This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.

Comprehensive information on the MGAs Systems Audit process

17 January 2019

When applying for a gaming license with the Malta Gaming Authority, potential licensees are required to undertake an application process which includes a Systems Audit. This Audit is designed to assess whether the gaming system is in line with the authority’s regulations as well as being as declared in the documents that were submitted as part of the application process. If the Systems Audit is successful, and the applicant meets all the necessary criteria, a five-year license is granted.

The Systems Audit is required as a part of the Licensee on-boarding process, or as and when deemed necessary by the MGA.

Information on Content of Audit 

The Systems Audit is a broad and wide-reaching process that seeks to understand and test every aspect of the system. These include the following:

Gaming Systems - The Systems architecture, application architecture, infrastructure network, license category and any random number generator (where applicable) will be checked to ensure they correspond with the application. System security and player account security will also be audited along with record keeping processes, and what information is maintained regarding player activity.

Internal Procedures - Know Your Customer information including documentation, and the database used to store it must be in line with the application and regulations. The Gaming compliance contribution calculation must also be ascertained, along with requirements pertaining to monthly reporting, the recording of financial transactions, accounting software, player registration, player password, AML measures, payment of winnings, and players accounts.

Player Protection - Website content including the prominent display of required information, display of and content of Terms and Conditions, display of information available to players, player self-protection mechanisms, ‘reality checks’, conditions of full screen games, and the detection of player fraudulent activity.

Systems Audit Procedure

The Systems Audit procedure is of course highly technical and can only be carried out by an entity with the relevant knowledge, experience, and approved to do so. Here is a brief summary of each step that is required.

  1. The Authority must be notified of the appointment of an auditor by the service provider;
  2. A statement must be submitted by the auditor to state that it, along with any affiliated entities and employees are free from any actual or possible conflict of interest. A conflict of interest can extend to consultants, assistance in application processes, bookkeeping, accounting, internal audit services, or implementation of systems provided to the Licensee by the Service Provider.
  3. An Authorisation to Release Information form must be submitted by the Licensee.
  4. The time frame of the Systems Audit must be confirmed.
  5. The Systems Audit must be carried out.
  6. The Systems Audit report must be submitted to the MGA.


BDO Malta are authorised by the Malta Gaming Authority to undertake Systems Audits on behalf of actual or potential Licensees. We also carry out mock audits to help Licensees to prepare for an upcoming system audit. To find out more about the process, or to get the ball rolling, contact a member of our team today.