Y2K Will the bug bite?

Myth: If your organization

has achieved Y2K compliance, there is no reason to worry.

Reality: Even if your

organization is Y2K compliant, the organizations you interact



with may not be bug-free. Any exchange of data with such a network could
have



serious repercussions.

Myth: Y2K is a problem

of the IT department.

Reality: It can affect

anybody and everybody. As most of the essential utilities like banks,

electricity and airlines depend heavily on IT, even the common man using

these facilities will have to face the music.

Myth: It is a problem

of the West. Indians needn’t panic.

Reality: In a global world, where

supply chains extend beyond international boundaries, breakdown in one

region can and will have an impact on other parts of the world.






...and the debate continues. As the Y2K deadline draws near, there
is a whole range of issues that still remain unclear. Whether due to media

hype or as a fallout of the panic created by the West, even the common

man is worried. Will the power grids collapse and lead to a complete blackout?

Will bank records go haywire? Does it mean people have to withdraw all

their cash? Will confusion in train or flight schedules cause accidents?

How many of these perceptions will actually come true is anybody’s guess.

Experts insist that although the issue is of serious concern, there is

no reason for such panic. "Public perceptions such as these can create

a lot of problems. Nothing of this sort will happen. As of now I can say

that the mission critical sectors are generally safe though there could

be minor glitches here and there," says Dr S. Ramakrishnan, National

Y2K Coordinator, Department of Electronics.

Impact

on utililities

The

Central government seems to be on its toes, working hard to maintain all

essential utilities. The Prime Minister’s IT task force recommended setting

up a corpus of Rs700 crore. The objective of this fund was to facilitate

initiatives in government departments, public sector undertakings and

other government affiliations, to solve this problem. The Y2K Action Force,

which was set up to monitor the compliance status in the country, has

identified eleven sectors targeted as critical –power, railways,

civil aviation, ports, defense, atomic energy, telecommunications, department

of space, banking, finance, insurance and petroleum. It has instructed

all 65 departments in the government to set up independent action forces

to prepare compliance programs with target dates which could be monitored.

It is also undertaking detailed review of these 11 sectors. Says Montek

Singh Ahluwalia, Chairman, Y2K Action Force, "The areas of concern

obviously are those which use computers intensively. In each of these,

the use of computers is sufficiently significant to justify detailed scrutiny.

With these efforts we are quite hopeful that we will not have any significant

problems."

Among the critical sectors, power is of utmost

concern to the Indian industry. It is more prone to the Y2K problem because

of the fact that there are numerous embedded chips in power plants. The

problem manifests itself more so in this case because of the fact that

failure in one major component of generation can lead to cascading failure

of the grid. On the critical power sector, Ahluwalia points out that contingency

plans were being put in place throughout the power sector to avert any

major crisis (See page 106a). Based on information available to date,

the maximum capacity that had a chance of being affected was less than

10% of total capacity. Only 27 of the 315 plants could possibly face Y2K

problems. The rest would not face problems, he adds. In a seminar organized

by CII, R. N. Srivastava, Chairman, CEC confirmed that a region-wise review

program had been put in place, and the Southern region had already been

reviewed and only two plants had been found non-compliant.

The industry feels that in

India, the sectors that seem to be making most progress in tackling the

Y2K issue are telecom and financial services. Ahluwalia points out that

the banking and finance sectors have actually covered the problems arising

from within each sector itself, and is now addressing second and third

order problems arising from linkages to other sectors. According to SR

Mittal, Chief General Manager, IT, RBI, the only parts of the banking

sector that were not 100% compliant were rural banks, and these were 96%

compliant. Within RBI itself, the only aspects that are not fully compliant

are some of the applications that have interfaces with banks. Mittal also

stresses on the importance of contingency planning, and says that the

RBI is trying to put together 40-45 contour points to keep in mind when

doing contingency planning.

Of the 23 stock exchanges in India, 16 were

already compliant, according to OP Gahrotra, Senior Executive Director,

SEBI. One or two exchanges may not be compliant by the end of this year,

but these would only account for about 2% of total transactions, and these

transactions could be taken over by other exchanges. Otherwise,the

only areas where capital markets could face a problem are registrars and

share transfer agents, especially the small ones.

