|
YEAR 2K – IMPACT ON SMALL BUSINESS IN IRELANDJoint Oireachtas Committee on Enterprise and Small BusinessPrepared bySenator Margaret Cox and adopted by the Joint Committee on 15 December 1998.CONTENTS
Introduction and acknowledgementsGeneralAt this stage there is just over one year left to the 1st January 2000, and while many people are thinking of how they will celebrate the new millennium it is vital to realise that the year 2000 computer date problem (the Millennium Bomb) is one single issue which could wipe out a small or medium sized business. Indeed such is the extent of the problem that if not properly managed and prepared for it could also wipe out many large businesses. Global IssueThis is a global issue and it is an indiscriminate one. ‘Government experts in the United Kingdom and the United States, the two countries where Year 2000 awareness is most advanced, are of the opinion that businesses which fail to protect themselves are running a real risk of commercial failure. It is clear that firms of all sizes and at all stages of commercial development are at risk; from micro-firms with a couple of people working in them, right through to multi-nationals employing tens of thousands. It is also clear that companies can be laid low by the Year 2000 crises even if they do not have a single computer on the premises. (‘A Business Guide to the Year 2000’, Craig and Kusmirak). Absolute DeadlineThere is one thing certain about the Y2K issue and that is that the deadline is not moving and as each day passes we move closer and closer to it. Many people that I have spoken to personally simply can’t understand what Y2K means to them. Surveys show that >90% of people are aware of the millennium bug but they don’t quite know what to do about it. What could go wrong?Imagine this, ‘You’re due into work for a vital meeting on the 2nd January 2000, at 8am. Well the alarm clock failed to go off and you wake up late, you put on the kettle to boil, it seems to be broken, you race out the door and into the car. Half way to work you realise that lots of the traffic lights are not working and traffic is beginning to build. No problem, ring the office on the mobile phone and let them know you’re delayed – its not working, traffic is getting worse, stop at a pay phone, it seems to be operating but nobody is answering the office phone – at 9.45!!! You have forgotten the notes you need – they are at home, no problem, get them faxed into the office when you get there, if there will be anyone alive after the fact that the phones are unattended. You hope the office Supply Company has delivered the toner and paper you ordered just before Christmas, its vital for the presentation to US customers after lunch. Blast the traffic it appears to be getting worse. … …. Anyway you arrive, the phones aren’t working, the fax isn’t working, the lift is out of order, your supplier hasn’t received the order he was waiting on – so no paper and no toner. But at least the new computer that you bought to sort out Y2K is working, pity about your supplier, the phone system, the fax, the lift – even damn and blast the coffee machine… … The Good NewsYear 2K problems can be fixed. It is not the objective of this report to identify the steps involved, rather this reports seeks to identify the impact of the issue on Irish SME’s. It is vital that people and organisation start to believe that a) the Y2K problem is their problem and b) they can actually do something about it. Ownership of the issueNot everyone in business will have the same problem or indeed the same level of problem, and it does no one any great service to imply that all problems and all solutions are the same. People must feel like they can take charge of their own destinies. Scare tactics won’t work, this forces people into denial. Part of the solution must be to help people believe that they can solve the problem. Be SuspiciousThe issues, which need to be addressed, fall into two categories, technical and managerial. It is vitally important however that business owners maintain control of the situation, and even in cases where they outsource the solving of the problem they must be well enough informed to validate the work carried out. This is not something that can be delegated to software suppliers. The very survival of the business is at stake. There is one other date, which may cause concern or problems before the 1st January, that date is 9th of September 1999. In the past Cobol programmers often used a test against the number 9999 in a date validation to indicate that a programme was finished and the job terminated. If these tests still occur in various programmes then they may unexpectedly terminate without completing important processes. The remainder of the report examines the Irish situation, the situation as it is in other countries and finally makes a number of recommendations for consideration by the committee. AcknowledgementsI would like to gratefully acknowledge the assistance of William Goodbody, Marty Saunders, Patrick Beirne, Claire Tiernan, Minister Noel Treacy, the Department of Enterprise, Trade and Employment, and the committee secretariat. All research documents referred to or used in research are referenced in appendix 1. The Irish SituationRisk exposureMany small-to-medium enterprises (SME’s) may be the most exposed to risk of the so-called ‘Millennium Bug’ or Year 2000 problem (Y2K). Why is this? 1.The big companies have programming staff and greater resources to tackle the problems. 