Year 2000 Computing Challenge:
OPM Has Made Progress on Business Continuity Planning
GGD-99-66: Published: May 24, 1999. Publicly Released: May 24, 1999.
- Full Report:
Pursuant to a congressional request, GAO reviewed the Office of Personnel Management's (OPM) year 2000 business continuity and contingency planning activities, focusing on OPM's efforts to: (1) develop an overall planning strategy for ensuring the continuity of agency operations; (2) assess the risk and impact of system failures on the agency's core business processes; (3) prepare contingency plans that include procedures and timetables for continuing agency operations in the event that critical systems fail; and (4) test the contingency plans to determine their effectiveness.
GAO noted that: (1) OPM has made progress in its business continuity planning efforts in preparation for the year 2000 computing problem; (2) using GAO's guidance on year 2000 business continuity planning for federal agencies, OPM developed a strong planning strategy for ensuring the continuity of critical agency operations in the event of year 2000-induced system failures; (3) to develop its planning strategy, OPM created a project structure involving representatives from the agency's major business units; (4) through the coordination of this project work group, OPM developed a master schedule and milestones for continuity planning activities, identified business processes that are critical to agency operations, established key reporting requirements, and obtained the concerted support and involvement of the agency's senior management; (5) GAO's review raised concerns, however, about OPM's implementation of the business continuity planning strategy; (6) GAO identified these concerns after reviewing key planning documents that OPM had developed according to critical milestones established by the agency in its year 2000 business continuity planning process; (7) specifically, GAO's concerns involved the approach that OPM used for: (a) assessing the risk and impact of system failures on the agency's core business processes; (b) preparing contingency plans to be used in the event of critical system failures; and (c) developing plans to test the contingency plans to determine whether they would be effective if implemented; (8) when OPM presented GAO with its written comments on a draft of this report, it provided GAO with supplemental documentation that demonstrated that the agency had taken additional actions to address GAO's concerns; (9) by taking these additional actions, OPM has improved the implementation of its business continuity planning strategy and increased the likelihood that critical agency functions can be carried out even if year 2000-induced failures occur in key computer systems; and (10) thus, GAO is not making recommendations to address the concerns originally observed.