Chaim Yudkowsky, CPA, CITP, CGMA - Byte of Success More extensive Y2K based training focused on the challenges of the time for small and midsized business preparedness technologically. Also, interesting historically based on what actually happened. Delivered in many settings over about 18 months.

1. Year 2000Year 2000
A Reality Check and GameA Reality Check and Game
PlanPlan
presented bypresented by
Chaim Yudkowsky, CPAChaim Yudkowsky, CPA
410-296-6300 www.gnco.com www.byteofadvice.com
December 1, 1998 - Only 396 days!

4. Ed Yardeni
(Chief economist for Deutsche Morgan Grenfell)
“The recession odds are now up
60% because of millennial computer
failures. And there is even a chance
of a depression. . . I am a Y2K
alarmist.”

5. Singer Pat Boone
“I want to help bring Y2K to the
family dinner table”
Spokesperson of the Year 2000
National Educational Task Force

6. Who are you?
Who are you auditing?
Domestic or international?
PCs or mainframes?
Department
– Aviation MVA
– Port State Highway
– Mass transit Other

7. What do expect to learn today?

8. The schedule
Overview
Description of the problem
Y2K Statistics, risks, and myths
Defining compliance
Break (10-15 minutes)
Plan of attack
Break (10-15 minutes)
Legal & Y2K
Legislative and Y2K
Case study (time permitting)

9. The calendar
December 31, 1999 - Friday
January 1, 2000 - Saturday
January 2, 2000 - Sunday
January 3, 2000 - Monday

10. The Millenium Bug?
One problem or many?
Storage
Data entry
Interpretation

11. Dates and more dates
Problem: 00 instead of 0000
Leap Year thing
– The Gregorian calendar (1582)
The 1999 thing
– 4/9/99 (Julian calendar)
– 4/21/99
– 9/9/99
The 2000 thing

12. Dates and more dates
Two web sites for testing methodologies with
long lists of dates.
www.fdic.gov/banknews/fils/1998/fil9838b.
html
www.mardon-y2k.com

13. The Y10K problem
400 Generations
Windows 98 may be fixed by then
Fewer than 2,922,400 days!
Almost 8,000 years of experience!

14. Year 2000 statistics - Overall
Loss of economic output (1998-2001): $119 billion
Cost of repair in the U.S.: $500 billion (equal to
cost of Vietnam War)
U.S. economic growth rate decrease in 1999: 0.3%
Number of person years to fix and test: 700,000
Number of pre-1997 PCs unable to handle: 97%
Number of vacancies for computer scientists and
programmers: 350,000

15. Year 2000 statistics - Government &
Corp.
Cost to fix the IRS’ problem: $1 billion and
in Aug 1998 only 44% complete
Earliest year for readiness by the Dept. of
Defense’s critical systems: 2012
Of America’s largest companies:
– <33% considered impact
– 20% done anything
– 7% have problems now

16. Small business
(under 100 people)
Number estimated to fail because of
problem - 7%
Estimated number aware of problem:
80%
Estimated number planning to address:
<50%

17. Y2K in the recent news
USA Today (11/13) - US Reaches Out to Avert
Y2K-Induced Nuclear War
CNNfn (10/28) - The Newest Year 2000
Problem is the Media
– Only 2 out of 10 Northeast power utilities have
made public statements
News.com (11/20) - “Of those surveyed, 16%
reported that they have already deployed Y2K
remedial programs.”

18. Y2K in the recent news
News.com (11/13) - Bennett: SEC should
report on Y2K filings
News.com (11/20) - “23 states are still
planning their Year 2000 strategies . . .”
News.com (11/24) - Government scores
“D” on Y2K readiness
The Sun (11/23) - Year 2000 threat not as
serious as feared

19. Experiences - Real life
10,000 medical bills (1972)
Invitation to school (1988)
Emergency room abnormal blood count (1989)
Swedish food wholesaler
Golf
Power outages - 1984 (Oregon)
September 17, 1991 - brown out + telephone
outage and airports

20. Videotape break
December 31, 1999 @ 11:59 p.m.

22. Discussion of potential risks to
your constituencies

23. What is the risk to you?
Systems that you control
Systems that you rely on, but do not control

24. Example risk areas
Information systems
Manufacturing control systems
Facilities
Supplier / customer chain
Transportation
Power grid / electric continuity
Communication networks
– don’t forget e-mail

25. Discussion of transportation
system risks
Embedded chips
Power and telecommunications reliance
Congressional hearings and readiness

26. Building control systems
Mechanical
Electrical
Utility monitoring
Fire / life safety
Vertical transportation
Security
Building automation
Leak detection

27. Building control concerns
Access system failure
Preventative maintenance shutdown
Energy management system malfunction
Time / date logs not functioning

28. Hardware and software
Hardware and the microchip
(embedded systems)
– Real-time clocks (RTC) & NT 4.0
Software
– Quicken
– even the Mac
Networking
– Network operating systems

29. 4/21/99 - GPS Rollover
Devices emit erroneous data or shut down
Digital cell phones
Factory machines
Landing and navigational data for aircraft
and ground transportation (containers and
trucks)
Customer power allotments

30. The myths - Part I
A silver bullet exists
It’s just a mainframe problem
It’s just a software application problem
It’s just a COBOL problem
If your application is compliant - no need to
worry
A fixed system will not have problems

31. The myths - Part II
No one outside cares
No need to discuss this issue with an attorney
It’s not your responsibility - it’s your business
advisor’s
There’s plenty of time
January 1, 2000 (or 3) will be an ordinary day
The problem will not begin until 1/1/00

32. Compliance
Many definitions
Many nomenclatures to avoid compliance
terminology
– certification
– conformity
– approved
– tested

