FROM THE OFFICE OF PUBLIC AFFAIRS

Mr. Chairman, Members of the Committee, I am pleased to appear before you today to discuss the Office of Inspector General's oversight of the Department of the Treasury's efforts to address the Year 2000 (Y2K) problem.

One thing is clear: this problem must be fixed, and failure is not an option. The two bureaus represented here today--the Internal Revenue Service (IRS) and the Financial Management Service (FMS)- provide services that are essential not only to government but to the public as well. Those who pay taxes and those who receive tax refunds and other government payments have a great deal at stake in the successful Y2K conversions of these two bureaus.

There is a great deal of focus on Y2K both in Treasury and throughout the Federal government. Plans are in place, a structured approach has been established that defines the various phases for a Y2K conversion, milestones have been set, and a progress reporting mechanism is in place.

Despite these accomplishments, two factors create a high risk that significant problems could occur to prevent a successful Y2K conversion. First, the sheer size and magnitude of the work to be done will make it difficult to manage. Second, the deadline cannot be extended; it is January 1, 2000 and, for some operations, sooner than that. With the amount of work left to be done and everyone competing for scarce information technology staff resources, this presents an enormous challenge. It will take many people working very hard and efficiently between now and the year 2000 to get the job done.

Having said that, let me briefly describe the OIG's oversight of Treasury's Y2K conversion effort. This year our Y2K audit work will be done in two phases. The first phase is nearing completion. As part of our financial statement audit work, we have been evaluating the Department's compliance with the Y2K provisions of the Federal Financial Management Improvement Act (the Brown Bill). We have found that the Department is meeting OMB's quarterly reporting requirements and that the quarterly reports show the Department as a whole is meeting OMB's milestones.

While encouraging, these results must be qualified in two respects. First, our results are based primarily on the quarterly status reports provided to OMB. We have not yet performed extensive tests to verify the accuracy and completeness of this information. Second, the milestone dates that have been met thus far do not cover the real meat of the Y2K conversion process. They cover what GAO defines in their Year 2000 Assessment Guide as the awareness and assessment phases. The next three phases--renovation, validation and implementation--will be crucial in making a successful conversion.

Our phase 1 review identified two areas of concern that the Department is already working to address. The first is the need for a standard Year 2000 certification process. The second is the need for more complete and descriptive Year 2000 contingency plans to ensure continuity of Treasury's core business processes in the event of a Year 2000 induced system failure.

In our phase 2 audit, starting this month, we will substantially increase our audit effort. We will look behind the information in the quarterly status reports to verify the progress being reported to OMB. More importantly, we will examine the next two crucial phases in the Y2K conversion process--renovation and validation. Our audit work will focus on three main areas:

1. Management Oversight

We will evaluate both the Department's and each bureau's Y2K conversion oversight process. As part of this effort, we will assess how project status is validated, how conversion waivers are managed, and the completeness and accuracy of cost models.

2. Certification Process

We will determine if a certification process exists and is effective for ensuring that a system is Y2K compliant. We will examine data exchanges with external trading partners and the processing of data in an integrated environment. We intend to perform independent testing of certified systems with the help of an outside contractor.

3. Contingency Planning

We will determine if contingency plans exist and are reasonable and complete to effectively mitigate the risk of a Y2K failure. In addition, we will assess the adequacy of the Department's and bureaus' business impact prioritization of their mission critical systems.

We plan to report deficiencies as they are identified. Our goal is to alert the Department and bureaus to any significant vulnerabilities that they need to quickly address to reduce the risk of a Y2K failure. We plan to complete our phase 2 audit work in August and issue a consolidated report to the Department in September. Based on the results, we will determine the scope of additional audit work for the remainder of 1998 and into 1999.

We, as well as the Department and the bureaus, have a great deal of work ahead of us. One of our challenges will be to find a way within our existing resources to give adequate coverage to this area. We will have some help in this regard, especially at IRS.

The IRS Chief Inspector's Office has an extensive audit effort underway at IRS. They recently issued a final report on IRS' project planning and project management methodology and made several recommendations for improvement. They have nine additional audits that are either ongoing or planned, to cover various pieces of the IRS Y2K conversion effort.

Also, the Department's contractors are providing management support and Year 2000 assessments. We used these assessments in our phase 1 audit work and will leverage off of some of this work in phase 2.

Finally, we are aware that GAO will be conducting reviews of Y2K conversion efforts in Treasury. We are coordinating with both GAO and the IRS Chief Inspector to avoid duplication and leverage our resources. Among the three audit groups we hope to give audit coverage to most, if not all, of the critical Treasury operations.

This concludes my opening statement. I will be happy to answer any questions that you may have.