E/ESCAP/STAT.11/14
24 September 1998
ORIGINAL: ENGLISH

ECONOMIC AND SOCIAL COMMISSION FOR ASIA AND THE PACIFIC

Committee on Statistics
Eleventh session
24-26 November 1998 Bangkok

1. A. ESCAP recommendations on the year 2000 problem
2. B. Selected Y2K policy issues
3. C. International Y2K issues
4. D. Suggested action by the Committee
5. E. Other strategic issues

A. ESCAP recommendations on the year 2000 problem

1. A year ago, the Working Group of Statistical Experts expressed deep concern about the impact of the year 2000 (Y2K) problem⁽¹⁾ in the region in general, and in statistical offices in particular. It urged government offices to tackle the problem immediately and adopted a set of recommendations for governments. It also requested the Commission to discuss the Y2K problem at its fifty-fourth session in April 1998. Subsequently, the Commission considered the matter at its fifty-fourth session and made recommendations for governments. As a follow-up to another recommendation of the Working Group, the secretariat and the Statistical Institute for Asia and the Pacific (SIAP) organized a Workshop on the Year 2000 Problem in Computers and Strategic Issues for National Statistical Offices on 18 and 19 June 1998. That Workshop targeted its recommendations to national statistical offices in a format that could be adapted and followed by other government offices as well.

2. The following is a summary of the recommendations made by the Working Group of Statistical Experts at its tenth session (Bangkok, 11-14 November 1997):

1. The Chairperson of the Committee on Statistics, the secretariat and the members of the United Nations Statistical Commission from the region should raise the issue at the forthcoming session of the Commission.
2. The secretariat should create awareness of the Y2K problem in the countries of the region by compiling information in non-technical language and disseminating it widely through its publications and Web site.
3. The secretariat and national statistical offices should facilitate the sharing of experience in the region, especially from governments and national statistical offices that have tackled the problem with some success; however, national statistical offices should not wait for information about the experience of other countries since their solutions were probably far from complete.
4. The secretariat should approach the donor of the planned seminar on information technology applications on the possibility of placing the Y2K issue on the agenda and of holding the seminar early in 1998.
5. The secretariat should investigate whether meetings on the Y2K issue could be held soon outside the standard project funding cycle.
6. SIAP should investigate whether it could organize a training event early in 1998 on the Y2K issue.

3. At its fifty-fourth session, held at Bangkok from 16 to 22 April 1998, the Commission made the following observations and recommendations:

1. The Commission expressed deep concern about the predicted disruptions that the Y2K problem in computers and embedded chips was likely to cause at the national, regional and global levels. Noting with concern the slow start made by many countries of the region in tackling the problem, it urged all governments to make its resolution a high priority. The Commission recognized that the problem was not restricted to statistics, but also affected infrastructure services such as electricity supply and telecommunications, as well as banking and other systems. The Commission emphasized that it was the responsibility of top-level management to initiate organization-wide action to address the issue. For identification and resolution of the problem, the Commission recommended the use of multidisciplinary teams that periodically reported on progress to high-level management.
2. As an immediate measure, the Commission recommended that organizations demand guarantees from suppliers that all new software and equipment were year 2000 compliant. The Commission advised all organizations to make contingency plans in case of failure of their own systems or of external or foreign systems on which they were increasingly dependent. Given the urgency of the situation, the impending high work volume in fixing existing systems meant that mission-critical applications had to be given the highest priority. The Commission warned that any delays were likely to increase the modification cost and make the timely resolution of the problem very difficult, as the required skills were already in short supply.
3. The Commission endorsed the recommendations of the Working Group of Statistical Experts in regard to the Y2K problem. While recognizing that the problem could only be solved at the level of each organization, the Commission encouraged all members to share their experiences in resolving the year 2000 problem and asked the secretariat to facilitate such regional cooperation.

