<snippage of many pertinent questions>Quote:>I am attempting to produce a list of questions which people should ask to
>determine the compliance or non-compliance of a company. Ultimately, I
>like to use these questions as a sort of "script" so the order of the
>questions is also important. Please review the following questions and
>any comments or suggestions:
You did not make it clear as to that for which the script was to be used.
Is it, perhaps, for a complinace assessment campaign for a large
organization that is to be conducted via telephone? (I have done such
things, that is why I felt compelled to ask.)
By and large, the questions are all good, nevertheless several may provoke
the party to whom they are directed to become uncooperative or worse. In
some cases, the more deeply one probes, the more likely you will be
deliberately misled or deceived, and the less useful the information
This is the * sleeze factor that causes the denialists (including
several clueless participants in this forum) to rejoice over utterly
meaningless information. This statement ought to alarm them, but it
probably will not.
For example, when you demand copies of project schedules you are likely to
get copies of outdated or fabricated information. If you grovel nicely and
in broad terms, you are more likely than not to recieve an up-to-date copy
of an Intranet page intended for employees only or, if you are very lucky, a
current GANTT chart.
You must "work" the receptionists, finess the project managers, ask for URLs
and email addresses, "killing" everyone with kindness (thus employing the
Secor-approved sugar over vinegar fly-drawing methodology). At least that
has been my experience several months past, corporate councils or
consultants have undoubtedly had time to silence everyone and frustrate such
Great way to open! It is indeed unfortunate that far too many complinaceQuote:>What is your definition of Y2K compliance?
>Is your company currently Y2K compliant according to your definition?
statement demand letters fail to define "compliance", thus rendering the
received response meaningless (unless, of course, compliance is defined
within the statement received).
A little too heavy handed. NEVER bring the legal beagles into theQuote:>If yes, could you have your legal counsel send me a letter confirming that
>are 100% Y2K compliant?
conversation unless it is otherwise unavoidable, and then only as a threat.
Ordinarily I conduct such campaigns in four or more "waves", each increasing
in pressure. The last wave should pit your lawyers against their lawyers,
and should be avoided, if at all possible, to maintain comfortable
Do you REALLY expect that they will admit to their actual Y2K costs? And doQuote:>How much money has your company allocated for Y2K remediation?
>In your personal opinion, is this going to be enough?
you REALLY expect a "personal opinion" to hold up in court, should it ever
come to that? I advise my clients on disguising Y2K costs as routine
maintenence, and I expect anyone worth their salt would do the same. Don't
expect 10-K and 10-Q filings to be any more accurate either! Mustn't upset
the shareholders or inform the competition, ya know!
Don't expect accurate answers to such questions, especially when such a setQuote:>Have you developed contingency plans?
>If so, what are your contingency plans?
of plans is incomplete or inadequately rehersed or if it has uncovered
serious deficiencies. Again, this information borders on "trade secrets"
and must be shielded from public scrutiny.
Replace with "Based upon your experience, do you anticipate any businessQuote:>In your opinion, will your company be able to function after Jan 1, 2000?
and/or service disruptions after 2000/01/01?" and "If yes, do you expect
them to be minor and of short duration or do you anticipate them to be more
You may want to add a question or two regarding the GPS rollover
(1999/08/22), and a few specific to EDI dependencies -- just for feces and
My experience (two Fortune 500 types and several smaller organizations) has
caused me to become VERY skeptical and pessimistic as to the veracity of the
responses being advanced. NEVER expect full cooperation. NEVER expect 100%
participation (66% may be as good as it will ever get!). NEVER expect
accurate responses. Above all else, NEVER take the respondent's word at
face value -- VERIFY EVERYTHING (to its practical extreme)!
If you are preparing a telephone script for a large corporation, it is too
late unless you can assign <100 companies per assessor! Otherwise, do not
waste your time or their resources. Begin BCP & contingency planning NOW --
start with TEOTWAWKI and work your way back to the proverbial "speed bump".
There is still time for small businesses to perform Due Diligence, however.
Not a lot of time, mind you, but time nonetheless.
(Let us all hope that you aren't assembling this script for one of our fine
financial institutions. They have to be 100% "compliant" and 100% complete
in six months!)