3141-0009 Supporting Statement 10-16-2012

3141-0009 Supporting Statement 10-16-2012.pdf

25 CFR Parts 542-543 Minimum Internal Control Standards

OMB: 3141-0009

Document [pdf]
Download: pdf | pdf
SUPPORTING STATEMENT FOR RECORDKEEPING
AND REPORTING REQUIREMENTS
25 CFR Parts 542 and 543
A. Justification
1. Explain the circumstances that make the collection of information necessary. Identify
any legal or administrative requirements that necessitate the collection. Attach a copy of
the appropriate section of each statute and regulation mandating or authorizing the
collection of information.
25 CFR § 542(c) and (d) and 25 CFR § 543.3(b) and (c)
25 CFR § 542.3(c) and 25 CFR § 543.3(b) require tribal gaming regulatory authorities to
establish and implement tribal internal control standards that provide a level of control that
equals or exceeds the applicable standards set forth in 25 CFR parts 542 and 543.
25 CFR §§ 542.3(d) and 543.3(c) require each operation to develop and implement
internal control standards that, at a minimum, comply with the tribal internal control standards
established by the tribal gaming regulatory authority.
Neither of the above regulations requires a filing of any record with the Commission.
Although the text of 25 CFR § 542.3 does not distinguish between Class II and Class III
operations, the D.C. Circuit Court of Appeals has held that the Commission has authority to
require minimum internal control standards only with regard to Class II gaming operations.
Colo. River Indian Tribes v. Nat'l Indian Gaming Comm'n (466 F.3d 134, 135 (D.C. Cir. 2006)
(CRIT). The Commission acknowledges this decision and developed part 543 which will be the
sole source for Class II gaming regulations after a transition period.
In furtherance of the Commission’s oversight responsibilities for an expanding Indian
gaming industry, it has become apparent that the industry has in many respects matured and has
become more diverse and complex.
The vitality of the industry and the confidence the gaming public places in the integrity of
play of the gaming offered is manifest by the growing patronage at tribal gaming facilities. The
economic benefit brought to tribes by gaming is evidenced by the reduction, and in some cases
elimination, of tribal unemployment on many reservations.
Effective control of all gaming revenues and gaming resources is essential to the
continued success of this industry and, to this end, all gaming operations should establish internal
controls that specify and require procedures, consistent with the accepted practices of the gaming
industry, whereby there is monitoring, documentation and accounting of all of the gaming
operations’ activities. Gauging the sufficiency of the internal controls over the play of the games
and the handling and accounting of the receipts and proceeds from the gaming, particularly for
an industry as diverse and complex as tribal gaming, has become challenging. The inherent risks

associated with cash-intensive businesses such as gaming, are significant and material.
Preventing collusion, witnessing and documenting transactions and revenue flows, limiting
access, controlling inventories, and auditing these activities are among the essential controls
designed to mitigate risk.
The need for a minimum level of internal controls, consistent with the gaming industry
overall, to apply universally throughout tribal gaming, was recognized by those within and
without the Indian gaming community. To assist the tribes in the identification and
implementation of clearly defined objective standards in which the adequacy could be effectively
measured, the Commission concluded that it is not only appropriate but necessary for it to
promulgate the subject regulations. The ultimate objective is to ensure best practices of the
gaming industry are applied to tribal gaming sufficient to provide reasonable assurance that the
games are conducted honestly and fairly, that the gaming operations are shielded from organized
crime and other corrupting influences and that the Indian tribes are the primary beneficiaries of
the gaming operations.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
25 CFR § 542.3(f) requires operations offering Class II gaming on Indian lands to engage
an independent certified public accountant (CPA) to perform “Agreed-Upon Procedures” and
verify that gaming operations have adopted and implemented minimum internal control
standards compliant with 25 CFR parts 542 and 543. A report of findings is required to be
submitted to the Commission within 120 days of the gaming operation’s fiscal year end. Gaming
operations conducting less than a $1 million in gross gaming revenue are exempt from this
requirement, but the threshold will increase to $3 million when part 543 becomes effective on
October 22, 2012. Gross gaming revenue is defined as the amount wagered, plus admission fees
to a game, less payouts.
Although the IGRA recognizes the tribes are primarily responsible for the regulation of
their respective gaming operation(s), the Commission has concurrent regulatory jurisdiction.
However, the federal oversight is not anticipated to be as intrusive or as consistent or routine as
that of the tribal gaming regulatory authorities; therefore, the Commission relies on the collection
of information and data, whether acquired directly or through indirect sources, to allocate its
resources in such manner to produce the greatest benefit to the Indian gaming industry.
Essentially, the objective is to identify gaming operations that pose an unacceptable risk of
bringing disrepute to this vulnerable industry.
Considering the unavoidable organizational weaknesses associated with the concept of
self regulation in which the tribal gaming regulatory authority and the gaming operation
ultimately report to the same governmental entity (generally a tribal council), it is important to
the effectiveness of the regulatory oversight function that an independent evaluation of the
internal control systems be periodically conducted by an external party possessing sufficient
competency to perform the review. The tribe and Commission benefit equally from the findings
produced.

2

The Agreed-Upon Procedures engagement is one in which a CPA is engaged by a tribe to
issue a report of findings based on specific procedures performed. The objective is to assist the
tribe, Commission and potentially others in evaluating the effectiveness of the internal control
systems of the gaming operation(s). The tribe assumes responsibility for the sufficiency of the
agreed-upon procedures, which are codified within the subject regulation. In this type of
engagement, the CPA does not perform an examination and does not provide an opinion or
negative assurance about compliance with the MICS. The CPA’s report is in the form of
procedures and findings.
The regulation provides guidance on the procedures to be performed. This results in
standardization of the testing, sample size, documentation and report format. Standardized
requirements ensure that all CPAs are performing the same procedures. Consequently, the
Commission is able to review the reports in a more efficient and time- saving manner without
having to adjust to a myriad of individual/firm styles. The same CPA that performs the audit of
the financial statements may also perform the agreed-upon procedures. Using the criteria
established by the regulation, the CPA must report each procedure detected that does not satisfy
the MICS. Although not required by the regulation, management is generally expected to report
to the tribe the corrective measures taken to rectify control deficiencies noted by the CPA.
Utilizing the data produced by the agreed-upon procedures reports, the Commission is
able to perform a risk analysis of the quantity and quality of the compliance exceptions noted.
Based on the accumulation of data collected from all the gaming tribes, the Commission can
more effectively allocate its resources to the neediest organizations.
2. Indicate how, by whom, and for what purposes the information is to be used. Except for
a new collection, indicate the actual use the agency has made of the information received
from the current collection.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Upon receipt of the agreed-upon procedures report, Commission personnel well versed in
casino internal control systems, as defined by long-established best practices of the gaming
industry, examine the findings from a risk perspective. Casino internal controls may be
categorized into three broad categories: (1) There are those that function as a deterrent to the
occurrence of an integrity violation; (2) those that are of an accounting or auditing nature, which
are intended to account for assets or confirm compliance with an established process; or (3) those
that govern the transfer of an asset, such as cash and cash equivalents, from the accountability of
one employee to another or to a patron. Obviously, a control weakness involving the last
category would pose the greatest risk to the tribe’s investment and the reputation of the gaming
enterprise. Some compliance exceptions, such as the failure to appropriately authorize and
document jackpot payouts from a gaming machine, would be characterized by the reviewer as
posing an immediate and material risk to tribal assets.
Once the risk analysis is performed, the data is recapped in a report, which also includes
information collected from other sources, and an overall risk factor is applied to the gaming
operation. Those facilities deemed to have a high risk of having a materially deficient system of

