may shut down, malfunction or produce erroneous information.

Much of the public attention to date has focused on computers as we usually define them, the hardware and software of a personal computer (PC) or a mainframe system containing millions of lines of data. While hardware, software and mainframe systems are vulnerable to the year 2000 problem, the elevator running between floors of a high-rise apartment and the traffic signals at a busy intersection may contain embedded processors. Because of embedded processors, these computer-dependent products may be susceptible to the millennium bug. In our society, there are few products that do not contain some form of computerized mechanism.

At the State level, computers are used for a myriad of purposes; to process Medicaid payments, to record tax receipts, to issue entitlement checks, to monitor prisoners, to control the climate of State-owned buildings and to regulate the flow of sewerage, to name but a few examples of computer-dependent operations.

With less than 400 days remaining until the end of 1999, the deadline to address potential year 2000 problems is fast approaching. Some national computer experts contend that for certain operations and products the time to address Y2K has passed, due to the time required to fix the problem and/or the inability to obtain the necessary computer hardware and software. For most operations, however, there likely remains a window of opportunity to remedy or circumvent the looming problem before disruptions occur.

Four general Y2K areas require attention from the State (as well as local governments, other public entities and the private sector): (1) internal computer systems; (2) infrastructure; (3) external data interchanges; and (4) legal liability.

Internal computer systems include mainframe and client/server systems, desktop personal computers and distributed networks. Mainframe and client/server systems tend to involve millions of lines of computer code used to run programs. With extensive lines of code, often undocumented, the time and effort involved to repair or replace these systems can be significant. At the State level, these include, but are not limited to; the Department of Administration's core financial systems, with approximately eight million lines of code; the Division of Motor Vehicles automobile registration and drivers license library; and the Department of Corrections human resources database.

Infrastructure includes all types of property, equipment and machinery. With over 1,500 State buildings (including the universities), hundreds of miles of roads with street lights and traffic signals, elevators, medical equipment, HVAC systems and a host of other computerized systems, this aspect of the Y2K issue requires extensive inventory, assessment and, when necessary, remediation.

External data interchanges involve the trading of data between two or more systems. For the State, this includes the internal exchange of data among State agencies, between the Federal and State governments, between the State and Rhode Island's cities and towns, and between the State and non-governmental entities. Some analysts suggest that if the State's "business partners" are not Y2K compliant, when data is exchanged between systems it may corrupt the State's compliant computer systems, or vice versa.

In addition to the actual computer-related problems that require attention and resources, governments as well as private-sector entities may be susceptible to legal liability challenges in the event systems malfunction or fail. Already, lawsuits have been filed based on alleged Y2K problems that caused computer-dependent systems to malfunction.

Given the vastness of this potential problem and the wide range of services that may be affected, a carefully crafted Y2K program is vital to the interests of State and local governments, public school districts, the business community and the general public.


An Overview of Rhode Island's Y2K Program

On January 9, 1997 Governor Lincoln Almond issued Executive Order 97-1, "Year 2000 Technology Correction Initiative," which called for the establishment of a year 2000 task force and named the State's Chief Information Officer as coordinator of the State's year 2000 efforts. The executive order directed the Chief Information Officer to present a report with recommendations to the Governor and Director of Administration on the scope of the problem and options to address it, including a cost estimate.

A preliminary report – prepared by Don Estes and Associates of Waltham, MA – was presented to the State's Chief Information Officer in June 1997. The report focused on the major agencies but did not include the State's university system or the judiciary. The State's public universities, however, have been filing Y2K status reports with the Board of Governors.

In addition, the Estes report focused only on internal systems and did not include an inventory or assessment of infrastructure or external data interchanges. Agencies have recently been asked by the Department of Administration to inventory and assess Y2K issues associated with infrastructure and external data interchanges.

The consultant's primary conclusion was that Rhode Island was not headed for a serious debacle in mainframe, minicomputer or microcomputer software applications due to year 2000 issues. He did caution, however, that there were several significant factors preventing the assurance of success, including incorrect assessment by agency technical personnel, insufficient organizational support for a large scale time sensitive project and institutional delay.

Highlighted in the report was the need for "immediate, resolute, and accountable management with sufficient authority...to assume control of an agency project if timelines are not met."

A June 1998 update – prepared by computer consultant David Hall – categorized the State's year 2000 status as "guarded." In his assessment, Hall noted the lack of a statewide year 2000 master plan, no readiness or compliance standards, no formalized year 2000 awareness program, no contingency plans for dealing with possible impacts on State government functions or its citizens, and no formal reporting process in place to bring year 2000 project status to the attention of legislative or executive levels.

 

Program Management and Leadership

Rhode Island's year 2000 program is housed in the State's Chief Information Office, located within the Department of Administration, and is comprised of one staff person serving as program manager. The State utilizes the services of outside consultants to assist with program development and implementation/monitoring.

Individual agency personnel – primarily information technology (IT) professionals – have assumed responsibility for each agency's Y2K projects. A significant amount of internal systems work has been accomplished on an agency-by-agency basis, according to the State's Y2K program manager and the consultants. Rhode Island's Chief Information Officer informed the RIPEC Board at its November meeting that the State should be compliant in the systems that need to be compliant by the middle of 1999. The State, however, has not prepared compliance documentation nor developed a standard method of systems verification.

The State's consultants concluded that there remains a lack of coordination among all agencies and the lack of a year 2000 master plan. This runs counter to best practices developed and used by many large organizations. State governments and large businesses reviewed by RIPEC have typically utilized a "centrally directed, locally executed" program that includes an organization-wide year 2000 program and provides project guidelines for individual business units or agencies to follow.

A common, more centrally coordinated state government approach to the problem includes monthly progress reports submitted to an upper-level management team, ongoing oversight by a legislative committee, adherence to project-based time lines, and standard testing procedures to determine Y2K compliance/readiness. Rhode Island State government has not utilized these practices. Instead, the State's Y2K program office has served as a technical advisor to answer agency questions, and the General Assembly has held one hearing – that by the House Finance Committee in January 1998 – to review the State's year 2000 program.

The Estes (1997) report's top recommendation was the establishment of a year 2000 program management office:

to coordinate and enforce adherence to best practice standards in each individual project for replacement/remediation and testing…The project manager of each individual project should report to the program management office as well as their own agency management. Aggressive program management with full accountability for on-time delivery will be required to ensure success by all agencies.

Both of the consultants hired by the State, in reports presented in June of 1997 and 1998, noted the lack of a formal reporting process to bring year 2000 project status to the attention of leaders at both the legislative and executive levels. This process has yet to be established.

While a State task force has not been established, IT staff from State agencies have met on occasion to discuss internal systems issues and consider remediation efforts. The State's Y2K program does not require State agencies to submit reports on the level of detail or type of inventory, assessment, remediation efforts, testing procedures, implementation, or certification of year 2000 compliance. The Y2K program manager stated that these issues have been discussed with agency personnel on a one-to-one basis but no formal reporting process exists, nor is one being contemplated.

To date, no upper-level management committee has been established to implement and/or monitor the State's Y2K program. This is a departure from the practice of a number of states, including Massachusetts, Minnesota, Pennsylvania, Texas and Washington. In November the State's Chief Information Officer reported that an upper-level management group would be formed. While membership has not been determined, this task force is likely to be charged with monitoring the State's year 2000 program

The Office of the Auditor General is in the process of gathering information on the status of the State's major core computer systems (e.g., DoA's core financial system and the Division of Taxation's core data system). This information, to be compiled by mid-December, should be useful in assessing the Y2K status of the State's major internal systems. The Auditor General's review does not include the State's infrastructure and external data interchanges, nor does it include all of the State's internal systems.

The Auditor General's Office is also obtaining information, by way of a survey sent to all municipalities, on the Y2K activities of Rhode Island's 39 communities. Based on initial responses from several municipalities, a similar survey is being sent to public school districts to assess their year 2000 readiness. This information will likely be used to evaluate the preparedness of local governments and school districts and identify areas in need of attention. An initial report may be prepared by the end of December 1998.

The Governmental Accounting Standards Board (GASB) had issued a proposed technical bulletin that would have required governmental entities to disclose Y2K information as part of their financial statements. Information proposed for disclosure included the amount of money already spent and committed in the future to make computers and other equipment year 2000 compliant, and a status report on the stages of work necessary to make the systems and equipment compliant. According to a GASB official, it is now unlikely that the proposed technical bulletin will be implemented.

The State Office of Accounts and Control is substituting its annual review of agency performance (required by the Financial Integrity and Accountability Act) with a Year 2000 Compliance Review. The intent of this review is to generate information on each agency's year 2000 status. Every State agency – including the quasi-public agencies and the judicial branch – was sent a questionnaire requesting Y2K information. This self-assessment tool will be used to help the State's Y2K program manager determine the year 2000 status of individual agencies and highlight agencies in need of assistance. The questionnaire was to be completed and returned to the Office of Accounts and Control by November 30, 1998. A report should be completed by the end of this calendar year.

