<DOC> [106th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:61120.wais] ARE THE FEDERAL GOVERNMENT'S CRITICAL PROGRAMS READY FOR JANUARY 1, 2000? ======================================================================= JOINT HEARING before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM and the SUBCOMMITTEE ON TECHNOLOGY of the COMMITTEE ON SCIENCE HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ APRIL 13, 1999 __________ Committee on Government Reform Serial No. 106-52 Committee on Science Serial No. 106-53 __________ Printed for the use of the Committee on Government Reform and the Committee on Science Available via the World Wide Web: http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 61-120 CC WASHINGTON : 1999 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida PATSY T. MINK, Hawaii THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio Carolina ROD R. BLAGOJEVICH, Illinois BOB BARR, Georgia DANNY K. DAVIS, Illinois DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts ASA HUTCHINSON, Arkansas JIM TURNER, Texas LEE TERRY, Nebraska THOMAS H. ALLEN, Maine JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont JOHN T. DOOLITTLE, California (Independent) HELEN CHENOWETH, Idaho Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director David A. Kass, Deputy Counsel and Parliamentarian Carla J. Martin, Chief Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Matt Ryan, Senior Policy Director Bonnie Heald, Communications Director/Professional Staff Member Mason Alinger, Clerk Faith Weiss, Minority Counsel COMMITTEE ON SCIENCE HON. F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman SHERWOOD L. BOEHLERT, New York GEORGE E. BROWN, Jr., California, LAMAR SMITH, Texas RMM** CONSTANCE A. MORELLA, Maryland RALPH M. HALL, Texas CURT WELDON, Pennsylvania BART GORDON, Tennessee DANA ROHRABACHER, California JERRY F. COSTELLO, Illinois JOE BARTON, Texas TIM ROEMER, Indiana KEN CALVERT, California JAMES A. BARCIA, Michigan NICK SMITH, Michigan EDDIE BERNICE JOHNSON, Texas ROSCOE G. BARTLETT, Maryland LYNN C. WOOLSEY, California VERNON J. EHLERS, Michigan* ALCEE L. HASTINGS, Florida DAVE WELDON, Florida LYNN N. RIVERS, Michigan GIL GUTKNECHT, Minnesota ZOE LOFGREN, California THOMAS W. EWING, Illinois MICHAEL F. DOYLE, Pennsylvania CHRIS CANNON, Utah SHEILA JACKSON-LEE, Texas KEVIN BRADY, Texas DEBBIE STABENOW, Michigan MERRILL COOK, Utah BOB ETHERIDGE, North Carolina GEORGE R. NETHERCUTT, Jr., NICK LAMPSON, Texas Washington JOHN B. LARSON, Connecticut FRANK D. LUCAS, Oklahoma MARK UDALL, Colorado MARK GREEN, Wisconsin DAVID WU, Oregon STEVEN T. KUYKENDALL, California ANTHONY D. WEINER, New York GARY G. MILLER, California MICHAEL E. CAPUANO, Massachusetts JUDY BIGGERT, Illinois VACANCY MARSHALL ``MARK'' SANFORD, South VACANCY Carolina JACK METCALF, Washington Subcommittee on Technology CONSTANCE A. MORELLA, Maryland, Chairwoman CURT WELDON, Pennsylvania JAMES A. BARCIA, Michigan** ROSCOE G. BARTLETT, Maryland LYNN N. RIVERS, Michigan GIL GUTKNECHT, Minnesota* DEBBIE STABENOW, Michigan THOMAS W. EWING, Illinois MARK UDALL, Colorado CHRIS CANNON, Utah DAVID WU, Oregon KEVIN BRADY, Texas ANTHONY D. WEINER, New York MERRILL COOK, Utah MICHAEL E. CAPUANO, Massachusetts MARK GREEN, Wisconsin BART GORDON, Tennessee STEVEN T. KUYKENDALL, California TIM ROEMER, Indiana GARY G. MILLER, California Ex Officio F. JAMES SENSENBRENNER, Jr., GEORGE E. BROWN, Jr., California+ Wisconsin+ C O N T E N T S ---------- Page Hearing held on April 13, 1999................................... 1 Statement of: Lee, Diedre, Acting Deputy Director for Management, Office of Management and Budget; Fernando Burbano, Chief Information Officer, U.S. Department of State; Richard Nygard, Chief Information Officer, U.S. Agency for International Development; Anne F. Reed, Chief Information Officer, U.S. Department of Agriculture; Joel C. Willemssen, Director, Civil Agencies Information Systems, U.S. General Accounting Office; and James J. Flyzik, Chief Information Officer, U.S. Department of the Treasury............................ 10 Letters, statements, etc., submitted for the record by: Biggert, Hon. Judy, a Representative in Congress from the State of Illinois, prepared statement of................... 5 Burbano, Fernando, Chief Information Officer, U.S. Department of State, prepared statement of............................ 67 Flyzik, James J., Chief Information Officer, U.S. Department of the Treasury, prepared statement of..................... 82 Horn, Hon. Stephen, a Representative in Congress from the State of California, memorandum dated March 26, 1999....... 103 Jackson-Lee, Hon. Sheila, a Representative in Congress from the State of Texas, prepared statement of.................. 7 Lee, Diedre, Acting Deputy Director for Management, Office of Management and Budget: Information concerning specific criteria................. 107 Information concerning emergency funds................... 91 Prepared statement of.................................... 14 Nygard, Richard, Chief Information Officer, U.S. Agency for International Development, prepared statement of........... 59 Reed, Anne F., Chief Information Officer, U.S. Department of Agriculture, prepared statement of......................... 40 Stabenow, Hon. Debbie, a Representative in Congress from the State of Michigan, prepared statement of................... 9 Willemssen, Joel C., Director, Civil Agencies Information Systems, U.S. General Accounting Office, prepared statement of......................................................... 21 ARE THE FEDERAL GOVERNMENT'S CRITICAL PROGRAMS READY FOR JANUARY 1, 2000? ---------- TUESDAY, APRIL 13, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology of the Committee on Government Reform, joint with the Subcommittee on Technology of the Committee on Science, Washington, DC. The subcommittees met, pursuant to notice, at 1:07 p.m., in room 2318, Rayburn House Office Building, Hon. Connie Morella (chairwoman of the Subcommittee on Technology) and Hon. Stephen Horn (chairman of the Subcommittee on Government Management, Information, and Technology) presiding. Present: Representatives Morella, Horn, Biggert, Ose, Turner, Gutknecht, Miller, Barcia, Rivers, Stabenow, and Jackson-Lee. Staff present from the Subcommittee on Government Management, Information, and Technology: J. Russell George, staff director and chief counsel; Matt Ryan, senior policy director; Bonnie Heald, director of communications, and professional staff member; Mason Alinger, clerk; Richard Lukas, intern; Faith Weiss, minority counsel, Committee on Government Reform; and Earley Green, minority staff assistant, Committee on Government Reform. Staff present from the Subcommittee on Technology: Jeff Grover, staff director; Ben Wu, professional staff member; Joe Sullivan, clerk; Michael Quear and Martin Ralson, minority professional staff members. Mrs. Morella. The joint hearing of the Technology Subcommittee of the Science Committee as well as the Subcommittee on Government Management, Information, and Technology of the Government Reform Committee will come to order. On March 31st, the administration announced that, according to the most recent data obtained from agencies, 92 percent of Federal systems had met the governmentwide goal of Y2K compliance. With less than 8\1/2\ months remaining until January 1, 2000, it is heartening to hear that nearly all mission-critical systems within the 24 major Federal departments and agencies are Y2K compliant. The administration tells us that these systems have been tested and implemented, and will be able to accurately process data into the year 2000. This is certainly a welcome change from a year ago, and it is a tribute to the thousands of dedicated and skilled Federal employees who have been working to ensure that critical government operations and services will continue uninterrupted into the next millennium and beyond. While progress appears to have been made in addressing Y2K internally, each agency must now begin the more vital function of outlining actions that are needed for systems to work externally. The new challenges facing each agency include performing end-to-end testing, as well as developing business continuity and contingency planning. These challenges are certainly not minor. No one should be fooled or lulled into the false sense of security over the recent Federal Y2K improvements. Much more work remains to be done to ensure the continuity of our critical Federal programs and systems. We, in Congress, will continue to provide vigilant Y2K oversight and intend to work diligently and cooperatively with the administration to ensure the delivering of vital services to the American people. Today we have a distinguished panel of witnesses to assist our House Y2K Working Group in receiving a current status report on the efforts of the U.S. Government in correcting the year 2000 computer problem after the President's March 31, 1999 deadline. This hearing will present the Office of Management and Budget and the General Accounting Office with an opportunity to comment on the administration's year 2000 efforts. In addition, this hearing will lay the groundwork for the administration to demonstrate the overall readiness of its critical business functions--functions that the American public rely upon. There will also be testimony from four agencies that have yet to testify in joint Y2K hearings before the Technology Subcommittee and the Government Management, Information, and Technology Subcommittee. And that is the Department of Agriculture, the Agency for International Development, the Department of State, and the Department of the Treasury. It should be noted, however, that these 4 agencies were among the 11 agencies that were not yet totally compliant by the March 31st deadline. I look forward to hearing from our panel, and I am now going to turn to the co-Chair of this hearing, the chairman of the Government Management, Information, and Technology Subcommittee, the gentlemen from California, Mr. Horn. Mr. Horn. Thank you very much, Madam Chairman. We have just passed a significant milestone in the Federal Government's efforts to update its computers systems for the year 2000. On March 31st, the President's deadline for all mission-critical computers to be year 2000 compliant, 92 percent of the Government's departments and agencies reported that their 6,123 mission-critical computer systems are ready for the new millennium. We, in Congress, are pleased with this progress, considering that only three short years ago several agencies were unaware of the programming glitch that could shut down or corrupt their computer systems on January 1, 2000. A lot of hard work has been going on inside the executive branch of the Federal Government. Nevertheless, 8 percent of the agencies' mission-critical systems failed to meet the President's March 31st deadline. These systems, found within 11 departments, are vital to the health and well-being of millions of Americans. They must be fixed before we can focus entirely on end-to-end testing. From food stamps to Medicare and Medicaid, these programs serve our most vulnerable citizens-- the seniors, the poor, the chronically ill. Today's hearing marks the beginning of a new phase in our year 2000 oversight. We will move from our focus on computer systems to begin examining entire Federal programs. We want to be assured that these programs operate seamlessly, whether the date is December 31, 1999, or January 1, 2000. We are pleased to welcome the witnesses before us today, and I look forward to their testimony. Thank you, Madam Chairman. Mrs. Morella. Thank you, Chairman Horn. It is now my pleasure to recognize the ranking member of the Technology Subcommittee, the gentlemen from Michigan, Mr. Barcia. Mr. Barcia. Thank you, Chairwoman Morella and Chairman Horn. I want to join my colleagues in welcoming everyone to this afternoon's hearing. And while this series of hearings on Federal agencies' Y2K efforts have been largely critical of the administration, I would like to take this opportunity to compliment their recent efforts. Last Wednesday, the White House announced that 92 percent for Federal Michigan--excuse me, mission---- Mrs. Morella. Michigan--see? [Laughter.] Mr. Barcia [continuing]. Michigan, my home State--mission- critical systems were now Y2K compliant. In fact, 13 of the largest departments reported 100 percent compliance with their Michigan--excuse me, mission-critical systems. [Laughter.] In addition, the FAA recently tested its systems at Denver Stapleton Airport and found no noticeable problems. Ultimately, while much work remains to be done, our Federal agency should be commended for their efforts. I also want to commend OMB for their leadership on this issue. A recent memo to the agency heads from Jack Lu highlights the need to ensure that not only must agency systems be compliant, but that their data exchange partners be Y2K compliant as well. Further, Director Lu called for the need to publicly demonstrate the overall readiness of integrated Federal, State, and private systems, as well as the programs that they support. I am pleased to see OMB take this leadership role, as Director Lu's memo outlines my own concerns regarding Federal Y2K efforts. Recognizing the need to share detailed information with the public, testing data exchanges, and developing complementary business contingency plans are consistent with key provisions in H.R. 4682, which I introduced at the end of the last Congress. As I said earlier, much work remains to be done, and today we will hear from four agencies who are behind schedule. However, given the bleak prognosis we heard 1 year ago, much progress has been made and credit should be given where credit is due. I want to thank all of the witnesses for appearing before the committee, and I look forward to your comments. Thank you, Madam Chairman. Mrs. Morella. Thank you, Mr. Barcia. I would now like to recognize Mr. Turner, the