1.2 Formal control activities shall be submitted to the Registrar which have been assessed by an independent oversight function acceptable to the Registrar for alignment with the Standards and Requirements and authorized by the appropriate level of management.
Requirements – At a minimum:
- A process shall be in place to periodically review control activities for effectiveness in fulfilling the Standards and Requirements and to document, remedy and adjust the controls where deficiencies or gaps are found.
- Substantial changes to the control environment shall be communicated to the Registrar in a timely manner.
- Control activities must be available to the AGCO (or its designate) for regulatory assurance purposes.
Guidance: Independent oversight may be exercised by an internal audit body and/or external auditor, as considered appropriate by the Operator or gaming-related supplier and as acceptable to the Registrar. The Registrar recognizes that oversight practices may vary by Operator / gaming-related supplier depending on their size, ownership structure, scope and complexity of operations, corporate strategy and risk profile. Whatever the case, the independent oversight function should be responsible for auditing the organization’s compliance management framework, identifying, managing and reporting on risks the organization is or might be exposed to and exercising oversight that is independent from operational management. It should also have direct and unrestricted access to the Board.
Additional Guidance for Gaming-Related Suppliers: In the application of the entity level Standards and Requirements, it is recognized that some gaming-related suppliers, particularly suppliers of gaming equipment, operate in jurisdictions in addition to Ontario and may be limited in their ability to design and implement control activities based solely on the Standards and Requirements. The intent is that these Standards and Requirements apply to gaming-related suppliers in respect of their conduct in Ontario. At a minimum, the entity level Standards and Requirements seek assurance that gaming-related suppliers, including suppliers operating in multiple jurisdictions, will have acceptable control activities and that periodic review for gaps in control activities is carried out and that the suppliers ensure that the control activities are followed where such control activities affect the respective supplier’s conduct in Ontario.
1.2.1 Removed, March 2022.
1.3 Removed, September 2020.
1.4 Removed, September 2020.
1.5 Removed, September 2020.
1.6 Removed, September 2020.
1.7 Management overrides of the control activities shall be clearly documented and made available to the Registrar upon request.
Requirements – At a minimum:
- Approval from at least two senior-level managers is required in order to override any
control activity, and in each instance the override shall be reported to the Board or other
governance structure where a Board does not exist
Guidance: The intent of this Standard is to allow senior-level management to override
controls on a one-off basis in necessary circumstances and to ensure that appropriate
documentation is maintained for auditing purposes. This Standard is not intended to
address permanent changes to the control environment.
1.8 Operators must establish, implement and maintain controls to support preparation of financial reports which comply with all applicable accounting standards, rules and good practices.