2.Small companies generally only buy mass produced products and have very little software written for them while a medium sized organisation is more likely to have specific packages written for them. The problem with bespoke software is that sometimes the original suppliers may no longer be around and even if they are it may not be cost effective to carry the full cost of upgrading the software to be Y2K compliant. 3.Due to a lack of awareness and the absence of any laws requiring new products to be millennium compliant, many SME’s are still buying non-compliant products, completely oblivious to the consequences. 4.Most SME’s are owner managers and in the current economy many of these individuals are having difficulty managing their organisation’s growth, maintaining their workforce and coping with the day-to-day demands of a thriving and often fast moving business. SME’s readinessMost developed countries are now rapidly moving to identify and deal with threats posed to SME’s by Y2K. This is amid growing concerns about SME’s preparedness and is understandable given their massive contribution to employment and income and the extent to which SME’s are perceived as a barometer of economic well being. In some countries, studies undertaken by governments and large professional associations have shown a lack of preparedness for Y2K among SME’s along with high levels of non-awareness of the nature and potential impact of the problem among SME’s. Why botherWhy is it that SME’s along with other companies should take note of the Y2K problem and do something about it? Because: •It’s an issue of business survival. •Putting the problem right may entail significant costs. •Directors can be made personally liable for the neglect of these problems. •The business chain is only as strong as its weakest link. Major issuesThere are 6 major issues for concern surrounding SME’s in particular: 1.A lack of awareness about the issue among SME’s. 2.A lack of recognition of the fact that they need to do something about the problem sooner rather than later. 3.Confusion as to what should be done 4.How to do it. 5.The costs involved. 6.No contingency plans. Figures 1 (a) and (b) show results from an OECD report on the state of readiness in both the US and in Western Europe. The OECD survey of businesses found that SME’s fitted into the category of firms that experienced medium Y2K problem exposure, and yet they were in the medium-low compliance category. A survey in Europe done by IBM on progress toward Y2K readiness in January 1997 and April 1998 highlighted small companies (defined as 100-1000 employees), noting almost 41% undertaking no significant activity in 1997, but decreasing to only 13% in April 1998. Many firms (43%) saw the problem as a technical, not a business issue. Ireland - where do we fit in?“The Year 2000 problem is a strategic issue unlike any other. It represents a real threat, not only to competitiveness, but also to company survival if not properly addressed. The deadline is unavoidable and non-negotiable. Companies who continue to procrastinate on the issue are putting their businesses in danger”. - Phillip O’Reilly, President of the Irish Chambers of Commerce of Ireland Actions taken so farWhat has been done to help SME’s in Ireland come to grips with the problems that Y2K poses? •The Minister of State for Science, Technology and Commerce in the Department of Enterprise, Trade and Employment Noel Treacy TD has spearheaded a Y2K Enterprise Awareness Campaign. This involved the issuance of brochures in March 1997 and again in May 1998 to all commercial and industrial enterprises in Ireland. 110,000 copies were delivered by mail and another 40,000 via representative and commercial bodies. •A Y2K National Committee has been established to advise and assist the Minister. This body is comprised of representatives from business organisations and development agencies. The minister has hosted a number of regional seminars throughout the country assisted by Y2K National Committee representatives. •A national conference was held on September 9th 1998, to highlight the Y2K issue. It was attended by over 600 people, who listened to speakers from the UK’s Action 2000 body, from the Irish Computer Society, and from IBM. •The Irish national enterprise development agencies have been instructed to ensure that all clients, both indigenous and international, are Y2K compliant. Grants-in-aid will not be made available to any company which fails to certify its compliance. •Company Directors have been warned of their responsibilities and liability under Irish Company Law to ensure compliance. •The Irish Insurance Federation has stated that insurers may decide to introduce exclusion clauses for all damage, consequential loss and legal liabilities arising directly from policy holders’ failure to become Y2K compliant. •Irish Banks and Building Societies have said that those businesses, which are unable to provide and substantiate an assurance on compliance, could well find difficulty in raising or renewing credit from lenders. •The Accountancy Profession in Ireland has warned of the requirement of companies to disclose their Y2K status when accounts are being audited. •2000 Aware, a non-profit, cross industry grouping was set up