1. Column
  2. Checklist

Preparing for the Year 2000 issue.


Related
TOPICS
    Uncategorized Article


How to Prepare for the Year 2000 Problem

A strong intervention plan is necessary to avoid a catastrophic disruption in an organizations computer operations on January 1, 2000. Internal auditors and management can be better prepared by addressing the questions below. (For more on this subject, see pages 33-44)
 
ORGANIZATIONAL AWARENESS
Are all areas of the organization aware of the potential ramifications?
Has management communicated this awareness to employees?
Is the board of directors aware of the organizations vulnerability?
 
RISK ASSESSMENT
Is there an inventory of systems within the organization?
Has management conducted a detailed risk assessment for each system?
Is management able to identify the extent of the problem?
When could the first Y2K problem occur?
Has a risk assessment of the legal liabilities been made?
Has the risk assessment addressed business partners and their systems preparations?
 
RESOURCES
What financial resources are needed?
What staff and systems resources are needed?
Are there control procedures for outsourced or contracted services?
 
PROJECT PLANNING
Has a Y2K project been developed, written and communicated?
Have project standards been developed?
What priorities and timetables have been established?
Has overall responsibility for the project as well as for each segment of the project been assigned?
Are users actively involved in the project?
Have business partners been contacted?
Have vendors provided assurances that their products are in compliance?
 
TESTING
Has the information systems (IS) department developed a test plan for critical applications, systems software and communications?
Does the organization have an adequate test environment that mirrors the production environment?
Has the IS department conducted tests to ensure the Year 2000 compliance system can correctly operate both before and after 2000? This should be completed by the end of 1998.
Have auditors evaluated the test plan and planned to conduct an audit review of Year 2000 testing by the end of 1998?
 
MONITORING
Are reporting mechanisms in place to allow for periodic monitoring of the project?
Do senior management and the board of directors receive periodic updates on the status of the project?
What additional internal auditing requirements are needed?
Source: The Institute of Internal Auditors.


SPONSORED QUIZ

How well do you know small business?

There are over 30 million small businesses in the U.S., and many of them are optimistic in their outlook. Are you familiar with the obstacles and opportunities they are facing? Test your small business acumen with this quiz sponsored by Chase Ink®.

SPONSORED REPORT

In focus: Payroll

Providing payroll services that comply with ever-changing regulations and meet evolving employee and employer demands is no easy task. Paychex's Tom Hammond discusses common payroll considerations for CPA firms.