March 15, 1999 Web posted at: 11:13 a.m. EST (1613 GMT) by Scott Kirsner

From...

ALSO:    Planning beyond Y2K disruptions

(IDG) -- Congratulations. You've readied all your internal systems for the coming millennium. You've tested everything and, compared with the rest of your industry, you feel confident that you're well ahead of the curve.

Time for the celebratory champagne? Hardly. Even organizations that execute letter-perfect year 2000 (Y2K) projects will be susceptible to what's being called the ripple effect. Suppliers, business partners, customers and other third parties who don't take care of their Y2K problems can wreak havoc on your company. Picture it: Customers aren't able to pay invoices on time, sabotaging your accounts receivable. Suppliers don't deliver raw materials as scheduled, bringing production to a halt. Failures within just a few organizations can ripple through entire industries -- and potentially the whole economy.

"We're all going to sink or swim together," says Skip Patterson, executive director of New York City-based Bell Atlantic Corp.'s Year 2000 Program Office, located in Boston. "The people who don't fix their problems will hurt the people who do."

So to avoid being hurt by the ripple effect, Y2K project managers are turning their gazes outside the organization's walls to examine supply chains, customer bases and other external entities. "Are they going to be ready? What are their plans? Where are they in the process? Are they going to be able to do business in 2000?" asks Dick Kearney, the partner in charge of KPMG Peat Marwick LLP's global Y2K practice in Boston. "You need to dedicate a significant amount of resources to asking those questions of your business partners."

That investigation of external compliance needs to proceed in parallel with internal remediation efforts and must be managed every bit as carefully. And senior management must understand, as Chrysler Corp. Y2K Manager Roger Buck puts it, that "your year 2000 problem isn't just in your IS shop. It's in every company that you deal with." That means outside support is crucial to insulating your organization from the damages of the ripple effect.

Y2K experts recommend six steps.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
CIO home page
Make your PC work harder with these tips
Reviews & in-depth info at IDG.net
IDG.net's personal news page
IDG.net's products pages
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletters
Search IDG.net in 12 languages
News Radio
	CIO radio
	Fusion audio primers
	Computerworld Minute

1. Take inventory
Just as the Y2K project begins with an inventory of how much date-related code exists, your investigation into external compliance starts with a review of the outside entities your company deals with, and their relative importance to your operation. "You don't want to forget about the noncritical suppliers," adds Kearney. "But you need to focus."

"You don't have enough time and resources to work with all of them," concurs Ed Yourdon, chairman of the Cutter Consortium, a technology advisory firm in Arlington, Mass. "You need to do the same kind of triage and prioritization that you do internally. And here, too, the familiar principle applies—80 percent of your revenues come from 20 percent of your customers, and 80 percent of your critical supplies come from 20 percent of your suppliers and vendors."

2. Investigate
Communication with outside entities usually opens with a request for information -- a letter or survey asking about the status of Y2K compliance. But responses to that type of inquiry vary. You may hear nothing or get a letter from a low-level functionary that carries no weight. Matt Hotle, director of GartnerGroup Inc.'s Y2K research group in Chicago, says that response rates can be as low as 10 percent. And of those who do respond, "less than 50 percent are accurate," he says. "They're not trying to lie; they just don't have enough information yet." Hotle recommends a strategy after a list of top-tier business partners has been drafted: "You get a travel budget, get on a plane and go visit them. You want to look people in the eye and ask how they're doing on Y2K. If they start staring at their hands and stuttering, you know you have a problem."

Stories: Meaning of the Millennium Y2K: Hype or Hazard? Events Guide: New Year's around the globe Discussion: Stories of the Century Best and Worst Quiz: Know your millennium Links: Celebrations Observatories Y2K Readiness Humor Poll: When does the new millennium begin? Jan. 1, 2000 Jan. 1, 2001 Not sure Other View Results

Bell Atlantic's Patterson agrees with Hotle's hands-on advice. "If someone provides you with a 'priority one' service, then you're really going to want to get into their knickers and make sure that everything's OK," he says.

3. Collaborate
In working with outside companies, proceedings can sometimes get adversarial. No one likes to be held hostage by a single-source supplier that doesn't have its act together. But analysts and IT executives alike say that a collaborative approach is the only route to success.

"If you approach anybody with a shotgun, they're not going to be your best friend," observes David Reingold, a senior vice president at Computer Horizons Corp., an IT services company in Mountain Lakes, N.J. "You have to approach them on a friendly basis and let them know what your deadlines are, and that you're going to test."

At Nasdaq, collaboration with the organizations that receive information from the exchange involved a nuanced discussion of their data-related needs. "We went out to our customers and surveyed them," says Michael Buckingham, The Nasdaq Stock Market Inc.'s Y2K project manager and director of operations and planning in Trumbull, Conn. "We asked if they saw any reason for us to expand the date field. And the bulk of them said that because we are mostly a 'day system'—that is, the data is pretty much today's data—we could get away with windowing."

