Testimony of Deidre A. Lee
DEIDRE A. LEE
ACTING DEPUTY DIRECTOR FOR MANAGEMENT
OFFICE OF MANAGEMENT AND BUDGET
THE SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
INFORMATION, AND TECHNOLOGY
THE SUBCOMMITTEE ON TECHNOLOGY
OF THE COMMITTEE ON GOVERNMENT REFORM
U.S. HOUSE OF REPRESENTATIVES
April 13, 1999
Good afternoon, Chairman Horn and Chairwoman Morella. As you know, I have been serving as Acting Deputy Director for Management since April 1. Although I am still somewhat new to this issue, I have been working closely with OMB staff to come up to speed. I am pleased to appear before the subcommittees to discuss the government's progress on the year 2000 problem, and I will do my best to answer your questions. Chairman Horn and Chairwoman Morella, I would like to start by thanking you and the other members of the subcommittees for your ongoing interest in the Y2K problem and its potential implications for our country.
Today I would briefly like to address the progress that has been made in the Federal arena, our challenges and next steps, and funding.
As you know, the Administration has been working for more than three years on this problem. Agencies have been working through the phases of awareness, assessment, renovation, validation, and implementation. Each phase has been a challenging one, as Federal agencies worked through the process of systematically identifying and prioritizing mission critical systems; addressing the implications for systems and equipment containing embedded chips, such as security systems, heating and air conditioning units; working with data exchange partners; testing and retesting systems; and working with service delivery partners, such as contractors, banks, vendors, and State, local, and tribal government to the ensure the readiness of programs supported by the Federal government.
Last year, former Director Franklin Raines established the ambitious goal of having 100 percent of the Federal government's mission-critical systems Y2K compliant by March 31, 1999 -- well ahead of many private sector system remediation schedules. I am pleased to report that the Federal government nearly achieved that goal. As John Koskinen and former Deputy Director for Management Ed DeSeve noted at the National Press Club on March 31, 92 percent of the Federal government's mission critical systems met the government wide goal of being Y2K compliant by March 31, 1999. These systems have been remediated, tested, and are back in operation.
This represents dramatic improvements from the progress of the Federal government a year ago, when in February of 1998, only 35 percent of agency mission critical systems were compliant. Overall progress in the Federal government is a tribute to the hard, skillful, and dedicated work of thousands of Federal employees and contractors. And while much work remains to be done, we fully expect that all of the Government's mission critical systems will be Y2K compliant before January 1, 2000.
While several agencies are here today to discuss their progress -- the Treasury Department, the Department of Agriculture, the State Department, and the U.S. Agency for International Development -- I will provide you with some overall figures. Thirteen of the 24 major Federal departments and agencies now report that 100 percent of their mission critical systems are Y2K compliant. These agencies are: the Departments of Education, Housing and Urban Development, Interior, Labor, and Veterans Affairs; the Environmental Protection Agency, the Federal Emergency Management Agency, the General Services Administration, the National Science Foundation, the Nuclear Regulatory Commission, the Office of Personnel Management, the Social Security Administration, and the Small Business Administration.
In addition, three agencies report that between 95 and 99 percent of their mission critical systems are compliant and that they expect to be finished soon. These agencies are the National Aeronautics & Space Administration, the Department of Energy, and the Department of Commerce. Four agencies report that between 90 and 94 percent of their mission critical systems are compliant: the Department of Justice, the Department of Agriculture, the Treasury Department, and the Department of Health and Human Services. Finally, three agencies report that between 85 and 90 percent of their mission critical systems are compliant: the Department of Defense, the State Department, and the Department of Transportation. The U.S. Agency for International Development has not yet completed implementation of its seven mission critical systems.
Based on monthly agency reports received April 10, 93 percent of mission critical systems are now complete -- an increase of one percent within the last two weeks. From a base of 6,433 mission critical systems at this time, 408 mission critical systems remain to be finished. Excluding the Department of Defense, 163 mission critical systems are working towards dates that are beyond the March 31, 1999, government-wide goal. Within the Department of Defense, 245 systems are working towards dates beyond the government-wide goal. We are preparing to issue guidance to agencies, asking agencies to report, beginning May 15, on their remaining mission critical systems by name and to include a timetable for completing the work. Agencies will report monthly on their progress.
Agencies have set realistic goals for the completion of their work and are working hard to finish fixing these systems. We are confident that every mission critical system will be ready for the year 2000. Detail on the status of systems behind schedule as of February 15, including projected completion dates, was provided in OMB's last quarterly report to Congress.
As I have just related to you, we are confident that systems will be ready. However, the critical task is to make sure that not just systems, but the programs they support, will be ready. In response, we are taking a look at the Federal government from the individual's point of view to determine what programs have the most direct and immediate impact on the public.
Accordingly, on March 26, 1999, OMB issued guidance to the agencies that identified 42 "high impact" Federally supported programs and directed Federal agencies to take the lead on working with other Federal agencies, State, Tribal, and local governments, contractors, banks, and others to ensure that programs critical to public health, safety, and well-being will provide undisrupted services. Examples include Medicare and Unemployment Insurance. Agencies have also been asked to help partners develop year 2000 plans if they have not already done so to ensure that the program will operate effectively. Such plans are to include end-to-end testing, developing complementary business continuity and contingency plans, and sharing key information on readiness with partner organizations and with the public. Agencies have been asked to report to OMB on their work. Our goal is to publicly demonstrate that these programs will work.
By April 15, 1999, agencies have also been asked to provide to OMB a schedule and milestones for key activities in each plan, a monthly report of progress against that schedule, and a planned date for an event or events to announce that the program, as a whole, is year 2000 ready. Clearly, this initiative requires a great deal of cooperation and hard work, but success is in everyone's interest.