gentleman who is on the Government Reform Committee, for any opening comments he may have. Mr. Turner. March 31st was the self-imposed deadline for the executive branch to have implemented Y2K-compliant computer systems and, as of that date, the Federal Government reported that 92 percent of its systems were compliant. This is evidence of a strong commitment and solid progress in the executive branch on the issue. The Federal Government, of course, cannot afford to relax its efforts. A number of significant Federal agencies have not finished their Y2K conversion, as has been revealed by this subcommittee's review of the status of the Department of Defense and the Federal Aviation Administration, both of which are behind in their repairs. Today we will consider the status of Y2K conversion in several other agencies, including the Departments of State, Treasury, Agriculture, and the Agency for International Development. Conversion work is not finished when the systems are repaired; systems must be tested. The Government must conduct end-to-end and business continuity testing for significant Federal systems. That is, instead of simply testing one system individually, the Government must test how well its systems coordinate with other systems in performing business functions. Successful functioning of Government systems on January 1, 2000 will require coordination and testing of Federal, State, and local computer systems, as well as those in the private and non-profit sectors. Government functions not only cross departmental lines, but also cross Federal, State, and local jurisdictions. It is clearly not enough to assure that the Federal systems work, because States administer many important Federal benefits, and if these State systems fail, people will not get their benefits, and the Federal Government will in turn fail. Therefore, I would like to thank the witnesses who are gathered here today to explain the remaining work that the Federal Government will be undertaking before the date change, and I would urge that this effort be devoted to assuring that the Federal, State, and local systems collectively can deliver the necessary benefits and crucial government services. Thank you, Madam Chairman. Mrs. Morella. Thank you, Mr. Turner. [The prepared statement of Hon. Judy Biggert, Hon. Sheila Jackson-Lee, and Hon. Debbie Stabenow follow:] [GRAPHIC] [TIFF OMITTED]61120.001 [GRAPHIC] [TIFF OMITTED]61120.002 [GRAPHIC] [TIFF OMITTED]61120.003 [GRAPHIC] [TIFF OMITTED]61120.004 [GRAPHIC] [TIFF OMITTED]61120.005 Mrs. Morella. Distinguished panelists, I am going to ask them if they will rise, since it is a policy of this committee to swear in those who will testify and raise your right hands. [Witnesses sworn.] Mrs. Morella. The record will indicate affirmative response from all, and we do have a distinguished panel. We have Ms. Deidre Lee, who is the Acting Deputy Director for Management of the Office of Management and Budget; Mr. Joel Willemssen, who is no stranger to this committee, who is the Director of Civil Agencies Information Systems of the U.S. General Accounting Office; we have Ms. Ann Reed, who is the Chief Information Officer of the U.S. Department of Agriculture; we have Richard Nygard, who is the Chief Information Officer for the U.S. Agency for International Development; we have Mr. Fernando Burbano, who is the Chief Information Officer for the U.S. Department of State, and we have Mr. James Flyzik, who is the Chief Information Officer for the U.S. Department of Treasury. Ladies and Gentlemen, it is customary that we give you each about 5 minutes maximum. Anything that you have submitted to us in its entirety will be included in the record, and that gives us an opportunity, then, to fire away with any questions. So, if that order is acceptable to you, we will start off then with you, Ms. Lee. STATEMENTS OF DIEDRE LEE, ACTING DEPUTY DIRECTOR FOR MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET; FERNANDO BURBANO, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF STATE; RICHARD NYGARD, CHIEF INFORMATION OFFICER, U.S. AGENCY FOR INTERNATIONAL DEVELOPMENT; ANNE F. REED, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF AGRICULTURE; JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE; AND JAMES J. FLYZIK, CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF THE TREASURY Ms. Diedre Lee. Are we on? Mrs. Morella. Yes. Ms. Diedre Lee. Very good. Good afternoon, Chairwoman Morella, Chairman Horn, members of the subcommittee. As you know, I have been Acting Deputy Director for Management since April 1st. And as any average person, I am certainly aware of the Y2K issue. But I am still somewhat new to this issue at OMB, and I have been working closely with the OMB staff to come up to speed. I am pleased to appear before the subcommittee today to discuss the Government's progress on the year Y2K. I will do my best to answer your questions. Chairwoman Morella and Chairman Horn, I would like to start by thanking you and the other members of the subcommittee for your ongoing interest in Y2K problem and its potential implications for our country. Your focus has increased awareness, emphasized the importance of the remediation activities, and helped to ensure that we will be ready. Today, I would briefly like to address the progress that has been made in the Federal arena; our challenges and next steps, and funding. As you know, the administration has been working for more than 3 years on the problem. Agencies have been working through the phases of awareness, assessment, renovation, validation, and implementation. Each phase has been a challenging one as Federal agencies work through the process of systematically identifying and prioritizing mission-critical systems; addressing the implications of the systems and equipment containing embedded chips, such as security systems, heating and air conditioning units, et cetera; working with data exchange partners; testing and retesting systems; and working with service-delivery partners such as contractors, banks, vendors, State, local, and tribal governments to ensure that the programs will be ready, and they can be supported by the Federal Government. Last year, former Director Franklin Raines established the ambitious goal of having 100 percent of the Federal Government's mission-critical systems Y2K compliant by March 31, 1999--well ahead of many private sector system remediation schedules. I am pleased to report, as you have all noted, that the Federal Government nearly achieved this goal. As John Koskinen and former Deputy Director for Management, Ed DeSeve, noted at the National Press Club on March 31st, ``92 percent of the Federal Government's mission-critical systems met the governmentwide goal of being Y2K compliant by March 31, 1999. These systems have been remediated, tested, and they are back in operation.'' This represents a dramatic improvement from the progress of the Federal Government a year ago, when in February 1998, only 35 percent of the agency mission-critical systems were compliant. Overall progress in the Federal Government is a tribute to the hard work, skillful and dedicated work of thousands of Federal employees and contractors. And while much work remains to be done, we fully expect the Government's mission-critical systems will be Y2K compliant before January 1, 2000. While several agencies are here to discuss their specific progress--and you noted Treasury Department, the Department of Agriculture, the State Department, and the U.S. Agency for International Development--I will provide you with some overall figures. And, again, as you noted, 13 of the 24 major departments now report that 100 percent of their mission- critical systems are Y2K ready, and those are listed in my full testimony, so I will move on. Of the remaining, three agencies are between 95 and 99 percent; four between 90 and 94 percent ready; and three between 85 and 90 percent. So, we are up there in the higher percentage ratings. Based on monthly agency reports received April 10th--so there is a little bit of an update here--we gained 1 percent over the last week, and we are now at 93 percent ready. And from a base of about 6,100, critical systems 408 remain to be finished. And of those, 163 are non-defense and 245 are defense. We are preparing to issue guidelines asking the agencies to report, beginning May 15th, on their remaining mission-critical systems by name and to include a timetable for completing the work. And then, agencies will report monthly. So, that will identify our mission-critical systems. Agencies have set realistic goals for the completion of their work and are working hard to finish these systems. We are confident that every mission-critical system will be ready by year 2000. However, the critical task is to make sure that not just systems, but the programs that they support will be ready. In response, we are taking a look at the Federal Government from the individual's point of view to determine what programs have the most direct and immediate impact on the public. On March 26th, OMB issued guidance to the agencies that identified 42 high-impact programs and directed Federal agencies to take the lead on working with Federal agencies, State, tribal, and local governments, contractors, banks, and others to ensure that these programs critical to public health, safety, and well-being will provide undisrupted services. Examples include Medicare, unemployment insurance, disaster relief, weather service, et cetera. Agencies have also been asked to help their partners develop year 2000 programs and to ensure that their reports are ready, if they have not already done so. Our goal is to publicly demonstrate that these programs will operate seamlessly. By March 15, 1999, agencies have also been asked to provide to OMB a schedule and milestones for key activities in each plan, a monthly report of progress against that schedule, and a plan date for an event or events to announce that the program as a whole is Y2K ready. Clearly, this initiative requires a great deal of cooperation and hard work, but success is in everyone's interest. And while these programs are critical to the work of government, the smooth operations of government also rely on functions that may not have an immediate and direct effect on the public at large, but, nevertheless, are essential to sound management of the agency, such as financial management systems or personnel systems. These functions have been identified as core business functions, and are also being worked. Agencies are developing business continuity and contingency plans to assure that their core business functions will operate. We have directed the agencies to follow the GAO guidance on preparing their plans, and additionally, many agencies are working closely with their Inspectors General and/ or expert contractors in the development of the plans. While it is expected that the business continuity and contingency plans will continue to change through the end of the year, as agencies update and refine their assumptions, and as they continue to test and modify their plans, we have asked agencies to submit their plans no later than June 15. We will work with the agencies to assure governmentwide consistency of their basic assumptions surrounding the year 2000. Funding: The most recent allocation of Y2K emergency funding transmitted on April 2, 1999, provides a total of $199 million to 20 Federal agencies. Fourteen of these agencies have received emergency funding in earlier allocations, and funding will be used for various Y2K compliance activities, including testing to ensure that the systems are Y2K compliant; replacement of embedded computer chips; creation and verification of continuity of operation and contingency planning; and cooperative activities with non-Federal entities in support of the President's Council on Year 2K Conversion. Agencies have benefited greatly from access to emergency funds and much of their progress can be credited to this. Continued access to emergency funding is essential to continued progress on the Y2K problem. However, the Senate version of the fiscal year 1999 emergency supplemental appropriation bill would reduce the non-defense Y2K emergency fund by $973 million. I urge the conferees to strike this reduction, which is unwise at this time. Not only would it eliminate the remaining balance in the emergency fund of approximately $500 million, but it would also force agencies to stop planned and ongoing procurements for Y2K-related activities. It would also force agencies to terminate contracts, where this can be done without penalty, in order to recapture the additional $468 million. Resources must remain available for agencies to carry out aggressive strategies to achieve compliance and to develop and implement contingency plans that will ensure uninterrupted operations and service delivery. In recent months, the pace toward achieving governmentwide compliance has quickened considerably. Much of this improvement can be attributed to the emergency fund, which has ensured that adequate resources remain available to agencies as they develop and refine effective strategies for achieving Y2K compliance. With the year 2000 approaching, we should build on our success, not take steps to undermine it. In conclusion, during the 262 days remaining before the year 2000, we plan to complete work on the remaining mission- critical systems, with monthly reports beginning May 15th; we plan to conduct end-to-end testing with the States and other key partners, placing special emphasis on readiness of programs that have a direct impact on the public; and we plan to test and complete business continuity and contingency plans, are due by June 15th. This is a busy time, so I would like to thank you very much for the opportunity to allow me to share this information with you on the administration's progress. OMB remains committed to working with the committee and the Congress on this critical issue, and