Q6: In the event that you are unable to make all of your systems Y2K compliant, what kind of "triage" plans have been developed? What percentage of your overall inventory - in terms of numbers of systems, and lines of code - have been designated as "mission-critical" and what percentage as "non-critical"? What percentage of your mission-critical systems have you begun testing as of today's date?
ESB: "Our systems have been ranked in terms of criticality before being fixed, so we know what we have to fix, and our estimates say that we can fix what we have to fix in the time available.
"We haven't quantified it in percentage terms. A new strategy is being implemented for our core financial systems, for example, but it's not specifically for Y2K; our outgoing system was inflexible and needed replacing, but the replacement is also delivering compliance. That's one major tranche of systems on our IBM platform.
"Customer billing would be our key mission-critical system, and is probably the biggest application that we must have right; we've enhanced and developed it over the years. The remedial work is just coming to an end on that, but we're heading into a massive testing programme that will take us through to the end of this year.
"We have a central IT function in-house which looks after the applications, and has to decide upfront what it wants to fix, replace or modify. Some systems are being replaced by new ones, some are not being fixed because they're no longer valid, and remainder are what constitute the IT remedial programme.
"How we're doing the job has been externally QA'ed, we're a good way through our IT programme, a lot of the systems have been fixed and we're heading into testing, so we don't see it as an issue that we don't get them done. We have all of next year if we had a problem; our fixing work will be finished at the end of this year, and we will devote Quarter 1 of next year to full enterprise testing."
CMOD: "Again, every department will be different - we're talking about departments with 20 people up to departments with 7,000.
"There is no overall figure for numbers of mission-critical systems, because everybody defines a system as a different thing - a program, or a number of programs built in modules.
"The timetable for all mission-critical systems is well before Y2K problems could materialise, so it is not necessary to develop triage plans. The vast majority of departments have put in place some contingency - viewing it as an opportunity to modernise their systems, and continuously monitoring to make sure that the core functional elements of the old system remains Y2K compliant, so that in the event of one not working they have the other there as a backup."
TE: "We've taken the triage approach right from the beginning, splitting the inventory in all four domains into four component areas:
* systems or components that were compliant or claimed compliance - the action required was to verify compliance;
* non-critical systems which were non-compliant, i.e. non-critical in business impact or in how feasible it would be to work around them * non-compliant systems which are critical, with high date functionality and business impact (and those are the ones we focused on first)
* systems or components which are not compliant and which we choose not to make compliant.
"On contingency, the approach that we've taken is that the critical systems have been identified as the ones to be made compliant by October 31st, 1998. The period from that to the year 2000 is devoted to interoperability or network-based testing of all of the individual components. Our contingency plan is based on that date and what if any are the areas of potential exposure.
"It would probably be a fairly accurate ballpark that the break of critical and non-critical systems would be 50-50. Of the mission-critical system, all is either renovated and back in service, or in the process of testing."
Q7: To whom does the Y2K project team report? Is the Y2K project centralised or decentralised? Does it report to an IT manager below the CIO or equivalent?
ESB: "ESB has five business units in the company, and one of those units is headed by a director, Richard Hayden, managing director of the Business Services business unit, and he reports directly to chief executive. He has been given responsibility for the total Y2K programme on behalf of the board and chief executive.
"Eight projects in our programme cover the different areas in the business: power generation, national grid, customer services, ESB international, corporate centre and business services - they're business unit based - and two centralised projects: IT and telecoms, which are common across all areas.
"ESB has a substantial telecom network and infrastructure. We have always had our own independent telecom network to allow the power stations to communicate to the national control centre. We have a microwave network and we use the high-voltage lines to carry telecom traffic as well."
CMOD: "In each department, reports are made typically to the management advisory committee. In most departments that is assistant secretary and secretary general level.
"The Y2K project is decentralised, except for this (interdepartmental) committee, which tries to get an overall picture on government presented to government.
"Most departments have determined a Y2K project manager, and in most cases that is also the IT manager, except for big departments, who have decided to use somebody outside the IT arena - for obvious reasons: an IT person monitoring themselves isn't a good idea."
TE: "There are a number of levels of reporting, as you would expect for a complicated business with a complicated Y2K process. The activity is entirely centralised; I am the programme director for Y2K across all areas of Telecom Eireann's activity, and the activities of all of its subsidiaries.
"In terms of reporting, the overall Y2K sponsor is the IT director, or CIO, to whom I report directly. In addition to that there is direct reporting to the management board and the main board."
Q8: How often are formal presentations of Y2K status, progress, and risks presented to the most senior level - equivalent to a company's Board of Directors? What is that level? When was the first time such a report was presented?
ESB: "Part of the project management structure is a formal reporting to Richard Hayden on a monthly basis; he reports on a quarterly basis to the board and chief executive. The first formal report was December last year."
CMOD: "I think the formal presentations of reports to the most senior level has been ad hoc up to now, and it's going to be formalised. Departments report to their management - to the department's MACom or management advisory committee, or secretary general, deputy secretary and assistant secretary if they exist.
"Reporting differs in every department - from now on it's likely that departments will be reporting once every month or two months to their management, and to the minister, I think."
