Minimum Internal Control Standards, 11893-11903 [05-4665]

Agencies

• National Indian Gaming Commission

[Federal Register Volume 70, Number 46 (Thursday, March 10, 2005)]
[Proposed Rules]
[Pages 11893-11903]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-4665]


=======================================================================
-----------------------------------------------------------------------

NATIONAL INDIAN GAMING COMMISSION

25 CFR Part 542

RIN 3141-AA27


Minimum Internal Control Standards

AGENCY: National Indian Gaming Commission.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In response to the inherent risks of gaming enterprises and 
the resulting need for effective internal controls in Tribal gaming 
operations, the National Indian Gaming Commission (Commission or NIGC) 
first developed Minimum Internal Control Standards (MICS) for Indian 
gaming in 1999, and then later revised them in 2002. The Commission 
recognized from the outset that periodic technical adjustments and 
revisions would be necessary in order to keep the MICS effective in 
protecting Tribal gaming assets and the interests of Tribal 
stakeholders and the gaming public. To that end, the following proposed 
rule revisions contain certain proposed corrections and revisions to 
the Commission's existing MICS, which are necessary to clarify, 
improve, and update other existing MICS provisions. The purpose of 
these proposed MICS revisions is to address apparent shortcomings in 
the MICS and various changes in Tribal gaming technology and methods.

DATES: Submit comments on or before April 25, 2005. After consideration 
of all received comments, the Commission will make whatever changes to 
the proposed revisions that it deems appropriate and then promulgate 
and publish the final revisions to the Commission's MICS Rule, 25 CFR 
part 542.

ADDRESSES: Mail comments to ``Comments to Second Set of Proposed MICS 
Rule Revisions, National Indian Gaming Commission, 1441 L Street, NW., 
Washington, DC 20005, Attn: Acting General Counsel, Penny J. Coleman.'' 
Comments may be transmitted by facsimile to (202) 632-7066.

FOR FURTHER INFORMATION CONTACT: Vice-Chairman Nelson Westrin, (202) 
632-7003 (not a toll-free number).

SUPPLEMENTARY INFORMATION: 

Background

    On January 5, 1999, the Commission first published its Minimum 
Internal Control Standards (MICS) as a Final Rule. As gaming Tribes and 
the Commission gained practical experience applying the MICS, it became 
apparent that some of the standards required clarification or 
modification to operate as the Commission had intended and to 
accommodate changes and advances that had occurred over the years in 
Tribal gaming technology and methods.
    Consequently, the Commission, working with an Advisory Committee 
composed of Commission and Tribal representatives published the new 
final revised MICS rule on June 27, 2002. As the result of the 
practical experience of the Commission and Tribes working with the 
newly revised MICS, it has once again become apparent that additional 
corrections, clarifications, and modifications are needed to ensure 
that the MICS continue to operate as the Commission intended. To 
identify which of the current MICS need correction, clarification or 
modification, the Commission initially solicited input and guidance 
from NIGC employees, who have extensive gaming regulatory expertise and 
experience and work closely with Tribal gaming regulators in monitoring 
the implementation, operation, and effect of the MICS in Tribal gaming 
operations. The resulting input from NIGC staff convinced the 
Commission that the MICS require continuing review and prompt revision 
on an ongoing basis to keep them effective and up-to-date. To address 
this need, the Commission decided to establish a Standing MICS Advisory 
Committee to assist it in both identifying and developing necessary 
MICS revisions on an ongoing basis.
    In recognition of its government-to-government relationship with 
Tribes and related commitment to meaningful Tribal consultation, the 
Commission requested gaming Tribes, in January 2004, for nominations of 
Tribal representatives to serve on its Standing MICS Advisory 
Committee. From the twenty-seven (27) Tribal nominations that it 
received, the Commission selected nine (9) Tribal representatives in 
March 2004 to serve on the Committee. The Commission's Tribal Committee 
member selections were based on several factors, including the 
regulatory experience and background of the individuals nominated, the 
size(s) of their affiliated Tribal gaming operation(s), the types of 
games played at their affiliated Tribal gaming operation(s), and the 
areas of the country in which their affiliated Tribal gaming 
operation(s) are located. The selection process was very difficult, 
because numerous highly qualified Tribal representatives were nominated 
to serve on this important Committee. As expected, the benefit of 
including Tribal representatives on the Committee, who work daily with 
the MICS, has proved to be invaluable.
    Tribal representatives selected to serve on the Commission's 
Standing MICS Advisory Committee are: Tracy Burris, Gaming 
Commissioner, Chickasaw Nation Gaming Commission, Chickasaw Nation of 
Oklahoma; Jack Crawford, Chairman, Umatilla Gaming Commission, 
Confederated Tribes of the Umatilla Indian Reservation; Patrick Darden, 
Executive Director, Chitimacha Gaming Commission, Chitimacha Indian 
Tribe of Louisiana; Mark N. Fox, Compliance Director, Four Bears 
Casino, Three Affiliated Tribes of the Fort Berthold Reservation; 
Sherrilyn Kie, Senior Internal Auditor, Pueblo of Laguna Gaming 
Authority, Pueblo of Laguna; Patrick Lambert, Executive Director, 
Eastern Band of Cherokee Gaming Commission, Eastern Band of Cherokee 
Indians; John Meskill, Director, Mohegan Tribal Gaming Commission, 
Mohegan Indian Tribe; Jerome Schultze, Executive Director, Morongo 
Gaming Agency, Morongo Band of Mission Indians; and Lorna Skenandore, 
Assistant Gaming Manager, Support Services, Oneida Bingo and Casino, 
formerly Gaming Compliance Manager, Oneida Gaming Commission, Oneida 
Tribe of Indians of Wisconsin. The Advisory Committee also includes the 
following Commission representatives: Philip N. Hogen, Chairman; Nelson 
Westrin, Vice-

[[Page 11894]]

