Minimum Internal Control Standards, 47097-47108 [05-16056]

Agencies

• National Indian Gaming Commission

[Federal Register Volume 70, Number 155 (Friday, August 12, 2005)]
[Rules and Regulations]
[Pages 47097-47108]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-16056]


=======================================================================
-----------------------------------------------------------------------

NATIONAL INDIAN GAMING COMMISSION

25 CFR Part 542

RIN 3141-AA27


Minimum Internal Control Standards

AGENCY: National Indian Gaming Commission.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: In response to the inherent risks of gaming enterprises and 
the resulting need for effective internal controls in Tribal gaming 
operations, the National Indian Gaming Commission (Commission or NIGC) 
first developed Minimum Internal Control Standards (MICS) for Indian 
gaming in 1999, and then later revised them in 2002. The Commission 
recognized from the outset that periodic technical adjustments and 
revisions would be necessary in order to keep the MICS effective in 
protecting Tribal gaming assets and the interests of Tribal 
stakeholders and the gaming public. To that end, the following final 
rule revisions contain certain corrections and revisions to the 
Commission's existing MICS, which are necessary to clarify, improve, 
and update other existing MICS provisions. The purpose of these MICS 
revisions is to address apparent shortcomings in the MICS and various 
changes in Tribal gaming technology and methods. Public comment on 
these final MICS revisions was received by the Commission for a period 
of 48 days after the date of their publication in the Federal Register 
as a proposed rule on March 10, 2005.
    After consideration of all received comments, the Commission has 
made whatever changes to the proposed revisions that it deemed 
appropriate and is now promulgating and publishing the final revisions 
to the Commission's MICS Rule, 25 CFR part 542.

DATES: Effective Date: August 12, 2005.
    Compliance Date: Except for the final revisions to subsection 
542.3(f), on or before October 11, 2005, the Tribal gaming regulatory 
authority shall: (1) In accordance with the Tribal gaming ordinance, 
establish and implement Tribal internal control standards that shall 
provide a level of control that equals or exceeds the revised standards 
set forth herein; and (2) establish a deadline no later than December 
12, 2005, by which a gaming operation must come into compliance with 
the Tribal internal control standards. However, the Tribal gaming 
regulatory authority may extend the deadline by an additional 60 days 
if written notice is provided to the Commission no later than December 
12, 2005. Such notification must cite the specific revisions to which 
the extension pertains.
    With regard to the final revisions to subsection 542.3(f), on or 
before October 11, 2005, the Tribal gaming regulatory authority shall: 
(1) In accordance with the Tribal gaming ordinance, establish and 
implement Tribal internal control standards that shall provide a level 
of control that equals or exceeds the revised standards set forth in 
subsection 542.3(f); and (2) establish a deadline no later than August 
14, 2006, by which a gaming operation must come into compliance with 
the Tribal internal control standards. To further clarify the 
referenced deadline, the final revisions to subsection 542.3(f) are 
applicable to fiscal years of the gaming operation ending after August 
14, 2006. No extension of the compliance period is allowed for the 
final revisions to subsection 542.3(f).

FOR FURTHER INFORMATION CONTACT: Vice-Chairman Nelson Westrin, (202) 
632-7003 (not a toll-free number).

SUPPLEMENTARY INFORMATION:

Background

    On January 5, 1999, the Commission first published its Minimum 
Internal Control Standards (MICS) as a Final Rule. As gaming Tribes and 
the Commission gained practical experience applying the MICS, it became 
apparent that some of the standards required clarification or 
modification to operate as the Commission had intended and to 
accommodate changes and advances

[[Page 47098]]

