TECHNICAL SYSTEMS TESTING - Internet Testing (General Controls Review)


	Evaluation & Compliance Testing
	+	Base Website
	+	Games
	+	Random Number Generators (RNGs)
	>	General Controls Review
	+	Infrastructure and Security Testing
	Other
	+	Consultation & Compliance Support
	+	Technical Standards Document (TSD) Development
	+	Transfers of Approval
	+	Sample Client List




	General Controls Review Due to the highly controlled environment necessary for the safe and secure operation of an Internet Gaming System (IGS), part of TST's evaluation is the General Controls Review. This review may be conducted as part of a formal comprehensive IGS evaluation or alternatively it may be conducted on its own as a separate service. The General Controls Review will focus on the internal controls within the organization to determine: What can go wrong, and The checks and balances that are in place to identify problems if they do occur. An appropriate and effective general controls environment will provide reasonable assurance regarding the achievement of objectives in the following categories: Reliability of the fault reporting and corrective processes, Effectiveness and integrity of software maintenance process, and Compliance with applicable laws and regulations. If TST can establish that the general control environment is adequate, we can rely on that environment to ensure any software modifications are properly made. Our General Controls Review includes the following areas: Control Environment: The Control Environment is the foundation for all other components of internal control. The Control Environment includes areas such as the systems development life cycle, testing and version control. Risk Assessment: The Risk Assessment identifies and analyzes the risks of achieving objectives and determines how to manage risks that may result from internal and external sources. Control Activities: There should be in place policies and procedures to ensure that organizational directives are followed and that necessary actions are taken to address problems that would impede achieving objectives. Control Activities include authorization, verification, reconciliation, review, security, and segregation of duties. Information and Communication: Pertinent information must be identified, captured, and communicated so individuals in the organization can fulfill their responsibilities. Effective communications should also be maintained with external parties, such as customers, Software Suppliers and jurisdictional Regulators. Monitoring: Management should monitor the internal control structure through ongoing monitoring activities in the course of operations and through separate evaluations.