3

internal controls are further evaluated in terms of size and scope of gaming conducted,
geographical location and previous regulatory problems. The gaming operations determined to
pose the greatest risk are scheduled for follow-up contact, which could include a comprehensive
compliance audit of their internal control systems, assistance in the implementation of corrective
actions, or remedial training of casino personnel, as requested by management.
3. Describe whether, and to what extent, the collection of information involves the use of
automated, electronic, mechanical, or other technological collection, techniques or other
forms of information technology, e.g. permitting electronic submission of responses, and
the basis for the decision for adopting this means of collections. Also describe any
consideration of using information technology to reduce burden.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
The information collection does not specifically involve the use of technological
collection techniques; however, it should be noted that, except for the most elementary of
gaming operations, computerized systems are, to varying degrees, directly involved in the
authorization, recognition, recordation and summarization of transactions and events. Under the
regulations of the NIGC, information may be submitted by compatible automated, electronic,
and/or mechanical means.
4. Describe efforts to identify duplication. Show specifically why any similar information
already available cannot be used or modified for use for the purposes described in item 2
above.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
The required information is unique to each Indian tribe and to each gaming operation.
No similar information pertaining to gaming on Indian lands is collected by the NIGC or by
other federal agencies.
5. If the collection of information impacts small business or other small entities (Item 5 of
OMB Form 83-I), describe any methods used to minimize the burden.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Not applicable to Indian tribes.
6. Describe the consequence to Federal program or policy activities if the collection is not
conducted or is conducted less frequently, as well as any technical or legal obstacles to
reducing burden.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
For NIGC to effectively monitor the individual gaming operations to ensure the economic
and social interests of the stakeholders are being adequately protected and the overall integrity of

4

the industry is safeguarded from reproach, independent testing of the casino internal control
systems is necessary. Furthermore, the regulation codifies the testing criteria and procedures to
be followed by practitioners in the evaluation of the controls. The organization’s fiscal year is
the common and logical reporting period for such data. Without the information provided by the
submissions, the NIGC would be hampered in its effective allocation of resources and the
fulfillment of its mission.
7. Explain any special circumstances that would cause an information collection to be
conducted in a manner:
•
•
•
•
•
•
•

•

requiring respondents to report information to the agency more often than
quarterly;
requiring respondents to prepare a written response to a collection of information in
fewer than 30 days after receipt of it;
requiring respondents to submit more than an original and two copies of any
documents;
requiring respondents to retain records, other than health, medical, government
contract, grant-in-aid, or tax records for more than three years;
in connection with a statistical survey, that is not designed to produce valid and
reliable results that can be generalized to the universe of study;
requiring the use of a statistical data classification that has not been reviewed and
approved by OMB;
that includes a pledge of confidentiality that is not supported by authority
established in statute or regulation, that is not supported by disclosure and data
security policies that are consistent with the pledge, or which unnecessarily impedes
sharing of data with other agencies for compatible confidential use; or
requiring respondents to submit proprietary trade secrets, or other confidential
information unless the agency can demonstrate that it has instituted procedures to
protect the information's confidentiality to the extent permitted by law.

With regard to confidential information, the NIGC must ensure that Indian gaming is kept
free from criminal influence. To that end, the NIGC must require the maintenance and reporting
of certain confidential information. IGRA, 25 U.S.C. § 2716, requires the Commission to keep
confidential trade secrets, privileged or confidential, commercial or financial information, or
information related to ongoing law enforcement investigations. 25 U.S.C. § 2716 removes from
the Commission any discretion it otherwise would have to disclose information that falls within
FOIA exemptions 4 and 7 and requires the Commission to disclose such information only to
other law enforcement agencies for law enforcement purposes.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Under 25 CFR § 571.7 gaming operations are required to maintain financial books and
records sufficient to establish the information required under the IGRA and regulation for no less
than five years. This requirement corresponds to record retention mandated by other federal
statutes and regulations, such as Title 31, the Bank Secrecy Act. Pursuant thereto, financial

5

documentation supporting Current Transaction Reports by Casinos and Suspicious Activity
Reports must be retained for a minimum of five years.
8. If applicable, provide a copy and identify the date and page number of publication in
the Federal Register of the agency's notice, required by 5 CFR §1320.8(d), soliciting
comments on the information collection prior to submission to OMB.
On February 16, 2012, a notice containing the information collections requirement for 25
CFR part 542 was published in the Federal Register allowing the public an opportunity to
comment on the requirements. The public comment period closed on April 16, 2012. No public
comments were received.
In addition, the agency recently completed a rulemaking that amended part 543. 77 FR
58708, Sept. 21, 2012. This rulemaking amended the substance of the rules contained in part
543, but did not affect the reporting requirement or required burden hours from the original
collection because parts 542 and 543 are redundant in their mandatory reporting requirement for
Class II gaming AUPs. In other words, the burden is not increased because a single report
satisfies both 542 and 543 requirements. This rulemaking was subject to a notice and comment
period under which the public also had the opportunity to provide comments. No public
comments were received relative to the information collection burden.
9. Explain any decision to provide any payment or gift to respondents, other than
remuneration of contractors or grantees.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Not applicable. The NIGC does not provide any payment or gift to respondents.
10. Describe any assurance of confidentiality provided to respondents and the basis for the
assurance in statute, regulation, or agency policy.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
The IGRA (25 USC § 2716) provides:
(a) Except as provided in subsection (b), the Commission shall preserve any and all
information received pursuant to this Act as confidential pursuant to the provision of
paragraphs (4) and (7) of section 552(b) of title 5, United States Code.
(b) The Commission shall, when such information indicates a violation of Federal, State
or tribal statutes, ordinances, or resolutions, provide such information to the appropriate
law enforcement officials.
The NIGC is bound by the above requirements.
11. Provide additional justification for any questions of a sensitive nature, such as sexual
behavior and attitudes, religious beliefs, and other matters that are commonly considered