that had occurred over the years in Tribal gaming technology and 
methods. Consequently, the Commission, working with an Advisory 
Committee composed of Commission and Tribal representatives, published 
the revised MICS rule on June 27, 2002, and has subsequently made less 
comprehensive revisions thereto. As the result of the practical 
experience of the Commission and Tribes working with the revised MICS, 
it has once again become apparent that additional corrections, 
clarifications, and modifications are needed to ensure that the MICS 
continue to operate as the Commission intended. To identify which of 
the current MICS need correction, clarification or modification, the 
Commission initially solicited input and guidance from NIGC employees, 
who have extensive gaming regulatory expertise and experience and who 
work closely with Tribal gaming regulators in monitoring the 
implementation, operation, and effect of the MICS in Tribal gaming 
operations. The resulting input from NIGC staff convinced the 
Commission that the MICS require continuing review and prompt revision 
on an ongoing basis to keep them effective and up-to-date. To address 
this need, the Commission decided to establish a Standing MICS Advisory 
Committee to assist it in both identifying and developing necessary 
MICS revisions on an ongoing basis. In recognition of its government-
to-government relationship with Tribes and related commitment to 
meaningful Tribal consultation, the Commission requested gaming Tribes, 
in January 2004, for nominations of Tribal representatives to serve on 
its Standing MICS Advisory Committee. From the 27 Tribal nominations 
that it received, the Commission selected 9 Tribal representatives in 
March 2004 to serve on the Committee. The Commission's Tribal Committee 
member selections were based on several factors, including the 
regulatory experience and background of the individuals nominated, the 
size(s) of their affiliated Tribal gaming operation(s), the types of 
games played at their affiliated Tribal gaming operation(s), and the 
areas of the country in which their affiliated Tribal gaming 
operation(s) are located. The selection process was very difficult, 
because numerous highly qualified Tribal representatives were nominated 
to serve on this important Committee.
    As expected, the benefit of including Tribal representatives on the 
Committee who work daily with the MICS has proved to be invaluable. 
Through their advice and recommendations to the Commission, the Tribal 
Committee members provide early Tribal perspective and input in 
assisting the Commission in identifying and developing needed MICS 
revisions, without binding their nominating Tribes in any way regarding 
the resulting revisions promulgated by the Commission. This, in turn, 
helps facilitate and implement the Commission's policy commitment to 
early and meaningful consultation concerning changes to the MICS and 
other Commission regulatory policies and procedures that affect gaming 
Tribes.
    Tribal representatives selected to serve on the Commission's 
Standing MICS Advisory Committee are: Tracy Burris, Gaming 
Commissioner, Chickasaw Nation Gaming Commission, Chickasaw Nation of 
Oklahoma; Jack Crawford, Chairman, Umatilla Gaming Commission, 
Confederated Tribes of the Umatilla Indian Reservation; Patrick Darden, 
Executive Director, Chitimacha Gaming Commission, Chitimacha Indian 
Tribe of Louisiana; Mark N. Fox, Compliance Director, Four Bears 
Casino, Three Affiliated Tribes of the Fort Berthold Reservation; 
Sherrilyn Kie, Senior Internal Auditor, Pueblo of Laguna Gaming 
Authority, Pueblo of Laguna; Patrick Lambert, Executive Director, 
Eastern Band of Cherokee Gaming Commission, Eastern Band of Cherokee 
Indians; John Meskill, Director, Mohegan Tribal Gaming Commission, 
Mohegan Indian Tribe; Jerome Schultze, Executive Director, Morongo 
Gaming Agency, Morongo Band of Mission Indians; and Lorna Skenandore, 
Assistant Gaming Manager, Support Services, Oneida Bingo and Casino, 
formerly Gaming Compliance Manager, Oneida Gaming Commission, Oneida 
Tribe of Indians of Wisconsin. The Advisory Committee also includes the 
following Commission representatives: Philip N. Hogen, Chairman; Nelson 
Westrin, Vice-Chairman; Cloyce V. Choney, Associate Commissioner; Joe 
H. Smith, Acting Director of Audits; Ken Billingsley, Region III 
Director; Nicole Peveler, Field Auditor; Ron Ray, Field Investigator; 
and Sandra Ashton, Staff Attorney, Office of General Counsel.
    In the past, the MICS were comprehensively revised on a wholesale 
basis. Such large-scale revisions proved to be difficult for Tribes to 
implement in a timely manner and unnecessarily disruptive to Tribal 
gaming operations. The purpose of the Commission's Standing Committee 
is to conduct a continuing review of the operation and effectiveness of 
the existing MICS, in order to promptly identify and develop needed 
revisions of the MICS, on a manageable incremental basis, as they 
become necessary to revise and keep the MICS practical and effective. 
By making more manageable incremental changes to the MICS on an ongoing 
basis, the Commission hopes to be more prompt in developing needed 
revisions and avoid larger-scale MICS revisions which take longer to 
implement and may be disruptive to Tribal gaming operations. In 
accordance with this approach, the Commission has developed the 
following set of final MICS rule revisions, with the assistance of the 
Standing MICS Advisory Committee. In doing so, the Commission is 
carrying out its statutory mandate under the Indian Gaming Regulatory 
Act, 25 U.S.C. Section 2706(b)(10), to promulgate necessary and 
appropriate regulations to implement the provisions of the Act. In 
particular, the following final MICS rule revisions are intended to 
address Congress' purpose and concern stated in Section 2702(2) of the 
Act, that the Act ``provide a statutory basis for the regulation of 
gaming by an Indian Tribe adequate to shield it from organized crime 
and other corrupting influences, to ensure the Indian Tribe is the 
primary beneficiary of the gaming operation, and to ensure the gaming 
is conducted fairly and honestly by both the operator and the 
players.''
    The Commission, with the Committee's assistance, identified three 
specific objectives for the following final MICS rule revisions: (1) To 
ensure that the MICS are reasonably comparable to the internal control 
standards of established gaming jurisdictions; (2) to ensure that the 
interests of the Tribal stakeholders are adequately safeguarded; and 
(3) to ensure that the interests of the gaming public are adequately 
protected.
    The Standing Advisory Committee met on October 24, 2004, January 
25, 2005, and May 10, 2005, to discuss the revisions set forth in the 
following set of final MICS revisions. The input received from the 
Committee Members has been invaluable to the Commission in its 
development of these revisions.
    In furtherance of the Commission's established Government-to-
Government Tribal Consultation Policy, the Commission also provided a 
preliminary working draft of the entire final MICS rule revisions 
contained herein to gaming Tribes on November 24, 2004, for a 30-day 
informal review and comment period, before formulation of the proposed 
rule. The proposed rule was published in the Federal Register on March 
10, 2005, and comments were accepted for 48 days. In response to its 
requests for comments, the Commission

[[Page 47099]]

received 40 comments from Commission and Tribal Advisory Committee 
members, individual Tribes, and other interested parties regarding the 
final revisions. A summary of these comments is presented below in the 
discussion of each revision to which they relate.

General Comments to Final Rule MICS Revisions

    For reasons stated above in this preamble, the National Indian 
Gaming Commission is revising the following specific sections of its 
MICS rule, 25 CFR part 542. The following discussion includes the 
Commission's responses to general comments concerning the MICS and is 
followed by a discussion regarding each of the specific final 
revisions, along with previously submitted informal comments to the 
final revisions and the Commission's responses to those comments. As 
noted above, prior commenters include Commission and Tribal Advisory 
Committee members, gaming Tribes, and others.

Comments Questioning NIGC Authority To Promulgate MICS for Class III 
Gaming

    Many of the previous informal comments to the preliminary working 
draft of the MICS revisions pertained to the Commission's authority to 
promulgate rules governing the conduct of Class III gaming. Positions 
were expressed asserting that Congress intended the NIGC's Class III 
gaming regulatory authority to be limited exclusively to the approval 
of Tribal gaming ordinances and management contracts. Similar comments 
were received concerning the first proposed MICS regulations in 1999. 
At that time, the Commission determined in its publication of the 
original MICS that it possessed the statutory authority to promulgate 
Class III MICS. As stated in the preamble to those MICS: ``The 
Commission believes that it does have the authority to promulgate this 
final rule. * * * [T]he Commission's promulgation of MICS is consistent 
with its responsibilities as the Federal regulator of Indian gaming.'' 
64 FR 509 (Jan. 5, 1999). The current Commission reaffirms that 
determination. The Indian Gaming Regulatory Act, which established the 
regulatory structure for all classes of Indian gaming, expressly 
provides that the Commission ``shall promulgate such regulations as it 
deems appropriate to implement the provisions of (the Act).'' 25 U.S.C. 
2707(b)(10).
    Pursuant to this clearly stated statutory duty and authority under 
the Act, the Commission has determined that MICS are necessary and 
appropriate to implement and enforce the regulatory provisions of the 
Act governing the conduct of both Class II and Class III gaming and 
accomplish the purposes of the Act.
    The Commission believes that the importance of internal control 
systems in the casino operating environment cannot be overemphasized. 
While this is true of any industry, it is particularly true and 
relevant to the revenue generation processes of a gaming enterprise, 
which, because of the physical and technical aspects of the games and 
their operation and the randomness of game outcomes, makes exacting 
internal controls mandatory. The internal control systems are the 
primary management procedures used to protect the operational integrity 
of gambling games, account for and protect gaming assets and revenues, 
and assure the reliability of the financial statements for Class II and 
Class III gaming operations. Consequently, internal control systems are 
a vitally important part of properly regulated gaming. Effective 
internal control systems are dependent upon the gaming enterprise's 
governing board, management, and other personnel who are responsible 
for providing reasonable assurance regarding the achievement of the 
enterprise's objectives. These objectives typically include operational 
integrity, effectiveness, and efficiency, reliable financial statement 
reporting, and compliance with all applicable laws and regulations. The 
Commission believes that strict regulations, such as the MICS, are not 
only appropriate but necessary for it to fulfill its responsibilities 
under the IGRA to establish necessary baseline, or minimum, Federal 
standards for all Tribal gaming operations on Indian lands. 25 U.S.C. 
2702(3). Although the Commission recognizes that many Tribes had 
sophisticated internal control standards in place prior to the 
Commission's original promulgation of its MICS, the Commission also 
continues to strongly believe that promulgation and revision of these 
standards is necessary and appropriate to effectively implement the 
provisions of the Indian Gaming Regulatory Act and, therefore, within 
the Commission's clearly expressed statutory power and duty under 
Section 2706(b)(10) of the Act.

