• Ethical training and leadership can help reduce fraud risk in your casino operations.

• Fraud prevention begins with employee awareness, transparency, and well-communicated policies.

• Internal audit and risk management efforts are strengthened by a culture that prioritizes accountability.

—

In any casino or Tribal gaming operation, the risk of fraud is an ongoing concern. With high-volume transactions, cash-intensive environments, and multiple operational layers, even well-structured controls can fall short — especially when the organizational culture does not support them.

That’s why your most effective line of defense isn’t just a system or checklist; it’s your people. How they understand expectations, perceive risk, and feel empowered to raise concerns directly influences your organization’s vulnerability to fraud.

The Human Side of Risk

When employees know what’s expected and see ethical behavior valued in practice, they’re more likely to do the right thing — and speak up when something doesn’t seem right.

Organizations that emphasize ethics and transparency often experience earlier issue detection and fewer instances of internal fraud. But that kind of culture isn’t built overnight. It requires leadership, communication, and a consistent message that ethics are part of how the business runs.

In regulated environments like gaming, where reputational and compliance risks are high, building an ethical foundation can offer both protection and a strategic advantage.

It Starts with Awareness

Employees don’t always recognize how certain actions — like offering excessive comps, skipping documentation, or bypassing approval workflows — can trigger risk. Regular, practical training helps close that gap.

Effective ethics training should be more than a once-a-year checkbox. It should reflect real-world scenarios and encourage open dialogue. Share anonymized examples of past issues, explore how breakdowns happen, and help staff understand their role in upholding financial integrity.

How leadership responds when someone raises a concern often sends the clearest message about what your organization values.

Leadership Shapes Culture

Ethics must be proven — not just stated. When senior leaders model accountability, ethical behavior becomes the standard across the organization.

This includes how issues are addressed, how support is shown for audit and compliance teams, and how ethics are reflected in performance discussions. When integrity is embedded in daily decisions, it helps foster consistency across departments.

Aligning Controls with Culture

While internal controls are essential — segregation of duties, dual approvals, surprise audits — they’re most effective when backed by a culture that supports their purpose.

For instance, employees are more likely to follow promotion approval processes when they understand why the rules exist. Controls are embraced, not resisted, when they’re reinforced by open communication and consistent expectations.

A culture that values transparency doesn’t cut fraud risk, but it creates an environment where controls are more likely to succeed.

A Real-World Perspective

One gaming organization created quarterly “Fraud Awareness Spotlights” using anonymized case studies to highlight areas where controls had been bypassed. These discussions opened space for employees to ask questions, learn from past missteps, and better understand their role in prevention.

Over time, the organization saw an increase in early reporting of process issues — helping management act before small problems escalated.

This wasn’t about policing behavior; it was about creating shared ownership over risk.

Sustaining the Effort

Building a culture of ethics is not a one-time initiative. It requires ongoing reinforcement through regular training, consistent communication, and support from leadership at all levels.

At MGO, we help casinos and Tribal gaming organizations develop fraud prevention strategies that reflect your unique culture and operational structure. Whether you’re refining reporting channels, enhancing staff education, or aligning audit procedures with your values, our team can help you build a stronger, more resilient organization.

The post Build a Culture of Ethics to Prevent Casino Fraud appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• As a board director, you should align your internal audit with board goals by clarifying purpose, mandate, and adherence to IIA Global Standards for stronger governance and oversight. 

• Risk-based internal audit planning is key to helping boards address strategy, emerging threats, and resource gaps in a dynamic business environment. 

• Strong board oversight improves internal audit performance, enhances resource readiness, and supports the use of AI and data analytics. 

—

In today’s rapidly evolving business landscape, the internal audit (IA) function’s role has become more valuable in helping organizations create and sustain long-term shareholder value. IA provides objective assurance, advice, insight, and foresight leveraging a risk-based approach. Board oversight and support of the internal audit function is essential to its effectiveness. Listing standards and more recently, the update Global Internal Audit Standards™ issued by The Institute of Internal Auditors (IIA) provide a principles-based framework for the board to oversee the IA function and its performance.   

Below are some essential questions that boards of directors should consider in their oversight of the IA function: 

Are the board and internal audit aligned on purpose, mandate, expectations, roles, and responsibilities?  

• Has the IA charter been authorized by the board, and is it aligned with the new global standards?  

• What is the IA mandate, and was it created, updated, and authorized in collaboration with stakeholders such as external auditors, management, and the board? 

• Are roles, responsibilities, and expectations for IA, board, and management clearly defined in a charter including the scope and types of IA services to be provided? 

• What is the process and frequency of updating the IA charter and/or mandate due to circumstances such as organizational changes, new laws and regulations, acquisitions, significant changes to strategy or risk profile, etc.?  

• Is IA organizationally independent and free from management influence (e.g., reporting directly to the board, positioned at an appropriate level of the organization, etc.)? 

Are the board, internal audit, and management aligned on strategy and risk priorities? 

• How does the IA function determine that its annual plan and performance objectives align with the overall strategy, risks, and objectives of the organization? Were efforts made to collaborate with the board, management, external auditors, and others, as appropriate? 

• Does the CAE demonstrate a clear understanding and maturity of the organization’s governance, risk management, and control processes?  

• Has IA’s risk assessment process identified and assessed both the likelihood and potential impact of various risks to the organization? 

• How does the IA function identify and evaluate internal controls for adequacy in reducing risk?  

• How do the CAE and IA function consider risks of fraud in its risk assessment and audit plan? 

• What risks are not included in the IA plan and why?  

• What risk areas would be added to the plan if additional resources were available? 

• What is the process and cadence for updating the internal audit plan for newly identified areas of risk?  

• Does IA communicate timely with both management and the board about noted governance, risk, control, and/or compliance deficiencies resulting from its testing of processes, procedures, and controls? What is management’s remediation plan to address deficiencies and improvement opportunities identified by IA? Who is included in remediation efforts and how are their efforts monitored to resolve findings promptly? 

How is quality assurance and performance being monitored and evaluated? 

