Your Assistance Is Requested

Your Assistance Is Requested

Post by D. Scott Secor - Millennial Infarction Mitigato » Tue, 30 Jun 1998 04:00:00




Quote:>I am attempting to produce a list of questions which people should ask to
>determine the compliance or non-compliance of a company.  Ultimately, I
would
>like to use these questions as a sort of "script" so the order of the
>questions is also important.  Please review the following questions and
post
>any comments or suggestions:

<snippage of many pertinent questions>

You did not make it clear as to that for which the script was to be used.
Is it, perhaps, for a complinace assessment campaign for a large
organization that is to be conducted via telephone?  (I have done such
things, that is why I felt compelled to ask.)

By and large, the questions are all good, nevertheless several may provoke
the party to whom they are directed to become uncooperative or worse.  In
some cases, the more deeply one probes, the more likely you will be
deliberately misled or deceived, and the less useful the information
becomes.

This is the * sleeze factor that causes the denialists (including
several clueless participants in this forum) to rejoice over utterly
meaningless information.  This statement ought to alarm them, but it
probably will not.

For example, when you demand copies of project schedules you are likely to
get copies of outdated or fabricated information.  If you grovel nicely and
in broad terms, you are more likely than not to recieve an up-to-date copy
of an Intranet page intended for employees only or, if you are very lucky, a
current GANTT chart.

You must "work" the receptionists, finess the project managers, ask for URLs
and email addresses, "killing" everyone with kindness (thus employing the
Secor-approved sugar over vinegar fly-drawing methodology).  At least that
has been my experience several months past, corporate councils or
consultants have undoubtedly had time to silence everyone and frustrate such
strategies.

Quote:>What is your definition of Y2K compliance?
>Is your company currently Y2K compliant according to your definition?

Great way to open!  It is indeed unfortunate that far too many complinace
statement demand letters fail to define "compliance", thus rendering the
received response meaningless (unless, of course, compliance is defined
within the statement received).

Quote:>If yes, could you have your legal counsel send me a letter confirming that
you
>are 100% Y2K compliant?

A little too heavy handed.  NEVER bring the legal beagles into the
conversation unless it is otherwise unavoidable, and then only as a threat.
Ordinarily I conduct such campaigns in four or more "waves", each increasing
in pressure.  The last wave should pit your lawyers against their lawyers,
and should be avoided, if at all possible, to maintain comfortable
vendor-client relationships.

<snip>

Quote:>How much money has your company allocated for Y2K remediation?
>In your personal opinion, is this going to be enough?

Do you REALLY expect that they will admit to their actual Y2K costs?  And do
you REALLY expect a "personal opinion" to hold up in court, should it ever
come to that?  I advise my clients on disguising Y2K costs as routine
maintenence, and I expect anyone worth their salt would do the same.  Don't
expect 10-K and 10-Q filings to be any more accurate either!  Mustn't upset
the shareholders or inform the competition, ya know!

<snip>

Quote:>Have you developed contingency plans?
>If so, what are your contingency plans?

Don't expect accurate answers to such questions, especially when such a set
of plans is incomplete or inadequately rehersed or if it has uncovered
serious deficiencies.  Again, this information borders on "trade secrets"
and must be shielded from public scrutiny.

<snip>

Quote:>In your opinion, will your company be able to function after Jan 1, 2000?

Replace with "Based upon your experience, do you anticipate any business
and/or service disruptions after 2000/01/01?"  and  "If yes, do you expect
them to be minor and of short duration or do you anticipate them to be more
severe?"

You may want to add a question or two regarding the GPS rollover
(1999/08/22), and a few specific to EDI dependencies -- just for feces and
giggles.

My experience (two Fortune 500 types and several smaller organizations) has
caused me to become VERY skeptical and pessimistic as to the veracity of the
responses being advanced.  NEVER expect full cooperation.  NEVER expect 100%
participation (66% may be as good as it will ever get!).  NEVER expect
accurate responses.  Above all else, NEVER take the respondent's word at
face value -- VERIFY EVERYTHING (to its practical extreme)!

If you are preparing a telephone script for a large corporation, it is too
late unless you can assign <100 companies per assessor!  Otherwise, do not
waste your time or their resources.  Begin BCP & contingency planning NOW --
start with TEOTWAWKI and work your way back to the proverbial "speed bump".
There is still time for small businesses to perform Due Diligence, however.
Not a lot of time, mind you, but time nonetheless.