And while these programs are critical to the work of government, the smooth operations of government also rely on functions that may not have an immediate and direct effect on the public at large, but are nevertheless essential to sound management of the agency, such as financial management systems or personnel systems. These functions, which include high impact programs, have been identified as core business functions.
Agencies are developing Business Continuity and Contingency Plans (BCCPs) to assure that their core business functions will operate. While agencies are confident that the measures taken for Y2K compliance are sound, the chance remains that, despite testing, a bug may still slip through. In addition, every manager realizes that elements beyond the agency's control will remain. For example, a temporary power shortage, bad data from a data exchange partner, or the inability of a vendor to provide key supplies could disrupt work at an agency. Many of these scenarios could happen - and have happened - independently of the Y2K problem. An essential requirement for sound management of the year 2000 problem is to plan and prepare for the unknown effects of Y2K as well as for issues that are beyond the control of the agency.
We have directed agencies to use the General Accounting Office's (GAO) guidance on this subject in preparing their plans. Additionally, many agencies are working closely with their Inspectors General and/or expert contractors in the development of these plans. While it is expected that BCCPs will continue to change through the end of the year as agencies update and refine their assumptions and as they continue to test and modify systems, we have asked agencies to submit their initial BCCPs to us no later than June 15. We will work with the agencies to assure government wide consistency of their basic assumptions surrounding the year 2000 problem.
As you know, over the last few years, OMB, in partnership with the Congress and the agencies, has worked hard to ensure that the Federal Government has adequate resources to address the Y2K challenge. The President's fiscal year 1999 budget requested approximately $1.1 billion in appropriations for Y2K, and also included an allowance of $3.25 billion to cover emerging and potential costs for Bosnia, natural disasters, and Y2K. In September 1998, consistent with Senate action to that point, the Administration formally requested an emergency supplemental appropriation of $3.25 billion for Y2K. The Omnibus Consolidated and Emergency Supplemental Appropriations Act for fiscal year 1999 (P.L. 105-277) included contingent emergency funding for Y2K computer conversion activities: $2.25 billion for non-defense activities and $1.1 billion for defense-related activities. P.L. 105-277 makes the Director of the Office of Management and Budget responsible for allocating non-defense funding, and the Secretary of Defense responsible for allocating defense-related funds.
In order to determine how to best allocate all available non-defense funding for Y2K -- both base appropriations and emergency funding -- OMB has worked with agencies to evaluate Y2K requirements. First, OMB made certain that agencies received funding for activities that were requested in the President's fiscal year 1999 Budget, but that Congress directed be funded from the Y2K contingent emergency reserve. These activities totaled approximately $590 million.
Then, to determine which requirements should be addressed with emergency funding, OMB has reviewed agency requests on an as-needed basis and made recommendations regarding which activities were to be funded at a given time. To date, OMB has approved the release of $1.2 billion in emergency funding for unforeseen Y2K-related requirements. In total, $1.8 billion has been allocated in six separate emergency releases, with $14 million being returned to the emergency fund pursuant to a Congressional request. Therefore, $505 million remains available for non-defense agencies to address emerging requirements. The Department of Defense has allocated $935 million of the $1.1 billion made available for defense-related activities, and $135 million (15 percent) remains in reserve for contingent needs.
Additional transfers from the contingent emergency reserve will be made as needs are identified to ensure that all agencies have sufficient resources to achieve Y2K compliance, complete contingency planning, and execute those plans where necessary. OMB has notified agencies that, as they identify unforeseen funding requirements, they should forward these requirements to OMB for evaluation.
The most recent allocation of Y2K emergency funding, transmitted on April 2, 1999, provides a total of $199 million to 20 Federal agencies. Fourteen of these agencies have received emergency funding in earlier allocations. Funds will be used for various Y2K compliance activities, including testing to ensure that systems are Y2K compliant, replacement of embedded computer chips, creation and verification of continuity of operations and contingency plans, and cooperative activities with non-Federal entities in support of the President's Council on Year 2000 Conversion.
Agencies have benefited greatly from access to emergency funds, and much of their progress can be credited to this. Continued access to emergency funding is essential to continued progress on the Y2K problem. However, the Senate version of the FY 1999 Emergency Supplemental Appropriations Bill would reduce the non-defense Y2K emergency fund by $973 million. I urge the conferees to strike this reduction, which is unwise at this time. Not only would it eliminate the remaining balance in the emergency fund, but it would also force agencies to stop planned and ongoing procurements for Y2K-related activities. It would also force agencies to terminate contracts, where this can be done without penalty, in order to recapture the remaining $468 million.
In sum, resources must remain available for agencies to carry out aggressive strategies to achieve compliance and to develop and implement contingency plans that will ensure uninterrupted operations and service delivery. In recent months, the pace towards achieving government wide compliance has quickened considerably. Much of this improvement can be attributed to the emergency fund, which has ensured that adequate resources remain available to agencies as they develop and refine effective strategies for achieving full Y2K compliance. With the year 2000 approaching, we should be building on our success, not taking steps that could undermine it.
In conclusion, during the 262 days remaining before the year 2000, we plan to:
- Complete work on remaining mission critical systems and on other Federal systems.
- Conduct end-to-end testing with the States and other key partners, placing special emphasis on ensuring the readiness of programs that have a direct and immediate impact on public health, safety, and well-being.
- Complete and test business continuity and contingency plans as insurance against any disruptions related to Y2K failures.
Thank you for the opportunity to allow me to share information with you on the Administration's progress. OMB remains committed to working with the Committee and Congress on this critical issue. I would be pleased to answer any questions you may have.