4. The recommendations of the Workshop on the Year 2000 Problem in Computers and Strategic Issues for National Statistical Offices, which was held at Bangkok on 18 and 19 June 1998, are summarized below in an action-oriented format. (The report of the Workshop, containing more detailed information about approaches to resolve the year 2000 problem, is available as a background document.

1. Stop waiting for somebody to come to study and fix Y2K problems. That is not going to happen. Accept ownership of systems and full responsibility for them. Lack of technological expertise is not an acceptable excuse for inaction.
2. Appoint immediately a full-time Y2K coordinator, with managerial skills and the necessary authority to initiate actions and delegate responsibilities.
3. Back-up data and systems securely before doing any Y2K compliance testing. Ensure that the back-up data can be read. Document back-ups properly.
4. Use all talents within the organization to create multidisciplinary teams to undertake step-wise rectification. Include a mix of management staff, information technology (IT) staff, and substantive experts. Locate them together and relieve them of other responsibilities to the extent possible.
5. Ensure that anything new developed or purchased is Y2K compliant.
6. Use industry standard steps⁽²⁾ in achieving Y2K compliance, but simplify where possible. Information is available through the Internet, literature and IT magazines.
7. Include embedded chips in the Y2K inventory and seek out compliance information for them.
8. Start conversion of mission-critical systems in priority order.
9. Remember that, although necessary, awareness campaigns or lengthy planning processes will not resolve Y2K problems. Start practical work immediately.
10. Do not wait for funding before starting. A lot of preparatory work can be done without separate funding, especially in awareness creation, in preparation of an inventory of affected items, and in seeking compliance information from vendors.⁽³⁾
11. Do not rely on general compliance statements.Be specific when requesting compliance information from equipment and software suppliers. Ask when compliant replacements will become available, and how they will be installed and operationalized.
12. Demonstrate the impact of non-compliant components and systems to management by writing down what would happen if each affected system was not available.
13. Transmit those technology and business assessments to top management and to the authority providing the budget.
14. Enlist the support of important clients to strengthen Y2K funding requests.
15. Concentrate on resolving only the Y2K problem itself. Do not attempt to simultaneously improve the functionality or other features of existing systems.
16. Slow down or postpone new IT development to conserve resources.
17. Remember that Y2K projects carry pitfalls of typical IT projects, including overly optimistic scheduling, poor documentation and incomplete debugging. Projects have a tendency to drag on longer than initially planned.
18. Make a contingency plan at an early stage.
19. Include a worst-case scenario in the contingency plan.
20. Document all Y2K efforts from the beginning. That written evidence may be invaluable later.
21. Do not let top executives delegate or outsource their responsibility (it is not possible). Y2K compliance is a major business issue; the alternative is often a closure of operations.
22. Disseminate these recommendations to all staff in the organization.

5. Apart from facilitating the above intergovernmental and technical meetings, the secretariat has played an advocacy role through its Web site, the Government Computerization Newsletter, the Statistical Newsletter and press releases. The media has reported on the Y2K activities of ESCAP in a positive way, and the Y2K pages of ESCAP on the Web (http://www.unescap.org/stat/gc/escapy2k.asp) have been some of the most accessed pages at the ESCAP Web site.

B. Selected Y2K policy issues

6. Many organizations, especially in developed countries, have adopted open disclosure policies with regard to their own Y2K efforts. That practice, which can also be found in the public sector, demonstrates to other organizations the seriousness with which the issue is handled, and exposes the plans to the scrutiny of independent experts. If the efforts are perceived to be concrete and sufficient, the public-at-large and business partners will be reassured that cooperation and services will continue uninterrupted.

7. In making systems Y2K compliant, the main responsibility rests normally with the executives of individual organizations and agencies. The central government acts as a role model in addressing the problem in public and plays a practical role as an authority for providing (additional) funding. In several countries, a coordinating agency has been appointed to create awareness among the public sector organizations, to monitor government-wide progress and, in some cases, to offer practical advice in systems renovation. As part of its monitoring function, the central government should appraise whether the steps being taken by various government agencies appear to be prudent and intervene immediately if preparations appear inadequate.