Ciao,

Scott Secor

(Let us all hope that you aren't assembling this script for one of our fine
financial institutions.  They have to be 100% "compliant" and 100% complete
in six months!)

 
 
 

Your Assistance Is Requested

Post by docdw.. » Tue, 30 Jun 1998 04:00:00



[snip}

Quote:>We need to start a controlled panic

OW! OW! OW!  No, we need to start a dry wetness... no, we need to start a
round square... no, we need to start a hot cold!

DD

 
 
 

Your Assistance Is Requested

Post by Blackm » Tue, 30 Jun 1998 04:00:00





> [snip}

> >We need to start a controlled panic

> OW! OW! OW!  No, we need to start a dry wetness... no, we need to start a
> round square... no, we need to start a hot cold!

> DD

"You've got to talk without speaking, cry without weeping, scream
without  raising your  voice" U2's Bono...musician, poet, Irishman,
dullard.

--

Citizen Blackmo

 
 
 

Your Assistance Is Requested

Post by D. Scott Secor - Millennial Infarction Mitigato » Tue, 30 Jun 1998 04:00:00



<snip>

Quote:>Sorry I didn't explain.  This is not for any large corporation or business.
>I am trying to increase public awareness in my area, Daytona Beach, FL.  I
>plan to start talking to church groups and anyone else who is interested.
I
>plan to give people a list of questions like these to ask of the businesses
>on which they depend, such as power companies, local government, banks,
>hospitals, grocery stores, accountants, stock brokers, etc.

Sounds mega-cool.  Maybe you can develop a "standard" for all communities
(with a little assistance from the gang in c.s.y2k), posted and updated
weekly, much like Pam's mini-FAQ.

Quote:>> By and large, the questions are all good, nevertheless several may
provoke
>> the party to whom they are directed to become uncooperative or worse.  In
>> some cases, the more deeply one probes, the more likely you will be
>> deliberately misled or deceived, and the less useful the information
>> becomes.
>Non-cooperation equates to non-compliance.  That's fine by me. These
>questions are to demonstrate non-compliance.
>> >If yes, could you have your legal counsel send me a letter confirming
that
>> >you are 100% Y2K compliant?

>> A little too heavy handed.  NEVER bring the legal beagles into the
>> conversation unless it is otherwise unavoidable, and then only as a
threat.
>> Ordinarily I conduct such campaigns in four or more "waves", each
increasing
>> in pressure.  The last wave should pit your lawyers against their
lawyers,
>> and should be avoided, if at all possible, to maintain comfortable
>> vendor-client relationships.

>How else can an individual be sure that they are being told the truth when
a
>company claims compliance?

That's integral to the "Catch-22" situation surrounding Y2K issues.  Perhaps
when your "final draft" is prepared you should allow placement of a
"beleivablity" rating box next to each "answer".  The rating would, of
course, be wholly subjective and vary widely according to the whim of the
evaluator.

It surely couldn't add anything to existing confusion factors.

Quote:>> >How much money has your company allocated for Y2K remediation?
>> >In your personal opinion, is this going to be enough?

>> Do you REALLY expect that they will admit to their actual Y2K costs?  And
do
>> you REALLY expect a "personal opinion" to hold up in court, should it
ever
>> come to that?  I advise my clients on disguising Y2K costs as "routine
>> maintenence", and I expect anyone worth their salt would do the same.
Don't
>> expect 10-K and 10-Q filings to be any more accurate either!  Mustn't
upset
>> the shareholders or inform the competition, ya know!

>No.  Non-cooperation equates to non-compliance.

Now do you understand why I am so frustrated with the gullible Pollyannas
out there?

Quote:>> >Have you developed contingency plans?
>> >If so, what are your contingency plans?

>> Don't expect accurate answers to such questions, especially when such a
set
>> of plans is incomplete or inadequately rehersed or if it has uncovered
>> serious deficiencies.  Again, this information borders on "trade secrets"
>> and must be shielded from public scrutiny.

>Non-cooperation equates to non-compliance.

You're repeating yourself.  But in this case, I like that!

- Show quoted text -

Quote:>> >In your opinion, will your company be able to function after Jan 1,
2000?

>> Replace with "Based upon your experience, do you anticipate any business
>> and/or service disruptions after 2000/01/01?"  and  "If yes, do you
expect
>> them to be minor and of short duration or do you anticipate them to be
more
>> severe?"

>Will do.

>> You may want to add a question or two regarding the GPS rollover
>> (1999/08/22), and a few specific to EDI dependencies -- just for feces
and
>> giggles.

