INTERNAL AUDIT 
2018 Proposed Audit Plan 
AUDIT CATEGORIES 
I.   Limited Contract Compliance  6 Audits (35% of Total Audits) 
Generally focusing on revenue/concession fees due to the Port,
limited in scope, data intensive. 
II.  Operational  8 Audits (47% of Total Audits) 
Broader in scope than contract compliance audits. Involves gaining
an understanding of processes and related efficiencies/controls. 
III.  Information Technology Audits  3 Audits (18% of Total Audits) 
Focus is on General IT System controls and vulnerabilities. 


1

INTERNAL AUDIT 
2018 Limited Contract Compliance 
Cycle Audits 
Contract never audited but deemed higher risk 
Contracts expiring in 2019 
Provide audit an opportunity to review contract compliance & gaps
before contract expires 
Issues noted during previous audit 
Follow up to assure issue has been remedied and risks mitigated 
Aviation specific directional information only (unaudited) 






2

INTERNAL AUDIT 
2018 Limited Contract Compliance 
2018   2017   2016   2015   2014   2013 
Beecher's Handmade Cheese             X 
Sky Chefs, Inc.                 X                 X 
Suns, Inc.                     X 
Dollar Rent-A-Car              X                      X 
Thrifty Car Rental              X                 X 
Fox Rent-A-Car               X                     X 




3

INTERNAL AUDIT 
2018 Operational Audits 
Carryover audits from 2017 
Airport Taxicabs follow up on high risk issues 
Capital Spend Focus 
IAF, North Satellite 
Northwest Seaport Alliance 1 
Review of operations and administration against the NWSA
Charter to determine compliance 


RSM Risk Assessment Analysis - Key Audit Ideas

4

INTERNAL AUDIT 
2018 Operational Audits 

2018   2017  2016  2015  2014  2013 
Taxi Cabs (Eastside)              X     X 
TNC's Rematch (E-KPI's)           X     X 
Maritime Maintenance Shops      X 
Capital Program IAF             X     X 
Capital Program North Satellite      X 
Northwest Seaport Alliance        X 
Seatac Utilities                  X 
Disbursements/Accounts Payable    X 
Carryover to 2018 from 2017 Audit Plan 

5

INTERNAL AUDIT 
2018 Information Technology Audits 
Data Centers  Aviation Maintenance (AVM) 
AVM Data centers have never been audited 
Critical systems are housed in these data centers 
Change Management (AVM) 
Lack of a single approach to Change Management and a single
source of record for system configurations greatly increase the
risk of unplanned business disruptions. 
A New parking system was implemented in late 2017. Audit will
review the technology controls surrounding this new system. 
2018   2017  2016  2015  2014  2013 
Data Centers (AVM)             X 
Change Management (AVM)      X 
T2 Systems ParkingSoft           X 
6

INTERNAL AUDIT 
2018 Proposed Audits 
Limited Contract                         Information
Operational 
Compliance                         Technology 
Beecher's          Taxi Cabs(Eastside)     Data Centers -
Handmade       TNC's  Rematch      AVM 
Cheese            (EKPI's)            Parking Soft
Sky Chefs, Inc.         Maritime             System 
Maintenance Shops  
Suns, Inc.                              Change
Capital Program IAF 
Dollar Rent-A-Car                      Management  
Capital Program
(CMC                       AVM 
North Satellite 
Investments, Inc.) 
Northwest Seaport
Thrifty Car Rental      Alliance 
(DTG)             Seatac Utilities  
Fox Rent-A-Car       Disbursements /
Accounts Payable  
Carryover to 2018 from 2017 Audit Plan 
7

Information Technology Audit 
ICT Disaster Recovery Capability 
June 17, 2017  October 30, 2017 
Prepared by Point B in partnership with the Port of Seattle Internal Audit department 





8

ICT Disaster Recovery Audit            INTERNAL AUDIT 
BACKGROUND 
What is the difference between Business Continuity and Disaster Recovery? 
Business Continuity maintains critical business functions in the event of a disaster or
catastrophic loss of capabilities, i.e. Business Continuity is the business' survival plan. 
IT Disaster Recovery is an IT discipline focused on the restoration of critical technology
services after a catastrophic loss, such as the loss of an entire facility or a regional
disaster. 
Disaster Recovery Objectives: 
Maintain IT DR capabilities meeting desired business risk mitigation profiles 
Minimize the impact of disruptions to the business from catastrophic technology losses 
Restore services within Recovery Time and Recovery Point Objectives 
Maintain effective incident management, and governance 
Maintain effective communications to customers 

9

ICT Disaster Recovery Audit            INTERNAL AUDIT 
AUDIT OBJECTIVE 
Assess ICT's IT Disaster Recovery processes and capabilities, including new DR
capabilities under construction today in Spokane 
SCENARIO 
Complete loss of ICT's primary data center (MER/VD) 
Collateral events outside of MER/VD, such as a regional disaster were not
addressed due to audit time and cost limitations 
The scenario modeled is a high-impact, but very low likelihood event 

MER/VD = Main Equipment Room / Voice and Data 

10

ICT Disaster Recovery Audit            INTERNAL AUDIT 
AUDIT RESULT 
In general, internal controls were adequate: 
Technology designs include operational redundancies for all critical systems 
MER/VD data center is designed to withstand major failures and remain
operational. 
ICT follows best practice approaches for continuous development of DR
capabilities 
ICTs major incident processes are mature and well-practiced and have been
tested on more than 5 major failures 
However, we identified two opportunities for improvement 

11

ICT Disaster Recovery Audit            INTERNAL AUDIT 
IMPROVEMENT #1 
Pairs of high-availability network equipment supporting the Operations network,
Enterprise network, and Internet Egress are not geographically segregated. 
Recommendations 
1. Initiate a project to add geographic redundancy to these critical network
systems 
2. Consider the low likelihood of a significant event, operational impacts, and high
priority of completing the present Spokane IT DR project when scheduling 

Management Response 
Management agrees with the assessment and recommendations. 
(See Audit Report for details on Management Response) 

12

ICT Disaster Recovery Audit            INTERNAL AUDIT 
IMPROVEMENT #2 
ICT Disaster recovery processes are not integrated and aligned to the process
utilized by the Emergency Coordination Center, creating a risk of inefficient
recovery efforts 
Recommendations 
1. Improve the existing program for initial and refresher NIMS ICS training for all
ICT directors, managers, and key technical leads 
2. Familiarize the remaining ICT staff with an overview of NIMS ICS 
3. Participate in ECC mock exercises and develop mock technology incident
scenarios for integrated ECC/ICT training 
4. Reconcile ICT resource and location issues with ECC for technology incidents 
NIMS = National Incident Management System 
ICS = Incident Command System 
ECC = Emergency Coordination Center 
13

ICT Disaster Recovery Audit            INTERNAL AUDIT 
IMPROVEMENT #2 (Continued) 
Management Response 
1. We will baseline NIMS/ ICS training, at appropriate levels, within ICT by
March 31, 2018 or as available. The frequency of refresher training is being
addressed at a Port policy level, with a recommendation of every 2 years 
2. ICT now has a formal seat within the ECC and will be included in exercises
that have technology components that would require their participation 
3. As part of the training coordination effort-- roles and location expectations,
along with overall ECC coordination (and exercising) will be addressed 


14

Information Technology Audit 
ICT IT Change Management 
June 17, 2017  October 30, 2017 
Prepared by Point B in partnership with the Port of Seattle Internal Audit department 





