 



OFFICE OF INSPECTOR GENERAL

M E M O R A N D U M







DATE:	December 2, 1999

TO:		Chairman

FROM:	Inspector General

SUBJECT:	Status Report on the Commission's Year 2000 
Activities


On November 15, 1999, the Commission issued a final version 
of the "Year 2000 Day One Guidance Plan" (hereafter referred to 
as the "Day One Plan").  The purpose of the Day One Plan is to 
"ensure the continuity and operation of the FCC's core business 
processes during the midnight transition from December 31, 
1999 to January 1, 2000, continuing through the first day of 
business, January 3, 2000."  The plan will ensure continuity by 
providing "activities and guidance for the FCC Y2K ITF  (endnote 
1) and the FCC Y2K Operations Center  (endnote 2) during the 
critical day one operations time period."  The Day One Plan will 
be used to: (1) plan for Day One Transition Support to the FCC 
Y2K Operations Centers; (2) identify roles and responsibilities 
for the Day One Operations task forces; and (3) describe key 
activities to be completed prior to and during the Day One 
transition.

As part of our ongoing assessment of the Commission's Year 
2000 readiness program, we evaluated the final version of the 
Commission's Day One Plan.  To conduct our evaluation, we 
used a guidance document published by the United States 
General Accounting Office (GAO) titled "Y2K Computing 
Challenge: Day One Planning and Operational Guide."  This 
document provides a conceptual framework designed to assist 
agencies in developing a Day One strategy and reducing the risk 
of adverse Year 2000 (Y2K) impact on agency operations.  In 
addition to evaluating the planning document, we examined FCC 
documents produced to support remediation efforts and to report 
the status of Y2K specific readiness activities.  These documents 
included the Year 2000 Business Continuity and Contingency 
Plan (BCCP), FCC Y2K Status Reports [reporting the status of 
mission-critical system readiness], and the FCC Local BCCP 
Status Report [reporting the readiness of Bureau/Office BCCP 
activities].

The Commission's Day One Plan generally meets the 
requirements outlined in the GAO guidance document.  For 
example, the GAO guidance document states that a Day One 
Plan should define roles and responsibilities, document core 
business processes and risks, and develop a realistic plan to 
support the infrastructure will be supported if a Y2K related 
outage occurs.  In our opinion, the Commission's Day One Plan 
adequately addresses these requirements and provides a good 
framework upon which the Commission can build and execute a 
comprehensive Day One Plan.  However, although the Day One 
Plan generally meets GAO requirements, there are some areas 
where we believe improvements can be made in the 
Commission's Plan.

On November 29, 1999, we forwarded a draft copy of this 
memorandum to the Commission's Chief Information Officer 
(CIO) and requested that he review our observations and provide 
comment.  We received comments from the CIO on December 1, 
1999 and have incorporated those comments verbatim into the 
relevant sections of this document.   

The Commission's Day One Plan does not accurately reflect 
the status of Y2K readiness activities and the impact of risk 
mitigation activities.

The Commission's Day One Plan assumes that, in the event that 
unexpected Y2K system failures occur, the Commission will 
immediately implement the FCC Y2K BCCP to ensure that 
Commission business processes continue with at least a 
minimum essential level of business operations.  However, the 
Commission BCCP, entitled "FCC YEAR 2000 BCCP" and 
provided as Attachment G to the Day One Plan, does not 
accurately reflect the current status of BCCP readiness activities 
and is based on a Risk Mitigation and Contingency Planning 
Matrix that has not been updated since June 1999.  Many of the 
dates reported in the BCCP, including such key Y2K procedures 
as the completion of the independent verification and validation 
(IV&V) procedures and the development and testing of Bureau 
and Office BCCPs, do not accurately reflect the status of 
readiness activities.  For example, the BCCP establishes October 
1999 as the milestone date for Bureaus and Offices to have 
completed testing of local BCCPs.  However, as of November 
29, 1999, the Commission has not tested any of the local Bureau 
and Office BCCPs.  Similar inaccuracies occur in milestone 
dates for the completion of local contingency plans and IV&V 
testing.

The BCCP provided to support the Day One Plan has not been 
updated to reflect the impact of the Commission's risk mitigation 
activities since the original version was created in June 1999.  
For example, the BCCP identifies the risk that a Y2K failure 
would prevent the FCC's National Call Center (NCC) from being 
able to respond to the public.  This potential outage was 
originally assigned a high probability of occurrence.  Subsequent 
events, such as the successful completion of IV&V testing, have 
reduced this risk.  However, the probability of occurrence 
reported in the BCCP remains high.