• What monitoring and evaluation techniques are being used by the board to help ensure  IA is fulfilling its mandate and performance objectives including conforming to standards, laws, and regulations? 

• Does IA conduct annual assessments of its own quality and effectiveness through both ongoing internal monitoring and periodic self-assessments? 

• Has the CAE established a Quality Assurance and Improvement Program (QAIP) to evaluate and work to ensure   IA conforms to the IIA Global Internal Audit Standards™, meets performance goals, and strives for continuous improvement? What are the results of the most recent internal quality assessment? Who performed the assessment? How is the board overseeing an action plan to address instances of nonconformance with standards or opportunities for improvement? 

• When was the last external quality assessment performed? Was it performed by a qualified independent assessor or team? 

• What is IA’s remediation plan to address identified deficiencies and opportunities for improvement, and how is the board tracking progress against that plan? 

Does the IA team have the necessary resources and expertise to fulfill its current responsibilities and evolving needs? 

• Has the board approved the CAE’s roles and responsibilities and identified necessary qualifications, experience, and competencies to conduct the identified roles and responsibilities in alignment with the requirements included in the IIA Global Internal Audit Standards™?  

• Has the board evaluated the CAE’s performance and approved the CAE’s compensation? 

• When were IA job descriptions last reviewed, and do they align with the evolving team’s expectations in terms of responsibilities, requirements, skills, and experiences? 

• What additional professionals, skills, experiences, and capabilities does the CAE need to fulfill the IA mandate and plan? Does IA have the ability to attract and retain qualified professionals? 

• Does IA have the necessary technology and technical skillsets to keep up with the rapid changes in the business and industry? 

• How does IA utilize advanced tools and technologies (e.g., automation, data analytics, AI) to enhance its efficiency and effectiveness while mitigating risks associated with adoption of new technologies? 

• What continuing education, training, and upskilling opportunities are being provided to the IA staff? 

• Does the CAE and IA staff reference the International Professional Practices Framework (IPPF) in conducting their audit work?  

• How does the CAE oversee and evaluate IA staff to determine adherence to the IIA’s Global Internal Audit Standards™ and Code of Ethics and alignment with IA plan and mandate? 

• Does the board support adequate funding of the IA function for the successful implementation of the audit strategy and achievement of audit plan objectives? 

• Does the board support IA’s adoption and use of technology to enhance efficiency and effectiveness of processes and procedures (e.g., tools for automation, data analytics, and use of AI, etc.)? Does the board, management and IA understand the risks of utilizing these tools and have safeguards in place to mitigate these risks? 

• Does IA have the necessary technology and technical skillsets to keep up with the rapid changes in the business and industry? 

• How does IA utilize advanced tools and technologies (e.g., automation, data analytics, AI) to enhance its efficiency and effectiveness while mitigating risks associated with adoption of new technologies? 

What is being done to ensure the board and senior management support and collaborate with IA? 

• What is being done to cultivate an inclusive and supportive culture within the IA team, and in interactions with the board and management? 

• What actions has the board taken to champion the IA function and its value? 

• What are the criteria and processes for determining which issues should be escalated to the board for discussion? 

• Does the board have a regular cadence of meetings with the CAE and/or IA, and on occasion are these meetings without management present? 

• Were there any disagreements with management or instances where IA access to information was restricted?   

Board oversight of the internal audit quality structure and function helps protect the integrity of operations and related financial reporting.  

Written by Amy Rojik, Rachel Moran and Lee Sentnor. Copyright © 2025 BDO USA, P.C. All rights reserved. www.bdo.com 

Modern Governance Requires Modern Internal Audit Support, and MGO Can Help  

At MGO, we help middle-market organizations and their boards embrace proactive oversight through robust internal audit programs. Our professionals bring deep experience across regulated industries — like healthcare, life sciences, technology, and entertainment — to make sure your internal audit function is not only compliant but strategic. From outsourced and co-sourced internal audit services to audit readiness, risk advisory, and performance enhancement, we empower boards and executives to confidently navigate risk, optimize governance, and drive long-term value. Contact us to learn more.  

The post Internal Audit: Essential Questions for Board Directors in their Oversight Role  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Use data analytics to detect fraud in casino financial statements and vendor activity.

• Spot hidden red flags with tools like Benford analysis and journal entry testing.

• Build dashboards and set alerts to flag anomalies in high-risk areas.

—

Your casino or Tribal gaming organization faces constant financial pressure and compliance scrutiny. High-volume transactions, cash-based operations, and complex vendor relationships create ideal conditions for fraud — if it goes unchecked.

Traditional internal controls are no longer enough on their own. That’s why forward-thinking casinos are turning to data analytics to proactively detect financial irregularities, uncover operational blind spots, and reduce risk.

In this article, you’ll learn how your finance and audit teams can use tools like Benford analysis, journal entry testing, and slot performance analytics to gain clearer insight — and act when something doesn’t look right.

Why Financial Data Alone Isn’t Enough

Your casino’s financial statements provide a snapshot of performance. But they don’t always tell the whole story.

Instead of asking “is everything fine?”, financial analytics help you ask smarter questions — like:

• Why are receivables up 400% while gaming revenue dropped?

• Why did journal entries spike in Q1?

• Why are comps and promotional expenses outpacing budget?

The right data tools turn your financials into an early warning system for fraud and operational risk.

3 Areas Where Casino Analytics Make a Difference

Using data analytics in these key areas can help you uncover irregularities early and strengthen your financial controls:

1. Detect Suspicious Patterns with Benford Analysis

Benford’s Law shows that, in most naturally occurring number sets, digits starting with 1 appear more often than those starting with 9. Large deviations from this pattern in financial data may suggest fraud or manipulation.

Example: Run a Benford test on journal entries or vendor payments. Unusual digit distributions could flag fabricated or split transactions.

2. Monitor Journal Entries for Irregularities

Journal entries are a high-risk area for fraud — especially if they’re created by the same individual who approves or posts them.

Analytics can flag entries that are:

• Made outside of normal hours

• Missing proper descriptions

• Entered by users with unusual access

• Used to override other controls

This type of testing goes beyond compliance — it helps you build trust in your financial reporting.