Chairman; Cloyce V. Choney, Associate Commissioner; Joe H. Smith, 
Acting Director of Audits; Ken Billingsley, Region III Director; Nicole 
Peveler, Field Auditor; Ron Ray, Field Investigator; and Sandra Ashton, 
Staff Attorney, Office of General Counsel.
    In the past, the MICS were comprehensively revised on a large 
wholesale basis. Such large-scale revisions proved to be difficult for 
Tribes to implement in a timely manner and unnecessarily disruptive to 
Tribal gaming operations. The purpose of the Commission's Standing 
Committee is to conduct a continuing review of the operation and 
effectiveness of the existing MICS, in order to promptly identify and 
develop needed revisions of the MICS, on a manageable incremental 
basis, as they become necessary to revise and keep the MICS practical 
and effective. By making more manageable incremental changes to the 
MICS on an ongoing basis, the Commission hopes to be more prompt in 
developing needed revisions, while, at the same time, avoiding larger-
scale MICS revisions which take longer to implement and can be 
unnecessarily disruptive to Tribal gaming operations.
    In accordance with this approach, the Commission has developed the 
following second set of proposed MICS rule revisions, with the 
assistance of its Standing MICS Advisory Committee. In doing so, the 
Commission is carrying out its statutory mandate under the Indian 
Gaming Regulatory Act, 25 U.S.C. 2706(b)(10), to promulgate necessary 
and appropriate regulations to implement the provisions of the Act. In 
particular, the following proposed MICS rule revisions are intended to 
address Congress' purpose and concern stated in Section 2702(2) of the 
Act, that the Act ``provide a statutory basis for the regulation of 
gaming by an Indian tribe adequate to shield it from organized crime 
and other corrupting influences, to ensure the Indian tribe is the 
primary beneficiary of the gaming operation, and to ensure the gaming 
is conducted fairly and honestly by both the operator and the 
players.''
    The Commission, with the Committee's assistance, identified three 
specific objectives for the following proposed MICS rule revisions: (1) 
To ensure that the MICS are reasonably comparable to the internal 
control standards of established gaming jurisdictions; (2) to ensure 
that the interests of the Tribal stakeholders are adequately 
safeguarded; and (3) to ensure that the interests of the gaming public 
are adequately protected.
    The Advisory Committee met on October 21, 2004, and January 25, 
2005, to discuss the revisions set forth in the following second set of 
proposed MICS rule revisions. The input received from the Committee 
Members has been invaluable to the Commission in its development of the 
following proposed MICS rule revisions. In accordance with the 
Commission's established Government-to-Government Tribal Consultation 
Policy, the Commission provided a preliminary working draft of all of 
the proposed MICS rule revisions contained herein to gaming Tribes on 
November 24, 2004, for a thirty (30)-day informal review and comment 
period, before formulation of this proposed rule. In response to its 
requests for comments, the Commission received thirty two (32) comments 
from Commission and Tribal Advisory Committee members, individual 
Tribes, and other interested parties regarding the proposed revisions. 
A summary of these comments is presented below in the discussion of 
each proposed revision to which they relate.

General Comments to Proposed MICS Revisions

    For reasons stated above in this preamble, the National Indian 
Gaming Commission proposes to revise the following specific sections of 
its MICS rule, 25 CFR part 542. The following discussion includes the 
Commission's responses to general comments concerning the MICS and is 
followed by a discussion regarding each of the specifically proposed 
revisions, along with previously submitted informal comments to the 
proposed revisions and the Commission's responses to those comments. As 
noted above, prior commenters include Commission and Tribal Advisory 
Committee members, gaming Tribes, and others.

Comments Questioning NIGC Authority To Promulgate MICS for Class III 
Gaming

    Many of the previous informal comments to the preliminary working 
draft of the proposed MICS revisions pertained to the Commission's 
authority to promulgate rules governing the conduct of Class III 
gaming. Positions were expressed asserting that Congress intended the 
NIGC's Class III gaming regulatory authority to be limited exclusively 
to the approval of tribal gaming ordinances and management contracts. 
Similar comments were received concerning the first proposed MICS back 
in 1999. The Commission, at that time, determined in its publication of 
the original MICS in 1999 that it possessed the statutory authority to 
promulgate Class III MICS.
    As stated in the preamble to those MICS: ``The Commission believes 
that it does have the authority to promulgate this final rule. * * * 
[T]he Commission's promulgation of MICS is consistent with its 
responsibilities as the Federal regulator of Indian gaming.'' 64 FR 509 
(Jan. 5, 1999).
    The current Commission reaffirms that determination. The Indian 
Gaming Regulatory Act, which established the regulatory structure for 
all classes of Indian gaming, expressly provides that the Commission 
``shall promulgate such regulations as it deems appropriate to 
implement the provisions of (the Act).'' 25 U.S.C. 2707(b)(10). 
Pursuant to this clearly stated statutory duty and authority under the 
Act, the Commission has determined that MICS are necessary and 
appropriate to implement and enforce the regulatory provisions of the 
Act governing the conduct of both Class II and Class III gaming and 
accomplish the purposes of the Act.
    The Commission believes that the importance of internal control 
systems in the casino operating environment cannot be overemphasized. 
While this is true of any industry, it is particularly true and 
relevant to the revenue generation processes of a gaming enterprise, 
which, because of the physical and technical aspects of the games and 
their operation and the randomness of game outcomes, makes exacting 
internal controls mandatory. The internal control systems are the 
primary management procedures used to protect the operational integrity 
of gambling games, account for and protect gaming assets and revenues, 
and assure the reliability of the financial statements for Class II and 
III gaming operations. Consequently, internal control systems are a 
vitally important part of properly regulated gaming. Internal control 
systems govern the gaming enterprise's governing board, management, and 
other personnel who are responsible for providing reasonable assurance 
regarding the achievement of the enterprise's objectives, which 
typically include operational integrity, effectiveness and efficiency, 
reliable financial statement reporting, and compliance with applicable 
laws and regulations.
    The Commission believes that strict regulations, such as the MICS, 
are not only appropriate but necessary for it to fulfill its 
responsibilities under the IGRA to establish necessary baseline, or 
minimum, Federal standards for all Tribal gaming operations on Indian 
lands. 25 U.S.C. 2702(3). Although the Commission recognizes that many 
Tribes had sophisticated internal

[[Page 11895]]

control standards in place prior to the Commission's original 
promulgation of its MICS, the Commission also continues to strongly 
believe that promulgation and revision of these standards is necessary 
and appropriate to effectively implement the provisions of the Indian 
Gaming Regulatory Act and, therefore, within the Commission's clearly 
expressed statutory power and duty under Section 2706(b)(10) of the 
Act.

Comments Recommending Voluntary Tribal Compliance With MICS

    Comments were also received suggesting that the NIGC should re-
issue the MICS as a bulletin or guideline for Tribes to use 
voluntarily, at their discretion, in developing and implementing their 
own Tribal gaming ordinances and internal control standards.
    The Commission disagrees. The MICS are common in established gaming 
jurisdictions and, to be effective in establishing a minimum baseline 
for the internal operating procedures of Tribal gaming enterprises, the 
rule must be concise, explicit, and uniform for all Tribal gaming 
operations to which they apply. Furthermore, to nurture and promote 
public confidence in the integrity and regulation of Indian gaming and 
ensure its adequate regulation to protect Tribal gaming assets and the 
interests of Tribal stakeholders and the public, the Commission's MICS 
regulations must be reasonably uniform in their implementation and 
application and regularly monitored and enforced by Tribal regulators 
and the NIGC to ensure Tribal compliance.

