Auditor General report finds feds lacking in Y2K preparedness

Several federal departments and agencies, including those responsible for pension cheques and food inspection, may be cutting their year 2000 fixes a little too close, according to a report from the Office of the Auditor General of Canada.

“We are very concerned that some essential government services may be interrupted at the start of 2000,” said Auditor General Denis Desautels in his report.

In his report, Preparedness for Year 2000: Government-Wide Mission Critical Systems, Desautels published findings from a June 1998 audit — a follow-up audit of a wider-ranging Y2K review conducted by his office in 1997.

Seven of the government’s 48 mission-critical systems were analysed by the Auditor General’s office. Nancy Cheng, principal with the Office of the Auditor General’s audit operations branch in Ottawa, said the seven were chosen because they “affect the health and safety or finances of the country.”

While the report found that awareness of the year 2000 problem has shown a marked improvement since 1997, it also reveals that testing delays are becoming problematic, and that many departments clearly underestimated the time and work needed to fix and test their systems.

“We’re not blaming anybody. We think everyone is trying hard. But having said that, some are moving faster than others and there are some that are giving us some concern,” Cheng said.

Systems owned by Human Resources Development Canada, overseers of the Canada Pension Plan (CPP) which provides benefits to millions of senior citizens, were among those found to be at risk. According to the report, sub-system testing, which was to have been completed in December, has been pushed back to June to accommodate last-minute conversion.

“It was a tough call, because it is the largest system (we looked at)…but we just did not have the comfort level to give them a lower risk rating,” Cheng said. Although she has since received word the CPP system has been successfully converted, her office has yet to verify that.

Systems at the Canadian Food Inspection Agency (CFIA) responsible for scheduling inspections — and the inspection tools themselves — are also at risk, the Auditor General found. Again, testing and fixing delays are at the heart of the problem, although CFIA is also having difficulty getting feedback from its tool suppliers. Some tools may contain vulnerable embedded chips.

“We saw some delay there, and that didn’t make us feel comfortable either,” Cheng said.

Also of concern is the Canadian Police Information Centre (CPIC), which is owned by the RCMP. CPIC gives police departments and government agencies across Canada instant access to the RCMP criminal database. Converting the CPIC interface may affect the ability of clients to access the system, Cheng said, and she advised the RCMP to inform CPIC users of potential problems.

Systems from Revenue Canada, Indian and Northern Affairs, and the Department of National Defence were also audited, but were found to be at low risk, meaning that testing and fixing are on schedule or that the systems are self-contained and pose little threat to the public.

Desautels also urged the government to continue recognizing the year 2000 problem as a top priority, to improve methods of communication between ministers and their departments, and to begin working on contingency plans in the event of Y2K-related failures.

And Desautels said the Treasury Board Secretariat, office of Canada’s CIO, may intervene in the government’s plans where necessary.

While Canada is generally considered to be one of the leaders in attacking Y2K, one expert said Ottawa will have to rethink its outlook if the government hopes to maintain that reputation.

“I think the Auditor General’s details were sufficient to convince anyone…that there’s going to be problems at the turn of the century for even the mission-critical systems,” said Joe Boivin, veteran of Y2K projects and president of the Global Millennium Foundation in Ottawa.

He said the prescription for making Y2K projects more efficient, whether in government or the private sector, is to make managers at all levels accountable —

a practice Ottawa should consider implementing.

And he believes the Auditor General may have overlooked other problems. “Of the total systems the Canadian government has, the 48 mission-critical systems (the Auditor General inspected) represent less than half, and in fact, I’ve heard numbers in the 30 per cent range…so the real question which few have bothered to ask is, what about the other 70 per cent?”

That same question is being asked by John Williams, Reform MP for the Alberta riding of St. Albert, and chairman of the Public Accounts Committee.

“They assure us that it’s all OK. However, what they have done is they’ve focused on what they call mission-critical systems…and they are scrambling to try and ensure that these are capable of carrying on after Jan.1, 2000.

“There’s nothing about any other system, and of course they basically have abandoned them, hoping that they’ll pick them up at a later date.”

Williams said the government has not been forthcoming with details of the country’s year 2000 status, and he believes that stems from a general lack of urgency. He would like to see the government buckle down in 1999, and “ensure adequate and appropriate contingency plans.”

But Cheng said delays are commonplace in many IT projects, and she warns critics against reading too much into them. “The problem is that testing is taking people a bit more time, and slippage is not uncommon at all in the IT field…and that’s the kind of scenario we’re into right now.”