Comments Recommending Voluntary Tribal Compliance With MICS

    Comments were also received suggesting that the NIGC should re-
issue the MICS as a bulletin or guideline for Tribes to use 
voluntarily, at their discretion, in developing and implementing their 
own Tribal gaming ordinances and internal control standards. The 
Commission disagrees. The MICS are common in established gaming 
jurisdictions and, to be effective in establishing a minimum baseline 
for the internal operating procedures of Tribal gaming enterprises, the 
rule must be concise, explicit, and uniform for all Tribal gaming 
operations to which they apply. Furthermore, to nurture and promote 
public confidence in the integrity and regulation of Indian gaming and 
ensure its adequate regulation to protect Tribal gaming assets and the 
interests of Tribal stakeholders and the public, the Commission's MICS 
regulations must be reasonably uniform in their implementation and 
application and regularly monitored and enforced by Tribal regulators 
and the NIGC to ensure Tribal compliance.

Final Revisions to Section 542.3(f) CPA Testing

    The Commission has revised the referenced regulation to clarify the 
type of report being requested and more accurately define the scope and 
function of the process deemed necessary to ensure consistency and 
reliability of the reports produced. The text of the final revision is 
set forth following the conclusion of this preamble in which all of the 
final revisions to the Commission's MICS rule, 25 CFR part 542, are 
discussed.
    Since the MICS were initially adopted, the CPA testing standard has 
been the subject of much concern and question due to its lack of 
specificity. Numerous inquiries have been received from Tribal 
regulators, gaming operators and accounting practitioners. As a result 
of the issues raised, in June 2000, guidelines were issued by the 
Commission to aid in the interpretation of the regulation; however, 
questions and inconsistencies in the reports continue to exist. 
Therefore, the final revision is intended to clarify or define (1) the 
type of reporting required of the independent accountant, (2) that the 
Commission does not possess an expectation that the independent 
accountant render an opinion regarding the overall quality of the 
gaming operation's internal control systems, (3) more accurately the 
scope and breath of the testing and observations to be performed by the 
practitioner in conjunction with the engagement, and (4) that reliance 
by the CPA upon the work of the internal auditor is an acceptable 
option, subject to satisfaction of certain conditions and the 
determination by the practitioner that

[[Page 47100]]

the work product of the internal auditor is sufficient to justify 
reliance.
    Comments were received acknowledging the need to define explicitly 
the regulation's expectations. Furthermore, it was stated that the 
final revision may result in a reduction in costs to many Tribes and 
will likely improve the quality of the data produced by the CPA.
    As initially drafted, the proposed revision contained rather 
exacting criteria that the CPA should consider in determining whether 
to rely on the work of the internal auditor. The criteria addressed 
such items as education, professional certification, and experience. 
Several commenters misinterpreted the noted conditions as establishing 
minimum criteria for hiring an internal auditor; practitioners noted 
that even though an internal auditor or internal audit department 
failed to satisfy the criteria the work product produced might still be 
of sufficient quality to warrant reliance. The Commission reconsidered 
the explicit criteria and deleted them. As reflected in the final 
revision, the CPA is advised that reliance is at the discretion of the 
practitioner provided the internal audit department can demonstrate 
satisfaction of the MICS requirements contained within the internal 
audit sections, as applicable.
    One commenter noted that the current regulation requires the CPA to 
test for material compliance; whereas, the final revision indicates 
that all instances of procedural noncompliance be reported, without 
regard to materiality. A concern was expressed whether the change 
represents a more stringent condition. Although the Commission 
appreciates the concern, we do not believe the striking of the 
reference to material compliance should have a significant impact on 
the work performed by practitioners. The term ``material'' has a 
financial connotation that is misplaced in a regulation possessing the 
intent of measuring regulatory compliance with a codified set of 
minimum internal control procedures. In essence, the term is simply 
ambiguous when utilized in the context of compliance testing. However, 
it is important to recognize that the ultimate beneficiary of the 
information is the gaming operation's management. The report produced 
is intended to provide compliance data to the operator that will 
facilitate the initiation of a proactive response to the findings. 
Obviously, inherent in the merit of disclosing compliance exceptions is 
the need for corrective action. We do not believe the final regulation 
precludes the CPA from exercising professional judgment in determining 
whether an exception warrants disclosure. For example, the Commission 
would not consider a report to be noncompliant if, during the sampling 
of a large number of items, the CPA detected a minimal number of 
compliance exceptions and determined that they represented only 
isolated incidents of noncompliance, which did not justify a remedial 
response.
    Furthermore, if during testing of transactions at the beginning of 
an audit period items of noncompliance were detected but the CPA was 
able to confirm that corrective action had been effectively implemented 
by the end of the period, it would be entirely appropriate for the 
practitioner to exercise professional judgment in deciding whether 
there was any worthwhile benefit to disclosure.
    Since initial adoption, concerns have been expressed regarding the 
regulation because it stipulates the benchmark for measuring compliance 
to the internal control standards adopted by the Tribal gaming 
regulatory authority. Specifically, it was noted that it is not 
uncommon for Tribal standards to be more stringent than the federal 
rule or require procedures not in the MICS. The propriety of requiring 
the CPA to report incidences of noncompliance on standards not 
representing noncompliance with the NIGC MICS was questioned. In 
consideration of the Commission's stated objective of creating a 
minimum baseline for internal control systems, we concur with the 
expressed concern. Therefore, in conjunction with the revision of the 
section, it was changed to require compliance testing against the 
federal rule; however, at the discretion of the Tribe, the Tribe may 
opt to engage the external accountant to audit for compliance against 
the standards adopted by the Tribal gaming regulatory authority. If the 
alternative testing criteria are desired, the final revision require 
the CPA to first confirm that the applicable Tribal regulations provide 
a level of control that equals or exceed those set forth in part 542.
    One commenter objected to the explicit nature of the testing 
criteria contained within the final revision. The concern was specific 
as to whether any deviation from the stipulated testing would be 
permissible: the Tribal gaming regulatory authority should have the 
latitude to require testing of greater scope and depth, and the CPA 
should be able to expand or contract testing based on a risk analysis.
    The Commission does not concur with the concern expressed. To 
ensure consistency and reliability of the reports produced, it is 
necessary that a minimum level of testing be performed by 
practitioners. Although the final revision states that the NIGC MICS 
compliance checklist or other comparable testing procedures be 
performed, the Commission does not believe the final regulation should 
be so narrowly interpreted as to preclude any deviation. For example, a 
Tribal gaming regulatory authority might require the CPA to conduct 
more in depth testing of gaming machines located in a high stakes area 
or might permit a lesser level of testing for table games possessing 
exceedingly low bet limits. Such determinations would simply be based 
on an analysis of the risk posed by specific games. Furthermore, the 
CPA has the latitude to exercise professional judgment in determining 
sample size and scope. For example, a firm possessing several years of 
experience with a client that has had an exemplary record of addressing 
compliance exceptions might result in the external accountant's 
contraction of testing. Whereas, if the converse situation existed in 
which management had been non-responsive to exceptions, the external 
accountant might deem it prudent to expand testing since the control 
environment would likely be at a higher risk of compromise.
    Another commenter questioned whether it would be permissible for a 
CPA to perform the required observations subsequent to the fiscal year 
end. Although the Commission questions the wisdom of performing 
observations at a time outside the period subject to review, we do not 
believe the final regulation explicitly prohibits it. However, 
recognizing that the results of such observation would have diminished 
value, expanded compensating document testing relevant to the audit 
period would seem to be a logical action.
    One commenter recommended that the Commission should codify in the 
rule that the CPA testing period be the fiscal year of the gaming 
enterprise. The Commission disagrees with the need to stipulate in the 
rule that the period subject to audit must be the fiscal year. Inherent 
in the filing requirement that the report be submitted within 120 days 
of the gaming operation's fiscal year end, it is the presumption that 
the period subject to review will be the business year. The Commission 
is unaware of this concern being of any significance within the 
industry.
    A commenter suggested that the final revisions require the CPA to 
submit a copy of internal audit reports when there is reliance. 
Furthermore, the commenter represented that in accordance with the 
referenced Agreed-

[[Page 47101]]

Upon-Procedures pronouncement, the practitioner is precluded from 
extracting data from the internal audit reports. Other commenters have 
not agreed with this position when the CPA has performed such testing 
as necessary to gain sufficient assurance in the quality of the 
internal audit work to rely thereon. Although the Commission has 
received internal audit reports from CPA firms, we do not concur that 
such submissions should be required. Our position is founded upon the 
fact that the filings frequently include findings unrelated to the 
MICS, i.e. incidents of noncompliance with internal policies and 
procedures such as personnel or recommendations to management regarding 
productivity and efficiency.
    Another commenter recommended that the final revisions require the 
inclusion of management responses to the compliance audit findings. 
Although occasionally submissions do include comments or anticipated 
remedial actions plans from management, the Commission believes that 
including such a requirement in the rule would unduly hinder 
satisfaction of the filing deadline of 120 days past fiscal year end. 
It is important to note that the primary beneficiary of the independent 
report is management, who should require, as a component of the 
enterprise's overall operational objectives, compliance with all 
applicable laws and regulations. Although the Commission utilizes the 
data submitted to evaluate the internal control systems and their 
compliance with the federal rule, the CPA testing report is only one of 
several sources of information drawn upon to perform the analysis. It 
is the position of the Commission that the lack of management responses 
will not significantly impede that evaluation.
    A commenter suggested that the CPA, in testing of internal audit 
work performed, be allowed to accept digital copies or facsimile of 
original documents. The Commission concurs with the suggestion. It is 
not uncommon for such reproductions to carry the same weight as the 
original, and the final regulation is not intended to preclude the 
procedure.
    Another commenter suggested that the count observations be required 
to be initiated at the beginning of the drop/count process, as such a 
procedure would facilitate observation of the key control and 
surveillance notification functions.
    The Commission disagrees with the suggestion. The objective of 
entering the count room after commencement of the count is to detect 
irregularities and internal control deficiencies, which would not be as 
likely if count personnel were aware that observations were going to be 
performed. Furthermore, with regards to the required key controls and 
notification of surveillance, documentation of such events is mandated 
by the MICS, which enables a subsequent audit.
    One commenter raised a concern that the final revisions will 
supersede the authority of the Tribe to determine the scope and depth 
of the testing to be performed in accordance with the Agreed-Upon-
Procedures pronouncement and, in effect, transfer accountability of the 
CPA to the Commission. The Commission disagrees with the commenter's 
interpretation of the final revision. Contained therein is the 
representation that an independent Certified Public Accountant shall be 
engage to perform the compliance testing. The statement is purposeful 
in its lack of specificity regarding the entity within the Tribe that 
would assume responsibility for executing the engagement letter. It is 
the position of the Commission that such a decision should be left to 
the discretion of the Tribe. Although in practice most engagement 
letters are signed by an authorized management person or audit 
committee representative, the Commission has also noted engagements 
originating with the Tribal gaming regulatory authority. Without regard 
to the entity or individual possessing the authority to engage the 
independent accountant, there should be no misunderstanding that the 
objective of the final revision is to establish only the minimum 
criteria that must be incorporated in the engagement letter. 
Furthermore, the CPA should be well aware that their client is the 
engaging party, not the Commission.
    Another commenter noted that the auditing profession has 
established methods and procedures to guide CPA firms in documenting 
and conducting their reviews through the AICPA's Casino Audit and 
Accounting Guide and the Auditing Standards Board's Statement on 
Standards for Attestation Engagements, specifically SSAE10. The 
commenter observed that these standards provide CPA firms pertinent 
guidance regarding the process, procedures, and reporting format and 
requirements to be employed.
    The Commission disagrees with the commenter; not because we believe 
the Audit and Accounting Guide for casinos conflicts with any standard 
contained within the MICS, but because the professional pronouncement 
simply lacks sufficient specificity to effectively confirm compliance 
with the federal rule or the Tribal internal control standards. With 
regard to the pronouncement relevant to performance of attestation 
engagements, the Commission embraces the concepts contained therein and 
considers the final revision to complement the directive. However, we 
do not accept the premise that the professional directive is adequate 
to ensure reliability and consistency in the reports; considering the 
report's objective of identifying incidences of noncompliance with a 
codified set of control procedures, which can be rather exacting.
    Another commenter objected to the CPA firm's personnel performing 
observations in the count room while the count is in progress because 
they would have potential access to unaccounted for funds. Although the 
Commission appreciates the concern expressed, it is our position that 
for the practitioner to effectively test the internal control systems 
for compliance there must be unfettered access to all applicable areas 
and records of the gaming operation. Of course, the Commission would 
consider it prudent for management or the Tribal regulatory authority 
to initiate compensating controls to offset the risk posed by persons 
external to the casino being in areas in which access is restricted; 
however, in consideration of such controls, they should not unduly 
interfere with the objectives of the engagement.
    Initial drafts of the final rule contained a requirement that the 
gaming operation must provide the CPA with written assurance regarding 
compliance by the internal auditor or internal audit department with 
applicable standards contained within the internal audit sections of 
the MICS. Comments were received questioning the need for the CPA to 
receive such written assurance since the external accountant would 
still be expected to confirm the representation. The Commission concurs 
with the commenter and has struck the noted requirement from the final 
rule.
    One commenter suggested that any additional procedures performed at 
the request of the Tribal gaming regulatory authority or management be 
limited to gaming related transactions or activities. The Commission 
disagrees with the suggestion. The anticipated scope of testing 
reflected in the final revisions to Section 542.3(f) is well defined, 
and no additional clarification is necessary. Furthermore, the Tribal 
gaming regulatory authority or management should have the discretion to 
expand the scope of testing as they deem warranted.