3. Analyze Vendor and Slot Floor Performance

Slot machines are central to your revenue but also represent risk, especially when dealing with third-party vendors.

Use data analytics to:

• Compare performance by machine and by vendor

• Flag machines that consistently underperform

• Match billing and lease activity against actual machine use

You can also cross-check vendor selection policies against performance and billing trends to uncover any potential fraud or favoritism.

Building an Analytics-Driven Risk Culture

Your organization doesn’t need a full data science department to begin using analytics effectively.

Here’s how to get started:

• Step 1: Identify two or three high-risk areas (e.g., cash deposits, comps, vendor payments)

• Step 2: Work with advisors to build dashboards or automated reports

• Step 3: Set thresholds to trigger reviews when anomalies occur

• Step 4: Train your team to interpret and act on the data

A proactive approach sends a clear message: your organization takes transparency seriously.

Real-World Example: Uncovering Promo Expense Irregularities

A gaming organization showed an unusual increase in “Other” expenses within its profit and loss statement.

Using data analytics, the finance team discovered that several high-value promotional packages had been processed outside of the standard approval workflows. Further investigation confirmed these were unauthorized comps tied to external parties.

As a result, the organization implemented stronger approval protocols and integrated real-time analytics into its oversight process to prevent future occurrences.

Strengthen Casino Oversight with MGO

We support Tribal and commercial casino operators in protecting financial integrity and achieving long-term success. Our team brings deep industry ability and delivers practical solutions tailored to the unique challenges of gaming organizations.

We help detect and prevent fraud through:

• Internal audit and fraud risk assessments

• Data analytics for financial and operational testing

• Forensic accounting and investigations

• Advisory support for vendor oversight, comps, and promotional controls

MGO works directly with CFOs, internal audit teams, and Tribal councils to design cost-effective, scalable strategies that deliver greater clarity, control, and confidence across financial operations.

Reach out to our team today to learn how we can help protect the financial integrity of your operation.

The post How Data Analytics Protects Your Casino From Fraud appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Many state and local governments still approach internal audit risk assessments with a narrow, accounting and/or compliance-focused lens — leaving them vulnerable to emerging threats like cybersecurity, digital disruption, and workforce challenges. 

• A modern risk assessment should go beyond finance to cover a broad range of risks, combining data, executive and senior management input, and informed judgment to build a clear, actionable audit plan. 

• By rethinking how you assess risk, you can turn internal audit into a strategic driver of resilience, accountability, and long-term success for your government. 

— 

State and local governments navigate a complex web of service delivery, public accountability, and financial obligations. This operating environment can be strengthened through the second and third lines of defense, including internal audit. However, many internal audit functions still focus narrowly — concentrating on accounting and compliance. That limited view might leave you vulnerable to the most disruptive risks ahead. 

Cybersecurity threats. Human capital issues. Fraud, waste, and abuse. Business continuity and service delivery continuity. Digital transformation. These are no longer hypothetical concerns — they’re realities shaping how governments operate. To truly safeguard your organization, it’s time to broaden your risk horizon and rethink how you approach internal audit risk assessments. 

Why a Broader View of Risk Matters Now

Internal audit plays a critical role in identifying where your organization is vulnerable and where it’s thriving. But too often, risk assessments are rooted in yesterday’s threats. The Institute of Internal Auditors’ “Risk in Focus” report paints a clear picture: the top risks projected by 2028 aren’t limited to financial reporting or policy compliance — they include cybersecurity, digital disruption, regulatory change, human capital, business continuity, and market changes. 

If your current risk assessment process is overlooking areas like technology implementations, talent shortages, or reputational threats, you’re not getting the full picture. And that means your audit plan may be missing the very areas that need your attention most. 

What Makes a Strong Risk Assessment?

At its core, a good risk assessment involves more than ticking boxes. It should be dynamic, forward-looking, and grounded in both data and professional judgment. Here’s how to rethink your approach:

1. Understand Your Risk Universe

Your risk universe should go beyond accounting and finance. A strong assessment covers a broad landscape of risk categories, including:

• Operational
• Technology and cyber
• Strategic
• Compliance
• Human capital
• Reputation
• Fraud
• Public services
• Governance
• Safety

These areas are just as critical as your accounting and finance-related risks. The key is to build an audit universe that reflects your organization’s full risk profile — from billing errors in your tax collection system to gaps in emergency preparedness.

2. Build Your Audit Universe with Intention

Your risk assessment process should start with understanding your organization inside and out. That means: 

• Reviewing org charts, budgets, and annual financial reports 

• Conducting surveys and interviews with key stakeholders 

• Documenting key functions, strategic initiatives, and capital projects 

The goal is to build a living document — an audit universe — that’s functional, relevant, and tied to your organization and risk landscape. 

For example, when assessing information technology-related risks, traditional areas of focus might include IT general controls (such as access controls), cybersecurity, and IT governance. By broadening the risk universe, you might also include department and functional-level risks (such as technology risks specific to an airport or police/sheriff department), IT strategy, large IT system selection and implementation efforts, data privacy, artificial intelligence, third-party risk management, and more. 

3. Address What You Might Be Missing

Even strong internal audit teams can fall into patterns. But in our experience working with government clients, we’re seeing a few risk areas consistently overlooked: 

• Digital disruption and AI: Are you ready for rapid changes in tech? 

• Human capital and organizational culture: Do you have the talent to run the organization today and into the future? 

• Business continuity: Do you have a plan and has it been tested? 

• Strategic planning: Are day-to-day actions and decision making tied to long-term goals? 

• Capital projects: Are you managing large-scale efforts with adequate oversight? 

Take time during your assessment process to scan for these gaps. Addressing them now could help you prevent a costly surprise later. 

4. Make It Both Art and Science

Risk assessment isn’t just about crunching numbers — it’s a balance between structured scoring and informed judgment.

Use both quantitative (e.g., likelihood and impact scales from 1–10) and qualitative (e.g., low/moderate/high risk) methods to rate risks. The resulting score (likelihood x impact) gives you a sense of where to focus.

