JOHN P. HIGGINS, JR.
ACTING INSPECTOR GENERAL
U.S. DEPARTMENT OF EDUCATION
SUBCOMMITTEE ON LABOR,
HEALTH AND HUMAN SERVICES,
EDUCATION, AND RELATED AGENCIES
Committee on Appropriations
United States House of Representatives
YEAR 2000 COMPLIANCE READINESS
OF THE DEPARTMENT OF EDUCATION
APRIL 21, 1998
Mr. Chairman and Members of the Subcommittee --
Thank you for inviting me to testify today about the Department of Education's progress for ensuring that its computer systems are Year 2000 compliant. On March 31 of this year, the Office of Inspector General (OIG) issued an audit report entitled, "The Status of the U.S. Department of Education's Readiness for Year 2000." As a result, I am in a very good position to address the Subcommittee's concerns.
Assessment of the Department' Progress
Despite recent efforts and strides taken by the Department, our audit results reflect that the Department's overall progress has not kept pace with government-wide milestone dates developed by OMB and that it must continue to accelerate its efforts.
The Office of Management and Budget (OMB) included the Department among those agencies where there is insufficient evidence of adequate progress on Year 2000 efforts. The Department also has received congressional criticism of its Year 2000 effort.
The Department has made significant progress in recent months, as OMB noted in its most recent quarterly report on Year 2000 progress. The Department's Year 2000 project has been receiving senior management level attention from the Acting Deputy Secretary, who holds weekly Year 2000 status meetings with senior management officials. A high-level official of the Office of the Chief Financial and Chief Information Officer was assigned in December 1997 to lead the Year 2000 project, and significant additional staff resources have been assigned to the project since that time. In addition, the Acting Deputy Secretary has recently requested OIG's involvement and assistance in the Year 2000 effort. While the OIG audit was still in draft, the Department implemented some of the OIG's recommendations. For example, we recommended that the Department initiate contingency planning and in their response to our draft report, they stated that formal guidance for contingency planning for internal systems and related data exchanges has recently been issued. The Department continues to make progress on many of our other recommendations. I will summarize the audit results here. A copy of the audit report has been provided to each member of the committee.
One reason for the Department's slow progress in the past has been a lack of continuity in the leadership assigned to the Year 2000 project. There have been five different project managers to date, and the Department has had three different executives serving as the Chief Information Officer (CIO) since the position was created in 1996. With the recent departure from the Department of the official who was the Year 2000 Project Manager, there exists the potential for a loss of momentum at this critical time during the Year 2000 countdown. To its credit, the Department has already assigned a new project manager at the Senior Executive Service level. While she necessarily has a "learning curve," we are encouraged by her commitment to date.
At the time of our audit, the Department had not developed a comprehensive Year 2000 plan in the time frame provided under the OMB schedule and had not completed assessments, or renovation and testing plans for mission critical systems. Since our audit, the Department has completed its systems inventory, has made substantial progress in assessing its systems, and has initiated renovation. Assessment activities will continue as the renovation process proceeds. The Department now estimates it will complete its comprehensive management plan for Year 2000 this month.
Of the mission critical systems we reviewed during our audit, we found that two of the systems that the Department had reported to OMB to be compliant were not in fact compliant, and the Department revised its assessment in its most recent report to OMB. A third mission critical system previously reported to be compliant has now also been determined to be non-compliant.
We also found that the Department lacked an accurate and supported Year 2000 renovation cost estimate, having reported four different and widely varying cost estimates since 1996. Since issuance of the draft audit report, the Department has revised its cost estimate upward to $23 million and reported that figure to OMB. OIG will be reviewing the basis for the Department's latest cost estimate.
Beyond the need to have the Department's own systems be Year 2000 compliant lies another challenge -- the compliance of systems at schools, state agencies, lenders, and guaranty agencies which interface with the Department's systems. The Department has made significant strides in implementing a plan for outreach activities, including creating a Year 2000 Internet Web site, issuing "Dear Colleague" letters to thousands of program participants, and holding conference calls and meetings with our data exchange partners. In addition, outside entities are able to contact the Department to ask specific questions on the issue.
However, despite these recent efforts the Department still lacks a cohesive plan for partnering with external data providers to help assure that their systems are Year 2000 compliant. The greatest risk is to the student financial aid computer systems, which could be compromised by data transferred from external entities whose systems are not Year 2000 compliant. The Department agreed with our report conclusion that it needs a well designed system of front-end computer edits for each of its mission critical systems.
Further, our audit report found that Department was behind schedule in development of contingency plans in the event of Year 2000 failures of its own systems. The Department must also play a leadership role in encouraging outside entities whose systems interface with those of the Department to develop their own contingency plans in the event their systems are not compliant. Since completion of OIG's audit fieldwork, the Department has issued guidance to assist the program offices in completing their risk assessments and Year 2000 contingency plans.
Obstacles to Completion
The Subcommittee asked about obstacles to completion of Year 2000 preparations. In my opinion, the greatest area for concern is with the external entities that interface with the Department's systems. If a significant number of entities are not ready and do not have adequate contingency plans, then the Department may not be able to effectively administer its programs regardless of its own state of readiness.
An additional obstacle to progress is the Department's implementation of the Clinger- Cohen Act establishing the position of the CIO. We recently issued an audit report on that subject. A copy of the audit report has also been provided to each member of the committee. We found that several factors may be hindering the ability of the CIO to establish a greater leadership role. The audit found a lack of clear policies communicating the roles and responsibilities of the CIO, too few resources dedicated to accomplishing CIO responsibilities, and a shortage of expertise on the CIO staff.
Will the Department Be Ready?
Finally, the Subcommittee asked whether the Department's data systems will be ready on January 1, 2000. I cannot say with certainty at this stage. Clearly the Department is behind schedule when measured against the OMB milestones, but, in my opinion, the goal of implementation of its mission critical systems by March 1999 is attainable. Reaching the goal will require continued quality leadership and a concerted effort from all involved. The Department is fortunate in that it only has 14 mission critical systems. However, all of them are extremely large and complex. The Department also has the benefit of having outsourced all but one of its mission critical systems. This allows it to use the technical expertise of its various contractors in addressing the Year 2000 problem.
OIG will continue to monitor the Department's progress and report our findings and recommendations to management, in accordance with the request for input from the Acting Deputy Secretary. We plan to target areas that are critical to achieving Year 2000 compliance. For the Department's systems, the scope of our work will include reviewing testing of Year 2000 renovations to mission critical systems, monitoring the work of the Department's independent verification and validation contractor, reviewing the Department's contingency plans, verifying the accuracy of its quarterly reports to OMB and providing technical assistance to the Department's Year 2000 Project Management Team. With respect to outside entities, our work will include reviews of the status of Year 2000 readiness of selected guaranty agencies, large lenders, secondary markets and/or student aid servicers based upon our assessment of risk to determine whether their systems renovations are on schedule for completion prior to the Year 2000 deadline.
I will be happy to try to respond to any questions the Subcommittee may have.