[[Page 47102]]

    Another commenter recommended that the CPA reperformance of 
internal audit testing criteria, such as the three percent sample 
selection for the gaming machine and table games departments, include a 
minimum number of tests to be reperformed or a minimum number of 
transactions to retest. The Commission disagrees with the 
recommendation. In determining sample size, the objective is to gain 
reasonable assurance regarding the true characteristics of the 
population being tested. The conceptual basis for determining sample 
size does not change based on the size of the population, assuming 
consistency is maintained within the population. Considering that 
absolute assurance is not an expectation, the sample selection criteria 
contained in the final revision should produce acceptable results.

Final Revisions to the Following Sections: 542.7(d) (Bingo) 
Accountability Form; 542.8(f) (Pull-Tab) Accountability Form; 542.10(f) 
(Keno) Checkout Standards at the End of Each Keno Shift; 542.11(e) 
(Pari-Mutuel Wagering) Checkout Standards; 542.13(f) (Gaming Machines) 
Gaming Machine Department Funds Standards; 542.14(d) (Cage) Cage and 
Vault Accountability Standards

    Revisions to the referenced sections of the MICS are intended to 
clarify the respective existing regulations. Specifically, the change 
is to state explicitly that unverified transfers of cash or cash 
equivalents accountability are prohibited.
    Initially, the proposed revision stated that blind drops are 
prohibited but several commenters noted that the term had rather 
diverse interpretations. It was recommended that the revision would be 
more precise to state, ``Unverified transfers of cash and/or cash 
equivalents are prohibited.'' The Commission concurs with the 
recommendation and revised the initial draft accordingly.
    Comment was received recommending that the final revision also be 
added to the relevant standards contained within the MICS drop and 
count sections. The Commission disagrees with the recommendation. The 
standards contained within the drop and count sections are sufficiently 
clear that no additional clarification is needed. The standards are 
effective in precluding unverified transfers.

Final Revision to Section 542.14(d)(4) Cage and Vault Accountability 
Standards

    Based on the result of compliance audits conducted by the 
Commission and research performed, it has been determined that the 
referenced standard is incorrect with respect to its placement within 
the MICS. The standards were intended to codify the minimum components 
of the cage/vault accountability. Unfortunately, included within the 
list of items is gaming machine hopper loads. Generally accepted gaming 
regulatory standards and common industry practice would dictate that 
the value of the hoppers be reflected in a general ledger account, not 
the cage/vault accountability. To correct the error, the Commission is 
striking the referenced control.
    No comments were received concerning the final revision.

Final Revisions to Section 542.17 Complimentary Services or Items

    In June 2002, a revision was made to the referenced section in 
which a stated value of 50 dollars was replaced by a non-specified 
amount that was required to be merely reasonable. The threshold 
dictates when a complimentary ``comp'' transaction must be included in 
a report for review by management. The objective of the report is to 
facilitate supervisory oversight of the comps process for the purpose 
of ensuring compliance with the gaming operation's comp policy.
    Unfortunately, confusion and conflict have resulted from the 2002 
revision. Therefore, the Commission is revising the regulation to 
require that individual comp transactions equal to or exceeding 100 
dollars be included in the report, unless the Tribal gaming regulatory 
authority determines that the threshold should be a lesser amount.
    As initially drafted, the proposed revision did not acknowledge 
that the Tribal gaming regulatory authorities had the latitude of 
establishing an amount less than 100 dollars. A commenter recommended 
that the draft be revised to grant such an option. The Commission has 
accepted and effectuated the recommendation.
    Other comments were received supporting the revision.

Final Revisions to the Following Sections: 542.21(f)(12) (Tier A--Drop 
and Count) Gaming Machine Bill Acceptor Count Standards; 542.31(f)(12) 
(Tier B--Drop and Count) Gaming Machine Bill Acceptor Count Standards; 
542.41(f)(12) (Tier C--Drop and Count) Gaming Machine Bill Acceptor 
Count Standards

    The referenced standards represent duplicate controls to identical 
requirements contained within the respective sections Gaming Machine 
Bill Acceptor Drop Standards, Sections 542.21(e)(4), 542.31(e)(5), and 
542.41(e)(5). Specifically, the standard requires that each bill 
acceptor canister be posted with a number corresponding to that of the 
machine from which it was extracted. The subject control pertains to a 
drop function, as opposed to the count process. Therefore, the 
Commission is deleting the above subsections.
    No comments were received concerning the final revision.

Final Revisions to 542.21(f)(4)(ii) Drop and Count for Tier A; 
542.31(f)(4)(ii) Drop and Count for Tier B; 542.41(f)(4)(ii) Drop and 
Count for Tier C

    The Commission is deleting the referenced standards, which require 
a second count of the gaming machine bill acceptor drop by a count team 
member who did not perform the first count. In justification of the 
final revision, it is important to note that the Commission has 
attempted to rely on the advice and experience of the established 
gaming jurisdictions in defining its minimum internal control 
regulation. Such a methodology is deemed to be not only efficient but 
prudent. Generally, the MICS represent a rather simplistic abbreviation 
of commensurate controls of the established gaming jurisdictions, which 
has left much room for Tribal gaming regulators to complement. However, 
consistent with such a concept is the need for the Commission to be 
cognizant of any standards enacted that are overreaching. In other 
words, before requiring a control more stringent than the established 
gaming jurisdictions, the Commission should have a compelling reason 
for its action. The deletion of the noted standards is founded upon the 
premise that they are inconsistent with the established gaming 
jurisdictions and are lacking in a compelling reason justifying a more 
stringent procedure for Tribal gaming. Unlike the drop originating with 
table games, meter data should be available to confirm the gaming 
machine bill acceptor count, which sufficiently mitigates the risk of 
compromise associated with that process. Based on research performed, 
it is the belief of the Commission that the double count requirement 
resulted from a drafting error in June 2002, which originated from the 
reformatting of the drop and count sections. Therefore, it is the 
position of the Commission that the standards in question should be 
struck.
    One commenter expressed the position that the second count of the 
currency is appropriate and should remain in the MICS. The Commission 
disagrees with the commenter for the reasons previously stated. 
However, as

