INDY Committee Meeting

STANDING COMMITTEE ON INDUSTRY

COMITÉ PERMANENT DE L'INDUSTRIE

EVIDENCE

[Recorded by Electronic Apparatus]

Thursday, October 10, 1997

• 0905

[English]

The Chair (Ms. Susan Whelan (Essex, Lib.)): Order.

Today is the first meeting for the Standing Committee on Industry. We would like to welcome the Auditor General here today, but before we allow to him speak we have one item of business.

The steering committee met two days ago. We have the first report from the steering committee or the subcommittee on agenda and procedure before us. Would somebody like to move that report?

Mr. Walt Lastewka (St. Catharines, Lib.): Madam Chair, I move the report dated October 7, 1997. I believe it has been circulated.

(Motion agreed to) [See Minutes of Proceedings]

The Chair: Thank you. We will now move to our witness.

Mr. Desautels, would you introduce your colleagues with you and begin.

Mr. Denis Desautels (Auditor General of Canada): Thank you very much, Madam Chair.

I am accompanied today by Mr. Doug Timmins and Mrs. Nancy Cheng. Mrs. Cheng in fact is the person who actually directed all the research and the field work that led to the chapter that we tabled earlier this week.

I thank you very much for the opportunity to appear before this committee to discuss this chapter, which dealt with the federal government's own preparedness for the year 2000 phenomenon. This phenomenon is in fact a global one. It refers to the potential for systems errors and failures caused by a past computer practice of coding the year with two digits.

Nowadays we place significant reliance on information technology in various aspects of our lives. As we all know, governments rely on information systems to deliver programs and services to the public and to support operations. Businesses depend on systems for continuous operations and more importantly for competitive advantage. The year 2000 issue threatens those systems on which we have come to rely. For those businesses that rely heavily on such systems, the year 2000 can put their survival at risk.

• 0910

The worldwide costs of dealing with the year 2000 have been estimated by some as high as $600 billion U.S. In Canada, total costs are estimated to range from $30 billion to $50 billion. The Treasury Board Secretariat has estimated the cost for the federal government alone to be in excess of $1 billion.

Our recent audit examined the risks and exposures that government programs and operations face as a result of the year 2000 threat. We reviewed the progress and the state of preparedness at a number of departments and initiatives undertaken by the chief information officer branch of the Treasury Board Secretariat to advance government efforts concerning the year 2000. We supplemented our audit with a general survey of departments and agencies.

[Translation]

We concluded, as of the end of April 1997, that the rate of progress has generally been slow and that the residual risks for systems errors and failure from Year 2000 remain high. In addition, significant exposures such as insufficient technical resources could, if they materialize, jeopardize Year 2000 efforts.

The Treasury Board Secretariat, under the leadership of the Chief Information Officer, has helped raise awareness in government and is working with departments and agencies to find common solutions.

However, we are concerned that continuous delivery of major government programs and essential services into the 21st century remains at risk. The potential consequences for the government could be manifest as health and safety concerns, financial implications, disruption to essential services for the public or legal ramifications.

In our view, urgent and aggressive action is needed. We have recommended that Year 200 projects, including the development of contingency plans, be ranked a top priority in departments and agencies and that high priority be assigned to identify and oversee the successful implementation of the most critical systems for the government as a whole. We have emphasized the need for sustained commitment and support from senior management and for continued engagement of ministers, as appropriate, to address exposures and roadblocks that can derail Year 2000 projects. We have also recommended that the Secretariat accelerate its work plan that addresses common issues for the departments and agencies.

[English]

Madam Chair, I would like to note that we have not examined the year 2000 project at Industry Canada itself, nor have we included an examination of efforts or an assessment of readiness by businesses in addressing the threat they face as a result of the year 2000. Nevertheless, the risks are particularly high for small and medium-sized businesses, where the potential impact of the year 2000 may not yet be fully appreciated.

We believe that this committee, as well as the task force on the year 2000 announced by Minister Manley, can play a pivotal role in helping the business community to gain awareness and to move toward converting and implementing the information systems for the year 2000.

In addition to supporting Minister Manley's task force, you may wish to consider communicating immediately and on a proactive basis with businesses to sensitize them to their exposure to the year 2000 issue; encouraging, to the extent feasible, sharing of experiences on technical solutions and best practices; and exploring the merit and feasibility of joint efforts with other stakeholders in assisting the business community to deal with the year 2000.

As a final note, paragraphs 12.31 to 12.34 and exhibit 12.1 in chapter 12 of our report describe the various phases that any organization would have to experience in managing year 2000 projects. Significant exposures that could jeopardize year 2000 efforts are noted in paragraphs 12.91 to 12.109. You may wish to consider using this material to assist you in assessing business readiness or helping businesses to prepare for the year 2000.

• 0915

Madam Chair, that concludes my opening remarks. My colleagues and I would be very pleased to answer any questions members of the committee may have of us.

The Chair: Thank you very much for that summary of your report.

We will begin questions with the official opposition, the Reform Party, and Mr. Lowther.

Mr. Eric Lowther (Calgary Centre, Ref.): The Auditor General made comments about the need to address the most critical systems. I was wondering if he could give us some insight into our level of preparedness on the most critical systems as opposed to those that may not be as critical. Has priorization been done around certain systems that are there, and what is his assessment of the level of preparedness for those critical systems?

The Chair: Ms. Cheng.

Ms. Nancy Cheng (Principal, Audit Operations, Office of the Auditor General): Thank you, Madam Chair.

In the audit what we did was look at the overall state of preparedness within government. We did not go down to the system-by-system level. While we were concluding the audit and formulating the recommendations, we felt there was an absolute need for us to take a government-wide perspective. That culminates in the recommendation saying we really need to concentrate on a manageable number of critical systems. From our dialogue with Treasury Board Secretariat, I understand such a list has been formulated as an initial draft and they are in the process of deciding whether certain systems should be in or out of this particular list. From there they would do their monitoring in terms of seeing how these systems are coming along.

So out of the audit I don't think we're in a position actually to offer you an assessment of how these systems are really progressing, aside from an overall assessment that things have been moving rather slowly. We actually commented that if we keep going at this pace we probably won't make it, meaning we have to do a lot more than what we've seen as of the end of our audit, which was the end of April of this year.

Mr. Eric Lowther: If I understand what has been said here, the stage we are at now is identifying the critical systems within the department, more than assessing where we're at on the year 2000 project against those systems. Is that right?

Ms. Nancy Cheng: What we saw within the nine departments as well as our surveys was that most departments tend to be still finishing their planning stage, a phase that is absolutely critical, because we need to know what inventory we're working with, and then within that you assess, priorize, and so on. Our comment is that very few departments have moved beyond that planning phase into actually converting—and converting could be either repairing a system or actually replacing it with a different system. That was the status as of the end of April.

The Chair: Mr. Bellemare.

[Translation]

Mr. Eugène Bellemare (Carleton—Gloucester, Lib.): Thank you, Madam Chair.

[English]

This gives us the mood of naysayers at the approach of a millennium, that the end of the world is approaching. It gives me that feeling.