For companies with incredibly complex supply chains, such as automakers, collaboration has involved industrywide efforts. In February 1997, the Automotive Industry Action Group (AIAG) decided to create a year 2000 task force to help Ford, Chrysler and General Motors get suppliers up to speed (the task force later expanded to include Volvo and Toyota). The AIAG invited the CEOs of the top 5,000 suppliers to Detroit for a half-day seminar, after which it sent out surveys and set up an information center and a Web database.

"Chrysler has 8,000 total suppliers," says Buck, the company's Y2K manager and chairman of the AIAG's task force. "Of those, 2, 000 are critical. And anywhere in that supply chain where the link breaks, it's going to cause us problems. The other automakers are in the same situation. It's very difficult to build vehicles with missing parts and then put them in later."

4. Track progress
Even when being closely monitored, some business partners may not be solving their Y2K issues as quickly as necessary. Identifying the laggards requires a measurement scheme.

"We've developed a matrix that says if [a supplier] is not at a given step in the process by a given time, they're at high risk," says Buck. "We're kicking around the idea of giving green, yellow and red ratings, like a stoplight. Red, obviously, would mean you're in trouble."

5. Craft contingency plans
Unfortunately, more external organizations may be red-lighted than a CIO would like. "We're finding that pretty much everybody we deal with as a supplier is behind the curve that we'd prefer them to be on," says Patterson at Bell Atlantic. That scenario requires contingency plans. If one supplier can't support the business in a post-2000 world, who can? You should begin lining up alternatives as soon as suspicion about a critical vendor creeps up, suggests Kearney.

"Our company has a fair amount of experience in alternative planning," says Patterson. "If you have a major snowstorm, what are your contingencies? How can you route around it? The difference here is that while snowstorms tend to be local, [Y2K] is pervasive."

Most IT executives say it's inevitable that a few long-standing relationships will crumble under the weight of Y2K pressures. "1999 will be a year of saying, 'Who isn't going to make it and what actions will we take?'" says Buck at Chrysler. "You need to do what you need to do."

On the flip side, Hotle at GartnerGroup sees a somewhat more optimistic possibility. "This problem could result in better communication within the supply chain and more partnerships," he says, "but only if we pay careful attention to the ripple effect."

6. Test and verify
Even the business partners that appear to have their Y2K issues under control must be scrutinized as the millennium approaches. The operating philosophy of many CIOs derives from an old Ronald Reagan quip about the Soviet Union's compliance with arms control rules: Trust but verify.

"The only way you can know whether a supplier has succeeded is to test with them," says Bell Atlantic's Patterson. "Words don't count. Deliverables count. We want a field trial. We want to see it done." And Patterson adds that small proof-of-concept tests aren't enough to assuage his worries; he looks for tests scaled to full production intensity. "We run about 400 million billing transactions a day across our network. So we don't want to know that it works, but that it works at the right scale."

To make sure that data interchange between different financial institutions will work flawlessly after Dec. 31, 1999, the Securities Industry Association has organized a series of tests specifically for Wall Street firms. While that's possible in industries that handle information, it's tough to do in sectors like auto manufacturing. "We can't move our assembly lines forward in time," says Buck at Chrysler. "We just have to test all the component pieces offline and verify that they work."

Others say that upstream suppliers and interfaces can present barriers to timely testing. For example, John Thomas Flynn, CIO for the state of California, supplies information "up" to a number of federal agencies and says he can't test with them until they're ready.

For private companies that find themselves in that position, Kearney at KPMG has some advice: Be a noodge. "You say, 'We want to run a test at the end of 1998—will you be ready?' That shakes out a lot. If they can commit to testing, then you have a pretty good feeling that they're on target. And you also put them on notice that if they can't test with you, then you may go with someone else," Kearney says. He concludes that a reasonable goal might be to run tests with your top 10 suppliers.

Don't be caught by the incoming tide

What's the priority of external compliance efforts within the Y2K project as a whole? "The ripple concern should be as big as any other concern," says Reingold at Computer Horizons.

Fred Kowitz, the corporate director for Y2K at Ameritech Corp., a Chicago-based telecommunications company, even objects to the use of "external" -- to him, making sure third parties are making progress is key to the project. "I don't think of this as being outside the walls of the company," he says. "It's one of the cornerstones of our program."

Two words recur in discussions about the ripple effect: communication and collaboration. Organizations must work closely with their business partners and keep a constant dialogue going to avoid being hurt by someone else's Y2K mistakes. Reingold characterizes the work required as an educational crusade. "If you've educated yourself about the danger, the next step is to educate your suppliers, and then get them to educate their suppliers," he says. "Everyone is someplace on someone else's food chain."

Scott Kirsner, a Boston-based writer and consultant, is working on a series of articles for CIO on the Y2K problem.