Before getting into the subject, it is important to make a difference between internal and external audits. According to the Institute of Internal Auditors, internal auditing is defined as “an objective and independent assurance and consulting activity designed to add value and improve the operations of an organization, helping it to achieve its goals, while providing a systematic and disciplined approach in order to evaluate and enhance the effectiveness of risk management, control and governance processes .” Meanwhile, according to the International Federation of Accountants (IFAC), an audit work is defined as “a reasonable assurance task in which a professional accountant in public practice expresses an opinion on whether the financial statements are prepared, in all material aspects (or provides a true and reasonable view as to whether they were presented reasonably, in all material aspects), within an applicable financial statement framework, such as work that is carried out in accordance with International Audit Standards. This includes the regulatory audit, which is an audit required by law or other regulation.”
EXTERNAL AND INTERNAL AUDITS
Focusing on the gaming sector, in the case of External Audits, casinos are obliged, by different governmental control bodies, to have their financial statements audited and endorsed by an independent public accountant, who ensures the reasonableness of the accounts that are reflected in those financial statements. On the other hand, an Internal Audit on casino operations represents a series of steps that need to be taken to evaluate the operational activities of the room. The operational audit process is a much more in-depth analysis of the Casino Operations Department, and focuses on the different sub-departments that are interconnected (tables, machines, poker, betting, cash, reception).
The objective of the Operational Audit is to determine whether the company’s internal controls, such as policies and procedures, are sufficient to produce an optimal level of efficiency and effectiveness. This is critical for casinos, as a lack of efficiency and effectiveness typically results in lower revenue or increased operational costs, which sometimes means the casino’s inability to compete and achieve its economic goals.
CONTINUING AUDIT PROGRAMS
Control and information systems have become critical for all organizations, and it is necessary to ensure their integrity, availability, confidentiality, efficiency, effectiveness and compliance. The casinos’ struggle to increase their profits has caused a whirlwind of changes: technological, player preferences, markets characteristics, owner expectations, and so on. The reactions of the gaming halls to these new realities caused, in turn, modifications in the processes, either by implanting new technologies and/or acting on the players, among other consequences. Therefore, today, an effective control environment may become obsolete tomorrow.
In this context, it should be noted that carrying out continuous audit programs helps identify why it is necessary to modify the control systems, as circumstances require. For this, it is indispensable to comply with the following points:
1) Carry out technical, operational and IT audits from Internal Control and Internal Audit areas.
2) Have experts to create the role of the ‘external auditor’, and establish a comprehensive monthly/annual Audit Plan.
3) Carry out co-audits, in which the external IT auditor contributes with knowledge and experience, and the internal auditor coordinates the project and jointly develops all the audit work.
4) Use data analysis tools to detect anomalous situations in the organization. The internal audit area now provides added value.
5) Implement continuous auditing.
6) Carry out an audit of technological investments, when deviations and problems are detected in information systems that are being developed or implemented.
Likewise, the Internal Auditing Standards require:
1) Evaluate the controls, even if they are automated.
2) Evaluate the effectiveness and improve risk management processes, including operational risks, calculation risks, risk in work processes and technological risks.
3) Evaluate the internal control points and the flow of information between the different areas of the casino.
4) Evaluate and analyze information technology management.