Now that you've alerted us to the problem

[Translation]

I would like to know what you have been doing aside from sounding the fire alarm. You have to send firemen to put out the fire. Are you simply an observer, a critic, or may we expect you to urge people to develop a system to correct the two problems, in order to allow our computers to go from the year 1999 to the Year 2000?

Secondly, you tell us that the problem is global. It is not unique to the Ottawa-Carleton region or to Canada, but it is a worldwide phenomenon. There are large computer centres. We know some in the United States, and we are very proud of the ones we have in Canada.

• 0920

Have you contacted those people to see if they are developing a system to correct this small flaw?

Mr. Denis Desautels: Mr. Bellemare's first questions were about the role of our office in all of this, the role we would like to play, that we are trying to play or that we could play. I would say to the committee that our first objective was to make people aware of the importance of the problem, in particular the departments that have an important role to play in this.

We noted, on the basis of the work we were doing with each department, that the federal government was not sufficiently concerned with the problem and that it lagged behind considerably as compared to other large organizations in the private sector.

Thus, our first purpose was to light a fire, if you will, and get things moving. As soon as we began our audit...

Mr. Eugène Bellemare: Be careful, with fire alarms, you are going to set a fire.

Mr. Denis Desautels: A little one. The simple fact of announcing that we were going to carry out an audit got things moving quite a bit, and departments, in particular Treasury Board, began to take the problem seriously and to plan the measures they needed to solve it.

Thus, our role was that of a catalyst. However, now that we have reported, we cannot simply stop our work there. The follow-up we intend to do on this situation is going to be even more careful than the one we normally do. It is up to the government and its various departments to solve the problem in their own organizations.

To reply to your second question, Mr. Bellemare, we did in the course of our work hold many consultations with private sector people and with people who know the field of information technology. They even helped us to assess the government situation.

Overall, those people were much more concerned with the problem than most of the federal government managers seemed to be. In fact, you said that industry might be in the process of preparing a magic solution, but one of the dangers we identified was that people might be tempted to do nothing while awaiting that magic solution. However, it is possible that a magic solution will not be found to solve that problem. Most large businesses—we spoke to people in the banking sector—are working very actively to try to solve the problem; they are not waiting for a magic solution that someone may come up with one of these days.

[English]

Mr. Eugène Bellemare: A last question, and a short one, Madam Chair. I know very well the Auditor General is in constant contact and has a good relationship with his equivalent in the U.S. government. What is the comparison of alertness between your counterpart in the U.S.A. and yourself?

Mr. Denis Desautels: Madam Chair, Mr. Bellemare is right. We have constant communication with our neighbours to the south, in particular the GAO, the General Accounting Office. As recently as yesterday I was looking at some reports they have published on the issue, dealing with individual departments and their state of preparedness. The one I was looking at quickly yesterday was on veterans affairs. So they're very much concerned about this issue there too. It's not as though we're the only ones ringing the alarm. Our neighbours to the south are very much worried about this.

Observers will tend to say people in North America, on the other hand, are more attuned to this issue than people in other parts of the world. That's the good side, I think. Even at that, people who are attuned to it are worried about it and feel it is a significant challenge.

The Chair: Thank you, Mr. Bellemare.

Madam Lalonde.

• 0925

[Translation]

Ms Francine Lalonde (Mercier, BQ): Mr. Desautels, I must confess that until last week I took this issue having to do with the year 2000 somewhat lightly. I thought it was a small problem but since then, I have done research and read up on the issue, and I am now beginning to understand that it is not a small problem and that it could become a major one, especially in light of the age of a certain number of computers, particularly those big mainframes that exist in large institutions.

One eventually comes to the conclusion that yes, this is a real problem, not only for the government of Canada and provincial governments but also for businesses.

I was rereading the report you made last year, in which you asked Mr. Monty and his team to make recommendations in the spring of 1998. We know that in the United States they are also aware of the problem. The real question, the one we should be sounding the alarm on quite loudly, concerns resources, wouldn't you say? Moreover, in reading up on the topic, one learns that the United States needs technical experts, among the most brilliant, to work on the issue.

Mr. Denis Desautels: Ms Lalonde is right. One of the challenges, particularly for those who are lagging behind, is to find the necessary technical resources to help solve the problem. It is quite a specialized field and some of the old systems you alluded to were programmed in languages that are not much used anymore. So those who know those languages, such as COBOL, are rather rare.

There is this lack of resources but there is also a lack of time. Contrary to what one usually sees this is a situation that has to be settled by a specific date. The Year 2000 will arrive and we will have to be ready at that time. In some cases it may even arrive sooner, so to speak, because there are programs and applications where dates are moved around. We don't have much time. So, the time factor and having access to technical experts to solve the problem are two very important constraints.

Ms Francine Lalonde: You feel that work is progressing slowly within the federal government. Is that not quite a severe judgment? Are we going to have to demand that sufficient resources be put in place? Moreover, you fear that the political will dissipate before we reach the objective.

Mr. Denis Desautels: We feel, and I don't want to exaggerate, that this is a serious situation and the various departments must set very clear priorities. Aside from the danger of not taking the issue seriously there may be another one, which is that of competing priorities.

Some priorities, or certain other projects, may have to be delayed or set aside temporarily to solve the Year 2000 problem first.

So managers must set clear priorities. We also think that ministers should take an interest in this because this would immediately send a loud and clear message under the circumstances.

It is a matter of setting clear priorities and maintaining them. There are financial consequences to all of this, as you know. Ministers have to invest in this to solve the problem. They are also going to have to find the necessary funds to solve the problem. This forces people to make important and perhaps even difficult decisions.

• 0930

Ms Francine Lalonde: On page 12-21, there are some tables that are quite interesting. Are the 14 large departments where the problem deserves more attention named somewhere? I have not had time to read everything attentively.

Mr. Denis Desautels: No, we did not name all of the departments concerned here, but at the end of the chapter we did name the nine departments we used in our sample, in our own work.

The idea was to focus on the situation as a whole rather than on particular cases, among other reasons because those particular cases may see their situation evolve from month to month. The work was finished, as we said, at the end of April. We hope that since then the situation has improved. So, we wanted to focus on the overall view rather than on particular cases.

The Chair: Thank you, Ms Lalonde.

Ms Jennings.

Ms Marlene Jennings (Notre-Dame-de-Grâce—Lachine, Lib.): Mr. Desautels, I want to follow up on the issue Ms Lalonde raised in her question on the scarcity of technical resources.

In the best case scenario, if the government were ready and the action plans were in place, etc., the matter of technical resources would still be outstanding.

I see in your report that the Secretariat informed you that the Chief Information Officer Branch had prepared an action plan to manage industry and technology human resources. Have you been able to assess that action plan to see if it reflects reality properly and meets the needs?

Mr. Denis Desautels: I am going to ask Ms Cheng to answer your question, please.

[English]

Ms. Nancy Cheng: The issue of technical resources indeed is a very important one, and it's probably one of the exposures that we've listed that are upon us right now. What we found was that departments were experiencing high attrition rates: we're losing people. You have people skipping from one department to the other because they get a better classification. We have people leaving the government to go with the private sector, and we also have private sector technicians, if you will, leaving Canada to head down to the United States, where the compensation is perhaps a bit ahead of ours.

