Audit of the Massachusetts Gaming Commission Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Massachusetts Gaming Commission (MGC) for the period July 1, 2020 through June 30, 2023. When examining MGC’s employee settlements, we extended the audit period from July 1, 2018 through June 30, 2023. Additionally, when examining MGC’s sports wagering in the Commonwealth, we extended the audit period from March 1, 2023 through March 31, 2024.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

To accomplish our audit objectives, we gained an understanding of MGC’s internal control environment relevant to our objectives by reviewing applicable agency policies and procedures and by interviewing MGC’s staff members and management. We evaluated the design of controls over policies and procedures regarding regulating the exclusion of minor and underage youths from entering gaming floors, monitoring sports wagering, and advertising toward minors and self-identified individuals. We tested the operating effectiveness of internal controls related to the approval of gaming establishments’ and sports wagering operators’ internal control plans. Additionally, we confirmed that the application controls related to the approval and submission of a vulnerable person to the VSE list were working as intended.

In addition, to obtain sufficient, appropriate evidence to address our audit objectives, we performed the procedures described below.

To determine whether MGC monitored the exclusion of minors and underage youths on the gaming floor in accordance with 205 CMR 150.01 and 150.05, we took the actions described below.

• We inspected the ICPs of the Commonwealth’s three gaming establishments, which included the policy regarding the prevention of people younger than 21 from entering the gaming establishments, and we determined whether they were approved before beginning operations in the Commonwealth.
• We inspected all 108 Monthly Underage Incident Reports that the three gaming establishments submitted to MGC’s Investigations and Enforcement Bureau (IEB) during the audit period to ensure that these Monthly Underage Incident Reports were submitted by the 10th day of the following month and included the number of people younger than 21 found in the gaming area, near tables, gaming at slot machines, consuming alcohol, turned over to the proper law enforcement authority, and escorted from the gaming area.
• We selected a random, nonstatistical sample⁹ of 35 minor and underage youth incidents out of the population of 239 minor and underage youth incidents that occurred during the audit period. We compared MGC’s Individual Underage Incident Reports with the gaming establishments’ Underage Incident Reports to ensure that dates, names, winnings, and losses for each underage incident were accurately recorded and investigated by MGC.

For this objective, we found no significant issues during our testing. Therefore, we concluded that, based on our testing, MGC complied with 205 CMR 150.01 and 150.05.

To determine whether MGC approved the sports wagering operators’ ICPs to ensure that measures were in place to prevent minors and underage youths from placing sports wagers for the period March 1, 2023 (the commencement date of sports wagering in the Commonwealth) through March 31, 2024 in accordance with 205 CMR 250.01(2), we took the following actions. First, we inspected all 13 sports wagering operators’ ICPs and MGC’s Board Meeting Minutes (dated January 30, 2023; March 9, 2023; April 25, 2023; May 16, 2023; and July 1, 2024) to determine whether each sports wagering operator’s ICP received approval from MGC’s executive director and the commissioners.

Additionally, we reviewed these incident reports to ensure that the sports wagering operators were following their ICPs by reporting minor and underage youth incidents to MGC. We inspected all 19 incident reports for the name, nature, unique numerical identifier, date of the complaint, the person against whom the complaint was made, and whether the actions committed to by the sports wagering operator were completed. Also, we compared the incident reports’ Date Reported to the Date of Deposit to ensure that the amount lost was deposited into MGC’s Sports Wagering Fund within 45 days of the date it was reported to MGC’s IEB. Lastly, we selected a random, nonstatistical sample of 5 sports wagering operators out of the population of 13 sports wagering operators that were active during the audit period. For each of the sampled sports wagering operators, we inspected the 12 Monthly Incident Reports submitted to MGC’s IEB to ensure that these Monthly Incident Reports were submitted by the 10th day of the following month.

For this objective, we found no significant issues during our testing. Therefore, we concluded that, based on our testing, MGC complied with 205 CMR 250.01(2).

To determine to what extent MGC ensured that marketing materials from sports wagering operators were not disseminated or distributed to individuals under the age of 21 or to individuals who signed up for the VSE Program, in accordance with 205 CMR 256.05, we conducted interviews with MGC officials about their procedures for reviewing marketing materials. During our interview, MGC officials explained that they do not review or approve advertising materials before they are disseminated. Furthermore, MGC does not have a documented process for reviewing and approving these materials. MGC only reviews advertising materials after they are published, and only if they are reported to MGC for noncompliance issues.

For this objective, we found certain issues during our testing; namely, that MGC did not comply with 205 CMR 256.05. See Finding 1 for more information. 

