Internet Corporation for Assigned Names and Numbers

Contractual Compliance Audit Program

ICANN's mission is to ensure that the contracted parties, registrars and registries, comply with their agreements and the consensus policies. ICANN strives to achieve this goal via the prevention and/or enforcement approach. Contractual compliance audits are an integral part to of the prevention approach.

Contractual Compliance's three-year plan includes developing an audit strategy, approach and methodology, and, plans to roll out the first round of registrar and registry contractual compliance audits in late 2012 2013.

Goal of the Audit Program: To allow ICANN to first identify and inform, and then properly manage and help remediate any deficiencies found. This process will ensure alignment and compliance by all contracted parties with their contractual obligations.

Audit Scope:

  • Registrar and registry agreements, including the incorporated ICANN consensus policies
  • All ICANN-accredited registrars (2001 and 2009 RAAs)
  • Existing TLD registries
  • New agreements entered into with a contracted party may be included
  • New gTLD registries (when available)

Three-Year Audit Plan in Detail

The audit program [PDF, 1.03 MB] will run on a three-year cycle. Each registry and registrar agreement will be randomly selected for audit over a three-year period:

  • Year one – one third (1/3) of the Registry and Registrar agreements from a complete list will be randomly selected and audited.
  • Year two – another one third (1/3) from the remaining list will be randomly selected and audited.
  • Year three – the remaining one third of all agreements (1/3) will be audited.

Note: Registrars or registries may be subject to more than one audit in a three-year cycle based on special circumstances or considerations. Those special circumstances or considerations may include excessive issues identified during the audit, excessive complaints, or other unforeseen circumstances requiring additional investigation.

Audit Plan Guide

In an effort to promote awareness and knowledge of the provisions and test steps that are being considered in the audit plan, please refer to the following documents ICANN Three Year Audit Plan Guide – Registrar [PDF, 95 KB], ICANN Three Year Audit Plan Guide – Registry [PDF, 83 KB] and ICANN Three Year Audit Plan Guide – Policies [PDF, 67 KB]. This update is provided for information purposes only. Please exercise judgment in using the information contained within this update to make conclusions or business decisions based upon this update. Please send all inquiries to ComplianceAudit@icann.org, subject 'Audit Plan'.

Audit Program Frequently Asked Questions

Year-1 Pre-Audit Notifications

Year-1 Registar Pre Audit Notification [PDF, 283 KB]

Year-1 Registry Pre Audit Notifications [PDF, 287 KB]

Year-2 Pre-Audit Notifications

Year-2 Registar Pre Audit Notification [PDF, 227 KB]

Year-2 Registry Pre Audit Notifications [PDF, 299 KB]

Please click on the Risk Mitigation Plan link for an outline of controls to address potential conflicts of interest with the Contractual Compliance Audit Partner, KPMG.

List of Audit Program Frequently Asked Questions

 

View Past Audit Reports published by Contractual Compliance by clicking here

Stay Connected

  • News Alerts:
  • Newsletter:
  • Compliance Newsletter:
  • Policy Update: