BEFORE THE

SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS

OF THE

COMMITTEE ON EDUCATION AND

THE WORKFORCE

HOUSE OF REPRESENTATIVES

ONE HUNDRED SIXTH CONGRESS

FIRST SESSION

HEARING HELD IN WASHINGTON, DC, MAY 12, 1999

Printed for the use of the Committee on Education

and the Workforce

OPENING STATEMENT, CHAIRMAN PETE HOEKSTRA, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATION, COMMITTEE ON EDUCATION AND THE WORKFORCE *

STATEMENT OF CONGRESSMAN HAROLD FORD, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATION, COMMITTEE ON EDUCATION AND THE WORKFORCE *

STATEMENT OF MARSHALL S. SMITH, ACTING DEPUTY SECRETARY, DEPARTMENT OF EDUCATION, WASHINGTON, DC *

STATEMENT OF JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION, GENERAL ACCOUNTING OFFICE, WASHINGTON, DC *

STATEMENT OF THERESA S. SHAW, VICE PRESIDENT, INFORMATION TECHNOLOGY APPLICATION DEVELOPMENT PROJECTS, SALLIE MAE, INC., WASHINGTON, DC *

STATEMENT OF PATRICIA W. LATTIMORE, ASSISTANT SECRETARY FOR ADMINISTRATION AND MANAGEMENT AND CHIEF INFORMATION OFFICER, DEPARTMENT OF LABOR, WASHINGTON, DC *

STATEMENT OF PATRICIA A. DALTON, DEPUTY INSPECTOR GENERAL, OFFICE OF INSPECTOR GENERAL, DEPARTMENT OF LABOR, WASHINGTON, DC *

STATEMENT OF JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION, GENERAL ACCOUNTING OFFICE, WASHINGTON, DC *

APPENDIX A - WRITTEN STATEMENT OF CHAIRMAN PETER HOEKSTRA, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATION, COMMITTEE ON EDUCATION AND THE WORKFORCE *

APPENDIX B - WRITTEN STATEMENT OF CONGRESSMAN HAROLD FORD, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATION, COMMITTEE ON EDUCATION AND THE WORKFORCE *

APPENDIX C - WRITTEN STATEMENT SUBMITTED FOR THE RECORD OF RANKING MEMBER TIM ROEMER, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATION, COMMITTEE ON EDUCATION AND THE WORKFORCE *

 

APPENDIX D - WRITTEN STATEMENT OF MARSHALL S. SMITH, ACTING DEPUTY SECRETARY, DEPARTMENT OF EDUCATION, WASHINGTON, DC *

APPENDIX E – WRITTEN STATEMENT OF JOEL C. WILLEMSSEN, DIRECTOR OF CIVIL AGENCIES INFORMATION SYSTEMS, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION, GENERAL ACCOUNTING OFFICE, WASHINGTON, DC *

APPENDIX F - WRITTEN STATEMENT OF THERESA S. SHAW, VICE PRESIDENT, INFORMATION TECHNOLOGY APPLICATION DEVELOPMENT PROJECTS, SALLIE MAE, INC., WASHINGTON, DC *

APPENDIX G - WRITTEN STATEMENT OF PATRICIA W. LATTIMORE, ASSISTANT SECRETARY FOR ADMINISTRATION AND MANAGEMENT AND CHIEF INFORMATION OFFICER, DEPARTMENT OF LABOR, WASHINGTON, DC *

APPENDIX H - WRITTEN STATEMENT OF PATRICIA A. DALTON, DEPUTY INSPECTOR GENERAL, OFFICE OF INSPECTOR GENERAL, DEPARTMENT OF LABOR, WASHINGTON, DC *

APPENDIX I - WRITTEN STATEMENT OF JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION, GENERAL ACCOUNTING OFFICE, WASHINGTON, DC *

Table of Indexes *

House of Representatives

Subcommittee on Oversight and Investigations

Committee on Education and the Workforce

Washington, DC

The Subcommittee met, pursuant to notice, at 2:00 p.m., in Room 2175, Rayburn House Office Building, Hon. Pete Hoekstra , Chairman of the Subcommittee, presiding.

Present: Representatives Hoekstra, Kind, and Ford.

Staff present: Jason Ayeroff, Staff Assistant; Robert Borden, Professional Staff Member; Becky Campoverde, Professional Staff Member; Lauren Fuller, Professional Staff Member; Victor Klatt, Education Policy Coordinator; Patrick Lyden, Legislative Assistant; Ashley Rehr, Professional Staff Member; Michael Reynard, Media Assistant; Mark Rodgers, Workforce Policy Coordinator; Sally Stroup, Professional Staff Member; Peter Warren, Professional Staff Member; Cedric Hendrick, Minority Deputy General Counsel; Cheryl Johnson, Minority Education Counsel; Kevin Ritz, Minority Legislative Assistant to Harold Ford, and Ly Nuyguen, Minority Legislative Assistant to Robert Scott.

Chairman Hoekstra. A quorum being present, and without objection, the Subcommittee will make congressional history, and we will start two minutes early. Without objection? All right.

The Subcommittee will come to order. The Subcommittee is meeting today to hear testimony on the management of the Year 2000 Computer Problem by the Departments of Education and Labor. Under rule 12(b) of the Committee rules, any oral opening statements at Hearings are limited to the Chairman and the Ranking Minority Member. This will allow us to hear from our witnesses sooner, and help Members keep on their schedules. Therefore, if other Members have statements, they can be included in the Hearing record. Without objection, all Members' statements will be inserted in the Hearing record.

Let me move to my opening statement. Let me also welcome the witnesses back. Thank you all for coming here today.

The Year 2000 is just around the corner, less than eight months. Ready or not, we will enter the Third Millennium. The question is, ``Will the Government be ready?''

When we held a Hearing on this issue last September, the Department of Education and the Department of Labor, it appeared, were far from ready. The Education Department had just received an ``F'' on Representative Steve Horn's quarterly report card on Y2K compliance. At the same time, only four of Education's 14 mission-critical systems were Year 2000 compliant. On the same report card, the Labor Department received a ``D'' since only 24 of its 61 critical computer systems had been repaired.

I, and I think the rest of the Subcommittee, was very concerned at the time about the lackluster progress the agencies had made on Y2K. The Year 2000 problem, for all the technological complexity it entails, is essentially a management problem. And a lack of aggressive attention from high-ranking officials was putting many Federal agencies behind the eight ball. Private sector firms were committing time and resources to Y2K, and Government officials, at least at that point in time, it appeared were sitting back, and waiting until it was time to go into a crisis management mode.

It would be nice to think the oversight of this Subcommittee and others in Congress has actually helped change this attitude. What we do know is that, since our Hearing back in September, Education and Labor report great strides forward in making their computer systems Year 2000 compliant. Both agencies have now reported to the Office of Management and Budget that all of their mission-critical systems are repaired or replaced. I hope that those reports are accurate. If so, much has been accomplished in a very short window of time, congratulations. But, I think we will get confirmation on that.

Nevertheless, much essential work still needs to be done in the remaining months. In other words, while the finish line is in sight, we have a ways to go before we cross it.

During the spring and summer, the Education Department will be conducting data exchange tests with its partners, which include over 7,000 schools, 6,500 lenders, 36 loan guaranty agencies, and several Federal agencies. Even if the Department's individual systems are indeed compliant, we do not know yet whether they can work together in sequence to perform business functions such as issuing a Pell Grant check or updating a student loan account.

It is important to remember what is at stake here. The Department's computer systems track more loans than any bank in America, more than $150 billion in outstanding loans owned by about 93 million students. This included both private lenders and the direct loans from the Government.

