Information
and Communications Technology
– Future Directions : Management and Control
The Independent Gaming Corporation Ltd. (IGC Ltd) operates a central computerised monitoring system which monitors and records the activities of over 15 000 individual gaming machines located in approximately 600 venues in the State. Operation of the gaming machines contributes millions of dollars to the State’s revenue base, and is subject to regular Parliamentary and media debate.
The Liquor and Gambling Commissioner, in granting the Gaming Machine Monitoring License, established stringent conditions of acceptance for the operations of the computerised monitoring system. IGC Ltd, in discharging its responsibilities in respect to monitoring of gaming machine operations in licensed venues has, with the Treasurer’s approval, set a charge on licensed gaming machine operators to provide for the ongoing cost recovery of its operations.
Monitoring system maintenance contracts exist with various companies. Under the provisions of the Gaming Machines Act 1992 (Gaming Machines Monitoring Licence Conditions), IGC Ltd may not alter or maintain the monitoring system hardware or software. Only third parties approved by the State Supply Board (the holder of the Gaming Machine Supplier’s and Service Licences) may do so. As such, IGC Ltd. has a number of maintenance contracts with approved third parties for the maintenance of monitoring machine hardware and software.
In the last two years, Audit has undertaken focused reviews of certain technical aspects of the Gaming Machine Monitoring System (GMMS) and Internet web site facility. The reviews included consideration of the:
policy and procedural documentation in relation to the GMMS and Internet web site facility;
nature and extent and outcomes of Internal Audit activity;
performance of review work associated with the system database administration and security, backup and recovery and change management processes.
It is important to note that the environment that IGC Ltd operates in, notably with a technically advanced GMMS and a small number of staff, places increased emphasis on a number of matters. These include the need for comprehensive policy and procedural documentation, training of staff, and regular monitoring of key activities, particularly with respect to the GMMS but also the Internet web site facility.
The audit reviews have confirmed IGC Ltd, through its Board Audit Committee and Management, has exercised diligence with respect to the overview of security and control practices in operation of the GMMS and Internet web site facility.
The reviews did make recommendations to further improve the overall security arrangements regarding the GMMS and Internet web site facility. Audit’s recommendations addressed some aspects of:
documented security procedures;
audit logging and monitoring of critical GMMS information;
direction and scope of IGC Ltd Internal Audit strategy.
IGC Ltd Response — Responses received from IGC Ltd in respect of the matters raised over the past two years demonstrate a positive approach to all matters raised.