Proposed Revisions to Section 542.3(f) CPA Testing

    The Commission proposes to revise the noted regulation to clarify 
the type of report being requested and more accurately define the scope 
and function of the process deemed necessary to ensure consistency and 
reliability of the reports produced. The text of the proposed revision 
is set forth following the conclusion of this preamble in which all of 
the proposed revisions to the Commission's MICS rule, 25 CFR part 542, 
are discussed.
    Since the MICS were initially adopted, the CPA Testing standard has 
been the subject of much concern and question due to its lack of 
specificity. Numerous inquiries have been received from tribal 
regulators, gaming operators and accounting practitioners. As a result 
of the issues raised, in June 2000, guidelines were issued by the 
Commission to aid in the interpretation of the regulation; however, 
questions and inconsistencies in the reports continue to exist. 
Therefore, the revision is being proposed to clarify or define: (1) The 
type of reporting required of the independent accountant; (2) Clarify 
that the Commission does not possess an expectation that the 
independent accountant render an opinion regarding the overall quality 
of the gaming operation's internal control systems; (3) More accurately 
define the scope and breath of the testing and observations to be 
performed by the practitioner in conjunction with the engagement; and 
(4) Explicitly communicate to the CPA that reliance upon the work of 
the internal auditor is an acceptable option, subject to satisfaction 
of certain conditions and the determination by the practitioner that 
the work product of the internal auditor is sufficient to enable 
reliance.
    Comments were received acknowledging the need to explicitly define 
the regulation's expectations. Furthermore, it was stated that the 
proposed revision may result in a reduction in costs to many tribes and 
most likely an improvement in the quality of the data produced by the 
CPA.
    As initially drafted, the proposed revision contained rather 
exacting criteria that the CPA should consider in determining whether 
to rely on the work of the internal auditor. The criteria addressed 
such items as education, professional certification and experience. 
Several commenters misinterpreted the noted conditions as establishing 
minimum criteria for hiring an internal auditor and practitioners noted 
that even though an internal auditor or internal audit department 
failed to satisfy the criteria the work product produced might still be 
of sufficient quality to warrant reliance. The Commission reconsidered 
the explicit criteria and deleted them. As proposed, the CPA is advised 
that reliance is at the discretion of the practitioner provided the 
internal audit department can demonstrate satisfaction of the MICS 
requirements contained within the internal audit sections, as 
applicable.
    One commenter noted that the current regulation requires the CPA to 
test for material compliance; whereas, the proposed revision indicates 
that all instances of procedural noncompliance be reported, without 
regard to materiality. A concern was expressed whether the change 
represents a more stringent condition. Although the Commission 
appreciates the concern, we do not believe the striking of the 
reference to material compliance should have a significant impact on 
the work performed by practitioners. The term ``material'' has a 
financial connotation that is misplaced in a regulation possessing the 
intent of measuring regulatory compliance with a codified set of 
minimum internal control procedures. In essence, the term is simply 
ambiguous when utilized in the context of compliance testing. However, 
it is important to recognize that the ultimate beneficiary of the 
information is the gaming operation's management. The report produced 
is intended to provide compliance data to the operator that will 
facilitate the initiation of a proactive response to the findings. 
Obviously, inherent to the worthiness of a disclosed compliance 
exception is the need for corrective action. We do not believe the 
proposed regulation precludes the CPA from exercising professional 
judgment in determining whether an exception warrants disclosure. For 
example, the Commission would not consider a report to be noncompliant 
if, during the sampling of a large number of items, the CPA detected a 
minute number of compliance exceptions and determined that they 
represented only isolated incidents of noncompliance, which did not 
justify a remedial response.
    Furthermore, if during testing of transactions at the beginning of 
an audit period items of noncompliance were detected but the CPA was 
able to confirm that corrective action had been effectively implemented 
by the end of the period, it would be entirely appropriate for the 
practitioner to exercise professional judgment in deciding whether 
there was any worthwhile benefit to disclosure.
    Since initial adoption, concerns have been expressed regarding the 
regulation because it stipulates the benchmark for measuring compliance 
to the internal control standards adopted by the tribal gaming 
regulatory authority. Specifically, it was noted that it is not 
uncommon for tribal standards to be more stringent than the federal 
rule or require procedures not in the MICS. The appropriateness of 
requiring the CPA to report incidences of noncompliance on standards 
not representing noncompliance with the MICS was questioned. In 
consideration of the Commission's stated objective of creating a 
minimum baseline for internal control systems, we concur with the 
expressed concern. Therefore, in conjunction with the revision of the 
section, it was changed to require compliance testing against the 
federal rule; however, at the discretion of the tribe, the tribe may 
opt to engage the external accountant to audit for

[[Page 11896]]