The plan that Treasury Board talks about really only came to discussion with us near the end of our audit, so we certainly do not have a concrete plan in our hands for us to really assess. What we constantly keep saying is that that is an issue we need to deal with.

As you all know, we have the collective bargaining process, and that does not make life any easier in terms of trying to retain technical resources.

So there are a number of movements afoot.

The concern we have is that if we are not going to be ready for the year 2000, one of the recommendations we have emphasized is the need for contingency planning. If we can't make it, then what can we do so that important programs and services can continue without any major interruptions?

[Translation]

Ms Marlene Jennings: Did you see, in departments or agencies, contingency plans prepared in case the planning to meet the year 2000 challenge proved inadequate to change all of our systems? Did you see plans where priority was given to the systems that must absolutely be changed to minimize the risks, dangers and effects of the year 2000 problem?

[English]

Ms. Nancy Cheng: During the audit we selected nine departments for a closer examination. So for those nine departments we do have their plans. These plans could be a collection of different types of documents: it could be an inventory of what systems they have, it could be some assessments of how important those systems are to the operations of the specific department, and it could also include some kind of time schedule, cost estimate, and these kinds of things. At the departmental level we have seen some of those, and it's based on the assessments of those plans that we came out with the conclusion that we still have a long way to go and that the situation is still very urgent.

• 0935

[Translation]

Ms Marlene Jennings: So according to you no, department is ready for the year 2000. No department has concluded its planning process in order to meet the challenge. I am not talking about departments where changes to systems would have been made and where the audit of those technical changes would have been carried out. However, can you tell us today if there is at least one department in government where all of the planning has been done?

Is there a contingency plan to deal with the consequences if the general action plan is not sufficient to meet the challenge?

[English]

Ms. Nancy Cheng: Madam Chair, there are really two parts to that question. First of all, on contingency plans, throughout the audit we have not seen any contingency plan. It's a subject that was being discussed. That's why we have in our recommendation that these plans have to be developed and that should take very high priority.

About whether the plans are there and whether they are sufficient to deal with the year 2000, I don't think we're saying they definitely won't be ready, but as auditors we look at the risk, and we think the risk is quite high. That means management has to do more to try to mitigate that risk.

The Chair: Mr. Axworthy.

Mr. Chris Axworthy (Saskatoon—Rosetown—Biggar, NDP): First I'd like to thank Mr. Desautels for helping us, the House of Commons, and Canadians in general to understand so much of what goes on in government. He has always been very constructive and expansive in the way in which he has approached these problems and he has covered many more things than perhaps those who appointed him thought he might cover.

I think it's alarming that we would have a federal civil service not ready for something that is only three years away. We've seen considerable activity on staffing—some of that was mentioned—in the federal civil service. You point out in your report that a challenge will be to sustain senior management interest and commitment over time. Would you be prepared to indicate to what extent this is a problem within the civil service as a whole? It seems to me we would expect our civil servants to be planning for the future not only 3 years away but 10 or 15 years away, as most other successful countries would do. What does that say about our preparedness or the nature of our civil service?

Mr. Douglas Timmins (Assistant Auditor General, Office of the Auditor General): Madam Chair, I think the important point to remember is that throughout the world the initial reaction was that this was an IT problem and the IT industry would solve the problem and there would be a quick fix. So we're not behind others in terms of not recognizing the problem is a management problem and not an IT problem. So I'm not sure it's fair to criticize that we're worse in that regard.

Nonetheless, there is an urgency and a priority, and as we recommend, a need to pick up the pace to ensure this doesn't continue at the pace we're at, or we won't be ready. It's important that there's also support in finding the funding and the resources from all parties. That includes senior management. It includes, as we point out, ministers and parliamentarians in terms of asking for the information and ensuring people see it as a top priority and keep it there.

Mr. Chris Axworthy: Not all the Auditor General's recommendations to the government have been positively adopted. Do you anticipate this one will be?

Mr. Denis Desautels: We track our batting average so that you know, and the majority of our recommendations get adopted. I think on this one we have had a positive response. I don't think this is an issue where we disagree. We sometimes disagree on issues, but on this one I think we have the people running the departments and those in central agencies onside with us now in terms of the urgency of the situation. So we think that they'll be trying hard to correct the situation. I just hope there will be nothing that will detract them from that determination in the next few months.

• 0940

The Chair: Mr. Shepherd.

Mr. Alex Shepherd (Durham, Lib.): Of course in the last Parliament we discussed a little bit of this, and I thank you for bringing it to our attention again.

In the technological world there must be this concept. I hear the words “replacement of existing systems”, and obviously that must be very expensive. I know that there are companies out there that are trying to develop the technology to do conversion programs.

I guess what we're doing is saying we're trying to find a cure for cancer and it's not coming very easily for us. At what point do we give up on the IT program, as you mentioned, and just simply go forward for what could be a very costly program of replacement and repair?

Ms. Nancy Cheng: When people talk about conversion in the year 2000, generally there are three approaches: you can fix what you have; you can replace it with a new system; or you can eliminate them if the functionalities are no longer deemed to be really relevant or critical. So that's what people mean when they say “conversion”.

Replacement is one of the three very viable strategies. While on the one hand you may think that it might be expensive to fix, in the replacement mode you basically extend the life of that information system for a period of time. So it is an investment that would serve the need of your organization over that period of time.

There are also instances whereby your system is so old that it's not feasible to try to fix it. In other words, it might not cost you any more to go to a new system as opposed to going back to the old system and trying to replace it.

A good example would be our financial management systems. A lot of departments are now considering trying to get a new system in time, and SAP is one that is destined actually to come into a lot of departments to serve as the financial system.

The problem is that implementation of new systems often takes time and our track record of bringing new systems in on time has not been particularly good. If we don't have sufficient assurance that these would be in time, before 2000, and you don't have your old system fixed, then you're really in trouble.

What we're suggesting is that people still have to go back to the old systems to look at them, and cost becomes a secondary factor in this particular case.

Mr. Alex Shepherd: So you're saying basically that conversion is not a viable option, based on the technology that exists there today.

Ms. Nancy Cheng: Fixing may or may not be a viable solution, but a lot of systems are being fixed right now because there isn't sufficient time really to try to bring a lot of new packages in on time. So it is actually happening a fair bit.

Mr. Alex Shepherd: My next question would be a matter of managing, and presumably what we're talking about is managing risk. Who has the ball? Is there someone in the Treasury Board Secretariat responsible for the implementation and conversion of this? Is there some kind of system where we have a checklist of the goals we're trying to achieve and a periodic reporting of how we're going ahead with implementing that agenda?

Ms. Nancy Cheng: It's basically ministerial accountability. The responsibility of addressing the systems rests with departments and agencies.

The role of the CIO, as I understand it, is that they provide leadership. So if there are common issues—for example, if there are things that cut across government that can be done once so that departments don't have to repeat the same exercise and reinvent the wheel—that's where the CIO comes in. There are best practices.

The chief information officer, CIO, is a senior position within the Treasury Board Secretariat. So essentially the chief information officer branch has a year 2000 office for the entire government. Where we talk about taking a look at this issue from a government-wide perspective and identifying a manageable number of systems most critical to government, that falls within the purview of the CIO office.

