"GAO recommends that NTIA review relevant frameworks for evaluation and use applicable portions to help evaluate the transition proposal. The Department of Commerce concurred with the recommendation." (emphasis added)"NTIA plans to evaluate the [IANA Transition] proposal against core goals, such as maintaining the security and stability of the Internet domain name system and the openness of the Internet. However, NTIA has not yet determined how it will evaluate the proposal against the goals. The changes the working groups are considering could create a new organizational environment for the operation of the technical functions, such as new structures, contractual obligations, and governance models for ICANN. Given the extent of these potential changes, GAO identified frameworks for evaluation that could provide tools to guide NTIA's evaluation.
"These frameworks incorporate leading practices to help organizations obtain reasonable assurance that their goals and objectives will be met or that they will meet certain requirements. For example, key components of one framework include the organizational environment, risk assessment, and monitoring.
"In prior work, GAO has considered such frameworks in relationship to accountability challenges at a variety of organizations. These types of frameworks could help NTIA evaluate whether the transition proposal meets its core goals, and could also be helpful in considering accountability mechanisms that are included in the proposal. For example, one framework's risk assessment component could help NTIA consider the multistakeholder community's efforts to identify and manage risks.
"These frameworks are intentionally flexible, so that NTIA could select elements that are applicable to the scope of the proposed transition. Without a framework as a tool to systematically review the proposal and its various new structures and processes, NTIA may not be assured that its goals for the transition have been fully addressed and embedded over the long term.
"Recommendation: To ensure that NTIA's evaluation of the Internet multistakeholder community's transition proposal fully considers whether the proposal provides reasonable assurance that NTIA's core goals for the transition will be met, the NTIA Administrator should review relevant frameworks for evaluation, such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework and the International Organization for Standardization (ISO) quality management principles [pdf], and use the relevant portions of the frameworks to help evaluate and document whether and how the transition proposal meets NTIA's core goals." (emphasis and links added)
U.S. GAO - Internet Management: Structured Evaluation Could Help Assess Proposed Transition of Key Domain Name and Other Technical Functions:
Recommendation for Executive Action: http://www.gao.gov/products/GAO-15-642
Highlights Page: (PDF, 1 page)
Full Report: (PDF, 65 pages)
Accessible Version: (PDF, 72 pages)
Committee of Sponsoring Organizations of the Treadway Commission - (Wikipedia): "COSO admits in their report that while enterprise risk management provides important benefits, limitations exist. Enterprise risk management is dependent on human judgment and therefore susceptible to decision making. Human failures such as simple errors or mistakes can lead to inadequate responses to risk. In addition, controls can be circumvented by collusion of two or more people, and management has the ability to override enterprise risk management decisions. These limitations preclude a board and management from having absolute assurance as to achievement of the entity's objectives."