The tourism industry is apprehensive

about disruption in flight schedules and railways, but even these sectors

are on track. "The passenger reservation service, which has large

public interface is the most vulnerable area. But our entire system is

undergoing thorough testing," says V. Kumaran, Additional Member,

Railways Board.

Action time

Although

most of the critical sectors are well under control, this does not leave

any room for complacence. "As a nationwide coordinator, I am saying

that till the 31st Dec, you cannot relax for even a single day. You have

to keep



pushing and checking, have more and more testing. We might have left out
something," says Ramakrishnan. DoE along with various other organizations

such as NIC, NASSCOM and CMC have been actively involved in creating awareness

about the issue through nationwide seminars, conferences and advertisements.

They are keeping a tab on the industry and its compliance activities.

At the same time, they also provide assistance through help desks to assist

both solution providers and end users. A huge amount of government resources

have been allocated for this purpose. DoE’s budget for media campaigning

itself amounts to Rs10.4 crore and an additional Rs6.3 crore has been

allotted for other assistance activities. Besides organizing such campaigns,

there is a strong urgency to create confid
ence among the masses.

According to Ahluwalia, maximum transparency is desirable in order to

build public confidence, and the Action Force has been striving to maintain

transparency by putting up all their sectoral reports on their website.

The private sector

Studies indicate that

most of the large enterprises, which started their Y2K work well in

time, have either completed or are in the last stages

of completion. Even the smaller companies are not totally ignorant about

the urgency of the situation (See DQ Survey on page 123).

In this final,

decisive stage, the role of any CEO is more important than at any other

stage in an organization’s Y2K journey. It is important that an organization

communicates its compliance efforts to the government. I would also urge

CEOs to put pressure and give incentives to their employees by linking

annual bonus to Y2K efforts, feels Rajendra S. Pawar, CII National Committee

on IT.

A number

of vendors such as Microsoft, Infosys, Lotus, IBM, TCS and others are

also providing solutions and services to support corporate efforts in

achieving compliance. A variety of solutions have to be designed to suit

the needs of different customers. And some of them do act tough. Says

Nandan M Nilekani, President, Chief Operating Officer and Managing Director,

Infosys, "There are still a large number of people who believe that

this is hype. Currently, the CIO of a company has to walk in and ask the

CEO to spend lots of money and effort on something that has no return

on investment."

However,

there are many who will leave nothing to chance. Says Ramachandran S,

EDP Chief, TAFE (Tractors and Farm Equipment), "We have taken several

contingency steps, as we cannot take any chances if the system is down.

Therefore, in addition to rectifying the Y2K systems and processes, we

have set up alternate systems in case of a crash. We have also designed

parallel systems if offices can’t function. As a third measure, we have

also put in place a manual system." Looking at the way the industry

is gearing up compliance efforts, there appears to be no reason to worry.

In fact, experts insist that it is still not late to take action. Says

Ramakrishnan, "The notion that it is already too late to do anything

about Y2K is somewhat misplaced. Although many people don’t approve of

our late campaign we are still going ahead." According to him, the

private sector has an advantage because once the management attention

is drawn, they can move very fast.

What if it hits you?

In spite

of this optimism, the fear of the unknown does haunt the minds of many.

What if you place a valuable order and just when you have to complete

your shipment, you discover that the supplier has not processed the order

because he has lost all the records. You may not only lose money, but

it could also hit your entire business.

What if you

visit your faithful bank and find that you cannot withdraw any money.

Even if the bank was completely Y2K ready, it might have interacted with

some financial institution that is not. Bad data from other organizations

and systems could reintroduce problems that have already been fixed. The

list of such ‘what if’ questions is endless.

According

to Nripendra Misra, Additional Secretary, Ministry of Commerce, with the

Electronic Data Interchange (EDI) coming into force from the end of this

year, compliance would be quite a complex issue as it would also depend

greatly on the compliance of parties at the other end of transactions.

One must

remember that the Y2K problem is not just about fixing individual computer

systems. It is also a problem of complex business dependencies. The supply

chain is only as strong as the weakest link. R. Gopalakrishnan, Executive

Director, Tata Sons, points out that it is not just important to be prepared

internally or within a sector, preparation must extend to a company’s

entire network - vendors, customers and dealers.