8. In intergovernmental forums, the general preparedness level for the year 2000 in Asia and the Pacific is perceived as far from satisfactory. However, the awareness level has clearly been increasing recently, and the key to problem resolution is now on ways of changing the awareness into immediate and effective action. That action, which includes the inventory, testing and remediation work, can be initiated and carried out only by system owners. The ownership, as emphasized in the above recommendations, starts from the highest echelons and involves equally IT, management and other staff of the organization.

9. The escalation of economic crises in South-East Asia and the Russian Federation has taken most attention of decision makers and makes the resolution of the Y2K problem very challenging. In many instances, organizations have had to manage within existing or even reduced budget allocations. This contrasts with the global experience that the initial cost-effort estimates tend to be unrealistically low, and that private sector organizations are spending much more in Y2K resolution than public sector organizations of similar size.

10. With regard to in-house applications, it is too late to regard replacement as a preferred solution. Except for those extremely rare cases where automated solutions can be applied, the fixing of the "bug" in custom-made systems often involves laborious line-by-line checking of program codes. Some of the work can be outsourced, but it may be difficult to find the necessary expertise. Even if external resources are available, a turnkey solution is not possible as the detection of the problem codes and testing of the systems always require involvement of staff who developed them or who are maintaining them. It is therefore not surprising that most large organizations in developed countries have chosen to tackle the problem internally.

11. Another reason in favour of internal action is that the vendors of software and equipment are unlikely to come forward and offer unsolicited solutions, even if they know that their products are not Y2K compliant. Moreover, in the absence of legislation that would make them liable for Y2K problem damages, they are likely to be able to escape litigation attempted against them.

C. International Y2K issues

12. Achievement of internal compliance does not necessarily shield organizations from the adverse effects of the problem. Public and private sector organizations alike can be directly affected by external factors that arise from incompatibility of data suppliers, or from Y2K failures of international computer and telecommunications networks. In addition, their business operations might be affected (non-electronically) by Y2K failures elsewhere in the society. The Y2K compatibility of the Internet, international telecommunications carriers and international banking operations is under intensive scrutiny by various task forces and working groups formed by involved parties. The resolution of such international Y2K problems poses extraordinary challenges as multiparty testing (end-to-end and industry-wide testing) cannot be conveniently done without disrupting day-to-day operations.

13. The following links on the worldwide net of the Internet provide more information about international compliance issues:

1. The Year 2000 Working Group of the Internet Engineering Task Force, http://www.ietf.org/ids.by.wg/2000.html
2. International Telecommunication Union Year 2000 Task Force, http://www.itu.int/y2k/
3. "Universal year 2000 problem", a paper by the secretariat presented at the ESCAP/SIAP Y2K Workshop (STAT/SIAP/Y2K/6), http://www.unescap.org/stat/gc/y2k_06.asp
4. Joint Year 2000 Council, c/o Bank for International Settlements, http://www.bis.org/ongoing/index.htm. See also at this site "Supervisory guidance on the independent assessment of financial institution year 2000 preparations", http://www.bis.org/ongoing/guidance.pdf and "Testing for year 2000 readiness", http://www.bis.org/ongoing/testing.pdf.

14. The General Assembly adopted on 26 June 1998 resolution 52/233 entitled "Global implications of the year 2000 date conversion problem of computers" (http://www.un.org/ga/documents/gares52/res52233.htm). That resolution requested all Member States to attach a high priority to raising the level of awareness, both by ensuring that the private sector was fully engaged in addressing the year 2000 problem and by tackling the problem in those systems within their own control, and to consider, inter alia, the appointment of a nationwide coordinator for that purpose. It also requested the Economic and Social Council to prepare guidelines to enable Member States to address the diverse aspects of the Y2K problem. Those guidelines, approved in July 1998 as per document E/1998/L.40 (http://www.un.org/members/yr2000/yr2000.htm), advise governments to establish general contingency plans for all systems and activities. In case the year 2000 compliance cannot be achieved by 31 December 1999, some critical systems may have to be temporarily decommissioned and replaced by the back-up processes. The guidelines also call for an awareness campaign targeted towards small businesses and local governments. The General Assembly continues to discuss the global implications of the year 2000 date conversion problem of computers at its fifty-third session, which started in September 1998.