But remember, numbers alone won’t tell the full story. Talk to department heads. Ask about upcoming initiatives, funding concerns, and staffing realities. The insights you gather will shape a more accurate, actionable audit plan. 

Assessing and scoring risk is key to identifying how internal audit can add value.

5. Use Risk Assessment to Drive Action

A risk assessment isn’t just a list. It’s a tool to drive internal audit strategy.

Once your risks are scored and prioritized, use the data to create a risk-based audit plan. This should guide your audit activities for the year, aligning internal audit efforts with your organization’s top priorities.

Risk Management Is Everyone’s Business

Risk isn’t something internal audit owns alone. It’s shared across departments, leadership teams, and service areas. By broadening your perspective and harmonizing your risk-related activities — whether it’s internal audit, enterprise risk management, or strategic planning — you build a stronger, more resilient government.

Risk will never disappear. But with a clear view of the landscape and a strong internal audit foundation, you can face the future with confidence.

How MGO Can Help

Our dedicated State and Local Government team is here to help you take a broader, more strategic approach to risk. From internal audit services and internal controls evaluations to IT risk and cybersecurity assessments, we offer tailored solutions to assess performance, identify gaps, and benchmark against best practices.  

Reach out to our team today to find out how we can help you strengthen resilience, improve accountability, and prepare for what’s next. 

The post How to Build a Broader Risk View for Your Government appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• In times of uncertainty, strong compliance practices provide structure, mitigate risk, and improve your decision-making efficiency.  

• Executives should reinforce ethical behavior through clear communication, proactive risk assessment, and non-retaliatory reporting mechanisms.  

• While regulatory enforcement fluctuates, maintaining compliance safeguards your business against legal risks and enhances operational effectiveness.  

—

In today’s ever-changing business environment, uncertainty and lack of predictability have become constants, posing significant challenges for organizations worldwide. For Chief Compliance Officers, this unpredictability translates into increased inefficiency and discomfort, as the future remains uncertain. Against this backdrop, some companies might be tempted to reduce their focus on and investment in compliance and business integrity, viewing it as an opportunity to cut costs. However, operating in compliance and with business integrity is crucial, especially during times of adversity like these. 

The Essential Questions for Compliance Leaders 

Despite the ongoing changes and uncertainties, organizations continue to rely on their compliance leaders to address five key questions: 

1. What are our most significant compliance risks? 

2. Who owns them? 

3. What are they doing to manage the risks? 

4. Is it working? 

5. How do we know? 

Compliance and business integrity can serve as stabilizing forces for companies and employees during uncertain times. They reinforce clear expectations for employees to act ethically, raise questions, and report concerns. Moreover, they enable companies to evaluate and adjust their risk appetite, leading to fewer mistakes and better, more efficient business decision-making. 

Strategies for Companies Facing Compliance Challenges 

In times of adversity, whether facing a change in the regulatory environment or dealing with an economic downturn, the tone at the top is especially important. Communications from executives and compliance leaders should emphasize that, despite external challenges, the organization’s commitment to compliance and business integrity remains unwavering. These messages can be integrated into existing communication channels, such as town halls, staff meetings, and compliance newsletters. 

Employees are paying attention to leadership’s actions and words. It’s crucial to reinforce your organization’s internal mechanisms for raising compliance questions and reporting concerns. When questions and concerns are raised, make sure they are addressed as part of the overall investigations process, demonstrating seriousness, confidentiality, and appropriate action when allegations of non-compliance are substantiated. Partnering with Human Resources to prevent retaliation for raising compliance concerns in good faith is also vital. 

However uncomfortable it may be, adversity always presents opportunities. The key is to seek it out and to find it. Consider leveraging your compliance risk assessment process or other risk assessment processes (e.g., ERM, internal audit) to uncover opportunities and to identify new or emerging risks, allocate resources efficiently, evaluate control effectiveness, and reassess the organization’s risk appetite. 

Preparing for the Future 

Regulatory enforcement varies with changes in the law and leadership. If an organization is in a lenient regulatory environment today, the pendulum will eventually swing back to a more strict one. Companies engaging in misconduct may not face immediate consequences, but statutes of limitations are long, and whistleblower protections are robust. In the meantime, compliance leaders may be challenged to justify the allocation of resources to the compliance function and program. Compliance leaders must be prepared to demonstrate the return on investment – that is, both the avoidance of fines, penalties and other negative consequences that can result from non-compliance, and the role compliance plays in helping the business run better and more efficiently. Your existing reporting channels – to management, to the Audit Committee and to employees – provide opportunities to demonstrate that return on investment, justify resource allocation, ensuring reporting is concise, relevant, and demonstrates compliance’s value. Sharing stories where compliance involvement led to better business decisions, such as new product development, geographic expansion, or acquisitions, can be compelling. 

Reevaluating metrics and measures of effectiveness, sharpening the message they convey, and leveraging data analytics can further enhance the ability to demonstrate the internal rate of return on compliance investments. 

How MGO Can Help 

At MGO, we understand the immense pressure compliance leaders face in navigating today’s dynamic regulatory landscape. Our team of professionals partners with organizations to build, evaluate, and strengthen your compliance programs so they not only meet regulatory requirements but also add measurable business value. We help you identify and manage key risks, assess the effectiveness of your controls and establish meaningful metrics that resonate with executive leadership. Contact us to learn how we can help your business turn compliance into a source of resilience, efficiency, and competitive advantage.  

Written by Jack Holleran. Copyright © 2025 BDO USA, P.C. All rights reserved. www.bdo.com 

The post Why Compliance and Business Integrity Matter – Now More Than Ever  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• New digital tools improve casino operations but introduce new fraud exposure points. 

• Cross-functional coordination is critical to detect overrides, unauthorized access, and system anomalies. 

• Updating fraud prevention strategies to reflect evolving technology improves visibility and oversight.

—

As your casino or Tribal gaming operation invests in digital transformation — from mobile payments to cloud-based financial systems — you’re unlocking new efficiencies. But you’re also exposing your organization to new types of risk. Fraud today looks different than it did even five years ago, and traditional controls aren’t always equipped to catch red flags embedded in digital workflows. 