33. Definition of compliance (1)
Technology . . . when used in accordance with its associated
documentation, is capable of accurately processing, providing, and/or
receiving, data from, into and between the twentieth and twenty-first
centuries, and the years 1999 and 2000, including leap year
calculations; provided all other technology used in combination with
said technology properly exchanges the date data with it. The
technology itself must independently meet these requirements and the
interfaces when it exchanges date data, must properly exchange date
data as defined herein.
Institute of Electrical and Electronics
Engineers Inc. (IEEE)

34. Definition of conformity (2)
Year 2000 conformity shall mean that neither
performance nor functionality is affected by
dates prior to, during, and after the year 2000.
UK’s IT Association

35. Microsoft definitions
Compliant
– May have prerequisite patch or service pack for
compliance
Compliant with minor issues
– . . . with some disclosed exceptions that
constitute minor date issues

37. Data Storage and Interpretation
Solutions
Four position century
Key date
Windowing
Sliding date / encapsulation (28 year cycle)
Date compression

38. What must be done
Have a written plan
Develop a schedule
Identify who is responsible for what
Communicate with customers and vendors
– You must know who they are

39. Elements of the plan - Part 1
Awareness
– get everyone’s attention
– do not blame the IT people
– compliance vs. triage and contingency planning
Designate someone - single point of contact
– Strong institutional knowledge
– Authority from the top

40. Elements of the plan - Part 2
Assessment
– inventory of all technology including
embedded systems
– identify priority
– contact vendors
– need proper source code for software
– ownership of software

41. Elements of the plan - Part 3
Contact vendors / publishers / manufacturers
Renovation
Validation and testing
– most expensive phase / methodology
– refer to web sites mentioned earlier
– test prototype - not real data
– for critical systems test even with letters

42. Elements of a plan - Part 4
Implementation of renovated systems
– include a strategy for retrieval of data from
retired systems
– frequent monitoring and reviewing if any new
areas must be addressed

43. Elements of the plan - Part 5
Anticipate contingencies
Communicate
– internally
– externally???
Prayer!

45. Videotape break
Enterprise risk and contingency
planning video

46. To do - Remediation
Upgrade off-the-shelf where appropriate
Replace where appropriate
Hire programmers / consultants where appropriate
– accountability and project management
– outsource vs. use your staff
– managing external vendors
Mitigate your risk relating to suppliers and service
providers

47. To do - Things to think about
Consider business interruption insurance
Exclusions in policies effective April 1,
1998
Contingency planning and triage

48. What is going on? - Disclosure
AICPA recommendations for disclosure
Year 2000 and Congress for public
companies
SEC requirements for disclosure for public
companies
– August 4, 1998 (10K disclosures)
Banks
Should you answer compliance letters?

49. What is going on? - Other
Being forced by the consultant - liability insurance
underwriting
Not enough people
Whole industry of topical magazines and Web sites
Year 2000 warranties
Statements of Year 2000 compliance
Special Y2K lending by banks
Accounting for costs in fixing the problem - expensed
International fixes - E.U. (January 1, 1999)

50. Auditor questions
Is there a Y2K plan?
Is it reasonable and attainable?
Will there be economic impact on the
client?
Does the company have adequate
resources?
How vulnerable is the physical plant?

51. Joke
After January 1, 2000, what will all the
Y2K experts be doing?
Lloyd’s of London estimates a $1 trillion
litigation potential!

52. Litigation against whom?
Software vendors
Corporate directors and officers
Year 2000 consultants
Breach of contract - down and up
Liability against anyone

53. Basis for litigation
Business interruption
Software licensing disputes
Negligence
Product warranty - warranty
of merchantability
Breach of express warranty
Breach of implied warranty
Deceptive trade practices

54. Litigation
Produce Palace International v. TecAmerica Corp.
(POS) - product defect
Atlaz International v. SBT (accounting sw)
Symantec Antivirus
States suing industry (North Carolina)
Anderson Consulting v. J. Baker., Inc.
Issokson v. Intuit

55. Other legal issues
State and federal legislation
Statute of limitations
Reasonably how far back can it reach

56. Legislation
Limiting liability
– Nevada, Florida, Georgia, Hawaii, Virginia
December 3 - Deadline for retroactive
liability protection
Other

57. Year 2000 Information and
Readiness Disclosure Act
Signed October 19, 1998
Retroactive protections to January 1, 1996
(December 3, 1998)
“Year 2000 Readiness Disclosure”
Immunity for non-fraudulent statements
Limited anti-trust exemptions
New written policies

59. Other impact
M & A
– Corestates Bank
Closing down

60. Resources - On the web and off
Attachments
Books
Transportation specific
Other

62. Top 11 reasons to do nothing
(11 - 7)
You are waiting to see what happens that first morning in
Australia and will then respond if it is a problem.
You’re planning to retire next year.
You want to surprise the stockholders.
January 1, 2000 falls on a Saturday - you’ll have lots of
time over the weekend.
Government will pass legislation to roll back the clock to
1900.

63. Top 11 reasons to do nothing
(6 - 1)
You don’t have a budget.
You believe in the Tooth Fairy.
Bill Gates will solve it.
Nostradamus never mentioned this problem.
Your multimillion-dollar company doesn’t rely on
computers.
You’re already in Chapter 11.

64. Case study discussion
BWI Airport
– How would you inform management about
what needs to be done?
– What are the things that can go wrong?
– How would you do (task descriptions)?
– What priorities would you give?
– What would be some of your contingency
plans?

65. Video short

66. Remember . . .
1. Do something now.
2. Avoid analysis paralysis.
3. Expect for the week of January 1,
2000 to be busy.
4. “There will be plenty of work after
January 1.”

67. Questions?