Does any independant body audit Saftote

I find it strange that last nights Soccer 6 has no dividend declared,over 12 hours after completion(more complicated racing exotics are declared in minutes)

The interesting bit is the results,per leg,are entered BUT no nett pool,no.of tickets or dividend?

Sure by law they must?

The external auditors does the auditing on JSE listed companies.
Only category A auditors (R450k pa to practise as category A) can audit JSE listed companies.
However, the auditors merely audit that the numbers balance.

Ie the pool was R100 and 10 tickets each got paid R10.
By no means are the big 5 auditors in RSA capable of auditing which of the tickets went in before the event started and which tickets went in after the event ended.

As explained before, the database log tape must be printed.
The database log is written away by the database management system, recording each transaction on the database as the transaction occurs, writing away the date and time stamps of each record.

The database management system uses these log tapes to do forward and backward recoveries during times of database failure or even program failure.

Should you place a bet using a web application such as Interbet or Betfair and the internet connection is lost before the program has displayed the final "bet placed" message on your screen, the database management system will use these log tapes to backout the unsuccessful/uncompleted transaction.

The database administrator does have an utility to print these logs in a readable format.
From these logs the evidence can be verified as to the time and date that a transaction was processed.

Like most bookmakers do with Turfsport, we can set the time on the server back by 5 min, hence we can enter bets once the race has run, yet on the database log the time will show as before the race jumped, as the database management system obtains the date and time from the server date and time (which the bookmaker can set or change at will).

This comes back from the manual book systems we ran in the 80's, always leaving a few blank tickets open in the jackpot book, writing winning jackpot tickets after the days racing, to show a loss on the day.

On single soccer bets we can do the same.

However on soccer P6 bets, we will see from the logtape, as the 6 games stretch over a few hours and even days.

Nothing stops an assembler programmer modifying one of the database management dummy user exits to perform certain transactions, or even to modify or delete certain records that are/ should be written to the log tape.

We did experiment with this as far back as 1981 with IMS/DB, 1984 with ADABAS and DATACOM, 1988 with DB2, 2000 with Oracle and SYBASE.

Guess there are guys out there that still do it.
Perhaps we should check the banking systems, they all run DB2, ORACLE or SYBASE for the core banking systems and FX platforms.
Maybe someone working at IBM, ORACLE and SYBASE has already written code as part of the database management nucleus that will perform a global transfer of all bank funds on a specific day and time.

No bank will know as nobody ever checks the upgrades from the suppliers. They merely go on trust and perform the upgrades without question.
Might add that I don't think the banks have staff capable of checking user exits or Database management nucleus software.

My humble opinion on RSA tote run by the Americans - the pool is being tampered with programatically via the database user exits.

Some banks perhaps too?

I know about the 'statuatory' audit for companies....it was these forensic checks that I wonder about.It would just make sense that,when management controls are weak in a company,as they appear to be in"P",it is likely someone is taking advantage of the situation.

All of the big 5 auditors claim that they have forensic audit departments.
All banks have staff with titles starting or ending with 'forensic'.
I have consulted at +73 of these companies.

Regrettably, the people that carry out the forensic audits have no technical skills. Most have never hear of a Database log tape, let alone seen the content of a database logtape.

All have degrees, a laptop, a Risk an forensic management software package on the laptop.
They invented words such as quantitative risk analysis, penetration testing, schooled perhaps in C sharp as a programming language, extract data from the live production database, download the data to MS SQL server database, run SQL queries, download the results to Excel, create pivot tables, pie charts etc, then include this in the quantitative risk report that gets presented to management.

Management knows no better and is normally bamboozled by these quantitative risk reports.
Having received a quantitative risk report from a big 5 audit company clears management of future responsibility.

Management and the forensic audit companies do not have the skill to audit the IT systems.
Same applies to most staff working in the database departments of these companies.
These staff members will not touch the software they receive from the vendors.

I worked for the vendors, and others like me understand the software, as we had to fix the bugs on the database management nucleus of the products we supported.

IT departments focus on the enemy from outside. If the companies apply the seven levels of security, the enemy from the outside will be eliminated. However they are not aware. Of the seven levels (google seven levels of IT security for details) and chose to focus on level 6 and 7.
The levels from 1 to 7 build upon one another, hence most/all companies miss levels 1 to 5, thus have no IT security foundation.

All seem to be focussed on writing policies, procedures and producing quantitative risk analysis reportn and thereby missing the security requirement by a mile.

The real risk lies within the suppliers of database management system software and the technical IT staff within these companies.

As far back as 1985, I have tracked these inside IT guys at our banks, and believe me, it is a 1000% more active today.

Hence the probability that the tote is being manupilated from the inside is > than 100%

I can list more that 17 RSA companies where I have tracked IT guys on the inside doing their own business.
Purely from dumping the database log tape.

I no longer do IT work. A tiresome process for too little money. Let the guys steal as much as the want. Management won't mind - they have a quantitative risk analysis report from the big 5 to cover their backsides.

Feel sorry for the shareholders, as the shares will dip once it becomes known to the public.

The soccer 6 controls remain a concern....
After the matches on Sat. the UK soccer 6 showed the Man U,game rightfully,as pending,but they showed the nett pool and tickets going forward(ie.199)
This morning they post the final result,BUT THE NO. OF WINNING TICKETS now reflected as 0,and no. of winners still not reflected an hour later.....how many places do they need to gather winning tickets from?Surely of 199 tickets...x on result1,x on result 2 ,x on result 3.Post result 2 and remaining tickets should be immediate.
What happens in the interim hour or so?

It gets worse....the soccer 6 which was completed on Sat.(last leg-Barcelona) reflected an OFFICIAL payout,on Sun.,of R16000+

Today,the OFFICIAL payout has been reduced by R10,000

Too many strange goings on at Saftote!

Surely they would issue a statement? :S

Lol - welcome to the rainbow nation!

The euro millions roll over every week

The William hill shops do a lotto every day for +60 million people

But we have 18 or 19 winners on a roll over lotto!

Lol - africa must be far smarter than the rest of the world - we catch the lotto every time!

Africa has a literacy rate of 5% - does this mean if you cannot read or count - you are smarter than the Phd graduates?

Must be!

Lol

Viva the rainbow nation!