More than ever, your casino leadership must rethink fraud detection in terms of system access, data integrity, and cross-platform monitoring. 

When Convenience Outpaces Control

The adoption of integrated rewards systems, digital comp tracking, and automated accounting platforms has brought greater efficiency to casino operations. But as convenience increases, so do the opportunities for fraud and internal misuse — especially if controls aren’t updated alongside the technology.

In some cases, unrestricted journal entry access can allow users with elevated permissions to override approval processes without oversight. In others, digitally approved promotional expenses may be manipulated through incorrect coding or bypassed policies, making fraudulent transactions harder to detect in real time.

These risks tend to surface when technology adoption outpaces internal control updates. Without exception reporting or regular review, irregular transactions — such as off-hour entries or high-dollar adjustments — can slip through unnoticed, potentially changing both financial reporting and organizational reputation. 

Why System-Based Controls Need Cross-Team Support 

Preventing fraud in digital environments requires a coordinated effort between finance, audit, and IT — not just stronger passwords or patch management.

When your internal audit, finance, and IT teams coordinate regularly, you can reduce silos and spot digital anomalies faster. This includes mapping user roles, restricting elevated access, reconciling data across systems, and reviewing logs for overrides — all activities that help close gaps created by modern, interconnected platforms.

This kind of shared responsibility is critical in Tribal casino operations where oversight is often split between departments or governing bodies.

Adapting Your Internal Audit Program 

Firms experienced in gaming advisory — like those specializing in internal audit and IT risk integration — play a vital role in helping Tribal operations scale fraud controls alongside technology adoption. This often includes:

• Performing IT-focused fraud risk assessments 

• Designing exception reporting dashboards

• Finding high-risk transactions through digital ledger analysis

Casino operators receive help from outside perspectives that understand the intersection of financial systems, emerging risks, and the regulatory nuances unique to Tribal enterprises.

Real-World Scenario: Data-Driven Comp Abuse

In one Tribal casino, a digital comp tracking system was introduced to streamline promotional offerings. Over time, an employee issued an unusually high volume of comps without proper approval, and the system lacked real-time alerts to flag the activity. 

It wasn’t until audit staff reviewed system log data and conducted a frequency analysis of comp values that the pattern was found. Audit teams compared issuance trends over time, finding outliers tied to a single user account. The irregularities stood out against typical issuance behavior, prompting the team to implement new alert thresholds and tighten user access controls. 

Preparing for the Future 

Digital tools offer tremendous operational advantages — but only if they’re matched with adaptive fraud prevention strategies. The most effective casino operations regularly review system permissions, update audit procedures, and involve external specialists to assess risk holistically.

Firms like MGO, with experience in both internal audit and gaming operations, can provide valuable perspective by showing you gaps in digital controls, designing analytics-based testing procedures, and aligning your technology stack with evolving compliance requirements. This collaborative approach can help your casino not only stay ahead of fraud risks — but also strengthen financial resilience in a tech-driven environment.

Explore MGO’s casino risk advisory services → mgocpa.com/solution-industry/tribal-nations-and-gaming

The post How Technology Is Changing Your Casino Fraud Risks appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Strengthening casino vendor oversight with due diligence and clear contracts helps reduce the risk of billing errors and fraud.

• Comparing vendor performance and financial data over time can reveal patterns of overbilling or potential collusion.

• Implementing formal procurement policies and periodic vendor audits improves transparency and protects casino operations from third-party risk.

 —

Casino operations rely on a web of third-party vendors: gaming equipment providers, maintenance companies, information technology (IT) vendors, food and beverage suppliers, and more. These relationships are critical — but also a potential source of financial risk and fraud.

Without proper oversight, casinos may face overbilling, favoritism, or even collusion between employees and vendors. Strong third-party risk management supports vendor relationships that are transparent, fair, and aligned with your operational goals.

Where Vendor Risk Starts

Risks often originate in the procurement process — during bidding, vendor selection, or contract negotiation. If policies are vague or inconsistently enforced, it becomes easier for fraud to go undetected.

Common issues include:

• Inflated or duplicate invoices

• Vendors repeatedly selected without competitive bidding

• Undisclosed relationships between staff and vendors

• Lack of performance reviews tied to contract renewal

Implementing Due Diligence

A strong vendor risk management program begins with how vendors are evaluated and brought into your casino operation. Strengthening this onboarding process means looking beyond just pricing or convenience — it involves examining each vendor’s qualifications, background, and long-term fit.

Start with foundational due diligence: verify business licensing, confirm current insurance coverage, and review the vendor’s performance history. These steps are particularly important when working with slot machine suppliers, IT service providers, or contractors who will interact with sensitive systems or customer environments.

Establishing a clear and consistent selection process helps reduce subjectivity and increase transparency. Formalizing your RFP approach, using documented scoring criteria, and involving multiple departments in vendor decisions can help your organization minimize bias, compare proposals fairly, and keep a well-documented trail of how and why each vendor was chosen.

Due diligence isn’t just about checking boxes — it’s about laying the groundwork for secure, compliant, and productive vendor relationships.

Monitoring Performance and Billing Trends

Ongoing oversight is just as important as front-end screening. Use internal data analytics to compare:

• Vendor performance versus floor output (e.g., slot machine efficiency)

• Billing trends over time by vendor

• Purchase patterns by department or employee

• Any anomalies — such as consistently underperforming vendors who continue to receive high billing — may call for closer review

Reinforcing Accountability Through Segregation of Duties

One of the most effective ways to reduce vendor-related risk is through thoughtful segregation of duties. When a single individual has control over multiple steps in the procurement process — such as selecting vendors, approving invoices, and managing reconciliations — it becomes easier for mistakes or misconduct to go unnoticed.

Strengthening internal controls in these areas supports better oversight and creates natural checkpoints within your vendor lifecycle. For higher-risk areas, implementing dual-approval workflows for vendor payments can provide an added layer of review. Placing defined limits on discretionary spending, along with routine, independent reviews of vendor contract, helps reduce the potential for conflicts of interest or control gaps.

