An Operator’s control environment and operating principles form an integral part of the standards-based framework. This section includes information from the Registrar to help guide Operators in the development and implementation of their control environment, as well as to establish key operating principles from a forward-looking industry perspective.
- Operators will have appropriate and effective control activities in place to meet the Standards and Requirements.
- Operators will develop control activities based on the regulatory risks identified by the AGCO, taking into account how these risks apply or could manifest at their particular gaming site. The AGCO recognizes that control environments will vary across gaming sites based on their specific risk profile and the context in which they carry on business (e.g. urban casino versus rural bingo hall).
- Operators will use control activities that can be audited or periodically reviewed for compliance with the Standards and Requirements, and will use systems-based solutions where appropriate.
- In developing their control environment, Operators will consider the Standards and Requirements in their entirety, as one control activity may be used to mitigate the risks associated with multiple Standards and Requirements.
- Operators shall develop an implementation and compliance plan for review by the Registrar prior to transitioning to a standards-based framework. An Operator’s plan must cover at a minimum the following elements: its process for developing control activities, including any industry standards or good practices it utilizes as part of its compliance framework; its corporate governance structure; the roles and activities of its internal and external auditors; and the timing for each phase of implementation and anticipated full implementation date.
Utilize Established Effective Practices
- Operators are encouraged to adopt industry standards, good practices and governance frameworks established by relevant standards-setting and standards-administering institutes and bodies to support an efficient and effective compliance framework. Similarly, Operators are encouraged to obtain certifications and accreditation, over time, to support continuous improvement of their operations and to contribute a degree of independent validation to their control environment and its design effectiveness.
Oversight and Audit
- An Operator’s control activities must be reviewed by an independent oversight function for compliance with the Standards and Requirements. Independent oversight practices may vary by Operator depending on a number of factors, including the size, structure and complexity of the Operator’s organization. Whatever the case, the Registrar expects that there will be an appropriate role for both internal and external auditors in assessing the ongoing effectiveness and efficiency of internal controls.
- In addition to reviewing controls for compliance with the Standards and Requirements, audits should also take into account whether controls are consistent with appropriate and relevant industry standards, good practices and governance frameworks.
- Operators, gaming-related suppliers, and other registrants will facilitate any investigation conducted under the Gaming Control Act, 1992, and will grant appropriate access to AGCO OPP Casino Enforcement Unit and any individual with a certificate of appointment from the Registrar.