The stakes are no less for the Department of Labor. Its computers transmit billions of dollars in unemployment insurance benefits. These benefits are calculated and transmitted via computer links between Labor and 53 independent state unemployment insurance systems. Any weak link in this chain could be disastrous.

Also, 23 critical computer systems at the Bureau of Labor Statistics enable the Government to calculate the Consumer Price Index and other crucial economic indicators. Disruption of these BLS computers could have long-term and far-reaching consequences on the national economy.

The Labor Department still has to ensure that its systems can communicate with others, as well as outside systems, such as the State unemployment insurance systems.

Finally, it is imperative that both Education and Labor be prepared for an unexpected crisis. There is a certain unknown element in the Y2K problem that makes it necessary for Education and Labor and other Federal agencies to develop contingency plans that will enable them to keep the trains running one way or another, even if a critical computer decides to fail at the last moment.

Those fears aside, I am pleased with the progress these agencies have made since September. I only hope that this momentum holds up and carries us into the Year 2000 without any disruption of the critical services on which citizens depend.

WRITTEN STATEMENT OF CHAIRMAN PETER HOEKSTRA, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS, COMMITTEE ON EDUCATION AND THE WORKFORCE – SEE APPENDIX A

Chairman Hoekstra. Mr. Ford?

Mr. Ford. Thank you, Mr. Chairman, and thank all of the panelists. I am sitting in for our Ranking Member Tim Roemer, who obviously is not here, and I look forward to Hearing from all of the panelists today.

As the Chairman has stated, these issues are incredibly important, not only to those of us present but certainly will affect millions and millions of Americans. As one who has a loan with the Department of Education, I am confident that the agency will continue to make the great progress that it has made and I note the progress that DOL has made.

Over the past three years, numerous Hearings have been held by this Committee, as well as others, to assess the level of Y2K compliance in both the public and private sectors. Throughout that process, special attention has been given to the state of the mission-critical computer systems of our executive branch agencies.

Last year, Congress included over $3 billion in the Omnibus Appropriation Bill for contingent emergency funding to address needs associated with Y2K conversion activities. During the course of the current fiscal year, OMB has allocated these funds to departments and agencies in response to specific requests.

Earlier this spring OMB, as the Chairman reported, reported that 92 percent of the mission-critical systems within the 24 major Federal departments and agencies were compliant. Both DOE and DOL were among the 13 departments and agencies said to be 100 percent compliant. We will, no doubt, hear testimony today indicating that both of these departments have more work to do, despite the clear and commendable progress that has been made. I am confident, however, that whatever remains to be done will be done to achieve the necessary level of systems readiness.

While the efforts to achieve Y2K compliance continues Government-wide, it should be noted that the administration is also focusing on the private sector, and State and local governments, which partner with the Federal Government, and operate programs that deliver student aid, educational technology, unemployment compensation, and workforce training. All of these important services can be adversely affected if these partners fail to achieve Y2K compliance, as well. Chairman Hoekstra, I am confident that these efforts on the part of the administration, coupled with our continued congressional oversight, taken together, ensure that our Nation will successfully address the Y2K computer challenge.

With that, I look forward to Hearing from our panelists this afternoon.

WRITTEN STATEMENT OF CONGRESSMAN HAROLD FORD, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS, COMMITTEE ON EDUCATION AND THE WORKFORCE – SEE APPENDIX B

WRITTEN STATEMENT SUBMITTED FOR THE RECORD OF RANKING MEMBER TIM ROEMER, SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS, COMMITTEE ON EDUCATION AND THE WORKFORCE

SEE APPENDIX C

Chairman Hoekstra. Thank you, Mr. Ford.

You have heard the bells. Rather than begin with the introduction of the witnesses, and have one of you testify I think we have two votes. So, we have about 12 minutes left in one and we have a five-minute vote, so on congressional time, we will probably be back here at about 2:25-2:30. So, relax, and we will see you in about 20-25 minutes. That's what happens when you get started early. All right, thank you.

[Recess.]

Chairman Hoekstra. Let me just slowly introduce the panel. We will give Mr. Ford a little bit of extra time to get back. When you are that young, it is still kind of a long walk from the Capitol, and you can't keep up with some of us older guys.

Let me introduce the panel. Our first witness today is Mr. Mike Smith, who is the Acting Deputy Secretary, Department of Education. Welcome back. It is good to see you.

Our second witness is Mr. Joel Willemssen, who is the Director of Civil Agencies Information Systems Issues with GAO. Good to see you again. I understand you are going to be testifying twice today; is that right? Or, have you consolidated your statements, and do you want to go at it two times?

Mr. Willemssen. Your choice.

Chairman Hoekstra. All right. We have Ms. Terri Shaw, who is the Vice President, Information Technology, Application Development for Sallie Mae. Nice to have you here.

Then we have Ms. Patricia Lattimore, who is the Assistant Secretary for Administration and Management, U.S. Department of Labor. Good to see you. Then we have Ms. Patricia Dalton, who is the Assistant Inspector General, Office of Inspector General, U.S. Department of Labor. Nice to have you here.

Let me just remind you that we ask you to limit your testimony to the customary five minutes. Your entire statement will be submitted for the record. Those of you who have testified here before know that it is a rather weak gavel, so that if you go a little over that is not a problem. Too long, and I get a little restless. I don't know what to do, but I do get restless.

The vote is done. Then we will begin with the first witness, Mr. Smith.

Mr. Smith. Okay. Thank you, Mr. Chairman. Thank you for this opportunity to update the Subcommittee on the Department of Education's progress toward full Year 2000 compliance.

Last year I testified before this Subcommittee about the Department's detailed schedule for ensuring Year 2000 compliance for its computer-based systems, 14 of which were designated as mission-critical. I also testified that this schedule slipped a little bit in October, but I expressed confidence that the Department would achieve full compliance in the implementation of all of our systems by the March 31 deadline set by OMB.

I am pleased to report to you today that the Department, in fact, did complete its systems conversion effort on March 8, 1999, three weeks ahead of the OMB deadline. Of the 175 systems identified as at risk for Year 2000 failure, 147 are now Year 2000 compliant and fully implemented and 28 have been replaced or retired. The Department has renovated, validated, implemented, and phased into production all 14 of its mission-critical systems, most of which support the post-secondary student aid programs. All of the mission-critical systems were subjected to independent verification and validation, and we are following the recommendations of our IV and V contractors for continued documentation and monitoring procedures and for testing with external customers and partners.

The Department's Year 2000 progress has been recognized by Congressman Steven Horn's Subcommittee, which on February 22 gave the Department a grade of ``A-minus,'' and by the OMB, which has placed the Department in its highest Year 2000 readiness tier.

Chairman Hoekstra. Did you agree with his ``F'' grade last fall?

Mr. Smith. No.

Chairman Hoekstra. We are glad to see that you feel encouraged to use his grading system in your remarks. We have all made progress.

Mr. Smith. I actually mentioned it last time, and said I didn't agree with it. But, now I agree with it. It’s great. Congress learns.

Okay. We are pleased by this recognition, and success in the systems conversion process, which we know, really is to claim total victory. With the renovation of our systems now complete, we are focusing on continued testing, outreach to the education community, and contingency planning.

We believe that our data exchanges are in good shape because from the beginning we have considered these exchanges to be part of the Department's standard system conversion process. We checked the compliance, and renovated them as needed, and the ability of each system to send and receive Y2K compliant data was tested during the validation phase.

Early this year we began live testing of data exchanges with our trading partners, and this testing will continue as additional partners complete renovation of their own systems, and are ready to participate in such testing. For example, the first testing window for the National Student Loan Data System opened on April 12.