While these protocols support compliance, they also reflect a broader commitment to operational integrity. By building transparency into day-to-day workflows, your organization sends a clear message that accountability matters at every level.

A Real-World Scenario 

One casino discovered a long-standing vendor relationship that had never been competitively reviewed. Slot machine lease terms were uncoordinated with floor performance, and billing anomalies had gone undetected for years.

After a targeted vendor audit and analysis of machine revenue, the casino renegotiated terms and implemented stricter selection policies — saving hundreds of thousands annually.

Supporting Better Oversight

At MGO, we help casinos and gaming operators strengthen their third-party risk frameworks through internal audits, analytics, and policy advisory. From vendor selection to billing review, we support your team with objective insight and scalable solutions. Contact us today to learn how we can help your business better manage risk.

The post How to Manage Vendor Risk in Casino Operations appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• A well-constructed, collaborative compliance program can enhance your business strategy, strengthen overall ethical culture, and protect against costly regulatory risks.

• When you embed compliance functions within business units, you build trust, accountability, and alignment with your broader organizational goals.

• Proactive leadership and strategic investment in compliance talent are essential for staying agile and resilient in a regulatory environment that changes.

—

The corporate regulatory landscape is constantly evolving, influenced by changes in government, economic conditions, and societal expectations. Recent years have seen increased stakeholder focus on corporate accountability, transparency, and ethics — placing greater emphasis on the role of compliance programs.  

Compliance programs serve as the backbone of corporate integrity, supporting essential efforts such as risk management, legal adherence, and ethical decision making. Without an adequately supported compliance program, companies could open themselves up to pitfalls like additional costs, loss of stakeholder trust, and slowed decision making. 

Considering these risks, companies must not treat compliance as a passive endeavor. Structuring an effective compliance program requires a nuanced understanding of the various roles, responsibilities, and relationships across an organization. It demands collaboration between multiple functions, each contributing its knowledge in service of comprehensive risk management and adherence to legal and ethical standards. 

This insight explores core principles and best practices that business leaders can follow to build and maintain a robust compliance program within their organization. 

Trust and Relationships 

Trust, both internal and external, is a fundamental component of effective compliance programs. Placing compliance officers within individual business units allows them to build strong relationships with key stakeholders. These officers can participate in regular meetings and provide strategic advice, integrating ethical considerations into everyday decision making and establishing compliance as a value-generating asset, rather than a bureaucratic burden. 

But the importance of trust extends beyond internal relationships. A strong compliance program can help emphasize ethical and transparent practices, increasing trust and enhancing the company’s reputation in the eyes of the public and capital markets. A trustworthy reputation can function as a critical draw for external investors and can positively influence the company share price. 

Structuring Compliance for Strategic Advantage 

Embedding compliance responsibilities into profit centers, such as sales or product divisions — rather than relegating the compliance program to a separate cost center — can help enforce accountability and align compliance efforts with business objectives. For instance, transferring responsibility for compliance with sales practices and anti-bribery regulations to a sales division can help integrate compliance into revenue-generating activities. This approach not only aligns compliance with business objectives but also fosters a culture of accountability, as the division directly benefits from maintaining ethical sales practices and avoiding regulatory penalties. 

Common Compliance Responsibilities Across Functions 

1. Ethics & Compliance Function 

• Ethical Standards and Code of Conduct: Develops and enforces the organization’s code of conduct and ethical guidelines, conducting training and awareness programs. 

• Anti-Bribery and Corruption: Implements policies to prevent bribery and corruption, ensuring compliance with laws like the FCPA. 

• Internal Investigations: Conducts investigations into potential violations of laws, regulations, or company policies. 

• Risk Management: Identifies and assesses compliance risks related to ethics and integrity, developing strategies to mitigate these risks. 

2. Regulatory Compliance Function  

(in industries like financial services, healthcare, and pharmaceuticals): 

• Industry-Specific Regulations: Manages compliance with regulations such as FDA or HIPAA, focusing on regulatory reporting and audits. 

• Regulatory Relationships: Maintains direct relationships with regulatory bodies to stay informed about changes and expectations. 

3. Data Privacy and Protection 

• Chief Privacy Officer: Ensures compliance with data protection laws like GDPR and CCPA, focusing on data privacy strategies and risk management. 

4. Internal Audit Function (Chief Audit Executive) 

• Comprehensive Audits: Conducts audits across the organization to assess the effectiveness of internal controls, risk management processes, and governance practices. 

• Collaboration: Works with the Ethics & Compliance department to ensure compliance risks are addressed in the audit plan. 

5. Other Functions 

• Finance/Internal Audit: Manages compliance with financial regulations such as Sarbanes-Oxley (SOX). 

• Health and Safety: Ensures compliance with occupational health and safety regulations. 

• Human Resources: Focuses on compliance with employment laws and regulations. 

• Information Security: Ensures compliance with cybersecurity standards and protects company data.

Pros and Cons of Different Compliance Structures 

Different organizations may elect to adopt various structures for their compliance programs, each with its own set of advantages and challenges. A centralized compliance function can support greater consistency and control, but integrating compliance into profit centers allows for greater alignment with business goals and responsiveness to market demands. Understanding an organization’s unique needs and goals is key to determining the most effective compliance structure. 

By clearly defining roles and responsibilities across functions, organizations can create a cohesive compliance strategy that leverages the strengths of each department. This collaborative approach makes compliance both a protective measure and a strategic advantage that supports the organization’s overall objectives. 

Navigating Change 

As administrations change and regulatory focus shifts over time, some business leaders may seek to deprioritize compliance. CCOs must remain vigilant and proactive, and work to ensure that compliance remains a competitive advantage. Taking a strategic approach — focusing on predicting, protecting, and enabling — can empower CCOs to adapt their programs and highlight the enduring role of compliance in delivering business impact. 

