PORT OF SEATTLE 
MEMORANDUM 
COMMISSION AGENDA               Item No.       7b 
STAFF BRIEFING             Date of Meeting   February 05, 2013 
DATE:    January 25, 2013 
TO:     Tay Yoshitani, Chief Executive Officer 
FROM:    Joyce Kirangi, Director, Internal Audit 
SUBJECT:  Enterprise Technology Risk and Performance Assessment 
SYNOPSIS: 
Protiviti has completed its report on the Port of Seattle Enterprise Technology Performance and Risk
Assessment. The report encompasses the analyses, conclusions, observations and recommendations 
derived by Protiviti as a result of the procedures it performed. Protiviti is also scheduled to brief the
Audit Committee on February 5, 2013. 
Highlights 
The IT cost benchmarking analysis conducted by Protiviti indicates the Port IT functions have
effectively managed costs, including the following key results: 
The Port has generally outperformed comparable industries in controlling IT operations (or
"run") costs. 
The Port has successfully shifted more of its IT spending towards growth and transformation of
business operations. 
The Port's IT process activities perform favorably when compared to organizations of
comparable size and industry-groups. 
Opportunities 
The report suggests opportunities to: 
Further mature certain core IT processes 
Continue to align ICT and Aviation IT operations 
Explore additional avenues to collaborate and communicate with the Commission and Executive 
Team 
Protiviti also conducted a technology risk assessment and recommends the following thee-year IT Audit
plan, including direction on staffing levels and appropriate skills sets to complete the recommended
audits: 
2013 
o  Scheidt Bachman Parking System 
o  Data Center

COMMISSION AGENDA 
Tay Yoshitani, Chief Executive Officer 
January 25, 2013 
Page 2 of 2 
o  PeopleSoft Post-Implementation Review 
2014 
o  End-Point Security 
o  IT Asset Management 
o  HIPAA Compliance Assessment 
2015 
o  Data Loss Prevention 
o  IT Change Management Diagnostic 
o  Business Continuity/Disaster Recovery 
BACKGROUND: 
Technology is rapidly changing and absolutely critical to the Port's overall operations. It is essential to
enhance the efficiency and effectiveness of the Port's business processes through the protection,
reliability, availability, and analysis of business information. 
The Audit Committee and the Executive Team recognized such critical roles and recommended a third
party conduct an assessment of the Port enterprise technology risk and performance. The Port, using its
competitive procurement process, engaged Protiviti to conduct the assessment. The project was initiated
in the September 2012 time frame and completed in December 2012. 
The project consisted of two primary objectives: 
1.  Assess the overall management, efficiency and effectiveness of Port information and
communication technology assets and services within the following key areas: Strategy,
Operations, Investment, Governance and Risk Management 
2.  Execute a technology risk assessment resulting in a three-year IT Audit plan, including direction
on staffing levels and appropriate skills sets to complete the recommended audits.
Provititi performed a number of procedures, including a broad set of interviews with organization
leadership and process leads; review of provided policies, procedures, and process documentation; and
conducted detailed benchmarking analysis. 
OTHER DOCUMENTS ASSOCIATED WITH THIS BRIEFING: 
Protiviti Detailed Report on the results of the Enterprise Technology Risk and Performance
Assessment 
PowerPoint presentation (summary) 
PREVIOUS COMMISSION ACTIONS OR BRIEFINGS: 
None