So, when businesses are warned by IT professionals that a design fault could cause their computer systems to collapse in the year 2000, why do many of them do nothing. Life and limb are not at risk, but business survival might be.
Many computer systems cannot correctly process dates correctly after 31st December 1999. This is because the dates held on many computers do not identify the century. For example, the date 1st January 1997 is often stored in a computer as 01/01/97. But the date 1st January 2000 would be stored in such as 01/01/00.
If these dates are used to do calculations, mistakes will occur. On 1st January 2000 the age of a person born on 1st January 1939, will be 61 years of age. But computer systems will calculate the age of this person as 39.
Where dates are used to sort data, chaos will result. The impact on computer systems will vary. Systems will fail, or applications will continue to function but give wrong and misleading information.
The cost of eliminating the problem is estimated at between £200 billion - £400 billion. While these estimates could be wrong, they are too high to ignore. Many organizations which have begun Year 2000 work find that they have consistently underestimated the time and effort needed to solve the problem.
Information systems professionals say you should begin large scale Year 2000 project work by next June at the latest. As the size of the problem cannot be known until after an initial assessment is conducted the problem should be addressed without delay.
Auditors and accountants cannot afford to ignore the Year 2000 time bomb. Auditors should consider Year 2000 exposure at the audit planning stage (SAS 200 Planning, SAS 210 Knowledge of the entity's business).
The exposure of small organizations with personal computers and packaged software will differ from that of large multinational organizations with complex systems. Auditors and accountants need to apply a commonsense approach. In small organizations, exposure may be relatively easy to ascertain and eliminate by upgrading or replacing software/hardware before Year 2000. In this case, while there may be no impact on the accounts, the auditor may still need to raise the small clients' awareness.
Exposure increases with the size and complexity of organizations and their information systems. The larger the organization the more likely it is that the financial accounts and audit opinion will be affected. Every business needs a plan to address millennium exposures. This plan would typically involve:
The business-risk assessment identifies the potential loss of revenue and any legal risks caused by systems failure. Systems should be ranked into critical, secondary and even tertiary. The strategy to deal with the problem should be based on the results.
At the audit planning stage the auditor must look at what the organization has done to address the Year 2000 problem. If the risks have not been assessed, or there is no Year 2000 strategy, it will be difficult to determine the level of exposure. Because the auditor is addressing the issue at an early stage, he or she can play their part in ensuring the organization deals with the problem.
External auditors, and those in the organization's finance sections must all be aware of the financial and legal implications of the year 2000. These include:
Year 2000 is management's problem. Those in the finance section and external auditors need to tell senior management this. People in organizations that ignore the Year 2000 problem may well experience a more severe headache than most after the millennium party celebrations of New Year's Eve, 1999.
These pages last updated on March 28, 1997