Testing Methodology

The majority of eCOGRA staff members have an auditing background at a Big Four audit firm, and are qualified Chartered Accountants. The recruitment is specific to tailor the latest best practice auditing disciplines to the intricacies of the online gambling environment when providing regulatory compliance, advisory and technical services.

Compliance Reviews

Within every procedure conducted to assess and verify compliance the principle of game fairness prevails.

The nature and size of operations covered require a risk-based audit approach to the review. Risk categories are assigned to the eGAP requirements and the extent of audit procedures represent mitigation of the perceived and actual risk.

The eGAP requirements combine elements of corporate governance, legal compliance, financial controls, systems controls, operational controls and corporate social responsibility. More specifically the eGAP requirements incorporate the following areas:

1. Internal management controls over the software development environment;
2. Internal controls over the IT Security environment;
3. Functionality of the software and supporting back office application;
4. The control environment and integrity of the Poker network structure; and
5. An assessment of the randomness or fairness of the games.

The extent of the eCOGRA review is best demonstrated through the approach. Work programs, providing interpretational guidance and pre-audit planning, are developed for each department and issued to the department representative well in advance of the review.

The methodology for testing the various disciplines incorporates a combination of:

• Substantive testing, where verification is obtained through assessment of relevant source documentation or visual website representation. Substantive testing employs predominantly point-in-time time testing; and
• Internal control evaluation, which incorporates an identification of the financial objective, the risks surrounding that objective, the organisational response to that risk in the form of an internal control. The control is then assessed through selecting a random sample of transactions and conducting walk-through testing to verify that the outcome of the transaction is in accordance with the anticipated outcome. The effectiveness of the control is further assessed through analysing the communication thereof to relevant employees and finally the ongoing monitoring of the control activities by management.

Quality control and independence consists of five tiers. All reports are subject to peer review. Thereafter, the report is subjected to a management review and client acceptance. On compliance, the report is submitted to eCOGRA’s Seals Compliance Committee, who consider the suitability of the application for an eCOGRA Seal.