6

private. This justification should include the reasons why the agency considers the
questions necessary, the specific uses to be made of the information, the explanation to be
given to persons from whom the information is requested, and any steps to be taken to
obtain their consent.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Not applicable. No sensitive questions are asked.
12. Provide estimates of the hour burden of the collection of information. The statement
should:
•

•
•

Indicate the number of respondents, frequency of response, annual hour burden,
and an explanation of how the burden was estimated. Unless directed to do so,
agencies should not conduct special surveys to obtain information on which to base
hour burden estimates. Consultation with a sample (fewer than 10) of potential
respondents is desirable. If the hour burden on respondents is expected to vary
widely because of differences in activity, size, or complexity, show the range of
estimated hour burden, and explain the reasons for the variance. Generally,
estimates should not include burden hours for customary and usual business
practices.
If this request for approval covers more than one form, provide separate hour
burden estimates for each form and aggregate the hour burdens on Item 13 of OMB
Form 83-I.
Provide estimates of annualized costs to respondents for the hour burdens for
collections of information, identifying and using appropriate wage rate categories.
The cost of contracting out or paying outside parties for information collection
activities should not be included here. Instead, this cost should be included in Item
14.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)

The maximum number of current tribal gaming operations plus those possessing the
potential for future impact is estimated to be 421 operations. Many of those operations are Class
III-only facilities or facilities with gross revenues below the $1 million gross gaming revenue
reporting threshold who submit the reports voluntarily. AUP reports were submitted by 368
operations in 2011. Effective October 22, 2012, the reporting threshold will be raised to $3
million gross gaming revenue, which may have the effect of reducing the number of mandatory
respondents.
The figures herein are the result of phone surveys with a small sample of CPA firms that
regularly conduct AUP audits of tribal gaming operations. An AUP audit averages between 95115 hours, depending on the tier of the facility. Gaming operation staff spend approximately one
hour total time to secure an auditor and submit the report by regular or electronic mail.

7

Tier

Number of operations
submitting AUP
reports

5
56
77
230
368

<$1m
A
B
C
All

Auditor
hours per
AUP report

Total auditor
hours per tier

105
105
95
115
--

525
5,880
7,315
26,450
40,170

Operation
staff hours

Total Hours for
AUP reports

5
56
77
230
368

530
5,936
7,392
26,680
40,538

Accordingly, based on 2011 submissions, the total burden hours necessary to produce and
submit an AUP report is 40,538.
The cost of producing and submitting an AUP report is based on the burden hours of
auditors and operation staff.
Tier

<$1m
A
B
C
All

Number of
operations
submitting
AUP reports
in 2011

Total
Auditor
hours

Total
auditor cost
at
$200/audit
hour

5
56
77
230
368

525
5,880
7,315
26,450
40,170

$105,000
$1,176,000
$1,463,000
$5,290,000
$8,034,000

Operation
staff hours

5
56
77
230
368

Total operation
staff cost at
27.51/hr

$138
$1,541
$2,118
$6,327
$10,124

Total AUP
cost

$105,138
$1,177,541
$1,465,118
$5,296,327
$8,044,124

Accordingly, the total cost of the burden hours to produce and submit an AUP report,
based on 2011 submissions, is $8,044,124.
13. Provide an estimate of the total annual cost burden to respondents or recordkeepers
resulting from the collection of information. (Do not include the cost of any hour burden
shown in Items 12 and 14).
•