I would be pleased to answer any questions you may have. [The prepared statement of Ms. Lee follows:] [GRAPHIC] [TIFF OMITTED]61120.006 [GRAPHIC] [TIFF OMITTED]61120.007 [GRAPHIC] [TIFF OMITTED]61120.008 [GRAPHIC] [TIFF OMITTED]61120.009 [GRAPHIC] [TIFF OMITTED]61120.010 Mrs. Morella. Thank you, Ms. Lee. We let you exceed the deadline because you had so many milestones and dates to tell us about, we felt were very important. It is a pleasure now to recognize Mr. Willemssen from GAO. Mr. Willemssen. Thank you, Chairwoman Morella, Chairman Horn, Ranking Member Barcia, Ranking Member Turner. Thank you for inviting GAO to testify today on the status of governmentwide Y2K. As requested, I will briefly summarize our statement. As noted, the Federal Government's most recent reports showed continued improvement in addressing Y2K. Despite this progress, however, there are vital government functions with systems that are not yet compliant. Additionally, not all of the government systems have undergone independent verification and validation. In addition, achieving compliance of individual systems, while very important, does not necessarily ensure that a key business function will continue to operate through the change of the century. Other key actions are essential to achieving this goal. For example, as noted earlier, end-to-end testing is extremely important. That is needed to verify that a set of interrelated systems supporting an overall function will work seamlessly and work together as we move to the next century. In addition, business continuity and contingency plans are essential. In this regard, OMB has previously asked Federal agencies to identify their core business functions that are to be addressed in their business continuity and contingency plans, as well as to provide key milestones for the development and testing of such plans. To ensure that key activities, such as end-to-end testing and contingency planning, are fully addressed for the most important Government programs, we have previously recommended to the executive branch that the Government set Y2K priorities. In late March, OMB implemented our recommendation by issuing a memorandum to Federal agencies identifying 42 high- impact programs. For each program, a lead agency was designated to take a leadership role in convening program partners in developing a plan to ensure that the program will operate effectively. Two days from now, lead agencies are to provide to OMB a schedule and milestones of the key planned activities for these high-impact priorities. The quality and completeness of these plans will be a major factor in the success of this effort and in assuring the public that Y2K will be addressed for the most critical government functions. About one-quarter of these high-impact programs identified by OMB are State-administered programs, such as food stamps and Medicaid. As we previously testified, several of these programs, such as Medicaid, are at risk. Recent data from OMB on State-administered systems shows that there is a continuing reason for concern and a need for Federal/State partnerships. Specifically, there is a large number of State systems reported not to be due to be compliant until the last half of 1999. One agency that has worked for some time on Y2K with its State partners is the Social Security administration. Since our report in late 1997, SSA has strengthened its approach with States on disability determination services. It designated a full-time team with project managers and requested biweekly status reports, and obtained from each State a plan specifying milestones, resources, and schedules for completing Y2K tasks. SSA's activities in this area can serve as a model for other Federal agencies as they go forward with their State- administered programs and their State partners. In summary, it is clear that the Federal Government has made excellent progress on Y2K over the last couple of years. However, much more remains to be done to ensure the continued delivery of vital services. That concludes a summary of my statement. At the end of the panel, I will be pleased to address any questions you may have. Thank you. [The prepared statement of Mr. Willemssen follows:] [GRAPHIC] [TIFF OMITTED]61120.011 [GRAPHIC] [TIFF OMITTED]61120.012 [GRAPHIC] [TIFF OMITTED]61120.013 [GRAPHIC] [TIFF OMITTED]61120.014 [GRAPHIC] [TIFF OMITTED]61120.015 [GRAPHIC] [TIFF OMITTED]61120.016 [GRAPHIC] [TIFF OMITTED]61120.017 [GRAPHIC] [TIFF OMITTED]61120.018 [GRAPHIC] [TIFF OMITTED]61120.019 [GRAPHIC] [TIFF OMITTED]61120.020 [GRAPHIC] [TIFF OMITTED]61120.021 [GRAPHIC] [TIFF OMITTED]61120.022 [GRAPHIC] [TIFF OMITTED]61120.023 [GRAPHIC] [TIFF OMITTED]61120.024 [GRAPHIC] [TIFF OMITTED]61120.025 [GRAPHIC] [TIFF OMITTED]61120.026 [GRAPHIC] [TIFF OMITTED]61120.027 Mrs. Morella. Now, I am pleased to recognize Ms. Reed from the Department of Agriculture. Ms. Reed. Thank you, Chairwoman Morella, Chairman Horn, Ranking Member Barcia. I appreciate this opportunity to share with you where the Department of Agriculture stands with respect to Y2K. We are committed to assuring that our programs will be viable after January 1st. We recognize our responsibility for food safety and inspection, food and nutrition programs, rural economic development, natural resources and conservation, research and education, and, of course, programs which support America's farmers. USDA is currently tracking 350 mission-critical systems; 93 percent of these systems are compliant and fully deployed. We have an additional number of systems where the remediation work has been done, but eight of them have yet to achieve full deployment; ten systems are still undergoing remediation or replacement; and five are anticipated to be retired. Secretary Glickman has identified 52 of our systems as departmental priority systems because the programs that they support have major health and safety implications, financial impact, or economic repercussions. Our priorities are to achieve 100 percent compliance and implementation of all critical mission-critical and non- mission-critical systems, conduct the end-to-end testing, coordinating with the States, banks, and other Federal agencies as appropriate, continue to perform independent validation and verification on our priority systems, finalize our business continuity and contingency plans, and continue to assess Y2K impacts on the food supply. OMB has identified four USDA programs on its list of 40 high-impact Federal programs. They include three nutrition programs; the food stamp program, women and infant children program, and child nutrition programs. The fourth is food safety and inspection. Food and nutrition programs are vital to the availability of food for millions of Americans, especially those who are neediest. The Food and Nutrition Service, FNS, has been working diligently to remediate its own mission-critical systems that support these programs. Fourteen are fully compliant; the final two will be compliant by the end of this month. FNS has performed testing on its communication links between the State systems and our internal systems. Testing to this point has been successful. We are working with State partners and territories who actually deliver the services to the public. Since June 1997, USDA and other Federal departments have jointly established expedited approval procedures for State acquisition of ADP resources necessary to support their Y2K efforts. We believe that most of the States are using their own resources for this, since only two have actually chosen to use our expedited approval. FNS is also tracking each State's progress. They must certify to us that they are compliant in hardware, software, and telecommunications. They must also share with us their business continuity and contingency plans. The Food Safety Inspection Service regulates a vital part of our food supply: meat, poultry, and eggs products. Twenty- six States have programs which complement the FSIS health program. Within FSIS, our Food Safety and Inspection Service, seven of eight mission-critical systems are now compliant and fully deployed. The remaining one should be done by the end of this summer. We have an overall business continuity contingency plan and are working very closely with the States and with the plants to assure that they are aware of what needs to be done to support Y2K. In addition to these programs, there are other programs that the Department is treating as high impact, because of their economic, financial, and health and safety impact. These include farm loan and assistance programs; and rural development programs; animal, plant and health inspection programs; fire management program; and the Federal employee payroll system and Thrift Savings Plan. To date, 47 of the systems which support these mission-critical priority programs are compliant and fully deployed; five systems remain to be completed and should be completed no later than July. USDA also chairs the Food Supply Working Group of the President's Council on Year 2000 Conversion. I will just share with you that we do not anticipate any major disruptions to the food supply, but will continue to work and report on this area, as we will continue to support outreach to our small businesses. We have a major outreach program that we have undertaken in cooperation with the Department of Commerce and the Small Business Administration. In conclusion, all of our work is designed to ensure that USDA's critical programs are available to the American public without disruption, and we have a lot of work left to do, but we believe that we are up to this challenge. Thank you. [The prepared statement of Ms. Reed follows:] [GRAPHIC] [TIFF OMITTED]61120.028 [GRAPHIC] [TIFF OMITTED]61120.029 [GRAPHIC] [TIFF OMITTED]61120.030 [GRAPHIC] [TIFF OMITTED]61120.031 [GRAPHIC] [TIFF OMITTED]61120.032 [GRAPHIC] [TIFF OMITTED]61120.033 [GRAPHIC] [TIFF OMITTED]61120.034 [GRAPHIC] [TIFF OMITTED]61120.035 [GRAPHIC] [TIFF OMITTED]61120.036 [GRAPHIC] [TIFF OMITTED]61120.037 [GRAPHIC] [TIFF OMITTED]61120.038 [GRAPHIC] [TIFF OMITTED]61120.039 [GRAPHIC] [TIFF OMITTED]61120.040 [GRAPHIC] [TIFF OMITTED]61120.041 [GRAPHIC] [TIFF OMITTED]61120.042 [GRAPHIC] [TIFF OMITTED]61120.043 Mrs. Morella. Thank you, Ms. Reed. We have been joined by Mr. Miller from California; by Mrs. Biggert from Illinois; and now we recognize Mr. Nygard. Mr. Nygard. Thank you, Madam Chairwoman. Madam Chairman, members of the subcommittee---- Mrs. Morella. Excuse me, Mr. Nygard. We are going to have a vote coming up, but I think we will have a chance to hear your testimony and then go vote. We will recess for about 15 minutes and then come back, and pick up then with the Department of State. Thank you. Mr. Nygard. Should I proceed? Mrs. Morella. We want to make sure--we never feel comfortable or secure around here with those buzzers. They succeed--OK, great. You may proceed. [Laughter.] Mr. Nygard. Thank you, Madam Chairwoman. Madam Chairwoman, Chairman Horn, members of the subcommittee, I am pleased to appear today to report on the progress of the U.S. Agency for International Development, or USAID, in achieving Y2K systems compliance. In short, we at USAID are confident that our mission-critical systems will be Y2K compliant well before the end of this year, and that our agency will operate successfully on and after January 1st of next year. Let me talk, first, about our mission-critical systems. As you are aware, we did not achieve Y2K compliance for these systems by the end of March, the governmentwide target date. Until early February, we had expected that three of the five systems that need to be repaired would be implemented by March 31st, but problems discovered during the testing phase delayed our efforts and forced us to move back our completion dates. These delays in all three systems were the result of problems encountered outside the systems themselves and were caught as we tested the broader processes that the systems support. Our time and attendance systems, for example, rely on the government-wide International Cable System to transmit data back to Washington from our field posts. A program which extracts data from the cable system needed to be repaired to be Y2K compliant. The problem with the other two systems, personnel and payroll, resulted from an interface or linkage between the two systems whose code was not Y2K compliant. Once discovered, these problems were quickly fixed. All three systems are back in testing, and we plan for them to be fully implemented by May 15th. Before turning to our other mission-critical systems, let me clarify what USAID defines as ``implementing its Y2K- compliant systems.'' A system is implemented, in our view, when it is up and fully running, both at our headquarters and our overseas posts. This means our testing must include not only the systems themselves, but any connections to other systems or processes, such as that to the cable system mentioned above, that are needed for the mission-critical system to operate. It also means that our field posts, which we call missions, must have received and put into operation any necessary hardware and software needed to run the repaired systems. This point is relevant to our fourth mission-critical systems, overseas accounting. This system is renovated and field testing at two overseas post will commence next week. The required software and equipment have been sent to our 40 accounting stations overseas, and we expect implementation to be complete worldwide by the end of May. The main risk for this system is logistical rather than technical. The possibility always exists that equipment being sent overseas may be lost or stolen in transit. We are taking all possible precautions in this regard, including having our overseas staff pick up the equipment at airports immediately when it arrives in the country. Our fifth critical system is USAID's new management system, which performs accounting, budgeting, and procurement functions at our Washington