Operational Risk Assessment at DCLB
Office of the Chief Financial Officer
Executive Summary for Closed Reports
Report No. IA:DCLB:2909-C09: Final Report on the Operational Risk Assessment Update at the DCLB, dated January 25, 2010.
Chief Risk Officer’s Risk Assessment
The Inherent Risk associated with the operational aspects of the games and supporting technology for the District of Columbia Lottery Board (DCLB) is classified as High risk. Therefore, particular emphasis is placed on OIO’s recommendations.
OIO provided twenty-nine recommendations and fourteen were implemented in an effort to strengthen internal controls. It must be noted that ten of the recommendations were recommendations that OIO perform additional work. DCLB concurred with all efforts to perform additional activities. No formal reports have been issued demonstrating results of subsequent work.
- Implementation of the gaming system project was successfully completed on 11/23/10.
- DCLB has reviewed its Draw Division Business Continuity Plan Update and the effectiveness of the Draw Division’s Standard Operating Procedures (SOPs). DCLB's Draw Division Business Continuity Plan was live-tested by Hurricane Sandy and the draw went on without any problems. The plan is effective.
- DCLB has reviewed the effectiveness and efficiency of its revenue enhancing projects, including the $1/$2 Raffle Online Game.
- DCLB's management has changed since this audit was conducted in 2009. All marketing and promotion events are approved by the Director of Marketing. In addition, all marketing and promotion events over $10,000 are approved by the Executive Director or the Chief Operating Officer.
- The DCLB has established Standard Operating Procedures (SOPs) for the agent licensing and renewal process, excessive cancellations and Insufficient Funds (NSF's).
- The Information Technology Department Risk “Self Assessment” Process (including Access & Security Controls and Business Continuity and Contingency Plan) was completed in a subsequent audit.
- DCLB has an SOP for its Automated Claims Processing system.
- The Customer Service Complaints Database system has been successfully implemented.
- DCLB Policies & Procedures over Fraud Risk Associated with Non-Payment of Players’ Winnings continue to be enforced.
- DCLB disagrees that further review of Property Inventory and Disposal of Internal Controls within the DCLB Support Services is necessary; however, DCLB attached an SOP regarding Record Retention to the audit response.
- DCLB retained the services of an accounting firm that prepared a draft Accounts Payable Manual. Additional changes were made by the Finance Department. The manual is complete.
- DCLB attached SOPs for Problem Tickets.
- Initial audit of Other Expenditures and the Accounts Payable and Vendors Payments Cycle was conducted in 10/08. DCLB was responsive to OIO’s recommendations.
- Audit of DCLB Employees’ Payroll and Overtime was conducted in 10/10. DCLB was responsive to OIO’s recommendations.
The areas for which OIO was going to pursue work, and DCLB agreed are:
- Delehanty’s Report on Evaluation of Scientific Games International Security Controls in the Development and Production of Instant Tickets related to DCLB.
- Feasibility Study on Possible Areas of Continuing Audit and/or Data Analysis Application at DCLB.
- DCLB Treasury Operations including Billings, Cash Collections from Agents (lottery proceeds, less prizes payments, agents’ commission and adjustments), etc., Back Office supports for the Claim Center and IRS Reporting.
- Revenues Cycle and the related Accounts Receivable Recording and Reporting Internal Controls.
- Instant Ticket Inventory and Distribution Operations at the DCLB (including the effectiveness and efficiency for the enhanced Instant Tickets Reconciliation system and process).
- Gaming Expenditures cycle and the related Accounts Payable Recording and Reporting Internal Controls.
- Yearly Agent Incentive Bonuses.
- DCLB Bank Reconciliation Process.
- Payments or Wire Transfers Made to Lottery Technology Enterprises, Inc. and MUSL.
- Multi-State Lottery (MUSL) Reimbursable Travel and Related Expenses.
Two recommendations no longer apply as there is no longer a DCLB Trust Fund and DCLB no longer collects bonding fees.
There are three recommendations that were not implemented.
- DCLB disagrees that a follow-up on the annual external auditors’ report (SAS-70) on the LTE Controls Placed in Operation and Tests of Operating Effectiveness related to DCLB user Control Considerations is necessary. DCLB has followed-up with LTE on the SAS-70 audit and believes no action plan is necessary as exhibited by the results of the latest Deloitte & Touche SAS 70 Type II Audit report, dated November 13, 2009.
- DCLB disagrees with the finding that the reconciliation process of the On-Line Games and ICS processes are ineffective. The ICS systems utilize auto-balancing features that prevent non-reconciled transactions from entering the system. However, DCLB agrees a review of the reconciliation of the Oracle General Ledger processes is needed. OIO should note that DCLB has its own Oracle system.
- DCLB disagrees with the necessity of a review of the Request for Proposal of the Instant Tickets Production and Distribution Contract renewal that was initiated in November 2009 with the OCFO Office of Contracts(OC). OC has already initiated the process for DCLB’s review of its option to extend the current contract with Scientific Games.
To view the full report, click Operational Risk Assessment at DCLB.