Skip to main content

Minutes | Board Audit Committee (AC) Meeting

Published 3 February 2016

AC Attendees: Steve Crocker, Asha Hemrajani, Bruno Lanvin, and Erika Mann (Chair)

AC Member Apologies: Mike Silber

Other Board Attendees: Rafael Lito Ibarra

ICANN Executives and Staff Attendees: Susanna Bennett (Chief Operating Officer), Megan Bishop (Board Operations Coordinator), Xavier Calvez (Chief Financial Officer), Liz Chai (Senior Accountant, APAC), Linda Chin (Senior Manager, APAC Operations), John Jeffrey (General Counsel and Secretary), and Amy Stathos (Deputy General Counsel).

Invited Guests: Representatives of the independent audit firm, BDO

The following is a summary of discussions, actions taken and actions identified:

  1. Minutes – The AC approved the minutes from the meeting on the 7 October 2015.

  2. Overview of Auditor Selection – Staff provided a brief history of the auditors selected in the past. Between 1998 and 2004, KPMG conducted the ICANN audits. From 2004 to 2013, Moss Adams conducted the audits. Staff explained that it is best practice to ensure that audit partners change on a regular basis (approximately every five) and audit firms should be evaluated on a period basis as well. In early May 2014, a request for proposal was concluded and ICANN selected BDO as its new annual independent audit firm. BDO conducted the FY14 and FY15 audits, as well as audits of the ICANN Singapore branch. BDO is the fifth largest firm in the world, has an international presence (with an office in Singapore), and has a non-profit practice area. Staff also presented its plan, in close collaboration with the audit firm to shorten the audit timeframe, improving the process to make it more efficient, and aiming to complete the audit process in advance of the current deadline this year. After considering BDO's presentation (summarized below) and past performance, and staff's recommendation, the AC agreed to recommend to the Board that BDO conduct the FY16 audit of ICANN and the Singapore branch.

    • Action:

      • Staff to prepare paper for Board approval of FY16 audit firm.

  3. Auditor's Presentation on FY16 Audit¬ – The BDO partner presented an overview of: (i) the results of its FY15 audit; (ii) the overall FY16 audit strategy; (iii) the overall FY16 audit timeline; (iv) the required communications; and (v) the service and fee summary. BDO reported that the FY15 audit was conducted in accordance with auditing standards generally accepted in the U.S., did not require any adjustments, did not identify any material weaknesses, and the audit report was released on 27 October 2015. The primary areas of focus in BDO's FY16 audit strategy, which are consistent with standard audit procedures and areas of focus, include revenue recognition, accounts receivable and allowances, investments, fraud risk, software capitalization costs, net asset classification, expenses, and evaluation of related party relationships and transactions. Regarding the timeline, BDO noted that: (i) BDO has monthly meetings with ICANN management; (ii) BDO will provide a formal planning presentation to the Board in May/June 2016; (iii) substantive testing will take place in August/September; and (iv) BDO anticipates releasing its opinions on the financial statements at the end of September 2016. BDO also provided a letter confirming its independence from ICANN, and a summary of its fees for the FY16 audit.

  4. IANA Transition Impact on Audit – Staff provided an overview of the potential impacts that the IANA transition may have on the audit process. Based upon the current status of the transition proposal, there may be a separate Post Transition IANA (PTI) legal entity created as part of the transition. If so, this PTI legal entity would likely be subject to a separate audit. In addition, there may be common support services, staff, and/or service level agreements, among other things, shared between ICANN and the separate PTI legal entity, which could affect the evaluation of related party relationships and transactions, directors' corporate responsibility, as well as other considerations. Staff indicated that the transition information would need to be provided to the audit firm in order to obtain an assessment of any impacts on the audit process.

    • Action:

      • Staff to reach out to BDO to initiate a preliminary evaluation of possible impacts of the transition on the audit.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."