Tom Mannix never wants to live through something like Y2K again. Dealing with line after line of undocumented code gave the director of The Guardian's year 2000 project a new religion: From this day forward, no one - absolutely, no one - will be able to upgrade or alter an application at The Guardian Life Insurance Company of America without documenting what he or she did and why.
In the understaffed, overworked world of IT, new systems are needed long before the IT staff can implement them. When they are finally rolled out, it's often a quick-and-dirty deployment. No time to document the change or communicate it to others. At New York City-based Guardian, Mannix and his team encountered the fallout from this situation frequently. IT staffers were not notifying colleagues when applications and services were changed, says Mannix, the director of corporate online systems. "Our support centre would get a call saying that something that worked yesterday wasn't working today." Y2K was not only a wake-up call for Mannix, it was an unprecedented opportunity to lay the groundwork for a new era of organised growth.
Y2K is the biggest project, both in scope and cost, that CIOs have ever had to tackle. But even a cloud this dreary has a silver lining. For all its attendant aggravation, Y2K brought unexpected advantages to CIOs. It has given IT a higher profile within executive management; a host of new systems, skills and proficiencies; and an opportunity to make a fresh start. Smart CIOs are using what they learned from Y2K as a launchpad for more efficient operations - essentially transforming a catastrophe into an epiphany.
Lesson 1 Managing Source Code
What complicated remediation for a lot of CIOs was years of accumulated spaghetti code. Encountering code that had been jigged and updated and patched so many times, no one knew how one Y2K-related change would affect a previously smooth process.
Although many CIOs chuckle at the suggestion that companies are starting 2000 with clean code, others have been carefully inserting documentation into their renovated code so that the next programmer will always be able to go back and look at what their predecessors did. And like Mannix, they're insisting on better source-code management so that the next time there's a grand remediation (think euro or GST), it won't be like walking into a jungle without a machete.
After remediating its systems, Guardian's Y2K project team implemented an enterprisewide cross-reference database from Illinois-based Effectek Consulting Corporation for all the company's systems and applications. Every upgrade and change now has to go through Change Man, a change-management tool from Serena Software, before it can go into production. The source code, the object code and all the infrastructure requirements are carefully documented, and then Change Man notifies the database staff of the update. In addition, Mannix and his group can now model changes prior to an actual upgrade to see what the impact would be across the company, a move that is likely to short-circuit many a panicked call to technical support.
Lesson 2 Managing Inventory and assets
An apocryphal story: when calculating its Y2K remediation schedule, one major corporation estimated it had 50,000 PCs; imagine the CIO's surprise when an inventory revealed it actually had 75,000. Wading into the Y2K waters, many CIOs discovered they had no idea either what systems the company had or what applications were running on them. "Getting our arms around the number of different applications and PCs and creating a plan was difficult," recalls George Boersma, CIO for the state of Michigan in Lansing. It wasn't something that the IT group was used to doing, simply because nobody had ever thought that it was important.
Boersma's group does it now. As the Michigan IT group moves forward with e-commerce initiatives, they find that the new applications involve integrating data from many more systems than previous projects did. Having the inventory allows the group to map out the different systems that are involved and accommodate them. Each of the 19 state agencies now have an inventory of all their applications. Because the IT group will have a better sense at the outset of how much integration is necessary, Boersma anticipates projects will run more smoothly with fewer surprises.
In addition to the organisational benefits, asset tracking enables smarter investment decisions. At New Jersey-based AlliedSignal, Y2K remediation included a portfolio management program (from DMR Consulting Group) to track hardware and application assets. Its continued use allows the IT group not only to understand what kinds of systems they currently support, their age and origin, but also to enable usage of those systems across the enterprise to maximise their value. According to Jack Arnold, AlliedSignal's vice president of systems transition, different business units now share compatible systems. Before the program was implemented, the company had no idea how to orchestrate that type of sharing; the result is lower administration costs and better utilisation of current systems without paying for upgrades or new machines. Arnold is also planning on using its asset inventory system to renegotiate maintenance agreements - because for the first time AlliedSignal has quantitative data on how much equipment is in the company.
