As a public service organization, ICANN's bylaws establish the scope and direction of the organization's mission, commitments, and core values.[1] The Bylaws specify review processes for ICANN and its stakeholder organizations.[2] The review processes are designed to ensure that ICANN is performing its mission in the best way possible.[3] Reviews aim to evaluate the health of the multistakeholder model, ICANN transparency and accountability, organizational effectiveness, and the security and stability of the DNS.[3]

ICANN Review Cycle edit

Specific and Organizational Reviews each follow process models that share a common set of themes and expectations. In each process, the review is planned by a team or work party. In the case of Organizational Reviews, there is then the intervening step of selecting and engaging an Independent Examiner. Then, the review is conducted. Organization Reviews move directly to implementation, while Specific Reviews submit findings and recommendations to the ICANN Board, which then acts on the recommendations. In each case, the implementation of recommendations is refined and improved, and the implemented improvements become standard procedure. The different action phases are laid out below:

Action Phase Specific Reviews Organizational Reviews
Phase 1 Assemble a Review Team Assemble a Working Party
Phase 2 Plan Review Plan Review
Phase 3 Conduct Review Engage Independent Examiner
Phase 4 Board Action Conduct Review
Phase 5 Plan Implementation Plan Implementation
Phase 6 Implement Improvements Implement Improvements
Phase 7 New Standard Operating Procedure New Standard Operating Procedure

Specific Reviews edit

History edit

ICANN's operations are subject to periodic Specific Reviews, enumerated in Article 4.6 of the bylaws.[4] These reviews are the result of ICANN's 2009 Affirmation of Commitments (AoC) with the United States Department of Commerce. Prior to 2016, specific reviews were conducted to fulfill ICANN's promise to review its performance relative to the commitments contained in the AoC. the bylaws were amended in October 2016 to incorporate the commitments and the review process described in the AoC into the bylaws as Article 4.6.[5] The specific reviews address adherence to the following commitments:

  • Accountability and Transparency (ATRT) - focused on ICANN operations[6]
  • Security, Stability, & Resiliency (SSR) - focused on the DNS[7]
  • Registration Directory Service (RDS/WHOIS) - focused on registration data and public access to registration information[8]
  • Competition, Consumer Trust, and Consumer Choice (CCT) - ushered in as part of the New gTLD Program, this review is focused on the domain marketplace and the experience of registrants and other consumers[9]

Timing & Process edit

ATRT, SSR, and RDS/WHOIS reviews must take place periodically, and no more than five years after the last review team was convened[10] A CCT review is initiated one year after the launch of a New gTLD application round.[10]

Review teams typically include members, observers, and/or liaisons from stakeholder groups, supporting organizations and advisory committees.[10] The review process timeline runs between three to nearly five years, and involves multiple opportunities for participation, public comment, and deliberation among stakeholders.[11]

Organizational Reviews edit

Each supporting organization and advisory committee, as well as the Nominating Committee is periodically reviewed pursuant to Article 4.4 of the Bylaws.[12] The GAC is exempted from Article 4.4, although it is charged to implement and deploy its own review processes.[13]

History edit

Article 4.4 was first added to the ICANN Bylaws in December 2002, following the 2002 Evolution and Reform Process.[14]. As originally formulated, Article 4.4 posed two questions for review: "(i) whether that organization has a continuing purpose in the ICANN structure, and (ii) if so, whether any change in structure or operations is desirable to improve its effectiveness."[14] In October 2016, Article 4 was revised to include specific reviews, and at that time Article 4.4 was amended to include the third foundational question of organizational reviews: "(iii) whether that organization, council or committee is accountable to its constituencies, stakeholder groups, organizations and other stakeholders."[15] Article 4.4 has remained functionally unchanged since its revision in 2016.