The cost estimate should be split into two components: (a) a total capital and startup cost component {annualized over its expected useful life}; and (b) a total
operation and maintenance and purchase of services component. The estimates
should take into account costs associated with generating, maintaining, and
disclosing or providing the information. Include description of methods used to
estimate major cost factors including system and technology acquisition, expected
useful life of capital equipment, the discount rate(s), and the time period over which
costs will be incurred. Capital and start-up costs include, among other items,
preparations for collecting information such as purchasing computers and software;
monitoring, sampling, drilling and testing equipment; and record storage facilities.

8

•

•

If cost estimates are expected to vary widely, agencies should present ranges of cost
burdens and explain the reasons for the variance. The cost of purchasing or
contracting out information collection services should be a part of this cost burden
estimate. In developing cost burden estimates, agencies may consult with a sample
of respondents (fewer than 10), utilize the 60-day, pre-OMB submission public
comment process and use existing economics or regulatory impact analysis
associated with the rulemaking containing the information collection, as
appropriate.
Generally, estimates should not include purchases of equipment or services, or
portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory
compliance with requirements not associated with the information collection, (3) for
reasons other than to provide information or keep records for the government, or
(4) as part of customary and usual business or private practices.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)

There are no capital outlay results from the regulation. The costs of the regulation are
purely administrative and set forth in the burden hour analysis under item 12.
14. Provide estimate of annualized cost to the Federal Government. Also, provide a
description of the method used to estimate cost, which should include quantification of
hours, operational expenses (such as equipment, overhead, printing and support staff), and
any other expense that would not have been incurred without this collection of information.
Agencies also may aggregate cost estimates from Items 12, 13, and 14 in a single table.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
The NIGC anticipates that there will be costs of a routine nature associated with the
submissions, which will pertain to the record keeping to account for items received and the
identification of those gaming operation that failed to comply with the regulation. Additionally,
hours will be expended performing the aforementioned risk analysis of the data. The time
expended of a routine nature is anticipated to be two hours per filing at a GS-13 rate of $39/hr,
which, would result in an annual burden of $28,704 (368 audits submitted*2 hours per audit*$39
per hr).
However, it is also anticipated that further costs will be incurred in obtaining compliance
with the regulation. Accordingly, based on prior years, 18 operations will fail to timely comply
and additional hours will be required to obtain compliance. Although much variance in the
actual time invested is likely, the agency forecasts that an average of 35 hours will be expended
per noncompliant item. Using the above hourly rate, the cost of obtaining compliance is $24,570
(18 non-submissions*35 hours per non-submission*$39 per hour).
The aggregate of annual routine processing cost and the costs incurred in the initiation of
enforcement actions is expected to be $53,274.

9

15. Explain the reasons for any program changes or adjustments reported in Items 13 or
14 of OMB Form 83-I.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
The previous filing from June 18, 2008 (73 FR 34794) identified 387 respondents. That
number—subject to change upon the opening or closing of additional gaming operations—has
been reduced to 368 for this filing largely because of a December 22, 2008 amendment (73 FR
78242) that allows tribes to consolidate operations for reporting purposes.
16. For collections of information whose results will be published, outline plans for
tabulations and publication. Address any complex analytical techniques that will be used.
Provide the time schedule for the entire project, including beginning and ending dates of
the collection of information, completion of report, publication dates, and other actions.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
This is an ongoing information collection with no ending date and no plans for
publication.
17. If seeking approval to not display the expiration date for OMB approval of
information collection, explain the reasons that display would be inappropriate.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Not applicable.
18. Explain each exception to the certification statement in Item 19, "Certification for
Paperwork Reduction Act Submission," of OMB Form 83-I.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
Not applicable. The NIGC certifies compliance with 5 CFR § 1320.9.
B. Collection of Information Employing Statistical Methods.
25 CFR § 542.3(f) and 25 CFR § 543.23(d)
This section is not applicable. Statistical methods are not employed.

10


File Typeapplication/pdf
File TitleSUPPORTING STATEMENT FOR RECORDKEEPING
Authorjhsmith
File Modified2012-10-16
File Created2012-10-16

© 2024 OMB.report | Privacy Policy