Iga5 5063-playing-smart!-strategies-for-mitigating-online-risk

Playing Smart!

Strategies for Mitigating

Online Risk

Lottery and Gaming Services

April 20, 2011

© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms

affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1

Agenda

Online Gaming – A New Challenge for Boards and Management

Beyond Technology Risk – Managing Reputational Risk

Online Gaming Reputational Risk

Compliance Risk

Operational Risk

Technical Risk

KPMG’s Holistic Model for Governance, Risk and Compliance (GRC)



Online Gaming – A New Challenge for Boards and Management

Board of Directors and Executive Management in gaming organizations are facing new levels of risk and compliance issues with online gaming.

Managing risk, governance and compliance for online gaming

Online gaming is a line of

business for

organizations, NOT a

technology endeavor.

There is an increased

responsibility and scrutiny

regarding the board’s role,

capabilities and

governance standards.

Silo’ed approaches to risk

management has led to

duplication of functions

and increased costs yet

not provided Management

and Board with

assurance.

Forward thinking

executive Management

and Boards are seeking

local AND global best

practices within AND

outside the industry to

address online and

emerging mobile phone

challenges and

opportunities.



Beyond Technology Risk – Managing Reputational Risk

Considering business, operational, and technology risk, and compliance is critical to managing reputational risk.

Reputational

risk is a

combination

of several

risk factors:

regulated online gaming is behind the non-regulated

offerings, and the reputational risks of association or

control deficiency are very high.

Business

changes in processes and regulations that are not fully

developed to deal with online gaming are problematic.

Operational

moving away from traditional lottery and gaming products

and delivery models requires a fundamental shift towards

highly available and secure infrastructure.

Technology

Technical Risk

Compliance Risk

Operational Risk

Reputational Risk



Online Gaming Reputational Risk

Reputational risk is the cornerstone.

Online gaming can have a significant impact on the reputation of the organization.

Online, mobile phone and tablet gaming risks ranked below:

Likely

(High)

Possible

(Moderate)

Remote

(Low)

Consequences

Pro

bab

ilit

y

Low Medium High

Legal Organization Structure

Strategic Planning

Business Planning

Corporate Governance

Technological Developments

Training

Illegal Acts

System Security

Access

Political

Gaming

Integrity

Corporate Image

Fraud

System Availability

Data Privacy

Economic

Financial

Reporting

Processes

System Development

System Maintenance

User Acceptance Testing

Customer

Service

Infrastructure

Competition

Data Integrity

Catastrophic Loss

Product

Development

Regulatory



Compliance Risk

Gaming Act not complete. Could impact the initial

rollout of online gaming, and potential pool of online

gamers.

Standards are not universally accepted or defined

Competition have limited or no compliance overhead

Legal considerations not fully mitigated

Current rules based on historical gaming

Mobile devices are not subject to consistent standards

Compliance with laws and standards is not new to industry, however, with online gaming there are elements that are codified and many that are not.



Operational Risk

With online gaming , lottery and gaming organization need o review and enhance traditional control processes to meet the new risks. This will impact controls in all elements of their organization and may be impacted by external sources.

Traditional lottery and gaming controls are of limited value

Potentially additional requirements for Internal Audit and Security/Compliance

Training considerations

Research, development and validation of new products

Mitigating risks of online fraud is complex

Game integrity will require additional approaches



Technical Risk

Any player-facing application is under a higher degree of scrutiny from the external perspective. With online gaming there is additional consideration that needs to be taken in relation to the impact on “behind the scenes” systems and processes.

Online gaming requires both a high performance and a highly available system for players to connect

with and undertake transactions

Redundancy factor requires companies move to a 99.999 percent uptime -- IT infrastructure, security

and resources

Disaster recovery plans (DRP) need to address new users and processes

Online vulnerabilities increase exposure to organization

Data integrity is key driver of success in online gaming

System and user access controls will now have to be extended to individuals outside of the

organization

Strategic and business plans will have to incorporate the need for additional IT resources and costs

Online game testing is critically different



A Holistic Model for Gaming Governance, Risk & Compliance (GRC)

KPMG’s integrated approach for developing and establishing a successful and sustainable

GRC Framework within the organization.

Business

Process

Governance, Organization

& Infrastructure

■ Accountability and

responsibilities

Enterprise

Assurance

■ Continuous

monitoring

■ Effectiveness

and efficiency

review

■ Integrated

reporting

Culture & Behavior

■ Motivation / incentives

■ Ethics and compliance

Risk Profile

■ Risk drivers

■ Emerging Risks

■ Interdependencies

Compliance

Performance

Strategy

Values

Business Model

Value Drivers

RE

SIL

IEN

CE

MIS

SIO

N



■ Drivers

■ Emerging risks

■ Interdependencies

■ Player registration and knowing your customer

■ Player deposit

■ Play

■ Bonus management

■ Withdrawal and knowing your customer commitments

■ Protection of customer information ongoing

A Holistic Approach to Governance, Risk & Compliance

With mobile devices and new form factors such as tablets playing an increasing role in online gaming, lottery and gaming corporations must consider the origin and point of access players will use to access online gaming functionality.

Risk Profile

Are different parts of the operation looking at risks in different ways?



■ Regulator

■ Operations

■ Internal compliance

■ Accountability and responsibilities


To ensure consistency of risk coverage it will be important to understand the roles of all key stakeholders and how they will measure risks and success.

Governance Organization and Infrastructure

Are the teams using the same systems?



■ How can this be achieved

■ Continuous monitoring

■ Effectiveness and efficiency review

■ Integrated reporting


Organizations looking at online gaming need to understand the codified elements, and have in place controls or mitigating elements for the ones that are still not developed.

Enterprise Assurance

Are the teams sharing results and experiences?



■ Volume vs quality

■ Responsible gaming

■ Motivation/incentives

■ Ethics and compliance


To be successful, GRC needs to be directly linked to organization culture and ethics, scalable and take into account all known responsible gaming initiatives.

Culture and Behaviour

Are there different drivers within the organization



■ What risk is being managed where?

■ Identify how risk is being managed: systems,

processes, reports

■ Identify tolerance levels being applied

■ Identify incompatibilities

■ Identify overlaps

■ Bring everything together


Online gaming will require that organizations review and enhance traditional control processes to meet the new risks introduced. This will impact controls in all elements of their organization and may be impacted by external sources.

Where is risk being managed in your organization?

Thank you

Archie Watt

Director KPMG LLC (UK)

[email protected]

+44 (0) 1624 681007

Louie Velocci, CA, CISA,

CISSP, GCFA, CGEIT

Director, IT Advisory

Performance and Technology

[email protected]

(902)483-0577

KPMG has a team of dedicated gaming

professionals who work with lotteries and

casinos globally.

www.kpmg.ca

© 2011 KPMG LLP, a Canadian limited liability partnership

and a member firm of the KPMG network of independent

member firms affiliated with KPMG International Cooperative

(“KPMG International”), a Swiss entity. All rights reserved.

The KPMG name, logo and “cutting through complexity” are

registered trademarks or trademarks of KPMG International

Cooperative (“KPMG International”).