Timing & Process edit

The bylaws state that organizational reviews should take place no more than five years from the submission of the final report of the last review to the ICANN Board. However, that requirement is flexible, and "based on feasibility as determined by the Board."[13]

An Independent Examiner is contracted to perform the fact finding, assessment, reporting, and recommendations of the review process. The examiner is selected through a competitive bid process.[16] The review timeline for organization reviews can stretch between three to five years.[12] Like specific reviews, the process has multiple stages of public comment, as well as interaction and comment between the organization being reviewed and the Independent Examiner.[16]

Board Review edit

During the initiation of the first round of organizational reviews, the ICANN Board determined that it would be good for the organization if it also participated in a review process under the organizational review model. The ICANN Board Review occurred between 2007 and 2010, but was not repeated.[17] The Structural Improvements Committee (now known as the Organizational Effectiveness Committee) was tasked with presenting a set of actions and improvements based on the report of the board review working group.[18] Other mechanisms exist for review of the board, as well as the review of board decisions, within the ICANN Bylaws.[19]

Technical Liaison Group Review edit

As with the Article 4-style ICANN Board review, the board determined during the first round of organizational reviews that it would be beneficial if the Technical Liaison Group engaged in an organizational review process.[20] The Technical Liaison Group Review was initiated by the board at ICANN 37 in Nairobi in March 2010,[21] and continued through 2011.[20] As with ICANN Board review, the experiment was not repeated.

Past Reviews edit

Specific Reviews edit

Review Type & Number Status Date Initiated Date Completed ICANNWiki Page Documents
CCT #1 Implementation Phase October 1, 2015 CCT1 CCT1 Final Report - PDF
ATRT #1 Complete January 11, 2010 January 29, 2013 ATRT1 ATRT1 Final Report - PDF
ATRT1 Implementation Report - PDF
ATRT #2 Complete October 5, 2012 December 31, 2015 ATRT2 ATRT1 Final Report - PDF
ATRT2 Implementation Report - PDF
ATRT #3 Implementation Phase January 31, 2017 ATRT3 ATRT3 Final Report
RDS/WHOIS #1 Complete June 1, 2010 December 31, 2015 RDS1 RDS1 Final Report (PDF)
RDS1 Implementation Report (PDF)
RDS/WHOIS #2 Implementation Phase October 28, 2016 RDS2 RDS2 Final Report (PDF)
SSR #1 Complete June 1, 2010 December 31, 2015 SSR1 SSR1 Final Report (PDF)
SSR1 Implementation Report (PDF)
SSR #2 Awaiting Board Action June 30, 2016 SSR2 SSR2 Final Report (PDF)

Organizational Reviews edit

Review Type & Number Status Date Initiated Date Completed ICANNWiki Page Documents
ALAC #1 Complete January 23, 2008 June 14, 2012 At-Large1 At-Large1 Final Report (PDF)
At-Large1 Implementation Project Final Report (PDF)
ALAC #2 Complete January 6, 2016 December 18, 2020 At-Large2 At-Large2 Final Report (PDF)
At-Large2 Implementation Status Report (PDF)
ASO #1 Complete December 12, 2010 November 17, 2014 ASO1 ASO1 Final Report (PDF)
Letter Re: Finalization of ASO1 Implementation (PDF)
ASO #2 Complete November 18, 2016 August 31, 2017 ASO2 ASO2 Final Report (PDF)
ccNSO #1 Complete June 26, 2009 September 11, 2013 ccNSO1 ccNSO2 Final Report (PDF)
ccNSO2 Implementation Status Report (PDF)
ccNSO #2 Implementation Phase April 6, 2017 ccNSO2 ccNSO2 Final Report (PDF)
GNSO #1 Complete March 30, 2007 November 3, 2008 GNSO1 GNSO1 Final Report (PDF)
GNSO #2 Complete January 1, 2014 January 27, 2019 GNSO2 GNSO2 Final Report (PDF)
GNSO2 Implementation Final Report (PDF)
NomCom #1 Complete March 30, 2007 March 1, 2012 NomCom1 NomCom1 Final Report of Independent Examiner (PDF)
NomCom1 Finalization WG Final Report (PDF)
NomCom1 Implementation Final Report (PDF)
NomCom #2 Complete September 13, 2016 December 21, 2020 NomCom2 NomCom2 Final Report (PDF)
NomCom2 Implementation Status Report (PDF)
RSSAC #1 Complete June 26, 2008 December 1, 2010 RSSAC1 RSSAC1 Final Report (PDF)
RSSAC1 Implementation Report (PDF)
RSSAC #2 Complete April 19, 2017 December 9, 2020 RSSAC2 RSSAC2 Final Report
RSSAC2 Implementation Progress Report (PDF)
SSAC #1 Complete June 26, 2008 June 25, 2010 SSAC1 SSAC1 Final Report (PDF)
SSAC #2 Complete May 18, 2017 March 25, 2021 SSAC2 SSAC2 Final Report (PDF)
SSAC2 Final Implementation Report (PDF)