to raise awareness and provide information on the problems of Y2K among businesses in Ireland. Its primary means of doing this is through its web site. •In March 1997, the Irish Computer Society established a Special Interest Group to deal with the problems posed by Y2K, both within IT and in society generally. It intends to raise awareness of the Y2K problem, provide information on and possible solutions to the Millennium Bug, act as a forum for discussion on Year 2000 issues, and work with other bodies concerned with the Y2K problem. •The Department of Enterprise, Trade and Employment has sponsored an ongoing data-gathering project to be conducted by the Irish Computer Society on the state of readiness of Irish business for Y2K. Survey ResultsThe following are some of the results of a survey carried out by the Chambers of Commerce of Ireland and the Irish Computer Society. ♦Positively: 1.Awareness among Irish firms of the Year 2000 issue is high at 90%. 2.80% of companies have appointed someone with senior management authority to deal with the issue. 3.52% of companies have already begun Year 2000 projects. 4.Majority of small companies (turnover of under £50,000) expect to spend less than £10,000 on resolving Year 2000. 5.Only 9% of businesses say they will not have all systems Y2K compliant by the year 2000. 6.40% of businesses had not considered requesting confirmation of year 2000 compliance from their business partners. ♦Negatively, however: 1.16% of companies intend to take no action on the Year 2000 issue. 2.15% of companies don’t expect to be Year 2000 compliant by mid 1999. 3.44% of companies (both large and small) have not yet assessed the possible impact on their business of those in their supply chain. 4.Only 20% intend to produce a Year 2000 contingency plan. ♦And in terms of SME’s: 1.Retailers are particularly vulnerable - 63% of those surveyed had not checked the compliance of embedded systems such as cash registers and Point of Sale equipment. 69% have not assessed possible damage to their business from those in the supply chain. 2.Smaller businesses are particularly unaware of the problems of Y2K - of the 10% who were unaware, 80% of businesses with a turnover of less than £25,000 were unaware. 3.Of the 16% of the companies who do not intend to take action, a large proportion of them are SME’s. 4.Only 31% of businesses with turnover of less than £50,000 have been checking new products for compliance. 5.100% of those businesses with a turnover of less than £25,000 have not assessed the possibility of damage to their business from outsiders in the supply chain. 6.0% of companies with turnover less than £500,000 have produced a contingency plan. 7.The smaller scale of the businesses involved means that the cost of reaching compliance seems to be proportionally lower among SME’s. (Source: The 1998 Joint Survey by the Chambers of Commerce of Ireland and the Irish Computer Society) ObservationsSo what does all this mean. Essentially most companies in Ireland are aware, quite a number have begun to do something about it, but there are too many organisation who believe that this problem will not affect them in any way. It is this belief that must be addressed before these companies will start to do anything about the issue. It may be true to say that a company has absolutely no difficulty approaching 01-01-2000, but a company can only say this if they have assessed their exposure, evaluated the exposure from their suppliers and assessed their exposure to their customers. This is one situation where the concept of no man is an island is certainly true, while the organisation itself can be totally prepared if they have not considered the external environment then they are sticking their head in the sand. The business chain as mentioned previously is only as strong as the weakest link. Remember if the doors on the building you operate in lock and can’t be opened – there are two scenarios to be considered – can the bad guys get in if they are locked in the open position or if they are locked closed then the good guys can’t get in or out. This is only a simple example of something which could create severe difficulties on 01-01-2000. The situation in other countriesNetherlandsApproachThrough its National Millennium Platform, a joint public-private sector task force set up by the Ministries of Economic Affairs and Internal Affairs in November 1997, with a US$6.5 million two-year budget, the Dutch government is actively promoting awareness and initiating actions through a series of pilot projects across the economy, aimed at developing solutions to technical, legal and other issues. The National Millennium Platform aims specifically to promote: - Awareness - Sectoral Approaches - Certification and labelling - Resource availability - Risk analyses - Contingency planning The platform uses representatives from various sectors of the economy to stimulate businesses and organisations to tackle the problem of Y2K. It actively arbitrates between parties, such as ICT suppliers and service providers on one hand and computer users on the other. It monitors progress throughout the sectors. It is also conducting a national risk analysis dealing with vital sectors and vital supply chains, the auditing of Year 2000 projects in vital sectors, welfare consequences of Year 2000 failures and the human and behaviour anticipated if