Few institutions have yet taken advantage of this initial test window. We hope that this is consistent with surveys suggesting that many of our partners will complete Y2K renovations and be ready for testing this summer. In addition, many post-secondary institutions are, apparently, busy with end-of-term activities, and many may be implementing software and other system upgrades related to the new student aid award year that begins on July 1. Nevertheless, we will closely monitor institutional participation in the testing process. I have asked Greg Woods, the Chief Operating Officer for the Office of Student Financial Assistance Programs, to develop a strategy for encouraging the full cooperation of our student aid partners in our Year 2000 efforts.

We also are continuing to make extensive outreach efforts on Year 2000 compliance activities to our many partners in the education community at the State, local, and institutional levels. For examples, we just completed a second printing of the ``Year 2000 Compliance Guide for Elementary/Secondary Schools and School Districts,'' and the ``Year 2000 Readiness Kit'' for post-secondary institutions. These documents provide an explanation of Y2K risks, sample plans from other schools, information on managing the Y2K compliance of suppliers, sample Y2K procurement and contract language, information on contingency planning, a list of website resources, and additional tools and resources.

In addition, the Department continues to sponsor separate regional workshops on the Y2K issue, including nine workshops for the elementary and secondary community, and 12 workshops for the post-secondary education community. We also are surveying the education community to assess its Y2K readiness, and expect to have results this summer.

In spite of all our progress in achieving Year 2000 compliance for the Department's systems, our comprehensive testing plans, and our ongoing outreach efforts, we recognize that some failures may occur, in fact, probably will occur. For this reason, last summer we began an aggressive contingency planning effort by applying the GAO's business continuity and contingency planning guidelines to our core business processes.

The Department completed initial contingency plans for all core business processes and their related systems, as well as plans for all non-mission critical systems at the end of March. We are continuing to refine these plans, and we will post them on our website later this month.

I believe the Department has responded well to the challenge represented by the Year 2000 problem. We achieved compliance for our systems ahead of the OMB schedule, leaving time for continued testing. We have developed a comprehensive and responsible plan for both internal and external testing of our systems. We have developed contingency plans for all of our systems, and we are continuing to conduct extensive outreach aimed at ensuring that our data exchange partners are as ready as we are when the year 2000 arrives.

I will be happy to take any questions.

WRITTEN STATEMENT OF MARSHALL S. SMITH, ACTING DEPUTY SECRETARY, DEPARTMENT OF EDUCATION, WASHINGTON, DC

SEE APPENDIX D

Chairman Hoekstra. Good. Thank you very much. Mr. Willemssen?

Mr. Willemssen. Thank you, Mr. Chairman. Thank you for inviting GAO to testify today. As requested, I will just very briefly summarize our statement on Education-Y2K.

Since testifying before you last year, Education has made major progress with its Y2K efforts. In addition to reporting that all 14 of its mission-critical systems were compliant as of March 31, our review of three of these systems found that the testing performed was well supported. The Department also laid out its approach for testing the exchange of data with external parties, an issue we brought up last year. Further, the Department has continued its strong outreach efforts to the educational community.

In the business continuity and contingency planning area, Education has also made progress. It has identified eight key business process areas, and addresses failure scenarios, performance levels and mitigation and contingency plans. Despite that progress, Education still has quite a bit of work remaining and several areas it needs to follow up on.

First, the Department needs to resolve open issues that have delayed the certification process for four mission-critical systems. For three of these systems, independent verification and validation contractors had not yet signed off on the systems pending review of applicable documentation. According to Education officials, the other system requires additional funding for further testing.

Secondly, Education needs to continue resolving and tracking open issues for seven other mission-critical systems that have been considered compliant. While these issues are considered low risk, the Department still needs to monitor their resolution so that they do not linger past this summer.

Third, the Department is in the process of implementing a new mission-critical recipient financial management system to replace the Pell Grant recipient financial management system. Education will need to make sure that this new system has been adequately tested for Y2K as each phase is implemented between now and August.

Fourth, the Department needs to follow through on its plans to perform end/end testing of critical business processes involving its internal systems and those of its data exchange partners. The testing in this area may surface Y2K related problems that the individual system testing did not. And therefore, Education will need to make sure it allows itself time to resolve any of those resulting problems.

Finally, Education needs to continue with its excellent efforts in the business continuity and contingency planning area. This will provide the Department with the added assurance that, in the event of system failures, it will have back-up plans in place ready to go.

That concludes the summary of my statement. I would, likewise, be pleased to address any questions you may have.

WRITTEN STATEMENT OF JOEL C. WILLEMSSEN, DIRECTOR OF CIVIL AGENCIES INFORMATION SYSTEMS, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION, GENERAL ACCOUNTING OFFICE, WASHINGTON, DC – SEE APPENDIX E

Chairman Hoekstra. Thank you. Ms. Shaw?

Ms. Shaw. Thank you, Mr. Chairman, Members of the Subcommittee.

My name is Theresa Shaw. I am Vice President of IT Application Development Projects for Sallie Mae. My responsibilities include ensuring that Sallie Mae's operations and systems are Year 2000 ready.

Before I address the current status of the Year 2000 effort at Sallie Mae and the U.S. Department of Education, I want to give special thanks to you, Chairman Hoekstra and all the Members of this Subcommittee for focusing attention on this issue. As a result of the Hearings you held in September 1998, we have seen a significant increase in the level of effort and talent applied to the Year 2000 readiness at the Department, and also by many other participants in the student loan programs.

On behalf of Sallie Mae, I also want to recognize the efforts of the Department led by Mike Smith and Robert Davidson. Last fall, the Senate Subcommittee on Government Management, Information and Technology said it was going to take the Department until the year 2030 plus to be Year 2000 ready. Recently, that same Subcommittee rated the Department's efforts an ``A-minus.'' Clearly, the Department worked very, very hard to address the risk that billions of dollars of student financial aid will not be available next year to the students who need it.

In addition to the Department's significant progress at fixing its own systems, we have also seen the improvements in their willingness and ability to share information with the rest of the Federal family education loan program community, their main partners in delivering 5 million loans to college students each year, and then their outreach efforts to encourage schools to do their part, as well. So, we thank you for convening this follow-up Hearing. It will ensure that the level of effort and talent does not wane in the last months of the millennium.

Far from being finished, there is still much to do. It may be too obvious to mention that the Department's Year 2000 readiness is critically important to Sallie Mae. Like all members in FFELP, the direct impacts are two:

We submit bills to the Department quarterly for reimbursement for subsidized interest and special allowances earned on loans we own for the previous quarter. If those bills are not paid in a timely manner, it could affect our cash flow.

Secondly, we rely on the Department to track the enrollment status of 4 million students industry-wide so we can schedule them for repayment promptly when they graduate. The longer it takes to find out that a student has left school, the more difficult it is to get him into a regular repayment habit.

It is the indirect impact on our business that truly concerns us because we rely on the Department to determine the basic eligibility of students and parents for new FFELP loans. Even minor Federal delays in processing aid information cause enormous ripple effects in the industry, driving up workloads, and in many cases, actually preventing students who had counted on Federal aid from enrolling.

Sallie Mae has a good story to tell in our efforts to ensure our systems will work on January 1, 2000. We began our Year 2000 project in 1996 by preparing a plan encompassing five phases: awareness, assessment, remediation, testing, and implementation. We completed all five of these phases in 1998. In an independent assessment, Arthur Andersen cited Sallie Mae as a leader in the financial services industry for Year 2000 readiness This year, we are completing our work focusing on contingency plans for failures that can disrupt our core business next year, and on the continued testing of external application interfaces.

The Department approached the Year 2000 effort in basically the same way, and at the same time we did. The Department identified 14 mission-critical systems in its assessment, and completed remediation, internal testing, code implementation on all 14 earlier this year. As I said in my opening remarks, from what seemed to be a dangerously slow start, the Department appears to have progressed to a point where they are no longer behind. Without trying to take away from their accomplishment, let me raise three areas that we believe are of continuing concern.

First, we are concerned about the quality of the Department's remediation effort. It is difficult to conceive of a work effort of the magnitude the Department must have mounted to complete its remediation work, not just of the 14 mission-critical systems, but also of another 161 systems that were classified as not mission-critical.

Our second area of concern is testing. With respect to internal systems, the Department's consultant reports show a lack of broad and rigorous Year 2000 testing. Testing with business partners was scheduled to begin in April. This leaves much work for the next seven months. Obviously the better the remediation, the smoother the data exchange testing will go. As this crucial phase progresses, we will see whether our concerns are warranted. But, the scope is daunting, even in ideal circumstances.

Finally, we would like to see more progress in the area of contingency planning, given how close we are to rolling over to the Year 2000. Mr. Chairman, there will be collateral effects, when, not if, systems break down. For instance, the Department is unwilling to discuss on any level of detail, temporary relaxation of Federal regulations that could contain time frames for performance. The Department has not, historically, made decisions quickly. They should not wait to begin thinking through the implication of system failures in the financial aid programs until after they happen.

Let me conclude by repeating what I said at the outset. The Department has made great strides in addressing the Year 2000 issues. It is a work in progress, and every day the Department moves forward. It is too early to say what actual problems will arise, but we have concerns. Moreover, Year 2000 failures will reveal themselves throughout next year. The level of effort must be sustained well into the Year 2000, perhaps beyond.

Thank you again for the opportunity to appear before you. I am happy to answer any questions.

WRITTEN STATEMENT OF THERESA S. SHAW, VICE PRESIDENT, INFORMATION TECHNOLOGY APPLICATION DEVELOPMENT PROJECTS, SALLIE MAE, INC., WASHINGTON, DC – SEE APPENDIX F

Chairman Hoekstra. Thank you. Ms. Lattimore?

Ms. Lattimore. Good afternoon.

As the Assistant Secretary for Administration and Management and the Department of Labor's Chief Information Officer, I have primary responsibility for the information technology arena, including our Year 2000 conversion project.

The Year 2000 readiness remains a top priority for Secretary Herman and has the serious attention of the Department's executives. I am pleased to report that the Department indeed has made significant progress in its Year 2000 readiness since we appeared before you last September.

To the credit of many at the Department, all of our mission-critical systems have been repaired or replaced, and determined to be Year 2000 compliant. We set our sites on achieving this important milestone by the Government-wide deadline of March 31, and we were able to do so.

At the same time, we are acutely aware that much more needs to be done. Our current efforts are targeted on three fronts: completing the process of independent validation and verification for our systems, testing and exercising our systems with our partners, and firming up the Department's business continuity and contingency plans.

Currently 41 of the Department's 61 mission-critical systems have completed the independent validation and verification process, and are rated by us as being at low risk for experiencing a Year 2000 problem. Our plans call for the remaining systems to complete the process by the end of June, so that we will have ample time to respond to any concerns identified. Working with our partners, the majority of which are State agencies, we have ascertained that all of the Department's more than 3,000 exchanges are compliant. Notably, the vast majority of these exchanges involve reporting to the Department, not the delivery of critical services to individuals, such as benefit payments.

Beginning in June, we will be expanding end-to-end testing of our most critical services with our Federal, State, and private sector parts. We are also taking precautions against unexpected failures in our systems, our partners' systems, or the infrastructure that supports them. Through our business continuity and contingency plans, we will be prepared to deliver the Department's services even if an automated system experiences problems.

You asked in September that we focus today on the status of two highly visible Department of Labor programs, the Unemployment Insurance Program, operated through 53 State Employment Security Administrations, and the Bureau of Labor Statistics which produces a number of major economic indicators. Both of these vital programs are making good, solid progress. We also know that more needs to be done before we are fully prepared to cross successfully into the Year 2000.

The good news is that we have gained valuable experience, and we have viable plans for getting the job done. The Department and its 53 State Employment Security Agency partners successfully met their first real test of Year 2000 readiness in January of this year. That is when States' automated benefits systems had to begin processing dates in Year 2000 to determine the eligibility period for new claimants. All of the SESAs passed this test.

We have gained confidence from this success, but are mindful of additional work. Benefit payment computation is only one of three parts of each SESA program. Those programs also include a tax system, and a wage record system. In the coming months, we will continue tracking the progress of SESAs closely, and expect the majority of them to have all of their systems ready by the end of June.

Additional attention and assistance will be focused on any SESA which fails to keep pace with its plans. Beyond finishing the repair and replacement of the systems which make up the UI program, we are working closely with the SESAs to see that their preparations conform to the Year 2000 strategy adopted by the Department. This includes putting their systems through an independent validation verification process, performing appropriate end-to-end testing, and putting in place suitable business continuity, and contingency plans.

We are also taking one additional step to protect unemployed workers by developing a first-of-its-kind national contingency solution for the UI program. UI is developing a system that can be used as a substitute SESA system to make payments that can be used by any State, and the substitute system would be able to aggregate data to be transferred to the home SESA system once it was fully operable.

The Bureau of Labor Statistics has 23 mission-critical systems which support development of the Department's major economic indicator reports. All of these systems have been made ready for the Year 2000. Currently 14 of those systems have gone through an independent verification validation process, and are rated at low risk of experiencing a Year 2000 glitch. The Bureau of Labor Statistics also manages a number of the Department's data exchanges, including exchanges with the SESAs. To minimize the risk of problems with these exchanges, BLS is working closely with its partners to provide the facilities necessary to ensure reliable Year 2000 ready communications, and arrange appropriate end-to-end testing.

Likewise, consistent with the Department's overall strategy, BLS has prepared business continuity, and contingency plans with clear-cut alternatives for producing reliable economic reports, even in the event of a system disruption.

Before concluding, I would like to speak to our work with both our Inspector General and the GAO. Both have been useful partners for us, and provided valuable insight as we have gone through this activity. OIG and GAO have both recently reviewed the UI program, visiting a number of the SESAs on sight. Their observations have made meaningful contributions to our knowledge and our plans. Based on recommendations, we are upgrading our efforts to provide technical assistance to some of those who were formerly viewed as ``at risk.'' We have, and will continue to work closely with the Inspector General and GAO to resolve recent concerns raised about non-compliant software used on a limited basis by four of our BLS systems, and we will continue our IV and V contractor work to ensure that our risk of conversion stays low. It is our intention to work through our concerns with OIG and GAO, and this and any of the other areas as we move forward to the Year 2000.

That concludes my prepared statement. I am prepared to answer any questions.

WRITTEN STATEMENT OF PATRICIA W. LATTIMORE, ASSISTANT SECRETARY FOR ADMINISTRATION AND MANAGEMENT AND CHIEF INFORMATION OFFICER, DEPARTMENT OF LABOR, WASHINGTON, DC

SEE APPENDIX G

Chairman Hoekstra. Thank you. Ms. Dalton?

Ms. Dalton. Good afternoon, Mr. Chairman, Members of the Committee. Thank you for inviting the Office of Inspector General here to discuss the highly important issue of Y2K readiness at the U.S. Department of Labor.

The Department had reported on March 31 that the 61 mission-critical systems of the Department were Y2K compliant. This certainly was a significant accomplishment of the Department. However, while progress has been made, much still needs to be done in the remaining months.