>OK on the GPS.  Could you give me some sample questions regarding EDI
>dependencies.  Pardon my ignorance.

Do you have any external data interface (EDI) dependencies such as those
with business partners, insurance plans, financial transfers, etc.?

If yes, have your EDI partners scheduled synchronised testing with your
organization?  If performed, what were the results?  (We don't need to know
minor details such as frequency or input/output.)

Quote:>> My experience (two Fortune 500 types and several smaller organizations)
has
>> caused me to become VERY skeptical and pessimistic as to the veracity of
the
>> responses being advanced.  NEVER expect full cooperation.  NEVER expect
100%
>> participation (66% may be as good as it will ever get!).  NEVER expect
>> accurate responses.  Above all else, NEVER take the respondent's word at
>> face value -- VERIFY EVERYTHING (to its practical extreme)!

>Non-cooperation equates to non-compliance.

Hey, you're catching on to this stuff!

Ciao,

Scott Secor

 
 
 

Your Assistance Is Requested

Post by docdw.. » Tue, 30 Jun 1998 04:00:00






>> [snip}

>> >We need to start a controlled panic

>> OW! OW! OW!  No, we need to start a dry wetness... no, we need to start a
>> round square... no, we need to start a hot cold!

>> DD

>"You've got to talk without speaking, cry without weeping, scream
>without  raising your  voice" U2's Bono...musician, poet, Irishman,
>dullard.

'It rained all night, the day I left,
The weather, it was dry.
The sun so hot I froze to death,
Susannah, don't you cry.'

- Traditional

DD

 
 
 

Your Assistance Is Requested

Post by wake » Tue, 30 Jun 1998 04:00:00


Quote:> You and I understand that.  But my grandparents don't.  Their friends don't.
> I plan to distribute these questions to help people determine their risk.
> When they contact every company they depend on (power, local government,
> banks, hospitals, accountants, stock brokers, etc.) and find out that none of
> them are or will be compliant, maybe it will motivate them to prepare.

> We need to start a controlled panic in this country, and world for that
> matter, in which people are not in denial but are not in panic to the point
> of paralyzation either.  This will not happen if people think they are not
> affected.  I'm sure you've heard everyone say, "But my power company is
> taking care of this.  My hospital says they'll be fine.  The banks are
> ready."  The problem is, most people don't know the right questions to ask.

> Richard Church

I agree Richard.  You got a lot of abuse for this idea but I too believe you have a
good approach for trying to educate the less worldly with regards to Y2K.  I sent
your original post to my parents.  I have been working on them for some time now
and they are slowly beginning to come around.  Two things that helped in convincing
them to listen to me were a timely financial report from their bank (Harris) on
possible negative impacting economic events (of which Y2K was listed as most likely
and most severe) and the response from same bank when they called to schedule an
appointment and heard the response, "Y2K, what's that?... [my dad explains]   Oh!
Yes, we have that all covered."

waker

 
 
 

Your Assistance Is Requested

Post by Kresk » Tue, 30 Jun 1998 04:00:00



> no no no.. what a bunch of hallablaoo... its goes like this...
>Q: are you y2k compliant?
>A: Yes sir, we assure you we are totally Y2k compliant.
>You flippin buncha lying bastards, I'm sueing!
>>Dont you get it yet Paul? Dont hidey hole..U will miss all the bux!  break
>a leg ..wreck a car..molest little kids..it has to be someone elses fault!
>Jp

and Mr. Parish has the audacity to call us a bunch of 12 year olds?

Go figure.

 
 
 

Your Assistance Is Requested

Post by Richard Churc » Wed, 01 Jul 1998 04:00:00



Quote:

> That's integral to the "Catch-22" situation surrounding Y2K issues.  Perhaps
> when your "final draft" is prepared you should allow placement of a
> "beleivablity" rating box next to each "answer".  The rating would, of
> course, be wholly subjective and vary widely according to the whim of the
> evaluator.

Good idea.

Quote:> It surely couldn't add anything to existing confusion factors.

I don't think there's anything that could do that.

Quote:

> Now do you understand why I am so frustrated with the gullible Pollyannas
> out there?

I always have.

Quote:

> Do you have any external data interface (EDI) dependencies such as those
> with business partners, insurance plans, financial transfers, etc.?

> If yes, have your EDI partners scheduled synchronised testing with your
> organization?  If performed, what were the results?  (We don't need to know
> minor details such as frequency or input/output.)

Thanks.
--
Richard Church

It's the Year 2000.
Do you know where your government is?
http://www.lucidimages.com/y2k/