compliance against the minimum standards adopted by the tribal gaming 
regulatory authority. If the alternative testing criteria are desired, 
the proposed revision requires the CPA to first confirm that the 
applicable tribal regulations provide a level of control that equals or 
exceed those set forth in Part 542.
    A commenter objected to the explicit nature of the testing criteria 
contained within the proposed revision. The concern was specific to 
whether any deviation from the stipulated testing would be permissible; 
that the tribal gaming regulatory authority should have the latitude to 
require testing of greater scope and depth and that the CPA should be 
able to expand or contract testing based on a risk analysis.
    The Commission does not concur with the concern expressed. To 
ensure consistency and reliability of the reports produced, it is 
necessary that a minimum level of testing be performed by 
practitioners. Although the proposed revision states that the NIGC MICS 
compliance checklist or other comparable testing procedures be 
performed, the Commission does not believe the proposed regulation 
should be so narrowly interpreted as to preclude any deviation. For 
example, a tribal gaming regulatory authority might require the CPA to 
conduct more in depth testing of gaming machines located in a high 
stakes area or might permit a lesser level of testing for table games 
possessing exceedingly low bet limits. Such determinations would simply 
be based on an analysis of the risk posed by specific games. 
Furthermore, the CPA has the latitude to exercise professional judgment 
in determining sample size and scope. For example, a firm possessing 
several years of experience with a client that has had an exemplary 
record of addressing compliance exceptions might result in the external 
accountant's contraction of testing. Whereas, if the converse situation 
existed in which management had been non-responsive to exceptions, the 
external accountant might deem it prudent to expand testing since the 
control environment would likely be at a higher risk of compromise.
    A commenter questioned whether it would be permissible for a CPA to 
perform the required observations subsequent to the fiscal year end. 
Although the Commission questions the wisdom of performing observations 
at a time outside the period subject to review, we do not believe the 
proposed regulation explicitly forbids it. However, recognizing that 
the results of such observation would have diminished value, expanded 
compensating document testing relevant to the audit period would seem a 
logical action.
    A commenter recommended that the Commission should codify in the 
rule that the CPA testing period be the fiscal year of the gaming 
enterprise. The Commission disagrees with the need to stipulate in the 
rule that the period subject to audit must be the fiscal year. Inherent 
to the filing requirement that the report be submitted within 120 days 
of the gaming operation's fiscal year end, it is the presumption that 
the period subject to review will be the business year. The Commission 
is unaware of this concern being of any significance within the 
industry.
    A commenter suggested that the proposed revisions require the CPA 
submit a copy of internal audit reports when there is reliance. 
Furthermore, the commenter represented that in accordance with the 
referenced Agreed-Upon-Procedures pronouncement the practitioner is 
precluded from extracting data from the internal audit reports. Other 
commenters have not agreed with this position when the CPA has 
performed such testing as necessary to gain sufficient assurance in the 
quality of the internal audit work to rely thereon. Although the 
Commission has received internal audit reports from CPA firms, we do 
not concur that such submissions should be required. Our position is 
founded upon the fact that the filings frequently include findings 
unrelated to the MICS, i.e. incidents of noncompliance with internal 
policies and procedures such a personnel or recommendations to 
management regarding productivity and efficiency.
    A commenter recommended that the proposed revisions require the 
inclusion of management responses to the compliance audit findings. 
Although occasionally submissions do include comments or anticipated 
remedial actions plans from management, the Commission believes that 
including such a requirement in the rule would unduly hinder 
satisfaction of the filing deadline of 120 days past fiscal year end. 
It is important to note that the primary beneficiary of the independent 
report is management, who should require, as a component of the 
enterprise's overall operational objectives, compliance with all 
applicable laws and regulations. Although the Commission utilizes the 
data submitted to evaluate the internal control systems and their 
compliance with the federal rule, the CPA testing report is only one of 
several sources of information drawn upon to perform the analysis. It 
is the position of the Commission that the lack of management responses 
will not significantly impede that evaluation.
    A commenter suggested that the CPA, in testing of internal audit 
work performed, be allowed to accept digital copies or facsimile of 
original documents. The Commission concurs with the suggestion. It is 
not uncommon for such reproductions to carry the same weight as the 
original and the proposed regulation is not intended to preclude the 
procedure.
    A commenter suggested that the count observations be required to be 
initiated at the beginning of the drop/count process and that such a 
procedure would facilitate observation of the key control and 
surveillance notification functions.
    The Commission disagrees with the suggestion. The objective of 
entering the count room after commencement of the count is to detect 
irregularities and internal control deficiencies, which would not be as 
likely if count personnel were aware that observations were going to be 
performed. Furthermore, with regards to the required key controls and 
notification of surveillance, documentation of such events is mandated 
by the MICS, which enables a subsequent audit.
    A commenter raised a concern that the proposed revisions will 
supersede the authority of the tribe to determine the scope and depth 
of the testing to be performed in accordance with the Agreed-Upon-
Procedures pronouncement and, in effect, transfer accountability of the 
CPA to the Commission.
    The Commission disagrees with the commenter's interpretation of the 
proposed revision. Contained therein is the representation that an 
independent Certified Public Accountant shall be engage to perform the 
compliance testing. The statement is purposeful in its lack of 
specificity regarding the entity within the tribe that would assume 
responsibility for executing the engagement letter. It is the position 
of the Commission that such a decision should be left to the discretion 
of the tribe. Although in practice most engagement letters are signed 
by an authorized management person or audit committee representative, 
the Commission has also noted engagements originating with the tribal 
gaming regulatory authority. Without regards to the entity or 
individual possessing the authority to engage the independent 
accountant, there should be no misunderstanding that the objective of 
the proposed revision is to establish only the minimum criteria that 
must be incorporated in the engagement letter. Furthermore, the CPA 
should be

[[Page 11897]]

well aware that their client is the engaging party, not the Commission.
    A commenter noted that the auditing profession has established 
methods and procedures to guide CPA firms in documenting and conducting 
their reviews through the AICPA's Casino Audit and Accounting Guide and 
the Auditing Standards Board's Statement on Standards for Attestation 
Engagements, specifically SSAE10. That these standards provide 
CPA firms pertinent guidance regarding the process, procedures and 
reporting format and requirements to be employed.
    The Commission disagrees with the commenter; not because we believe 
the Audit and Accounting Guide for casinos conflicts with any standard 
contained within the MICS, but because the professional pronouncement 
simply lacks sufficient specificity to effectively confirm compliance 
with the federal rule or the tribal internal control standards. With 
regards to the pronouncement relevant to performance of attestation 
engagements, the Commission embraces the concepts contained therein and 
considers the proposed revision to compliment the directive. However, 
we do not accept the premise that the professional directive is 
adequate to ensure reliability and consistency in the reports; 
considering the report's objective of identifying incidences of 
noncompliance with a codified set of control procedures, which can be 
rather exacting.
    A commenter objected to the CPA firm's personnel performing 
observations in the count room while the count is in progress because 
they would have potential access to unaccounted for funds. Although the 
Commission appreciates the concern expressed, it is our position that 
for the practitioner to effectively test the internal control systems 
for compliance there must be unfettered access to all applicable areas 
and records of the gaming operation. Of course, the Commission would 
consider it prudent for management or the tribal regulatory authority 
to initiate compensating controls to offset the risk posed by persons 
external to the casino being in areas in which access is restricted; 
however, in consideration of such controls, they should not unduly 
interfere with the objectives of the engagement.
    Initial drafts of the proposed rule contained a requirement that 
the gaming operation must provide the CPA with written assurance 
regarding compliance by the internal auditor or internal audit 
department with applicable standards contained within the internal 
audit sections of the MICS. Comments were received questioning the need 
for the CPA to receive such written assurance since the external 
accountant would still be expected to confirm the representation. The 
Commission concurred with the commenter and has struck the noted 
requirement from the proposed rule.

Proposed Revisions to the Following Sections: 542.7(d) (Bingo) 
Accountability Form; 542.8(f) (Pull-Tab) Accountability Form; 542.10(f) 
(Keno) Checkout Standards at the End of Each Keno Shift; 542.11(e) 
(Pari-Mutuel Wagering) Checkout Standards; 542.13(f) (Gaming Machines) 
Gaming Machine Department Funds Standards; 542.14(d) (Cage) Cage and 
Vault Accountability Standards

    Revisions to the referenced sections of the MICS are intended to 
clarify the respective existing regulations. Specifically, the change 
is to state explicitly that unverified transfers of cash or cash 
equivalents accountability are prohibited.
    Initially, the proposed revision stated that blind drops are 
prohibited but several commenters noted that the term had rather 
diverse interpretations. It was recommended that the revision would be 
more precise to state, ``Unverified transfers of cash and/or cash 
equivalents are prohibited.'' The Commission concurred with the 
recommendation and revised the initial draft accordingly.
    Comment was received recommending that the proposed revision also 
be added to the relevant standards contained within the MICS drop and 
count sections. The Commission disagrees with the recommendation. The 
standards contained within the drop and count sections are sufficiently 
clear that no additional clarification is needed. The standards are 
effective in precluding unverified transfers.

