Enterprise Risk Management

Enterprise Risk Management is about thinking ahead, drawing-up different scenarios, evaluating potential impacts and, most importantly, being aware of the risks.

Raising awareness about Enterprise Risk Management (ERM) and providing information to initiate or update plans to recognize and anticipate risks, thereby minimizing their impact, is among the goals of the WLA Security and Risk Management Committee (SRMC).

The SRMC has sought member feedback on risk management practices via a number of surveys. A Risk Register detailing lottery sector specific risks has been developed and Risk Profiles addressing key risks and mitigations have been prepared. These tools are designed to assist members to understand and address risk.

WLA Risk Management surveys

The first survey was released in 2020 to better understand industry risk perception and priorities.

A second survey was conducted in 2023 with the aim of understanding risk management maturity across the membership base, to refresh the Lottery Risk Register and to better target risk management support offerings for members.

Planning has commenced for the release of a third survey. It is hoped this survey will be available to members by May 2025.

Survey outcomes are available for download below.

Lottery Risk Register

The Lottery Risk Register is a list of risk-related information specific to the lottery and gaming sector. The aim of this document is to provide the WLA community with comprehensive documentation for establishing, implementing, or monitoring risk management processes.

The categorization and risks provided here are the result of work initiated by the WLA Security and Risk Management Committee in 2021 in collaboration with WLA members.

The Register is intended to be a living document, for which comments continue to be collected and added. It has recently been updated following a review of the lottery risk environment conducted by the Security and Risk Management Committee drawing on emerging trends and global risk reports. New entries address cloud computing, artificial intelligence and cyber security.

The Register aims to provide the global lottery community with a place to collaborate and share experiences while creating a comprehensive documentation on risk management for the sector. To download the latest version of the Lottery Risk Register, please login.

A copy of the Register for comments can be found on the WLA Wiki. All WLA members can register and login to the WLA Wiki to leave comments and input for future updates of the Register. The Register is reviewed by the Committee on at least a yearly basis and updated as needed.

Risk Profiles

To provide members with additional risk management resources, Risk Profiles have been developed for key risks categories. Each Profile describes a risk, details what is driving the risk and offers risk mitigation strategies. A risk rating has been applied to each risk using an assessment of the likelihood of the risk occurring and its impact.

The first tranche of Risk Profiles address cybersecurity, artificial intelligence, illegal gaming, talent, licences and contracts, and disaster risks was released in 2024. A second tranche of Profiles is now available covering responsible gaming, cloud computing and artificial intelligence. For the latter, four AI risks have been identified with a Profile for each.

The Profiles are intended as examples only. It is acknowledged that key risks and their impacts will vary between members based on local circumstances. Providing this detail is intended to prompt risk management conversations within member organisations.

All Profiles and the supporting risk rating tools can be accessed in the member section (login required).

Member Input

Feedback from members on the risk management resources detailed above is welcomed, as are suggestions on any additional services or support. Should you wish to share your thoughts please contact the SRMC here: [email protected]