In addition to the normal day-to-day financial transactions in which it is involved on its own behalf, NNU also collects funds and remits payments on behalf of its customers. NNU's customers must have confidence in NNU's financial stability and systems of internal control. Consequently, a strong set of financial and operational controls is critically important to NNU's success. To that end, NNU routinely engages independent experts to conduct a variety of audits to provide assurance that its systems of internal control are both adequate and operating effectively. Examinations performed by independent auditors include the following:
•
Independent auditors completed a Statement on Auditing Standards (SAS) No. 70 Type II audit of NNU's systems of internal control. SAS 70 is an internationally recognized standard developed by the American Institute of Certified Public Accountants. A SAS 70 audit is widely recognized because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which include controls over information technology and related processes. In today's global economy, service providers must be able to demonstrate that they have adequate controls and safeguards in place when they host or process data belonging to their customers.
•
The Payment Card Industry (PCI) Data Security Standard (DSS), a compilation of best industry practices, was created by the major credit card companies in 2005 to safeguard consumer cardholder data. Service providers that store, process, or transmit cardholder data are required to comply with the PCI Data Security Standard. To comply with PCI requirements for a Level 2 service provider, NNU submits a Self-Assessment Questionnaire annually and undergoes monthly vulnerability scans of its servers that are performed by an independent audit firm. NNU has been PCI compliant since it became subject to the requirements in 2007.
•
Annual financial audits are conducted by independent public accountants. NNU has received unqualified audit opinions each year since 1999.
