Most large organisations are now well into their year 2000 programmes.

If they aren't, they are in deep trouble, as are their suppliers and customers. But here is a new problem to grappe with: PCs and embedded chips.

Until now, almost all of these projects have been driven by IT departments, and have focused on those applications they maintain. But there is a growing realisation that the problem goes far deeper.

Desktop systems and embedded systems - chips that manage industrial robots, electronic equipment to lifts - also need to be addressed.

The most recent findings from PC management specialist fPrint - which audits about 25,000 PCs each quarter - show that 25% of corporate PCs in the UK will not support year 2000, and a further 46% will need attention before the millennium.

fPrint managing director John Hargreaves says: 'Millennium bugs are likely to offer a handy scapegoat for all sorts of users' own cock-ups. There is plenty of scope for massive waste of support resources where the company cannot be sure that the system in question is compliant.'

PA Consulting Group found mixed results when it carried out a series of interviews with 29 public and private sector users to gauge the progress of their compliance projects.

'Progress is encouraging, with many organisations making serious inroads into achieving compliance. All those interviewed, however, realise that there is still much work to do throughout 1998 if their self-imposed deadline is to be met,' says PA managing consultant Jason Hill.

As you would expect, most of the users interviewed by PA say they already have a formal programme in place, run by a full-time project manager. They claim the projects have the full commitment of senior managers, with regular progress reports being submitted to the board, and they have completed inventories and prioritised those systems which are crucial to their business.

Interestingly, however, only about half of these companies have addressed the issue of embedded systems in as much detail as they have their IT systems. Those who have looked at the problem say the embedded systems that were date-dependent were difficult to test.

'Most organisations are struggling with the issue of embedded systems,' says Hill. 'There are very few organisations that have expertise in this area, and those that do have the necessary skills are in extremely high demand.'

Planning for testing renovated systems is the major activity on most millennium agendas. According to Hill, the majority of programme managers are taking the minimum-risk approach and planning to test all their business critical systems - regardless of whether or not their suppliers say they are millennium-compliant.

'However, many also recognise that they may have to drop this approach as time runs out and priorities have to be set,' he says.

'Organisations are finding much more remedial work is required than they had originally planned. This is using up any contingency they might have built into their plans and pushing more activities onto the critical path,' Hill adds.

A few organisations are now thinking about the detailed logistics for the few critical weeks at the turn of the century. They have already booked support staff for January 2000 to ensure that the maximum level of support is available. Some companies have embarked on an awareness programme for January 2000, while others are considering more drastic measures - shutting down critical equipment on 31 December 1999, rather than risk failure.

Martin Caddick, director of year 2000 services at the DMR Consulting Group, says: 'It is not just IT applications that need to be tested. Many of our customers are finding most year 2000 errors in the interfaces between systems that were supposedly compliant.'

Hill agrees. 'The use of live data and the variations in progress of the organisations involved make this activity an area of concern for many firms,' he says.

'Most organisations are also working to a self-imposed schedule for achieving compliance by the end of 1998. This leaves 1999 for testing external interfaces. Many firms, though, feel uncomfortable with the limited time this leaves them to take remedial action should their external trading partners fail to secure their systems,' he adds.

More worrying is the lack of year 2000 readines among small to medium-sized enterprises which form part of the supply chain. Larger businesses will overcome the year 2000 problem because they have thought about preventive action early. They spend a large amount of money each year on maintaining and modernising their IT, and will be well into the fixing process by the middle of this year.

However, small to medium-sized enterprises are playing an entirely different ball game. Many have not yet grasped the nettle - even though they rely just as much on computers to help them run their business as their larger counterparts, and are being forced to work within increasingly computerised supply chains.

A new study from analyst IDC shows that small businesses in Western Europe are adding PCs to their offices at a higher rate than small businesses in the US, which means that the millennium prob-lem is much bigger for small to medium-sized businesses than experts first thought.

More recently, research by NOP, analysed by Gartner Group on behalf of the Computing Software & Services Association (CSSA) and Microsoft UK, shows that only one in four businesses with less than 100 employees has looked into how the year 2000 issue will affect its business. Thirty-one per cent of small businesses have not yet established a working group to provide a focal point for identifying and resolving year 2000 problems (see box).

Joe Macri, business manager at Microsoft UK's small business division, says: 'For small businesses the findings are pretty clear - they are at greater risk. They have lower awareness, unjustifiably more confidence that they already comply, lower appreciation of the risk to their business, and are least well-equipped with resources - both in IT generally and in those resources dedicated to year 2000.'

Smaller businesses also depend more on the PC as a business platform, and may be under the illusion that compliance is a mainframe problem, or that for PCs it is just a case of changing a chip or resetting the date.

Smaller businesses are also less likely to have existing service relationships, or have contractors who can help fill the knowledge gap, says Macri. 'It is disturbing that with less than two years to go before major operational systems will be impacted, there are few organisations that have this issue in hand.'

By now, firms should not only be looking at achieving compliance, but also considering the longer term issue of maintaining it, by ensuring that purchasing agreements are watertight and that internal development processes have millennium testing built into them. 'Companies seeking to find a solution to this software timebomb should stop regarding it as a one-fix problem,' says Ian Griffith, head of finance, at Emap Business Communications.

'Becoming year 2000-compliant can be seen as potentially featuring an initial upgrade followed by a series of subsequent patches. Organisations should be comfortable that the vendor is managing the situation following that initial certified-as-compliant release,' he warns.

'It is not good enough to rely on assurances. Detailed scrutiny of the supplier's testing should be matched with equally thorough testing of the software in a real business environment with real information.'

Year 2000 Some disturbing facts

According to recent research, 50% of businesses expect the cost of year 2000 readiness to be less than #10,000; 85% expect to have all the necessary funding within 18 months. Yat Gartner Group estimates the cost of fixing user-written applications (spreadsheets, macros) alone to be between #100 and #500 per application, per user. Thirty-four per cent of small and medium-sized enterprises believe it is easy to get hold of year 2000-skilled staff. Yat CSSA data suggests there are currently at least 50,000 unfilled IT vacancies in the UK. Most users (55%), who are totally dependent on mid-range platforms, do not believe there is any work to do. Gartner Group suggests that no platform - from PC to mainframe - is immune. Source: CSSA and Microsoft UK