9a Internal Audits Completed for 2019 Memo
COMMISSION AGENDA MEMORANDUM Item No. 9a BRIEFING ITEM Date of Meeting December 10, 2019 DATE: December 2, 2019 TO: Stephen P. Metruck, Executive Director FROM: Glenn Fernandes, Director, Internal Audit SUBJECT: Internal Audit Audits Completed in 2019 EXECUTIVE SUMMARY The purpose of this memo is to brief the Commission and the public on audits performed in the 2019 calendar year. The 2019 Audit Plan was approved at the December 7, 2018 Audit Committee Meeting. Internal Audit has completed 18 audits and partnered with Information Security to report on the results of the 2019 Payment Card Industry required annual self-assessment, per the 2019 Audit Plan. The audits identified 13 High Risk and 29 Medium Risk issues for management action. Implementation of the associated recommendations will strengthen internal controls, enhance processes, and improve efficiencies. Internal Audit has a process in place where we periodically follow up on recommendations and agreed upon management action plans to assure action is taken. Delinquent action plans are periodically brought to the Audit Committee's attention. BACKGROUND On December 11, 2007, the Port of Seattle Commission passed a motion, which resulted in the creation of an independent and objective audit function. In discharging their duty, the Internal Audit Director and his staff are accountable to the Audit Committee and to the Executive Director. For 2019, the Audit Committee was chaired by Commissioner Steinbrueck and Commissioner Calkins served as the secretary. Christina Gehrke, Senior Vice President and Chief Audit Executive at Sound Community Bank, served as the external member of the Audit Committee. The Audit Committee serves as an arm of the Port Commission. Internal Audit conducts independent, objective, risk-based audits of the Port's operations, activities and vendors. Our audits add value by helping the Port achieve its mission and result in: financial stewardship, accountability, transparency, governance, and operational excellence. Internal Audit derives its authority from the Port Commission. Template revised April 12, 2018. COMMISSION AGENDA Briefing Item No. 9a Page 2 of 2 Meeting Date: December 10, 2019 LISTING OF 2019 INTERNAL AUDITS COMPLETED Below is a list of audits completed by Internal Audit in 2019. These audits are categorized by audit type. Limited Contract Compliance: 1) Sixt Rent A Car 2) EAN Holding, LLC 3) Anton Airfood of Seattle, Inc. 4) Mad Anthony's, Inc. 5) Airport Tenant Marketing Program Operational: 6) Marine Maintenance Shop1 7) Airport Employee Access1, 2 8) Architectural and Engineering Consultant Rates1 9) Diversity in Contracting Operational (Capital): 10) Noise Insulation Program1 11) Concourse D Hardstand Holdroom1 12) Checked Baggage Optimization Project (Phase 1) 13) Shilshole Bay Marina Customer Facilities Project Information Technology: 14) Closed Network System Security1, 2 15) HIPAA Security Compliance1, 2 16) HIPAA Privacy and Breach Compliance1 17) Inventory and Control of Hardware Assets1, 2 18) Security of Personally Identifiable Information2 19) Payment Card Industry (PCI)2, 3 1 Highlighted audits have findings that are more significant. 2 Security Sensitive Exempt from public disclosure per RCW 42.56.420; these will not be discussed. 3 This work was performed by an external Qualified Security Assessor. Internal Audit provided a summary report to the Audit Committee. ATTACHMENTS TO THIS BRIEFING (1) Presentation slides PREVIOUS COMMISSION ACTIONS OR BRIEFINGS None. Template revised September 22, 2016.
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.