15

ICT IT Change Management Audit        INTERNAL AUDIT 
BACKGROUND 
What is IT Change Management? 
A broadly accepted, industry best-practice that governs the identification, prioritization,
authorization, release, and communication of all changes to production environments 
Process Objectives: 
Identify and quantify the risk and impact of changes to the Port's production systems 
Minimize both planned and unplanned business service disruptions 
Manage the prioritization and release of change to production environments 
Effectively communicate changes and disruptions to affected business stakeholders 
Example Changes:              ICT Change Statistics 
Security and application patches     3,422 production changes in past 48 months 
New software releases          Average 8 changes per night 
Phone system updates          Each change may impact 100s of systems, users 
Maintenance of IT infrastructure 

16

ICT IT Change Management Audit        INTERNAL AUDIT 
AUDIT RESULT 
In general, internal controls were adequate: 
ICT has adopted industry-best-practice ITIL methodologies 
ICTs processes are mature and well-practiced 
ICT actively executes and enforces IT Change Management 
ICT team members culturally reinforce the importance of the process 
Customers report very few unplanned outages 
However, we identified two opportunities for improvement 



17

ICT IT Change Management Audit        INTERNAL AUDIT 
IMPROVEMENT #1 
Though clearly defined and well practiced, the IT Change Management process is not
supported with an adequate toolset to maintain controls 
Recommendations 
1. Replace the existing toolset with a single, integrated service management application 
2. Adapt the existing process to take advantage of the new toolset 
3. Measure and communicate Key Performance Indicators 
4. Develop process controls to maintain accurate system configuration information 
Management Response 
Management agrees with the assessment and recommendations. 
A new toolset has already been selected and a project has been initiated with an
estimated completion of initial deployment by March 31, 2018. KPIs, process controls
and measures will follow the initial deployment and are expected to be completed by
June 30, 2018. 
18

ICT IT Change Management Audit        INTERNAL AUDIT 
IMPROVEMENT #2 
ICT and Aviation Maintenance do not share common IT Change Management processes
and tools to manage change in business systems that span the responsibilities of both
organizations. 
Recommendations 
1. ICT and Aviation Maintenance should leverage each other to identify shared tools and
processes 

Adopting the best practice of a single systems is currently unrealistic, however, due to the
importance of Change Management and the impact it can have on critical systems,
Internal Audit will independently review the Aviation Maintenance change management
process in 2018. 

19

ICT IT Change Management Audit        INTERNAL AUDIT 
IMPROVEMENT #2 
ICT Management Response 
ICT Management agrees with the rating and recommendation. 

Aviation Maintenance Management Response: 
Aviation Maintenance Management would like to invite the Audit Team to review the Electronic
Technicians Change Management System. 
As ICT moves forward to upgrade their current Change Management system, aviation maintenance
would like to participate from the beginning to determine if any new processes would also meet the
needs of the entire organization. 



20

Limited Operational Audits 


21

INTERNAL AUDIT 
MARITIME STORMWATER UTILITY 
BACKGROUND 
The Port created the Maritime Stormwater Utility (Utility) by 
negotiating an agreement with the City of Seattle. On January 1, 
2015, the Port established the Utility pursuant to the Revised 
Code of Washington. Below reflects the department's annual 
revenue: 
Maritime Stormwater Utility 
Revenue                                  2015        2016    YTD 2017 * 
Sale of Utilities - Surface Water                          $4,403,498        $2,888,599      $1,912,784 
Sale of Utilities - Surface Water NWSP -               788,835        673,611 
Sale of Utilities - Intercompany -              1,073,549        564,116 
TOTAL                                   $4,403,498     $4,750,983    $3,150,511 
Data Source: PeopleSoft Financials                                                                                           *Through 8/31/2017 



22

INTERNAL AUDIT 
MARITIME STORMWATER UTILITY 
RESULTS 
We completed a limited operational audit of the Utility for the period 
January 2016  June 2017. The audit was performed to assess the 
design and operating effectiveness of internal controls. 
We  concluded  that  key  terms  in  the  Interlocal  Agreement  were 
achieved and that a system was established to assess and repair or
replace, stormwater infrastructure by December 31, 2019. IA identified 
the following issue: 
(Medium) Internal controls should be implemented to decrease the 
likelihood of billing errors. To improve efficiency, management should 
also develop a plan to automate the billing process. 
Management Response: 
Management agreed to implement internal controls by January 2018 
and will assess the feasibility of migrating the billing process into 
PROPworks by March 2018. 
23

