First of two parts

Bill Howell had heard about problems related to the Year 2000 bug, but he didn't expect them to crawl right out of his mailbox. Howell, owner of Howell Petroleum Products Inc., a nine-employee petroleum-products distributor in Brooklyn, N.Y., has received some 10 letters and questionnaires from suppliers, clients, and banks in recent months -- each wanting assurance that he has prepared for the Year 2000, or Y2K, computer glitch. As you've probably heard ad nauseum, that's when many antiquated two-digit-date computer systems roll 99 back to 00, potentially sparking a meltdown of disastrous proportions. For Howell's business -- and yours -- proof of readiness for the changeover may be crucial in maintaining hard-won business relationships.

"Initially, it scared the hell out of me," says Howell, who, after checking with his computer manufacturer, is confident his four PCs are "Y2K O.K." Howell has been returning the questionnaires, some of which require only a signature, while others need longer responses. "The letters kept coming, and I've been told they're going to keep on coming," he says.

PROVE IT. Indeed, at the time the Y2K glitch first appeared on the media's radar screen two years ago, Corporate America was thinking it needed to wrestle only its own systems into shape. But planners soon realized they also had to worry about whether their suppliers -- and their suppliers' suppliers -- ad infinitum, were prepared to battle the bug.

Already, corporate Y2K demands are starting to influence the simplest of commercial transactions. Contemplating a line of credit? Bidding on a job for a multinational? Maybe you're receiving customer orders via modem. Whatever the task, you'll most likely have to eventually demonstrate to your clients, vendors, and the local bank that your computer systems won't have any date-related breakdowns when the clock strikes midnight.

Small companies have similar worries. "If my major suppliers are totally computerized and their systems don't work, then I'll have a problem," says Emily A. Williams, owner of Williams Tile Co., a 30-employee construction company in Florissant, Mo., who is waiting for a manufacturer's upgrade of her customized accounting software.

A recent National Federation of Independent Business study found that 82% of small businesses have potential exposure to the Y2K bug. However, out of 500 small outfits surveyed, just half said they had already taken action or had plans to do so. In the worst case, the study concludes, Y2K woes could shut down as many as 330,000 small companies. "The range of consequences is enormous," says the study's author William J. Dennis Jr., a senior research fellow at the NFIB.

The pressure to ensure that suppliers are compliant is further intensifying now that the Securities & Exchange Commission has required public companies and the 50,000 local governments that issue bonds to disclose their third-party Y2K liabilities.

"We're looking at our entire infrastructure," says Ken Ouchi, chief information officer for Solectron Corp., a $1.3 billion electronics manufacturer in Milpitas, Calif. The company recently canvassed more than 4,000 suppliers about their Y2K preparations. If those answers give the company reason to suspect a vendor's internal systems could crash, Solectron will line up emergency suppliers. "We can't afford to have an outage because a critical supplier goes down," says Ouchi.

CAREFUL, CAREFUL. Banks, which are being pushed by federal regulations to minimize the Y2K impact, are starting to move small companies into compliance, too. Arkansas State Bank in Clarksville, Ark., recently added Y2K questions to its loan applications to flag any problems that could cripple a business and affect its loans.

Loan officer Coral L. Gould has been visiting small-business clients to ensure they're protected against potential Y2K shutdowns. "Companies need to think outside their walls about who is going to be affected," advises Gould, who says the bank might revoke credit from computer-dependent companies that don't demonstrate compliance. "Some of them didn't have a clue, and we told them that they should be concerned," she says. To help avoid surprises, Gould hands out pamphlets and even suggests that companies take out additional loans to pay for needed software upgrades.

Small-company owners say they understand the technical reasons for inquiries about their Y2K battle plans, but they're afraid their responses could be used against them in a lawsuit alleging they misrepresented their preparedness.

"Everyone is playing this very carefully because of the threat of litigation," notes Ouchi, who estimates that just 10% of the 4,000 surveyed vendors have responded to the company's requests. In general, return rates by businesses on such surveys have been running less than 20% across all industries, adds Thomas Costello, a consultant at CoreTech Consulting Group Inc., which consults on Y2K issues in King of Prussia, Pa.

But, as Costello and other Y2K experts point out, most small companies can't afford to ignore Y2K queries, especially if huge clients are threatening to yank their business. Howell received a Y2K compliance letter from South Jersey Gas Co. that warned vendors that if they didn't respond, the utility "will assume your company will not be Year 2000 compliant, and will therefore not meet our standard" for suppliers.

How should you respond to the deluge of Y2K compliance demands in a way that will fix any glitches, keep your customers happy, and limit your legal liability? First off, don't lose sight of the mission at hand: squashing the Y2K bug. That's best done by cooperating with clients, not treating them as adversaries. Also, be honest with clients, but don't make promises you can't keep, such as guaranteeing compliance by a certain date, says Joshua Slavitt, an attorney to high-tech companies at Synnestvedt & Lechner in Philadelphia. "It could come back and haunt you."

PANICKED.Although some Y2K survey forms ask dozens of detailed questions -- such as how much you're spending on Y2K compliance and whether you have a written timeline -- Slavitt and other legal experts recommend drawing up a standard response that outlines the company's Y2K plans and its progress to date. Ask a lawyer to review it, too. "Don't pay any attention to what's in the survey, and use the statement across the board," recommends William A. Fenwick, a partner at Fenwick & West, a Palo Alto (Calif.) law firm that handles Y2K issues. "If you check a box and send it back, you're making a very absolute statement," Slavitt cautions.

Of course, your own roster of suppliers is also putting your company at risk. Randall York, president of FallLine Corp., a 27-employee polyurethane molder in Reno, Nev., was lucky enough to get his 15-year-old custom accounting-and-inventory system upgraded by the developer for $600. But he's still anxious about how prepared his large chemical suppliers are. Although he has sent out six of his own compliance letters, no one has responded so far. "A lot of them are very panicked," he says.

Running your own Y2K survey, as York did, could help you assess your Y2K bug exposure (see a sample form at smallbiz.businessweek.com). But be wary of guaranteeing your suppliers' readiness to others, says CoreTech's Costello: "I don't see a lot of companies promising that."

As 2000 creeps closer, promises will go only so far. Survival in this fragile business biosphere will require equal measures of trust and trepidation.

By Dennis Berman in New York
dennis_berman@businessweek.com

Part II: How to Find and Zap the Y2K Bug
To: TECHNOLOGY