Congratulations. You've readied all your internal systems for the coming millennium. You've tested everything and, compared with the rest of your industry, you feel confident that you're well ahead of the curve.
Time for the celebratory champagne? Hardly. Even organisations that execute letter-perfect year 2000 (Y2K) projects will be susceptible to what's being called the ripple effect. Suppliers, business partners, customers and other third parties who don't take care of their Y2K problems can wreak havoc on your company. Picture it: Customers aren't able to pay invoices on time, sabotaging your accounts receivable. Suppliers don't deliver raw materials as scheduled, bringing production to a halt. Failures within just a few organisations can ripple through entire industries -- and potentially the whole economy.
"We're all going to sink or swim together," says Skip Patterson, executive director of the Year 2000 Program Office at Boston-based Bell Atlantic, the nation's largest regional Bell operating company. "The people who don't fix their problems will hurt the people who do."
So to avoid being hurt by the ripple effect, Y2K project managers are turning their gazes outside the organisation's walls to examine supply chains, customer bases and other external entities. "Are they going to be ready? What are their plans? Where are they in the process? Are they going to be able to do business in 2000?" asks Dick Kearney, the partner in charge of KPMG Peat Marwick Consulting's global Y2K practice in Boston. "You need to dedicate a significant amount of resources to asking those questions of your business partners."
That investigation of external compliance needs to proceed in parallel with internal remediation efforts and must be managed every bit as carefully. And senior management must understand, as Chrysler Corp. Y2K Manager Roger Buck puts it, that "your year 2000 problem isn't just in your IS shop. It's in every company that you deal with." That means outside support is crucial to insulating your organisation from the damages of the ripple effect.
Y2K experts recommend six steps.
Take inventory. Just as the Y2K project begins with an inventory of how much date-related code exists, your investigation into external compliance starts with a review of the outside entities your company deals with, and their relative importance to your operation. "You don't want to forget about the noncritical suppliers," adds Kearney. "But you need to focus."
"You don't have enough time and resources to work with all of them," concurs Ed Yourdon, chairman of the Cutter Consortium, a technology advisory firm in Arlington, Massachusetts. "You need to do the same kind of triage and prioritization that you do internally. And here, too, the familiar principle applies-80 percent of your revenues come from 20 percent of your customers, and 80 percent of your critical supplies come from 20 percent of your suppliers and vendors."
Investigate. Communication with outside entities usually opens with a request for information-a letter or survey asking about the status of Y2K compliance. But responses to that type of inquiry vary. You may hear nothing or get a letter from a low-level functionary that carries no weight. Matt Hotle, director of Gartner Group Inc.'s Y2K research group, says that response rates to such requests can be as low as 10 percent. And of those who do respond, "less than 50 percent are accurate," he says. "They're not trying to lie; they just don't have enough information yet." Hotle recommends a strategy after a list of top-tier business partners has been drafted: "You get a travel budget, get on a plane and go visit them. You want to look people in the eye and ask how they're doing on Y2K. If they start staring at their hands and stuttering, you know you have a problem."
Bell Atlantic's Patterson agrees with Hotle's hands-on advice. "If someone provides you with a 'priority one' service, then you're really going to want to get into their knickers and make sure that everything's OK," he says.
Collaborate. In working with outside companies, proceedings can sometimes get adversarial. No one likes to be held hostage by a single-source supplier that doesn't have its act together. But analysts and IT executives alike say that a collaborative approach is the only route to success.
"If you approach anybody with a shotgun, they're not going to be your best friend," observes David Reingold, a senior vice president at Computer Horizons, an IT services company in Mountain Lakes, New Jersey. "You have to approach them on a friendly basis and let them know what your deadlines are, and that you're going to test."
At NASDAQ, collaboration with the organisations that receive information from the exchange involved a nuanced discussion of their data-related needs. "We went out to our customers and surveyed them," says Michael Buckingham, NASDAQ Stock Market Inc.'s Y2K project manager and director of operations and planning in Trumbull, Connecticut. "We asked if they saw any reason for us to expand the date field. And the bulk of them said that because we are mostly a 'day system'-that is, the data is pretty much today's data-we could get away with windowing."
For companies with incredibly complex supply chains, like the Big Three automakers, collaboration has involved industrywide efforts. In February 1997, the Automotive Industry Action Group (AIAG) decided to create a year 2000 task force to help Ford Motor Co., Chrysler Corp. and General Motors get suppliers up to speed. The AIAG invited the CEOs of the top 5,000 suppliers to Detroit's automakers for a half-day seminar, after which it sent out surveys and set up an information Centre and a Web database.
"Chrysler has 8,000 total suppliers," says Buck, the company's Y2K manager and chairman of the AIAG's task force. "Of those, 2,000 are critical. And anywhere in that supply chain where the link breaks, it's going to cause us problems. The other automakers are in the same situation. It's very difficult to build vehicles with missing parts and then put them in later."
Track progress. Even when being closely monitored, some business partners may not be solving their Y2K issues as quickly as necessary. Identifying the laggards requires a measurement scheme.