INTERNAL AUDIT 
ON/OFF-BOARDING OF CONSULTANTS AND CONTRACTORS 
BACKGROUND 
The Port's Contingent (Contract) Workers Policy, establishes procedures so 
that independent contractors and temporary agency employees (contingent 
workers) are used appropriately and lawfully. 
The IRS developed criteria to determine their classification. The criteria 
are streamlined into three general categories: 
Behavioral control: The payer has the right to control or direct only the
result of the work and not what will be done or how it will be done. 
Financial control: How the individual is paid, e.g., weekly or hourly
versus a flat fee. 
Type of Relationship: How permanent and how the Port and individual
contractor views the relationship. 
Generally, the greater the behavioral and financial control, and the more
permanent the relationship is, the greater the likelihood that the individual
would be considered an employee. 
24

INTERNAL AUDIT 
ON/OFF-BOARDING OF CONSULTANTS AND CONTRACTORS 
RESULTS 
Management controls, for the period January 2016-September 2017 were 
not adequate to ensure compliance with Port Policy and IRS requirements. 
(High) The Port's Contingent (Contract) Workers Policy (the Policy) needs to 
be updated with recent IRS and case law guidance. The Policy has not been 
updated in almost 10 years and is not consistent with IRS guidance and case 
law. 
(High)  A  process  has  not  been  established  to  account  for  and 
manage/monitor on and off-boarding of contingent and contract workers. 
We identified over 250 non-Port employees some of which had begun 
working at the Port in 2002 and/or had received parking cards which is not 
allowed by Policy. 
Management Response: 
Management agreed to develop an updated Policy by March 2018 and will 
develop processes, procedures, and structures by June 2018. Strategic 
Initiatives will lead the effort with support from Human Resources and 
Development, Legal, ICT, and Capital Development. 
25

INTERNAL AUDIT 
CAPITAL PROGRAM  INTERNATIONAL ARRIVALS FACILITY 
BACKGROUND 
The  International  Arrivals  Facility  (IAF)  at  Seattle-Tacoma 
International  Airport  will  be  expanded  to  enhance  the 
international passenger experience, advance the Puget Sound 
region as a leading tourism and business gateway, and serve the 
traveling public. The IAF will be a multi-level, 450,000 squarefoot
facility with a 900 foot walkway. 
The Port elected to use a design-build approach, and selected 
Clark Construction as the design builder. This approach provides 
the Port with a single point of responsibility to carry out all work 
on the project. 


26

INTERNAL AUDIT 
CAPITAL PROGRAM  INTERNATIONAL ARRIVALS FACILITY 
RESULTS 
The scope of the audit was for the period July 2015  July 2017 and 
assessed the design and operating effectiveness of internal controls and 
to assure that vendors were being paid in a timely and accurate 
manner. 
We identified two opportunities where improving controls would allow 
Port management and Clark Construction to enhance the accuracy and 
timeliness of payments to contractors and subcontractors.
(High) Important elements of the design-build approach were missing. 
These resulted in unexpected costs due to rework and resulted in 
delayed payments to contractors and subcontractors. Some of the 
missing elements included incomplete designs prior to construction, 
some payments requests where incomplete, and work was authorized 
by Clark prior to signed change orders. 

27

INTERNAL AUDIT 
CAPITAL PROGRAM  INTERNATIONAL ARRIVALS FACILITY 
RESULTS 
(Medium) Internal Controls need to be enhanced to validate invoice 
totals to payments. This resulted in an overpayment of $89,454 to Clark 
in March 2017. 