[[Page 47103]]

echoed throughout the MICS and within the preamble, the Tribal gaming 
regulatory authorities have primary responsibility for the regulation 
of their respective gaming operation(s) and have the latitude of 
requiring controls more stringent than those of the federal rule.
    Another commenter suggested that the rule should be made 
conditional such that only when the gaming operation employs an 
effective on-line accounting system should the second count be 
foregone. The Commission disagrees, since verification of the drop to 
the currency in meter reading is required by the MICS, without regard 
to whether the meter data is collected electronically or manually.
    One commenter questioned the consistency of the Commission's action 
to delete the subject standards with its position regarding the 
prohibition against unverified transfers of an individual's 
accountability. The Commission does not recognize an inconsistency. The 
count team takes possession of the drop proceeds and is responsible for 
those funds until they are transferred to the cage/vault (buy process). 
The count team executes a count of the monies and, in conjunction with 
the transfer of the accountability, the vault or cage supervisory 
performs another count to verify the amount being conveyed to their 
accountability. Consequently, no cash inventories are being transferred 
from one person to another without mutual verification and acceptance.

Final Addition of Section 542.22(g) Internal Audit Guidelines--Tier A; 
542.32(g) Internal Audit Guidelines--Tier B; 542.42(g) Internal Audit 
Guidelines--Tier C

    The Commission added the referenced regulations to the MICS, which 
represents a simple notification to internal auditors and internal 
audit departments that the Commission will provide recommended 
guidelines to aid in satisfaction of the testing requirements contained 
within the internal audit sections of the MICS. The guidelines do not 
represent a rule requiring adherence but an aid for internal auditors 
to take advantage of as they deem appropriate.
    No comments were received concerning the final revision.

Final Revision to 542.23(n)(3) Tier A Surveillance--Wide Area 
Progressive Gaming Machines; 542.33(q)(3) Tier B Surveillance--Wide 
Area Progressive Gaming Machines; and 542.43(r)(3) Tier C 
Surveillance--Wide Area Progressive Gaming Machines

    Prior to June 2002, the referenced regulations required certain 
dedicated camera coverage over wide area progressive machines with a 
potential payout of 3 million dollars or more. In conjunction with the 
revisions of 2002, the standards were revised to require the additional 
camera coverage over the noted machines if the base amount was more 
than 1.5 million dollars, irrespective of potential payout.
    Based on the experience gained by the Commission, it has been 
determined that the referenced revision negated the effectiveness of 
the regulation, which is to require a heightened level of surveillance 
coverage over wide area progressive devices commensurate with the risk 
posed to Tribal assets and operational integrity. Such risk is directly 
related to the size of the potential awards but is mitigated somewhat 
by the fact that a third party, the wide area progressive vendor, is 
involved in the transaction.
    The final revision is intended to regain the effectiveness of the 
original regulation, consistent with the industry's regulatory 
standards. Specifically, the threshold is being lowered to a starting 
base amount of 1 million dollars or more.
    One commenter concurred with the final revision and acknowledged 
the limited effectiveness of the 1.5 million dollar base threshold. 
Another commenter recommended that the control be modified to require 
surveillance to utilize a real time standard for monitoring and 
recording a video of the activity in question. The Commission 
enthusiastically supports the position expressed by the commenter, 
since it is our belief that this critical function should require a 
surveillance standard employing a sufficient clarity criterion and be 
observed and recorded at 30 frames or images per second, as applicable. 
However, the MICS currently defines sufficient clarity as requiring 
only 20 frames per second. Since we believe that the term ``real time'' 
is generally understood to mean at least 30 frames per second, 
injecting it into the final revision would likely create an ambiguity 
within the MICS.
    One commenter questioned whether the additional cost resulting from 
the expansion of the standard's applicability is justified. The 
Commission appreciates the commenter's concern; however, performance of 
a cost benefit analysis in conjunction with the evaluation of a control 
can be a challenging exercise. For example, measuring the economic 
impact of an irregularity that did not occur because it was deterred by 
an effective internal control system is a highly speculative endeavor. 
However, a truism of gaming widely accepted by industry professionals 
is that as the potential reward increases so does the likelihood of 
compromise. This characteristic of gaming is not unrelated to the final 
revision. There is much wisdom within a process that learns from the 
experience of our peers who are more seasoned in the regulation of 
gaming. The final revision is founded upon this concept. Therefore, 
considering that the lowered threshold will only bring the 
applicability of the control closer to that of the established gaming 
jurisdictions, the Commission believes the commenter's concern does not 
justify reconsideration of the final revision.

Regulatory Matters

Regulatory Flexibility Act

    The Commission certifies that the final rule revisions to the 
Minimum Internal Control Standards contained within this regulation 
will not have a significant economic impact on small entities, 5 U.S.C. 
605(b). The factual basis for this certification is as follows:
    Of the 367 Indian gaming operations across the country, 
approximately 115 of the operations have annual gross revenues of less 
than 5 million dollars. Of these, approximately 59 operations have 
gross revenues of under 1 million dollars. Since the final revisions 
will not apply to gaming operations with gross revenues under 1 million 
dollars, only 59 small operations may be affected. While this is a 
substantial number, the Commission believes that the final revisions 
will not have a significant economic impact on these operations for 
several reasons.
    Even before implementation of the original MICS, Tribes had 
internal controls because they are essential to gaming operations in 
order to protect assets. The costs involved in implementing these 
controls are part of the regular business costs incurred by such an 
operation. The Commission believes that many Indian gaming operation 
internal control standards are more stringent than those contained in 
these regulations. Further, the final rule revisions are technical and 
minor in nature.

[[Page 47104]]

    Under the final revisions, small gaming operations grossing under 1 
million dollars are exempt from MICS compliance. Tier A facilities 
(those with gross revenues between 1 and 5 million dollars) are subject 
to the yearly requirement that independent certified public accountant 
testing occur. The purpose of this testing is to measure the gaming 
operation's compliance with the Tribe's internal control standards. The 
cost of compliance with this requirement for small gaming operation is 
estimated at between 3,000 and 5,000 dollars. The cost of this report 
is minimal and does not create a significant economic effect on gaming 
operations. What little impact exists is further offset because other 
regulations require yearly independent financial audits that can be 
conducted at the same time. For these reasons, the Commission has 
concluded that the final rule revisions will not have a significant 
economic impact on those small entities subject to the rule.

