Skip to Highlights

Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) program for solving the year 2000 computer systems problem, focusing on the: (1) overall status of DOD's effort to identify and correct its date-sensitive systems; and (2) appropriateness of DOD's strategy and actions to correct its year 2000 problems.

Skip to Recommendations


Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense 1. The Secretary of Defense should establish a strong department-level program office led by an executive whose full-time job is to effectively manage and oversee DOD's year 2000 efforts. The office should as a minimum have sufficient authority to enforce good management practices, direct resources to specific problems areas, and ensure the validity of data being reported by components on such things as progress, contingency planning, and testing.
Closed - Implemented
GAO's report and the Defense Science Board Task Force report recommended that strong centralized leadership be established within DOD for the Year 2000 effort. In 1998, a Special Assistant for Year 2000 was assigned within the Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) with responsibility for all multi-component Y2K actions, such as developing DOD Y2K policy, management plans, consolidated reporting, interface assessments, contingency planning guidance and oversight, and testing oversight. Most recently, this office was reorganized to provide greater focus on Y2K readiness issues, such as testing, continuity of operations, and crisis management. In August 1998, the Secretary of Defense also required the Commanders-in-Chief, military services, and Defense agencies to prepare plans for ensuring operational/functional readiness.
Department of Defense 2. The Secretary of Defense should: (1) expedite efforts to establish a comprehensive, accurate departmentwide inventory of systems, interfaces, and other equipment needing repair; (2) require components to validate the accuracy of data being reported to the Office of the Secretary of Defense; and (3) provide guidance that clearly defines a system for year 2000 reporting purposes.
Closed - Implemented
DOD has made extensive upgrades of system hardware and technical capability in its efforts to establish a comprehensive, accurate departmentwide year 2000 inventory of systems, interfaces, and other equipment needing repair. DOD has also required its components to validate the accuracy of data being reported to the Office of the Secretary of Defense. However, because data collection and verification for systems included in the year 2000 inventory remains the responsibility of individual DOD components, and because DOD has not issued a clear definition of what constitutes a system for reporting purposes, the components continue to use different system definitions, processes, and reporting requirements. As a result, the inventory, while improved, continues to fluctuate and the information remains incomplete and unreliable. DOD continues to require separate data collections to compile quarterly reports to OMB.
Department of Defense 3. The Secretary of Defense should clearly define criteria and an objective process for prioritizing systems for repair based on their mission-criticality and ensure that the most mission-critical systems will be repaired first.
Closed - Implemented
While DOD has continued to prioritize mission-critical systems, it continues to allow priorities to be determined by its individual components. This approach has resulted in an unwieldy number of mission-critical systems, which precludes effective concentration on the most critical systems. As a result, operational organizations, such as the Joint Chiefs of Staff, have been forced to consider additional prioritization, based on actual operational requirements, to ensure that operational plans and milestones can be met. These efforts have identified a large number of critical systems not prioritized by the DOD effort. While DOD has directed the various parties to work out this problem, no effective policy has been promulgated. In April 1999, over half of the systems needed to complete critical CINC operational functions could not be identified on the DOD Year 2000 inventory. The system owner/manager could not be readily identified for more than one quarter of these systems.
Department of Defense 4. The Secretary of Defense should ensure that system interfaces are adequately addressed by: (1) taking inventory and assigning clear responsibility for each; (2) tracking progress in year 2000 problem resolution; (3) requiring interface agreement documentation; and (4) providing guidance on the content of interface agreements and who should fund corrective actions.
Closed - Implemented
Through December 1998, DOD held periodic Interface Assessment Workshops (IAW) as a forum for discussing interface issues and to provide visibility of high level issues in this area. DOD has also taken additional steps to ensure that system interfaces are adequately addressed. For example, DOD has: (1) added system interface information to its year 2000 inventory database; (2) provided a means to track system interface progress through its inventory; (3) required interface agreement documentation, known as memorandums of agreement (MOAs); and (4) provided general guidance on the content of MOAs. DOD also assigned responsibility for managing system interfaces, including verifying, reporting, and documenting interfaces, as well as preparing MOAs that define the process required to pass date-derived information between systems, and the funding for doing so, to system/program managers of individual interfaces.
Department of Defense 5. The Secretary of Defense should: (1) develop an overall, departmentwide testing strategy and a plan for ensuring that adequate resources, such as test facilities and tools, are available to perform necessary testing; and (2) ensure that the testing strategy specifies the common criteria and processes that components should use in testing their systems.
Closed - Implemented
In August 1998, the Secretary of Defense directed the JCS, in conjunction with the CINCs, to develop a joint Year 2000 operational evaluation program to verify year 2000 operational readiness. Later that month, the Deputy Secretary of Defense assigned inter- organizational responsibility and authority for various end-to-end test activities to the Office of the Secretary of Defense functional area focal points to ensure year 2000 readiness for key functional areas that support CINC operations. These requirements have been incorporated into DOD's Year 2000 Management Plan and JCS operational evaluation guidance. These documents constitute: (1) a high-level, departmentwide testing strategy that should also ensure adequate resources are available; and (2) high-level common criteria, processes, and reporting requirements for Year 2000 testing and operational evaluations.
Department of Defense 6. The Secretary of Defense should: (1) require components to develop contingency plans to ensure that essential operations and functions can be performed even if mission-critical systems are not corrected in time or fail due to year 2000 problems; and (2) track component progress in completing these plans.
Closed - Implemented
The DOD Year 2000 Management Plan and related guidance call for every system, mission, and function owner to develop and test contingency and continuity of operations plans to ensure the Department can accomplish its missions at the turn of the century. DOD has delegated oversight responsibility for these plans to the Joint Chiefs of Staff for their subordinate commands and to the Principal Staff Assistants in the Office of the Secretary of Defense for all other plans. Also, DOD has provided a means to track progress in completing these plans through its year 2000 inventory, and component-level databases.
Department of Defense 7. The Secretary of Defense should prepare complete and accurate year 2000 cost estimates so that DOD can assess the full impact of the year 2000 problem, ensure adequate resources are available, and effectively make tradeoff decisions to ensure that funds are properly allocated.
Closed - Implemented
Defense has continued to monitor and revise its year 2000 cost estimates, but has not changed its approach for doing so. As a result, year 2000 costs continue to be estimated at the system level, reported through components, and accumulated at the OSD-level. Growth of DOD's year 2000 cost estimate in each reporting period indicates a continuing inability to define the scope and magnitude of the problem, and thus, reliably estimate the overall cost of this effort. In May 1999, Defense's quarterly report to OMB estimated that $3.658 billion would be needed from fiscal year 1996 to fiscal year 2001 to fix and test year 2000 problems within its computer systems. This amount represented an increase of $1.077 billion (41 percent) since February 1999. Without reliable estimates, DOD's ability to make sound resource allocation decisions among competing year 2000 priorities is limited.

Full Report