D. Suggested action by the Committee

15. Country papers made available to the eleventh session of the Committee are expected to summarize the progress made in resolving the Y2K problem in the public sector in general, and in national statistical offices in particular. The Committee may wish to urge member governments to give the highest possible priority to examining mission-critical public systems for the presence of the Y2K problem, to assess its impact on daily operations, and to proceed to fix malfunctioning systems. It may stress the need to maintain continued high awareness and persistence of action and monitoring among decision makers, executives and staff in all government departments through 1999. The still-so-prevalent belief of the problem's non-existence must be replaced with systematic and arduous investigation and testing, and the belatedness of other organizations or other countries must not be a consolation for their own inaction.

16. Bearing in mind the financial and human resource constraints of the secretariat to provide tangible assistance in the remediation work itself, and considering the lateness of the hour for general awareness creation, the Committee may wish to discuss what kind of Y2K problem activities the Commission and its secretariat should undertake in 1999 and 2000.

E. Other strategic issues

17. The year 2000 problem resolution continues to be an overriding IT issue for all governments, and it must be addressed even at the cost of postponing and delaying new IT development projects. Therefore, the Committee may wish to restrict its general IT discussion to the Y2K problem. The Committee may, however, take a note of the fact that IT innovations are made at a fascinating speed that shows no signs of slowing down. Major breakthroughs have been made in several areas of interest to governments, including microprocessor technology (for example, ever faster Pentium II processors, success in using copper conductors in microchips), data storage, wireless telecommunications (faster data transfer), networking (breakthroughs of Internet technologies in enterprise solutions) and electronic commerce (secure payment technologies). Governments need to keep monitoring these and other mainstream technology developments, since they open up opportunities for new public (and private) services and facilitate the development of government intranets. They also have policy implications in many areas, including national infrastructure development and trade facilitation.

Footnotes

1. The year 2000 problem refers to the inability of electronic applications (computers and systems with embedded chips) to handle correctly information pertaining to dates at the turn of the century. It is caused by the once-rational decision to code year information with two digits. The term "millennium bug" is misleading as the problem is (mainly) related to the change of the century and arises from a programming standard, and not from errors in writing the program code ("bugs"). Many systems will experience Y2K problems on 1 January 2000, or even before that, when systems roll over to cover time periods reaching beyond that date.

2. The "industry standard" approach may include the following: (a) development of a strategic approach, including assignment of responsibility and accountability; (b) creation of organizational awareness; (c) Y2K inventory of hardware, software, embedded systems; (d) assessment of actions and development of detailed plans; (e) renovation of systems, applications and equipment; (f) validation of the renovation through testing; (g) implementation of tested, compliant systems; and (h) contingency planning. Although contingency planning appears in this list last, it should be done as early as possible, and updated as more information becomes available.

3. Additional information on compliance can be found for instance in the following Web sites: The United States General Services Administration, compliance of telecommunications products and services, http://y2k.fts.gsa.gov/index.html; compliance of building systems products, http://globe.lmi.org/lmi_pbs/y2kproducts/. The Food and Drug Administration site on the impact on biomedical equipment, http://www.fda.gov/cdrh/yr2000/year2000.html. See also the United States Federal Government Gateway for Year 2000 Information Directories, http://www.itpolicy.gsa.gov/mks/yr2000/y2khome.htm, including its international links, http://www.itpolicy.gsa.gov/mks/yr2000/g7yr2000.htm.