Proposed Revision to 542.14(d)(3) Cage and Vault Accountability 
Standards

    Based on the result of compliance audits conducted by the 
Commission and research performed, it has been determined that the 
referenced standard is incorrect with respect to its placement within 
the MICS. The standards were intended to codify the minimum components 
of the cage/vault accountability. Unfortunately, included within the 
list of items is gaming machine hopper loads. Generally accepted gaming 
regulatory standards and common industry practice would dictate that 
the value of the hoppers be reflected in a general ledger account, not 
the cage/vault accountability. To correct the error, the Commission is 
proposing to strike the referenced control.
    No comments were received relevant to the proposed revision.

Proposed Revisions to 542.17(b)(c)(d) (c) Complimentary Services or 
Items

    In June 2002, a revision was made to the referenced section in 
which a stated value of $50 was replaced by a non-specified amount that 
was required to be merely reasonable. The threshold dictates when a 
comp transaction must be included in a report for review by management. 
The objective of the report is to facilitate supervisory oversight of 
the comps process for the purpose of ensuring compliance with the 
gaming operation's comp policy.
    Unfortunately, confusion and conflict have resulted from the 2002 
revision. Therefore, the Commission is proposing to revise the 
regulation to require that individual comp transactions equal to or 
exceeding $100 be included in the report, unless the tribal gaming 
regulatory authority determines that the threshold should be a lesser 
amount.
    As initially drafted, the proposed revision did not acknowledge 
that the tribal gaming regulatory authorities had the latitude of 
establishing an amount less than $100. A commenter made a 
recommendation that the draft be revised to grant such an option. The 
Commission has accepted and effectuated the recommendation.
    Other comments were received supporting the revision.

Proposed Revisions to the Following Sections: 542.21(f)(12) (Tier A--
Drop and Count) Gaming Machine Bill Acceptor Count Standards; 
542.31(f)(12) (Tier B--Drop and Count) Gaming Machine Bill Acceptor 
Count Standards; 542.41(f)(12) (Tier C--Drop and Count) Gaming Machine 
Bill Acceptor Count Standards

    The referenced standards represent a duplicate control to an 
identical requirement contained within each of the respective section's 
Gaming Machine Bill Acceptor Drop Standards, refer 542.21(e)(4), 
542.31(e)(5), and 542.41(e)(5). Specifically, the standard requires the 
bill acceptor canisters to be posted with a number corresponding to 
that of the machine it was extracted. The subject control pertains to a 
drop function, as opposed to the count process. Therefore, the 
Commission is proposing to delete the above subsections.
    No comments were received pertaining to the proposed revision.

[[Page 11898]]

Proposed Revisions to 542.21(f)(4)(ii) Drop and Count for Tier A; 
542.31(f)(4)(ii) Drop and Count for Tier B; 542.41(f)(4)(ii) Drop and 
Count for Tier C

    The Commission is proposing to delete the referenced standards, 
which require a second count of the gaming machine bill acceptor drop 
by a count team member who did not perform the first count. In 
justification of the proposed revision, it is important to note that 
the Commission has attempted to rely on the advice and experience of 
the established gaming jurisdictions in defining its minimum internal 
control regulation. Such a methodology is deemed to be not only 
efficient but prudent. Generally, the MICS represent a rather 
simplistic abbreviation of commensurate controls of the established 
gaming jurisdictions, which has left much room for tribal gaming 
regulators to complement. However, consistent with such a concept is 
the need for the Commission to be cognizant of any standards enacted 
that are overreaching. In other words, before requiring a control more 
stringent than the established gaming jurisdictions, the Commission 
should have a compelling reason for its action. The proposal to delete 
the noted standards is founded upon the premise that they are 
inconsistent with the established gaming jurisdictions and are lacking 
in a compelling reason justifying a more stringent procedure for tribal 
gaming. Unlike the drop originating with table games, meter data should 
be available to confirm the gaming machine bill acceptor count, which 
sufficiently mitigates the risk of compromise associated with that 
process. Based on research performed, it is the belief of the 
Commission that the double count requirement resulted from a drafting 
error in June 2002, which originated from the reformatting of the drop 
and count sections. Therefore, it is the position of the Commission 
that the standards in question should be struck.
    A commenter expressed the position that the second count of the 
currency is appropriate and should remain in the MICS. The Commission 
disagrees with the commenter for the reasons previously stated. 
However, as echoed throughout the MICS and within the preamble, the 
tribal gaming regulatory authorities have primary responsibility for 
the regulation of their respective gaming operation(s) and have the 
latitude of requiring controls more stringent than those of the federal 
rule.
    One commenter suggested that the rule should be made conditional 
such that only when the gaming operation employs an effective on-line 
accounting system should the second count be foregone. The Commission 
disagrees, since verification of the drop to the currency in meter 
reading is required by the MICS, without regard to whether the meter 
data is collected electronically or manually.
    One commenter questioned the consistency of the Commission's action 
to delete the subject standards with its position regarding the 
prohibition against unverified transfers of an individual's 
accountability. The Commission does not recognize an inconsistency. The 
count team takes possession of the drop proceeds and is responsible for 
those funds until they are transferred to the cage/vault (buy process). 
The count team executes a count of the monies and, in conjunction with 
the transfer of the accountability, the vault or cage supervisory 
performs another count to verify the amount being conveyed to their 
accountability. Consequently, no cash inventories are being transferred 
from one person to another without mutual verification and acceptance.

Proposed Addition of 542.22(g) Internal Audit Guidelines--Tier A; 
542.32(g) Internal Audit Guidelines--Tier B; 542.42(g) Internal Audit 
Guidelines--Tier C

    The Commission proposes to add the referenced regulations to the 
MICS, which represents a simple notification to internal auditors and 
internal audit departments that the Commission will provide recommended 
guidelines to aid in satisfaction of the testing requirements contained 
with the internal audit sections of the MICS. The guidelines do not 
represent a rule requiring adherence but an aid for internal auditors 
to take advantage of as they might deem appropriate.
    No comments were received pertinent to the proposed revision.

