So your company or organization came late to the Y2K party. After assessing the problem, you realize its too late to fix all business and factory systems to be Year 2000 compliant before the big ball makes its descent in Times Square 18 months from now. And theres a strong likelihood some of your suppliers wont make it in time, either. What can you do? Welcome to the secretive -- and sometimes frightening -- world of contingency planning for Y2K. How to keep the business running in the face of a catastrophic systems failure is not a subject executives are willing to discuss openly the way they would their golf handicap, or Mark McGwires home run total, or even last quarters sales. In fact, though, few companies have any backup plan to lower the lifeboats to help them ride out a worst-case scenario -- the sinking of a mission-critical system as a result of a Year 2000-driven torpedo. According to a December 1997 survey of 128 large industrial firms by Cap Gemini America, 60% were doing contingency planning to handle millennium-change snafus, but only 3% had a plan in place. "A lot of companies are not doing anything, and some are in the process of doing contingency planning, but not many have a real plan," says Jim Woodward, senior vice president at Cap Gemini Americas TransMillennium Services group in New York and a leading Y2K expert. The consulting firm has seen little interest from business in its contingency-planning service for Y2K. The reason, believes Woodward, is a level of unrealistic optimism over the potential impact of Y2K and companies ability to handle it in time. If you believe it, everyone thinks theyre going to have everything fixed to handle a four-digit year well ahead of time. "No one believes their mission-critical systems are going to fail," Woodward adds with a note of skepticism. If hes skeptical, its because this apparent level of complacency flies in the face of mounting evidence that businesses already are starting to take some hits from Y2K-related systems failures. In a March 1998 survey, Cap Gemini found that 37% of companies had experienced a Year 2000-caused glitch. One possible reason companies tend to shy away from discussing their backup plans may be simply fear of negative publicity should the word leak out that they are -- or arent -- preparing for the worst. "Companies dont want to admit theyre not doing anything," says Woodward. "[On the other hand] they are concerned about what their customers and shareholders might think if they knew they were [doing] contingency planning." Still another possibility is that executives at some firms -- skeptical of all the technology theyve accumulated at great expense over the years -- feel that it may not be as essential to the functioning of the enterprise as theyve been told. "Ive heard some executives say they think the Year-2000 problem will help weed out unnecessary systems," says John Gibbons, codirector of information-technology solutions at Deloitte Consulting LLC. "So if it falls out and the business isnt affected, they can just shut those systems down and not worry about it." Auto-industry effort But some manufacturers are quietly facing up to the near impossibility of total compliance. They are focusing on fixing potential problems with critical business systems and on ensuring that they have a backup plan in case something goes awry. "We never set our goal to fix all the deficiencies," says Clif Triplett, product-process manager for Y2K at General Motors Corp. "With some machines, the date change will have no effect. Where the impact will not affect production, were not going to touch it in the first wave. But if its something where materials stop flowing, thats critical." GM also is working closely with some 40,000 suppliers that it considers critical to its own success to ensure that they perform a self-assessment of the problem and take similar actions to correct it. GM is sharing the task of ensuring supplier compliance with Chrysler Corp. and Ford Motor Co. "That lowers the shared risk and shared investment," Triplett says. Through the Automotive Industry Action Group, a trade organization, the automakers not only are pressuring suppliers to get their systems ready, theyre telling them that if they dont, they wont continue as suppliers. "We see many companies threatening loss of business if their suppliers dont have compliance," Woodward says. One firm, Libbey Inc., a glass tableware manufacturer in Toledo, Ohio, is setting up a list of backup suppliers that are "low-tech" and would be able to supply it with materials to keep operating. Chrysler is demanding contingency plans by this September from the 10% of its suppliers that it considers at high-risk for Y2K difficulties. "The last thing we want to have happen is to have to execute a contingency plan," says Robert Buck, manager of the Y2K effort at Chrysler. "But if we have to bank parts, we will. If you think there is going to be a problem, its better to plan for it now." Chryslers business systems were 82% Y2K compliant as of the end of May, when its dealers systems were 72% compliant. Chrysler believes it is well ahead of most companies in its Y2K effort because it started earlier. In late 1995 it began tackling the four-digit year problem. But like many other manufacturers, it didnt