Gaming , Privacy and Security eGaming Experience in British Columbia British Columbia Lottery Corporation

1. Gaming, Privacy and SecurityeGaming Experience in British ColumbiaBritish Columbia Lottery Corporation October 5, 2013 Gurmit Aujla – Director, Internal Audit

2. PlayNow.Com Timeline Launch PlayNow.com July 2010 Mobile June 2013 Sports July 2012 Casino B2B January 2013 Lottery B2B August 2013 Poker February 2011

3. Old World – Ways to Play

5. Competition

6. Competition

7. Top 5 Risk Areas • Information Security & Privacy • Regulatory Compliance • Infrastructure • Vendors • Public Support (Integrity)

8. Manitoba & Western Canada Concern Areas • Contract compliance, SLA's • Regulatory – multiple jurisdictions • Gaming integrity • Communication Risks • Availability

9. Governance Participants (Internal Vs. External) BCLC Regulator (GPEB) External Auditor Audit Services eGaming Oversight … eGaming Security Information Security Steering Committee

10. Assurance Map Detailed data redacted

11. What our B2B customer wanted Detailed data redacted Detailed data redacted

12. New World Reporting Example Only

13. Internal Audit Resource Allocation

14. Risks Vs. Controls Mapping • Information Security & Privacy • Security & Privacy Requirements • Security Testing & Penetration Tests • Privacy Impact Assessment • Design Assessment • Change Management • QA & Compliance Testing • Requirements Management • Vendor SLA measurement • Contract Management • Regulator Coordination • Independent Testing • Verification of Gaming Standards • Communications Management • Advertising • Infrastructure • Vendors Regulatory Compliance Player / Public Support

15. Questions?