Defense Computers:

DFAS Faces Challenges in Solving the Year 2000 Problem

AIMD-97-117: Published: Aug 11, 1997. Publicly Released: Aug 11, 1997.

Additional Materials:

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO reviewed the Defense Finance and Accounting Service (DFAS) program for solving the year 2000 computer systems problem, focusing on the: (1) status of DFAS' efforts to identify and correct its year 2000 systems problems; and (2) appropriateness of DFAS' strategy and actions for ensuring that problems will be successfully addressed.

GAO noted that: (1) DFAS managers have recognized the importance of solving the year 2000 problem; (2) if not successfully addressed it could potentially impact DFAS' mission; (3) to help ensure that services are not disrupted, DFAS has developed a year 2000 strategy which is based on the generally accepted five-phased government methodology for addressing the year 2000 problem; (4) this approach is also consistent with GAO's guidelines for planning, managing, and evaluating year 2000 programs; (5) in carrying out its year 2000 strategy, DFAS has assigned accountability for ensuring that year 2000 efforts are completed, established a year 2000 systems inventory, implemented a quarterly tracking process to report the status of individual systems, estimated the cost of renovating systems, begun assessing its systems to determine the extent of the problems, and started to renovate and test some applications; (6) DFAS also established a year 2000 certification program that defines the conditions that must be met for automated systems to be considered year 2000 compliant; (7) while initial progress has been made, there are several critical issues facing DFAS, that if left unaddressed, may well result in the failure of its systems to successfully operate in 2000: (a) DFAS has not identified in its year 2000 plan all critical tasks for achieving its objectives or established milestones for completing all tasks; (b) DFAS has not performed formal risk assessments of all systems to be renovated or ensured that contingency plans are in place; (c) DFAS has not identified all system interfaces and has completed written interface agreements with only 230 of 904 interface partners; and (d) DFAS has not adequately ensured that testing resources will be available when needed to determine if all operational systems are compliant before the year 2000; (8) DFAS' risk of failure in these areas is increased due to its reliance on other DOD components; (9) DFAS is also dependent on military services and DOD components to ensure that their systems are Year 2000 compliant; and (10) it is essential that DFAS take every possible measure to ensure that it is well-positioned as it approaches 2000 to mitigate these risks and ensure that defense finance and accounting operations are not disrupted.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The DFAS Year 2000 Management Plan requires that all mission-critical systems be fully certified in accordance with DFAS' new certification process, and that the certification of compliance be predicated on testing all systems, COTS applications and personal computers and servers. As of September 1999, DFAS reported that it had completed the certification of all its systems in accordance with its certification process, assessed all in-house personal computers and servers for Y2K compliance, and replaced all hardware not meeting the compliance standard. In addition, all commercial-off-the-shelf software used by DFAS has been certified as compliant by the vendor or replaced with a compliant product. Further, DFAS reports that any new product procured over the past two years was required to have a Y2K compliant certification.

    Recommendation: The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to require the full implementation of the recently established year 2000 certification process and ensure that year 2000 compliance is predicated on testing all systems, including commercial-off-the-shelf (COTS) applications and personal computers and servers.

    Agency Affected: Department of Defense: Defense Finance and Accounting Service

  2. Status: Closed - Implemented

    Comments: The DFAS Director directed the identification of all internal and external interfaces and the completion of written interface agreements for mission- critical systems that describe the method of data exchange between interfacing systems, the entity responsible for performing the system interface modification, and the milestone identifying when the modification is to be completed. The April 1999 DFAS Year 2000 Summary Interface Data Schedule shows that 2,543 system interfaces have been identified for DFAS internal and external partners including, federal, state, local, and foreign governments, military services, Defense agencies, and the private sector. The monthly report also indicates that DFAS has completed virtually all (2,116 of its 2,125) memorandums of agreement that it identified.

    Recommendation: The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to require the timely identification of all internal and external systems interfaces and the completion of signed, written interface agreements that describe the method of data exchange between interfacing systems, the entity responsible for performing the system interface modification, and milestones identifying when the modification is to be completed.

    Agency Affected: Department of Defense: Defense Finance and Accounting Service

  3. Status: Closed - Implemented

    Comments: DFAS updated its Corporate Contingency Plan to include the Year 2000 Risk Assessment and Continuity of Operations Plan (COOP). The DFAS Year 2000 Management Plan also requires that a year 2000 risk assessment and contingency plan be prepared for each critical system, including any system that interfaces with a critical system, and for each core and core support business process, including facilities. The Plan further requires that contingency plans address DFAS critical applications that are embedded in systems not owned by DFAS. Contingency planning guidance, included as appendix E to the Plan, instructs system and business managers to ensure that contingency plans cover situations where replacement systems are not available; (2) systems to be renovated are not completed; and (3) systems fail to operate as intended prior to year 2000 impact.

    Recommendation: The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to ensure that DFAS' Corporate Contingency Plan addresses the year 2000 crisis and provides guidance for ensuring continuity of operations. The guidance should require DFAS managers to perform risk assessments and prepare contingency plans for all critical systems impacted by the year 2000 and for all noncritical systems impacted by the year 2000 that provide data to critical systems. Specifically, risk assessments and contingency plans should be required for all critical systems, including the identification of alternatives in the event that: (1) replacement systems are not available; (2) systems to be renovated are not completed; and (3) systems fail to operate as intended prior to year 2000 impact.

    Agency Affected: Department of Defense: Defense Finance and Accounting Service

  4. Status: Closed - Implemented

    Comments: The DFAS Year 2000 Management Plan was published on December 12, 1997. The Management Plan built upon its predecessor--the DFAS Year 2000 Executive Plan--and identifies the actions and schedules for completing each phase of the Year 2000 program.

    Recommendation: The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to build upon the existing DFAS project plan to ensure that it identifies the actions and establishes the schedules for completing each phase of the year 2000 program, including the validation (testing) and implementation phases. The plan should also identify the milestones for meeting critical tasks under each phase, such as identifying system interfaces and securing interface agreements, preparing contingency plans, defining requirements for and establishing operational year 2000 compliant test facilities, completing tests of personal computers and servers, and identifying performance measures for evaluating DFAS and center-level progress.

    Agency Affected: Department of Defense: Defense Finance and Accounting Service

  5. Status: Closed - Implemented

    Comments: According to DFAS, as of September 1999, the DFAS Year 2000 testing program was complete and all DFAS mission-critical systems had been certified Y2K compliant and were operating, where applicable, on Y2K compliant Defense Information Systems Agency (DISA) platforms. In completing its testing program, DFAS worked with DISA to identify test facilities and to determine the resources, schedules, and readiness of the DISA facilities needed to test DFAS systems in a year 2000 environment.

    Recommendation: The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to devise a testing schedule that identifies the test facilities and resources needed for performing proper testing of DFAS systems to ensure that all systems can operate in a year 2000 environment.

    Agency Affected: Department of Defense: Defense Finance and Accounting Service

 

Explore the full database of GAO's Open Recommendations »

Sep 22, 2014

Jul 9, 2014

Jun 19, 2014

May 30, 2014

May 15, 2014

May 13, 2014

May 12, 2014

May 2, 2014

Mar 27, 2014

Looking for more? Browse all our products here