Efforts to Improve & Streamline the Review Process edit

2009 Systematization Paper edit

In May 2009, the Board approved the posting of a Structural Improvements Committee paper, "Proposals for the Systematization of ICANN’s Organizational Review Processes," for public comment.[22] As implied by the title, the paper[23] largely focused on the administrative processes currently in place for each organizational review phase, and identified opportunities to streamline the decision making and production processes for each phase. The paper received two public comments, from the ALAC and from Michael Palage.[24] Palage and the ALAC both noted that the streamlining of decision flowcharts only improved the current review process, and did not focus on finding a "holistic approach" to organizational reviews.[24] In September 2009, the ICANN Board approved an amendment to the Bylaws proposed by Michael Palage, that organizational reviews "shall be conducted no less frequently than every five years."[25]

2014-15 Standardization Efforts edit

"Audit" Approach and First Steps edit

At the beginning of 2014, the Structural Improvements Committee (SIC) (as it was named at the time) investigated the possibility of unifying the process for Article 4 reviews, so that each review, regardless of organization, followed a predictable path. The proposal from the chair included the adoption of an "audit" approach to reviews:

The Chair discussed elements of different types of audits (outcome, structural and process element audits), and how they may be used to assist the overall effectiveness of the organization. The SIC considered potential elements of an audit or review mechanism, including the methods and tools, and qualitative and quantitative metrics. The Chair noted that the outputs could be fed into the work of other Board committees, such as the Audit Committee or the Risk Committee. The members of the SIC discussed whether the proposed approach would overlap with the overall organizational assessment that is part of the ATRT review. The SIC also discussed the implications of using the term "audit" to identify the structural review, and discussed the importance of ensuring that any review (or "audit") meets the requirements in the Bylaws.[26]

Committee members expressed some concern about the term "audit," which in both definition and practice is distinct from a "review,"[27] and noted that any review/audit process must comply with the ICANN Bylaws. Committee members also noted community concerns about the number of reviews underway.[26]

Impact on GNSO2 edit

The introduction of the "audit" concept coincided with the initiation of the Second GNSO Organizational Review, and appears to have influenced the scope described in the RFP for that review. Notably, there is no indication that the ICANN Board reviewed or approved a Terms of Reference document regarding GNSO2.[28] In March 2014, both the "audit" concept and GNSO2 were on the agenda at the SIC meeting.[29] Although the term "audit" had disappeared, the discussion of a "review accountability framework" included similar categories to those discussed in February: "process reviews, process element reviews, outcome reviews, and structure reviews."[29] ICANN staff was directed to:

provide a comprehensive view of how the different review mechanisms correlate and what assurances they provide; identify standards and criteria used by the previous review; and identify opportunities to streamline review mechanisms and processes for increased efficiency and effectiveness.[29]

In the discussion of GNSO2, meanwhile, the presentation emphasized the intentionally limited scope and process of the review, echoing comments made in concurrent presentations to the GNSO and the public.[29] In particular, GNSO2 would ignore the first question of Article 4.4 - whether the GNSO served a continuing purpose in the ICANN structure.[30]

Shift from "Audit" to "Unified Approach" edit

At the June meeting of the SIC, a representative from Moss Adams provided a report on their engagement to conduct an inventory and mapping of reviews with ICANN and their existing processes, for the following purposes: "(a) to identify how the different review mechanisms correlate and what assurances they provide; (b) to identify standards and criteria used by prior reviews; and (c) to identify gaps and/or redundancies between the reviews."[31] While efficiency concerns were an aspect of the Moss Adams study, the primary thrust was now compliance with the requirements of the bylaws, and establishing baseline operational standards for past reviews.