 

Internal Systems

Individual agencies were responsible for compiling an inventory and assessment of Y2K needs pertaining solely to internal systems, with IT staff typically performing this task. The State's consultant compiled information from the 18 major agencies and summarized each agency's internal systems needs. This information served as the basis of the Estes report (1997). Omitted from the report were the State's university system and judiciary. As mentioned previously, the universities reportedly have been submitting Y2K status reports to the Board of Governors.

The Estes report projected that the State's direct costs for addressing Y2K internal systems problems were between $6 million and $21 million, with a median estimate of approximately $13 million. The consultant included a caveat, reporting a "significant possibility that additional analysis and any delay in implementation will raise these figures substantially." The wide ranging cost estimate is due to insufficient agency information and the ever-changing variables associated with this issue.

The Estes report also included a disclaimer stating, "Some agencies did not submit information, and all information submitted was obviously incomplete or discussed as incomplete during the interviews." Of the 18 agencies surveyed, ten were listed as providing insufficient data necessary to determine the agency's needs.

Eight agencies, including the Departments of Administration (Taxation), Corrections, Labor and Training, Health and the Division of Motor Vehicles, were identified as "agencies at greatest risk of at least partial failure of significant computer functions."

Since the time of this initial analysis, the State has moved forward with several internal systems projects and in September 1998 the Y2K office provided eight agencies with project grants totaling $1.9 million. The year 2000 project office received 30 requests from 14 agencies totaling $4.3 million. Major grant recipients included the Division of Motor Vehicles ($600,000), the Department of Administration ($450,000), and the Department of Corrections ($300,000). These Y2K-specific grants are in addition to agency funds devoted to these projects.

Of the agency projects not funded, the single largest request – $1.1 million – came from Rhode Island College for replacement of its core financial system. This request represented half of the amount quoted by a potential vendor. The State is working with RIC staff to reduce the costs and minimize the risk of failure associated with the proposed solution. According to RIC personnel, the existing financial system – as well as human resources and student systems – may cease to function properly if Y2K problems are not remedied in a timely manner.

By way of example, State agencies' 1997 review of internal systems included the following high priority Y2K issues:

Dept. of Health – computer systems used for: case management, continuing education tracking, registered drug distributors, pharmacy exam grading, hypodermic dealers, asbestos, radon and radiation tracking, lead poisoning, and infant mortality.
Dept. of Human Services – cash assistance and benefits distribution system; and
MHRH – financial reporting, payroll and workers compensation system, pharmaceutical inventory and tracking of patient drugs, and the tracking system for drug ordering, dispensing, reporting and analysis.
The four-person year 2000 agency grant evaluation committee – which included three staff members from the Department of Administration and an analyst from the State Budget Office – reported in September that an additional $10.0 million may be necessary to fund other Y2K projects in FY 1999. The State Budget Office, in a memorandum dated November 13, 1998, recognized the need for at least $2.65 million in supplemental appropriations during FY 1999 to address year 2000 issues.

 

Infrastructure

As mentioned in the Program Overview section of this review, infrastructure issues have not received the same level of attention as internal systems. According to the Y2K program manager, each State agency is presently conducting an inventory and assessment of Y2K infrastructure needs. Infrastructure that may be susceptible to Y2K problems includes, but is not limited to, facility heating and cooling systems, medical equipment, water treatment systems, traffic control systems, fire alarms and security systems.

The Estes (1997) report noted the following:

…the State is at risk from aspects of the general infrastructure which utilize computer controls. A recent estimate suggests that 5% of all control systems will fail or operate in an erratic and damaging mode. As a result, disaster contingency plans need to be developed for the potential loss or reduction in capacity or reliability of water, sewage, electricity, voice and data telephone systems, and in fact from any aspect of daily life that involves a computer chip. Although outside the scope of this study, this could incur the greatest costs and disruption to the State.

The inventory and assessment phase should be completed by December 1998, at which time a more detailed and comprehensive understanding of the State's Y2K infrastructure needs should be available. Due to the lack of quantifiable information, it is too early to determine the potential cost to the State to remedy this aspect of the year 2000 problem.

 

External Data Interchanges

As with infrastructure, the State's external data interchanges have not been adequately inventoried and assessed for Y2K deficiencies. The State has been working with the Federal government in an effort to determine the types and levels of interchanges between these two entities, but the State also exchanges data with Rhode Island communities, private sector businesses and non-profit agencies. These business partners must be identified, evaluated for Y2K compliance related to the data sent and received, and a plan developed to make certain that the necessary information exchanges will continue unaffected. Agencies are being surveyed to identify and evaluate year 2000 compliance of external data interchanges. This information should be available by the end of December 1998. State costs to maintain the integrity of these external data interchanges have not been determined.