headquarters. The complexity of this system means that substantial work is needed to renovate it. We have utilized funding from the government-wide Y2K supplemental to apply additional programming and other resources to the task, and believe it will be renovated by the end of this month and fully tested and implemented by the end of July. Our efforts have been greatly assisted by the methods of program management and measurement used by our prime contractor. Each step is laid out carefully and progress toward implementation of each system is quantified in terms of points for value earned to date. This approach has given us a high level of confidence that all of our mission-critical systems will be up and running, Y2K compliant worldwide, within the next few months, because we now know precisely what has been done and what needs to be done. Let me next mention the steps we are taking to assure that our agency will be able to carry out essential business functions if automated information systems are unable to operate for reasons beyond our control. Since last fall, our Chief Financial Officer staff has been working to develop contingency plans that will assure the continuity of business operations for three basic processes: funds distribution, obligation of funds, and payments. All are broad categories and involve multiple applications. Payments, for example, includes providing funding to vendors and grantees who deliver goods and services to USAID, but also includes meeting the agency payroll. I am pleased to report that these contingency plans, whose preparation is being assisted by a highly qualified contractor, are well along and will be field tested and finalized during the summer. A final point I want to discuss is the ability of our field missions overseas to continue operating and providing assistance to the countries in which they are located. We have sent teams from Washington to 50 of our overseas posts to examine each mission's operating systems, the information technology used in its assistance programs, and in many cases the host country infrastructure upon which our missions depend to operate. We are working closely with the Department of State and other agencies who operate overseas to assure that essential functions will continue next January. As we get closer to January 1, 2000, more information will be generated about the situation in the countries where we work, and we will have a much better idea of the extent to which our ability to operate will be affected. This matter is of great concern to us, and we will continue to watch it closely country by country. That completes my statement. Thank you very much. [The prepared statement of Mr. Nygard follows:] [GRAPHIC] [TIFF OMITTED]61120.044 [GRAPHIC] [TIFF OMITTED]61120.045 [GRAPHIC] [TIFF OMITTED]61120.046 [GRAPHIC] [TIFF OMITTED]61120.047 [GRAPHIC] [TIFF OMITTED]61120.048 Mrs. Morella. Thank you very much, Mr. Nygard. Sorry for the interruptions. We are going to temporarily recess for about 20 minutes, and then we have not only this vote, but then another 5-minute vote. So, we are now recessed. [Recess.] Mrs. Morella. We will reconvene the joint hearing of the two subcommittees in the interest of time, and I am going to recognize, if he is ready, Mr. Burbano, from the Department of State. Mr. Burbano. Thank you, Chairwoman Morella and other distinguished members. I plan to provide you with an overview of the Department's year 2000 challenge and the status of some of our key year 2000 initiatives. Our discussion today will focus on highlighting several noteworthy activities within the Department which will progressively ensure State's core business functions operate seamlessly during, and beyond, the millennium crossover. Let me begin by saying the Department has maintained year 2000 as one of its top management priorities. From the Secretary down, we are committed to ensuring the Department's systems and operations will run uninterrupted through and beyond the millennium rollover. I am happy to report that our focus and hard work is yielding results. As evidence of our progress, OMB recently recognized the Department's improved results by raising us from tier one, inadequate progress, to tier two, progress. OMB and GAO also cited State for progress in other areas, including modernization in computer security, and for our leadership role in providing year 2000 support to U.S. operations overseas. From an organizational perspective, the Department has taken many steps to ensure that it has the appropriate management talent, structure, and approach in place to successfully manage State's significant year 2000 challenge. Specifically, we have assembled an experienced management team to oversee State's year 2000 program. I personally bring previous year 2000 management experience at the National Institutes of Health, and I have established a Deputy CIO for year 2000 to manage the day-to-day operations of the Year 2000 Program Management Office. Along with the Deputy CIO for year 2000, I have met separately with each of the Assistant Secretaries on a monthly basis to review individual bureau progress toward remediation, project test results, contingency planning efforts, and other year 2000 related activities. Additionally, the Under Secretary for Management meets monthly with the Assistant Secretaries at a steering committee meeting to manage State's year 2000 efforts throughout the Department. From a remediation perspective, the Department of State has identified 59 systems which support enterprise-wide mission- critical functions. Additionally, the Department of State has the unique challenge of deploying 32 of its 59, or 54 percent, of its mission-critical systems to over 260 posed throughout the world. In order to ensure the Department is capable of sustaining our core business functions beyond the year 2000, we have established a four-phase approach to assess, remediate, verify, and re-verify the readiness of our mission-critical systems and support of the Department's core business functions. Our four- phase approach includes aggressive global deployment and implementation of our most critical technology-based systems and independent certification of our mission-critical applications, a process based on end-to-end testing of our core business functions, and, finally, coordinated business continuation activities which span the year 2000 boundary. First, we believe the Department of State has made significant progress in readying its systems for the year 2000 rollover. The Department has completed the remediation of all 59 mission-critical applications, and we are well underway in the implementation of our critical and routine systems. Currently, the Department has completed implementation of 53 of its 59 mission-critical systems, or 90 percent. Ninety-seven percent will be completed by the end of April and 100 percent by May 15th. Second, the Department of State has established a rigorous year 2000 compliance certification process, heavily leveraging the experience and independence of the Office of the Inspector General. Once a mission-critical application has been thoroughly and successfully tested by the bureau, verified and validated by the Department's Year 2000 Program Office, my office, along with the Department's OIG, conducts an independent review of the project, using the best-of-class certification and testing guidelines in order to determine the depth and breath of the bureau level of test. If necessary, the Department may require the bureau to conduct further testing and revalidation to ensure my office and the OIG are confident that the application will not fail in the year 2000. The third element of our four-phased approach is to conduct a process-based end-to-end test of those Department of State business functions which rely heavily on technology. The A-core functions which we test at an enterprise level include security, command and control, electronic mail, medical, logistics, personnel, financial, and counselor functions. One of the critical success factors of our end-to-end test includes our intent to test the suitability and viability of the system- level, post-level, and Department-level contingency plans. In spite of our best efforts, we may have system failures in the Department, infrastructure failures in the countries where we have U.S. missions, and political or economic dislocations which may ultimately impact our ability to perform the business of State. As such, our forth--and at this point our final--element of our multi-phased approach is the development of an integrated and overarching business contingency plan. In order to prepare for potential year 2000 due system or infrastructure failures, the Department of State is finalizing contingency plans to ensure the continuation of core activities. The Department's contingency plan and approach focuses on maintaining the overall continuation of business in the face of year 2000 failures, rather than enabling information technology. On the international front, the Department of State has developed an overseas contingency planning toolkit to allow each of the embassies and consulates and missions the ability to develop location-specific contingency plans by balancing the needs and priorities of the particular post against the year 2000 readiness of that host country. While global and deployment and certification of our most critical systems will remain our top near-term priority, the Department will continue to aggressively pursue ways to ensure the business of State is able to continue beyond the year 2000. Thank you. [The prepared statement of Mr. Burbano follows:] [GRAPHIC] [TIFF OMITTED]61120.049 [GRAPHIC] [TIFF OMITTED]61120.050 [GRAPHIC] [TIFF OMITTED]61120.051 [GRAPHIC] [TIFF OMITTED]61120.052 [GRAPHIC] [TIFF OMITTED]61120.053 [GRAPHIC] [TIFF OMITTED]61120.054 [GRAPHIC] [TIFF OMITTED]61120.055 [GRAPHIC] [TIFF OMITTED]61120.056 [GRAPHIC] [TIFF OMITTED]61120.057 [GRAPHIC] [TIFF OMITTED]61120.058 [GRAPHIC] [TIFF OMITTED]61120.059 [GRAPHIC] [TIFF OMITTED]61120.060 [GRAPHIC] [TIFF OMITTED]61120.061 Mrs. Morella. Thank you very much, Mr. Burbano. I wanted to acknowledge that we have here at the hearing Mr. Gutknecht from Minnesota and Ms. Jackson-Lee from Texas. Mr. Flyzik, from Department of Treasury, we look forward to your testimony, sir. Mr. Flyzik. Chairwoman Morella, Chairman Horn, members of the subcommittee, thank you for the opportunity to appear today to discuss the Department of Treasury's progress on the year 2000 computer problem. As the Deputy Assistant Secretary for Information Systems and Chief Information Officer, I am the overall program manager for Treasury for this effort. I brief Secretary Rubin periodically and provide him a weekly report on our status. The Assistant Secretary for Management and CFO and I meet on a recurring basis with all bureau heads to review their progress, and, of course, we have working groups meeting regularly for information technology, non-IT, and telecommunications components of our program. Since I testified before Congressman Horn's subcommittee in March of last year, Treasury has made significant progress in ensuring our mission-critical systems will operate correctly, and our core business processes will function normally on January 1, 2000. Treasury has identified a total of 328 mission-critical IT systems; 9 of these systems are being retired and 293, or 91.8 percent, are year 2000 compliant. Eight of our 14 bureaus met the mandate of March 31st. Three bureaus are projected to implement 11 of the remaining 26 systems by the end of April, and thereby obtain compliance. Thirteen of the remaining 15 systems belonging to 3 bureaus-- the Bureau of Alcohol, Tobacco and Firearms, the Financial Management Service, and Internal Revenue Service--are expected to be implemented by midyear. The last two are new IRS initiatives which are being delayed until after the tax season. Three of Treasury's most visible bureaus--the IRS, Financial Management and U.S. Customs--have made tremendous progress this past year. IRS is now 90 percent compliant. FMS is able to now make 90 percent of its payments, over 775 million annual payments, using year 2000 compliant and tested systems. This includes monthly Social Security and supplemental security payments, veterans' benefits payments, IRS tax refunds, Railroad Retirement Board annuity payments, Federal salary payments, and vendor payments. The remaining payment systems are on target for implementation this month, including the Office of Personnel Management Payment System through which FMS issues Federal annuity payments. The system is already compliant, but cannot be implemented until mid-April due to a dependency on a required interface. Customs met the goal of achieving year 2000 compliance for its mission-critical IT systems by September 1998. In fact, the Customs year 2000 program has successfully met program milestones established by Treasury, OMB, and the GAO. The combined audit team from General Accounting Office and Treasury and Inspector General's Office found that Customs had established an effective year 2000 program control. In addition, the Customs' year 2000 program was 1 of 19 Federal programs, out of a field of 200, to receive the Government Executive magazine's 1998 government technology leadership award. Treasury is continuing with an aggressive approach in addressing non-IT devices that contain embedded chips. To date, we are over 90 percent compliant and expect to be fully compliant by June. We have been proactive in working to achieve compliance in telecommunications systems. We expect to complete interoperability testing analysis, independent verification, and validation of our corporate voice systems in May. We are also endeavoring to complete interoperability and IV&V testing of our corporate data network, the Treasury Communications System, by May. I convene and chair biweekly executive meetings in our command center to monitor our progress on telecommunications. Last