The top 250 US companies have completed only one-fifth of the work necessary to deal with their Year 2000 problem, while only 25 per cent of 6,000 organisations surveyed worldwide have even started their projects.
This means that the next two phases in coping with the millennium bug must be contingency planning and crisis management, according to Bill Ulrich, president and founder of consultancy, the Tactical Strategy Group.
Speaking at the Fifth ABT Project Leadership Conference in San Francisco this week, he said: "There seems to be the belief that companies have made good progress with the Y2K, but while the top 250 US companies plan to spend $37 billion sorting it out, they?d only spent one-fifth of that by 1 January of this year."
He went on: "This means four-fifths of the work is still ahead of them, but as many as 85 per cent of managers said they?d underestimated the cost. And many small suppliers have not done anything yet and are just coasting along."
He also added that many believed client/server systems, PCs and new applications did not have a problem, which was a myth, while others were foolish enough to claim that their millennium projects would end on 31 December, 1999 and had budgeted accordingly.
But, Ulrich estimated that the Y2K issue would cost organisations $3 trillion over the next 50 years because, while the seriousness of the problem would continue escalating until the new millennium arrived, there would, at the very least, be a clean-up phase afterwards.
A lot of previously unaccounted for problems would start materialising during the first month after the Year 2000 changeover, while others would occur after the 29 February leap year date.
By the second and third quarters, problems with interfacing to supply chain vendors and reliant industries would manifest themselves, while the year end would also be a challenging time as systems tried to deal with yet another date change.
Many users also faced security breaches because the situation would cause a lot of chaos, although few were looking at security as a serious issue. Elsewhere, industry observers predicted that a bunch of chief executives would resign in the wake of the crisis, which would cause additional internal problems due to confusion in the command chain line.
As a result, Ulrich believes a high proportion of firms will find it is too late to do everything and will have to prioritise what needs to be fixed. This means establishing a risk management strategy, which involves writing contingency plans and a crisis management programme.
First, it is necessary to assess what and how serious the risks are and to establish what systems cannot be done without such as payroll. Then, undertake an impact analysis of third party systems such as external data feeds on these and other less mission critical systems.
Users also need to look at their third party suppliers, establish which ones are mission critical, and decide how to work with them, possibly letting others go.
They will have to decide which systems should be shut down, moved sideways (triage), or worked on because there is not time to mess about with any but the most important. But, users should bear in mind that, despite their claims, not all suppliers will achieve Y2K compliance and that corrected systems need to be tested for bugs. There are, on average, four to five bugs for every 1,000 changes to code.
Managers should also rank events from the most catastophic to the least based on financial, customer, legal, safety and regulatory risks and assess how likely or unlikely each is, especially in a large, complex organisation.
As Ulrich points out: "A contingency plan may be to do nothing, but you need to know that. Work with IT and the business or this has little meaning. It might mean a radical shifting of priorities as the Year 2000 approaches rather than dealing with things as they come in. But, it?s a question of survival, which means you might have to go into the Year 2000 losing some customers and partners because you can?t cater to them any more."
As time moves on, users will have to move into the crisis management phase. This includes prioritising requests for bug fixes, dealing with hotlines that may be bombarded with user calls, coping with a slowdown in productivity due to problems with supply chain vendors? systems, and potential lawsuits filed by customers and shareholders.
To prepare for this, Ulrich advised, fix and test only mission critical systems and establish a SWAT team to deal with them. Deploy small teams at the business unit level to fix, defer or ignore problems as quickly as possible and establish a crisis call centre team for internal and external use, possibly via hotlines.
Finally, formulate a recovery strategy for high impact scenarios when failure is probable, instruct each business unit to develop its own failure plans and procedures should a problem escalate, and set guidelines for the priority response and repair of systems.
Are you paying attention?
Private equity firm Permira only acquired Magento from eBay for $200m three years ago
Before robots can take over from humans, we need more humans
It's not easy not being evil