CIO looks at the 50 states and how they stack up in the race for Y2K complianceA nightmare scenario: The millennium bug bites state and local government institutions so badly that they actually institute a draft, akin to a military draft, of programmers. IS employees are called upon to fight the enemy, leaving CIOs to keep the home fires burning, wondering when life will return to normal.
This vision does not come from having seen Saving Private Ryan too many times.
It comes from Capital One Financial Corp. CIO James Donehey, who's working on a Y2K commission formed by Virginia Gov. James Gilmore. Donehey comes up with this stuff only when his imagination runs amok; in reality, he believes -- as do many of his CIO counterparts in state government-that we'll be seeing glitches, but who knows where or when?If you're a prudent CIO, you're probably testing your remediated applications.
Maybe you're breathing easier as your staff dispatches the snags that are popping up. But no corporation is an island. CIO wants you to know the progress of the states in which you do business so that you can apply it to your contingency planning -- or offer to help. We embarked on an ambitious project to map the Y2K progress of all 50 states.
Although the NASIRE Web site (www.nasire.org) lists such information, we wanted more. Editorial staffers Kathleen Carr, Meridith Levinson, Carol Zarrow and Lynne Zouranjian split up the 50 states and contacted their Y2K project leaders. We also surveyed folks who deal with state government on a regular basis-consultants, vendors, other municipal CIOs-to get a broader view of what you can expect from your state government next year. The upshot is cautious optimism: Steve Kolodney, director of the Washington State Department of Information Services and chair of the NASIRE Y2K Committee, predicts that most of the states will have most of their mission-critical applications remediated in time.
All Over the Map
The survey shows a wide spectrum of results. Alabama reports that it's only 21 percent done, even though it started its remediation in November 1996, but it's also been trying to do the job within each agency's current operating budget.
Several states, including Nebraska, New York and Pennsylvania, report their projects are virtually complete. Not to be Clintonian, but as we were going through the results, the question arose: What's complete? Does it mean assessment? Remediation? Testing? Auditing?Further, even if the majority of the work is done, that still sends up red flags. "A project can be stuck at 70 percent [complete] for a long time before it's declared a failure," laments Bruce Lazenby, vice president of business development at FreeBalance Inc., an Ottawa-based vendor of software targeting the public sector.
Budgeting figures can be misleading too. You might think a state that has budgeted over $US 100 million for remediation is well prepared, but John Kelly, who's spending $US 125 million as CIO for the state of Arizona, warns, "Different states use different definitions of qualified expenses, which makes comparisons among states misleading. Those that have fewer qualified expenses will look like they are not spending sufficient funds. Those that have broad definitions will look like spendthrifts."That explains how five states (Arizona, Illinois, New York, North Carolina and Oregon) have spent over $US 100 million, while California and Texas have spent more than $US 240 million. Georgia, however, is the topper-it has spent $US 152 million and appropriated $US 170 million more. Whether that's related to alleged perfidy among its ranks is anybody's guess.
There was some consistency in the results, however. Like their private sector counterparts, state IT folks fear the things over which they have little or no control-that is, interfaces to other systems and their supply chains. Kelly reports that Arizona gets approximately $US 4 billion from the federal government for state transportation and social services programs (among others), and he's concerned about what will happen if the Treasury department has a Y2K problem. Embedded systems were an equally cited source of concern, simply because what they do and where they are isn't immediately obvious. But when we asked the Y2K project leaders for their advice to citizens, the most common refrain was reassuringly simple: "Don't panic."There are some bright spots. In Pennsylvania, Gov. Tom Ridge chartered former CIO Larry Olson to put together an executive survival guide for both public and private sector executives. Pennsylvania has mailed 52,000 within the state and has been sharing information with as many states as have requested it as well as with counterparts in Belgium, Canada and Singapore. The state also subjects cabinet officers to ongoing report cards on their agencies' progress. In Kansas, Chief Information Technology Officer Don Heiman built a mainframe testing centre that agencies can use to check their applications' compliance.
At the other end of the spectrum, Oklahoma and Wisconsin declined to participate in our survey, despite repeated prodding. We suspect it was not the questions themselves, or even the few minutes it would have taken to fill out the survey-we wonder if these folks simply may not have known where they stood, a disturbing prospect in spring 1999.
A Different Kind of Battleground
Let's face it, though, despite their similarities, the problems facing IT folks in the states are different from those in the private sector. Although many states have CIOs, there are still others where the idea of a centralised IT administration hasn't gained a foothold. In most states and municipalities, individual agencies are fighting the Y2K battle on their own.
The situation is exacerbated by other problems. Agencies frequently fight for their own share of limited funding, so there's little motivation for cooperation. And they frequently make do instead of updating systems. "Overall they have very old systems on older platforms," says Barry Savage, the Austin, Texas-based vice president of conversions and migrations at IT services and consulting firm Computer Technology Associates Inc. "The code base has been maintained for lots and lots of years, and because of the attrition of [those who knew the code best], they don't often know they have problems." In his work with government agencies, Savage says he's encountered systems that are 30 years old. The older a system, the closer to spaghetti its code is likely to be.