Proposed Revision to 542.23(n)(3) Tier A Surveillance--Wide Area 
Progressive Gaming Machines; 542.33(q)(3) Tier B Surveillance--Wide 
Area Progressive Gaming Machines; and 542.43(r)(3) Tier C 
Surveillance--Wide Area Progressive Gaming Machines

    Prior to June 2002, the subject regulations required certain 
dedicated camera coverage over wide area progressive machines with a 
potential payout of $3 million or more. In conjunction with the 
revisions of 2002, the standards were revised to require the additional 
camera coverage over the noted machines if the base amount was more 
than $1.5 million, irrespective of potential payout.
    Based on the experience gained by the Commission, it has been 
determined that the referenced revision negated the effectiveness of 
the regulation, which is to require a heightened level of surveillance 
coverage over wide area progressive devices commensurate with the risk 
posed to tribal assets and operational integrity. Such risk is directly 
related to the size of the potential awards but is mitigated somewhat 
by the fact that a third party, the wide area progressive vendor, is 
involved in the transaction.
    The proposed revision is intended to regain the effectiveness of 
the original regulation, consistent with the industry's regulatory 
standards. Specifically, the proposed threshold is being lowered to a 
starting base amount of $1 million or more.
    One commenter concurred with the proposed revision and acknowledged 
the limited effectiveness of the $1.5 million base threshold. One 
commenter recommended that the control be modified to require 
surveillance to utilize a real time standard for monitoring and 
recording a video of the activity in question. The Commission 
enthusiastically supports the position expressed by the commenter, 
since it is our belief that this critical function should require a 
surveillance standard employing a sufficient clarity criterion and be 
observed and recorded at thirty (30) frames or images per second, as 
applicable. However, the MICS currently defines sufficient clarity as 
requiring only twenty (20) frames per second. Since we believe that the 
term ``real time'' is generally understood to mean at least thirty (30) 
frames per second, injecting it into the proposed revision would likely 
create an ambiguity within the MICS.
    One commenter questioned whether the additional cost resulting from 
the expansion of the standard's applicability is justified. The 
Commission appreciates the commenter's concern; however, performance of 
a cost benefit analysis in conjunction with the evaluation of a control 
can be a challenging exercise. For example, measuring the economic 
impact of an irregularity that did not occur because it was deterred by 
an effective internal control system is a highly speculative endeavor. 
However, a truism of gaming widely accepted by industry professionals 
is that as the potential reward increases so does the likelihood of 
compromise. This characteristic of gaming is not unrelated to the 
proposed revision. There is much wisdom within a process that learns 
from the experience of our peers who are more seasoned in the 
regulation of

[[Page 11899]]

gaming. The proposed revision is founded upon this concept. Therefore, 
considering that the lowered threshold will only bring the 
applicability of the control closer to that of the established gaming 
jurisdictions, the Commission believes the commenter's concern does not 
justify reconsideration of the proposed revision.

Regulatory Matters

Regulatory Flexibility Act

    The Commission certifies that the proposed revisions to the Minimum 
Internal Control Standards contained within this regulation will not 
have a significant economic impact on small entities, 5 U.S.C. 605(b). 
The factual basis for this certification is as follows:
    Of the 330 Indian gaming operations across the country, 
approximately 93 of the operations have gross revenues of less than $5 
million. Of these, approximately 39 operations have gross revenues of 
under $1 million. Since the proposed revisions will not apply to gaming 
operations with gross revenues under $1 million, only 39 small 
operations may be affected. While this is a substantial number, the 
Commission believes that the proposed revisions will not have a 
significant economic impact on these operations for several reasons. 
Even before implementation of the original MICS, Tribes had internal 
controls because they are essential to gaming operations in order to 
protect assets. The costs involved in implementing these controls are 
part of the regular business costs incurred by such an operation. The 
Commission believes that many Indian gaming operation internal control 
standards that are more stringent than those contained in these 
regulations. Further, these proposed rule revisions are technical and 
minor in nature.
    Under the proposed revisions, small gaming operations grossing 
under $1 million are exempted from MICS compliance. Tier A facilities 
(those with gross revenues between $1 and $5 million) are subject to 
the yearly requirement that independent certified public accountant 
testing occur. The purpose of this testing is to measure the gaming 
operation's compliance with the tribe's internal control standards. The 
cost of compliance with this requirement for small gaming operation is 
estimated at between $3,000 and $5,000. The cost of this report is 
minimal and does not create a significant economic effect on gaming 
operations. What little impact exists is further offset because other 
regulations require yearly independent financial audits that can be 
conducted at the same time. For these reasons, the Commission has 
concluded that the proposed rule revisions will not have a significant 
economic impact on those small entities subject to the rule.

Small Business Regulatory Enforcement Fairness Act

    These following proposed revisions do not constitute a major rule 
under 5 U.S.C. 804(2), the Small Business Regulatory Enforcement 
Fairness Act. The revisions will not have an annual effect on the 
economy of $ 100 million or more. The revisions also will not cause a 
major increase in costs or prices for consumers, individual industries, 
federal, state or local government agencies or geographic regions and 
does not have a significant adverse effect on competition, employment, 
investment, productivity, innovation, or the ability of U.S. based 
enterprises to compete with foreign-based enterprises.

Unfunded Mandates Reform Act

    The Commission is an independent regulatory agency and, as such, is 
not subject to the Unfunded Mandates Reform Act. Even so, the 
Commission has determined that the proposed rule revisions do not 
impose an unfunded mandate on State, local, or Tribal governments, or 
on the private sector, of more than $ 100 million per year. Thus, this 
is not a ``significant regulatory action'' under the Unfunded Mandates 
Reform Act, 2 U.S.C. 1501 et seq.
    The Commission has, however, determined that the proposed rule 
revisions may have a unique effect on Tribal governments, as they apply 
exclusively to Tribal governments, whenever they undertake the 
ownership, operation, regulation, or licensing of gaming facilities on 
Indian lands, as defined by the Indian Gaming Regulatory Act. Thus, in 
accordance with Section 203 of the Unfunded Mandates Reform Act, the 
Commission undertook several actions to provide Tribal governments with 
adequate notice, opportunity for ``meaningful'' consultation, input, 
and shared information, advice, and education regarding compliance.
    These actions included the formation of a Tribal Advisory Committee 
and the request for input from Tribal leaders. Section 204(b) of the 
Unfunded Mandates Reform Act exempts from the Federal Advisory 
Committee Act (5 U.S.C. App.) meetings with Tribal elected officials 
(or their designees) for the purpose of exchanging views, information, 
and advice concerning the implementation of intergovernmental 
responsibilities or administration. In selecting Committee members, 
consideration was placed on the applicant's experience in this area, as 
well as the size of the Tribe the nominee represented, geographic 
location of the gaming operation, and the size and type of gaming 
conducted. The Commission attempted to assemble a Committee that 
incorporates diversity and is representative of Tribal gaming 
interests. The Commission will meet with the Advisory Committee to 
discuss the public comments that are received as a result of the 
publication of the following proposed MICS rule revisions, and will 
consider all Tribal and public comments and Committee recommendations 
before formulating the final rule revisions. The Commission also plans 
to continue its policy of providing necessary technical assistance, 
information, and support to enable Tribes to implement and comply with 
the MICS as revised.
    The Commission also provided the proposed revisions to Tribal 
leaders for comment prior to publication of this proposed rule and 
considered these comments in formulating the proposed rule. (69 FR 
69847, December 1, 2004).