Today I would like to discuss with you our concerns in five areas: business continuity and contingency plans, compliance testing, independent verification and validation, the State Employment Security Agencies, and interfaces and data exchanges.

As I discuss each of these issues, it is important to note that as we have identified problems within the Department, Departmental management has been very responsive in taking responsive and reasonable action to correct the problems.

Our first area of concern is with the agency business continuity and contingency plans. These plans detail the short and long term plan procedures that will be used to ensure the continuity of the agency's four business functions. This past March, we pointed out to the Department that its original business continuity and contingency plans were inadequate in a number of ways. These concluded that the plans were incomplete, they were not scheduled for testing, they relied too heavily on disaster recovery plans, and they did not always provide alternative solutions for identified problems. Since we provided our assessment to the Department, it has reevaluated its plans, and asked each of our program agency heads to redevelop plans around their core business operations. Because of their importance, the OIG plans to reexamine the revised plan when they are submitted later this month.

Our second area of concern is with compliance testing. For compliance testing to be done effectively, it should be planned and conducted in a disciplined fashion. Our reviews of agency compliance testing has found problems in test planning, execution and documentation of Y2K test results. Problems have included tests that have been incomplete, or results unavailable for review, documentation was missing, there was lack of user involvement in the testing phase. We found these deficiencies in the Department's integrated payroll system, BLS's employment cost index system, and three MSHA systems. The OIG is concerned about the adequacy of this testing as it relates to the Department's assurances that these systems are Y2K complaint. We will be looking at additional systems in the coming months.

Our third area of concern is in the independent verification and validation process; the IV and V process. The next critical Y2K date for the Department is June 30, at which time IV and V needs to be completed. As of April 30, the Department had issued final IV and V reports on 37 of its 61 mission-critical systems. While the Department is doing much to complete its IV and V work within the established June time frame, the IG is concerned that the Department's approach to IV and V primarily consists of limited desk reviews of existing documentation and reliance on interviews of people testing the agencies' systems. For example, our reviews have found infrastructure assessments were incomplete, system tests were not performed on a full system integration basis, and not all external data exchanges have been identified nor the business partners contacted. During the remaining months of 1999, management oversight must intensify to ensure that the IV and V is thorough and complete, and above all provide Congress and all of the Department's other stakeholders with assurances that operations will not be interrupted.

Our fourth area of concern is with the State Employment Security Agencies. Between December of 1998 and January of this year, the OIG audited the Y2K efforts related to the four main components that comprise the State systems. In general, we found that the thirteen States that we visited have made good overall progress. However, there are some problems. While assistance provided by the Department has helped the States with their Y2K compliance targets, we still remain concerned about implementation, and management-related issues that we have identified through this audit.

Finally, our fifth area of concern involves the Department's interfaces, and data exchanges with our business partners. Job Corps, for example, engages in many data exchanges that are used to transfer funds to contractors and grantees, to process payments through the banking system. We conducted an audit of the Job Corps Student Pay System. Initially, when we asked the Employment and Training Administration about data exchanges and interfaces, they indicated that none existed for the system. However, in working with Employment and Training in reviewing the student pay system, the system was found to actually have 115 external interfaces, including interfaces with banks, and an interface with the Department of Health and Human Services. Recognizing the magnitude of the problem, ETA has moved quickly to address the issue. Ongoing audits by the Inspector General's office will continue to review the quality and completeness of agency testing to ensure data exchange partners are fully included in the Department and agency plans to conduct end-to-end testing of mission-critical systems.

In conclusion, though the ultimate impact of Y2K in the Department is still uncertain, significant progress has been made. However, the Department must continue to be persistent and timely in assuring that it adequately converts, implements, and verifies its systems so that they will not be affected by this problem.

Mr. Chairman, this concludes my prepared statement. I will be happy to answer any questions.

WRITTEN STATEMENT OF PATRICIA A. DALTON, DEPUTY INSPECTOR GENERAL, OFFICE OF INSPECTOR GENERAL, DEPARTMENT OF LABOR, WASHINGTON, DC - SEE APPENDIX H

Chairman Hoekstra. Thank you. Mr. Willemssen, do you want to provide an overview of Labor?

Mr. Willemssen. I will be brief.

Mr. Willemssen. I will just briefly summarize our statement on Unemployment Insurance and Bureau of Labor Statistics.

Regarding the Unemployment Insurance Service, it is reporting that its one mission-critical system is compliant. However, each of the 53 State Employment Security Agencies also have critical systems that are not counted in the Department of Labor's totals, and many of those are not yet compliant. The most recent report issued by Labor indicates that several are not scheduled to be Y2K ready until later in 1999.

To Labor's credit, it has instituted a requirement that States conduct independent verification and validation reviews of their systems. So, this will give the Department greater assurance that those systems will indeed be compliant. But there are three other key risk areas that Labor faces for these State systems: testing, data exchanges, and business continuity and contingency planning.

The testing area goes beyond just the State's own internal systems. The extent of data exchanges, and the use of other systems in the Unemployment Insurance environment is quite significant. For example, one of the key other systems is the payment management system which is operated by the Federal Department of Health and Human Services. This system is responsible for about $165 billion annually in Federal grant payments. It is not yet compliant, and is not expected to be until later this summer. Labor has also required States to develop, and test business continuity and contingency plans, another good step.

Turning to BLS, it has also made progress on Y2K but also recognizes that there are a lot of other activities that need to be completed. For example, four of BLS's mission-critical systems contain a non-compliant product that the vendor states it will no longer support. BLS has analyzed the use of that product, and believes the risk is fairly low. We will be in the process of reviewing the applicable documentation for that determination.

BLS is also currently in the process of finishing independent verification and validation for several of its systems that it plans to complete by the June 30 deadline. BLS has also submitted contingency plans to the Department. However, according to the Department, BLS has had to make some significant revisions to those plans, and they should be resubmitted at the end of the month. Then, subsequent to that, appropriate testing should take place.

That concludes the summary of my statement.

WRITTEN STATEMENT OF JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION, GENERAL ACCOUNTING OFFICE, WASHINGTON, DC – SEE APPENDIX I

Chairman Hoekstra. Thank you very much.

Congratulations to both Departments, the Inspector General's Office, and GAO. It looks like you have made significant progress from where we were last fall. That is to be very much applauded.

Mr. Smith, I agree with you. I thought Mr. Horn's grading scale last fall was ridiculous. I am glad he has upgraded it, and has a much more effective one now that the Department supports, as well.

But, have we now moved to a point Mr. Willemssen, where we are testing the interface and there are still some huge risks here. If the interfaces do not work either for Education or Labor, there is a potential risk.

Mr. Willemssen. Yes, huge risk. Individually, systems in and of themselves can be considered compliant. But, if they reach that compliance status in a different fashion, once the exchange of data occurs, you may have a compliance problem.

So, that is why it is absolutely critical that testing occur. There are plans on the part of both Departments to do so, recognizing that that is an absolutely critical activity. Just because they are deeming 100 percent of mission-critical systems compliant, there is a long way to go.

Chairman Hoekstra. Mr. Smith, I think in either your testimony or Ms. Shaw's testimony, you talk about the difficulties with doing some of the interface with your partners. At the local level, the different schools actually do their testing because it is end-of-the-year time, and those types of things.

When you come back in the fall, and we talk about how many people at the local level have gone through that testing, will we be talking about, ``Well, you know, Pete, it is a tough time of year right now to get them to sign on because school is starting.''? What kind of incentives or encouragement are you giving to these partners to get this work done as soon as possible?

