The ticking of the millennium bomb is increasing in volume - yet awareness of the problem is percolating too slowly into the consciousness of Australia's business community The millennium bomb - slang for the ubiquitous year 2000 date conversion problem - is (as stated in IT Casebook's June 1996 edition) one of the biggest issues facing business this decade. The problem extends from major data processing applications to building automation such as lifts and security systems and PABXs.
Australia's largest institutions - in government and key sectors such as finance and telecommunications - are spending hundreds of millions of dollars just to ensure they remain operational in the new decade. Senior executives from large players in each sector are unanimous in confidently predicting completion of their own projects prior to the 1 January 2000 deadline.
However, the executives are just as unanimous in bemoaning the lack of awareness of the problem throughout the small-to-medium sized business sector.
Lindy Bryant, Y2000 coordinator for the Commonwealth's Office of Government Information Technology (OGIT), does not mince words about the scale of the problem.
"I find that people's attitude to this problem varies from outright denial or viewing it as an 'urban myth', to a dramatic change or dislocation in the world as we know it.
"Let me reiterate [that] this is a huge business problem affecting all industry sectors, who, unless they are planning for and implementing a year 2000 compliance strategy as we speak, may not solve the problem, thereby putting their entire business at risk.
"If enough industry sectors ignore the problem or don't take it seriously enough, there is the potential for market forces to be massively dislocated and the health of the economy to be at risk."The threat posed by lack of awareness throughout small to medium businesses in Australia is not confined to those businesses - instead, the problem has the potential to impact on other companies linked in some way to the crippled company's system. The potential problem is such that large companies are liaising over the development of an education strategy to maximise awareness about the issue in 1997.
According to Negba Weiss-Dolev, Telstra's Y2000 program director, "1997 will be the year of growing awareness with small and medium-sized companies. Often we'll be the first company approaching them [to discuss the millennium bomb issue].
"We're planning to link with the banking sector, including the National Australia Bank, the Commonwealth Bank and the ANZ Bank - and participated in the establishment of a network with a shared interest."Weiss-Dolev says the telecommunications carrier planned initially to ensure all customers were aware of the issue before identifying and dealing with the problem in individual market sectors. Individual account executives and business units would speak directly to key clients and analyse the impact of the problem on the telecommunications network.
Weiss-Dolev is blunt about the telecommunications provider's approach to those companies who refuse to participate in the identification and resolution of a Y2000 problem with the potential to impact on the provider's networks.
"We will not be presuming to tell them how to run their businesses, but we have an obligation to stay operational through 2000," she says.
While insisting Telstra intends to adopt a 'handshake' approach in dealing with customers with date conversion projects - "we'll be ensuring that our customers stay operational from a telecommunications point of view and we'll ensure that no customer brings down other customers" - Weiss-Dolev is adamant customers must meet their side of the bargain.
"Telstra will be saying to companies: 'Here are some of the things you'll need to do if you plan to continue using telecommunications services.'""Telstra's own network contingencies and fallbacks will be sufficient to protect the network from a renegade client; we treat customer nodes as a network point that can be bypassed.
"The overriding thing is to ensure the telecommunications network is up."Weiss-Dolev says she expects to deliver an undertaking to competitors on Y2000 compliance and anticipated an equivalent response.
Hadyn Park, the NAB's group media and public relations manager, also expresses concern about the scale of the millennium bomb issue.
"The problem needs to have a lot more airplay [in the general as well as specialist media] and awareness raised."The ramifications of the millennium bomb are also likely to extend to the issue of liability.
Mark Feetham, a senior technology partner with solicitors Middletons, Moore and Bevins, argues that the issue imposes significant obligations on company directors. "A director will not escape liability merely by fully delegating management of the year 2000 problem to IT experts," he told a recent conference.
"There must be a business plan formulated, adequate budgeting developed having regard to the scope of the project and regular communications with the responsible work group. . . It would [also] be prudent for directors to include in their annual reports: 1/. Information that the company's computer systems will or will not require significant overhaul in order to avoid disruption to the company's business in the year 2000; 2/. The nature and extent of the projected cost which the company may need to incur to alleviate any year 2000 problem and what other resources will need to be allocated to the problem; and 3/. Disclosure of any material risk that the company's systems cannot be replaced or modified to avoid the adverse effect of the year 2000 problem on the company's operations and business.
Feetham also indicates the issue could generate "significant exposure" to claims made by customers and end users. These are: Companies which use year 2000-susceptible software in order to produce products and services are potentially liable to customers and end users for the failure to supply those products and services or the supply of defective products and services.