They have provided a submission to Treasury Board to seek some funding to manage some of these horizontal issues, and our report makes reference to that.

Mr. Alex Shepherd: Once again getting back to the window I was looking at, I would expect that business and other people would have a plan. It's a month later. How far have you gone toward implementing the plan, given these critical dates that you're talking about here? Is that process happening?

• 0945

Ms. Nancy Cheng: I believe there are more planning documents. There are a number of projects within TBS's so-called work plan. It's a series of projects. Some are being implemented, others are still more in the planning stage.

Mr. Alex Shepherd: You're saying, basically, it's a haphazard approach; there's no specific methodology to implementing a success plan.

Ms. Nancy Cheng: I don't believe that's what I said, Madam Chair. What I'm trying to indicate is that a number of things need to be done. For example, they are trying to understand the shortage of technical resources within government, so they have a contract in place to have some people researching the subject and looking at options for what the government might do.

While you can still say that is in some sort of a planning phase, they have advanced beyond just saying there is an issue of technical resources. Something is being done on the procurement side of things, because procurement takes a long time, and if it takes six months to get a contract in so Department X can have contractors start helping them fix the system, that's not going to help the cause. So again, those things are being worked at.

There's a series of things they are attempting to do, but understanding that different things have to happen almost at the same time, they are more advanced in some than in others. Our urge is to say there are a number of key things that need to be moved along faster, so make sure those get the attention.

The Chair: Mrs. Wayne.

Mrs. Elsie Wayne (Saint John, PC): Thank you very much, Madam Chair.

Auditor General, it's important for us to know that this is being handled, and handled properly. I just said to my colleague to the right, you know, we took out everybody who worked with their hands and we put in machines called computers and whatever; I'm not an NDPer, but this shows if we still had them working with their hands we wouldn't have a thing to worry about.

How do you recommend we review this progress until the completion of the conversion? What time do we have here? You're saying they are starting right now, but if the government were to adopt the Auditor General's report and all of us collectively agreed to that, over what period of time...? Do we have enough time right now? Have you a program in place right now which you can present to them and say, look, these are the steps you have to follow, right here, and if you follow these steps, then you'll be ready for the year 2000? Has that type of program, Mr. Auditor General, been presented to the government?

Mr. Denis Desautels: As Mrs. Cheng was explaining earlier, the chief information officer within the Treasury Board Secretariat has a key role to play in this, in monitoring the state of preparedness of the various government departments, even though they have no direct authority in what each department has to do. Let me add as well, though, to repeat what Mrs. Cheng has said, that this office asked for additional funds from the Treasury Board during the summer actually to carry out some additional pieces of work in this oversight and monitoring role. I think if you are to look at some type of agency that might have a good overview of this situation, it would be the Treasury Board Secretariat, through the chief information officer.

It's a situation, as we've said, that has to be monitored closely, because the clock is running. So parliamentary committees interested in this may want to ask for progress reports from the chief information officer, and those progress reports to be useful, given the time pressures, should be made, I would say, on a quarterly basis. It's not something such that you can wait for another year to get a progress report, because systems have to be in place for the federal government we think generally by March 31, 1999. Others will say that's even late, because systems should in fact be tested a full year earlier. The clock is running fast and I think it requires monitoring that should be done on about a quarterly basis.

The Chair: Mr. Murray.

• 0950

Mr. Ian Murray (Lanark—Carleton, Lib.): Mr. Desautels, we have actually discussed most of the things I wanted to ask you about. I really was interested in this problem of resources and how we deal with competition in the private sector.

In your report, you mention that the crunch will probably come late in 1997. We're there now, and I imagine we're experiencing that problem. You also in your report mentioned that the nature of the issue calls for a government-wide initiative.

Perhaps I should be addressing this to the chief information officer rather than to you, but as a member of Parliament, I can imagine two years from now the calls from constituents who rely on departments like HRD or veterans affairs, who may not have.... I'm not trying to pick on those departments. I'm just suggesting that we could be faced with a major problem with people not receiving services from government as a result of this.

Again, you did tell us about the action plan that the chief information officer has developed. I still don't have a clear idea whether you found that plan to be reasonable, or whether it is still too early to assess that.

I've come to the conclusion that what we probably need is a government-wide approach to this, particularly when we may have to look at contracting out for a lot of the resources we require, competing with the private sector for that. I just don't have a sense yet of how far along we are with the chief information officer.

Ms. Nancy Cheng: Madam Chair, the issue of technical resources really is a very troubling one. There really isn't a work plan that TBS could furnish us with that we could look at and assess. Mind you, things are happening as we speak. My understanding is that they're attempting to assess the overall shortage to government and deciding what some of the options are, and they are conducting dialogue with the various heads of information technology in departments to see what the feedback and reaction are.

The member asked about whether the plan is sufficient overall. We haven't really seen an overall set of plans, so we really couldn't assess them. But we know there are movements afoot, because we are in communication with the secretariat itself and we know they are trying very hard.

I think we need to be fair when we sort of say the status is somewhat slow. Is it much faster in some other jurisdiction? I don't think we're necessarily behind others. Having said that, it's a serious issue, and we really have to put our minds to it.

The HR issue is a particularly worrisome one, and that may be one on which ultimately the government might have to come back to Parliament for help, in terms of sort of seeing whether some of these options can be put in place and maybe needing parliamentary support for that.

Mr. Ian Murray: As things stand right now, is it fair to say that the departments are autonomous in how they deal with this problem, in that there is no one at say Treasury Board who can direct them to act in a certain way?

Ms. Nancy Cheng: The CIO, chief information officer, was appointed on March 1 of this year, so he is new to the office. He has taken on the initiative in a very serious way and is consciously trying to deal with the issue. I believe it is one of his top priorities. So he is taking leadership into his hands to try to steer the various government departments in the same direction. But essentially the departments are the ones that know their information programs. It does not make sense to really take them out of their hands to try to place it in the centre. The centre doesn't really have the capacity to deal with it.

So I think the structure is probably right, but the CIO still has a long way to go in terms of getting the problem under control.

I come back to the point Mr. Desautels made about monitoring and overseeing how these various critical systems are performing. They're starting to sort of map out where some of these systems are.

First of all, you have to define what are the most critical systems. Once you know that, you need to ask if there are plans to have them implemented and fixed before the year 2000. How well are they performing vis-à-vis these plans? All these things have to take place on a sequential basis. I think they're on the right track in terms of trying to deal with that.

Mr. Ian Murray: Thanks.

The Chair: Thank you, Mr. Murray. Mr. Lowther.

Mr. Eric Lowther: As I listen to the questions and the answers here, I think the auditor's report is very balanced and very calm. But I get increasingly concerned about this issue. We talk about the year 2000, but there's also I think a reference in the auditor's report to the solution, and that the fix should be in a year prior to the year 2000, so we have a chance to work out some of the bugs, if there are any. So that really only gives us a year to have a solution in place. Yet I'm hearing that we don't even have any idea what the critical processes are yet. We're trying to build a list of what the critical processes are, and the priorities aren't currently in place. No one seems to be prepared. Yes, there is a little bit of a management structure in place, but that's about it—sort of a front with nobody behind the front, no building behind the front stage.

