Audit Committee (AC) Meeting Minutes
AC Attendees: Bill Graham, Olga Madruga-Forti, Erika Mann – Chair, Gonzalo Navarro, and Judith Duavit Vazquez
Other Board Attendees: Steve Crocker and Bruce Tonkin
Staff Attendees: Susanna Bennett – Chief Operating Officer, Xavier Calvez – Chief Financial Officer, John Jeffrey – General Counsel and Secretary; Megan Bishop, Michelle Bright, Samantha Eisner, Jacks Khawaja, Elizabeth Le, Karine Perset, and Amy Stathos
Invited Guests: Melissa Harman, Partner from Independent Audit Firm, Moss Adams
The following is a summary of discussion, actions taken and actions identified:
Annual Independent Audit – Independent auditor Moss Adams presented a status update and summary of the FY13 audit and reported that the audit is ninety-five percent completed. Moss Adams estimates that second level partner review will be completed by the week of 30 September and that the final report will be issued the week of 7 October. The AC will schedule a follow up communication with Moss Adams once the final report has been issued.
Melissa Harman left the AC meeting at this point of the discussions.
- Auditors Selection Process – Staff provided an update of the auditor selection process for FY14 audit. The AC previously agreed that ICANN would engage in a more comprehensive selection process for the FY14 audit to accommodate for the growth and internationalization of ICANN, and that the engagement would be conducted through an Request for Proposal (RFP) process. The RFP will be launched after the completion of the FY13 audit report and staff reported that the plan is to complete the selection process and have engaged an independent auditor by 31 December 2013 to optimize the amount of knowledge acquisition time provided to the auditor (if different than Moss Adams) and the next year end. There is no specific regulatory requirement to have engaged an auditor by December 31st. The AC discussed the type and nature of the auditing firm they should look for and whether ICANN should adhere to more international auditing standards, such as IFRS. Staff indicated that ICANN is required to apply US accounting standards because it is organized under the laws of the United States of America, State of California. The AC noted that accounting standards have been progressively converging between US and international standards to virtually one agreed-upon standard. The AC further noted that the top audit firms, wherever situated, collaborate with local companies, as needed, to address factors in geographic regions in which an organization maintains a presence.
- Process Documentation Update – Staff provided an update on the status of the on-going documentation of ICANN's finance process. The AC has previously determined that while there is no requirement that ICANN document its finance process, it should nevertheless undergo process documentation for best practices and transparency purposes. The AC also agreed that the documentation format should be largely consistent with the standards of the Sarbanes-Oxley Act and international standards, including narrative, flowchart, key controls, and segregation of duties. Staff reported that ICANN has either documented or is in the process of documenting the numerous processes, including accounts payable, payroll, contract to cash (billing, accounts receivable), general ledger/monthly close, investments, treasury, budget, financial planning and analysis. The next step is to identify improvements and/or deficiencies that require improvements to the process. The third and fourth steps are to implement the improvements and then run the process as per the updated set of controls and steps, respectively. The fifth step is to verify that the process is effective and functions correctly.
- Enterprise Risk Management (ERM) Update – Staff provided an update on ERM strategy, framework, and stages, including the ratings criteria, preliminary risks assessed, and projected timeline. To date, a preliminary identification of risks has been completed and the team is currently formalizing that identification process and assessing the risks identified. The preliminary identification of risks included an evaluation of past risk assessments, in conjunction with recent surveys and interviews conducted with ICANN staff and its Senior Leadership.
- Audit Charter – The AC reminded Committee members of the audit charter and the way the AC charter was framed.