summer, we established interagency services programs to address interconnections and interoperability of our disparate systems. The scope includes all corporate Treasury systems, as well as non-Treasury services upon which we rely. We believe that we are aggressive and are a leader in the government for interoperability testing. As bureaus near completion for achieving year 2000 compliance for their mission-critical systems, the Department is placing increased emphasis on year 2000 business continuity and contingency plans, as well as focusing on completion of systems and independent verification and certification interfaces, and then testing and changing management processes. We are also designing a Treasury emergency information coordination center that will address any contingency planning needs at Treasury while also specifically addressing the day- one strategy for January 1st. Our cost estimates for fixing the year 2000 computer problem have continued to rise in our submission of the February report to OMB; we now estimate a total cost of $1.92 billion, of which approximately $1.53 billion are appropriated resources. On a positive note, there are some good outcomes for the future as a result of our efforts on year 2000. For the first time ever, we have a complete inventory of all Treasury IT, non-IT, and telecommunication systems and components. Wherever possible, we are modernizing our IT, eliminating duplicative systems, and migrating to standard commercial solutions, as we fix year 2000 problems. We developed and refined program and project management skills, and created a new culture of our bureaus working together to meet common goals. Beyond year 2000, these efforts will allow Treasury to provide improved government services. I believe that Treasury has an excellent overall year 2000 program in place, and I will commit to you that we are taking all steps necessary to ensure that Treasury's core business processes will continue to function without disruption as we cross into the year 2000. Nothing less than 100 percent compliance and uninterrupted delivery of our core business services would be acceptable to the American public or to me personally. Thank you for the opportunity to meet with you today to discuss the actions being taken by the Department of Treasury in addressing the year 2000 computer problem. I will be happy to answer any questions you may have on this critical matter. [The prepared statement of Mr. Flyzik follows:] [GRAPHIC] [TIFF OMITTED]61120.062 [GRAPHIC] [TIFF OMITTED]61120.063 [GRAPHIC] [TIFF OMITTED]61120.064 [GRAPHIC] [TIFF OMITTED]61120.065 [GRAPHIC] [TIFF OMITTED]61120.066 [GRAPHIC] [TIFF OMITTED]61120.067 [GRAPHIC] [TIFF OMITTED]61120.068 [GRAPHIC] [TIFF OMITTED]61120.069 [GRAPHIC] [TIFF OMITTED]61120.070 Mrs. Morella. Thank you, Mr. Flyzik. I am glad to see there are some positive spinoffs also that accrue to this diligent attempt for compliance. In terms of questioning, we will also try to take about 5 minutes each and then go around for another round as necessary. So to Ms. Lee, in your testimony you mentioned Federal funding for year 2000, and it is true that last year Congress appropriated $3.35 billion just for year 2000 efforts, more than the administration had requested, and yet many in the year 2000 community believe that additional funds may still be necessary. And, quite frankly, on many we are expecting that the President would request additional funding in his budget. Is it still OMB's position that it will not be necessary to appropriate additional funds for year 2000? Ms. Diedre Lee. At this point, we believe that the emergency funding is adequate to address the needs that have been identified. Mrs. Morella. How certain are you of this? What do you use for validation of that? Ms. Diedre Lee. The latest request that has been submitted and is in the waiting period is $199 million, which leaves about $500 million. Based on expenditures to date and the best knowns of the unknowns, we believe that is going to be adequate. But we will continue to keep you apprised as we work our way through it. Mrs. Morella. I hope you will. And do you think that there is a pretty reasonable chance that there will be a request for more money in the forthcoming months? Ms. Diedre Lee. That would be a prediction on my part. I would be glad to try and get you more information on that. Mrs. Morella. It is just very interesting, because we have consistently felt that the administration has underestimated what the cost would be. Ms. Diedre Lee. Well, it certainly has grown from the original estimate. As the agencies continue to work on this and as more and more of the systems are remediated, and we move toward the completion we believe the funding is adequate. These business continuity and contingency plans, will look across the systems and try to ensure that we really do have the seamless delivery. We are making a lot of progress and it appears at this moment that we are going to get there with the funds we have. I will certainly validate that and get back to you. Mrs. Morella. Good. Thank you. [The information referred to follows:] To date, we've utilized emergency funds mainly to remediate Federal systems, test and validate results and develop Business Continuity and Contingency Plans. We continue to review agency funding requirements on a case by case basis as they are forwarded to OMB. At the moment, we do not anticipate the need for additional supplemental funding for these activities. However, if additional funding requirements do arise, we will make you award of those requirements as soon as possible. Mrs. Morella. Mr. Willemssen, would you agree? Mr. Willemssen. One important thing to keep in mind is that, in the event that contingency plans, as we move to the end of 1999 and into the next century, need to be activated, it is important that some amount of these emergency funds be held back so that they can, if needed, be available for use. So I think that it is extremely important that you continue your oversight with regard to the amount of funds that have been allocated to date. On the DOD side, 85 percent of the amount has been allocated; on the civilian side, with the recent announcement of the fifth allocation, I believe it is in the neighborhood of the amount of three quarters of the $2.25 billion. So I think it is important to keep that in mind, that we have some amount of funds available in the event we have to implement contingencies. Mrs. Morella. I would like to ask you, Mr. Willemssen--and if Ms. Lee wants to comment--what Federal agencies are you most concerned with regards to meeting a January 1, 2000 deadline? Mr. Willemssen. The agencies that we would currently view at the highest risk would start probably with the Health Care Financing Administration and the Medicare program in particular, but we also have concerns with Medicaid, which is, as you know, a State-administered program. Despite as we testified last month, a tremendous amount of progress made by the Federal Aviation Administration, we continue to view that also as a high-risk agency because of, as we testified, the many, many events and system implementations that yet remain, and the heavy reliance on a computerized environment to carry out air traffic control activities. In addition, I think HHS's Payment Management System, which is responsible for putting out more than $165 billion annually in grants and other funds to organizations, I think that is a fairly important system that needs continued attention. And then, as reflected in the statistics that OMB has put together based on agencies' submissions, the Department of Defense still has a number of systems that are not yet compliant. Mrs. Morella. Picking up on what you said and looking at also your testimony, which focused basically on State's systems and how their readiness is essential for what you have said, Medicare and Medicaid and food stamps, temporary assistance, needy families, is there legislation that would be necessary to help with regards to States' system that you would recommend? Mr. Willemssen. We do not see it at this point, the need for legislation. That could very well be the case within the next couple of months, to the extent that the partnerships that are necessary between the Federal Government and State governments do not realize themselves. Hopefully, at this point in time, we can reach those partnerships in a voluntary fashion. One of the items that we pointed out in the testimony also, and related to this, is getting the necessary information on data exchanges, which is integral to these kinds of programs, and to the extent that States and/or Federal agencies are not providing that kind of information, then in the very near future we may have to look at legislative remedies. Mrs. Morella. That is interesting to me. It could even be an Executive order, couldn't it? That could handle that? Mr. Willemssen. Possibly, yes. Mrs. Morella. And I would think that the timing would be such that we do not have too much time before a decision will have to be made. Mr. Willemssen. There is not much time. I would point to the April 15th submissions, due in 2 days on these critical programs--and to the extent that we see the necessary partnerships and detail on the plan and milestones on the State-administered programs, I think that will give us a higher level of comfort that things will be done as is necessary. To the extent that we do not see the detail in those submissions, then I think there is more room for concern. Mrs. Morella. Thank you. My time has expired. It is now my pleasure to recognize Chairman Horn. Mr. Horn. Thank you very much. Let me asked both the General Accounting Office and the representative of the Office of Management and Budget, is there any evidence in the recent submissions as to meeting the March 31st deadline of manipulation of data on the status of mission- critical systems? In another words, are agencies gaining the numbers to appear better positioned then they are, and what do we know about that. And has GAO looked at it, in particular; has OMB looked at it? Mr. Willemssen. We have looked at that when we go into particular agencies and looked at how they are assessing, renovating, validating, and implementing particular systems. We have not seen any evidence of an agency consciously trying to game the system and play the numbers in order to make themselves look better. We have seen evidence that, as agencies get into their year 2000 programs, and better understand what they are dealing with, and better understand what is truly mission-critical, that there have been some dramatic changes in the numbers. The further into their programs that the agencies are, the less change that we have seen. I know there has been concern about the diminishing number of mission-critical systems. Frankly, I am more concerned with the high-impact programs and making sure that the systems, the partners, the data exchanges, the data flows all supporting those high-impact programs work as intended. At this point and time, we need to focus on those and make sure that those are compliant from an end-to-end perspective. Mr. Horn. Ms. Lee. Ms. Diedre Lee. I would certainly reiterate that the number of mission-critical systems has fluctuated. We have watched that very closely to ensure that problem systems are not dropped off to reach 100 percent. We think we validated that is not the case, because, otherwise, we would have 100 percent across the board. Certainly I will reiterate that, when we first started identifying mission-critical systems, there are a lot of human beings involved, and, of course, ``my system is, by definition, mission-critical.'' As more planning was done, we found that although the immediate system user might consider it to be mission-critical, it really was not in the larger sense. For example there was a particular agency that originally had identified a system that scheduling for an advisory committee as mission-critical, and we subsequently determined that that probably could be moved to the less critical activity. Those kind of things have been happening. Mr. Horn. In you testimony, you mentioned what the Senate had done to some of the requests for funding. When Dr. Raines was the Director of the Office of Management and Budget, he put the emphasis--as did this Subcommittee on Government Management, Information, and Technology of the House--on reprogramming money being used to fix up the year 2000 situation, and we strongly backed him on that. The Speaker noted that we would give the administration--Speaker at that time--every dime they want, and they got every dime they wanted when they gave us a decent justification. What has happened to the reprogramming, and couldn't have these agencies used more reprogramming money? Ms. Diedre Lee. There certainly has been a mix of the appropriated funds planned in the budget as well as this particular emergency supplemental. The definition of those differences were ones that were in the appropriated amount, were those that could be more or less foreseen and were planned. The emergency supplemental was used more for the contingency planning, and as things developed, more and more systems and issues were found. Reprogramming has been done to a certain extent, but right now we feel that the emergency funding is the way to solve these particular contingencies. Mr. Horn. Madam Chairman, without objection, I would like to have a letter from the Office of Management and Budget as to the reprogramming money that existed on September 30, 1998, the end of that fiscal year, and what happened to it, for all 24 major agencies--what is the programming money; what was applied to year 2000; what was sent back to the Treasury, et cetera--I would like it included at this point in the record. Mrs. Morella. Without objection, so ordered. Mr. Horn. OK. Now, on the U.S. Agency for International Development, Mr. Nygard, we have watched the charts for 2 years now where your seven critical systems, not one of them was adapted to become 2000 compliant. How come? Seems to me seven is pretty simple to deal with. Mr. Nygard. Well, Mr. Chairman, seven should be pretty simple to deal with. As I indicated in my statement, five of those systems need to be repaired; one is going to be outsourced, and we are in the process of doing that now, and the seventh one will be discontinued because it is no longer needed. Of the other five, we had hoped that three of them would be completed by the deadline, but in our end-to-end testing we found bugs outside the systems themselves, but in the linkages with the other systems that caused us to delay our progress. The last two are continuing to move forward and four of the five are renovated now; the fifth will be renovated by the end of the this month, and we expect will be completed by the end of July for the last one, and by May for the others in terms of implementation. We simply did not make the deadline. We got a late start and encountered problems in testing. Mr. Horn. Mr. Nygard, when did you become the Chief Information Officer of the Agency for International Development? Mr. Nygard. Officially, I became the Chief Information Officer last October 28th. Mr. Horn. Was there one before you? Mr. Nygard. Yes, there was a Chief Information Officer up until June 1997, and then there was a gap, and I was sort of unofficially acting in that capacity until April of last year, and then from April until October I was the Acting Chief Information Officer. Mr. Horn. In 1996-1997, we were told that the Agency for International Development was getting new systems and, therefore, the problem would be solved--and this was before your beat, obviously--and they got the new system and nobody asked to make sure it was 2000 compliant. Yet when they replied to our survey of the Subcommittee on Government Management, Information, and Technology, it was clear they were buying the new system and did not have to worry about it because it would be compliant. So where did that all go wrong? It is not on your beat; it is prior to your beat. Mr. Nygard. Well, it is on the Agency's beat certainly. We did not buy a new system; we were attempting to develop our own system. We wanted to have a client-server-based system, and at that time there just were not government-wide, commercial, off- the-shelf systems that we could use. So, we tried a very ambitious approach. The underlying software for that system was Oracle and was year 2000 compliant, but in the individual applications that we developed inside the Agency, we were not able to do them in a sufficiently integrated fashion, so that the date, the four-digit date, was done the same way in all of them. So what we had thought in 1996, going into the process, was going to result in easy year 2000 compliance, turned out not to be the case, and we have been working on fixing that since last year. Mr. Horn. You mentioned that we do not seem to have off- the-shelf client-oriented systems. Now I would think that problem would be on the doorstep of the General Services Administration. I would say to Ms. Lee, and wasn't it? Why didn't the General Services Administration have client- oriented, off-the-shelf stuff? We had $4 billion down the drain by the Federal Aviation Administration in this administration. We had $4 billion down the drain in the Internal Revenue Service in this administration. Now, where is the problem? There ought to be, GSA ought to have stuff off-the-shelf. Why doesn't it? Do you get it from GSA? Do you go out and do your own thing? Mr. Nygard. Mr. Chairman, they do now. At the time we were looking to develop an agency-wide system back in the early 1990's, all of the commercial off-the-shelf systems that existed were still what are called mainframe systems rather than client-server. We were trying to move ahead of the technology that existed for government agencies at the time and to develop a client-server-based agencywide system. What exists now, and what we are going to be using, will be off the GSA schedule, commercial off-the-shelf financial system to begin with. Mr. Horn. Well, I am delighted to hear that $8 billion results in something. So, that is good news to me today. Thank you, Madam Chairman. Mrs. Morella. Thank you, Chairman Horn. I am pleased now to recognize Ms. Jackson-Lee for any questions she may have. Ms. Jackson-Lee. As usual, let me thank the chairwoman for what has been an ongoing series of very vital hearings, and I appreciate very much the insight that has been given, and of course experienced some of the pain that we have evidenced here today in some of our hearings. I would like to followup on a line of question- ing, and hope that the panelists recognize that all of us in Congress want to be able to be of help to this process that is befuddling most of America. I think the new state of confusion for the country is certainly surrounded or is around year 2000, meaning that if you go into any community and raise the question, you will get all kinds of answers of what it means, and I have said for some it means survivalist camps, and others underground facilities, and just a lot that we hope we can clarify. And so it is important that the Federal Government be as prepared as it possibly can. To followup on that, then I would like to ask all of the witnesses to give me a sense of what is the general level of preparedness that you believe State governments are engaged in and why, and if you don't know the answer, why we don't know the answer? Why should we be engaged on the Federal level to be able to assess what is going on in our State governments, because don't they interrelate with the Federal system, and therefore there is a serious impact that will occur if our State governments--50 of them--are not up to speed, and what specific actions do you think we should take? And I would like to start with the GAO on that question. Mr. Willemssen. A couple points that I would like to make: First of all, the data that we have seen among States, there is a tremendous variance among States on their readiness, and even within States, among different programs, there is quite a bit of variance in readiness. So, on one hand, it is hard to generalize. However, if one had to generalize based on the data that we have seen, I think you would say that the State governments overall are behind the Federal Government. One of the reasons for that is that most of the data that we have seen at the State government level is self-reported information. There are few instances where other organizations have gone in and looked at the data. In some cases the ground truth is actually a little worse than what has been reported. Last year when he took a look at some of the key human services programs, the self-reported State data we were provided was quite disappointing. Regarding Medicaid systems, only about 16 percent of those were considered compliant, and that was self-reported information. Based in part, on those kinds of data points, the Health Care Financing Administration actually hired a contractor to go out to all 50 States to help them to try to get on top of this issue. So I think that the State issue is one of concern, I think it is one, though, that has been recognized by the executive branch, in large part through the recent memorandum that they have issued focusing on about 10 of the State-administered programs. And with Federal agency lead partners helping with those States, I think that has the potential to go a long ways toward helping to address this issue. Ms. Jackson-Lee. Can you name for us and help us find a bottom line for the five worst States that are not in compliance? Mr. Willemssen. Actually, the report we did in November, it was hard to generalize even at a State level, because within a State the food stamp program may have been in better shape then the Medicaid, whereas the Temporary Assistance for Needy Families Program may have been very bad. So, even within the State, it was difficult to generalize. I will say that there are certain States that have been working on this for some time. The State of Pennsylvania, for example, has been considered a leader within the year 2000 arena; that is not again to say that every program within that State is necessarily where it needs to be. Other States have also, within pockets, received publicity and good press for their excellent efforts, but, again, it is hard to generalize within a given State, because even a chief information officer within a State may not have full control and authority over all of those programs. Ms. Jackson-Lee. Mr. Willemssen, you are using great diplomacy by answering my question with a positive, but I will try to pursue it with you directly and separately from this hearing, as to where some of our States are that need serious help. Because I believe the question that Chairwoman Morella asked you about whether or not we may need more money, it seems that we might need more money to be able to assist some of the States that may not be where we need them to be. And I see the red light, if the chairwoman would indulge me just for a question and I won't ask the rest of the panel to answer that question. I thank you, Mr. Willemssen, but I will ask Ms. Reed to followup. In particular, I am concerned--I chair the Congressional Children's Caucus--and I am concerned with respect to the Agriculture Department. Child nutrition, food stamps, WIC, rely heavily on State information systems, and we understand that some States won't even be in compliance until 1999. So what contingency plans is USDA engaging in to help some of these States with their compliance? Let me, before you answer that, just note to my friend from USAID, that we applaud the great work that you do. I have just returned from Africa and I know the work that you do, and in difficult areas, in developing nations. However, it seems that it will be a great burden if you have seven systems and all seven of them are not working at this point. My time has run out, but if you are able to answer that comment--if the chairwoman indulges me--otherwise, I would take your answer in writing, but I would like to hear from Ms. Reed, who is with USDA. Ms. Reed. The Food and Nutrition Service has been working with the States since 1967 to make sure that they are aware, and that we are aware, of what needs to be done in these arenas. Ms. Jackson-Lee. Did you say 1967? Ms. Reed. 1997. Ms. Jackson-Lee. Thank you. Ms. Reed. I apologize. We weren't quite that prescient. [Laughter.] Ms. Jackson-Lee. You are quite ahead of your time. Ms. Reed. Thank you for that. However, we do now receive quarterly reports from the States. We have one that is just imminent here; the last report that I have is from December. A number of the States are reporting that they are compliant, but, as you indicate, some of the States do show that they don't plan to be compliant until quite late in the year. So we are requiring business continuity plans from each State. We are actually requiring each State to certify their compliance as we move into these later months. Our State directors and regional directors are working very intensively with the States to assure that we have the most information possible and, where necessary, can provide technical assistance to them. Mrs. Morella. Thank you, and thank you, Ms. Jackson-Lee. Ms. Jackson-Lee. Thank you. Mrs. Morella. Mr. Gutknecht, I am delighted to recognize you, sir, for the questioning. Mr. Gutknecht. Thank you, Madam Chair, and it is good to be here. Let me start by saying that I have had a couple of townhall meetings in my district about year 2000, and I am happy to report the State and local government officials who have testified--at least in my State--are more than eagerly moving forward with their plans, and I think we are making tremendous progress--at least in my State. And I feel pretty good about what we hear from some of the Federal agencies. But I want to come back to a point that Dr. Horn raised, and I think the real issue is about accountability. You know, it is disturbing that the FAA and--I will try to be diplomatic--in the end we wasted $4 billion, the FAA, and the story is that we also wasted $4 billion with the IRS. And I am not certain who to address this question to, but it strikes me that in the private sector, and one of the reasons--I think at least the major corporations; I am not so certain about small businesses--the only area that I am really worried about in terms of where we are going to be January 1st of next year, in my opinion, has much more to do with what is happening with small businesses, who are to busy or haven't taken the time, or for whatever reason. The SBA, Madam Chair, I might just say-- and we should make this available and maybe connect somehow to our website, whatever---SBA does have a wonderful kit that they have put together, including a CD ROM that sort of helps walk small business through what the problems are and what they need to look for, and so forth. And I really want to congratulate the SBA. But I want to come back to a point that concerns me and it is the word ``accountability.'' I think most major businesses-- and we have had major airlines and some of the power companies and other companies come and testify at our townhall meetings about what they are doing with year 2000. They understand that this is serious. In fact, my first hearing we had, I think there were six companies that testified, and collectively, they were investing somewhere in the neighborhood of $150 million to make certain their systems would work on January 1, 2000. The reason, I think, is they understand that ultimately they are going to be held accountable. I think the question that I have for anyone who wants to respond to it--you know, in the private sector there is an unwritten system of rewards and punishments. And I might just ask this question--maybe somebody can answer it--in both the situation with the FAA and the IRS, was anybody replaced