• 0955

I wonder about the fact that maybe our department is behind. I can remember a year and a half ago sitting in industry's sessions with private industry where this issue was very much front and centre and solutions were being considered and things were charging along. It seems to me we're really lagging here.

I guess I have sort of a twofold question. Is anyone actively looking at solutions that are in the private sector that may be applicable to this department, rather than reinventing the wheel? Certainly there could be a factor there of also integration of systems to private sector systems that may have to talk to one another, having some sort of commonality there. That would seem to me to be an urgent first step. What are the solutions that have been put together in the private sector to date?

Finally, I guess I would ask the auditor to speak to the minister's role in this—to bring us this close to the critical time. What is the minister's role? It seems to me we should be really turning up the heat on this.

Mr. Denis Desautels: Madam Chair, I think that's a very important question. How serious is the situation really? As Mr. Lowther said, the report is calm and balanced. I think we tried to describe the situation in as objective and balanced a fashion as possible. Some people are more alarmist about the issue than we have been. Some people predict all kinds of things that could go wrong, including cars that won't start because they have chips that are year 2000 sensitive. When you start thinking that way, the list is endless of things that could go wrong.

I think we have to basically back off and identify what are mission-critical issues for any organization, whether it's the department, the government as a whole, or private sector organizations. What are mission critical systems? This is where, in answer to your question on the minister's role, we refer a little bit to the minister's role in that in any organization it's important for the chief executive officer of the organization to be on top of what are mission-critical systems and threats to those systems. So I think ministers asking questions about this and asking for regular updates on the preparedness of their organizations will go a long way to having the organization put itself in shape to respond to this.

You talked specifically, Mr. Lowther, about industry. Well, industry is not one of the departments we looked at, so unfortunately we'd have no particular knowledge of the state of preparedness of that department, but I'm sure they would be pleased to update you, if you wanted, on the state of their preparedness.

Mr. Eric Lowther: What I meant there was more private industry.

Mr. Denis Desautels: Oh, okay.

Mr. Eric Lowther: What went on in private industry to deal with this same problem and how those solutions might be applied to our situation in the government departments.

Mr. Denis Desautels: I referred to that in my opening statement. Of course our mandate does not extend to looking at how industry generally is prepared for this. But as I pointed out, some of the principles we used in our work to judge how well government is prepared or what they should do I think are equally applicable to most private sector organizations. So I think they could be used as a basis for pursuing these questions with representatives of industry.

The Chair: Thank you. Mr. Jaffer.

• 1000

Mr. Rahim Jaffer (Edmonton—Strathcona, Ref.): I was just curious. When I was reading I noticed how much of a cost obviously will be associated with this. It's quite a big process in all the departments, and I'd heard that someone mentioned that it should be the focus of the departments themselves actually to make these changes, because they're in tune with what sorts of technical things they have in the departments.

Is there enough money there for the departments to absorb a lot of these changes that are going to come with these changes, or is a wholly new sort of foundation for funds going to have to be built in to accommodate these changes?

Mr. Denis Desautels: My answer to that would be that most organizations should have planned for this and therefore should have been budgeting for it. But, to be realistic, it's also quite possible that some departments may feel that they don't have the resources to deal with it completely and may be applying for additional funding to take care of that. So I think it will be a mixed bag. I think some organizations have been working on this for some time and have been budgeting for it. Others may be coming for additional requests.

Mr. Jim Pankiw (Saskatoon—Humboldt, Ref.): You probably know better than anyone else how bad the government is at meeting deadlines, so what kind of confidence do you have that this crisis will be solved in time?

Mr. Denis Desautels: Do you want to try that one, Doug?

Mr. Douglas Timmins: That's a difficult question to answer in a global sense, because the risks that have been identified really boil down to individual systems, individual departments, and there will be the potential for individual failures as opposed to global failures.

We have laid out what we think are some of the pitfalls that the government has to deal with. As Mr. Desautels has said, many of those may apply equally to industry in terms of what they would need to focus on.

For example, the exposures that we identify are equally applicable in the private sector. There have been a number of studies that have identified that the awareness in the private sector is the same as what we've identified here.

The issue is probably greater for the small and medium-sized businesses than it would be perhaps for the larger ones, where they've identified and have the resources internally available or may be able to acquire them.

So to say that it will be a wide-sweeping failure of systems.... I think it all depends on the priority that's put to it in the various areas.

There's no doubt that most people would speculate that there will be some failures, and we recommend within our chapter the issue of triage, in the sense of identifying those critical systems, setting priorities for them and monitoring and ensuring that those are managed, and not necessarily trying to deal with everything. That's basically a strategy that will say that some will fail.

The Chair: We hope this committee will help to ensure that failure won't happen.

Mr. Ianno.

Mr. Tony Ianno (Trinity—Spadina, Lib.): You referred in one of your statements earlier to solutions. Have you done an inventory of the potential number of solutions there might be to the problem? For example, is it program coding? Is it chips? What is the one that you're finding from the information you have from the several departments that have started the process? In other words, if one department has done some repair work, can it be used for many of the departments? I gather from your facial expression that you have got the question.

Mr. Denis Desautels: Nancy.

Ms. Nancy Cheng: There are a series of solutions out there. In fact, it's evolving into an industry. Where there is money to be had, I think the private sector responds fairly readily.

New tools are coming out every day. Primarily it involves going through the coding to try to figure out where the date code is being used so that it can be corrected in a number of fashions to help the organization to deal with the clock turning over to the year 2000.

A lot of these tools can be employed in more than one scenario, and what I'd like to highlight is that the government does have what it calls an interdepartmental working group. This is not a table where you get deputy heads sitting together. These are the deputies sitting together to talk about experiences—“We've done this at our department, and it seemed to work”—so other people can learn from it.

• 1005

There are tools that can be shared. In fact, you hear a lot of people talking about “conversion factories”. That's because after doing several you actually accumulate experience and you can apply it that much better. The skill is transferable and the solutions can be—-

Mr. Tony Ianno: What I'm trying to get at is that I guess at first you say the world is falling apart in the year 2000, but I'm saying, okay, how many types of solutions are there? Are there 10? Are there 1,000? Are there 100? Once one of the number is attacked and dealt with and solved, can that not be found through the whole inventory list of what is required, so in effect everyone with this kind of problem...this is where they all are, let's go and solve that problem?

Ms. Nancy Cheng: They're mostly generic tools. Once you have that tool, you have to apply it to your environment. Each computer environment is pretty well unique. You have different application systems. You have different types of databases. You might have a different combination in the boxes they run on. So the platforms can be different. You take the tool and then you tailor it to your environment. That's one of the main reasons why I said you need to leave the systems within the hands of departments and agencies. Otherwise it would be chaotic. You can't take it back into the centre and apply one standard fix.

Mr. Tony Ianno: Computers are very simple in many ways. They deal in very straight-line methods. If it's box A and a certain type of program, running whatever other system in place, whether it's Windows or whatever, generally once you take those variables, that is the same whether it's the finance department or the human resources department or whatever else. I like make-work projects, but what I don't want to see is everybody running around trying to solve the same problem from a wholly different perspective.

