- The nature of the problem
- The potential impact of the problem
- Managing the impact
- Assessing readiness
- Impediments to action
- The case for Government action
- The Government's strategic response
- Recommended actions for Government
   |
| Archive - these pages are part of the continuing record of Executive Government - for the current Administration, see www.beehive.govt.nz |
1.0 Executive Summary |
| 1.1 | This report recommends to the Government the steps it should take now and the further steps it should consider to address any widespread failure of computers and other equipment which contains computer technology, so that vital infrastructure, health and safety services and businesses are able to operate through the Year 2000 and beyond. |
| 1.2 | The process underlying our recommendations and the structure of this report reflects a standard analytical approach, namely:
|
| 1.3 | Our terms of reference are appended (Appendix I). |
| The nature of the problem | 1.4 | The Year 2000 problem concerns computers and other equipment containing computer technology. Systems and processes could shut down when they fail to recognise dates correctly. This is a worldwide problem. |
| 1.5 | It is not a problem confined to individual organisations, or one capable of being remedied on an individual basis. Maintaining the supply of vital goods and services could present major problems for many organisations. |
| 1.6 | It is important to note there are dates besides 1 January 2000, when similar date-related failures could take place, such as 9 September 1999, which has been used to denote an indefinite date. |
| 1.7 | This is a business continuity problem, demanding a strategic management response from those charged with the governance and management of organisations. |
| 1.8 | Because this problem is unique, there is no readily-available store of experience or tool- box for managers to consult in order to address their Year 2000 problems. |
| The potential impact of the problem | 1.9 | Any widespread failure of computers and other equipment containing computer technology caused by the Year 2000 problem would have serious consequences for New Zealand's social and economic infrastructure and the health and safety of its citizens. It is difficult to quantify in advance the potential impact. In the case of embedded computer chips, only 1 to 3 per cent may malfunction - but if those failures occur in vital areas, water supply and sewage disposal services for example, the consequences could be considerable. |
| 1.10 | This is a conclusion supported by actions taken in other countries. The state of computer-related technology in New Zealand is similar to that of other western nations, such as Australia, the United Kingdom, the United States and Canada. New Zealand's vulnerability as a result of systems and equipment failure is equally high. Our enquiries showed that governments around the world are treating the issue seriously. They have taken a risk-averse approach and are working actively in all areas of their economies to avoid failure where possible and, if not, to best manage the consequences of failure. |
| Managing the impact | 1.11 | Inaction increases our vulnerability. We believe organisations in the private and public sectors should take action to manage the Year 2000 problem and, if they are already taking action, intensify their efforts. We are aware of the view that any action taken now is already too late, but we do not subscribe to it. For some organisations, it may be too late to contemplate full-scale remedial action, but there still is sufficient time for some remedial action and for contingency planning. |
| 1.12 | Further delays in addressing the Year 2000 problem will reduce the number of remedial options available and also reduce their effectiveness. Action must begin at all levels now. Testing is an essential part of the remedial process, but it is the most time-intensive. If organisations do not have the time or resources to test their solutions, they need to plan for contingencies. |
| 1.13 | No amount of planning, remedial action and testing will result in an absolute guarantee that failures will not occur. The systems and processes linking the elements within and between key infrastructural areas are complex and interdependent. It must be acknowledged that there will be some disruption. |
| 1.14 |
Effective management involves all the components of a focused project management approach, including:
|
| Assessing readiness | 1.15 | We assessed the readiness of New Zealand organisations in two overlapping areas: the public sector (including local authorities) and critical infrastructure sectors. The latter we defined as those key elements of the social and economic infrastructure where failure of computers and other equipment containing computer technology could have serious social or economic consequences, or compromise the health and safety of the general public. |
| 1.16 | We based our assessment on a number of information sources, including existing research, surveys and meetings with key organisations. |
| 1.17 | The key points of our assessment can be grouped into five main areas: understanding the problem; areas of risk; working towards success; emergency planning; and resource implications. Understanding the problem |
| Understanding the problem | ||
| 1.18 | Our assessment demonstrates that, while awareness of the Year 2000 issue appears to be high, it is not matched by a clear understanding of the complexity of the problem. | |
| 1.19 | Small and medium-sized enterprises (SMEs) are less confident about their ability to manage Year 2000 problems than larger, more essential organisations. This is important because, while many SMEs do not play direct key roles in vital infrastructure, they are important links in the supply chain and most of them provide goods and services to the public. We have confidence in the self-reported assessment by SMEs. |
| 1.20 | We do not believe that all public sector organisations and infrastructure organisations are justified in the level of confidence that they hold, because self-reported progress in management of their Year 2000 projects fails to support that level of confidence. |
| 1.21 | There are some notable exceptions where we believe that organisations hold justifiable levels of confidence. These include some government ministries and departments, some state owned enterprises, organisations in the banking and finance sector and organisations in petrol distribution. These organisations appear to have made good progress in managing their Year 2000 problems. Areas of risk |
| Areas of risk | ||
| 1.22 | Examples of sectors and organisations where we believe the preparation to date to be inadequate include: some organisations involved in the supply and distribution of electricity; many public hospitals; and many local authorities (especially in the areas of water and sewage disposal services). The current focus on restructuring in the electricity sector places even more stress on a vital area which uses complex and highly interdependent technology, much of which contains embedded computer technology. | |
| 1.23 | Qualified evidence points to a significant risk of a shortfall of resources in the public sector. For example, our surveys revealed that one-third of central government agencies have not yet committed the funding or secured the resources to address their Year 2000 problems. |
| 1.24 | The introduction of the new European currency in January 1999 may put extra strain on information systems for the banking and finance and import/export sectors. Anecdotal evidence suggests that the impact of this issue on the ability of the import/export sector to manage its Year 2000 problems has yet to be fully explored. Working towards success |
| Working towards success | ||
| 1.25 | The Year 2000 problem is manageable if it is given the appropriate importance at all levels: from the Cabinet room; to the board room or council chamber; and down to corporate and line management. | |
| 1.26 | We suggest that the Government encourages central government organisations, local authorities and infrastructure suppliers to take immediate action to implement their remedial plans for their mission-critical systems. |
| 1.27 | Once remedial planning for mission-critical systems and equipment is complete, it must be implemented. Plans for other sources of the problem - electronic data exchanges, suppliers and customers - must also be developed and implemented. The installation or importation of non-compliant systems and equipment must be prevented. Emergency planning |
| Emergency planning | ||
| 1.28 | At the community level, emergency services (civil defence) planning is crucial. The transition from one century to the next falls over the holiday season in New Zealand. This presents some advantages (less stress on some areas of infrastructure) but also some disadvantages. Emergency services should be ready to respond. We urge organisations to take account of this issue in their contingency and emergency plans. | |
|