or demoted because of the $4 billion which was wasted? Mr. Flyzik. If you would like, from the perspective of Treasury, I would suggest to you that the majority of the folks at the IRS that were part of that are no longer at the IRS. I don't know, specifically, whether or not it was resulting directly from this or not. I will suggest to you that we have learned some lessons, and I will suggest to you that we were building systems back then with some 1980's approaches with 1990's technologies. I think, the Klinger-Cohen legislation, passed by the Congress, clearly, puts responsibility on the CIO. I do believe that the legislation passed by the Congress makes it clear that the chief information officers are now responsible. I accept that responsibility and plan to stay through the year 2000 program at Treasury, and we jokingly say that CIO may mean ``Career is over,'' if we do not meet our year 2000 requirements. But I think the Congress passed the Klinger-Cohen legislation that makes it clear that CIO's are now accountable, and I think some of those lessons of the past are the reason the legislation was passed. Mr. Gutknecht. Anybody else want to respond to that? Is that generally felt throughout the various agencies, that people are going to be held accountable? I see some heads nodding; those don't show up on the tape. Ms. Reed. I will, on behalf of the Department of Agriculture--the Secretary of Agriculture has made it very clear that not only the CIO is accountable, but every single Under Secretary, every single agency administrator; their jobs are on the line, to make sure--our jobs are on the line--to make sure that we can continue to deliver USDA's programs. He has been most clear and emphatic on that point. Mr. Burbano. I would like to second that from the State. The Under Secretary for Management has put the responsibility for year 2000 delivery on every Assistant Secretary, including the CIO, which is me. Mr. Gutknecht. All right, can I change the subject real quick, because I see the yellow light is already gone, and really I want to come back to Mr. Burbano. As I say, I feel fairly confident that somehow our State and Federal Government and local governments are going to slug through this thing, but I am much more concerned about what is going to happen in foreign countries. I don't know how well you guys are plugged into--you are the best guesses we have got in terms of what is going to happen in some other countries, some of our trading partners around the world. What is your best guess, what is going to happen? Mr. Burbano. OK, we have an international working group comprised of several agencies in the international affairs arena, co-chaired by the Department of Defense and State Department, and the Secretary has tasked each chief of mission, the Ambassador, to fill out a contingency plan toolkit that we have, which is due back April 16, which we will then put together and look where the gaps are. It is very detailed. It looks at the energy, water, transportation, telecommunications, healthcare, finance, public services, and technology systems of every post and every country, and based on what we have seen in there, we will be in a position to do that. So that is one side of the house. The other side of the house is we are collecting information from all the different agencies, as well as different private sector firms such as Gartner, putting it together, and we plan to have that information available sometime during this summer, which will give us that kind of information. Obviously, you know, we have to be concerned about possible release of that data in order not to cause harm. So we are in the mist of grappling with that issue. But we plan to be prepared to have that information this summer, and we plan to prepare to have these contingency plans post-by-post, country- by-country. April 16th is when we are due, and then we have to do some analysis, and so forth. Mr. Gutknecht. OK, thank you. Mrs. Morella. Thank you, Mr. Gutknecht. Mr. Burbano, picking up on that same issue, what percentage of State Department year 2000 funds are being specifically designed for embassies abroad? Mr. Burbano. I would like to get those figures back to you. I don't have it broken down by overseas, but I would like to get those figures back to you. Mrs. Morella. Sure, that would great, because I am actually also interested in whether or not the allocation is based on certain criteria that you have established. I mean, for instance, would our embassy in Italy have more in the way of year 2000 funding then our embassy in Tanzania? I mean, what do you use for criteria in that regard? And then, you know, I am interested also--and I know my colleagues are, too--in what contingency plans you have for embassies and in countries that are not year 2000 compliant. I think we have all had experiences with questioning the authorities in so many of the countries, including industrialized countries, and find that their responses seem to be in a vacuum with regard to understanding the situation, let alone implementing it. So if you could get that information to me, and actually to all of you, I guess I would ask the agency representatives, the CIO's. GAO has, in its testimony, made many recommendations, such as establishing the target dates for contingency plans, the end-to-end testing, requiring the agency head to certify that systems are truly compliant, implementing a moratorium on software changes to ensure that these systems are compliant at the turn of the century. And I guess I would ask you is, do you agree with those recommendations? Do you plan to implement them? And I will start with any one of you, any one who wants to begin. Mr. Flyzik. Throughout the entire process of year 2000, we have had at Treasury a very positive working relationship with GAO. We have used the GAO guidance throughout the entire process, their contingency planning model, and it truly has been a value-added kind of work process we have used with GAO, and we intend to continue to use their guidance. I think the change management moratorium will be relatively controversial. There are many, of course, industry counterparts that have strategic plans where they are moving forward, and as changes are made in the commercial sector, it will impact some of the things we are doing. We also have, for example, at Treasury the IRS, where tax law changes are going to require certain changes. What we will likely do at Treasury is implement some type of exception process to minimize any changes, but I think we will need some flexibility in that guidance for things that are just out of our immediate control. Mr. Burbano. At the State Department this past fall we issued a moratorium on development other than year 2000. We did have an exception process for security, health, and other items. Up to date, we have put about 26 systems on the shelf as a result of not being year 2000 or security-or health-related. We are also issuing a moratorium this July on operating systems and off-the-shelf systems, and in September for application systems. In terms of an earlier question about the countries and embassies, as I mentioned, when we get back our contingency plans which look at various systems I talked about--the energy, the water, transportation, telecommunications, healthcare, finance, public services, and technology--that is our criteria. We see where the gaps are, and when we get the information this summer from the international working group as to where the countries are, as opposed to the post, we will put those together and we will clearly see, you know, what additional funds are needed based on those two items, the post situation and the country situation. Mr. Nygard. We at USAID have also been following the GAO guidance pretty closely. We find it useful, particularly the moratoriums. It has helped us to fend off requests from inside the agency and elsewhere for changes, just saying that year 2000 has to have the highest priority. So we found it very useful guidance and have been following it closely. Ms. Reed. I certainly will echo that for the Department of Agriculture. We have tried very consistently to follow their guidance and have found it quite helpful in that regard. We, too, will be looking very closely at the change management program. We are extremely cognizant of the need to assure that there is stability as we go into the year 2000. One of the issues that we are continuing to wrestle with is that some of the software that has been determined to be compliant by vendors, who continuously send us patches and upgrades. We certainly want to be in a position, if a software vendor recommends to us that we need something for year 2000 compliance that we had not foreseen earlier or they had not foreseen earlier, that we still able to implement it. So we need to be looking carefully at just how we approach achieving that stability. Mrs. Morella. I would like to also just briefly ask you, are all of the four agencies that we have before us, have all of you undergone the independent verification and validation process? Say yes and no. Mr. Flyzik. Absolutely. Mr. Burbano. Yes, and I would say that we have done it at two levels. We did it first within the CIO office in the bureau, and then we are doing it at a second level with the Office of the Inspector General, and we developed that criteria. So we are actually going through it twice. Mr. Nygard. Yes, we, too, are using independent validation and verification, and then after that, all of our systems will be reviewed by our Inspector General. So we have two stages as well. Ms. Reed. IV&V has been a very, very key part of our year 2000 management program and will continue to be, as has our work with the Inspector General. Mrs. Morella. And, Ms. Lee, will you be requiring that all agencies undergo the IV&V? Ms. Diedre Lee. That is part of the system, not only the mission-critical system assessment, but also as we do the seamless program checks; we will verify that that has been done. Mrs. Morella. What if agencies say they don't have the time to do it? Would you be helpful? Ms. Diedre Lee. We haven't heard that to date, and because of the schedules of the mission-critical systems, that schedule that they put in place includes the IV&V piece. In fact, some of the agencies that are not yet 100 percent, that is the piece they are missing; they have gone that far. If they haven't completed that, they are not in the 100 percent category. Mrs. Morella. Well, thank you. Chairman Horn, your turn at bat. Mr. Horn. Thank you very much. The Director of OMB sent out memorandum to the head of the executive departments and agencies, dated March 26, 1999, and without objection, I would like that included in the record at this point, because my questions will relate to that memorandum. Mrs. Morella. Without objection, so ordered. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED]61120.071 [GRAPHIC] [TIFF OMITTED]61120.072 [GRAPHIC] [TIFF OMITTED]61120.073 [GRAPHIC] [TIFF OMITTED]61120.074 Mr. Horn. Ms. Lee, there are roughly 19 departments and agencies that are shown in his attachment, and that is where the 42 programs come from. I wonder if you could just tell me, how were those 42 programs selected? Ms. Diedre Lee. We actually went out to the agencies and got agency input, as well as other governmental input. I think this might be a time to mention that, as we were talking about concerns of the States and other governments, we do have the President's Council on Year 2000 Conversion, and they have been very active in dealing with the Governors' associations, outreach programs, meetings, et cetera. That is also going on as we speak, and generally John Koskinen, who represents that group, speaks of their outreach activities and their accomplishments. But through the consultation process with the agencies, and with the State and local governments, and in assessing the programs that had direct impact on people, this list was developed. But, it is an ongoing list, and should you have other programs that you feel are important, we are more than happy to add those, and make sure we have a lead agency assigned to it and that we monitor the progress. Mr. Horn. Well, was the criteria based on what is the most that these programs are in relation to people? Is that it? You just said that. Ms. Diedre Lee. I can get you the specific criteria that we went through, but, generally, it was: what are the major programs that cross agency lines that we couldn't say are mission-critical? Programs that may cross numerous agencies, State, local governments, and that have a delivery or an end product that we think we directly affects health, welfare, and safety of people. [The information referred to follows:] We have asked Federal agencies to work with their partners to assure that all Federal programs will work. In developing the list of high impact programs about which agencies are reporting status information to OMB, we looked at the Federal government from an individual's point of view and selected programs that, if interrupted, would have a direct and immediate impact on individuals. Mr. Horn. Well, as it reads, you are absolutely right, that is the basic criteria, it would seem to me, both with other agencies to the Federal Government, as well as with State and local agencies, and I don't have a problem with that. But I guess I would ask the question, where are some of the very difficult programs that might not meet that criteria, but must be taken care of long before January 1, 2000? Let me give you an example. I don't have a problem with the Department of Defense having its two programs of military hospitals and military retirement. Granted, they are, in essence, very much like what you have under USDA, or you have under HHS, or you have under HUD programs that affect a lot of people. I guess what I do worry about is, where is about the 100 or so readiness programs that the Department of Defense ought to have on this list? Is there