TE: "The first management board presentation: ballpark - May 1997, with reporting at every management board thereafter, at roughly monthly intervals. The first main board presentation was September 1997, and it is now an agenda item for all meetings of the main Telecom Eireann board, roughly every two months."
Q9: How many outside "trading partners" are you dependent on for Y2K compliance - vendors, partners, subcontractors, customers, etc? What percentage of these trading partners have you contacted with a formal inquiry concerning their Y2K status? What percentage of companies have provided you with an unambiguous response to your Y2K inquiries?
ESB: "The ESB is dependent on thousands of outside trading partners. We've categorised our suppliers in two ways: our suppliers of IT and embedded systems, practically all of whom have been contacted, and for the major items we have solutions in train or planned; and other suppliers of goods and services - the people who supply the paper we print our bills on, or the power stations need supplies of fresh water for the generation process. There's a fairly tedious process under way to rank these in order of criticality and filter out the ones we have a key dependence on.
"In our database there are 25,000 suppliers the ESB use for all sorts of things. A lot are not affected, but some of the key ones we have identified may not be overly concerned about Y2K.
"As part of any new tendering procedures we seek compliance from any company on Y2K compliance; we also have to have alternative suppliers as part of the tendering process."
CMOD: "An impossible question to answer. Every department has contacted whatever vendors they need to contact, and that probably runs to hundreds. We don't keep tabs on numbers, just make sure they're doing it.
"I can't answer the percentage of companies that have answered; a lot of companies are aware of the legal implications and are being a little vague in their answers. Other companies have been quite categoric in stating that yes things are or no things aren't compliant."
TE: "Hundreds, if not thousands. On the network for example, 22 main vendors, but probably hundreds of small vendors; similarly on our customer premises equipment 50 main suppliers, plus at least another 50; IT, similar numbers to network; in areas such as alarms, security etc you're into in excess of 100 vendors. On top of that you have the people who supply us with non-electronic, non-IT components.
"All vendors who supply us with electronic product or systems have been contacted, and there are four distinct vendor programmes, co-ordinated into one central vendor management process. A high percentage has responded - in CPE 83 per cent unambiguously claim compliance, in IT slightly more, in network it's 50 per cent and rising fast."
Q10: What kind of detailed, concrete contingency plans have you made for the possibility of non-compliance, or non-existence (bankruptcy), on the part of your trading partners? What contingency plans have you made for the possibility of not successfully completing the Y2K repairs of your mission-critical systems? What plans have you made for the possibility of not successfully completing the Y2K repairs of your non-critical systems?
ESB: "We haven't identified something as yet that would shut the company down. For most of the critical material we are dependent on, the companies are large and would have Y2K contingency in place.
"We will build stocks - but it's difficult; some areas would buy one critical piece of equipment in five years, as big as a turbine blade, and made by a huge multinational company; on the other hand in our customer service end, wire or fuses would be bought in thousands and thousands - low value and high turnover.
"We had a major exercise a few weeks ago - a simulation of the computer suite being destroyed. All our IT people were told `the system's gone, pack all your equipment offsite and get your systems back'. That's part of our normal business planning anyway - planning to cover major outages. Y2K is just another variant on that. We will review the contingency plans to make sure that if there's anything that could specifically arise in the Y2K context that we haven't covered, it's specifically added in to the Y2K plans."
CMOD: "There's a difference between vendors and trading partners - vendors are simply supplying you with kit or software or maintenance contract, and if there's an uncertainty about something it's replaced. If there's an upgrade path, that's used.
"Trading partners is where external organisations may be providing or delivering services on behalf of government departments. An example of that would be An Post, currently providing payment services for the Department of Social, Community and Family Affairs.
"You'll find that in a case like this they have been dealing with the problem for some time, have set up a team to look at the issue of the interfaces between them, and have agreed between them the type of compliance they'll adopt - a windowing technique, where they both decide that any number between 50 and 100 is going to be treated as in the 20th century and any number under 50 in the 21st, for instance; or changing all their systems to represent four digits.
"We take the view that everything has to be compliant - that's why we set the date of January 1st, 1999. As far as we're concerned, Y2K compliance is one of the most critical projects in government at present - which is why it gets a full airing in cabinet regularly; the Taoiseach himself is very clued in on everything that's going on and is getting full reports regularly.
"His ministers report to him occasionally, and our committee gives him a report every two months. He knows what is going on, and so does the cabinet - they set up the committee so they would know.
"As the systems become compliant we tick them off. I don't count them. I just have lists for each department. There are hundreds and hundreds of them.
"For marginal systems, that aren't mission critical, the whole process can be managed by paper if needs be. In the event that compliance can't be achieved, we'd probably resort to using paper."
TE: "Absolutely none, on all three, for the reason that I think it's premature. We have a number of potential contingency arrangements, which we don't intend to embed into contingency plans until later this year, typically again aiming towards that 31.10 deadline. Within the overall programme, however, contingency plans are forming part of the thinking.
"We intend to ensure the continuity of our business operation, and to guarantee uninterrupted service to our customers, up to, through and beyond the millennium. Within that we have determined that there will be no exceptions."