Mr. Smith. It is a good question. As I mentioned in my testimony, there have been fewer people testing with us than we would have liked to have seen. I also indicated that I hoped that the reason was that it is the end of the year, and not that there are so few ready to test. Ms. Shaw and I were talking about this at the break, and we obviously have to work together to push. The incentive only is that they will get their loans and grants, and so on, on time. That is a pretty substantial incentive for most places.

On the other hand, there are a number of schools that we believe are not ready, and may not even be ready until late fall, if then. I think it is incumbent on all of us to continue to talk to those schools, write them letters, et cetera, et cetera as quickly as we can in order to move them into action.

We have surveys coming out. I testified that we have held lots of meetings and we have sent letters. We have sent letters to presidents, as well as to the folks having to do with student financial aid so that we could tap into all the systems. We talked about sending letters to their boards. We have sent letters to the school boards letting them know that their local public schools could be in trouble. We are ready to try just about anything to encourage all of them, both to get ready, and second, to test.

Chairman Hoekstra. Ms. Shaw, you talked about the contingency planning?

Ms. Shaw. Yes.

Chairman Hoekstra. And, I would read into what you were saying with the contingency plan. If we do get to January 1 and there are some problems or whatever, it might be advantageous to suspend certain rules or regulations. It might be nice to know that and plan for that sooner rather than later. Is that the gist of where you were?

Ms. Shaw. That is correct, Mr. Chairman. Adequate contingency planning, we believe, is critical. To that end as a matter of fact, at the end of June, Sallie Mae will be hosting an industry-wide contingency planning session which the Department has been invited to. Schools will be invited to attend, as well.

With respect to the Department temporarily relaxing regulations, should there be failures, it certainly would be better to know that now, and build it into the contingency plans than happen upon it when the failures occur, and then try to figure out what we are going to do.

Chairman Hoekstra. Mr. Smith, would you receive that request, and respond to it?

Mr. Smith. I actually haven't received any requests.

Chairman Hoekstra. Oh, okay.

Mr. Smith. I personally haven't, and it hasn't been reported to me. That doesn't mean that it hasn't gotten somewhere in the Department.

Chairman Hoekstra. Okay.

Mr. Smith. I would certainly look at it. It seems to me there are two issues. One is that we really need to go through the contingency plans together. We have talked about sharing plans. We are going to put ours on the web, and so on.

Second is that we certainly don't want to give anybody incentive to not get their systems right. If we start waiving things, you get on a downhill slide here. If I waive this, why shouldn't I waive that, and so on. After a while, it removes arguments for some of the institutions to actually do their hard work. So, it is a little tricky. It is one reason why I think we would need to talk, and think about it in a more sophisticated fashion.

Chairman Hoekstra. Good. Thank you. Mr. Ford?

Mr. Ford. Thank you, Mr. Chairman. To Mr. Willemssen, forgive me if I am mispronouncing it.

Mr. Willemssen. That is correct.

Mr. Ford. Is that correct, sir? Your confidence in these agencies, claims of their mission-critical systems compliance being valid, give me a sense--you have talked around them--just directly to the two here, how would you respond to this Committee?

Mr. Willemssen. I think it is fair to say that the mission-critical systems at Education can be considered substantially compliant. But, I wouldn't want to go ahead and imply that there is nothing left to do, even on those individual systems. There are remaining activities, most of which appear to be of lower risk. But, there will have to be more time and attention paid over the next couple of months to make sure that those apparent low risk items are dealt with successfully, so that the Department can be more in a position of saying that they are fully compliant. One of the advantages that the Department had is having the independent contractor in as part of the process. I think that gives them even greater assurance.

In terms of Labor, much of their independent verification and validation effort is still continuing; and is not quite finished. I think that when the Department has all of that in hand, it will also be in a much better position to say where it stands on full compliance.

Mr. Ford. Horn's Committee, his Subcommittee, I serve on the full Committee, I guess, gave the Departments an ``A-minus.'' How rigorous of an assessment was that, and to what extent can we take that ``A-minus''? An ``A-minus'' was pretty good when I was in school. I was just curious to what extent can we take that at its word?

Mr. Willemssen. Chairman Horn is very clear on the criteria for his assessments. It is based on the self-reported data submitted by departments and agencies; essentially their quarterly reports. What the departments are saying is where they are on particular mission-critical systems, and what they have done in key areas such as contingency planning, data exchanges, telecommunications, and imbedded chips. And, based on what is in that quarterly report, he makes that kind of an assessment. He has done it very consistently to the extent that he is aware of additional details, either through Inspector General reports or General Accounting Office reports. He will then also take that into consideration.

Mr. Ford. Ms. Lattimore, please give the Secretary my regards. She gave me my first job, Secretary Herman did when she was at the DNC.

In your statement, you mention that the vast majority of the exchanges involve reporting to the Department, and not the delivery of critical services to individuals such as benefit payments. I guess you feel that you are compliant or you are, perhaps, Y2K ready. Is it not fair to say that some of the information that is reported to the Department is important to be able to deliver the services to individuals? Perhaps you can clarify that?

Ms. Lattimore. To some extent, in terms of the statistical data. We believe that our management plan, which we think is very intense, will ensure that all of those exchanges are compliant. What we started with, though, were the ones that we thought were the big ticket items which is where we put our first priority. These were the delivery of benefits and services to American workers.

Mr. Ford. But, it is fair to say that regarding the delivery of services you feel confident that you are in good position?

Ms. Lattimore. Yes, we are.

Mr. Ford. With regard to some of the challenges that you still face, what is the worst case scenario for DOL? I guess all of us could imagine it in light of what you have done up to this point, but could you give us a sense of?

Ms. Lattimore. I think we believe our worst case scenario would be if we have any type of failure in our Unemployment Insurance system. This is why you see the high level of activity including this PC-based system that we are putting a lot of effort into. Even if a State does not get its system ready, we are trying to develop a universal, plug that they could use to ensure that there is a continuity of services, and that any type of glitch would be seamless to the recipient.

That is in addition to the business continuity and contingency plans we have. It is also in addition to a very large amount of money that we have invested in working with the States. We are working on weekly and biweekly check-ins with them. We are working with them through the peer group of their assessor group to ensure that we have kept a level of attention there.

The Secretary has personally talked to all of the governors who were a little slow in their specific States in moving ahead. We are staying in touch with the Office of Technical Assistance and Guidance.

Next week we sit and meet with the District, which is one of our at risk places that we are working with. Even though it is not a technical issue, we have decided that whatever the issue is that precludes them from moving to a fully compliant Y2K, that is where we need to be. So, we think that is our worst case scenario, and we believe we have put things in place that should address all the potential glitches around that.

Mr. Ford. Thank you, Mr. Chairman. I find it interesting that I am as big a supporter of trying to ensure that our Federal Government is ready. I had a Y2K bill that the administration didn't like too much because it called for a mandatory test date with all agencies. But, as we debate here on the floor right now, this is essentially a piece of Y2K legislation that would shield some of our private sector players from liability, and I hope that we apply this same type of these vigilance that we are applying to our Federal agencies to some of our private sector friends, which we now want to give them a reasonable effort defense. I wouldn't hold you to a reasonable effort defense; I am sure the Chairman wouldn't either. We certainly shouldn't hold anyone that might be responsible for the lives, and the delivery of services for any American through reasonable effort defense.

With that I don't have any time to yield back so I thank the Chairman for letting me go.

Chairman Hoekstra. All right. Mr. Kind?

Mr. Kind. Thank you, Mr. Chairman. I want to thank the witnesses for coming today and offering testimony to give us an update on where everyone is.

I, for one, am somewhat encouraged by testimony that we have heard here today. It sounds very encouraging. But, when we contact various Federal agencies, and also members of the private sector, large or small businesses, we often get encouraging reports. A lot of, ``Yes, we are doing a lot of stuff on it. Progress is being made. We are feeling very confident that we are going to be Y2K compliant.''

