Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content


Annual Report and Accounts 2021 to 2022

The Gambling Commission's 2021 to 2022 Annual Report and Accounts.

  1. Contents
  2. Internal control framework

Internal control framework

The Gambling Commission has in place a wide range of internal controls to manage the risk of failure to achieve strategic objectives which include the following.

Organisational structure and delegation of authority

The Commission is currently organised into business areas and functions that bring together related operational, project and thematic activity.

Authority to make decisions and authorise expenditure is delegated to the appropriate level of responsibility within each business area.

Policies and procedures

Comprehensive policies and supporting procedures are in place across the Commission at a corporate and operational level. A thorough review of all financial policies was undertaken during 2018-19 to ensure that they remain compliant with Managing Public Money (MPM) and that they reflect best practice.

The Finance and Performance Committee routinely review financial policies. The appropriateness of Commission policies and procedures is periodically reviewed by internal audit as part of the audit plan.

Operational and financial reporting

The Commission reviews and updates its business plan on an annual basis and prepares an annual budget to support the delivery of the plan.

The budget also considers risks and uncertainties to ensure that these can be mitigated where possible. Both of these elements are reviewed and approved by the Board along with progress against the business plan. In this they are supported by the Finance and Performance Committee’s routine scrutiny of the business plan and budget. Financial performance is reported to the Board and Finance and Performance Committee at each meeting. In addition, the Commission also undertakes monthly financial re-forecasts to ensure that financial management of the Commission remains robust. This is reviewed by the Board.

Review and sign-off of actions

The Commission has a series of checks and balances in place across the organisation to ensure that decisions and outcomes are appropriately reviewed. Quality assessment reviews have been undertaken within a number of the compliance areas to ensure that regulatory activity continues to be of high quality.

Management also reviews outputs within a range of frontline and support areas to ensure accuracy and relevance. These controls are subject to internal and external audit review as part of the internal audit plan and external audit fieldwork.

Personal data incidents

There were no substantive data security incidents during 2021-22 (one during 2020-21).

Effectiveness of internal controls

The Commission's senior management reviews the operational effectiveness of the current internal controls using a combination of the Corporate Risk Register, and operational and financial performance reports.

This is supported by the annual programme of internal audit reviews into the design and operation of controls.

In 2021-22 the activities of PricewaterhouseCoopers (PWC), the Commission’s lead internal auditors were supplemented by additional reviews undertaken by the Government Internal Audit Agency (GIAA) to cover any reviews which could potentially cover any aspects of the NL4 programme.

Through their work during the year, PWC have concluded that as a result of the restrictions placed on the scope of their work (outlined previously) they have been unable to gather sufficient evidence and/or information to conclude on the adequacy and effectiveness of the Commission’s arrangements for governance, risk management and control. In recognition of these limitations the Accounting Officer sought additional assurance from the GIAA internal audit programme, to provide a more complete picture of the effectiveness of the controls in place within the Commission.

PWC have undertaken three reviews:

  • cyber security – Overall rated 'Needs Improvement' (three high, one medium and one low risk finding)
  • medium term financial planning – Overall rated ‘Needs Improvement’ (one high and six medium risk findings)
  • data privacy – Overall rating ‘Satisfactory with Exceptions’ (two medium and three low risk findings).

The GIAA has undertaken three reviews, whose findings are supplementary to the PWC conclusions:

  • review of National Lottery Licence Competition – Costs (economic and financial) and benefits models for Full Business Case – Overall rated ‘Substantial assurance’ (two low risk findings)
  • review of second line oversight of the 4th National Lottery Licence Competition - Phase one review and feedback – Advisory review
  • Governance – Overall rated ‘Moderate assurance’ (five medium risk, two low risk findings).

Principal risks and uncertainties facing the Commission

The principal risks and uncertainties are managed through the Commission’s Corporate Risk Register as part of the internal control framework. The most significant risks facing the Commission are as follows.

Most significant risks facing the Commission as of the end of March 2022

Most significant risks facing the Commission as of the end of March 2022
Risks and uncertainties Existing and planned mitigations
Income from fees, grant in aid and the use of available reserves does not cover expenditure. In particular, the withdrawal and adjustment of the Fourth National Lottery Competition cross-charge impacts the sustainability of the Commission’s overall financial position Existing:
  • progress with fees review and liaison with DCMS
  • improved income forecasting
  • identify and deliver short-term cost savings
  • use of fixed term contracts for project roles
  • further financial management controls.

  • review of fees framework – linked to the Gambling Act Review
  • development of 3-year costed plans.
Novel products are not identified at a sufficiently early stage Existing:
  • enforcement casework including suspension
  • close working with key stakeholders including DCMS, Administrators, solicitors and Financial Conduct Authority (FCA)
  • significant communications with members of parliament (MPs), journalists, and consumers (via website)
  • review of comparable products in the market.

  • Memorandum of Understanding agreed with the FCA to contain a framework to engage and resolve any future regulatory remit challenges
  • continuous improvement in horizon scanning for new and/or novel products
  • implement lessons learned from our independent review of BetIndex and other third-party review.
The Covid-19 pandemic increases risks to the licensing objectives and National Lottery duties, adversely impacts our ability to respond to risks and prevents sufficient fieldwork leaving data gaps on key metrics. Existing:
  • comprehensive homeworking arrangements allow full range of regulatory activities to be undertaken
  • alternative vehicles to collect data
  • close cross functional working and intelligence monitoring ensures identification and response to any changing risks
  • move to new methods of data collection. Consultation response due July 2021
  • regular check of guidance issued by the Government Property Association (GPA) to ensure we comply with all necessary control measures.

  • new hybrid working arrangements to be piloted before December 2022.
Disrupted transition from 3NL to 4NL
Risk: There is a risk that the transition from 3NL to 4NL may be disrupted
  • licensing obligations are currently in place to support an effective handover
  • appointed dedicated internal leads for the management of the transition risk and associated decisions on technology
  • the onboarding of the Transition Technology and Operations (TTO) work package: Providing expertise and experience in supporting and/or assuring the transition
  • applicants have all signed a Deed of Commitment with an agreed form enabling agreement. Current licensee has signed a Co-operation Agreement with the Commission
  • court application has been made to allow the transition process to proceed.

  • sign Enabling Agreement and incoming licensee to sign Cooperation Agreement
  • receipt and approval of joint transition plans by all parties
  • the ability during the implementation period for the Commission team to call upon support from additional specialised flex resources (through the agreed approval process mechanism) to assist with dealing with complex issues when required.
The 4th Licence is unable to start immediately following the end of the 3rd Licence Existing:
  • both available 3rd licence extensions triggered
  • court application has been made to lift the pause to the Programme to maintain as much as possible of the circa 22 months implementation period.

  • further reflections and actions will be undertaken on receipt of judgment in the Application to Lift
  • contingency planning and implementation of contingency plans as appropriate.
Is this page useful?
Back to top