realize the extent of the millennium fallout on factory-floor systems until about a year ago. A contingency plan can take a variety of shapes. For some firms, it may require assessing how vital functions can be performed manually and determining the staffing. "It means taking a business process out of its technological dependence and running it with human beings," says Woodward. But it also could entail taking more strategic steps, such as outsourcing an entire operation or, for that matter, selling off an entire division or unit that isnt likely to be ready in time. "Businesses may have to go back to manual processing while they stop their systems and put in a quick fix until they can get some replacement systems," observes Deloittes Gibbons. "Quite a few companies have no idea of the impact such a failure would have on their supply chain or their customers. For instance, if the government cant cut checks, it could put some companies in dire financial straits." Gibbons says some companies are copying all their customer and product records and other essential files into a data warehouse as a precautionary measure against Y2K woes. "A lot of people are dropping data into their data warehouses, building a reference file," he says. "The idea is that at least they can go back to get the information they need before they had a problem." For many companies a backup plan that depends on manual operations simply is not feasible. At Bank of America, for example, the nightly processing of more than 15 million checks couldnt be done without mainframe computers. Bank of America, based in San Francisco, is so serious about getting its Y2K shop in order that the bank is offering the 1,000 employees working full-time on the project $80 million in incentives to keep them from leaving until its finished. "We are about 60% done right now," says a spokesperson. "Well know better later this year if we need to consider setting up any contingency plan." Feds foot-dragging? Government agencies seem to be especially in need of contingency plans. According to a pair of scathing reports this year by the U.S. General Accounting Office (GAO), both the Federal Deposit Insurance Corp. (FDIC) and the Federal Aviation Administration (FAA) not only are woefully behind in their remediation efforts, but have done little to establish backup plans in case their systems fail. "There are several levels of contingency planning the FDIC needs to be on top of, including their own internal systems as well as contingency plans of the individual financial institutions," says Jack L. Brock Jr., director of government-wide and defense-information systems at the GAO. The nations banks, he says, must make sure they have enough cash on hand if ATM networks fail. "If the ATMs go out, do they have a plan in place to hire extra tellers? What happens if your check-processing system does go out? The question is, are the banks able to carry over until their systems work again?" he asks. "With the FDIC, what we are really concerned about is the continuity of operations, so that banks can still run, even if theyre using a manual system." At the end of the day, though, with thousands of member banks, the FDIC is likely to have problems, says Brock. He adds that banks also must be concerned about the systems of their customers -- people who owe them money. "In some respects, banks are no different than an auto manufacturer, concerned about the systems of their suppliers. You begin to see how the whole economy is interconnected." The GAO says some potential fallout from computer problems in the banking industry are financial liability and loss of customer confidence, as well as possible malfunctions of telephone systems, vaults, security and alarm systems, elevators, and fax machines. If that sounds scary, things are reported to be even more frightening at the FAA, the federal agency whose air traffic controllers are responsible for safety in the skies. The GAO has begun a separate review of the FAAs plans "for ensuring business continuity should its systems not be replaced, renovated, or working correctly in time for the year 2000," according to Joel Willemssen, director of the GAOs Civil Agencies Information Systems unit. In a report issued in January, the GAO found that the "FAAs progress in making its systems ready for the year 2000 has been too slow. At its current pace it will not make it in time." FAA officials disagree with the GAOs claim that the agency is behind vis--vis the millennium crisis. "A Year 2000 contingency plan is being worked on and will be released in August," says a spokesperson. "The entire FAA air-traffic-control system is based on contingency. There are always backups to the system." Then he added, "These systems are hugely dependent on computers -- virtually the whole system is computer-based." The agency "will have all lines of [software] code fixed by Sept. 30," he says. Ever the governmental watchdog, the GAO issued a document in March urging federal agencies to adopt a business-continuity plan for 2000 that includes:
- Setting up a continuity project team.
- Assessing the potential impact of key system failures.
- Identifying contingency plans.
- Assigning a business-resumption team for each core business process.
- Testing contingency plans and procedures.