The State's Y2K program manager also reported that attempts have been made to contact officials in Rhode Island's 39 municipalities to discuss year 2000 issues. To date, there appears to have been relatively modest and infrequent interaction between the State and the cities and towns. As mentioned previously, a survey of municipal Y2K efforts is in the process of being completed by the Auditor General.

 

Contingency Plans

As of mid-November, the State had not developed formal contingency plans in the event systems fail or malfunction. The Rhode Island National Guard and Emergency Management Agency have been working together to develop contingency plans, and the Federal Emergency Management Agency has issued reporting requirements regarding each State's preparation for year 2000 problems. FEMA's initiative should encourage State officials to formalize their activities.

While public health and safety contingency plans are being considered, the State is reportedly waiting until the second or third quarter of 1999 to begin developing contingency plans for the operation of State agencies in the event agencies are adversely affected by Y2K. The cost to develop these plans has not been determined.


Issues/Recommendations

RIPEC's review of the State's Y2K Program suggests the immediate need for greater focus and commitment.
Time is running short and there remain outstanding issues that demand attention. While the State appears to be making progress in its efforts to avoid internal systems malfunctions caused by the year 2000 problem, additional resources, greater coordination and the need for top level oversight and monitoring are needed to ensure a smooth transition and avoid major disruptions.

A State Y2K task force, comprised of agency directors/deputy directors and representatives from the State's higher education institutions and the judiciary, should be established to prioritize projects and monitor implementation.

Project-specific timelines need to be established and adhered to, along with monthly reporting requirements. Tests should be performed on all reportedly compliant systems, with special emphasis on those systems deemed mission critical.

The Rhode Island General Assembly should hold legislative oversight hearings in January and at various times throughout the year to monitor the State's Y2K status.

These hearings would be useful in ensuring that State government is prepared for the new millennium, or that contingency plans are properly planned and ready for implementation. The aforementioned State Y2K task force should make monthly status reports available to the General Assembly.

Infrastructure and external data interchanges must be completely inventoried and assessed for Y2K compliance. Upon completion of this inventory and assessment, compliance plans should be developed and implemented before the end of March 1999.
These issues remain an uncertainty, with incomplete inventory and assessment. The inventory and assessment information should be coordinated statewide, prioritized based on criteria which emphasizes mission critical and public safety concerns, and remediation plans developed with project-specific timelines. Monthly monitoring meetings by the State's Y2K task force should focus particular attention on these areas, in addition to internal systems.

The Office of Municipal Affairs, or another State agency with knowledge of local governments and school districts, in conjunction with the State's Y2K task force, should be proactive in working with communities to address Y2K issues.
Greater outreach, including a project devoted solely to assisting cities and towns, may be necessary to make certain that the public sector is prepared to deal with the potential problems associated with the date change. The Auditor General's survey of municipal officials and school districts should be useful in determining the needs of the State's municipalities.

While cities and towns should not be dictated to in terms of specific projects or a specific approach to the problem, State government has a vested interest in ensuring that all levels of government are adequately prepared. The State need not reinvent the wheel in assisting cities and towns with Y2K issues, several states (Texas, Pennsylvania, Washington and Minnesota, in particular) have already taken the lead in developing resource materials for local governments and these materials are available over the Internet. In addition, a host of public sector organizations have prepared resource materials for municipal Y2K programs, most of which are available without charge.

The Division of Purchasing – along with appropriate legal counsel (e.g., the Attorney General's Office) – should work with the Department of Administration to ensure the State documents its Y2K efforts, that all new contracts contain proper Y2K liability protection, and to prepare documentation that may be necessary should the State face a Y2K legal challenge.

The State should review its Y2K liability status and report potential issues of concern to the Governor, Attorney General and General Assembly leaders
The State recently hired a legal consultant to advise the government on legal liability issues, and the State has started a review of its potential legal liability associated with Y2K. RIPEC recommends that the results of this review be forwarded to the Governor, the Attorney General and General Assembly leaders for their review. The State should also consider adopting legislation if it is deemed necessary to safeguard the State's interests.

 

------------------------------------------------
FOOTNOTES:

RIPEC reviewed Year 2000 programs in the States of Massachusetts, Pennsylvania, Minnesota, Washington and Texas, as well as corporate programs instituted at Textron, Bell Atlantic and New England Electric Systems.

GASB Technical Bulletin 98-a, "Disclosures about Year 2000 Resources Committed," issued July 24, 1998 with a proposed effective date of October 31, 1998.

 
  
 

Demographic Analysis

State Budget and Debt Analysis

State & Local Tax Policy

Cities, Towns & Urban Policy

Education in Rhode Island

Other Reports

Archives
 

  

 

 


© Copyright 2004, RIPEC. All Rights Reserved.