Governance

Over the years, the Centium team has assisted many organisations to design, build, implement and maintain effective corporate governance structures. These help coordinate the business rules, relationships, policies, systems and processes used to manage performance, reduce risks, control operations and ensure compliance, all towards achievement of organisational goals and objectives.

Situation

We were appointed by a Government body to undertake a performance review of the governance framework for a leading Authority in the Gaming Sector; an industry that is traditionally heavily regulated and scrutinised. On this occasion, the Authority had been left to largely regulate itself, with no meaningful reviews having been conducted for several years. As a result, the review posed particular challenges for the review team to gain the confidence of staff and obtain access to the information and records needed for the review.

Task

The objective of the review was to assess the adequacy and effectiveness of the Authority’s internal control framework (including the legislative framework, management, operations and governance arrangements) in managing its key strategic and operational risks.

The scope included:

• Establishing the key strategic and operational risks;
• Conducting a legal due diligence review and an assessment of the legislative framework and legislative and regulatory compliance;
• Reviewing the adequacy of the overall strategic and business planning framework;
• Assessing the adequacy of the internal control framework, including Board oversight, management review and reporting;
• Assessing compliance with legislative requirements and internal policies and procedures;
• Assessing the adequacy of the Authority’s structure, roles and responsibilities and coordination across the business, and operational processes for pricing, collection of monies, and payment of expenses.

Action

Working closely with the management team, we gathered information through interviews with members of the Authority, the governing Agency and key stakeholders. Data analytics were performed to assess financial performance, and desktop reviews undertaken of various legislation, regulations, contracts, policies and procedures. A gap analysis was undertaken to assess the adequacy of the compliance framework when compared to better practice requirements in other jurisdictions. We developed a comprehensive Risk and Control Matrix to help determine the inherent risks in the various scope areas, and the expected controls to be tested. For each scope item, we performed detailed analysis and testing. Findings from the review were each given a risk rating based on the categories in the enterprise risk management framework, and a controls effectiveness rating was applied to each control tested.

Result

The review highlighted a large number of shortcomings across all scope items indicating significant failings in the overall governance framework. Although somewhat surprised by the outcome, management accepted the report recommendations as a positive roadmap of prioritised actions required to improve business planning, implement a risk management framework, strengthen internal controls, streamline operational processes, and address non-compliance issues.

The review is a timely reminder that sometimes a business can become so focused on outcomes that they neglect to implement the governance measures required to enforce the high ethical standards of behaviour and business practices needed to protect its reputation, and demonstrate integrity, transparency and accountability in all areas of its administration.