Efficiency opportunity  Internal processes should be modified to allow 
for faster payment to Clark Construction which will also allow for faster 
payment to subcontractors and the small businesses that they employ. 
Port Management Response(Capital Development): 
We agree with the recommendations and believes that establishing a 
single Guaranteed Maximum Price (GMP) for the Contract, would give 
the Design Builder flexibility to manage and mitigate risk associated 
with the design build process. However, Clark has yet to produce a GMP 
that  the  Port  is  willing  to  accept  and  until  that  happens  Port 
Management will continue to exercise the contract provision that 
permits it to issue mini-GMPs to undertake limited scopes of work. 
28

INTERNAL AUDIT 
CAPITAL PROGRAM  INTERNATIONAL ARRIVALS FACILITY 
RESULTS 
Port Management Response (continued): 
Management agrees that there are opportunities to strengthen oversight of 
the Design-Builder. Clark Construction has made improvements to their 
management of subcontractors through controls management and training 
of the subcontractors on the proper way to submit change requests. 
Clark Construction Management Response 
Clark agrees that whenever possible, EWAs, WA, etc. should be executed 
prior to the commencement of the work. This practice will be followed 
wherever possible and practical for the nature of the design-build work. 
Clark will work with the POS to review additional delivery methods of the 
outstanding  exposures  to  ensure  the  information  being  presented  is 
accurate and timely. 
Port Management Response(Finance & Budget): 
Management acknowledges the Commission's desire to ensure that small 
businesses serving as subcontractors are paid on a timely basis, and is 
continuing to work on expediting the Port's payment process. 
29

INTERNAL AUDIT 
EASTSIDE FOR HIRE, INC. (ESFH) 
BACKGROUND 
On September 16, 2016, the Port entered into a CA with ESFH to 
provide  on-demand,  outbound  taxicab  and  for-hire  vehicle 
transportation  services  at  Seattle  Tacoma  International  Airport 
(STIA). The Agreement term is three years, commencing on October 
1, 2016 through September 30, 2019.
The introduction of TNC's at STIA provides additional choices to the
travelling public. The impact of these additional choices has led to a
decline in demand for taxicab/flat rate for-hire. The decline in
demand coupled with 405 taxi vehicles has resulted in lower than
expected driver wages. IA performed this audit, not only to verify
contract compliance, but also to evaluate processes, and to
recommend new approaches that may benefit taxi owner/operators,
ESFH, and the Port. 

30

INTERNAL AUDIT 
EASTSIDE FOR HIRE, INC. (ESFH) 
RESULTS 
We completed an audit of ESFH for the period October 2016 through July 
2017.  ESFH  was  awarded  the  CA  on  September  16,  2016  allowing 
approximately two weeks for ESFH to implement processes which partly 
contributed to some of the challenges faced. Two issues were identified: 
(High) Reconciliation and refunds of prepaid owner/operator charges and 
payments had not been performed since the start of the contract resulting 
in 323 drivers that were owed on average $2,224 apiece as of July 31, 2017.
This amounts to a significant sum for a driver making approximately $12/hr.
An independent set of 360 drivers also owed ESFH an average of $2,251. The 
table below reflects information as of July 2017 according to ESFH records. 
Owner/Operator Refunds or Billings Due
Total Refunds Due to   Total Additional Billings Due
Description                 Drivers              to ESFH
Total Amount                       $ 718,256        $ 810,486 
Number of Accounts/Drivers                           323                  360 
Amount Due to/Due from Per Driver       $ 2,224      $ 2,251 
Net Amount                     $ 302,450       $ 394,680 
Number of Vehicles after netting                         154                   251
Net Amount Due to/Due from Per Vehicle               $ 1,964      $ 1,572 

31

INTERNAL AUDIT 
EASTSIDE FOR HIRE, INC. 
RESULTS (continued) 
(High) Contract Non-Compliance 
I. Technology Activity Tracking: A real-time/near real time vehicle 
activity tracking software system has not been implemented. Instead, 
ESFH contracts with SP+ to perform manual counts. The manual counts 
are significantly lower, by an average of 5,162, than the Port's AVI data. 
II. Deadheading: From inception of the contract, deadheading targets 
have not been achieved. Although ESFH has paid liquidity damages, the 
spirit of the contract provision is not being met. 
III. Labor Harmony Agreement: A legally enforceable labor peace 
guarantee has not been obtained. 