At the SIC meeting in October 2014, staff presented the outcomes of the study:

Staff provided the SIC with an update on the inventory and mapping of the reviews within ICANN performed by Moss Adams. The purpose of the report is to identify gaps, overlaps and dependencies within the structural reviews and Affirmation of Commitments reviews. A few recommendations were provided, including development of overall review management procedures and centralized tracking, as well as development of primers for independent examiners to allow for greater consistency.[32] Staff was instructed to generate topic areas for discussion, as well as a plan for productively engaging those topic areas at the next SIC meeting.[32]

In February 2015, staff proposed three "buckets" for discussion and potential improvements to the SIC: "process improvements, oversight and coordination, and a more strategic look at the "structures" within ICANN as a whole."[33] Staff was instructed to begin work on policy and procedures documents, as well as a tracking model, with an eye toward standardization of process across Article 4 reviews.[33] Also in February, at ICANN 52, the schedule for both the "Affirmation of Commitments" reviews and organizational reviews was discussed, along with the ongoing efforts to bring standardization to the review process.[34]

Process Improvement Options at ICANN 53 edit

After a particularly full agenda precluded discussion in April, the committee next addressed the review framework at ICANN 53 in Buenos Aires. At the SIC meeting during ICANN 53, staff proposed several areas for potential process improvements:

  • Standard Review Process and Methodology
  • Relevance to Each Organization
  • Adoption and Application of Standards
  • Increased Effectiveness and Impact
  • Creating Alternate Process for Strategic Reviews[35] The other buckets - oversight and holistic approaches to ICANN's structural issues - were wrapped into the ICANN 53 session on review efficiencies, and a public comment period was still open at the time of the meeting.[35] Public comments on issues surrounding reviews were wide-ranging, but it is notable that multiple commenters objected to the exclusion of structural considerations from the GNSO2 review.[36]

Proceeses Proposed, Attention Wanes edit

In September 2015, the newly-renamed Organizational Effectiveness Committee acknowledged that lessons learned from the last series of reviews could be refined into process improvements applicable to all reviews within ICANN.[37] The discussion and commitment to engage in such refinemnent appeared to mark the end of work in regards to the "process improvements" bucket.

With regard to a "review framework," the October 2015 meeting of the OEC resulted in the following two-phase plan:

Phase 1: Systematization of Reviews, based on current mandates

  1. Document the process of conducting Reviews, based on current practices and lessons learned from recent Reviews
  2. Incorporate applicable and relevant standards derived from industry best practices and standards, such as Project Management (Project Management Institute) and Organizational Excellence (EFQM Excellence Model)
  3. Socialize and implement systemization

Phase 2: Future of Reviews in the post-transition ICANN

  1. In alignment with the direction of CCWG-Accountability and other related proposals impacting Reviews, identify key questions for consideration of the future of Reviews as a significant accountability mechanism
  2. OEC discussion
  3. Develop next steps as appropriate[38]

2019 Operating Standards Updates edit

Both the ICANN Board and ICANN staff have recently been engaged in efforts to improve the review process for both specific and organizational reviews. In 2019, the Board issued new Operating Standards for Specific Reviews[39] [40] In addition, ICANN staff drafted a process proposal for streamlining organizational reviews in April 2019.[41] Public comments on the proposal addressed a much broader range of challenges and difficulties than the proposed streamlining measures.[42]

The Board and staff of ICANN continue to address the issues raised during public comment processes, public meetings, and other communications related to the efficiency and timing of reviews.[43] In November 2019, Lars Hoffman presented at ICANN 66 on the topic of improving the effectiveness of review recommendations and their implementation.[44]

ATRT3 edit

The Third Accountability and Transparency Review proposed sweeping alterations to Article 4 review processes. The recommendations on reforming the review process included:

  • the creation of a "Holistic Review" intended to assess the continuous improvement of each organization subject to an Article 4.4 organizational review and take a holistic look at the structure and operation of ICANN to determine if there were changes or improvements to be made to better support representation of all of ICANN's diverse constituencies;
  • a recommendation to temporarily suspend SSR and RDS reviews until the completion of the next ATRT review, at which point the environment around each of those reviews would have sufficiently matured to allow an evaluation of their necessity, functioning, and ongoing purpose;
  • evolution of the Article 4.4 organizational reviews into "continuous improvement" programs with uniform metrics for measuring success, but tailored goals and strategies that reflected the needs of the specific organization. These programs would be annually evaluated, and the evaluations would feed into and inform the Holistic Reviews.