Takings

    In accordance with Executive Order 12630, the Commission has 
determined that the following proposed MICS rule revisions do not have 
significant takings implications. A takings implication assessment is 
not required.

Civil Justice Reform

    In accordance with Executive Order 12988, the Office of General 
Counsel has determined that the following proposed MICS rule revisions 
do not unduly burden the judicial system and meet the requirements of 
sections 3(a) and 3(b)(2) of the Order.

Paperwork Reduction Act

    The following proposed MICS rule revisions require information 
collection under the Paperwork Reduction Act 44 U.S.C. 3501 et seq., as 
did the rule it revises. There is no change to the paperwork 
requirements created by these proposed revisions. The Commission's OMB 
Control Number for this regulation is 3141-0009.

National Environmental Policy Act

    The Commission has determined that the following proposed MICS rule 
revisions do not constitute a major Federal action significantly 
affecting the quality of the human environment and that no detailed 
statement is required pursuant to the National Environmental Policy Act 
of 1969 (42 U.S.C. 4321 et seq.).

[[Page 11900]]

List of Subjects in 25 CFR Part 542

    Accounting, Auditing, Gambling, Indian-lands, Indian-tribal 
government, Reporting and recordkeeping requirements.

    Accordingly, for all of the reasons set forth in the foregoing 
preamble, the National Indian Gaming Commission proposes to amend 25 
CFR part 542 as follows:

PART 542--MINIMUM INTERNAL CONTROL STANDARDS

    1. The authority citation for part 542 continues to read as 
follows:

    Authority: 25 U.S.C. 2701 et seq.

    2. Amend Sec.  542.3 by revising paragraph (f) to read as follows:


Sec.  542.3  How do I comply with this part?

* * * * *
    (f) CPA testing. (1) An independent certified public accountant 
(CPA) shall be engaged to perform ``Agreed-Upon Procedures'' to verify 
that the gaming operation is in compliance with the minimum internal 
control standards (MICS) set forth in this part or a tribally approved 
variance thereto that has received Commission concurrence. The CPA 
shall report each event and procedure discovered by or brought to the 
CPA's attention that the CPA believes does not satisfy the minimum 
standards or tribally approved variance that has received Commission 
concurrence. The ``Agreed-Upon Procedures'' may be performed in 
conjunction with the annual audit. The CPA shall report its findings to 
the Tribe, Tribal gaming regulatory authority, and management. The 
Tribe shall submit one copy of the report to the Commission within 120 
days of the gaming operation's fiscal year end. This regulation is 
intended to communicate the Commission's position on the minimum 
agreed-upon procedures to be performed by the CPA. Throughout these 
regulations, the CPA's engagement and reporting are based on Statements 
on Standards for Attestation Engagements (SSAEs) in effect as of 
December 31, 2003, specifically SSAE 10 (``Revision and 
Recodification Agreed-Upon Procedures Engagements''). If future 
revisions are made to the SSAEs or new SSAEs are adopted that are 
applicable to this type of engagement, the CPA is to comply with any 
new or revised professional standards in conducting engagements 
pursuant to these regulations and the issuance of the agreed-upon 
procedures report. The CPA shall perform the ``Agreed-Upon Procedures'' 
in accordance with the following:
    (i) As a prerequisite to the evaluation of the gaming operation's 
internal control systems, it is recommended that the CPA obtain and 
review an organization chart depicting segregation of functions and 
responsibilities, a description of the duties and responsibilities of 
each position shown on the organization chart, and an accurate, 
detailed narrative description of the gaming operation's procedures in 
effect that demonstrate compliance.
    (ii) Complete the CPA NIGC MICS Compliance checklists or other 
comparable testing procedures. The checklists should measure compliance 
on a sampling basis by performing walk-throughs, observations and 
substantive testing. The CPA shall complete separate checklists for 
each gaming revenue center, cage and credit, internal audit, 
surveillance, information technology and complimentary services or 
items. All questions on each applicable checklist should be completed. 
Work-paper references are suggested for all ``no'' responses for the 
results obtained during testing (unless a note in the ``W/P Ref'' can 
explain the exception).
    (iii) The CPA shall perform, at a minimum, the following procedures 
in conjunction with the completion of the checklists:
    (A) At least one unannounced observation of each of the following: 
Gaming machine coin drop, gaming machine currency acceptor drop, table 
games drop, gaming machine coin count, gaming machine currency acceptor 
count, and table games count. The AICPA's ``Audits of Casinos'' Audit 
and Accounting Guide states that ``'observations of operations in the 
casino cage and count room should not be announced in advance * * *'' 
For purposes of these procedures, ``unannounced'' means that no 
officers, directors, or employees are given advance information 
regarding the dates or times of such observations. The independent 
accountant should make arrangements with the gaming operation and 
Tribal gaming regulatory authority to ensure proper identification of 
the CPA's personnel and to provide for their prompt access to the count 
rooms.
    (1) The gaming machine coin count observation would include a weigh 
scale test of all denominations using pre-counted coin. The count would 
be in process when these tests are performed, and would be conducted 
prior to the commencement of any other walk-through procedures. For 
computerized weigh scales, the test can be conducted at the conclusion 
of the count, but before the final totals are generated.
    (2) The checklists should provide for drop/count observations, 
inclusive of hard drop/count, soft drop/count and currency acceptor 
drop/count. The count room would not be entered until the count is in 
process and the CPA would not leave the room until the monies have been 
counted and verified to the count sheet by the CPA and accepted into 
accountability. If the drop teams are unaware of the drop observations 
and the count observations would be unexpected, the hard count and soft 
count rooms may be entered simultaneously. Additionally, if the gaming 
machine currency acceptor count begins immediately after the table 
games count in the same location, by the same count team, and using the 
same equipment, the currency acceptor count observation can be 
conducted on the same day as the table games count observation, 
provided the CPA remains until monies are transferred to the vault/
cashier.
    (B) Observations of the gaming operation's employees as they 
perform their duties.
    (C) Interviews with the gaming operation's employees who perform 
the relevant procedures.
    (D) Compliance testing of various documents relevant to the 
procedures. The scope of such testing should be indicated on the 
checklist where applicable.
    (E) For new gaming operations that have been in operation for three 
months or less at the end of their business year, performance of this 
regulation, Sec.  542.3(f), is not required for the partial period.
    (2) Alternatively, at the discretion of the tribe, the tribe may 
engage an independent certified public accountant (CPA) to perform the 
testing, observations and procedures reflected in paragraphs (f)(1)(i), 
(ii) and (iii) of this section utilizing the tribal internal control 
standards adopted by the Tribal gaming regulatory authority or tribally 
approved variance that has received Commission concurrence. 
Accordingly, the CPA will verify compliance by the gaming operation 
with the tribal internal control standards. Should the tribe elect this 
alternative, as a prerequisite, the CPA will perform the following:
    (i) The CPA shall compare the tribal internal control standards to 
the MICS to ascertain whether the criteria set forth in the MICS or 
Commission approved variances are adequately addressed.
    (ii) The CPA may utilize personnel of the Tribal gaming regulatory 
authority to cross-reference the tribal minimum internal control 
standards to the MICS, provided the CPA performs a review of

