purchased by us is effectively at spot prices. Generally, our pricing protocols with suppliers can remain in effect for periods ranging from one to 24 months, depending on the outlook for prices of the particular ingredient. In several cases, we have minimum purchase obligations. We have tried to increase, where necessary, the number of suppliers for our ingredients, which we believe can help mitigate pricing volatility. We follow industry news, trade issues, exchange rates, foreign demand, weather, crises and other world events that may affect our ingredient prices. Increases in ingredient prices could adversely affect our results if we choose for competitive or other reasons not to increase menu prices at the same rate at which ingredient costs increase, or if menu price increases result in customer resistance.
Changing Interest Rates
We are also exposed to interest rate risk through fluctuations of interest rates on our investments. Changes in interest rates affect the interest income we earn, and therefore impact our cash flows and results of operations. As of September 30, 2017, we had $475.4 million in investments and interest-bearing cash accounts, including insurance-related restricted trust accounts classified in other assets, and $66.8 million in accounts with an earnings credit we classify as interest income, which combined earned a weighted-average interest rate of 0.87%.
Foreign Currency Exchange Risk
A portion of our operations consists of activities outside of the U.S. and we have currency risk on the transactions in other currencies and translation adjustments resulting from the conversion of our international financial results into the U.S. dollar. However, a substantial majority of our operations and investment activities are transacted in the U.S. and therefore our foreign currency risk is not material at this date.
ITEM 4.CONTROLS AND PROCEDURES
We maintain disclosure controls and procedures (as defined in Rule 13a-15(e) promulgated under the Securities Exchange Act of 1934, as amended (the “Exchange Act”)) that are designed to ensure that information required to be disclosed in Exchange Act reports is recorded, processed, summarized and reported within the time periods specified in the Securities and Exchange Commission’s rules and forms, and that such information is accumulated and communicated to our management, including our Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosure.
As of September 30, 2017, we carried out an evaluation, under the supervision and with the participation of our management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of the design and operation of our disclosure controls and procedures. Based on the foregoing, our Chief Executive Officer and Chief Financial Officer concluded that our disclosure controls and procedures were effective as of the end of the period covered by this report.
There were no changes during the three months ended September 30, 2017, in our internal control over financial reporting (as defined in Rule 13a-15(f) under the Exchange Act) that have materially affected or are reasonably likely to materially affect our internal control over financial reporting.
ITEM 1.LEGAL PROCEEDINGS
For information regarding legal proceedings, see Note 8. “Commitments and Contingencies” in our notes to the condensed consolidated financial statements included in Item 1. “Financial Statements”.
ITEM 1A.RISK FACTORS
There have been no material changes in our risk factors since our annual report on Form 10-K for the year ended December 31, 2016, except as set forth below.
We may be harmed by security risks we face in connection with our electronic processing and transmission of confidential customer and employee information.
We accept electronic payment cards for payment in our restaurants. During 2016 approximately 70% of our sales were attributable to credit and debit card transactions, and credit and debit card usage could continue to increase. A number of retailers have experienced actual or potential security breaches in which credit and debit card information may have been stolen, including a number of highly publicized incidents with well-known retailers in recent years.
In April 2017, our information security team detected unauthorized activity on the network that supports payment processing for our restaurants, and immediately began an investigation with the help of leading computer security firms. We also self-reported the issue to payment card processors and law enforcement. Our investigation detected malware designed to access payment card data from cards used at point-of-sale