"If, for example, software used in transport or medical applications fails due to a year 2000 problem, the supplier of the software would potentially be liable for any death or injury to persons which occurred." Licensors who have supplied year 2000-susceptible software are potentially liable to their licensees; Software maintainers are potentially liable to their customers to resolve any year 2000 software which they have contracted to maintain; Consultants, especially those who have advised on the purchase of software or systems acquisition (particularly in recent times), are potentially liable to their clients if their clients succumb to a year 2000 problem; and Outsourcers and bureau processing operators are potentially liable to their clients for any defects in their data processing which arises from software used by them which is not year 2000-compliant.
Feetham notes that the year 2000 problem is "already here", with applications for an unnamed airline frequent flier program rumoured to have crashed when calculating dates five years in advance. However, Australia's largest companies and government agencies are significantly advanced in their millennium bomb projects.
To clarify the pervasiveness of the problem for Commonwealth agencies, OGIT's Bryant cites a list of vulnerable functions compiled by the Queensland Government. These functions included such vital areas as revenue collection, financial management, law and order, issuing of licences and permits, social services, human resource management, land management, government administration and communications and defence systems.
In a recent speech to government agency representatives, Bryant argued that "the preferred objective" for government departments is "to have finished implementing changes and testing before June 1998 so [departments] can test for a full financial year . . .
"To meet these deadlines, the analysis phase of the project - initial impact assessment, inventory of all applications, identifying mission-critical systems and prioritising - should have begun in earnest (and preferably be finished) by the end of 1996."Interestingly, a majority of agencies (29 of 43) supported the establishment of a panel of "approved" suppliers of Y2000 services. Two-thirds of government agencies had contacted their current vendors requesting them to comment on or guarantee the Y2000 compliance of their current products.
Bryant could not comment on the exact cost per line of code for Commonwealth agencies to rectify the problem.
"Cost per line of code seems to be dependent on when the work was completed, but is very difficult to calculate at this stage as it is included with general upgrading and development".
According to Bryant, "many departments do not agree with the media hype and large costs being quoted in the media.
"My observation is that resolving this issue may be extremely expensive for financial institutions such as banks and insurance companies who rely heavily on date data and I am not suggesting that it won't be a significant cost to Commonwealth agencies, but may not be as much as is being suggested in the media."Weiss-Dolev refused to comment on the cost of Telstra's millennium bomb project. However, reports indicate a contract with a consortium headed by Hitachi Data Systems (HDS) to research the scale of the project is initially worth about $10 million and could potentially generate $500 million.
Telstra's computer systems include around 50 million lines of programming code in a variety of languages, including COBOL, RPG and assembler. The HDS-led consortium is expected to start the scoping exercise next month and has until the close of the decade to complete the project. However, the code rewrite is expected to be completed by the start of 1999.
In an interview prior to the announcement of the contract and associated time frames, Telstra's general manager, IT strategy and direction, Gary Martin, said the carrier planned to focus on mission-critical and customer-service applications as top priority, followed by internal and local applications. He said the internal applications were expected to be converted by 1999 while some isolated low-level applications would not be converted until after the 1 January 2000 deadline.
Weiss-Dolev says Telstra had "started negotiations with a number of vendors within the last 12 months about [implementing] a Y2000 compliant version of software.
"Some things we'll expect vendors to carry - some not."She notes that, for a large number of business applications, the critical date falls well before 1 January 2000 - "six months before 2000 is critical for financial year applications and there are also some two-year rolling applications".
The NAB's Y2000 project is of a similar scale, with an impact analysis project also encompassing more than 50 million lines of code now under way. The analysis and conversion stage of the project, utilising the Via/Alliance and other tools from the Y2000 application tool set specialist Viasoft, is likely to be completed in about 18 months and trialling is likely to continue for a further 12 months. The bank has already taken some corrective action in relation to date conversion, particularly relating to medium to long term loans.
The millennium bomb is, in short, one of the greatest threats facing businesses in the lead-up to the close of the decade. While large corporations in key sectors and government agencies are investing hundreds of millions of dollars in diffusing the bomb, small-to-medium-sized businesses are often still unaware the problem exists.
Only a concentrated educational campaign and a responsible attitude from all parties involved - corporations, vendors and government agencies among them - can avoid severe disruption in the coming two-to-three years.
(See related story - Looking for converts)
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.