[[Page 11901]]

the Tribal gaming regulatory authority personnel's work and assumes 
complete responsibility for the proper completion of the work product.
    (iii) The CPA shall report each procedure discovered by or brought 
to the CPA's attention that the CPA believes does not satisfy paragraph 
(f)(2)(i) of this section.
    (3) Reliance on Internal Auditors. (i) The CPA may rely on the work 
of an internal auditor, to the extent allowed by the professional 
standards, for the performance of the recommended procedures specified 
in paragraphs (f)(1)(iii)(B), (C) and (D) of this section, and for the 
completion of the checklists as they relate to the procedures covered 
therein provided that the internal audit department can demonstrate to 
the satisfaction of the CPA that the requirements contained within 
Sec.  542.22, Sec.  542.32 or Sec.  542.42, as applicable, have been 
satisfied.
    (ii) Agreed-upon procedures are to be performed by the CPA to 
determine that the internal audit procedures performed for a past 12-
month period (includes two six-month periods) encompassing a portion or 
all of the most recent business year has been properly completed. The 
CPA will apply the following Agreed-Upon Procedures to the gaming 
operation's written assertion:
    (A) Obtain internal audit department work-papers completed for a 
12-month period (two six-month periods) encompassing a portion or all 
of the most recent business year and determine whether the CPA NIGC 
MICS Compliance Checklists or other comparable testing procedures were 
included in the internal audit work-papers and all steps described in 
the checklists were initialed or signed by an internal audit 
representative.
    (B) For the internal audit work-papers obtained in paragraph 
(f)(2)(ii)(A) of this section, on a sample basis, reperform the 
procedures included in CPA NIGC MICS Compliance Checklists or other 
comparable testing procedures prepared by internal audit and determine 
if all instances of noncompliance noted in the sample were documented 
as such by internal audit. The CPA NIGC MICS Compliance Checklists or 
other comparable testing procedures for the applicable Drop and Count 
procedures are not included in the sample reperformance of procedures 
because the CPA is required to perform the drop and count observations 
as required under paragraph (f)(1)(iii)(A) of this section of the 
Agreed-Upon Procedures. The CPA's sample should comprise a minimum of 
3% of the procedures required in each CPA NIGC MICS Compliance 
Checklists or other comparable testing procedures for the slot and 
table game departments and 5% for the other departments completed by 
internal audit in compliance with the internal audit MICS. The 
reperformance of procedures is performed as follows:
    (1) For inquiries, the CPA should either speak with the same 
individual or an individual of the same job position as the internal 
auditor did for the procedure indicated in their checklist.
    (2) For observations, the CPA should observe the same process as 
the internal auditor did for the procedure as indicated in their 
checklist.
    (3) For document testing, the CPA should look at the same original 
document as tested by the internal auditor for the procedure as 
indicated in their checklist. The CPA need only retest the minimum 
sample size required in the checklist.
    (C) The CPA is to investigate and resolve any differences between 
their reperformance results and the internal audit results.
    (D) Documentation is maintained for five (5) years by the CPA 
indicating the procedures reperformed along with the results.
    (E) When performing the procedures for paragraph (f)(3)(ii)(B) of 
this section in subsequent years, the CPA must select a different 
sample so that the CPA will reperform substantially all of the 
procedures after several years.
    (F) Any additional procedures performed at the request of the 
Commission, the Tribal gaming regulatory authority or management should 
be included in the Agreed-Upon Procedures report transmitted to the 
Commission.
    (4) Report Format. (i) The NIGC has concluded that the performance 
of these procedures is an attestation engagement in which the CPA 
applies such Agreed-Upon Procedures to the gaming operation's assertion 
that it is in compliance with the MICS and, if applicable, refer to 
paragraph (f)(2) of this section, the Tribal minimum internal control 
standards and approved variances provide a level of control that equals 
or exceeds that of the MICS. Accordingly, the Statements on Standards 
for Attestation Engagements (SSAE's), specifically SSAE 10, 
issued by the Auditing Standards Board is currently applicable. SSAE 
10 provides current, pertinent guidance regarding agreed-upon 
procedure engagements, and the sample report formats included within 
those standards should be used, as appropriate, in the preparation of 
the CPA's agreed-upon procedures report. If future revisions are made 
to this standard or new SSAEs are adopted that are applicable to this 
type of engagement, the CPA is to comply with any revised professional 
standards in issuing their agreed upon procedures report. The 
Commission will provide an Example Report and Letter Formats upon 
request that may be used and contain all of the information discussed 
below:
    (A) The report must describe all instances of procedural 
noncompliance (regardless of materiality) with the MICS or approved 
variations, and all instances where the Tribal gaming regulatory 
authority's regulations do not comply with the MICS. When describing 
the agreed-upon procedures performed, the CPA should also indicate 
whether procedures performed by other individuals were utilized to 
substitute for the procedures required to be performed by the CPA. For 
each instance of noncompliance noted in the CPA's agreed-upon 
procedures report, the following information must be included:
    (1) The citation of the applicable MICS for which the instance of 
noncompliance was noted.
    (2) A narrative description of the noncompliance, including the 
number of exceptions and sample size tested.
    (5) Report Submission Requirements. (i) The CPA shall prepare a 
report of the findings for the Tribe and management. The Tribe shall 
submit two (2) copies of the report to the Commission no later than 120 
days after the gaming operation's business year. This report should be 
provided in addition to any other reports required to be submitted to 
the Commission.
    (ii) The CPA should maintain the work-papers supporting the report 
for a minimum of five years. Digital storage is acceptable. The 
Commission may request access to these work-papers, through the tribe.
    (6) CPA NIGC MICS Compliance Checklists. In connection with the CPA 
testing pursuant to this section and as referenced therein, the 
Commission will provide CPA MICS Compliance Checklists upon request.
* * * * *
    3. Amend Sec.  542.7 by revising paragraph (d)(2) to read as 
follows:


Sec.  542.7  What are the minimum internal control standards for bingo?

* * * * *
    (d) * * *
    (2) All funds used to operate the bingo departm