Ms. Nancy Cheng: That concept applies for the shared systems. In our chapter we refer to paragraphs 142 through 144. That's where you might have some applications where the same application system is being used in more than one department. So you can literally go through the coding for how that program works, and if it's certified, then that same program should work for all departments.

But that's only at the program level. By the time you take the combination of what your system interfaces with.... The same system in department A and department B.... Maybe in department A all that system does is to work within itself and interchange data with another system within that same department, but in a department B scenario you could have one system that actually liaises with the public, so your combinations are countless.

Mr. Tony Ianno: But the program is still the same.

Ms. Nancy Cheng: You can do it at the program level.

Mr. Tony Ianno: Right.

Ms. Nancy Cheng: If you have the same program, which is a concept that is being promoted under the shared systems initiative, you can do that. That's why we say there is merit to be gained in trying to solve it once and for all. But aside from shared systems, all these other ones...unless you get it off the shelf from a vendor, in which case the vendor will help you fix it. If you have a home-grown system, you can't fix it and expect that to be shared with another department.

Mr. Tony Ianno: As auditors, have you gone through and looked at one solution to see how the whole system works, as compared with just raising the red flag?

Ms. Nancy Cheng: The scope of our audit relates to assessing the overall state of readiness in government. It's not set out actually to assess individual tools.

Mr. Tony Ianno: So you really didn't look at a solution per se to see what is required in a solution to see how desperate the situation might actually be?

Ms. Nancy Cheng: I think we've seen enough, and we've seen enough through the literature and discussions with private sector experts, plus some of our own knowledge in terms of—-

Mr. Tony Ianno: With that discussion with the private sector and whoever has dealt with the solutions, you've actually looked at the solutions to see how difficult they might be?

Ms. Nancy Cheng: Not to the extent of actually reviewing codes or anything of the sort, but it's their assessment or their—-

Mr. Tony Ianno: But you didn't follow one, whether it's through your readings, through the program people you may have spoken to, to the actual visuals, from point A right to the end, to see what is actually involved, to know how to audit whether it's being done or not, as compared with just the superficial.

Ms. Nancy Cheng: I don't think there is any documentation that lays out a process from beginning to end.

• 1010

Mr. Tony Ianno: Has no one solved the problem? In some cases you say that some have actually converted. Has anyone solved it?

Ms. Nancy Cheng: Some are in the process of conversion.

Mr. Tony Ianno: But no one has yet solved the problem on any system, be it private sector or government. Is that right?

Ms. Nancy Cheng: Do you mean for the entire enterprise?

Mr. Tony Ianno: For their system. In other words, the year 2000 problem has not been solved by anyone, as far as you know.

The Chair: Mr. Desautels would like to comment.

Mr. Denis Desautels: Let me try to answer this question. We've consulted with industry at length. For instance, we've had people, as I mentioned I think at the beginning, helping us from the banking industry, from financial institutions. We've also had people from large manufacturing outfits consulting with us. At this stage—these are some of Canada's largest corporations—they're still all working on solving the issue. They're quite a way ahead of where we think the federal government is. The solution for financial institutions and banks is quite different from a mining operation or a smelter. So they have to approach things quite differently. The same thing applies to the government. In government you have Defence, you have Revenue, you have HRDC, and they're all in different businesses. If you're looking for the one standard model that you can—

Mr. Tony Ianno: I'm looking for one solution. If there is no one solution then there is nothing that can be looked at, at all. All businesses are different and therefore there are different options. But if there is one solution, then we know how long it took them from A to Z and what was involved. We can then start from there to see how else we can approach solutions overall.

The Chair: Thank you.

Mr. Desautels, a last comment.

Mr. Denis Desautels: I think we can look for companies or organizations that might be able to demonstrate that they've got it solved. At this stage, we have not identified one that can say, well, we have it all solved and here's how we've done it. Sooner or later there will be one, and maybe we should learn from that case.

The Chair: Thank you.

[Translation]

Ms Lalonde.

Ms Francine Lalonde: For instance, can you assure us at this time that all those who will be entitled to an old age pension at that time will not have problems? I am focusing on that particular aspect in light of the fact that we know there have been computer problems for years in the department concerned.

[English]

Ms. Nancy Cheng: HRD is one of the departments that we did take a close look at, but we didn't look at the department with a view to assess it on its own. None of the departments we've looked at now has come far enough for us to give you the comfort or the assurance that they will definitely be ready. It's different from saying they will definitely fail, but that means we have to work quite hard to get it to the point where we need to be ready.

[Translation]

Ms Francine Lalonde: Very well.

Further, the Department of Industry has the responsibility of helping business to prepare. The responsibility of Canadian business lies with microeconomic development and this committee has made recommendations in that regard, when the Minister created a working group chaired by Mr. Monty.

Did you study the effect that that group should have? What impact will the questions put to that group have on Canadian industry? Did you draw any conclusions on the effectiveness of that proposal?

People were asked to what extent the key sectors of the economy would be ready to face the computer problems inherent in the arrival of the year 2000 and were asked to reply to that question before the end of May 1998. This does not give people a lot of time to work and find solutions especially if part of the solutions must be found with the assistance of technical experts.

[English]

Mr. Douglas Timmins: I think the question certainly raises the issue of whether we have looked at it. It's been only recently announced, so it's very early. We have not specifically covered it within the scope of our audit at this point. We will certainly be interested in its progress as it proceeds with its work.

• 1015

The one issue that I think comes out of it is that it will not report until May. Therefore that is some time, but hopefully there will be information available from it that they will be able to provide, progress.

One of the major concerns might be that the focus of it is to do surveys. We have had surveys of information, but if it is able to increase the support, the awareness, then I think it will certainly be of value. Whether it will be enough is certainly another question.

[Translation]

Ms Francine Lalonde: That's it. The question that several of us raised was: but what will be done? It seems to me that one of the reports of this committee stated that to settle the issue we will not necessarily need new technical resources, since the factors are known ones, but time and plentiful resources.

However, those resources cannot be trained very quickly. A lot of studies have been done, but do you know if anyone has taken a census in order to ensure that resources will be sufficient to solve the problems in both the public and private sectors?

[English]

Mr. Douglas Timmins: I think we've certainly within the audit identified the risk that there won't be the resources, and as the time progresses, the demand for those resources is going to escalate the value of them and the risk that they won't be there.

The other issue that was discussed earlier may well put pressure on, as well. If companies choose to turn to other solutions by implementing new systems to replace, there will again be pressure on the resources.

There are indications that there will not be sufficient resources, so that's why I think we've pointed to pick up the pace to deal with it now, before the problem of the resources becomes critical all at the last minute.

The time is fixed. The date that it has to be corrected by is not movable. As my colleague has pointed out earlier, we don't have a past history of delivering IT projects on time. That's why we advocate as well within the chapter the urgency and importance of having contingency plans, which will allow them to plan for some if with the resources they will not be able to deliver all of the systems on time.

There are two points to the issue of resources. One is the issue of resources within the federal government for them to do it, but also there is the availability of those resources in the private sector. It's in tight demand in both cases. If there are good resources in the federal government, they're being drawn into the private sector, because there is money and an increase in the potential.

[Translation]

Ms Francine Lalonde: As time gets shorter, there will be an increasing tendency to turn to people, with money in our hands, to get them to help.

