SPECIAL REPORT

of the

AUDITOR-GENERAL

on the

IMPACT OF THE YEAR 2000 ON COMPUTER SYSTEMS IN NATIONAL DEPARTMENTS AND PROVINCIAL ADMINISTRATIONS

1. PURPOSE AND CONTENT OF THE SPECIAL REPORT

The purpose of this Special Report is to inform Parliament of the impact of the Year 2000 problem, the reasons for it and what the national departments and provincial administrations are doing to ensure the continuation of effective business processes in the year 2000. For purposes of this Special Report, national departments include the organisational components mentioned in Schedule 2 of the Public Service Act, Act No. 103 of 1994.

It is hoped that this Special Report will lead to a better understanding of the Year 2000 problem and will help to ensure that effective steps are taken timeously to address the problem.

2. OVERVIEW

(1) THE YEAR 2000 PROBLEM AND ITS CONSEQUENCES:

1. During the last few decades of the 20th century, most organisations have come to rely on computer systems in performing their business and daily operations. If many of these computer systems are not modified, a considerable number of them will fail to work correctly, or simply fail to work at all in the year 2000. This could, for example, lead to salaries and invoices not being paid, collection of taxes being put at risk, critical defence systems malfunctioning and hospital records being inaccurate. The problem is by no means limited to the older mainframe legacy systems and there are many instances where some of the newer client/server applications will have similar problems. The Year 2000 problem can be found in hardware, operating software and application programs. Furthermore, communication systems and electronically controlled devices that are date dependent may also be affected.
2. Due to, amongst others, technology constraints, many computer systems were designed to store and refer to dates as six digit numbers. The year is referred to by the last two digits only, with a reference to the century seldom being made. With the change from 1999 to 2000, the year element of dates will change from 99 to 00. When processing or calculations, which are date dependent, are performed using the two digit year code, the results will range from misleading to the disastrous. Furthermore, when many of the systems were written in the 1960s, 1970s and even 1980s, nobody really believed that the systems would still be operative in 1999. However, a considerable number of these systems are still in operation.
3. The problem is not limited to South Africa, but is an international problem. The problem is also not only restricted to application systems which were developed in-house, but will also affect proprietary software, systems software, hardware and data conversions.
4. The fact that the year 2000 is also a leap year, is a further problem as some computer systems will incorrectly assume that it is not. These systems will therefore not be able to identify 29 February 2000 as a valid date.

3. AUDIT APPROACH

(1) BACKGROUND: Audits of computer systems take place in a computerised information system environment where, in the first instance, it is the responsibility of the accounting officers concerned to institute and maintain adequate accounting and control systems.

(2) MODUS OPERANDI: Apart from information obtained from various sources, the comments of the Director-General of the Department of State Expenditure and the Director-General of the Department of Public Service and Administration (DPSA) were requested on 27 June 1997 and 15 September 1997, respectively. Their comments were received on 23 October 1997 and 13 October 1997, respectively. The key findings in paragraph 4 below were derived from an evaluation of the information provided by the aforementioned accounting officers.

4. KEY FINDINGS IN RESPECT OF THE YEAR 2000 PROBLEM

(I) RESPONSIBILITY FOR ACTION:

1. The policy framework for the general guidance of IT practices, is established in Chapter E of the Public Service Staff Code. In terms of the policy, the greatest measure of management autonomy was granted to accounting officers. The responsibility for ensuring that information systems in the public sector can process dates correctly in the year 2000, therefore lies with the individual national departments/provincial administrations, with regard to computer systems (hardware and software) unique to specific national departments/provincial administrations. The responsibility for Year 2000 compliance in respect of mainframes, minicomputers and networks used by the various bureaux lies with the Central Computer Services.
2. During a meeting of the Information Technology Executive Steering Committee (ITEXCOM) held on 29 May 1997, it was decided that the DPSA would be responsible for the co-ordination of the Year 2000 action for the Public Service.
3. Subsequent to a Cabinet decision of 30 April 1997, the Director-General of the Department of State Expenditure requested the Minister of Finance on 29 July 1997 to establish a Committee of Ministers chaired by the Deputy President to address the Year 2000 problem. The proposed functions of the Committee ate as follows:
   1. Monitor programs and inform Cabinet on the progress and problems identified.
   2. Monitor problem-solving.
   3. Liaise with ministries to ensure that problems are addressed and ownership is accepted.
   4. Make recommendations on resources required.
   5. Utilise the media to indicate the South African Government's commitment in addressing the Year 2000 problem and thus encourage the private sector to do the same.
   6. Appoint a technical support team to facilitate the process and ascertain that Year 2000 compliance is achieved.