Due to the pervasiveness,

extent and uniqueness of this problem, there will be a large set of these

unknowns that even go a long way into the next century. The possibility

of these scenarios makes it imperative for organizations to have effective

contingency plans in place. This would involve recognizing critical dependencies

in key processes, assessing the impact of a failure in any given dependency

and listing alternate processes or work

The ultimate attack

Contingency

planning forms an essential part of the Y2K exercise. With only a few

weeks left to go, it is now time for that final assault. One needs to

anticipate the problems that may arise within the organization and outside,

evaluate their effect on critical business processes and formulate a plan

to keep the business running. While the likelihood of a complete collapse

is very low, some areas need more attention than the other. According

to Gartner Group, less than 10% of the compliance problems will last for

more than three days so the potential risk is low. Some items like taxes,

mortgage payments or real estate sales can be deferred due to the date

change and should not be a major concern. One should plan for a moderate

degree of disruption of basic services. The Y2K Action force set up in

the country has instructed all critical sectors to be ready with their

contingency plans (See page 105). "We have emphasized in each

sector that plans put in place should be carefully checked and double

checked and contingency plans should also be worked out," says Ahluwalia.

The first

step in contingency planning is identifying mission critical applications

whose disruption could cause a shutdown, revenue loss, litigation, loss

of customers or health hazards. The internal and external dependencies

have to be further pinned down. After an evaluation of risks, one has

to work out alternative ways to tackle failure. Once that is fixed, a

plan for resumption of normal processes also needs to be outlined. The

rectified systems have to be maintained and rechecked. Gopalakrishnan

says that clean management techniques need to be undertaken so that systems

that have been put in place do not get corrupted between now and 1st January,

2000. Some steps could be like reviewing, purchasing



orders for Y2K compliance, reviewing in-house systems and applications.

From a global perspective

Even after

completing a thorough testing of the system, a final verification through

a third party audit certification is also required. While every company

in the UK has gone through the audit, in India the coverage is as poor

as 15%. Ramakrishnan explains, "We have not been able to do it because

we started late. But we hope to complete this audit by November. By then

you’ll have a much better picture of the scenario."

The western countries had

begun their compliance efforts long ago

in 1996, whereas India woke up to it only in 1998. Some international

observers feel that India appears to be lagging behind in Y2K preparedness.

It is ranked in the third tier by the Gartner Group, which estimates breakdowns

in half of the Indian companies. Ramkrishnan explains, "When you

start late obviously you cannot expect the best rating. If you want to

complete a 36-month job in a period of 12 months, you compromise here

itself. There could be a quality problem. The data you provide for certification

may not be up to the mark."

The US Department,

however, points out that India is not heavily reliant on computers. Problems

are expected to be at the state or regional level, rather than in the

national systems. The general unpreparedness might come as a surprise

to those who know India’s reputation for producing excellent software,

but this strength is also part of India’s weakness. On the contrary, software

professionals from India are much in demand. "Indian software industry

can play a role in change and test tasks. They have a bigger role to play

as consultants and project managers. Due to the complexity of project

management, the Y2K problem will help the Indian software industry develop

a breed of excellent projects managers," says Nilekani of Infosys.

Considering

the fact that the level of computerization in India is not so high, does

it mean that Y2K is more of a hype created by the West? Ahluwalia replies,

"Even while accepting the fact that penetration of IT and computerized

systems is relatively low in India, we cannot take the warnings relating

to the Y2K problem lightly. Breakdown on account of non-compliance of

systems in any part of the economy will have an impact on the rest. Some

of the important sectors of the economy are linked to the outside world

and, therefore, it will be very essential for India, as one of the emerging

economies of the globe, to ensure that its economy does not suffer on

account of the problems such as Y2K."



Plans put in place should be carefully checked
and contingency plans should also be worked out

No doubt

that countries which depend heavily on computers have more to worry. At

the same time, India can’t afford to lag behind if it wants to be globally

competitive. But even with the best of efforts, the enigma of the millennium

bug will continue to daunt the average individual till the effect actually

gets activated. And debate between myths and realities shall continue

till the clock finally strikes midnight of the new millennium.

Shweta

Verma



with bureau inputs.