At this time, are there enough human resources within the federal government to solve the problem? Are we going to have to turn to external resources?

[English]

Mr. Douglas Timmins: I think the solution depends on the individual department. Some of the larger departments, some of which we looked at, have fairly large resources available to them, dedicated to maintaining and fixing their own systems, and have been attempting to make corrections and deal with that as they proceed with their own work within those systems, the maintenance and the repairs of those systems. However, many of them also depend on contractors or consulting resources. We can easily see that there will be a competition for those resources.

• 1020

One of the points we identify as the exposures or the opportunities for central government-wide action is to deal with the procurement process in terms of making sure it's not a lengthy timeframe to acquire the resources under contract so that by the time you get through that process the resources have gone somewhere else. The government is certainly aware of this and is trying to deal with it.

[Translation]

Ms Francine Lalonde: Yes, but the issue is cause for some anguish at the Department of Industry. In order to be ready, the government will have to go and find resources that may also be needed by other businesses in Canada, all the more so since we know the United States will also be looking.

Mr. Denis Desautels: Madam Chair, we could ask the Chief Information Officer of the Treasury Board about his assessment of the availability of resources within government.

I think that some departments are already suffering and have seen some of their experts leave recently. So there may be a problem. It is a question that could be addressed to the Chief Information Officer.

I think that the Department of Industry might also provide certain indications about the seriousness of this problem for Canadian industry as a whole.

[English]

The Chair: Mr. Lastewka.

Mr. Walt Lastewka: Thank you, Madam Chair. I think Ms. Jennings also has a question. I'd like to ask just a few and then share with her.

You have led me to believe more work maybe should have been done in your report on the chief information officer on having better understanding and control of what needs to be done in all the departments. Maybe this committee needs to bring that person or department here so we can better understand the overall work.

Did you go deeply enough with the chief information officer? Do they have a proper critical path for all departments which sometimes they interchange? Were they ready enough? Forget about the fact that people are there just recently. I'm more concerned with whether that department has an overall critical path.

Ms. Nancy Cheng: Madam Chair, as of the end of April they did not have any documents of that kind. I believe it was into the later part of the summer that they started to accumulate this list. This list is being circulated to all the other departments to get some kind of concurrence that these systems collectively would be the most important to government. They're trying to firm up that particular list right now, but also trying to understand why these systems would be most critical to government. Once they have that, they will be mapping it out to a time line to try to understand where some of these systems might be and which are the ones that may be more at risk.

Mr. Walt Lastewka: Did they indicate when that time line report would be available?

Ms. Nancy Cheng: They are doing surveys of departments. My understanding is that some information will be coming forward in the fall of this year, because arising from that some money will be requested, as one of the members pointed out. We're probably looking at the magnitude of over $100 million. It's in the hundreds of millions. Some departments will need new money to help them to deal with the year 2000. Some of that information will come forward in the fall.

Mr. Walt Lastewka: In your audit, did you review where we have a federal-provincial tie-in? Is there something such that the federal government and the provincial governments should be tying in? Was that one of the items under the chief information officer?

Ms. Nancy Cheng: I have not seen it specifically as an issue they're working on as a high priority. There's talk about liaising with other jurisdictions, but that's not one we have actually looked at within the audit.

My understanding is that a lot of the departments are doing that themselves, because as you can understand, a lot of departments actually have to liaise with their counterparts in the provinces, and if they exchange any data they have to be very concerned about whether the data will be good and that they wouldn't corrupt their databases. So I know some dialogue is happening, but at the centre we have not seen that in the audit and we probably would not be the best to comment.

• 1025

Mr. Walt Lastewka: Is your department ready?

Mr. Denis Desautels: We're monitoring our situation on a monthly basis. We have our own list of all of our systems and how much it will cost to update and upgrade each of them, and a timeline to do all of that. We're monitoring that on a regular basis.

The one thing—which is a good example that we can't control—is that some of our systems are not our own necessarily, such as our pay system. In paying suppliers and so on we're relying on the government's central system. So we can control part of it, and we hope that we'll be doing all that properly, but for some we're relying on others.

That's life. We're obviously not the only ones in that situation.

Ms. Marlene Jennings: Let me assure you that I don't believe in the magic bullet, contrary to the conclusions of the Warren report on John F. Kennedy's death.

So I do appreciate your report and all of the material and issues that you covered in it, and I also appreciate all of the additional information you've given us. At times it must be difficult to listen to questions when the answers are in the report and to resist the temptation of saying “Why didn't you just read the report?”

I'm going to switch paradigms, because all of our questions have primarily dealt with the government's preparedness.

In your introductory statements, Monsieur Desautels, you talked about private industry, the private sector's preparedness, and some of the initiatives by the Minister of Industry, by Industry itself, in assisting the private sector to be prepared for the year 2000.

You also had some specific suggestions for this committee. I would like you, if possible, to expound a little bit on that.

One point I noted is that, when I see that there is a task force for the year 2000, we might wish to consider having someone come in to talk to us about what's happening there.

I would like you to expound a little bit more on what this committee can do in order to support Industry Canada, support the Minister of Industry, to assist the private sector in being prepared.

Mr. Douglas Timmins: As Mr. Desautels indicated in his opening statement, anything that this committee could do to enhance the communication of the issue, to be proactive with industry, with businesses, with the business community, would be helpful.

If there are magic bullets or solutions that are identified or lessons to be learned, then sharing of those is equally a matter that could be explored.

You could look at some of the risks and exposures that we've identified in this audit and ask if there are lessons to be learned from there that perhaps industry could take on. For example, certainly there is the awareness of the support of management in that it is a management problem and not an IT problem: you could help get that message out.

Some of the solutions or opportunities we talk about are things such as making sure there are some sorts of standards, perhaps sharing test facilities.... Those are more for government, but there may be opportunities for that in industry.

Certainly the issues related to the compliance by vendors in terms of the upgrades and so on are a risk to the private sector. Particularly the smaller businesses, who don't have the resources to resolve the problem, are going to be dependent on others. Awareness that those problems have been resolved and so on I think would be helpful.

There might be a way to develop various scenarios to help business understand the problem and deal with it, things like knowing what can go wrong. There can be problems with cash registers, with Interac payments.... Those are the things the small business person may not be aware of at this point in time.

So at least they are exposed to what could go wrong—because I think in many cases it's a matter of getting an education on what may go wrong. Elevators may not work. Heating systems and ventilation may not work. Any number of things may not work, but at this point most people are not aware those are possibilities.

• 1030

Mr. Chris Axworthy: I have a brief question related to page 12.19 of your report, where you set out the departments, both large and small, that are described as having the situation under control or adequate projects in place, or where the problem needs more attention. Fully half of the departments and agencies that you have represented here are in the last two categories, and even 14 of the large departments are in the category of the problem needing more attention.

What distinguishes the three departments? What is it in the departments that are in the white category that indicates they've got the situation under control? What is it they've done that the other departments haven't done?

Could you also indicate which of the 14 departments need more attention?

Ms. Nancy Cheng: For the chart that we have on page 12.19 the source information came from the Treasury Board Secretariat. Back in about March and April of this year they sent out a very extensive survey under the CIO office to all departments and agencies, asking for information to come back.