Failure to update the milestone dates and risks could 
detrimentally effect users of the Day One Plan.  The milestone 
dates provide an unrealistic view of status of the FCC's Y2K 
program.  The listed dates can mislead a reader to believe that the 
FCC has nearly completed Y2K preparations when, actually, the 
Commission is months behind its own original deadlines.  
Potential users of the Commission's Day One Plan include the 
Office of Management and Budget (OMB), who have received a 
copy of the plan.

CIO Comments: The IG Status Report notes that the FCC's 
agency level BCCP, as attached to our Day 1 Plan submission 
provided to OMB, is out of date.  We agree and note that that the 
agency level plan was produced to meet government-wide 
requirements in June, 1999.  We did not feel that updating the 
agency level plan was worth while because it had been subsumed 
by the more detailed Bureau/Office plans. The Bureau/Office 
plans are central to the FCC's efforts to prepare for and respond 
to any Y2K problems with mission critical systems and our 
business processes. 

It also should be noted that the OMB requirement to submit Day 
1 Plans, which was dated September 27 (and was received late), 
required submissions by October 15.  Our approach had involved 
incorporating Day 1 requirements within the Bureau/Office 
plans. The sudden OMB requirement forced the FCC to invest 
days of effort to create an additional document, thereby 
hindering the planning effort itself.

The Commission's Day One Plan does not adequately 
address Day One rehearsal and reporting activities.

The GAO guidance document recognizes that the Day One Plan 
"describes a wide range of complex, interrelated activities and 
geographically distributed processes that must be executed 
within a very short time frame."  To ensure that the strategy is 
executable, GAO recommends that "the Day One plans and their 
key processes and timetables should be reviewed, and, if 
feasible, rehearsed."  The Commission Day One Plan does 
establish rehearsal activities as "key activities" in the body of the 
Day One Plan and reports that testing will "verify resource 
availability and personnel readiness.  However, although the 
body of the plan addresses rehearsal and plan modification 
activities, the plan timeline, included as Attachment A of the Day 
One Plan, does not address the rehearsal process.  In addition, the 
responsibility for rehearsal planning and execution is not clearly 
stated in the section of the plan addressing roles and 
responsibilities.
 
The GAO guidance document recommends developing an 
external communications strategy and process as part of the Day 
One Plan.  The guidance document states that agencies should 
"(d)esignate agency Day One spokesperson, and define the 
process for issuing public announcements and communicating 
with the media."  In addition, the GAO guidance states that 
agencies should "(e)stablish communication links with 
Information Coordination Center."  The Commission Day One 
Plan clearly establishes processes for communicating the status 
of the telecommunications industries with the Information 
Coordination Center.  However, we did not find that portion of 
the external communications strategy for issuing public notices 
and communicating with the media in the plan.

CIO Comments: Necessary rehearsal activities will be carried out 
in early December.  Specific dates were not incorporated into the 
plan because they vary by area and some had not been 
established.  In an email sent by the Managing Director today 
[December 1, 1999], we reminded the Bureau/Office Chiefs that 
all rehearsal activities have to be completed by the dates 
indicated in our Y2K weekly status report.   We are holding the 
Bureau/Office Chiefs directly responsible for all Y2K 
preparedness activities.  In addition, we have met with the staff 
participating in Day 1 activities to review assignments, 
communications and other issues.

Day 1 external reporting requirements will be met by submitting 
information to Commissioner Powell's Industry Task Force 
which will forward the data to the ICC.  In conjunction with the 
Office of Media Relations they also will provide the primary 
point of contact with the media.  When appropriate, public notice 
issuance concerning specific Y2K problems will revert to the 
Bureaus/Offices that are responsible for the associated system.

The OIG will continue to monitor this process and provide 
special reports when appropriate.


cc:	Commissioner Powell
Managing Director
	Chief Information Officer


endnotes:
1 The FCC Y2K Industry Task Force (FCC Y2K ITF ) 
coordinates industry efforts at achieving Y2K 
compliance.

2 The FCC Y2K Internal Task Force (also referred to 
as the Operations Center) is the internal support 
mechanism responsible for monitoring all internal 
FCC buildings, infrastructure and systems.