"We've developed a matrix that says if [a supplier] is not at a given step in the process by a given time, they're at high risk," says Buck. "We're kicking around the idea of giving green, yellow and red ratings, like a stoplight. Red, obviously, would mean you're in trouble."
Craft contingency plans. Unfortunately, more external organisations may be red-lighted than a CIO would like. "We're finding that pretty much everybody we deal with as a supplier is behind the curve that we'd prefer them to be on," says Patterson at Bell Atlantic. That scenario requires contingency plans. If one supplier can't support the business in a post-2000 world, who can? You should begin lining up alternatives as soon as suspicion about a critical vendor creeps up, suggests Kearney.
"Our company has a fair amount of experience in alternative planning," says Patterson. "If you have a major snowstorm, what are your contingencies? How can you route around it? The difference here is that while snowstorms tend to be local, [Y2K] is pervasive."
Most IT executives say it's inevitable that a few long-standing relationships will crumble under the weight of Y2K pressures. "1999 will be a year of saying, 'Who isn't going to make it and what actions will we take?'" says Buck at Chrysler. "You need to do what you need to do."
On the flip side, Hotle at Gartner Group sees a somewhat more optimistic possibility. "This problem could result in better communication within the supply chain and more partnerships," he says, "but only if we pay careful attention to the ripple effect."
Test and verify. Even the business partners that appear to have their Y2K issues under control must be scrutinised as the millennium approaches. The operating philosophy of many CIOs derives from an old Ronald Reagan quip about the Soviet Union's compliance with arms control rules: Trust but verify.
"The only way you can know whether a supplier has succeeded is to test with them," says Bell Atlantic's Patterson. "Words don't count. Deliverables count. We want a field trial. We want to see it done." And Patterson adds that small proof-of-concept tests aren't enough to assuage his worries; he looks for tests scaled to full production intensity. "We run about 400 million billing transactions a day across our network. So we don't want to know that it works, but that it works at the right scale."
To make sure that data interchange between different financial institutions will work flawlessly after Dec. 31, 1999, the Securities Industry Association has organised a series of tests specifically for Wall Street firms. While that's possible in industries that handle information, it's tough to do in sectors like auto manufacturing. "We can't move our assembly lines forward in time," says Buck at Chrysler. "We just have to test all the component pieces offline and verify that they work."
Others say that upstream suppliers and interfaces can present barriers to timely testing. For example, John Thomas Flynn, CIO for the state of California, supplies information "up" to a number of federal agencies and says he can't test with them until they're ready.
For private companies that find themselves in that position, Kearney at KPMG has some advice: Be a noodge. "You say, 'We want to run a test at the end of 1998-will you be ready?' That shakes out a lot. If they can commit to testing, then you have a pretty good feeling that they're on target. And you also put them on notice that if they can't test with you, then you may go with someone else," Kearney says. He concludes that a reasonable goal might be to run tests with your top 10 suppliers.
Don't Be Caught by the Incoming Tide
What's the priority of external compliance efforts within the Y2K project as a whole? "The ripple concern should be as big as any other concern," says Reingold at Computer Horizons.
Fred Kowitz, the corporate director for Y2K at Ameritech Corp., a Chicago-based telephone company, even objects to the use of the word "external" -- to him, making sure third parties are making progress is key to the project. "I don't think of this as being outside the walls of the company," he says. "It's one of the cornerstones of our program."
Two words recur in discussions about the ripple effect: communication and collaboration. Organisations must work closely with their business partners and keep a constant dialogue going to avoid being hurt by someone else's Y2K mistakes. Reingold characterises the work required as an educational crusade. "If you've educated yourself about the danger, the next step is to educate your suppliers, and then get them to educate their suppliers," he says. "Everyone is someplace on someone else's food chain."
Envisioning the Ripple Effect
Can a company that used to make computer games help with the year 2000 problem?
In 1993, Thinking Tools spun off from Maxis, the gaming company that produced the software hits SimCity and SimLife. After doing custom consultation on simulation projects, Thinking Tools decided that the year 2000 problem offers a phenomenal product opportunity: producing a program that helps IT executives visualise and manage Y2K risks, both internal and external.
Working with Y2K experts William Ulrich and Ian Hayes (authors of "The Year 2000 Software Crisis: Challenge of the Century"), Thinking Tools developed Think 2000, a program that, among other things, can help organisations learn more about how they'll be affected by external suppliers. "You can model a complete supply chain and estimate the probability of a supplier failing," says Phillip Whalen, president and CEO of Thinking Tools in San Jose, Calif. "It's designed to help people deal with complex, adaptive systems that have lots of invisible interdependencies, which describes Y2K to a T."
One of the goals of Think 2000, which starts at $25,000, is to help companies document Y2K remediation efforts, showing, for example, how they identified a set of suppliers as mission critical. That can help ward off lawsuits, or win them if they eventually go to trial. "It's important to have good documentation of what you were thinking, and why you did what you did," says Whalen. "American society is litigious by nature, and so it's crucial to be able to protect yourself."
(Scott Kirsner, a Boston-based writer and consultant, is working on a series of articles for CIO on the Y2K problem. He can be reached at firstname.lastname@example.org.) Envisioning the Ripple Effect