(2) PROGRAM OF ACTION:

1. On 10 April 1997 the Office of the State Tender Board approved a panel of tenderers who may assist participating departments and provincial administrations to become Year 2000 compliant. Furthermore, the Board decided that all national departments/provincial administrations be granted authority to make use of the panel once they request the Office of the State Tender Board in writing to do so. All participants would contact the DPSA, as initiating department for the State as a whole, to aid them in satisfying their specific requirements.
2. All the accounting officers of national departments/provincial administrations were notified on 16 May 1997 of the existence of the contract for possible utilisation. Not all accounting officers have utilised the contract. Nine national departments/ provincial administrations did not respond to the request to indicate whether they intend to participate in the contract, while six departments indicated that they will not participate.

(3) PROGRESS:

1. On 3 June 1997 the DPSA issued letters to all heads of national departments/provincial administrations, requesting progress reports regarding their position in respect of the Year 2000 problem.
2. Responses were received from 30 of the 46 national departments/provincial administrations (see figure 1 below).

FIGURE 1

RESPONSES TO DPSA LETTER DATED 3 JUNE 1997

3. Of the 30 national departments/provincial administrations who responded, only the Department of Welfare indicated that they have not yet started with the assessment process. Nineteen departments were in the assessment process, while eight departments indicated that they have completed it. Figure. 2 illustrates the overall progress in respect of the Year 2000 problem, based on information gathered from national departments/provincial administrations by the DPSA during the period June 1997 to September 1997.

FIGURE 2

OVERALL PROGRESS OF NATIONAL DEPARTMENTS/PROVINCIAL ADMINISTRATIONS IN RESPECT OF THE YEAR 2000

4. Six of the eight national departments/provincial administrations that have completed the assessment phase, are in the process of correcting their systems.
5. The Department of Labour and the Office of the Deputy President indicated that their systems are Year 2000 compliant.

(4) TRANSVERSAL SYSTEMS:

With regard to the transversal financial systems, a leper, to which certificates from consulting firms were attached, was received on 7 May 1996 from the Director-General of the Department of State Expenditure, in which he confirmed that these systems were geared to handle the impact of the Year 2000. However, on 23 October 1997, the Director-General indicated that the Department was in the process.of undertaking a detailed inventory of all hardware and software on all computer platforms as well as an impact analysis, to determine the implications of the century date change on IT in the Department. Once the aforementioned phase was completed at the end of November 1997, the corrective phase, which is expected to be completed by December 1998, would have commenced. As far as the transversal financial systems are concerned, the anticipated dates of Year 2000 compliance certification are as follows:

(5) COST:

1. The Standing Committee on Public Accounts recommended that the Departments of Finance and of State Expenditure ensure that the cost implications with respect to each department are determined before the 1998-99 budget is finalised and also ensure that provincial and local government administrations, as well as parastatal institutions, are fully apprised of the implications of non-compliance with the Year 2000 requirements. Furthermore, these entities and institutions should make appropriate financial provision in the upcoming budget cycle for the anticipated adjustments, which will be necessary for existing computer systems.
2. The estimated cost per national department/provincial administration has not been requested by the DPSA and is therefore unknown.
3. At the time of compiling this Special Report, the estimated costs involved in the Year 2000 project of the following depots were known:
   1. The South African Police Service employed a consulting firm to perform an impact study to determine whether the IT utilised by the Department is Year 2000 compatible. Various problems were defined and the cost to address these problem areas is estimated at R288 million.
   2. The National Defence Force indicated that the cost to address the Year 2000 problem is estimated at R211 million.
   3. The Department of State Expenditure indicated that they were undertaking a detailed inventory of all hardware and software as well as an impact analysis to determine the impact of the Year 2000 problem. An ongoing awareness campaign has also been implemented. The cost associated with this phase is R800 000. The Central Computer Services has also acquired additional mainframe capacity to facilitate testing of mainframe applications at a cost of approximately R5 million. The estimated cost involved in the modification of the application programs for the transversal financial systems, namely PERSAL, BAS, FMS and PAS, is R20,3 million.

5. CONCLUSION

The Year 2000 poses a serious threat to the capability of information systems to function correctly and thus the ability of management to ensure the uninterrupted continuation of business. Every organisation, in the public and private sector, must ensure that their computer systems are fully Year 2000 compliant well before 31 December 1999. The decision whether a computer system is Year 2000 compliant, should only be taken after a full system test, where practically possible, has been successfully performed. This must include the hardware, system software, application software, networks, etc.

6. APPRECIATION

I would like to express my appreciation to the members of my staff for their dedicated work in completing this Special Report and would also like to record my thanks for the support and co-operation of the officials of the institutions concerned.

(BM 01A/8/3)

Pretoria 6 March 1998

H. E KLUEVER
Auditor-General