July 1999
Executive Summary
The purpose of this report is to outline the issues and risk areas identified
through our review of Treasury Board Secretariat's (TBS) preparedness for the
Year 2000, and to make recommendations to address them, where appropriate.
TBS had previously engaged DMR Consulting Group Inc. to conduct a Year 2000
Review of selected areas (November 1998). As a result of the review TBS compiled
a number of recommendations and further decided to revisit the state of
readiness, with particular emphasis on the need for contingency planning.
In the process of conducting our review, which followed the methodology
developed by Gartner Group and endorsed by TBS, we have met with all the members
of the Year 2000 Advisory Committee, as well as other resources involved in the
Y2K initiative, and reviewed relevant documentation provided to us.
The review focused on determining whether TBS has taken the actions necessary
to mitigate the risks posed by the Year 2000, by assessing criteria related to:
- Organizational Commitment to Address the Year 2000;
- Organization-Wide Impact Assessment;
- Planning and Monitoring;
- Testing;
- Validation of Compliance;
- Business Resumption and Contingency Planning; and
- Legal Review.
Overall Conclusion
Within TBS, there are no government-wide mission critical applications, but
there are three department-wide critical applications. The review found that
there is no direct service to the public and limited risk with
inter-departmental dependencies. As a result of the review, and taking into
account the nature of the Treasury Board Secretariat's operations, we conclude
that in general appropriate steps have been taken to mitigate the risks posed by
the Year 2000.
To further enhance management's due care in relation to Year 2000, we are
presenting the following key recommendations for consideration:
- Develop an overall Year 2000 project plan that takes into account all the
remaining Year 2000 activities that need to be addressed;
- Institute a freeze on Year 2000 patches from Microsoft, on desktop and
server platforms, and application development to at least mid-January 2000
or until such time as a stable environment is achieved;
- Ensure receipt of effective Year 2000 compliance statements from PWGSC. If
such are not available, TBS would have to validate the testing process at
PWGSC; and
- Ensure that all decision and records related to the Year 2000 initiative
are documented and retained in a Year 2000 document repository.
The attached report (deck format) presents details relative to the review's
scope, objective, approach, findings and recommendations. Other minor issues
that did not warrant inclusion in this report have been communicated and
presented to the Y2K Advisory committee during the course of our review for
their consideration.
|