Proactive Adaptation 

To effectively navigate regulatory changes, CCOs must stay informed about potential shifts, regularly engage with industry peers, and leverage data to anticipate and respond to changes. By adopting a forward-thinking mindset, compliance programs can remain agile and responsive. In instances where CCOs face a need to justify why compliance should remain a priority, they should consider pointing to outcomes from investigations at similar companies. Cases where a weak compliance program was a root cause of misconduct can help illustrate the risks and demonstrate the value of internal efforts in preventing similarly costly breaches. 

Just as domestic policy changes impact compliance efforts, globalization has also added complexity to the regulatory landscape. Organizations with a multinational footprint need to navigate myriad international laws and standards, some of which may even overlap or conflict. CCOs must stay attuned to these global dynamics and ensure that their compliance programs are equipped to handle cross-border challenges. 

A Culture of Compliance 

A strong compliance culture — an environment where ethical behavior is valued and rewarded — can be a powerful bulwark against new complexities or challenges. When compliance is integrated into the fabric of the business, individual employees will be better able to make decisions that are consistent with established ethical and legal frameworks and will feel more enabled to speak up if they become aware of actions that place the business at risk. 

But creating a culture of compliance requires a concerted effort and investment from CCOs, business leaders, and compliance officers across the organization. For a compliance program to truly impact culture, it must go beyond monitoring and advice to offer ongoing training, clear communications, and an exemplified commitment to ethical leadership. 

Elevating Compliance as a Career Path 

Even the most well-structured compliance framework is powerless without teams to communicate and enforce its standards. But compliance work is often perceived as less glamorous compared to other business careers, and leaders may find it hard to attract or retain employees. To elevate compliance as a desirable career path, organizations should aim to reposition it as a dynamic field at the intersection of regulatory regimes and technological change. 

Attracting Early-Career Professionals 

To appeal to early-career professionals, leaders can emphasize the meaningful work of compliance teams, such as combating financial crime and terrorism. Highlighting the core values of integrity and corporate responsibility can resonate with younger generations, who often prioritize purpose-driven careers. Offering other benefits like job flexibility and emphasizing the compliance function’s role in protecting consumers and investors can also help set compliance apart and make it more appealing. 

The Role of Leadership 

No matter the approach, leadership plays a crucial role in changing perceptions around compliance. The tone from the top must reflect the importance of compliance as a central and respected part of the organization. By treating compliance as a vocation and emphasizing its strategic importance, companies can better attract and retain talent in this critical field. 

Ongoing Compliance 

Even as the regulatory landscape continues to evolve, compliance will remain a core strategic asset for any business, helping to guard against risks and cultivate trust. That trust is a foundational element that supports a company’s long-term success and sustainability. It influences customer behavior, investor decisions, talent attraction and retention, regulatory interactions, and overall market perception. But given compliance’s critical importance, leaders looking to assess or augment their compliance programs may find it difficult to know where to start. 

No matter its maturity level, BDO’s professionals can assist in strengthening your organization’s compliance program. Our knowledgeable teams can help you conduct a comprehensive assessment of your compliance program and related policies, procedures, and systems to identify gaps, craft strategies for improvement, and help monitor the program on an ongoing basis. 

How MGO Can Help 

At MGO, we know that a robust compliance program is more than a regulatory requirement. It’s a strategic asset that can help you foster trust, as well as enhance your decision-making and protect your business from risk. Whether your organization is building a program from the ground up or seeking to refine your existing practices, our experienced team can provide you with tailored assessments, practical recommendations, and ongoing monitoring support. Contact us to learn how we can assist you in doing everything from navigating complex industry regulations to embedding compliance into the fabric of your company culture.  

Written by Kenneth Koch and Phillip Ostwalt. Copyright © 2025 BDO USA, P.C. All rights reserved. www.bdo.com 

The post Building and Maintaining a Robust Compliance Program  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• A new Accounting Standards Update requires public companies to provide more detailed expense disclosures in their financial statements.

• Implementing these changes may require modifications to the chart of accounts and adjustments to financial reporting systems.

• Companies should get a head start assessing whether current accounting systems can support the required disclosures and make necessary upgrades.

—

In response to persistent calls from investors for enhanced transparency in financial reporting, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2024-03, Income Statement – Reporting Comprehensive Income – Expense Disaggregation Disclosures (Subtopic 220-40): Disaggregation of Income Statement Expenses (DISE). This update introduces a new layer of financial statement disclosures, requiring companies to adjust how they collect and report financial data.

Subtopic 220-40’s New Disclosure Requirements

The finalized ASU requires public companies to provide additional details about specific expense categories in financial statement disclosures.

Currently, companies can consolidate several expense line items into broad categories on income statements. For example, line items like “cost of goods sold,” “cost of sales,” and “selling, general, and administrative expenses” can comprise various direct and indirect costs of producing and selling a company’s goods and services, as well as overhead and administrative costs unrelated to production and sales. This lack of transparency makes it harder for investors, lenders, and other financial statement users to assess the company’s performance.

Subtopic 220-40 requires organizations to disclose (in a tabular format) amounts recognized in each of the following relevant expense captions:

• Purchases of inventory using the expense or cost-incurred approach

• Employee compensation

• Depreciation

• Intangible asset amortization

• Depreciation, depletion, and amortization (DD&A) recognized from oil and gas-producing activities

In addition, companies must provide additional details about inventory and manufacturing expenses, including:

• Inventory purchased

• Employee compensation related to manufacturing

• Depreciation and amortization of manufacturing assets

• Costs capitalized to inventory and manufacturing expenses

• Changes in inventory balances

• Other items used to reconcile costs incurred to expenses recognized

• How the company defines “other manufacturing expenses”

Practical Implications for Public Companies

At first glance, providing more details on expenses might seem simple. However, implementing these changes can become complicated quickly. You may need to reconsider how you categorize expenses, modify your chart of accounts, and evaluate whether your financial systems can extract and present the necessary information.

Some considerations include:

• Accounting system capabilities: Your current systems may not be configured to capture expense details at the required level of granularity. Evaluate whether your general ledger software and reporting tools can generate the necessary disclosures or if they’ll need modifications.