Lesson 3 Managing Projects
Project management is not a skill for which IT has historically been famous. However, the size, scope and expense of remediation highlighted the need for project management - tracking progress and resources over time - for many CIOs and their bosses.
In Michigan, CIO Boersma learned that project management works best when the corporate hierarchy isn't constantly derailing the efforts of project leaders. Boersma is quick to caution that business should always be the driver of project work and IT the enabler, but his staff learned through Y2K that there are times when IT work must take precedence in order to achieve a business objective. For the first post-Y2K project, a state-wide HR system, as well as for future IT projects, Boersma is retaining what he calls the "green, yellow, red" traffic-light approach he used in Y2K. A green score indicates a project is on track. A yellow score flags potential problems. A red score means a project is behind, and the executive in charge of that agency and Boersma must hammer out a way to get the project back on schedule.
Boersma notes that this technique keeps executives keenly aware of where they stand with their projects, and the uniform application of this procedure has added credibility to the IT department's efforts. At the same time, based on its success with Y2K, Boersma's staff is developing a consistent methodology for managing large IT projects. It incorporates repeatable best practices, such as the best methods for reporting status, putting together a project plan and designating individual responsibilities.
Lesson 4 Managing Relationships
Y2K unexpectedly exposed IS and business staff to each other's job roles to an unprecedented extent. The experience taught both groups valuable lessons that will make them better partners in the future.
Thomas Roza, change manager at The Gymboree Corporation, the children's clothing retailer in California, says: "Y2K gave us the opportunity to show that we know what we're talking about, and we can find the right business solutions if they give us a chance." Case in point: when Zutopia (a division that makes clothing for children ages 7 to 16) first created an e-commerce site, it did it with very little help from the IT group. When the executives at Zutopia became unhappy with the results, they went to IS for help redesigning the site, something Roza believes would not have happened prior to Y2K.
On the flip side, the IT group gained insight as well. Working on Y2K contingency planning with business folks helped the IT group realise how intertwined the two worlds are. "The Y2K project exposed an absence of a business strategy within the IT group," he says. "In the event there is a disaster of any kind - natural, environmental or economic - what would we do if we couldn't get to the computing facilities? How would we keep the business running?" The IT group has taken this knowledge and used it to institute new fail-over procedures for the processing system as well as to improve a backup system to decrease the amount of downtime.
Even in government organisations made up of discrete agencies, Y2K improved relationships. When Elias Cortez moved from being the CIO of San Bernardino County (California's largest) to being the state CIO in Sacramento, he decided that the only way to conduct an effective state-wide project would be to get rid of the stovepipe structure that had characterised previous large-scale initiatives. Cortez worked with Data Dimensions on risk management issues, and established a state-wide Y2K office to oversee each agency's project. This enabled the state to throw additional manpower at mission-critical elements and coordinate across-the-board contingency plans.
Additionally, Cortez made it a priority to form personal relationships with state government leaders as well as local governments. As IT workers across the state begin to look beyond Y2K, he says, "projects are being looked at from the vision and perspective of an enterprise solution rather than a department solution". For example, the state has established cooperative relationships between the IT data centres in different agencies that allow for the sharing of technical and personnel resources so that the state's most critical projects can be completed in a timely manner. This type of interdepartmental collaboration is largely unprecedented for the state.
Lesson 5 Managing Partners
Y2K strengthened more than internal relationships. Many companies got to know their vendors and partners well - better than they wanted to in some cases.
As the largest payroll operator in the world, Automatic Data Processing faced the daunting Y2K challenge of keeping the pay cheques rolling out to 26 million workers worldwide. In addition, it relies on 630 third-party vendors for over 2000 products; James Kinder, vice president of information technology for the New Jersey company, was adamant about maintaining those relationships even in cases where the vendors were behind on their Y2K projects.
