It's beginning to look like dealing with Y2K is a lot like checking into a fancy resort where every staff member has their hand out. First it was the programmers, flush with the comfort of a booming job market. Then it was the consultants. Now the lawyers and the insurance companies are getting into the act.
But wait, there's more. Before lawyers agree to represent you or insurance companies deign to insure you, there's the little matter of an audit, and it's just as delightful as anything the IRS has to offer. At least two groups, and probably plenty more, are offering their services as Y2K auditors, in essence performing the same duties as a CPA. But instead of auditing your financial situation, they're auditing your computer systems to paint an impartial picture of where you stand vis-à-vis your remediation.
To their credit, both of these groups feature venerable leaders. Ed Yourdon, programming guru and author of Time Bomb 2000: What the Year 2000 Crisis Means to You!, heads the Cutter Consortium, an advisory group affiliated with Cutter Information Corp., a research and analysis company in Arlington, Massachusetts At the reins of Stamford, Connecticut-based Software Testing Assurance Corp. (STAC) are Chairman and CEO Paul Strassmann, former CIO of Xerox Corp., and Vice Chairman DuWayne J. Peterson, former CIO of Merrill Lynch. STAC President and COO Ernest Auerbach, former president of CIGNA Corp.'s International Life and Group Operations, should help pave the way for policy preparation.
Considering all the other Y2K details crowding your mind, you're not alone if you haven't considered getting an audit. When Cutter surveyed 200 IT professionals, 81 percent said their companies had not yet had their systems tested, audited or certified by an independent organization. Of those respondents, 36 percent said they had no plans to do so. Note to whomever's in charge of risk management at those companies: bad idea.
STAC's audit tools, dubbed Certification Assessment Services, are based on the standards set forth by the independent Software Productivity Consortium (www.software.org/Y2K/index.html). The standards are meant to provide a common benchmark for company officers, strategic partners, independent auditors, regulatory agencies and insurance companies. The Consortium suggests its independent benchmark is superior to proprietary or arbitrary guidelines that may not be accepted by third parties like insurance companies or regulatory agencies when it comes time for litigation negotiations. The cost of STAC's services is based on the number of lines of code that need to be changed and the complexity of the applications.
Questions remain, though. Will the third parties insuring or mediating your Y2K conversion also agree to use the SPC's benchmark, since other computer groups are also developing independent standards? And will agreement about these standards come before or after the turn of the century? Stay tuned.