Skip to main content

Defense Computers: DFAS Faces Challenges in Solving the Year 2000 Problem

AIMD-97-117 Published: Aug 11, 1997. Publicly Released: Aug 11, 1997.
Jump To:
Skip to Highlights

Highlights

GAO reviewed the Defense Finance and Accounting Service (DFAS) program for solving the year 2000 computer systems problem, focusing on the: (1) status of DFAS' efforts to identify and correct its year 2000 systems problems; and (2) appropriateness of DFAS' strategy and actions for ensuring that problems will be successfully addressed.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Defense Finance and Accounting Service The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to build upon the existing DFAS project plan to ensure that it identifies the actions and establishes the schedules for completing each phase of the year 2000 program, including the validation (testing) and implementation phases. The plan should also identify the milestones for meeting critical tasks under each phase, such as identifying system interfaces and securing interface agreements, preparing contingency plans, defining requirements for and establishing operational year 2000 compliant test facilities, completing tests of personal computers and servers, and identifying performance measures for evaluating DFAS and center-level progress.
Closed – Implemented
The DFAS Year 2000 Management Plan was published on December 12, 1997. The Management Plan built upon its predecessor--the DFAS Year 2000 Executive Plan--and identifies the actions and schedules for completing each phase of the Year 2000 program.
Defense Finance and Accounting Service The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to ensure that DFAS' Corporate Contingency Plan addresses the year 2000 crisis and provides guidance for ensuring continuity of operations. The guidance should require DFAS managers to perform risk assessments and prepare contingency plans for all critical systems impacted by the year 2000 and for all noncritical systems impacted by the year 2000 that provide data to critical systems. Specifically, risk assessments and contingency plans should be required for all critical systems, including the identification of alternatives in the event that: (1) replacement systems are not available; (2) systems to be renovated are not completed; and (3) systems fail to operate as intended prior to year 2000 impact.
Closed – Implemented
DFAS updated its Corporate Contingency Plan to include the Year 2000 Risk Assessment and Continuity of Operations Plan (COOP). The DFAS Year 2000 Management Plan also requires that a year 2000 risk assessment and contingency plan be prepared for each critical system, including any system that interfaces with a critical system, and for each core and core support business process, including facilities. The Plan further requires that contingency plans address DFAS critical applications that are embedded in systems not owned by DFAS. Contingency planning guidance, included as appendix E to the Plan, instructs system and business managers to ensure that contingency plans cover situations where replacement systems are not available; (2) systems to be renovated are not completed; and (3) systems fail to operate as intended prior to year 2000 impact.
Defense Finance and Accounting Service The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to require the timely identification of all internal and external systems interfaces and the completion of signed, written interface agreements that describe the method of data exchange between interfacing systems, the entity responsible for performing the system interface modification, and milestones identifying when the modification is to be completed.
Closed – Implemented
The DFAS Director directed the identification of all internal and external interfaces and the completion of written interface agreements for mission- critical systems that describe the method of data exchange between interfacing systems, the entity responsible for performing the system interface modification, and the milestone identifying when the modification is to be completed. The April 1999 DFAS Year 2000 Summary Interface Data Schedule shows that 2,543 system interfaces have been identified for DFAS internal and external partners including, federal, state, local, and foreign governments, military services, Defense agencies, and the private sector. The monthly report also indicates that DFAS has completed virtually all (2,116 of its 2,125) memorandums of agreement that it identified.
Defense Finance and Accounting Service The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to require the full implementation of the recently established year 2000 certification process and ensure that year 2000 compliance is predicated on testing all systems, including commercial-off-the-shelf (COTS) applications and personal computers and servers.
Closed – Implemented
The DFAS Year 2000 Management Plan requires that all mission-critical systems be fully certified in accordance with DFAS' new certification process, and that the certification of compliance be predicated on testing all systems, COTS applications and personal computers and servers. As of September 1999, DFAS reported that it had completed the certification of all its systems in accordance with its certification process, assessed all in-house personal computers and servers for Y2K compliance, and replaced all hardware not meeting the compliance standard. In addition, all commercial-off-the-shelf software used by DFAS has been certified as compliant by the vendor or replaced with a compliant product. Further, DFAS reports that any new product procured over the past two years was required to have a Y2K compliant certification.
Defense Finance and Accounting Service The Director, Defense Finance and Accounting Service, should direct the Deputy Director for Information Management to devise a testing schedule that identifies the test facilities and resources needed for performing proper testing of DFAS systems to ensure that all systems can operate in a year 2000 environment.
Closed – Implemented
According to DFAS, as of September 1999, the DFAS Year 2000 testing program was complete and all DFAS mission-critical systems had been certified Y2K compliant and were operating, where applicable, on Y2K compliant Defense Information Systems Agency (DISA) platforms. In completing its testing program, DFAS worked with DISA to identify test facilities and to determine the resources, schedules, and readiness of the DISA facilities needed to test DFAS systems in a year 2000 environment.

Full Report

Office of Public Affairs

Topics

Software verification and validationData integrityFederal agency accounting systemsFinancial management systemsInternal controlsManagement information systemsStrategic information systems planningSystems conversionsY2KContingency plans