The Board approved all of the ATRT3 recommendations, including those related to reviews, subject to prioritization and resource availability. Because the new proposed framework for reviews would require substantial amendments to Article 4 of the bylaws, the Board proposed the development and implementation of pilot programs to design and test models of the Holistic Review and continuous improvement program. That work is ongoing.

References edit

  1. ICANN Bylaws, Article 1
  2. ICANN Bylaws - Articles 4.4-4.6
  3. 3.0 3.1 ICANN.org - Review Dashboard
  4. ICANN.org - Specific (Article 4.6) Reviews
  5. [https://www.icann.org/resources/pages/bylaws-2016-09-30-en#article4 ICANN.org Archive - Bylaws as adopted October 1, 2016
  6. ICANN.org - Accountability & Transparency Review
  7. ICANN.org - Security, Stability, & Resiliency Review
  8. ICANN.org - Registration Directory Service Review
  9. ICANN.org - Competition, Consumer Trust, and Consumer Choice
  10. 10.0 10.1 10.2 ICANN Bylaws, Article 4.6
  11. ICANN.org - Specific Reviews Process Flowchart, August 31, 2017 (PDF)
  12. 12.0 12.1 ICANN.org - Organizational Reviews
  13. 13.0 13.1 ICANN Bylaws, Article 4.4
  14. 14.0 14.1 [https://www.icann.org/resources/unthemed-pages/bylaws-2002-12-15-en#IV ICANN.org Archive - Bylaws as amended December 15, 2002
  15. ICANN.org Archive - Bylaws as amended October 1, 2016
  16. 16.0 16.1 ICANN.org - Organizational Review Process Flowchart, August 31, 2017 (PDF)
  17. ICANN Board Review Dashboard
  18. Resolution of the Board, June 25, 2010
  19. Article 4 provides for review mechanisms for board actions; Article 5 establishes the Ombudsman's office.
  20. 20.0 20.1 TLG Review Dashboard, last updated August 25, 2011
  21. Resolution of the Board, March 12, 2010
  22. Resolution (2009.11) of the Board, May 21, 2009
  23. "Proposals for the Systematization of ICANN's Organizational Review Processes,", April 2009
  24. 24.0 24.1 Staff Report on Public Comment Proceeding, October 1, 2009
  25. Preliminary Report of Board Meeting, September 30, 2009
  26. 26.0 26.1 Meeting Minutes, Structural Improvements Committee, February 6, 2014
  27. See e.g. the Government Accountability Office's "Audit and Evaluation: Is there a difference?" - October 6, 1980
  28. GNSO Organizational Review Dashboard (Note that GNSO2 was "initiated" and a "Terms of Reference approved" by the board, with no citation to a source document or to meeting minutes.)
  29. 29.0 29.1 29.2 29.3 Meeting Minutes, Structural Improvement Committee, March 21, 2014
  30. For more background, see ICANNWiki's article on the Second GNSO Organizational Review
  31. Meeting Minutes, Structural Improvement Committee, June 20, 2014
  32. 32.0 32.1 Meeting Minutes, Structural Improvements Committee, October 12, 2014
  33. 33.0 33.1 Meeting Minutes, Structural Improvement Committee, February 6, 2015
  34. AoC and Organizational Reviews: Supporting ICANN Accountability, ICANN 52, February 9, 2015
  35. 35.0 35.1 Meeting Minutes, Structural Improvements Committee, June 19, 2015
  36. Staff Report on Public Comment Proceeding - AoC and Org Reviews, August 5, 2015
  37. Meeting Minutes, Organizational Effectiveness Committee, September 28, 2015
  38. Meeting Minutes, Organizational Effectiveness Committee, October 17, 2015
  39. ICANN.org Blog - Operating Standards: Guiding ICANN's Specific Reviews, July 8, 2019
  40. ICANN Operating Standards - Specific Reviews, June 23, 2019 (PDF)
  41. ICANN.org - Public Comment Archive, Process Proposal for Streamlining Organization Reviews, April 30, 2019
  42. Staff Report on Public Comment Process, July 30, 2019
  43. ICANN Blog - Enhancing and Streamlining ICANN's Reviews: Issues, Approaches, and Next Steps, October 31, 2019
  44. ICANN 66 Archive - Enhancing the Effectiveness of Review Recommendations, November 4, 2019 (registration with ICANN.org required)