Small Business Regulatory Enforcement Fairness Act

    These final revisions do not constitute a major rule under 5 U.S.C. 
804(2), the Small Business Regulatory Enforcement Fairness Act. The 
revisions will not have an annual effect on the economy of 100 million 
dollars or more. The revisions also will not cause a major increase in 
costs or prices for consumers, individual industries, federal, state or 
local government agencies or geographic regions and does not have a 
significant adverse effect on competition, employment, investment, 
productivity, innovation, or the ability of U.S. based enterprises to 
compete with foreign-based enterprises.

Unfunded Mandates Reform Act

    The Commission is an independent regulatory agency and, as such, is 
not subject to the Unfunded Mandates Reform Act. Even so, the 
Commission has determined that the final rule revisions do not impose 
an unfunded mandate on State, local, or Tribal governments, or on the 
private sector, of more than 100 million dollars per year. Thus, this 
is not a ``significant regulatory action'' under the Unfunded Mandates 
Reform Act, 2 U.S.C. 1501 et seq.
    The Commission has, however, determined that the final rule 
revisions may have a unique effect on Tribal governments, as they apply 
exclusively to Tribal governments, whenever they undertake the 
ownership, operation, regulation, or licensing of gaming facilities on 
Indian lands, as defined by the Indian Gaming Regulatory Act. Thus, in 
accordance with Section 203 of the Unfunded Mandates Reform Act, the 
Commission undertook several actions to provide Tribal governments with 
adequate notice, opportunity for ``meaningful'' consultation, input, 
and shared information, advice, and education regarding compliance. 
These actions included the formation of a Tribal Advisory Committee and 
the request for input from Tribal leaders.
    Section 204(b) of the Unfunded Mandates Reform Act exempts from the 
Federal Advisory Committee Act (5 U.S.C. App.) meetings with Tribal 
elected officials (or their designees) for the purpose of exchanging 
views, information, and advice concerning the implementation of 
intergovernmental responsibilities or administration. In selecting 
Committee members, consideration was placed on the applicant's 
experience in this area, as well as the size of the Tribe the nominee 
represented, geographic location of the gaming operation, and the size 
and type of gaming conducted. The Commission attempted to assemble a 
Committee that incorporates diversity and is representative of Tribal 
gaming interests. The Commission met with the Advisory Committee and 
discussed the public comments that are received as a result of the 
publication of the proposed MICS rule revisions and considered all 
Tribal and public comments and Committee recommendations before 
formulating the final rule revisions. The Commission also plans to 
continue its policy of providing necessary technical assistance, 
information, and support to enable Tribes to implement and comply with 
the MICS as revised. The Commission also provided the proposed 
revisions to Tribal leaders for comment prior to publication of this 
final rule and considered these comments in formulating the final rule.

Takings

    In accordance with Executive Order 12630, the Commission has 
determined that the following final MICS rule revisions do not have 
significant takings implications. A takings implication assessment is 
not required.

Civil Justice Reform

    In accordance with Executive Order 12988, the Office of General 
Counsel has determined that the following final MICS rule revisions do 
not unduly burden the judicial system and meet the requirements of 
sections 3(a) and 3(b)(2) of the Order.

Paperwork Reduction Act

    The following final MICS rule revisions require information 
collection under the Paperwork Reduction Act 44 U.S.C. 3501 et seq., as 
did the rule it revises. There is no change to the paperwork 
requirements created by these final revisions. The Commission's OMB 
Control Number for this regulation is 3141-0009.

National Environmental Policy Act

    The Commission has determined that the following final MICS rule 
revisions do not constitute a major Federal action significantly 
affecting the quality of the human environment and that no detailed 
statement is required pursuant to the National Environmental Policy Act 
of 1969 (42 U.S.C. 4321 et seq.).

List of Subjects in 25 CFR part 542

    Accounting, Auditing, Gambling, Indian-lands, Indian-Tribal 
government, Reporting and recordkeeping requirements.

0
Accordingly, for all of the reasons set forth in the foregoing 
preamble, the National Indian Gaming Commission amends 25 CFR part 542 
as follows:

PART 542--MINIMUM INTERNAL CONTROL STANDARDS

0
1. The authority citation for Part 542 continues to read as follows:

    Authority: 25 U.S.C. 2701 et seq.

0
2. Amend Sec.  542.3 by revising paragraph (f) to read as follows:


Sec.  542.3  How do I comply with this part?

* * * * *
    (f) CPA testing. (1) An independent certified public accountant 
(CPA) shall be engaged to perform ``Agreed-Upon Procedures'' to verify 
that the gaming operation is in compliance with the minimum internal 
control standards (MICS) set forth in this part or a Tribally approved 
variance thereto that has received Commission concurrence. The CPA 
shall report each event and procedure discovered by or brought to the 
CPA's attention that the CPA believes does not satisfy the minimum 
standards or Tribally approved variance that has received Commission 
concurrence. The ``Agreed-Upon Procedures'' may be performed in 
conjunction with the annual audit. The CPA shall report its findings to 
the Tribe, Tribal gaming regulatory authority, and management. The 
Tribe shall submit two copies of the report to the Commission within 
120 days of the gaming operation's fiscal year end. This regulation is 
intended to communicate the Commission's position on the minimum 
agreed-upon procedures to be performed by the CPA. Throughout these 
regulations, the CPA's engagement and reporting are based on Statements

[[Page 47105]]