32

INTERNAL AUDIT 
EASTSIDE FOR HIRE, INC. 
ESFH Management Response: 
Owners/operators owed $92,555 to ESFH for the trips performed from 
October 1, 2016 to July 31, 2017.  As of October 25, 2017, the 
reconciliation was complete and all airport fleet vehicles have been 
notified to come to the ESFH office to settle and bring their accounts 
current. 
ESFH will set up the set up the scanner equipment during the month of 
December and will implement using it on January 1, 2018. 
ESFH's goal was always to meet or exceed dead heading targets. We 
intend to create new business outside the airport, and this will reduce 
deadheading. Our goal is to meet deadheading targets by December 
31, 2017. 
Due to the Teamsters' attempt to change the Port required Labor 
Harmony Agreement to a full blown collective bargaining agreement; 
ESFH could not obtain a Labor harmony Agreement. 
33

INTERNAL AUDIT 
EASTSIDE FOR HIRE, INC. 
Port Management Response (Lance Lyttle, Managing Director Aviation) 
The ESFH contract has been extensively monitored for contract compliance since the award of
the contract in September of 2016. Specifically, no fewer than 58 meetings regarding
compliance have been held by POS staff. This number does not include weekly AV staff
meetings that are conducted to ensure internal coordination and communication of ongoing
developments related to this contract. 
Summary of Audit Findings and related POS Management Responses 
Reconciliation of prepaid owner/operator changes and payments. 
RESPONSE: On-site observations by POS staff on two occasions and physical logs provided by
ESFH as of November 15, indicate reconciliation through October 2017. Interviews of 25
drivers indicate repayment has been made. Internal Audit to independently audit these
repayments. 
Provide automated transparent mechanism to provide AVI data to drivers monthly. 
RESPONSE: Implementation FEB 1, 2018. 
Eliminate driver contribution of $.10/trip community fund and work with ESFH to eliminate
financial burden of short trips. 
RESPONSE: ESFH relieved of this RFP-proposed term on October 18, 2017. AV staff continues
to work with ESFH on issue of short trips. 
34

INTERNAL AUDIT 
EASTSIDE FOR HIRE, INC. 
Port Management Response (Lance Lyttle, Managing Director Aviation) 
Technology Activity Tracking: 
RESPONSE: Based on POS Legal interpretation, ESFH is non-compliant. 
Equipment installed in all vehicles Q1 2017. A manual bar-code scanner system is under
implementation by ESFH. A second POS AVI reader is to be installed by April 1, 2018.
Deadheading:
RESPONSE: ESFH in compliance via liquidated damages payments. 
Labor Harmony:
RESPONSE: Based on POS Legal interpretation, ESFH is noncompliant. Third party facilitator
awaiting Teamster joint agreement to discuss. 
Aviation Operations and Commercial Management staff have dedicated themselves to diligent
contract compliance oversight from the outset of the contract and will continue to do so. We
appreciate the opportunity to provide a comprehensive response to the audit findings. 