specific combinations of vital sectors fail. The results will be used for prioritising as well as contingency planning. The platform has developed a number of working groups (8 in total) to address specific areas of the problem, and has created a number of facilities to inform citizens - including a call centre, comprehensive web-site, newsletter, meetings, award scheme, etc. The Dutch government has reached voluntary agreements with IT suppliers on Y2K compliance certification schemes. The government has also implemented program to monitor the impact of all new legislation on IT with regard to the year 2000 problem. In the case of the public sector, The Government Y2K Project Office is responsible for awareness and education in the public sector. It is generally predicted that Dutch Y2K effects will be similar to the effects in other EMU member states along with Japan and the US. Average 1.5% loss of production in the year 2000, a drop in private consumption of 0.25%, a 5% extra demand for business services, and a 2% slow down in global trade and in Dutch exports. (Source: ING Barings Research survey, May 1998) An OECD report says that the policy of the government of the Netherlands on priorities by sector to be addressed, does not include SME’s as such a sector. The same report concludes that a stronger role for governments is required, including incentives to promote private sector readiness, such as tax breaks, loan programmes for small businesses, training or other policies to promote expansion of the IT labour pool, and policies to promote information disclosure. Current Status•3 months behind according to OECD report earlier this year, but IBM report says it is still highly prepared, in relation to the rest of the world. •Cap Gemini estimated that the total fix cost of the Y2K problem in the Netherlands would be in the region of $US 9 billion. •1998 survey reports on readiness for Y2K: (1)Ministry of Interior Survey - 99% of objects within the public sector with a (April) possible millennium problem have been identified. - 71% completed impact analysis (2)National Millennium Platform - 97% of all organisations were aware of (February) the problem - 68% had started a millennium project- SME’s required additional attention United KingdomApproach“The Millennium Bug is one of the most serious problems facing not only British business but the global economy today. Its impact cannot be underestimated” - Tony Blair. The UK has used its $US26.7 million Action 2000 task force and policies to fund small business preparations to address the Year 2000 problem. Action 2000’s role is to heighten awareness and to provide information within the business community. Its main product is a set of fact sheets available on the Web and on hard copy, which is regularly updated. It uses the strategy of enlisting key players in industry to address specific issues. The level of funding of Action 2000 has been increased to STG£17 million for this year, and an additional 70 million pounds has been allocated to a training programme to address IT skills shortages, although not all of this is targeted at Year 2000 training specifically. Other financial support includes recently announced tax breaks for companies experiencing particular problems. It has also emphasised the need for international preparations, conducting preparedness surveys through all of its embassies, contributing US$16.7 million to the World Bank to support government efforts in developing countries. The Year 2000 Team, based in the Cabinet Office, is responsible for public sector co-ordination and oversight. Current Status•6 months behind according to OECD report earlier this year. •Companies employing between 10 and 250 employees, together accounting for 30% of the UK’s private sector employment, are the major problem according to Action 2000’s latest findings. The actual state of preparedness has improved, however, since June, with over 60% now at the inventory/impact assessment stage compared with 44% in June. •A DKB report predicts that by the year 2000, output could drop by more than 1% due to a large number of non-compliant systems, but growth would resume the following year resulting in an total decline of 0.5% over the three years to 2001. •An Action 2000 survey has found that 38% of companies employing less than 50 employees felt that the Millennium problem was an IT issue. •64% of businesses with under 50 employees were taking action over the Y2K problem, were not ready, with 28% saying they were aware but taking no action. •Taskforce 2000 estimated that the total fix cost of the Y2K problem in the UK would be in the region of $US 51.7 billion. GermanyApproachThe German government has assigned responsibility for awareness-raising and interface with the private sector to a unit of its Ministry of Economic Affairs called Fundamental Questions and the Information Society, while oversight of the public efforts is handled by the Ministry of Interior. Despite recognition of the problems posed by the Y2K problem early on at the Federal level of administration, the German situation is 8-12 months behind according to OECD report earlier this year. This is because the situation of progress at the lower levels of administration (Lander) is much more mixed. In the private sector, there have been many initiatives concerning large companies and some of the smaller IT