on Standards for Attestation Engagements (SSAEs) in effect as of 
December 31, 2003, specifically SSAE 10 (``Revision and Recodification 
Agreed-Upon Procedures Engagements.''). If future revisions are made to 
the SSAEs or new SSAEs are adopted that are applicable to this type of 
engagement, the CPA is to comply with any new or revised professional 
standards in conducting engagements pursuant to these regulations and 
the issuance of the agreed-upon procedures report. The CPA shall 
perform the ``Agreed-Upon Procedures'' in accordance with the 
following:
    (i) As a prerequisite to the evaluation of the gaming operation's 
internal control systems, it is recommended that the CPA obtain and 
review an organization chart depicting segregation of functions and 
responsibilities, a description of the duties and responsibilities of 
each position shown on the organization chart, and an accurate, 
detailed narrative description of the gaming operation's procedures in 
effect that demonstrate compliance.
    (ii) Complete the CPA NIGC MICS Compliance checklists or other 
comparable testing procedures. The checklists should measure compliance 
on a sampling basis by performing walk-throughs, observations and 
substantive testing. The CPA shall complete separate checklists for 
each gaming revenue center, cage and credit, internal audit, 
surveillance, information technology and complimentary services or 
items. All questions on each applicable checklist should be completed. 
Work-paper references are suggested for all ``no'' responses for the 
results obtained during testing (unless a note in the ``W/P Ref''' can 
explain the exception).
    (iii) The CPA shall perform, at a minimum, the following procedures 
in conjunction with the completion of the checklists:
    (A) At least one unannounced observation of each of the following: 
Gaming machine coin drop, gaming machine currency acceptor drop, table 
games drop, gaming machine coin count, gaming machine currency acceptor 
count, and table games count. The AICPA's ``Audits of Casinos'' Audit 
and Accounting Guide states that ``observations of operations in the 
casino cage and count room should not be announced in advance * * *'' 
For purposes of these procedures, ``unannounced'' means that no 
officers, directors, or employees are given advance information 
regarding the dates or times of such observations. The independent 
accountant should make arrangements with the gaming operation and 
Tribal gaming regulatory authority to ensure proper identification of 
the CPA's personnel and to provide for their prompt access to the count 
rooms.
    (1) The gaming machine coin count observation would include a weigh 
scale test of all denominations using pre-counted coin. The count would 
be in process when these tests are performed, and would be conducted 
prior to the commencement of any other walk-through procedures. For 
computerized weigh scales, the test can be conducted at the conclusion 
of the count, but before the final totals are generated.
    (2) The checklists should provide for drop/count observations, 
inclusive of hard drop/count, soft drop/count and currency acceptor 
drop/count. The count room would not be entered until the count is in 
process and the CPA would not leave the room until the monies have been 
counted and verified to the count sheet by the CPA and accepted into 
accountability. If the drop teams are unaware of the drop observations 
and the count observations would be unexpected, the hard count and soft 
count rooms may be entered simultaneously. Additionally, if the gaming 
machine currency acceptor count begins immediately after the table 
games count in the same location, by the same count team, and using the 
same equipment, the currency acceptor count observation can be 
conducted on the same day as the table games count observation, 
provided the CPA remains until monies are transferred to the vault/
cashier.
    (B) Observations of the gaming operation's employees as they 
perform their duties.
    (C) Interviews with the gaming operation's employees who perform 
the relevant procedures.
    (D) Compliance testing of various documents relevant to the 
procedures. The scope of such testing should be indicated on the 
checklist where applicable.
    (E) For new gaming operations that have been in operation for three 
months or less at the end of their business year, performance of this 
regulation, section 542.3(f), is not required for the partial period.
    (2) Alternatively, at the discretion of the Tribe, the Tribe may 
engage an independent certified public accountant (CPA) to perform the 
testing, observations and procedures reflected in paragraphs (f)(1)(i), 
(ii), and (iii) of this section utilizing the Tribal internal control 
standards adopted by the Tribal gaming regulatory authority or Tribally 
approved variance that has received Commission concurrence. 
Accordingly, the CPA will verify compliance by the gaming operation 
with the Tribal internal control standards. Should the Tribe elect this 
alternative, as a prerequisite, the CPA will perform the following:
    (i) The CPA shall compare the Tribal internal control standards to 
the MICS to ascertain whether the criteria set forth in the MICS or 
Commission approved variances are adequately addressed.
    (ii) The CPA may utilize personnel of the Tribal gaming regulatory 
authority to cross-reference the Tribal internal control standards to 
the MICS, provided the CPA performs a review of the Tribal gaming 
regulatory authority personnel's work and assumes complete 
responsibility for the proper completion of the work product.
    (iii) The CPA shall report each procedure discovered by or brought 
to the CPA's attention that the CPA believes does not satisfy paragraph 
(f)(2)(i) of this section.
    (3) Reliance on Internal Auditors. (i) The CPA may rely on the work 
of an internal auditor, to the extent allowed by the professional 
standards, for the performance of the recommended procedures specified 
in paragraphs (f)(1)(iii)(B), (C), and (D) of this section, and for the 
completion of the checklists as they relate to the procedures covered 
therein provided that the internal audit department can demonstrate to 
the satisfaction of the CPA that the requirements contained within 
Sec.  542.22, 542.32, or 542.42, as applicable, have been satisfied.
    (ii) Agreed-upon procedures are to be performed by the CPA to 
determine that the internal audit procedures performed for a past 12-
month period (includes two 6-month periods) encompassing a portion or 
all of the most recent business year has been properly completed. The 
CPA will apply the following Agreed-Upon Procedures to the gaming 
operation's written assertion:
    (A) Obtain internal audit department work-papers completed for a 
12-month period (includes two 6-month periods) encompassing a portion 
or all of the most recent business year and determine whether the CPA 
NIGC MICS Compliance Checklists or other comparable testing procedures 
were included in the internal audit work-papers and all steps described 
in the checklists were initialed or signed by an internal audit 
representative.
    (B) For the internal audit work-papers obtained in paragraph 
(f)(3)(ii)(A) of this section, on a sample basis, reperform the 
procedures included in CPA NIGC MICS Compliance Checklists or other 
comparable testing procedures prepared

[[Page 47106]]

by internal audit and determine if all instances of noncompliance noted 
in the sample were documented as such by internal audit. The CPA NIGC 
MICS Compliance Checklists or other comparable testing procedures for 
the applicable Drop and Count procedures are not included in the sample 
reperformance of procedures because the CPA is required to perform the 
drop and count observations as required under paragraph (f)(1)(iii)(A) 
of this section of the Agreed-Upon Procedures. The CPA's sample should 
comprise a minimum of 3 percent of the procedures required in each CPA 
NIGC MICS Compliance Checklist or other comparable testing procedures 
for the gaming machine and table game departments and 5 percent for the 
other departments completed by internal audit in compliance with the 
internal audit MICS. The reperformance of procedures is performed as 
follows:
    (1) For inquiries, the CPA should either speak with the same 
individual or an individual of the same job position as the internal 
auditor did for the procedure indicated in their checklist.
    (2) For observations, the CPA should observe the same process as 
the internal auditor did for the procedure as indicated in their 
checklist.
    (3) For document testing, the CPA should look at the same original 
document as tested by the internal auditor for the procedure as 
indicated in their checklist. The CPA need only retest the minimum 
sample size required in the checklist.
    (C) The CPA is to investigate and resolve any differences between 
their reperformance results and the internal audit results.
    (D) Documentation is maintained for 5 years by the CPA indicating 
the procedures reperformed along with the results.
    (E) When performing the procedures for paragraph (f)(3)(ii)(B) of 
this section in subsequent years, the CPA must select a different 
sample so that the CPA will reperform substantially all of the 
procedures after several years.
    (F) Any additional procedures performe