It sounds good but when I set up some forums back in my District to talk about Y2K and get information from not only public agencies but the private sector as well --the experts that we brought in just kept hammering over and over again that you have to take all necessary action to deal with this. The bottom line is you must have contingency plans, contingency plans, contingency plans. They were just hammering away at that.

I would be interested to find out where each of you are, Ms. Lattimore, Ms. Shaw, and Mr. Smith in the development of the contingency plans? When do you expect something to be completed that you can share with the Committee as well?

Ms. Lattimore. We have contingency plans for each of our 61 systems. Those plans were submitted a little over a month ago. As you heard from our other testimony regarding the Bureau of Labor Statistics, we feel the contingency plan needs a little bit more work. They are revising it, and that should be back to us by the end of the month. We will be glad to share them. We have also asked all of the States that we interface with regarding the State Employment Security Agencies to do the same thing. They are in varying degrees of readiness, but we assume by the middle to end of late summer we should have contingency plans for the States. We are looking at them as we get them and develop them, with our goal being to be sure prior to the end of the year that we have a viable contingency plan for each of our operations.

Mr. Kind. Thank you. Ms. Shaw?

Ms. Shaw. Sallie Mae finished 1998 with high level contingency plans. Our plan had always been to focus in 1999 on our contingency planning and business continuity efforts.

To that end we have two separate groups working. One that is focused primarily on the business continuity, and our IT organization focusing on continuity plans for the various systems that we have. Both these groups will be finished with their detailed plans by the end of the summer to early September timeframe.

Mr. Kind. Thank you. Mr. Smith?

Mr. Smith. Mr. Willemssen mentioned a little bit about our contingency plans, the eight groups that have been working on them. We completed some high level plans three or four months ago, and have been working with a variety of different groups in the various sectors that we deal with in order to get them down to a real detailed level of actual working.

We are ready to put those on our website. It will be up, and we will be glad to deliver copies of them before that to you. We ought to have them up on the website in the next two weeks or so.

Beyond that, we are going to need continuous interaction with the community as we work through this. We have been talking with them; they have been involved in every one of the development of these plans for the business processes. I think Ms. Shaw's meeting that you are holding a little later will be terrific because we will be able to take a look at their plans; they will be able to take a look at ours; and, there will be other folks there with plans, as well. So, we will be able to get a sense of where we are missing things, and perhaps we can even share some ideas.

Mr. Kind. Mr. Smith, let me follow up with you, then. We have been somewhat proactive back in my District -- I have five state universities, seven technical school campuses, a couple of private colleges -- in getting whatever information they need in assisting with the development of contingency plans.

Did you indicate you are sending out a general survey within the community to get some feedback or have you done that already?

Mr. Smith. We have actually had some partial surveys, and we have a general survey now going out both to elementary, secondary, and to post-secondary. So, we will be able to get a much better handle, I think, on what is going on.

Mr. Kind. Anecdotally, back home I’m noticing that each of them are working on it, but at different stages with different levels of resources committed. It is very tough to get a firm grip on it. Everyone is going to be--

Mr. Smith. I am not even certain that a survey, a self-reported survey, is going to get us a really deep idea about individual campuses. We get a lot of them, however, saying that they are just in the planning stages. We can know that we have got troubles.

Mr. Kind. Right. Again, part of the key to all this is not just what you are doing internally, and who you are interfacing with, but you must be concerned about your suppliers, vendors, and others you are contracting with. What are you doing at your agencies on that front, in order to see that the various support that you are receiving from the various contractors and vendors that you are associated with are also taking care of their business?

Mr. Smith. Well, there are two parts to that. One is that most of our systems are outside contractors. They are Raytheon, and so on, big outfits generally. We are reporting on their Y2K compliance. When we say the 14 systems are compliant, at least 12 of them, I believe, are outside vendors.

We also deal with an awful lot of other institutions. Just as an example, we have under the National Assessment of Educational Progress the ETS, Educational Testing Service; the SAT outfit. We have been in touch with them trying to make sure that they are, in fact, Y2K compliant. They are pretty good, in pretty good shape. We are trying to do the same thing with a lot of the other vendors. Often, they are contractors, trying to make sure that they are actually compliant, at least in the areas where we are interacting with them. There are a lot of other areas, and hopefully by making them alert to our areas, we are also making them alert about other areas, as well.

Ms. Shaw. I can answer from a Sallie Mae perspective. Sallie Mae builds and maintains its own systems. We don't out source or contract out that kind of work typically to the extent we have vendor-provided software and hardware, and we have lots of it. We do

include in any of our agreements with those vendors that they must provide us Year 2000 compliant hardware and software. And, we asked for certifications from those vendors that, in fact, their hardware and software was compliant. But, we had a ``trust but verify'' policy at Sallie Mae so we separately tested each individual hardware and software component provided by a vendor to ensure that they were, in fact, as represented to be.

That was a good thing that we did that because we did find several areas of problems. For example, Sallie Mae's general ledger system is provided by an outside vendor. It is a commercial off-the-shelf software package. It was represented to be the Year 2000 compliant version of that software, and had we not done the extensive testing on it, our general ledger would not have worked in the Year 2000. We ended up having to work with that vendor very closely to fix the software that they provided to us.

Mr. Kind. So, what you are saying is that certification or some type of certifying may not be enough in all cases?

Ms. Shaw. We found that not to be enough.

Mr. Kind. Thank you. That is interesting. Thank you very much. Thank you, Mr. Chairman.

Chairman Hoekstra. Did you charge them for your consulting work?

Ms. Shaw. We thought about it, but ``no.''

Chairman Hoekstra. All right. Mr. Smith, the recent OMB report states that the Department of Education is in need of roughly $3.8 million more for Y2K compliance. Is that correct?

Mr. Smith. I am not sure what report you are referring to. What is the date on that?

Chairman Hoekstra. May 14.

Mr. Smith. The one that we sent it? The one that we are sending it?

Chairman Hoekstra. Yes.

Mr. Smith. We are requesting it?

Chairman Hoekstra. Yes.

Mr. Smith. We are requesting it for a number of reasons. One has to do with testing our Ed-Net more completely than we have presently done. Another has to do with the outreach, as we have just been talking about. We believe that outreach has got to be a lot more extensive than we have already done or have planned. We had hoped that things would be in better shape on the outside than perhaps they are. So, we are looking at the expenditures on a variety of different activities having to do with the surveys that I mentioned. We are analyzing them, and reaching out to institutions that we think are particularly vulnerable.

Just as an example, there is in the direct lending program about 1,300 institutions, and around 900 of those institutions use our software. We have tested that software, and had it tested by them, and so on. So, we are in pretty good shape, I think, on those 900. But, there are 400 institutions out there that have built software according to our specifications in the past. We don't know whether or not they are Y2K compliant. So, we have to make sure that those institutions, those 400 in particular, do the testing with us, and so on.

One can pick out institutions that are particularly vulnerable around the country. We have in mind institutions that have low levels of resources, and institutions that are vulnerable on a variety of different grounds that are fairly predictable. Those are the institutions we want to reach, in particular.

Chairman Hoekstra. How much money has the Department spent in total on Y2K?

Mr. Smith. I think it is on the order of $20 to $44.1.

Chairman Hoekstra. This $3.8 is on top of that? $3.8 million is on top of that?

Mr. Smith. No, it includes that.

Chairman Hoekstra. That includes it? It has been broken out and been tracked so that we pretty much know that it has all been spent on Y2K?

Mr. Smith. It is, yes. Hang on, let me just be sure I am right about the $3.1. Okay.

