2015-09-18

NTIA Concurs With GAO Recommendation on IANA Transition Proposal

Background: In March, 2014, the US government's NTIA (National Telecommunications and Information Administration) announced its intention to transition its "stewardship" over the internet's IANA functions to the global multistakeholder community and asked ICANN, the California non-profit corporation which is the IANA functions operator under contract with US Department Commerce (NTIA), to convene a "stakeholder" process by which a transition plan would be developed and submitted to NTIA for approval. Subsequently, an "enhancing ICANN accountability" process was also initiated and added as a requirement to any transition plan to be implemented, if and when, NTIA approves. The US Congress had asked the US government's GAO (government accounting office) to review aspects of the US government's stewardship of the IANA functions and the transition. Today, September 18, 2015, the GAO made public its Report, GAO-15-642: Published: Aug 19, 2015. In short, 
"GAO recommends that NTIA review relevant frameworks for evaluation and use applicable portions to help evaluate the transition proposal. The Department of Commerce concurred with the recommendation." (emphasis added)
"NTIA plans to evaluate the [IANA Transition] proposal against core goals, such as maintaining the security and stability of the Internet domain name system and the openness of the Internet. However, NTIA has not yet determined how it will evaluate the proposal against the goals. The changes the working groups are considering could create a new organizational environment for the operation of the technical functions, such as new structures, contractual obligations, and governance models for ICANN. Given the extent of these potential changes, GAO identified frameworks for evaluation that could provide tools to guide NTIA's evaluation.

"These frameworks incorporate leading practices to help organizations obtain reasonable assurance that their goals and objectives will be met or that they will meet certain requirements. For example, key components of one framework include the organizational environment, risk assessment, and monitoring.

"In prior work, GAO has considered such frameworks in relationship to accountability challenges at a variety of organizations. These types of frameworks could help NTIA evaluate whether the transition proposal meets its core goals, and could also be helpful in considering accountability mechanisms that are included in the proposal. For example, one framework's risk assessment component could help NTIA consider the multistakeholder community's efforts to identify and manage risks.

"These frameworks are intentionally flexible, so that NTIA could select elements that are applicable to the scope of the proposed transition. Without a framework as a tool to systematically review the proposal and its various new structures and processes, NTIA may not be assured that its goals for the transition have been fully addressed and embedded over the long term.

"Recommendation: To ensure that NTIA's evaluation of the Internet multistakeholder community's transition proposal fully considers whether the proposal provides reasonable assurance that NTIA's core goals for the transition will be met, the NTIA Administrator should review relevant frameworks for evaluation, such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework and the International Organization for Standardization (ISO) quality management principles [pdf], and use the relevant portions of the frameworks to help evaluate and document whether and how the transition proposal meets NTIA's core goals." (emphasis and links added)

More information:
U.S. GAO - Internet Management: Structured Evaluation Could Help Assess Proposed Transition of Key Domain Name and Other Technical Functions:
Recommendation for Executive Action: http://www.gao.gov/products/GAO-15-642
Additional Materials:
Highlights Page: (PDF, 1 page)
Full Report: (PDF, 65 pages)
Accessible Version: (PDF, 72 pages)

Committee of Sponsoring Organizations of the Treadway Commission (COSO) http://coso.org/
Committee of Sponsoring Organizations of the Treadway Commission - (Wikipedia)"COSO admits in their report that while enterprise risk management provides important benefits, limitations exist. Enterprise risk management is dependent on human judgment and therefore susceptible to decision making. Human failures such as simple errors or mistakes can lead to inadequate responses to risk. In addition, controls can be circumvented by collusion of two or more people, and management has the ability to override enterprise risk management decisions. These limitations preclude a board and management from having absolute assurance as to achievement of the entity's objectives."




DISCLAIMER

No comments:

Domain Mondo posts: