Faced with a context of increasing use of digital tools and circulation through networks of sensitive private information, gaming companies must offer security to their customers. The best way to show solidity in data management is to undergo checking and control processes. In this article, the expert Gricelda Soledad Ruibal explains how and why it is essential to prioritize this type of audit.
By Gricelda Soledad Ruibal, Founding Partner, Play In Group Consulting*
Today, companies generate an infinite amount of data. The value of the information that is processed and treated within a company is incalculable. As a consequence of that, companies increasingly need to have advanced technology to work, including complex software systems and computerized equipment that allow them to carry out their activities in an optimized and efficient way. The very fact of having a variety of computer tools leads every company, in this case, from the gaming industry, to the obligation of implementing a proper information systems audit.
DEFINITIONS, CHARACTERISTICS AND OBJECTIVES
Information systems audit is defined as a process that encompasses the review and evaluation of all aspects (or any of them) of automatic information processing systems, including non-automatic procedures related to them and corresponding interfaces. The final objective of the systems auditor is to give recommendations to senior management to improve or get an adequate internal control in information technology environments, in order to achieve greater operational and administrative efficiency.
The systems audit comprises the following instances: a) Verification of controls in the processing of information and installation of systems, in order to evaluate their effectiveness and also present some recommendation and advice; b) Objectively checking and judging the information; c) Examination and evaluation of the processes regarding computerization and data management. In addition, there’s an evaluation of the amount of resources invested, the profitability of each process, its effectiveness and efficiency.
The objectives of the systems audit are, among others, the following: 1) Improve the cost-benefit ratio of information systems; 2) Increase the satisfaction and security of the users of those computerized systems; 3) Guarantee confidentiality and integrity through professional security and control systems; 4) Minimize the existence of risks, such as, for example, viruses or hackers; 5) Optimize and accelerate decision making; 6) Educate on the control of information systems, since it is a very changing and relatively new sector, so it is necessary to educate the users of these computerized processes.
Therefore, systems audit is a way of monitoring and evaluating not only the computer equipment itself. Its scope of action also revolves around the control of the entry systems to that equipment (think of passwords and access codes), files and their security, etc. Furthermore, this audit is essential to guarantee the performance and security of a company’s computer systems, so that they are reliable when using them and guarantee the maximum privacy possible.
A key aspect of the audit is the evaluation of risks associated with these elements: a) Hardware: Neglect or lack of protection. Inappropriate conditions, mishandling, non-observance of the rules. Destruction; b) Software: Use or access, copy, modification, destruction, theft, errors or omissions; c) Files: Uses or access, copying, modification, destruction, theft; d) Organization: Inadequate, non-functional, without division of functions. Lack of security, policies and plans; e) Staff: Dishonest, incompetent and discontented; f) Users: Masking, lack of authorization, lack of knowledge of their function.
On the other hand, regarding the specific tasks to be evaluated in the systems audit, these ten actions can be mentioned:
1. Participation in the development of new systems: evaluation of controls. Compliance with the methodology.
2. Security assessment in the computer area.
3. Sufficiency assessment in contingency plans. Backups, anticipate what will happen if failures occur.
4. Opinion of the use of computer resources. Safeguard and protection of assets.
5. Modification control to existing applications. Fraud and control of program modifications.
6. Participation in the negotiation of contracts with suppliers.
7. Review of the use of the operating system and programs. Utilities. Control over the use of operating systems. Utility programs.
8. Audit of the database. Structure on which the applications are developed.
9. Audit of the teleprocess network.
10. Development of audit software.
In conclusion, the ultimate goal of a well-implemented systems audit is to develop software capable of continuously exercising control over the operations of the data processing area.
*With more than 15 years of professional experience advising companies in the gaming sector (in legal, technical and accounting aspects), among others, currently, Gricelda Soledad Ruibal if founding partner at Play In Group Consulting and Director of Institutional Relations at Gaming Solution Technology. From her extensive resume, it should be highlighted her work as former Coordinator of Hiperion Program, from the Systems Directorate of the Buenos Aires Province Lottery (IPLyC). Ruibal stands out in coordination of interdisciplinary work teams, and in conflict resolution and negotiation.
She is a National Public Accountant from Universidad Nacional de La Plata, Buenos Aires Province (Argentina), and has Postgraduate degrees in Taxation (Universidad Nacional de La Plata), and Audit and Fraud Detection (Consejo Profesional de Ciencias Economicas, Buenos Aires City). Regarding the gaming industry, this executive has participated in different seminars and congresses organized by ALEA, CIBELAE and GLI.