To determine whether MGC implemented policies and procedures to support people affected by gambling addiction in accordance with 205 CMR 133.02(3), we took the following actions. First, we inspected the course training material, the course agenda, and the test provided to GameSense agents after the completion of the training to ensure that it covered ways to identify keys signs of gambling addiction. Also, we inspected the training records for all 20 (100%) GameSense agents that were active during the audit period and compared the training start dates with the email confirmation that the training was completed, which the director of GameSense operations sent to MGC. GameSense agents’ roles are crucial in supporting people affected by gambling addiction. GameSense agents receive training to recognize key signs that may indicate that a person is at risk of developing gambling addiction; this includes identifying behavioral cues such as mood swings experienced by a person while they gamble. Furthermore, these agents are trained to interact with at-risk individuals compassionately, nonjudgmentally, and with an understanding that these individuals may also be grappling with other issues.

For this objective, we found certain issues during our testing; namely, that MGC did not comply with 205 CMR 133.02(3). See Finding 2 for more information.

To determine whether MGC reported all monetary employee settlement claims to the CTR in accordance with 815 CMR 5.09 and CTR’s “Settlement and Judgments Policy,” we took the following actions. First, we inspected the following documents for two (100%) employee settlement agreements reported to us by MGC for the audit period:

• the Settlement Agreement Release Form (which we inspected to ensure the finalization of the employee settlement between MGC and the employee) and
• the Non-Tort Settlement Judgment Payment Authorization Form (which we inspected to ensure that the employee settlement was approved by CTR before payment).

Also, as part of our internal control review, we interviewed MGC’s officials to determine the steps MGC took when entering into a settlement agreement. During this interview, these MGC officials told us that MGC did not have a documented process for reviewing and finalizing its employee settlement agreements.

For this objective, we concluded that, based on our testing, MGC complied with 815 CMR 5.09. However, we noted that MGC was not in compliance with CTR’s “Settlement and Judgments Policy.” Specifically, we found certain issues during our testing regarding MGC’s lack of a documented process for reviewing, entering into, and finalizing its employee settlement agreements during the extended audit period (July 1, 2018 through June 30, 2023). See Finding 3 for more information.

Underage Incident Software

To determine the reliability of MGC’s gaming floor underage incident report data and sports wagering incident report data from the incident software, we interviewed MGC officials who were familiar with the data. We also tested select information system controls (access controls, security management, configuration management, contingency planning, and segregation of duties).

Additionally, we compared the number of underage gaming floor incidents from the underage incident report to the number observed during the data extraction process. We also tested the underage incidents for gaming floor data for any spreadsheet issues (e.g., duplicate records or hidden objects such as rows or headers). Furthermore, we selected a random sample of 10 underage incidents from the underage incident report data. We compared the information from MGC’s incident report software data to the report from the gaming establishments’ incident report software (e.g., date, property name, and status) for agreement. We also selected a random sample of 10 underage incidents from the gaming establishments’ incident report software, and traced back to MGC’s incident report software information (e.g., date, property name, and status) for agreement.

For the sports wagering incident list, we compared the number of sports wagering incidents from the list to the number observed during the data extraction process for data from the period March 1, 2023 through March 31, 2024. We also tested the underage incidents for sports wagering incident data for any spreadsheet issues (e.g., duplicate records or hidden objects such as rows or headers). Also, we inspected all 19 sports wagering underage incidents data from sports wagering incident reports submitted to MGC and traced these back to MGC’s incident report software data (e.g., date, name of complainant, nature of complaint, names, and actions taken) for agreement.

To determine the reliability of the list of sports wagering operators, we interviewed MGC officials who were knowledgeable about the list. Additionally, we inspected MGC’s Board Meeting Minutes from the period March 1, 2023 through March 31, 2024 to ensure that the sports wagering operators’ names were included.

VSE List

To determine the reliability of the VSE list extracted from the vulnerable person voluntary self-excluding software that MGC administered during the audit period, we conducted interviews with MGC officials who were knowledgeable about the list. We tested select information system controls, including access controls, security management, configuration management, contingency planning, segregation of duties, and application control. Specifically, we confirmed whether the application controls related to the approval and submission of a vulnerable person to the VSE list worked as intended.

To confirm the accuracy of the VSE list, we selected a random sample of 20 applicants listed in MGC’s VSE applicant list database for applications filed during the audit period and compared their names, dates of birth, and addresses to their identification cards. We also tested the VSE list for any worksheet errors, including duplicate records.

Settlement Agreement

To determine the reliability of the list of employee settlement data, we selected a random sample of 32 legal invoices and traced the legal name, invoice date, amount, invoice number, and whether these legal invoices were related to any employee settlements during the audit period to the list of legal expenses. Additionally, we inspected the list of complaints from the audit period to ensure that none of the complaints resulted in employee settlements by comparing the names on both the list of complaints and the list of employee settlements.

Based on the results of the data reliability assessment procedures described above, we determined that the information we obtained was sufficiently reliable for the purposes of our audit.