Skip to Main Content

Gain controlSOC examinations

Boost confidence in operations and security


The BerryDunn assurance team has helped more than half the lotteries in the United States—and their vendors—identify and strengthen operational and technical controls. We keep our fingers on the pulse of the industry, meeting regularly with lottery leaders and gaming experts to ensure our knowledge and experience keep pace with constant regulatory, technological, and operational changes.

Our team understands the issues critical to lotteries’ reporting needs. We have a deep understanding of lottery systems, games, Igaming systems, video lottery systems, and instant/scratch ticket operations, and we work to identify both strengths and risks to ensure processes are efficient, and systems are secure.

Our System and Organizational Controls (SOC) audit reporting techniques can help your management to understand existing internal controls and processes, as well as data management, IT security, and operational monitoring practices currently in place—and develop actionable strategies to secure those areas that need improvement. This effort helps ensure integrity and privacy, while meeting regulatory requirements to mitigate ramifications from government audits.

To accommodate the varying needs of our clients, we offer support to clients for the following SOC audit types:

  • SOC 1. This exam reports on internal controls over financial reporting, focusing on gaming system sales and reporting controls, draw game procedures and reporting instant/scratch ticket sales, processing and distribution controls, logical security, change management, and control environment.
  • SOC 2. This exam reports on internal controls as they relate to the five Trust Service Categories (2016), or the newly introduced Trust Services Criteria using COSO (2017 including security, availability, processing integrity, confidentiality, and privacy. SOC 2s are ideal for lotteries seeking assurance focused on system security, availability, and privacy controls.
  • SOC 3. Similar to the SOC 2 exam, the auditor’s report is based on management’s assertion that controls are in place, and a public-facing report is made available for all users. SOC 3 is ideal for gaming systems where players may seek assurance from the lottery or vendor that their information is secure and protected. 

Contact our team and make sure you are ahead of the game.

Related Industries

Related Professionals

Principals

BerryDunn experts and consultants