• Adjustments to reporting packages: Review whether your existing financial reporting packages can accommodate these new requirements.

• Audit readiness: The enhanced level of detail required in financial disclosures means auditors will focus on total expense amounts and how those expenses are disaggregated. Make sure you allow enough time to align your internal reporting with the new requirements so your internal and external audits will go smoothly.

• Training and internal processes: Team members responsible for financial reporting will need training on new data collection and reporting processes.

• Industry-specific considerations: The requirements apply broadly to all public companies, but the impact varies by industry. Your company should analyze which line items are relevant to your operations and adjust reporting accordingly.

ASU 2024-03’s Scope and Effective Date

The updated requirements apply to all public companies, although some expense categories may not be relevant depending on your industry. ASU 2024-03 is effective for fiscal years beginning after December 15, 2026, and interim periods beginning after December 15, 2027. Early adoption is permitted.

Because the new disclosures are required for annual and interim reporting periods, you cannot simply address these disclosures at year-end. You need to ensure your accounting systems can support the level of detail required for these disclosures throughout the year.

Preparing for Implementation

Adapting to the new reporting standards requires advance planning and preparation. Begin by conducting a gap analysis to determine whether your current financial systems can support the new disclosures. Reach out to your IT team and other advisors as soon as possible if you need modifications to facilitate a seamless transition.

Other steps you may need to take include:

• Review the detailed FASB guidance to determine the specific disclosures required.

• Assess internal data collection processes to make sure you’re capturing all necessary expense details.

• Engage with internal and external auditors to discuss expectations and potential challenges.

• Test reporting changes in advance to identify and resolve issues before compliance deadlines.

• Monitor ongoing compliance to ensure you’re prepared to meet interim reporting obligations.

How MGO Can Help

The changes introduced by the FASB’s finalized ASU will improve financial statement transparency, but they also present challenges for companies that are unprepared. Begin your implementation efforts now with planning, system updates, training, and allowing time to make adjustments and avoid last-minute compliance struggles. By proactively addressing these changes, you can minimize disruptions and keep your financial statements clear, accurate, and compliant.

If you have questions about Subtopic 220-40, contact us today to connect with professionals who can help.

The post FASB ASU: Disaggregating Income Statement Expenses appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Governance frameworks shape government operations, providing the foundation for public trust through transparency, accountability, and engagement.
• Trust-building strategies, such as open meetings, diverse boards, and regular audits, foster stronger connections with constituents and protect public resources.
• Internal audit plays a critical role in risk management, offering insights to address issues, strengthen controls, and enhance credibility.

—

In today’s complex public sector environment, public trust isn’t just important — it’s essential for effective government. Trust is built by demonstrating accountability, compliance with policies and regulatory requirements, implementation of new initiatives, and effective service delivery to constituents.

As you work to strengthen community trust, focusing on governance, risk management, and compliance (GRC) can play a pivotal role.

Understand Your Governance Framework

As a government entity, you operate within a unique governance framework. This framework, shaped by fundamental elements like your constitution, amendments, and federal system structure, guides every aspect of your operations.

Your organization is specifically shaped by:

• Governing documents: These include your agency’s charter or legislative mandate.

• Governing bodies and committees: Boards, councils, and their committees provide oversight and strategic guidance in meetings open to the public.

• Strategic plan: Organization-wide and department-specific strategies, goals, and objectives.

• Organizational policies: Policies, such as procurement guidelines, set consistent standards for activities.

• Organizational structure: Clear chains of command, span of control, reporting lines, and definition of roles and responsibilities to drive organizational performance.

This framework isn’t just bureaucratic structure — it’s the foundation upon which public trust is built.

Building a Foundation of Trust

In our interpersonal relationships, trust is built by exhibiting certain characteristics — such as being authentic and transparent, demonstrating interest and empathy, and taking responsibility and being accountable. Trust in the public sector is built on similar pillars:

1. Transparency: Make important decision-making and strategy setting processes visible to the public.

2. Accountability: Drive positive outcomes and promptly address issues.

3. Responsiveness: Actively engage with community concerns and adapt to evolving needs.

4. Engagement: Maintain open communication with constituents.

These pillars provide a foundation for a trust-driven approach in both governance and daily interactions with citizens. Building upon this foundation, public sector entities should make efforts to build public trust through trust-building strategies such as:

• Boards and committees: Elect/appoint qualified, diverse members with relevant expertise.

• Administrative policies: Strengthen policies on procurement and budgeting to prevent resource misuse.

• Open meetings and public comments: Encourage public participation and a culture of inclusion.

• Transparency initiatives: Go beyond the basics of public records laws and make financial performance, budget decisions, and large procurement decisions in a transparent manner.

• Citizen engagement: Set up advisory committees and oversight groups to maintain open dialogue on important matters.

• Internal audits: Conduct regular audits to reinforce confidence in your organization’s accountability and fiscal responsibility.

By fostering transparency and engagement, you create a foundation of trust that supports both governance and public relations.

Leverage Internal Audit to Build Trust

Internal audit plays a critical role in sustaining public trust. By offering an independent, objective view into the operations and fiscal management of your government entity, internal audit can help you detect and address issues before they escalate. This function also demonstrates accountability and transparency, directly enhancing the credibility and trust constituents have in your government and its leaders.

To maximize the impact of your internal audit function, focus your audit team on these areas:

• Offer strategic advice: Guide the board and audit committee with insights into key risks.

• Prioritize risk assessment: Focus on areas with the highest impact.

• Tackle complex issues: Engage as an advisor in major projects and initiatives.

• Strengthen internal controls: Identify and reinforce controls to protect public resources.

• Address reputational risks: Mitigate risks that could damage public confidence.

By proactively managing these areas, your audit team can help prevent significant risks and support your government’s commitment to public service.

How MGO Can Help

Our dedicated State and Local Government team has decades of experience working alongside governments large and small. We can help you implement effective internal audit and GRC practices that build public trust and drive your mission forward. Reach out to our team today to learn more.

The post How Prioritizing GRC Builds Trust in Your Government appeared first on MGO CPA | Tax, Audit, and Consulting Services.