ICANN Logo

Report of AIN Audit
Date: 13 February 2003


The .com and .net registry agreements (and the former .org registry agreements) between ICANN and VeriSign include a Registry Code of Conduct. Each Code of Conduct states in part:

8. VGRS will conduct internal neutrality reviews on a regular basis. In addition, VGRS agrees that it will cooperate with an independent third party ("Auditor") performing Annual Independent Neutrality Audits ("AIN Audits"), to be conducted during the fourth quarter of each calendar year. The Auditor will be selected by ICANN, and will be an accounting firm with significant experience in the review of contractual and other legal commitments. All costs of the AIN Audits will be borne by VGRS. The AIN Audit is intended to determine whether VGRS has been in compliance with [Section 23 for .com; Subsection 3.5 for .net, and .org] of the Registry Agreement, and will utilize such tests and techniques as the auditor deems appropriate to determine that compliance. The terms of reference of the AIN Audit will be established by ICANN, subject to the approval of VGRS (such approval not to be unreasonably withheld), and provided to the Auditor by ICANN. A complete report of the results of each AIN Audit shall be provided by the Auditor to ICANN and VGRS no later than 1 December of each calendar year (and by ICANN to the US Departments of Commerce and Justice promptly thereafter). ICANN shall determine that VGRS is in compliance with [Section 23 for .com; Subsection 3.5 for .net, and .org] if:

(1) any material breach(es) of [Section 23 for .com; Subsection 3.5 for .net, and .org] found by the audit that are susceptible to cure have been cured, or are cured within a reasonable time; and

(2) in addition and not as an alternative to subparagraph (1) above, any monetary sanction that ICANN chooses to impose under the Sanctions Program set forth in Appendix Y for any such breach(es) has been timely paid.

A summary of each AIN Audit report, excluding any information that ICANN and VGRS agree (such agreement not to be unreasonably withheld) is confidential or proprietary, will be posted on the ICANN web site no later than 31 January of the calendar year immediately following the audit.

The AIN Audit for the 2002 calendar year is now completed. The audit report describes the accountants' procedures designed to verify a Report of Management on Compliance representing that VeriSign had complied with the requirements of the Registry Code of Conduct and its Equivalent Access Certifications.

VeriSign has prepared a response to the AIN Audit Report, which ICANN has posted at VeriSign's request.


Ernst & Young LLP
8484 Westpark Drive
McLean, VA 22102
Phone: (703) 747-1000
www.ey.com

Report of Independent Accountants
.pdf version

We have examined management's assertion, included in the accompanying Report of Management on Compliance, that VeriSign, Inc. complied with Sections 23(A) through 23(E) of the .com Registry Agreement and Subsections 3.5.1 through 3.5.5 of the .net and .org Registry Agreements executed by and between VeriSign, Inc. and the Internet Corporation for Assigned Names and Numbers, Inc. ("ICANN Requirements"), for the year ended December 31, 2002. Management is responsible for VeriSign, Inc.'s compliance with those requirements. Our responsibility is to express an opinion on VeriSign, Inc.'s compliance based on our examination.

Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, including examining, on a test basis, evidence about VeriSign's compliance with those requirements and performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Our examination does not provide a legal determination on VeriSign's compliance with specified requirements.

Our examination disclosed the following material noncompliance with Sections 23(A), 23(D) and 23(E) of the .com Registry Agreement and Subsections 3.5.1, 3.5.4 and 3.5.5 of the .net and .org Registry Agreements applicable to VeriSign, Inc. during the year ended December 31, 2002:

Several registrars had more than the maximum allowable number of Internet Protocol (IP) addresses for connecting to the Shared Registration System Gateway during 2002. Non of these registrars were affiliated with VeriSign, Inc. This was a deviation from Sections 23(A) and 23(D) of the .com Registry Agreement and Subsections 3.5.1 and 3.5.4 of the .net and .org Registry Agreements (Appendix H, Section V and Appendix I, Section 2).

Organizational Conflict of Interest refresher training was not consistently conducted on an annual basis. This was a deviation from Section 23(E) of the .com Registry Agreement and Subsection 3.5.5 of the .net and .org Registry Agreements (Appendix H, Section VII).

In our opinion, except for the material noncompliance described above, VeriSign, Inc. complied, in all material respects, with the ICANN Requirements for the year ended December 31, 2002.

This report is intended solely for the information and use of VeriSign, Inc., the Internet Corporation for Assigned Names and Numbers, Inc., the U.S. Department of Commerce, the U.S. Department of Justice, and others who have read and understand the ICANN Requirements, and is not intended to be and should not be used by anyone other than these specified parties.

/s/ Ernst & Young LLP

February 13, 2003


Comments concerning the layout, construction and functionality of this site
should be sent to webmaster@icann.org.

Page Updated 02-Feb-2012
©2003  The Internet Corporation for Assigned Names and Numbers. All rights reserved.