THE YEAR 2000 PROBLEM FOR SMEs
By Patrick O'Beirne

of Systems Modelling Ltd

"What are Year 2000 problems ?"

Anybody who needs to process data for any year from 2000 on needs to be aware of this NOW. The key to understanding is to call them the "Two-digit-year problems". Many computer applications only allow two digits for the year in a date entry or storage. How will a user tell the computer that they mean the year 2000? If they enter '00', the software may reject the zeroes as an invalid entry. An accounting or order processing package may try to add 1 to 99 and crash with a data error trying to force the result of 100 into two digits. Worse, it may accept the data, giving the user a false sense of security, but interpret '00' as 1900, in the same way as it interpreted '97' as meaning 1997. Now people born in 1946 are -46 years old. And it's not just the obvious computers. Safety-critical process control equipment may fail because it tracks process data over time and the calculation goes wrong.

Many small-to-medium enterprise owners may be the most exposed to risk. Why? Because:

• The big companies will have programming staff to tackle the problems (if they get their act together in time)
• The small companies and many offices are dependent on mass-market packages, where there is a reasonable chance of an upgrade or an easy switch to an alternative from a year 2000 compliant supplier.
• But many medium companies and specialist small firms have tailored or specially written software. The original developers may not be around, or if they had only sold one or a few copies, the upgrade revenue would not justify "fixing" it.

In effect, many companies have bought (worse, are still buying!) software with an expiry date of 31 Dec 1999.

"Why should I worry?"

The reason senior managers don't believe this is that they are used to computers performing amazing tasks, and being brought down by such an absurdly simple problem scarcely seems credible to them. They need to pay attention: directors can be made personally liable for the neglect of problems that threaten the survival of their businesses. The business chain will only be as strong as its weakest link, and if your key supplier or customer fails, your business is threatened too. VISA are now threatening to fine merchants who cannot accept cards with a 00 expiry date. British Telecom has given its 1800 core suppliers a warning that it will stop doing business with companies who can't guarantee their internal IT systems will be year 2000 compliant. You must also check that your electronic trading partners will be compliant too. Banks are looking for assurances before making or renewing loans. Auditors will note whether you have addressed the issue seriously. Insurance companies have already issued disclaimers of liability because the year 2000 is not an unforeseen event. Shareholders and market analysts will be quick to look for the presence or absence of declarations on year 2000 progress. Health & Safety and Environmental Protection Agencies will withdraw licenses from companies that have incidents related to failures in control systems. (They can't be called "accidents" as they are foreseeable, testable, and therefore preventable). If you have service agreements such as JIT (Just-In-Time) deliveries and fail to meet them, you could be sued for breach of contract and damages.

"How much will it cost to fix?"

A study (a copy of the report is available from Enterprise Ireland) of six small-to-medium enterprises (SMEs) in Ireland with no IT staff showed costs ranging from £4,000 for a package upgrade for the euro to £70,000 for complete replacement of an old system. The average is roughly £500 to £1000 per user.

"Where can we get help?"

If you have IT staff, be sure they have joined the Irish Computer Society (ICS), which has set up a special interest group (SIG) to assist its members in coping with the Year 2000 (Y2K) issue. Further information may be obtained from the Administrator of the ICS, Tel. 01-667 0599, Fax 667 3159, email info@ics.ie. Web page: http://www.ics.ie

If you do not have IT staff, be sure to attend one of the Year 2000 briefings given by the ICS Y2K SIG to Chambers of Commerce and County Enterprise Boards; ask your local organisers to contact the ICS to arrange it. Leading companies can demonstrate social responsibility by providing mentors to meet with groups of SMEs regularly to assist in their planning.

Enterprise Ireland  have a free information pack, telephone 1850 57 2000. They plan to make country-wide presentations. Their web site is http://www.enterprise-ireland.com

The author's web site is http://www.sysmod.com

The definitive site for Year 2000 issues is YEAR2000.COM run  by Peter de Jager. In the UK, see http://www.compinfo.co.uk

An excellent non-technical guide for directors and managers is the book "A business guide to the year 2000" (Craig & Kusmirak) Price in Ireland £9.00 or £9.90 including P&P from Systems Modelling Ltd. (Fax 055-22297). This is recommended by the CSSA and DTI in the UK. There is also a Survival Pack including the book at £38.00+ 21% VAT containing 12 sample letters, technical hints & tips, inventory forms, a diskette with a PC clock tester, a PowerPoint presentation and document files. A Tools & Resources CD at £59.00+ 21% VAT is suitable for IT people.

A 90 minute video by Esperanza productions aimed at small businesses is available at £19.99+VAT; available from Viking Direct freefone 1800 709 004

"What do I do?"

This is not something you can delegate to your software suppliers. Your business survival is at stake. A Year 2000 project has the following phases; how big they are in your business is determined by your dependency on computer applications. The more specialised they are, the more you are at risk. The figures in brackets are, at this stage (early 1999!), the number of weeks you have left to do this.

1. AWARENESS: (1) Put someone responsible in charge. Put a "year 2000 compliance" clause into all purchase contracts from now on, so the problem does not get worse. Raise the issues with your industry associations and software/equipment user groups.
2. INVENTORY: (4) You've got to know what you have - hardware, software, plant and equipment. Examine everything that uses electricity, in case it has an automated controller embedded.
3. ASSESSMENT: (8) You've got to know how badly it's broken before you can decide how to fix it. Look for compliance statements from suppliers. Check in-house systems - this includes end-user developed spreadsheets and databases. Prioritise the systems. Get outside help if you have to. Set a budget and a timetable and track both every week.
4. FIXING AND TESTING: (16) Fix, upgrade, replace, discard as appropriate. Test that new equipment and software work correctly before accepting them. Historically, testing is the weakest area and needs clear demonstration of compliance.
5. IMPLEMENTATION: (8) Users may need training in new packages. Have your fallback procedures in place, including work-arounds of problems you did not have time or money to fix.
6. POST IMPLEMENTATION: (2) Results of implementation monitored and reviewed for necessary corrective action. Fallback and disaster recovery procedures ready for use. The later the whole project is left, the larger this step gets, as more errors remain to be corrected "after the event".)

Final cautions

This is too important to be left to the computer people. Technical people get interested in new, exciting technology. But this is not exciting; it is dull, painstaking work, and the only benefit is that you get to stay in business. As a business owner, director, or manager, you must sustain the commitment and focus on the important issues. Prioritise the business functions and their support systems ruthlessly; otherwise political and "patch" issues will dominate the negotiations.

Beware the business risks of errors within systems, and incompatibilities between systems and with third parties including suppliers, customers and all other organisations with whom data is exchanged. Even the ongoing viability of key suppliers must be established with confidence. Remember, everyone is finding the job to be far bigger and more difficult than they expected.

Now look for new business opportunities, and tackle the euro single currency knowing your company's systems are fundamentally sound and will support you and those who depend on you.

Avoidance and Excuses:

"It's only a matter of changing a couple of digits - it's easy to fix"

This seems so small an issue, but it is central to the whole problem facing the IT industry. It is as if all 1-inch screws in the country had to be changed to 2-cm screws, simultaneously, without loss of continuity of operations. And the penalty for not doing so is that the piece of equipment held together by those screws either stopped working altogether, or developed faults that ranged from the inconvenient, through expensive work-arounds, to life threatening failures. Not only is it the biggest IT project ever, it is also the most embarrassing to admit to for IT managers and the most boring to work on for technical staff. Nobody wants it, so most are in denial, fearing that it threatens their jobs. Computer people are captivated by exciting new technology and turn a blind eye to old problems.

"We have plenty of time to fix it"

If one file is changed, all programs using that file must change, and there could be thousands of files and millions of lines of code to check. It's an all-or-nothing change that must be put in place once, permanently, and on time. The Jan 2000 deadline is one that cannot move. There is not even the usual fallback of being able to use the old system while the new one is being fixed. Once Jan 2000 arrives, the old two-digit-date software just does not work anymore. We cannot say, as of other problems, "If it costs too much, we won't do it." It's like nothing else the IT industry has ever done. In Europe, we think the Euro integration problem is the second biggest IT job we have ever done. The computer industry's record is of not having things done on time: 80% of projects are late according to the University of Sheffield, similar to U.S. findings. So we are tackling the biggest and the second biggest problems ever - at the same time.

"It's only a mainframe problem."

Sorry, it's a data problem - the use of two digits to represent a year. And that applies irrespective of the kind of computer you have. Much business PC software was written by programmers who didn't look ahead to the year 2000. There are computers in factories, laboratory and medical life-support monitoring and control equipment, telephone exchanges, cars ... A computer glitch at the New Zealand Tiwai Point aluminium smelter at midnight on New Year's Eve 1996 has left a repair bill of more than $NZ 1 million. The failure was traced to faulty software, which failed to account for 1996 being a leap year. The Belgian Bourse (Stock Exchange) trading system crashed in Dec 1996 due to the New Year date change and trading was halted for three hours until the problem could be fixed.

Patrick O'Beirne provides consultancy on Year 2000 issues for the desktop and euro conversion of business systems. He may be contacted at Systems Modelling Ltd., Tel. 055-22294 email pobeirne@sysmod.com