Ralph Villanueva CISA CIA CFE CRMA - Society of Corporate … · 2015. 9. 15. · 1 Ralph...
Transcript of Ralph Villanueva CISA CIA CFE CRMA - Society of Corporate … · 2015. 9. 15. · 1 Ralph...
1
Ralph Villanueva CISA CIA CFE CRMA
Objectives
Attendees will learn the importance of a strong IT compliance component in overall compliance work
This presentation will share lessons from the IT compliance efforts of the Las Vegas gaming industry, and enable attendees to learn the various regulatory and industry requirements influencing IT compliance work in Las Vegas
Attendees will learn how to harness the benefits of regulatory and industry requirements in their state and industry in setting up effective IT compliance measures in support of their compliance efforts and avoid the huge cost of non‐compliance
2
About Ralph Villanueva
Certified Fraud Examiner (CFE), Certified Internal Auditor (CIA), Certification in Risk Management Assurance (CRMA) and Certified Information Systems Auditor (CISA) .
Over 20 years’ progressive professional experience in accounting, auditing, fraud examination and compliance in the US and the Asia‐Pacific region.
Currently IT Security and Compliance Analyst at the Westgate Las Vegas Resort and Casino where he oversees the company's compliance with its IT internal controls, Nevada IT gaming regulations and COBIT or Control Objectives for Information and Related Technologies.
Las Vegas today
3
Vibrant Gaming Industry
Over 55,000 slots
Over 3,500 tables
Vibrant Gaming Industry
Over 40 gaming locations
Over $6.9 billion in gaming revenue
4
Vibrant Gaming Industry
Major source of tax revenue
Heavily regulated
Vibrant Gaming Industry
Open to investing public
Culturally accepted
5
Peerless convention industry
Over 22,000 conventions
Over 150,000 rooms
Over 5.1 million attendees
$10.6 billion in non‐gaming revenue
Peerless convention industry
6
Las Vegas Tourism
41 million visitors
Over 366,000 jobs
To understand compliance in Las Vegas today, we need to look at the past
7
Las Vegas Then
Train stop
Mining supply depot
LasVegas Then
Major Hotel Casino Resorts started by the Mob
Only other major industry is the US government
8
Las Vegas Gaming Then Focused on gamblers
Unregulated and Mob controlled
Las Vegas Gaming Then
Culturally shunned
Not significant source of tax revenue and employment opportunities
9
LasVegas Gaming Then
Howard Hughes buys hotel casino resorts from the Mob
Non‐gaming sector starts to expand
Las Vegas Gaming Then
Established in 1955
Stronger law enforcement
10
Las Vegas Gaming Then
Booming US economy since WW II
Easy access through McCarran Airport
Las Vegas Gaming Then
More Technology in Gaming
Greater acceptance of gambling
11
Why technology in Las Vegas gaming is important to us in IT Compliance?
Consider gaming tech supplied by these companies to the Las Vegas gaming industry
12
Consider these regulations in the Las Vegas gaming industry that need input from gaming technology
Consider these other industry requirements that interface with the Las Vegas gaming industry
13
Consider these Las Vegas tech enabled crimes that hinder accomplishment of business objectives
These are the reasons why IT compliance is important to us. IT compliance professionals need to satisfy, and at the same time harness all those, in fulfilling his/her work.
Diagram of compliance components in a typical gaming property
14
Moreso because so much relies on us
Diagram of IT components in typical gaming property
But at the same time, it feels like these
15
How do we push IT compliance throughout the gaming property?
One thing for sure
16
But the good news is
It’s definitely not rocket science
Tone at the top is important
17
Very important
Internal controls are a must for effective IT compliance
Preventive
Directive
Detective
18
Training is vital for everyone
Appropriate organizational structure is key for effective compliance
19
Hotlines provide opportunities for risk‐free reporting
A fair disciplinary system keeps everyone in line –and the property away from noncompliance hell
20
Best of all, the IT compliance professional watches out for signs of noncompliance
But how do you integrate technology and regulation with achievement of business objectives?
21
Look into complementary controls amongst various regulations
Map them and take note of similarities
22
EASY!
But wait
23
You should run this with management, legal counsel and external auditors
Collaboration is the ultimate keystone for an effective IT compliance program.
24
But don’t forget to look into how today’s trends and events may shape tomorrow’s compliance landscape.
THANK YOU VERY MUCH AND HAVE A GREAT DAY