Chairman Hoekstra. Okay. Thank you.

Mr. Kind. Mr. Chairman, can I ask you a question?

Chairman Hoekstra. Sure.

Mr. Kind. Are the COBOL programmers that got us into this mess covered under the Y2K legislation today?

Chairman Hoekstra. You will have to ask Mr. Cox about that, I have no idea. He is too young to even know about COBOL.

Ms. Shaw or Mr. Willemssen, if you take a look at Department of Labor and

Department of Education, and as you also take a look at what you know about what may or may not be going on in the private sector, are the Y2K compliance efforts following what might be described as ``best practices'' in the private sector?

Mr. Willemssen. I would say they are much more closely following best practices, as we sit here today, compared to 12 months ago. To contrast the two somewhat, I would say if one were looking at it as a competition between the two Departments, I think Labor got started earlier. Education got started a little late. They had a bit of a turnover in a key position, but in the last year or so, Education has really caught up, and has a number of best practices in place.

So I think, as we have mentioned, there is still room for concern. But, we are much more optimistic today on both Education and Labor than we were when we testified last September.

Chairman Hoekstra. Ms. Shaw?

Ms. Shaw. I would concur. I think Sallie Mae is impressed with the progress that has been made. If the best practices or anything close to best practices are applied to contingency planning and ongoing testing, both with the outside world and from the Department with integration testing across their internal systems, that would be positive.

Chairman Hoekstra. Mr. Willemssen, did you want to say something?

Mr. Willemssen. No.

Mr. Smith. Actually, I was a COBOL programmer years ago.

Chairman Hoekstra. We will hold him liable.

Mr. Smith. You are working on the floor on that issue.

Chairman Hoekstra. Yes. Mr. Willemssen, when is it a good time to come back, and benchmark the progress of these two Departments. We will have some new information, and maybe it is not too late to act.

Mr. Willemssen. There are a number of milestones for both Departments that are in the late June, early July time frame in terms of both State systems on Labor's side, and some of the business continuity and contingency planning, and data exchange testing on the Education side.

So, I would think, possibly, in the July time frame to update yourself on, ``Here's what you set out as targets for some of these key activities. Did you meet those targets, and what were the results?''

Chairman Hoekstra. Sounds like a half way decent plan to me. Mr. Ford?

Mr. Ford. Ms. Lattimore, you seemed like you wanted to respond also. Did you want to respond to something with the Chairman?

Ms. Lattimore. No.

Mr. Ford. It looked like you were trying to get close to the mic. We have that problem on this side of the aisle with those guys, so I thought maybe you would take an opportunity to respond, as well.

Chairman Hoekstra. What problem is that?

Mr. Ford. Since I know Ms. Shaw had an opportunity to talk a little bit about the readiness of DOE from Sallie Mae's perspective, Mr. Secretary do you want to talk a little bit about Sallie Mae's readiness, and so forth?

Mr. Smith. From what I have heard today, they sound like they are in pretty good shape. I would not like to grade them, but to see if there is information that we could use that would help us.

Mr. Ford. With regard to best practices, Mr. Willemssen, is it your understanding of some of the things that you have an idea or some knowledge of what the private sector is doing to ensure its Y2K readiness. I know you responded a little bit to what the Chairman asked regarding best practices. With regard to these two agencies, how do they compare? What we are doing in comparison to what the private sector is doing or companies of similar size with complicated systems, I guess?

Mr. Willemssen. The sector that I would use as a benchmark for best practices worldwide would be the financial services and banking sector which has been way ahead of this. This is in part because they had Y2K-related impacts many years ago because they had programs that had out year implications. I would use that sector as probably the leader of any sector, and benchmark off some of the best practices that they have had in place.

One of the ironies that I often point out for even one of those leading sectors is that they, as much as anyone, focus heavily on contingency planning because they know much of this is outside their control. They can't give a guaranty on electric power, telecommunications, water or wastewater. They have to be prepared for those contingencies too, and have done quite a bit of work on that, as have many of the Federal agencies, including Education and Labor.

Mr. Ford. Thank you, Mr. Chairman. I yield back.

Mr. Kind. Thanks. I will be brief. Mr. Smith, given the relative late start that the Department had in getting on top of this issue, did you experience any difficulty in bringing in good talent to assist on this issue?

Mr. Smith. Well, we have had trouble getting good talent in the technology field as have, I believe, almost every other department in the Government. It is not just related to Y2K, although Y2K exacerbated it.

Our talent has worked very, very hard. We could easily have used more people, and we could still use more people. We are dependent, as I mentioned, on being able to understand what a whole variety of different contractors do. And, part of that is not doing the programming yourself, but understanding the quality of their plans, the way they go about their work, the quality of their testing, and so on and so on. So, as a number of people have mentioned, we have relied a lot on our independent validation and verification contractors. We have had GAO in and they have been a terrific help in many ways while they were looking at what we were doing. Our OIGs have been all over this thing. We have engaged them as a partner, and we have brought in all the resources we possibly could. In the meantime, we have had people that were relatively independent, and that would give us a clear picture of where we were going wrong without worrying about what we thought about their views.

Mr. Kind. Ms. Lattimore, what was your experience?

Ms. Lattimore. Basically, the same. We are outbid on a regular basis in seeking IT professionals of high caliber in the area. We have had to augment our staff with some contractors. We are using Intermetrix to do our independent validation verification working with this.

In addition, we have had to look at using some automated tools that would allow us to maximize the resources we have. We have had to augment those resources just about across the board in looking at the IV and V, as well as business continuity contingency plans because we just did not have the talent, and could not always recruit it in a timely manner.

Mr. Kind. A red flag I’m seeing back home, at least, in working with a lot of the education institutions who got off to a very late start on this is a serious dearth of qualified, skilled talent available to bring the institutions up to speed quickly.

Let me just conclude by asking the general question whether or not, we as a Congress, are doing everything we should in assisting you to take care of this? Is there any area where we are falling short that you can think of?

Chairman Hoekstra. Don't hold back now.

Mr. Smith. Yes. Well, there are two things. Actually, one, it would be nice to be able to pay quite a bit more for some of the IT folks. I think there has always been a problem with that in the Government, as you know. There is this inequality argument that is a reasonable argument under most circumstances, but we are now facing a real death of talent in the Government, and I think we could override that for a period of years. That is one.

The second is, I think a number of people have looked at the issue of whether or not, as a nation, we are producing enough computer talent. We probably have enough, but it is 13 years old and 14 years old, and we can't hire them yet. We need folks who are 21 to 35, and if you look at the data on those, the actual number of people who are taking computer science courses and getting masters in computer science, for example, has gone down over the last 10-15 years. That is kind of an odd circumstance in a market that is booming for those folks. So, I don't know what the actual problem is, but it is an interesting problem.

Mr. Kind. I would be happy to work with you or anyone in the Department in thinking through this issue. Obviously, we are seeing a lot of the same statistics, and it is a cause of concern. So, if someone is putting their mind to this, I would be happy to work with you on it.

Thank you. Thank you, Mr. Chairman.

Chairman Hoekstra. I would like to thank the panel. Thank you very much for the progress that you have made over the last five, six months. Congratulations.

We will continue monitoring, and working with you over the next six, eight, nine months as we get close to the millennium, and gauge your progress before and after. I am glad that you were able to come today and give us a much more encouraging and positive outlook than what, I think, some of us thought we were getting last fall.

Again, congratulations, and we will be in contact with you. If it looks like the end of July or whatever looks like an appropriate time for you to come back and update us, we will have a follow-up Hearing then again.

So, we adjourn this Subcommittee. Thank you.

Whereupon, at 3:38pm the Subcommittee was adjourned.