companies. The role of government in the private sector is, therefore, just to fill in any gaps. It does, however, maintain a Web site and the Information 2000 forum holds meetings and publishes a newsletter. Chambers of Commerce believe a greater degree of co-ordination of private initiatives by government are required to help increase awareness and get the message across, including best practices and other practical guidelines. However, there is still not enough being done to reach SME’s, who tend to have different problems to large companies. No forum for SME’s exists in Germany. Current Status•Cap Gemini estimated that the total fix cost of the Y2K problem in Germany would be in the region of $US 88 billion. •Medium-well prepared according to IBM report. FranceApproachThe French government have placed the emphasis of responsibility on the sectors themselves to address the issues. Has split responsibilities between two organisations: (1)Commission Thery “Passage informatique a l’an 2000” set up in 1998 with responsibility for raising awareness and supporting economy wide on a national level, including regional government offices responsible for working with industry, professional and trade associations, chambers of commerce and SME’s. (2)Commission Marchat, which is a co-ordinating body within government for ensuring or supporting public sector readiness. Current Status•Cap Gemini estimated that the total fix cost of the Y2K problem in France would be in the region of $US 12 billion. •Medium-well prepared according to IBM report. United StatesApproach“With millions of hours needed to rewrite billions of lines of code, and hundreds of thousands of interdependent organisations, this is clearly one of the most complex management challenges in history”. - Bill Clinton. The US government established a President’s Council on Year 2000 Conversion, comprised of high-level representatives of 35 Federal agencies and headed by a full-time “Year 2000 Czar“, whose role it is to promote national and international awareness. The agencies are chairing working groups involving industry trade associations from 32 sectors, with particular priority given to working groups involving key infrastructure areas. Goldman Sachs estimate the Y2K cost will be equivalent to around 0.15-0.6% of GDP annually between 1997 and 2000. Current Status•Ahead according to OECD report earlier this year. •A survey conducted by the Small Business Administration (SBA) found that US SME’s are 90% IT-reliant for accounting/finance and billing functions, 86% IT-reliant for word processing, 80% IT-reliant for sales recording, 75% for communicating with customers, and 60-70% reliant for database and project management, payroll, marketing and sales management and inventory/tracking and warehousing functions. Conclusions & RecommendationsAs the Y2K date is absolute it is vital that organisation start the preparation process and change process immediately. To encourage business, especially SME’s, a number of tax based incentives should be introduced. These incentives should be time-limited and only available until August/September 1999 in order to encourage companies to start their work plans as soon as possible. The government should establish a Y2K Web-site, and produce a simple easy to use guide on how to go about assessing the problem, measuring the impact and planning the action to take. This guide should be available widely, free of charge. A dedicated help-line should be set-up for a limited period of time, to work in conjunction with the Y2K action guide. Legislation should be put in place to ensure that any hardware or software products purchased after a certain date - perhaps 1/1/98 should be Y2K compliant or be rendered Y2K compliant free of charge. The onus of responsibility should lie firmly with the producer/manufacturer. The government should establish a partnership forum between large computer suppliers both hardware and software whereby these organisations are given the opportunity to share their expertise and knowledge with SME’s. Many computer manufacturers are going to enjoy huge additional sales as many organisations will be purchasing replacement computer equipment. Following from the partnership forum – it may be possible to reward manufacturers who participate fully in this partnership forum by allowing them claim tax credits against profits. All information events/project meetings should continue to take place regionally. Finally I believe this committee should keep this matter on the top of their agenda for the coming year and should at the first available opportunity invite the Irish Computer Society to make a presentation on the issue. CONCLUSIONY2K is a global, unavoidable business issue. It is very possible if handled professionally that the issue will only cause a slight blip in business progress. Conversely if the Y2K issue is ignored or not addressed soon enough and is not given top business priority in terms of problem solution, it will cripple organisations. The major concern I have is that failure to address Y2K could create a downturn in our growing economy or at the very least incur unnecessary and very significant cost. And it is this possible downturn which is really the concern for government. The cost to the SME’s who are not tackling these issues are living dangerously and putting their business at risk. |
||||||||||||||||||||