Instead of merely shuttling compliance letters, ADP maintained strong lines of communication with its vendors, to the point of volunteering to act as a guinea pig for alpha versions of remediated software in ADP's own Y2K-ready systems.
Kinder found this mutually beneficial because it broke down barriers and created trust between the companies. ADP's recognition of the symbiotic relationship with its vendors also brought both of the company's Y2K projects closer to successful completion. (One of its vendor's Y2K projects was so far behind that ADP actually took in its code and fixed it.) Now that the company is working with many of the same vendors on the question of euro conversion (the younger sibling of Y2K conversion), Kinder's group finds the relationships a lot smoother.
The Long-Term Payoff
For years, IT has waited for business executives to realise the fundamental importance of technology to business. While it might be Pollyanna-esque to suggest that Y2K drove the point home once and for all, it certainly struck a blow for the cause.
Tom Mannix at Guardian feels that the visibility the Y2K project gave IT is an asset that's going to pay off in the long term. "The new tools, procedures, workflows and controls will help us produce a product quicker, better and more efficiently," he says. "It has finally opened the eyes of business folks to the fact that data processing is the lifeblood of the business." The people who come to Mannix and his group now have a better perception of what data processing can offer, and he is seeing a great deal more working cooperation between the data processing and business lines. We're in it together now," he adds, "as opposed to just being a service that they need."
Not everyone was able to take advantage of Y2K. According to analysts, the fixes caused unexpected problems for some companies. Here are some of the pitfalls that companies have already encountered as well as some that loom on the road ahead.
TOO LITTLE ROI While CIOs can certainly see the value in improved management of skills and inventory, other executives may be far less sanguine about Y2K's return on investment. In response, they may take a harder line on future IT investments. "Y2K was always going to give a pretty low value return for a pretty large investment," says Phil Shipperlee, senior vice president of global sales and marketing for Florida-based IMRglobal. Most executives expected that. IT groups that got a late start on Y2K and did it in a panic are most likely to get little return for their investment and face the most heat from management.
POSTPONING THE INEVITABLE Companies that used patching or windowing techniques to make it through the rollover (to fool the computer into thinking the century hasn't turned) are likely to find that they have only postponed the inevitable. Although windowed dates take systems up to 2029, companies will still be firmly entrenched in their Y2K repair work while their competitors are guiltlessly enjoying the fruits of a successfully completed project.
THE BACKLOG BECKONS Companies have been so entrenched in Y2K remediation for the past few years that there is a backlog of application development projects. As a result, David Taylor, president of Change International, a re-engineering consultancy based in Boston, fears that many IT departments are grossly unprepared to resume business post-Y2K. Complicating the situation, many companies placed a strict embargo on any new development projects between August 1999 and April 2000, and as a result they'll be six to 18 months behind in their development. Companies that focused on Y2K to the exclusion of everything else may find themselves at a competitive disadvantage.
DETOURING THROUGH ERP Few companies invested in ERP solely to solve the Y2K problem, but many saw it as an opportunity to kill two birds with a single stone. IMR's Shipperlee expects these companies will be disappointed by the results. "Many customers we've spoken to are surprised by how much it cost and how long it took," he says. Companies may experience another unpleasant surprise when they find out that maintenance overhead for ERP is pretty much the same as it is for a legacy system, he adds.
SECURITY CONCERNS GartnerGroup recently warned that an electronic theft exceeding $US1 billion could occur by 2004 at a single organisation or company because of "trap doors" left open intentionally by programmers and consultants who had access to sensitive areas in corporate systems during Y2K remediation. These holes can be accessed long after the Y2K deadline has passed. Testifying before a subcommittee in the US House of Representatives, Joseph Pucciarelli, vice president and research director with GartnerGroup, noted: "Given the enormity of the year 2000 remediation process, the scope of the cash flowing through these systems and the resourcefulness of the human mind in finding different ways to steal, a large theft seems much more likely - perhaps even inevitable."
- D Duffy
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.