The Year 2000 date problem, also known as the Millennium Bug or the Y2K problem, has occurred as the result of past computer programming practices which took advantage of a two digit year code rather than a four digit century/year code. Two digit year codes were used to conserve scarce computer memory and storage capacity and become common usage not only in computer programs, but in programmable logic chips.

The Year 2000 problem potentially affects computer hardware, software and automated equipment where the date is used as the basis of calculation or access. These could include computer hardware and computerised devices, computer software including operating systems, software packages and agency developed information systems, and data stored electronically. Computer firmware, in which computer software is embedded in electronic devices, could impact equipment such as medical and diagnostic equipment, vehicles, aircraft, automatic teller machines and cash registers. Services including air conditioning, lighting, elevators, security, power, water, sewerage systems, control systems and automated production lines and in fact any device which has an embedded logic chip could also be impacted.

Not only agency equipment and software is likely to be impacted; suppliers to government and customers of government may themselves be affected with subsequent disruption to government services. The problem is not exclusively an information technology or computer problem, it is primarily a business problem with the potential to impact service delivery in both the public and private sectors.

The Government, recognising the potential severity of the Year 2000 problem, has introduced a number of initiatives to ensure agencies are protected as far as possible and to mitigate the effects of the problem across government to an operationally acceptable level. These include the establishment of a whole-of-government Year 2000 team within the Office of Information Technology, creation of a Government Year 2000 Internet Web Site www.y2k.gov.au and arranging panel contracts for Year 2000 Business Risk Analysts, Year 2000 Remedial contracting Services and Remedial Tools and the development of a Year 2000 Business Risk Analysis Methodology.

Whilst many agencies are now proceeding to identify the extent of the problem and have taken steps to rectify areas of risk, there is concern that many agencies are still not fully addressing the issue. The Auditor General's recent report to Parliament confirmed these concerns, concluding that the public sector is not as ready as it might be in respect to the Year 2000 as a business issue rather than just an information technology issue. There was also a need for agencies to develop asset management strategies appropriate to agency information technology and information systems.

The Year 2000 Business Risk Methodology has been developed in conjunction with a leading Y2K specialist organisation. The methodology was designed for both Government and private organisations to:

Assist in determining if they have a Year 2000 Millennium Bug problem.

Assist in analysing their whole business, internal and external for risk.

Assist in identifying and quantifying their risk exposure to the year 2000.

On completion of the Business Risk Analysis the organisation should have several new assets, all of which are valuable after the Year 2000 project is completed. These include;

A risk analysis profile for major functions and activities.

A business continuity plan including contingency planning.

A comprehensive critical resource register.

A risk based understanding of the business and its operating environment including dependencies on external factors and organisations.

The use of the methodology by an agency will in no way guarantee that Agency is Year 2000 compliant. By following the methodology the agency is lessening or mitigating the risks associated with the Year 2000 problem.

The methodology uses a six phase approach to identifying and assessing the organisation's exposure risk to the Year 2000 problem. It is practical in that it recognises that time is running out and it assists agencies to identify and prioritise those business functions which are critical to the agency's existence. The methodology has been linked to risk management software (SBA Year 2000) which allows the Office of Information Technology to collate the information from all agencies and report on the level of risk to the Government Information Management Board and the NSW Government. Details of the Year 2000 Business Risk Analysis Methodology may be obtained from the Year 2000 web site or from the Office of Information Technology.

To ensure that the Government's Year 2000 risk exposure is minimised, all general government agencies are required to use the Year 2000 Business Risk Analysis Methodology as a key component of their Year 2000 risk management activities. It is strongly recommended that other government organisations also adopt the methodology. Any agency using an alternative methodology or which feels it is sufficiently well advanced with its Year 2000 activities to not need the methodology may seek an exemption from the Office of Information Technology. Requests for exemption must be supported by a fully documented justification and should be provided by the Chief Executive of the agency concerned to the Director, Office of Information Technology, Level 22, McKell Building, 2-24 Rawson Place Sydney.

The Year 2000 business risk analysis is designed to be completed within six to eight weeks. It is a requirement that agencies report back to the Office of Information Technology using the SBA software reporting package at the completion of phases one, two, three and six of the risk assessment. Monthly reports are then required during the rectification project.

As an interim measure to assist in identifying the extent of the Year 2000 problem identified to date a questionnaire has been developed for completion by all agencies. All

Chief Executive Officers are requested to ensure the questionnaire is completed as far as is practicable and returned to the Office of Information Technology by close of business on Friday, 27 February 1998.

Assistance with the Year 2000 problem, use of the period contracts, use of the Business Risk Analysis Methodology or SBA reporting software is available from the Year 2000 Team, Office of Information Technology on 9372 8296.

C Gellatly
Director-General

Y2K Questionnaire 1998

Please use this fax cover sheet to return your completed questionnaire by Friday, 27 February 1998 to:

Y2K Team

(02) 9372 8217

If you have any questions regarding this questionnaire please contact:

Col Bamblett on (02) 9372 8269 0r Stephen Smith on (02) 9372 8239

TO: Stephen Smith FROM:

FAX: 9372 8217 FAX:

PHONE: 9372 8269 PHONE:

DATE: NO.

PAGES:

Name of Agency _________________________________________________

Survey completed by:

Name __________________________________________________

Title __________________________________________________

Y2K Questionnaire 1998

Please Fax Your completed questionnaire by

Friday, 27 February 1998 to:

Y2K Team

Fax: (02) 9372 8217

If you have any questions regarding this questionnaire please contact:

Col Bamblett on (02) 9372 8269 or Stephen Smith on Phone: (02) 9372 8239

Name of Agency _____________________________________________________________

Questionnaire completed by:

Name & Title _____________________________________________________________

1. Do you have a Y2K strategy?

YES ( ) NO ( )

If YES, Please provide details.

______________________________________________________________________________________

2. Are you deploying the methodology of the Year 2000 Business Risk Analysis Handbook' developed by Office of Information TechnologyYES ( ) NO ( )

If YES, please provide details including stage currently at ie 'Phase 3; Detailing resources'.

__________________________________________________________________________________________

__________________________________________________________________________________________

If NO, please provide details on the techniques you are deploying.

__________________________________________________________________________________________

__________________________________________________________________________________________

3. In % completion terms of the whole strategy, what does the effort to date (end January 1998) represent?

__________________________________________________________________________________________

4. What is the estimated cost of the Y2K remedial project within your agency?

___________________________________________________________________________

5. What is estimated remedial work expressed as % of the estimated cost unable to be completed by July 1, 1999?

__________________________________________________________________________________________

6. What business risks have been identified?

(Please specify, attach a separate sheet if necessary)

__________________________________________________________________________________________

__________________________________________________________________________________________

7. What is the overall financial value of each of the category of risks identified ie high, medium, and low risks?

HIGH $__________________ MEDIUM $_________________ LOW $___________________

8. What is the financial value of the risks not completed by December 31,1999 (Contingent liability)

__________________________________________________________________________________________

9. Have contingency plans been developed for risks identified?

YES ( ) NO ( )

If YES, please specify