As Seen in:
Silicon Prairie,
Special to the Tribune,
December 1998

Prepare your business: Computers just the tip of Y2K Iceberg-II

By Donald L. Joseph

By now, most business and professional people know about the Year 2000 bug. When discussing the Y2K issue, these same people usually start talking about the computers and software in their businesses, offices or even their homes.

Computers and software are, of course, at the heart of the problem, and we need to make sure our own systems are Y2K compliant. But the greater threat lies in the computers and software of others on whom we depend and in the embedded logic chips in all kinds of "smart" equipment.

The president or owner of a small or mid-sized business must take the Year 2000 threat very seriously and understand the millennium bug will impact every company, even if all internal computer systems have been checked and remediated.

Consider that the Small Business Administration has predicted that 8 percent of small and mid-sized companies will fail as a direct result of Y2K-related problems. Similarly, experts agree that millennium problems will spawn over $1 trillion In litigation.

Our society has become so dependent on computers and other devices with embedded chips that there simply is not enough time and resources to locate, test and correct all of the possible problems. No "silver bullet" solution is possible. And this one deadline that cannot be changed.

Your corporate and personal vulnerability extends far beyond your own hardware and software and it is only partly an internal problem. Even large businesses, which have the in-house resources to fix their own Year 2000 problems, are beginning to see that one of the greatest risks they face lies in the supply chain upon which they depend.

Even if you think your own company is ready, how badly will you be hurt if one or more of your key vendors or customers goes down (or even under)? Do you know if they are prepared for the problem? If they are fixing their problems, will their fix be finished on time and be compatible with your systems? What will you do if they are not?

In short, you are as safe as the weakest link in your supply chain.

Don't expect business interruption insurance to come to your rescue. The insurance commissioners in 48 of the 50 states, including Illinois, have deemed Y2K a "foreseeable event" paving the way for insurers to exclude Y2K-related damages from coverage.

Most companies have started to receive inquiries from customers asking about their Y2K-compliance programs. These inquiries cannot be treated lightly. Many large companies have announced they will drop vendors that do not have an effective program. Their vendors, in turn, will be seeking the same assurance. Even vendors that are not dropped may see customers investigating alternative sources of supply.

Companies without effective programs will suddenly have new competition.

Companies that have effective programs will have the opportunity to be that competition.

Not only will it be difficult to "fake" an effective program if you don't have one, it will be very dangerous. Although the Good Samaritan law will protect businesses that make good faith statements about their Y2K compliance, false statements could have tragic consequences if litigation results.

A company's best defense in the face of a Y2K lawsuit is to have a rational plan, meet the deadlines it sets and take an active role lit the process, said Vito Peraino, a partner with Hancock, Rothert & Bunshoft in Los Angeles.

"Management will be scrutinized in court only if it took no action all," Peraino said. Company executives should build a paper trail that demonstrates what the company is doing to reach Y2K compliance, including presentations to the board of directors and the creation of a committee to develop a written plan.

It Is not too late to start an effective Y2K risk-management program. The first step is to make all of your key managers aware of Y2K's importance and the internal and external threats that exist.

The next step is an inventory of these potential threats: hardware, software, machinery, office systems, vendors, customers and other business partners. After risk analysis comes the key executive decision - determining which represent the greatest threats to the company and will, therefore, receive the highest priority. Remediation, testing and implementation are the key steps that follow.

Last is contingency planning. Even tested systems could fail, and some promised solutions will be late.

The Federal Aviation Administration recently installed new software in flight control centers, mainly because the old software is not Y2K-compliant. The new software appeared to function smoothly in other cities, but air traffic controllers at Chicago's O'Hare Airport began reporting that some planes were not appearing on their screens. The FAA has reverted to its old software while it resolves the problem.

What if the FAA had not installed the new software until late 1999? Could they risk reverting to the old software so close to 2000? Could they fix, retest, and re-install the new package in time?

Lateness and bugs are not just a government phenomenon. Cap Gemini, a major financial services industry has been tracking the Y2K progress of 127 public and private companies. In mid-November, they announced that 90 percent of the companies being tracked had missed Y2K-related deadlines. The number was only 78 percent in April. Furthermore, 44 percent already have experienced Y2K-related disruptions of some sort .

Now is the time to plan what steps will be taken if key system fail. The solutions might be simple, but they will be numerous and will require assignment of responsibility. Some will require implementation well before the millennium. To wait until the company is in "crisis mode" to deal with the issues will make for an overwhelming task.

Donald Joseph is a certified management consultant (CMC) and president of Northbrook Consulting Group, Inc.creators of Y2Kontrol--strategy for millennium business survival. He can be reached at 847-498-7323.

Visit the Y2Kontrol Website at http://www.y3kontrol.com