Irene Dec, Vice President

Senate Committee on Agriculture, Nutrition, and Forestry

Thursday, May 14, 1998, 9:00 a.m.

Senate Russell Office Building, Room 328A

[Opening]

Senator Lugar and members of the committee:

My name is Irene Dec and I am Vice President of Corporate Information Technology at the Prudential Insurance Company of America, headquartered in New Jersey. I am Prudential's Year 2000 Program Manager, leading the company-wide Program Office.

I am pleased to have this opportunity to present Prudential's top-level strategies for solving the Year 2000 problem. They are strategies that could be applied to any other large organization, including the government.

[Introduction]

Because of Prudential's size and scope, our Year 2000 problem was monumental. Fortunately, our Chief Executive Officer, Art Ryan, and our Chief Information Officer, Bill Friel, recognized the seriousness of the problem and identified it as an Enterprise priority. Prudential's entire senior management team sees Year 2000 as a critical business issue ­ not a technology nuisance.

It is too late to start early.

As of today, there are exactly 596 days left until we reach the Year 2000. That includes only 85 weekends. At this point, it is simply too late to start early.

We began addressing the Y2K issue at Prudential in 1995, and we have moved aggressively since then. While we are confident we will meet our objectives, we are not wasting one single day.

It is time to move beyond awareness of the Y2K problem. It is time to take action.

[Risk Management Actions]

For those organizations that have not moved aggressively on the Y2K project, I will be discussing 10 critical risk management actions that must be taken:

First, Secure Executive Commitment. Identify the Year 2000 project as the most critical project within your organization, and secure unwavering executive commitment to it at once.

Second, Establish a Year 2000 Program Office immediately and assign your best people to the project full-time.

The Program Office is responsible for setting standards and operating principles for the Y2K project which apply to the entire organization. This prevents waffling on important issues, saves time and ensures consistency across the organization.

At Prudential, we established 10 Operating Principles. One was to restrict parallel development activities in order to keep our focus on timely completion of the Year 2000 project.

In addition, our Program Office established metrics to help us accurately track, measure and report our progress on Y2K. This task has been critical to our ongoing success.

Today is May 14. Do you know where your Year 2000 project is?

You do if your Program Office is tracking it properly. That means measuring "planned" versus "actual" accomplishments; reporting on a monthly rather than on a quarterly basis; and tracking progress against established milestones.

Meticulous tracking and reporting ­ with real accountability attached ­ is one of the best ways to reduce the risk of failure. Antiquated tracking methods or haphazard reporting are unacceptable for the Year 2000. Large organizations, especially, must rely on sophisticated metrics and tools to track their Year 2000 projects.

Third, on the list of risk management actions is to Identify Critical Applications ­ those that have the greatest impact on the business and on people. Focus your efforts on achieving Year 2000 compliance for those applications first.

Fourth, Stop All Other Projects. There is no time for applications or systems projects that are not Y2K related. Year 2000 must take complete and total priority. This is an example of what executive commitment really means.

Fifth, Devote Time to Testing. Y2K testing will require three times the normal testing time. You must test before Year 2000, as the century turns, and at certain dates beyond Year 2000. About 50% of the Y2K project will be spent on testing. Also, be ready to cope with the problems that testing will reveal. Be sure to allocate time to go back, fix code and re-test.

Sixth, Develop Contingency Plans. Organizations must think about building manual processes to do the work that systems support and that can not get done by the Y2K deadline. And you must communicate with the people and businesses impacted by those manual processes.

Seventh, Review and Assess Business Partner Risks, including software vendors and other suppliers. You must also identify vendors that put your organization at risk for non-compliance and prepare contingency plans for alternative software replacements.

Eighth, Validate Desktops. In this case, I am referring to desktops that are not controlled by the information technology departments. Many business decisions are based on calculations performed on spreadsheets and databases on personal computers.

Ninth, Determine Your Computer Capacity. Do not wait. In some cases, you will need to double your capacity.

Tenth, Develop and Control Your Risk Validation Process. Your audit and management integrated control departments must assist in validating your progress and reviewing your Year 2000 compliance. In addition, you need outside firms to validate your processes, and in some cases, to check your compliant code. Also, determine a process for "spot checks," which will allow you to select certain applications and validate particular portions of them.

[A Problem of Titanic Proportions]

The key message I am compelled to leave with you is this. Year 2000 is a problem of Titanic proportions, but information technology controls just a tip of the iceberg. The remaining ­ and often unseen ­ risks include business partners, software vendors and the validation of the desktop environment.

We in the information technology department can run the Y2K program offices, manage the projects and fix the code. We can test for compliance and prepare the organization for January 1, 2000 and beyond.

But we cannot do it alone. We have got to have the unwavering support of our top executives and the cooperation of every employee and business partner.

It was the unseen portion of the iceberg, which struck Titanic below-decks, that doomed everyone aboard. My grave concern is that the leaders of too many organizations will dismiss ­ or worse already have dismissed -- the critical nature of the Y2K project. Simply saying it is your highest priority does not translate into the action needed to achieve Year 2000 certification.

Some executives may overestimate the ability of their already stretched information technology staff. Or perhaps, they will underestimate the amount of work and resources needed to become Year 2000 compliant by the deadline. It is a deadline imposed by the relentless force of time ­ the toughest taskmaster of them all.

[Failure Is Not an Option]

In my opinion, the Year 2000 problem is a sink or swim proposition. But because I am, by nature, an optimist, I prefer to leave you with a different image of Year 2000.

When Jim Lovell), the commander of the ill-fated Apollo 13 mission, uttered those immortal words, "Houston, we have a problem," he was not kidding.

For any organization that plans to succeed into the Year 2000, failure is not an option. Those were the confident and determined words of Gene Kranz, the Mission Control Chief who was largely responsible for returning the astronauts safely to earth.

Washington, "we have a problem." And its name is Year 2000. Yet, I believe if you are smart and strategic if you make every second count you will achieve your goals and survive this mission critical assignment.

Because we at Prudential have zero tolerance for Y2K failure within our own organization, we have zero tolerance for Y2K failure within any of our business partners' organizations. We are aggressively working with all our partners in fields as diverse as finance, law, medicine ­ and government ­ to ensure that Prudential's customers will not feel so much as a tremor when we collectively blast into the Year 2000.

[Conclusion]

That is why, in closing, it would be impossible for me to overstate the size and scope of the challenge the Federal government faces in preparing to meet its obligation to the citizens of this great nation regarding Year 2000 readiness.

As world leaders, we Americans must take the lead in Y2K compliance. We must set the example for other countries to follow. We must demonstrate with decisive action and bold measures that failure is not an option.

I urge you to take swift action on the 10 risk management actions for successful Year 2000 transition, which I discussed with you.

Senator Lugar and committee members, thank you for giving me this opportunity to speak with you today. It is indeed an honor for Prudential to have been invited to contribute to the public dialogue on what will surely be the defining moment of the end of the 20^th century not only here in the United States, but also around the world.

This concludes my testimony.