Y2K Application Risk Assessment

An application software risk assessment form is set out below. It has been designed to assist project teams in assessing the level and type of risk which may be present in each application system. It is envisaged that any team assessing a system would include representatives from IT (including the system supplier if this is appropriate), the business user and operational business units. The team should work through the worksheet for each application, calculating the risk score for each. The resulting set of of scores will provide a relative priority order for system Year 2000 modification and testing. The worksheet does not give an absolute measure of risk, but is designed to enable the teams tackling the problem to male informed decisions about the allocation of resources and any need for further detailed risk assessment.

Ref.			Low Risk	Scale	High Risk	Weight Range	Scale	Weight	Score (S x W)
1	Runs on :	______________	Main line fully supported operating system	1-2-3-4	Obsolescent / out of date / unsupported operating system	5-8	___	___	___
2	Links to:	2.1______________	Documented non-proprietary links between modern up to date systems	1-2-3-4	Large number of proprietary links, poorly documented, manual intervention	4-7	___	___	___
		2.2______________	--"--		--"--		___	___	___
		2.3______________	--"--		--"--		___	___	___
		2.4______________	--"--		--"--		___	___	___
		2.5______________	--"--		--"--		___	___	___
		2.6______________	--"--		--"--		___	___	___
3	System originator	______________	Experienced, well regarded supplier who guarantees Year 2000 compliance	1-2-3-4	Bespoke system, in house development	5-8	___	___	___
4	System first installed	______________	System originally written less than 5 years ago	1-2-3-4	System first written more than 10 years ago	4-6	___	___	___
5	Modification level	______________	No modification from currently supported package	1-2-3-4	Significant modification of original code done by client	3-5	___	___	___
6	Master file structure	______________	Simple tables	1-2-3-4	Complex cross linked files	4-6	___	___	___
7	Principle language	______________	Experienced, quality technical team with appropriate skills	1-2-3-4	Inexperienced team lacking the appropriate skills	2-4	___	___	___
8	Date dependence of processing logic	______________	Date use limited to routine reporting	1-2-3-4	Extensive decision analysis or calculations date based	3-6	___	___	___
9	System size / complexity	______________	Single program, well structured and documented	1-2-3-4	Extensive suite of complex programs	2-6	___	___	___
10	Source code accessibility	______________	Well structured code, good documentation and staff with current system familiarity	1-2-3-4	Code modified frequently by a variety of programmers, with limited documentation	3-6	___	___	___
11	Quality of system documentation	______________	Comprehensive programming standards including date handling	1-2-3-4	A system development cycle having no formal definition, systems design and build merge etc.	2-4	___	___	___
12	Date processing external dependencies	______________	Limited input data	1-2-3-4	Dates input in a variety of formats, operating system date accessed, run time parameters set	2-4	___	___	___
13	Complexity of input dates	______________	All dates have four digit years	1-2-3-4	Multiple formats, years inferred, limited date validation	2-6	___	___	___
14	Complexity of output dates	______________	Dates not passed to other applications, or used in reports	1-2-3-4	Dates used by other applications or as cross indexes to other information	2-7	___	___	___
							Grand Total :		_____