View
292
Download
0
Category
Preview:
Citation preview
Playing Smart!
Strategies for Mitigating
Online Risk
Lottery and Gaming Services
April 20, 2011
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1
Agenda
Online Gaming – A New Challenge for Boards and Management
Beyond Technology Risk – Managing Reputational Risk
Online Gaming Reputational Risk
Compliance Risk
Operational Risk
Technical Risk
KPMG’s Holistic Model for Governance, Risk and Compliance (GRC)
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2
Online Gaming – A New Challenge for Boards and Management
Board of Directors and Executive Management in gaming organizations are facing new levels of risk and compliance issues with online gaming.
Managing risk, governance and compliance for online gaming
Online gaming is a line of
business for
organizations, NOT a
technology endeavor.
There is an increased
responsibility and scrutiny
regarding the board’s role,
capabilities and
governance standards.
Silo’ed approaches to risk
management has led to
duplication of functions
and increased costs yet
not provided Management
and Board with
assurance.
Forward thinking
executive Management
and Boards are seeking
local AND global best
practices within AND
outside the industry to
address online and
emerging mobile phone
challenges and
opportunities.
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3
Beyond Technology Risk – Managing Reputational Risk
Considering business, operational, and technology risk, and compliance is critical to managing reputational risk.
Reputational
risk is a
combination
of several
risk factors:
regulated online gaming is behind the non-regulated
offerings, and the reputational risks of association or
control deficiency are very high.
Business
changes in processes and regulations that are not fully
developed to deal with online gaming are problematic.
Operational
moving away from traditional lottery and gaming products
and delivery models requires a fundamental shift towards
highly available and secure infrastructure.
Technology
Technical Risk
Compliance Risk
Operational Risk
Reputational Risk
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4
Online Gaming Reputational Risk
Reputational risk is the cornerstone.
Online gaming can have a significant impact on the reputation of the organization.
Online, mobile phone and tablet gaming risks ranked below:
Likely
(High)
Possible
(Moderate)
Remote
(Low)
Consequences
Pro
bab
ilit
y
Low Medium High
Legal Organization Structure
Strategic Planning
Business Planning
Corporate Governance
Technological Developments
Training
Illegal Acts
System Security
Access
Political
Gaming
Integrity
Corporate Image
Fraud
System Availability
Data Privacy
Economic
Financial
Reporting
Processes
System Development
System Maintenance
User Acceptance Testing
Customer
Service
Infrastructure
Competition
Data Integrity
Catastrophic Loss
Product
Development
Regulatory
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5
Compliance Risk
Gaming Act not complete. Could impact the initial
rollout of online gaming, and potential pool of online
gamers.
Standards are not universally accepted or defined
Competition have limited or no compliance overhead
Legal considerations not fully mitigated
Current rules based on historical gaming
Mobile devices are not subject to consistent standards
Compliance with laws and standards is not new to industry, however, with online gaming there are elements that are codified and many that are not.
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6
Operational Risk
With online gaming , lottery and gaming organization need o review and enhance traditional control processes to meet the new risks. This will impact controls in all elements of their organization and may be impacted by external sources.
Traditional lottery and gaming controls are of limited value
Potentially additional requirements for Internal Audit and Security/Compliance
Training considerations
Research, development and validation of new products
Mitigating risks of online fraud is complex
Game integrity will require additional approaches
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7
Technical Risk
Any player-facing application is under a higher degree of scrutiny from the external perspective. With online gaming there is additional consideration that needs to be taken in relation to the impact on “behind the scenes” systems and processes.
Online gaming requires both a high performance and a highly available system for players to connect
with and undertake transactions
Redundancy factor requires companies move to a 99.999 percent uptime -- IT infrastructure, security
and resources
Disaster recovery plans (DRP) need to address new users and processes
Online vulnerabilities increase exposure to organization
Data integrity is key driver of success in online gaming
System and user access controls will now have to be extended to individuals outside of the
organization
Strategic and business plans will have to incorporate the need for additional IT resources and costs
Online game testing is critically different
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8
A Holistic Model for Gaming Governance, Risk & Compliance (GRC)
KPMG’s integrated approach for developing and establishing a successful and sustainable
GRC Framework within the organization.
Business
Process
Governance, Organization
& Infrastructure
■ Accountability and
responsibilities
Enterprise
Assurance
■ Continuous
monitoring
■ Effectiveness
and efficiency
review
■ Integrated
reporting
Culture & Behavior
■ Motivation / incentives
■ Ethics and compliance
Risk Profile
■ Risk drivers
■ Emerging Risks
■ Interdependencies
Compliance
Performance
Strategy
Values
Business Model
Value Drivers
RE
SIL
IEN
CE
MIS
SIO
N
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9
■ Drivers
■ Emerging risks
■ Interdependencies
■ Player registration and knowing your customer
■ Player deposit
■ Play
■ Bonus management
■ Withdrawal and knowing your customer commitments
■ Protection of customer information ongoing
A Holistic Approach to Governance, Risk & Compliance
With mobile devices and new form factors such as tablets playing an increasing role in online gaming, lottery and gaming corporations must consider the origin and point of access players will use to access online gaming functionality.
Risk Profile
Are different parts of the operation looking at risks in different ways?
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10
■ Regulator
■ Operations
■ Internal compliance
■ Accountability and responsibilities
A Holistic Approach to Governance, Risk & Compliance
To ensure consistency of risk coverage it will be important to understand the roles of all key stakeholders and how they will measure risks and success.
Governance Organization and Infrastructure
Are the teams using the same systems?
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11
■ How can this be achieved
■ Continuous monitoring
■ Effectiveness and efficiency review
■ Integrated reporting
A Holistic Approach to Governance, Risk & Compliance
Organizations looking at online gaming need to understand the codified elements, and have in place controls or mitigating elements for the ones that are still not developed.
Enterprise Assurance
Are the teams sharing results and experiences?
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12
■ Volume vs quality
■ Responsible gaming
■ Motivation/incentives
■ Ethics and compliance
A Holistic Approach to Governance, Risk & Compliance
To be successful, GRC needs to be directly linked to organization culture and ethics, scalable and take into account all known responsible gaming initiatives.
Culture and Behaviour
Are there different drivers within the organization
© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms
affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13
■ What risk is being managed where?
■ Identify how risk is being managed: systems,
processes, reports
■ Identify tolerance levels being applied
■ Identify incompatibilities
■ Identify overlaps
■ Bring everything together
A Holistic Approach to Governance, Risk & Compliance
Online gaming will require that organizations review and enhance traditional control processes to meet the new risks introduced. This will impact controls in all elements of their organization and may be impacted by external sources.
Where is risk being managed in your organization?
Thank you
Archie Watt
Director KPMG LLC (UK)
archiew@kpmg.co.im
+44 (0) 1624 681007
Louie Velocci, CA, CISA,
CISSP, GCFA, CGEIT
Director, IT Advisory
Performance and Technology
lvelocci@kpmg.ca
(902)483-0577
KPMG has a team of dedicated gaming
professionals who work with lotteries and
casinos globally.
www.kpmg.ca
© 2011 KPMG LLP, a Canadian limited liability partnership
and a member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative
(“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are
registered trademarks or trademarks of KPMG International
Cooperative (“KPMG International”).
Recommended