The way they have assessed them, basically, was to take a look at where they were, how much work they have done, and what perhaps would be the risk they face in terms of actually having to carry out the rest of the work. From their own evaluation, they came back and categorized these departments in the fashion that was disclosed in the chart.

We are not the author, or the assessor, if you will, of how these categories or the lines get drawn. So it's an information that we are using to support the scenario that in fact the risks are quite high because even the government's own assessment states so. The source of the information comes from the CIO office, and if you have an opportunity to be calling the CIO before you, it would be best to pose those questions to them.

One key thing to remember is that those departments that might be shown as being in the white could have fallen behind by now, and for some of the ones who perhaps require more attention, because you're talking about it, senior management might become more involved and they might actually move from the darker shade to a lighter shade. The point I'm attempting to make here is don't get too hung up as to what those 14 departments are—aside from the fact that we have a large number of larger departments that contain mission critical systems and they seem to be running behind.

Mr. Chris Axworthy: I was concerned about it because, surely, if we're facing a problem and some departments are coping with it well and some are not, it would be wise to find out why they're coping with it well and why the others are not. It might be, for example, that in one department the minister treats it seriously but in another he or she doesn't. It may be that the person in charge of information in one department is more skilled than the person in another department.

As you continue your work in this area, as I am sure you will, I am wondering if you will attempt to identify what it is that characterizes successful departments versus non-successful ones in this context and whether we'll be able to find out those results.

The Chair: Mrs. Wayne.

Mrs. Elsie Wayne: Should or have the departments already considered a moratorium on non-essential new computer purchases that are not Y-2000 compliant in order to avoid an additional cost to upgrade or replace in the future, and have you mentioned and suggested this to them?

Mr. Denis Desautels: I think it goes without saying that departments should not be buying any systems at this point in time where they can't be assured that those system will be compliant with the year 2000 situation. We identified at the end of the chapter that this is an area where we think there's value in the government co-ordinating its efforts in terms of dealing with suppliers to ensure that they provide the right guarantees on year 2000 compliance.

• 1035

What I've been told is that some suppliers are reluctant even to provide that kind of guarantee. So I think government has to be quite firm in obtaining those kinds of assurances. I think that's where joining efforts within departments will help. I'm told that Public Works and Government Services Canada is now insisting on a warranty clause for the year 2000 in contracts with potential suppliers.

Mrs. Elsie Wayne: Thank you very much.

The Chair: Thank you. Mr. Lowther, did you have any more questions?

Mr. Eric Lowther: Maybe just one. I don't want to beat this to death. I think we've gone through this pretty thoroughly. I'll just speak about something Ms. Jennings said.

I can't understand how the task force that we have within the government could ever give advice to the industry on this, especially when we've heard from the audit department here that the industry actually is well ahead of where the government departments are. So that doesn't make sense to me.

Beyond that, I have some information here that this issue was front and centre as far back as 1994. The Treasury Board sent out a survey on this and government departments were aware of this problem several years ago. We've had working group sessions and things. I've got some dates here: May 1996. Has the Auditor General brought this forward before? Are we just rehashing old ground and we keep raising the flag but nobody sees it and nobody is acting on it?

Ms. Nancy Cheng: The year 2000 issue has a fairly long history. My understanding is that dating back to the early nineties in the private sector industry there was some concern expressed. All these old systems that we thought we would have replaced by now are still in place and they're not going to be year 2000 compliant, except that when they first came out we went through a phase that we called denial. Most people sort of see it as a technical issue, and if it's a technical bit and byte thing why can't the technical people just fix it? Attention was raised, but then it really wasn't sustained.

Back in 1994, when the heads of IT first talked about it and the survey was sent out, a lot of departments did not respond because again they didn't see what the significance was. They saw it as a technical issue that the technical folks would look after, not a senior management type of issue.

In the report we refer to the fact that really it wasn't until after a lot of promotion and encouragement kind of effort and not until early 1997 that we started to see senior management take it more seriously.

As an audit office we looked at the issue I think in 1996. We were participating in some of these interdepartmental groups and the like and we found that the heads of IT were becoming very worried about the issue. It started out at the working level actually. The programmers were starting to worry because the senior management didn't seem to want to take it on. The heads of IT became concerned. We felt we then had a role to play to help perhaps raise the awareness of the issue. That's how we sort of decided to conduct the audit.

Mr. Eric Lowther: So this is the first time you brought this forward in a formal audit review?

Ms. Nancy Cheng: Yes.

Mr. Eric Lowther: Great, thanks.

The Chair: Thank you, Mr. Lowther.

Just before we end this discussion, I appreciate the Auditor General coming before us. I would like to ask a brief question and try not to repeat anything that's gone on before.

There seems to be an allegation out there that the government is behind industry. I know that the most recent poll of the Fortune 500 companies shows that five out of six companies of the Fortune 500 have yet to launch the millennium bug fix. Actually only 16% have begun to implement the full-fledged strategy. So I'm not sure that the federal government is behind or whether it's a worldwide problem that's behind.

The most recent editorial in The Economist magazine shows that there are companies and in particular small business that are still in denial that it is a problem. They believe someone else is going to fix it or that they have legal contracts in place that will cause it to be fixed. I'm not sure if that means that the lawyers are going to make a lot of money and businesses will be out of business when the year 2000 hits.

I guess we have a tendency to say the federal government's behind. I'm not really sure it's behind. I appreciate the fact that you've brought it forward in a report, because I think it's a crucial issue for the government. In your analysis, do you believe we really are behind, or do you believe that worldwide everyone is behind?

• 1040

Mr. Douglas Timmins: Madam Chair, I think there is certainly no doubt that it is a worldwide problem and that many parts of the private sector are behind. As we've pointed out, it is a big risk for many of the smaller to medium-sized companies in the private sector, because they are probably further behind. That's not to say that certainly some of the larger companies have put some emphasis on it up to now.

I think it goes back to one of the previous questions. The priority before was always on operating systems. Operating systems are much more important to correct, getting a new system in place because that will generate revenue and profit. That has been the focus of industry as well. However, having said that, I think many of them have now started to realize that it is a matter of business survival. Having done that, I think the larger companies have put some resources to it.

Overall, it is usually a very difficult comparison, Madam Chair, as to whether one is ahead or behind. These surveys are mostly talking about the awareness, and whether we're ahead or behind in terms of awareness. It's very difficult to really judge the question of whether we're ahead or behind in terms of actually fixing the problem, because in many cases the problem has not been assuredly fixed.

It's not a matter of us thinking that government is behind. It's not for us to try to compare whether government is actually behind industry. What we're saying is they're behind where we think they should be.

The Chair: I recognize that, but I also think we should be aware that, as I stated, according to the Fortune 500 poll, only 24% have a detailed plan in place. I appreciate it being in your report, because I think government should be taking the lead. I think we should be at the forefront of this.

I want to thank you, Mr. Desautels, Mr. Timmins, and Ms. Cheng, for being with us. I don't know if you have a final comment you'd like to leave with us today.

Mr. Denis Desautels: No. I think we've discussed the issue quite thoroughly. Thank you.

The Chair: Thank you very much.

The meeting is adjourned. We have a steering committee meeting in a few moments.