Your SlideShare is downloading. ×
  • Like
Iga5 5063-playing-smart!-strategies-for-mitigating-online-risk
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Iga5 5063-playing-smart!-strategies-for-mitigating-online-risk

  • 273 views
Published

 

Published in Business , Economy & Finance
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
273
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Playing Smart!Strategies for Mitigating Online Risk Lottery and Gaming Services April 20, 2011
  • 2. Agenda Online Gaming – A New Challenge for Boards and Management Beyond Technology Risk – Managing Reputational Risk Online Gaming Reputational Risk Compliance Risk Operational Risk Technical Risk KPMG’s Holistic Model for Governance, Risk and Compliance (GRC)© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 1affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 3. Online Gaming – A New Challenge for Boards and Management Managing risk, governance and compliance for online gaming Forward thinking executive Management Silo’ed approaches to risk and Boards are seeking There is an increased management has led to Online gaming is a line of local AND global best responsibility and scrutiny duplication of functions business for practices within AND regarding the board’s role, and increased costs yet organizations, NOT a outside the industry to capabilities and not provided Management technology endeavor. address online and governance standards. and Board with emerging mobile phone assurance. challenges and opportunities. Board of Directors and Executive Management in gaming organizations are facing new levels of risk and compliance issues with online gaming.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 2affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 4. Beyond Technology Risk – Managing Reputational Risk Business regulated online gaming is behind the non-regulated Operational offerings, and the reputational risks of association or Compliance Risk Risk Reputational control deficiency are very high. risk is a combination Operational Technical Risk of several changes in processes and regulations that are not fully risk factors: developed to deal with online gaming are problematic. Technology moving away from traditional lottery and gaming products and delivery models requires a fundamental shift towards highly available and secure infrastructure. Reputational Risk Considering business, operational, and technology risk, and compliance is critical to managing reputational risk.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 3affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 5. Online Gaming Reputational Risk Online, mobile phone and tablet gaming risks ranked below: Organization Structure Corporate Governance Gaming Legal System Security Integrity Access Data Privacy Training Likely System Availability (High) Strategic Planning Political Corporate Image Business Planning Technological Developments Fraud Illegal Acts Infrastructure Data Integrity RegulatoryProbability Customer Possible Service Economic Catastrophic Loss (Moderate) Product Development Competition Financial Reporting System Development Processes Remote System Maintenance (Low) User Acceptance Testing Low Medium High Consequences Reputational risk is the cornerstone. Online gaming can have a significant impact on the reputation of the organization. © 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 4 affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 6. Compliance Risk Gaming Act not complete. Could impact the initial rollout of online gaming, and potential pool of online gamers. Standards are not universally accepted or defined Competition have limited or no compliance overhead Legal considerations not fully mitigated Current rules based on historical gaming Mobile devices are not subject to consistent standards Compliance with laws and standards is not new to industry, however, with online gaming there are elements that are codified and many that are not.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 5affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 7. Operational Risk Traditional lottery and gaming controls are of limited value Potentially additional requirements for Internal Audit and Security/Compliance Training considerations Research, development and validation of new products Mitigating risks of online fraud is complex Game integrity will require additional approaches With online gaming , lottery and gaming organization need o review and enhance traditional control processes to meet the new risks. This will impact controls in all elements of their organization and may be impacted by external sources.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 6affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 8. Technical Risk Online gaming requires both a high performance and a highly available system for players to connect with and undertake transactions Redundancy factor requires companies move to a 99.999 percent uptime -- IT infrastructure, security and resources Disaster recovery plans (DRP) need to address new users and processes Online vulnerabilities increase exposure to organization Data integrity is key driver of success in online gaming System and user access controls will now have to be extended to individuals outside of the organization Strategic and business plans will have to incorporate the need for additional IT resources and costs Online game testing is critically different Any player-facing application is under a higher degree of scrutiny from the external perspective. With online gaming there is additional consideration that needs to be taken in relation to the impact on “behind the scenes” systems and processes.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 7affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 9. A Holistic Model for Gaming Governance, Risk & Compliance (GRC) KPMG’s integrated approach for developing and establishing a successful and sustainable GRC Framework within the organization. Governance, Organization & Infrastructure ■ Accountability and responsibilities Strategy Enterprise RESILIENCE MISSION Assurance Values Compliance Risk Profile ■ Continuous Business monitoring Business Model ■ Risk drivers Performance Process ■ Effectiveness ■ Emerging Risks and efficiency ■ Interdependencies review Value Drivers ■ Integrated reporting Culture & Behavior ■ Motivation / incentives ■ Ethics and compliance© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 8affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 10. A Holistic Approach to Governance, Risk & Compliance Risk Profile ■ Drivers ■ Emerging risks ■ Interdependencies Are different parts of the operation looking at risks in different ways? ■ Player registration and knowing your customer ■ Player deposit ■ Play ■ Bonus management ■ Withdrawal and knowing your customer commitments ■ Protection of customer information ongoing With mobile devices and new form factors such as tablets playing an increasing role in online gaming, lottery and gaming corporations must consider the origin and point of access players will use to access online gaming functionality.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 9affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 11. A Holistic Approach to Governance, Risk & Compliance Governance Organization and Infrastructure ■ Accountability and responsibilities Are the teams using the same systems? ■ Regulator ■ Operations ■ Internal compliance To ensure consistency of risk coverage it will be important to understand the roles of all key stakeholders and how they will measure risks and success.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 10affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 12. A Holistic Approach to Governance, Risk & Compliance Enterprise Assurance ■ Continuous monitoring ■ Effectiveness and efficiency review ■ Integrated reporting Are the teams sharing results and experiences? ■ How can this be achieved Organizations looking at online gaming need to understand the codified elements, and have in place controls or mitigating elements for the ones that are still not developed.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 11affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 13. A Holistic Approach to Governance, Risk & Compliance Culture and Behaviour ■ Motivation/incentives ■ Ethics and compliance Are there different drivers within the organization ■ Volume vs quality ■ Responsible gaming To be successful, GRC needs to be directly linked to organization culture and ethics, scalable and take into account all known responsible gaming initiatives.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 12affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 14. A Holistic Approach to Governance, Risk & Compliance Where is risk being managed in your organization? ■ What risk is being managed where? ■ Identify how risk is being managed: systems, processes, reports ■ Identify tolerance levels being applied ■ Identify incompatibilities ■ Identify overlaps ■ Bring everything together Online gaming will require that organizations review and enhance traditional control processes to meet the new risks introduced. This will impact controls in all elements of their organization and may be impacted by external sources.© 2011 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms 13affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
  • 15. Thank you Louie Velocci, CA, CISA, Archie Watt CISSP, GCFA, CGEIT Director KPMG LLC (UK) Director, IT Advisory archiew@kpmg.co.im Performance and Technology +44 (0) 1624 681007 lvelocci@kpmg.ca (902)483-0577KPMG has a team of dedicated gamingprofessionals who work with lotteries andcasinos globally.www.kpmg.ca
  • 16. © 2011 KPMG LLP, a Canadian limited liability partnershipand a member firm of the KPMG network of independentmember firms affiliated with KPMG International Cooperative(“KPMG International”), a Swiss entity. All rights reserved.The KPMG name, logo and “cutting through complexity” areregistered trademarks or trademarks of KPMG InternationalCooperative (“KPMG International”).