IRELAND 23 September 2018
Value for Money Examination 28; Year 2000 Compliance Summary
Since the mid 1990s, Government Departments and State Bodies have spent significant resources m order to ensure that their business operations will not be adversely affected by the Year 2000 problem. The pervasive nature of the problem in terms of the potential failure of key systems which depend on computer processors and the consequent disruption to the provision of public services has increased the urgency of ensuring that all affected systems are rendered compliant before the critical date when the problem might take effect.
To have due regard to achieving value for money, it was necessary that projects established to achieve Year 2000 compliance should be planned, managed and completed by reference to established best practice. In an ideal situation, sufficient time should be available to maxinuse value by taking the opportunity to add functionality to systems in the course of Year 2000 compliance work. This examination considered how four Government Departments and two State Agencies have organised and managed Year 2000 compliance work. It also looked at how three Departments are monitoring the efforts of bodies under their aegis to achieve compliance. The key questions considered by the examination were
whether the planning and management of Year 2000 compliance projects conformed to best practice
whether compliance strategies have been implemented in the most efficient and cost effective way
whether, based on the analysis carried out within the examination, systems are likely to achieve compliance on time.
Ernst & Young (lreland) conducted the examination in association with a liaison team from the Office of the Comptroller and Auditor General.
Planning and Management
In March 1997, the Centre for Management Organisation and Development (CMOD) issued an advice note establishing best practice for the planning of Year 2000 compliance projects. Departments were requested to submit project plans by the middle of 1997 which would aim to achieve compliance by the end of 1998. Departments with bodies under their aegis were requested to collect information on the steps being taken to ensure that they would achieve Year 2000 compliance on time. The Government established an Interdepartmental Monitoring Committee to oversee Year 2000 compliance work and to report on progress on a regular basis to Government. While the arrangements for central monitoring were effective, the advice note should have given greater emphasis to the need for senior management support for Year 2000 work. It would also have been preferable for the advice note to be released up to one year earlier to allow for proper consideration of the opportunities to maximise value for money by building in improvements to the functionality of systems covered by Year 2000 compliance projects.
Although Departments generally took action on foot of the CMOD advice note, there were several areas in planning where best practices were not fully observed. The project boards set up to oversee Year 2000 compliance work have not had sufficient authority to ensure that the projects were adequately resourced. The quality of investment analysis (i.e. consideration of the costs and benefits of projects) has been limited as statements of the costs and benefits of alternative solutions were not prepared by any of the organisations examined. Ahhough a risk management approach has been applied, insufficient attention was given to contingency planning at the project planning stage. Delays in obtaining resources in the Department of Agriculture and Food have led to an important project starting later than had been originally expected. In the Office of the Revenue Commissioners, the project managers accepted requests for changes in the functionality of programs without a proper assessment of the impact these would have on the costs and benefits of the project or on the project time schedule and risk profile
Some bodies under the aegis of the Departments of Health and Children and the Department schedule and risk profile. of Education and Science have been slow to respond to requests for information by their sponsoring Departments. The Government has issued instructions to improve the frequency of reporting of progress by bodies under the aegis of Departments.
Project Execution and Costs
There are four broad approaches to solving the Year 2000 problem. Systems may either be converted by recoding the date or be replaced by new systems which are already Year 2000 compliant. The conversion or replacement may be done internally by the organisations themselves or externally by vendors or consultants. The solution strategies adopted by the organisations covered by the examination varied according to the nature and extent of the problem and the availability of resources. In all cases, it was found that the solution strategies adopted were appropriate in the circumstances.
The organisations generally started Year 2000 compliance projects in the course of 1997. In Finance and Agriculture work on two key projects planned for replacement was delayed until 1998 due to a shortage of skilled staff. In Agriculture it has been decided to make the existing system compliant at a cost of ?815,000. In Finance there was a need for greater external consultancy than originally planned. All the projects examined were proceeding according to plan.
While the cost of Year 2000 project work is controlled at project level, the full cost of all Year 2000 work has not been established. There is no centralised system to comprehensively and systematically monitor full costs, including opportunity costs, and which would provide a method for assessing the overall financial implications including the extent to which value for money has been achieved. In mid 1997, Departments submitted a forecast of the additional costs they expected to incur to achieve Year 2000 compliance. Work already funded from existing information technology budgets and the Opportunity costs caused by the need to divert staff from other valuable work were not included in the forecast. A contingency fund of some ?40 million was established at the end of 1998 and much of this is expected to be used in the health sector.
During the examination it was clear that none of the projects examined would meet the originally suggested target in the CMOD guidelines of achieving compliance by the end of 1998. While effective management of all project risks will have a critical impact of whether the projects are completed successfully, the likely achievement of Year 2000 compliance will largely depend on the results of testing. None of the organisations have completed their testing. Using best practice advice, the Department of Social, Community and Family Affairs originally estimated that testing for its projects would require 18 man years of effort. This has since been revised to 44 man years. The Office of the Revenue Commissioners have a significant exposure to testing risk. In other organisations where work has been outsourced, there is a dependence on vendors. The position of bodies under the aegis of Departments is less clear and for some Departments the monitoring arrangements and reporting to Government have been increased.
The organisations examined have not paid sufficient attention to contingency planning in the event that either problems emerge in testing or the projects are not successfully completed on time. The Department of Social, Community and Family Affairs is planning to produce a business continuity plan by the end of March 1999 while Finance have stated that an existing key system can be made compliant should development of the new system be delayed. The other organisations are now beginning to pay more attention to this issue. Although, there 15 Optimism that the work will be completed in time, it would be prudent to review and update plans for the continuance of critical public services in the event that full Year 2000 compliance is not achieved.
The experience gained from the planning, execution and monitoring of Year 2000 compliance projects has highlighted three areas in information systems project management where value for money is at risk. The involvement of senior executives in project planning and their ability to secure adequate resources for projects is critical for successful project management. The pressure caused by a shortage of key information technology analysts and programmers has highlighted some inflexibility in recruitment and staff retention procedures and an inability to respond quickly to sudden externally imposed threats. The lack of a comprehensive investment analysis to underpin the solution strategies adopted by the organisations makes it difficult for them to demonstrate that they have maximised value for money in the conduct of Year 2000 compliance projects.