To make matters worse, spreadsheets and desktop databases have given users outside the realm of IT the ability to build their own "stealth" applications, which IT is now left to remediate. "Smart users who are business folks, not IT folks, probably don't follow any rigorous standards," says Rick Bailey, director of application development for Health and Human Services, New Hampshire's largest state department. "What starts out as a database turns into a mission-critical application for that office."Finally, at regularly scheduled intervals, the powers that be change. Elections that oust one party and bring in another are roughly akin to a hostile takeover in the private sector-no one feels particularly safe because newly elected officials usually bring in their own teams. In a spectacular case of bad timing, 13 new governors were elected in November 1998, compared with only four in 1996.
What's Really Going to Happen
The consensus is that there will be snarls, and citizens should be prepared for inconveniences . There may be power outages at certain public utilities, which frequently don't come under the IT purview in state government.
Those who rely on the government for social services are the most likely to be immediately affected. Social services departments are high on the list of mission-critical applications -- and not only because they deliver checks to the needy. Imagine what could happen if the third instance of a child abuse report looked like the first because of an incorrect date. For the most part, businesses interact with state government when the latter is licensing or regulating an industry; hence, the effects of problems probably won't be felt immediately.
But if you work with the government frequently, you should also be prepared for residual effects. "Organisations will continue to work on this problem for a long time," says Kolodney from his office in Olympia, Washington. "Many systems are not being fully fixed; they're being windowed. Ultimately, that catches up with you. You're going to have to replace it or fix it again. There will be work quietly going on for a long time."Capital One's Donehey doesn't fore-see a serious economic meltdown. "We should all expect some minor inconveniences," such as late mail and an occasional lapse of phone service but not for protracted periods of time. For businesses, the effect might be increased taxation. "Somebody's going to have to pay for this, either upfront or after the fact," he warns.
Ask yourself this: When there have been technical snafus in your organisation, hasn't your staff been able to handle them before they became embarrassments? The same may be true for the states. Almost everyone agrees there will be glitches but that they will be handled. As Michael Slater, director of IS and communications in West Virginia, notes, "It's a computer problem, and within this industry, we face them and deal with them every day."(Senior Editor Howard Baldwin can be reached at email@example.com.)Gravy Train to GeorgiaA scandal of sex and money rocks one state's Y2K remediation projectSince the Georgia state legislature granted the wishes of its Y2K project team, the state will end up spending more than $US 300 million on its remediation.
That's some $US 50 million more than the Y2K budget of Texas, the state in second place (and $US 50 million is more than some states are spending in total). Is there a connection between this astonishing budget and a flurry of conflict-of-interest charges that have rocked the state government's Department of Administrative Services? Hard to tell.
According to investigative reporter Dale Russell at WAGA-TV, the Fox affiliate in Atlanta, an Oracle Corp. employee named Pam Davis sold the state $US 7.8 million worth of software database tools for the Department of Human Resources to keep track of the state's welfare programs. Oddly enough, there were no competitive bids, something most public agencies require, and the state bought enough software for 28,000 users, even though the DHR has only 14,500 computers. Not long after, Davis jumped from Oracle to PeopleSoft Inc. and sold the state that company's software for its Y2K remediation efforts and enterprise resource planning at a cost of several million. Davis sure sounds like an enterprising saleswoman, but there's at least one state employee who was involved in both purchases: Paul Mason, technology director for the Department of Administrative Services, who was romantically involved with Davis and is now her fiancé.
Although state executives have said that no one person can authorise such a large purchase, Russell also revealed that Mason's boss, Dotty Roach, commissioner of the Department of Administrative Services, is a close friend of Davis. Russell's broadcast sparked an inquiry by the Georgia Bureau of Investigation, which is still underway. Mike Hale, CIO of the state of Georgia, says dismissively, "The investigation has had little impact on our Y2K efforts.
We have a new governor [Roy Barnes] who is emphasising competitive bids, and that's part of the guidance that I'm acting on."Dark CityMunicipal mishaps may threaten even the best-laid Y2K plansI bought a wall safe because what I hear from government organisations is starting to scare me," reports David Barber, president and CEO of Ocala, Fla.-based Imagination Technology Solutions Inc., a reseller of Y2K software.
Why is Barber nervous? Because the majority of his clients are municipal government agencies, and he's seeing less planning and remediation there than anywhere else. He blames the "culture of civil service. They're not communicating with each other. I think they're afraid to. Everyone's holding cards close to the chest, afraid of losing their jobs. But if you're the sheriff's office and you can't do payroll or keep track of your release records, how hard you tried isn't going to matter."Inside the agencies, when he makes a presentation, the behaviour is typical, he says. "Initially, they're argumentative and defensive." Frequently clients insist that because they've bought new PCs, they're compliant. Then his prospects want to roll back the clocks on their computers and forgo using the date. Barber reminds them that you can't have official correspondence without a proper date. "When I walk out of a room, nobody's breathing. They're all beet-red. They're completely overwhelmed. I tell them I don't have the time to sniff around and get business. If they want me, they have to call me. They always call me."Barber's experience highlights an important lesson-make sure your contingency plans take into account all the agencies with which your company interacts.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.