a separate list floating around? Ms. Diedre Lee. OMB didn't create a separate list, but we do acknowledge and recognize the Department of Defense has a lot of military programs. Certainly, some would say you could add them to this list. But because we generally say they are not something that an individual per se has an interaction with, the Department of Defense on military systems are not put on this particular list. Nevertheless, we are very aware of that issue and DOD is tracking their mission-critical systems as well. Mr. Horn. So you have a list of the readiness programs? Ms. Diedre Lee. I believe DOD has that list. I can certainly get it for you. I don't have it at this meeting. [The information referred to follows:] The Department of Defense is closely tracking the Y2K status of its readiness programs. We are confident that the DoD systems will be ready for the new millennium and that the Department will be able to continue to carry out its missions. Mr. Horn. All right, because I guess I would ask you, what are the key programs that are not on this list, and that would include all agencies? I mean have we--is this it? Or are there others even on the domestic non-military agencies? Ms. Diedre Lee. These are the 42 high-impact programs that we have identified on the non-military side, with those two exceptions. But it is a continuing list, and as we progress farther in the business continuity and contingency plans, we could identify additional programs to be added. Mr. Horn. Now, as I understand it, there are master plans for each of these high-impact programs to guide the key organizations to be sure that they work, one, together; No. 2, that they really work, and No. 3, that they be brought in, I guess by, April 15th. Is that roughly it? Ms. Diedre Lee. We are looking for the business continuity and contingency plans to be in on April 15th, 2 days from now. We will then look at those plans, along with GAO, for thoroughness and other issues. That is going to give us the next step on. If they are thorough and descriptive and end-to- end, we have one situation, versus if there are pieces of information missing or holes or there is non-continuity, we have another situation. Mr. Horn. It is good to know that on April 15th, when taxpayers are sweating out paying the revenue side of the coin, that agencies are sweating it out paying the expenditures side of the coin. So that---- Ms. Diedre Lee. Share the wealth? Mr. Horn [continuing]. I find a certain symbolism in this; maybe you don't? In your opinion, when will these high-impact programs be certified as year 2000 ready? Ms. Diedre Lee. It will be program by program. I wish I could tell you there is going to be one date. But that is going to be part of the plan, and part of the contingency plan is going to maintain the schedules and the milestones. From there we will set up the tracking mechanism. I feel certain that we will be back to discuss that with you further. Mr. Horn. OK. Now, let me ask both you and Treasury, to which this is relevant, the President held his second statement on the year 2000 acknowledging Social Security's very good job of compliance. I had assumed, when he did that, that he also knew that the Treasury's Financial Management Service had been 2000 compliant. And I guess I need to ask the Treasury representative, is the Treasury's Financial Management Service compliant? Because, as you know, it needs to turn out about 43 million checks a month from the Social Security Administration. I guess I would ask you, to what degree is FMS compliant? Mr. Flyzik. Chairman Horn, as noted in my testimony, over 90 percent of the payment systems are now using year 2000 compliant software, including Social Security and supplemental security income payments. The last payment system to be made compliant is the Office of Personnel Management Payment System for Federal annuity payments. That system is ready to go at the FMS and it is waiting on an interfacing system. For those systems where FMS did not meet the March 31st deadline, you should be aware that FMS, in many cases, is waiting on other interfaces with other agencies to actually implement year 2000 compliant systems. So, the FMS system is ready to go. Mr. Horn. OK, let us just take Social Security. Is it ready to go 100 percent on Social Security? Can they cut the checks? Can they send them? Then the question is, what about the depositories, credit unions, banks, whatever? Mr. Flyzik. Yes, in terms of cutting the checks, the answer is yes. In terms of the banks, the depositories are. Office of the Controller of Currency, as well as the Office of Thrift Supervision, continue inspection programs. Their latest report sent to the Congress indicates over 90 percent of the financial institutions being year 2000 ready. So, we are on a very positive trend. We are putting together and are doing testing among FMS, IRS, Social Security, and all of the revenue collection agencies, as well as the payment agencies, end-to- end and interoperability testing, simulating configurations in a laboratory environment. Mr. Horn. OK, let me just go down the line: Are you ready to submit your April 15th report and plan to OMB? Will you be able to do it on time? How about Treasury? Mr. Flyzik. Yes, we will, and sitting right behind me is my program manager--who does all the work that I get all the credit for--is working on that as we speak. Mr. Horn. So if you go, he goes, is that it? [Laughter.] OK, or is it the other way around? Let me ask the gentleman from the Department of State: Are you ready on that April 15th? Mr. Burbano. Yes, we are ready. Mr. Horn. OK. Let me ask Mr. Nygard of the Agency for International Development. Mr. Nygard. Mr. Chairman, I think we get a bye on that; we don't have any systems on that list. Mr. Horn. Well, I would have put you on the list 3 years ago, Mr. Nygard. So, I mean, what is there left to do? Are you going to be able to do this job in AID or are we going to go back to the abacus? Mr. Nygard. No, we are there. We will do the job; no question. Mr. Horn. OK. Yes. They are now your ward, by the way; you are the guardian now of AID, right? So what is happening on the Department of State with its new child? Mr. Burbano. Well, we are integrating with USI and with ACTA, and we have met and continue to meet with USI and ACTA, and we plan to be fully compliant with our systems with both of those before the end of the year at this point. I would like to say, in terms of the 40 systems that you were addressing on the passport issue, that system is out of the independent test and validation phase; it is in deployment, and we plan to have that system fully implemented, the 14 passport offices, by the end of this month. So, not only will we have our report in, but we will have the system fully implemented by the end of this month. Mr. Horn. Well that is good news, because you do--what-- over a million passports a year? Mr. Burbano. Yes. Mr. Horn. I know it is substantial and you have had a very efficient operation, as I have seen it. So this will carry that on? Mr. Burbano. Absolutely. So, again, we are fully implemented by the end of this month on our one system that is on that list. Mr. Horn. Now, will the Agency for International Development be part of your jurisdiction? Mr. Burbano. No, that is why I was saying it is USI and ACTA. We do work closely as my counterpart mentioned. Mr. Horn. You are all in the same building, so I wouldn't think it is to hard to communicate. Mr. Horn. No, no, we work together, but we are not integrating their systems as we are with USI and with ACTA, so we do work and exchange information. They are part of the international working group as well, and they are out there in the post collecting information, sharing it with us; we are sharing it with them. So, we do work closely and help each other, but their systems are not being integrated with ours. Mr. Horn. OK, how about the Department of Agriculture, Ms. Reed, are you going to be able to give them something on April 15th? Ms. Reed. We will be able to provide something, I will tell you that I think that it will require additional work, particularly the section on food safety, where we serve as the lead agency. I think we have pretty good command of what we have been doing within USDA, but we need to reach out to our partners across the Federal sector to assure we have incorporated their work, and quite frankly, that may take us just a little bit longer to do, but we will meet that commitment, because we take it very seriously. Mr. Horn. One of the columns on our quarterly report card has been the contingency plan. A lot of agencies have said it is the U.S. Post Office, in other words, mailed the checks, rather then electronically deposit. We then had a hearing with the U.S. Postal Service, and they have no contingency plan. So I find that rather interesting, and we have the phrase ``in progress'' for most of the 24 major executive agencies and Cabinet departments. I just would like to ask the four agency people here today, are we going to get in Congress another in- progress-type thing on your contingency plan, or do you have a contingency plan before the next quarterly report? Mr. Flyzik. At the Treasury Department we established March 31st, this past March, as the date for all of our bureaus to work on business continuity and contingency plans. On March 31st, all but four of the bureaus had those plans into my office; the other ones are coming in now or will be in very shortly. We are going to do an analysis of those plans and put them together to come up with a Treasury-wide approach. So, we feel at Treasury we are ahead of the curve a little bit in this particular area and will look forward to reporting to you as we do the analysis of where we stand on the plans. Mr. Horn. State? Mr. Burbano. For the State Department, we have 59 mission- critical systems. Out of the 59, we have 47 systems that have been completely finished and verified; 12 are in the mist of being finalized, and we plan to have those finalized by June. Mr. Horn. So you are saying, you don't need a contingency plan? Mr. Burbano. Oh, no, no, no. I am saying we have a contingency plan for each of them. Mr. Horn. For each of them? Mr. Burbano. Right, that is why I was saying, out of those 59, 47 are solid green. Mr. Horn. Fine. How about the Agency for International Development? Mr. Nygard. We are in the process of completing our contingency plans. We expect them to be completed by June 30. So, for our next quarterly report you will get an ``in- progress'' from us, but progress is going as per schedule, and we will be implementing those plans by the beginning of the summer. Mr. Horn. Agriculture? Ms. Reed. We sent out guidance to our agencies last fall on business continuity and contingency planning. I have received the first draft from all agencies within USDA, except for one; I expect to have that one shortly. We have been reviewing that draft, and I can tell you that it is version one. We know we will have more work to do, but we feel relatively confident that we will have a strong business continuity and contingency plan in place by June 15th. Mr. Horn. Well, I thank all of you. I am going to have to leave for another meeting, and thank you, Ms. Chairman. Mrs. Morella. Thank you, Mr. Chairman. And I am going to just ask one other question. Actually--I don't know--maybe it was in your testimony, Mr. Burbano, but it was reference to the year 2000 Program Management Office's strike teams. What do the strike teams do? Sounds like terrorism to me. Mr. Burbano. Well, we needed a strike team. You know, when I came on board we were zero compliant, and, you know, it took a lot to get us to 90 percent within 11 months. So, what I did, with my Deputy CIO for year 2000, is we got together and we decided we needed some strike teams to come in to not only do analysis, but provide assistance to each bureau to get us up there quickly in our steep curve of implementation. And they have actually provided the assistance, besides the analysis, in order to do test validations for helping contingency plans, for helping remediate, and so forth. So in all phases they have helped out, and continued to help out, the bureaus. Mrs. Morella. It just seems to me, from what has been stated in your wonderful testimony and response to our questions, that we are looking to April 15th for a view of the critical programs beyond what you have told us today: plans, milestones, also business continuity plans that I think is so important, and then as we go on to the end-to-end testing. So much more needs to be done, but I just am very much impressed with the progress that has been made. And as somebody who cares, as Mr. Horn does, very much about Federal employees, I do want to applaud you for responding to the challenge and the task. It is not all over yet, but, again, your cooperation in so doing I hope is a model for the States and local governments. Again, we will be back to you and hope you will be back to us about it. So I want to thank you all for coming before us. Thank you, Ms. Lee, and Mr. Willemssen, and Ms. Reed, Mr. Nygard, Mr. Burbano, and Mr. Flyzik. And I wanted to pick up the tradition that was established by Chairman Horn, and that is to acknowledge the staff who helped to put the committee hearing together: J. Russell George, who is with the Subcommittee on Government Management, Information, and Technology; Matt Ryan, senior policy director for GMIT; Bonnie Heald, who is the director of communications; Mason Alinger, who is the clerk; Richard Lukas, the intern. Technology is Jeff Grove, staff director; Ben Wu, professional staff member; Joe Sullivan, the clerk. And on the minority side, Faith Weiss, who is the counsel; Earley Green, staff assistant; Michael Quear; Marty Ralston, committee staff, and our court reporter, Kristine Mattis. And I thank you all, and the joint committee is now adjourned. [Whereupon, at 3:25 p.m., the subcommittees were adjourned.] -