35

Lease & Concession Agreement
Compliance Audits 


36

INTERNAL AUDIT 
THE HERTZ CORPORATION DBA HERTZ CAR RENTAL 
BACKGROUND 
The Hertz Corporation (Hertz), a subsidiary of Hertz Global Holdings, 
Inc.,  is  headquartered  in  Estero,  Florida.  Hertz  maintains  a  local 
administrative office and fleet maintenance at the Consolidated Car 
Rental Facility owned by the Port. 
The terms of the agreement provide for a Minimum Annual Guarantee 
(MAG) of 85% of the total amount paid to the Port in the previous 
agreement year. Additionally, the agreement requires a Percentage Fee 
equal to 10% of gross revenues, provided the Percentage Fee is higher 
than the monthly MAG payment. Below reflects revenue earned by the 
Port: 
REPORTED GROSS REVENUE AND CONCESSION CALCULATION    CUSTOMER
FACILITY CHARGE 
AGREEMENT   REPORTED GROSS
CONCESSION FEES  REPORTED CFC FEES 
YEAR         REVENUES 
2014 - 2015              $54,963,037         $5,496,304         $5,379,168 
2015 - 2016               55,923,031          5,592,303          5,535,618 
TOTAL               $110,886,068       $11,088,607       $10,914,786 
Data Source: PeopleSoft Financials and Propworks 

37

INTERNAL AUDIT 
THE HERTZ CORPORATION DBA HERTZ CAR RENTAL 
RESULTS 
We completed a rental car concession audit of Hertz for the period 
June 2014  May 2016. The audit was performed to determine whether 
Port management's monitoring controls were effective and to assure 
that:  Hertz  reported  Concession  Fees  were  complete,  properly 
calculated, and remitted timely to the Port; that Hertz complied with 
significant financial provisions of the concession agreement (CA), as 
amended; and that the Customer Facility Charge (CFC) was properly 
collected and remitted. 
We concluded that Hertz materially complied with the terms of the car 
rental agreement, and that management controls were effective. We 
noted the following exceptions with the CFC: 


38

INTERNAL AUDIT 
THE HERTZ CORPORATION DBA HERTZ CAR RENTAL 
(Medium) 
Hertz did not collect the CFC at their three local locations within a three-
mile radius of the airport. The CA specifically requires Hertz to collect 
and remit the CFC to the Port for these locations if the customer arrives 
by plane within 12 hours. Our audit showed that in most cases a CFC was 
due to the Port, amounting to $205,236 during our audit period. 
Hertz did not consistently comply with their vehicle drop-off policy at the 
Consolidated  Rental  Car  Facility  location,  resulting  in  approximately 
$9,210 in CFCs due to the Port 
Management Response: 
Aviation Commercial Management will pursue collection from Hertz for the 
under-reported CFC's as stated above, the audit cost, and the applicable 
late fees and interest. Aviation Commercial Management will also work with 
Hertz  to  assure  a  mutual  understanding  of  the  definition  of "Airport 
Customer" so that future interpretations are consistent for both the Port 
and Hertz. 

39

INTERNAL AUDIT 
AVIS BUDGET GROUP DBA AVIS BUDGET CAR RENTAL 
BACKGROUND 
Avis Budget, headquartered in Parsippany, N.J., provides vehicle and car 
sharing services, operating four brands in the industry through Avis, Budget, 
Payless, and Zipcar. 
The agreement requires a Minimum Annual Guarantee (MAG) of 85% of the 
total amount paid to the Port in the previous agreement year or the MAG for 
the first agreement year at $5,950,000.00, whichever is greater. In addition, 
the agreement requires a Percentage Fee equal to 10% of gross revenues, 
provided the Percentage Fee is higher than the MAG payment. 


Data Source: PeopleSoft Financials and Propworks 
40

INTERNAL AUDIT 
AVIS BUDGET GROUP DBA AVIS BUDGET CAR RENTAL 
RESULTS 
The period audited was June 2013  May 2016. The audit was performed 
to determine whether Port management's monitoring controls were 
effective and to assure that: Avis Budget reported Concession Fees were 
complete, properly calculated, and remitted timely to the Port; that 
Avis  Budget  complied  with  significant  financial  provisions  of  the 
Concession  Agreement  (CA),  as  amended;  and  that  the  Customer 
Facility Charge (CFC) was properly collected and remitted. 
We concluded that management controls were effective and that Avis 
Budget  materially  complied  with  the  terms  of  the  CA  with  one 
exception: 


41

INTERNAL AUDIT 
AVIS BUDGET GROUP DBA AVIS BUDGET CAR RENTAL 
(Medium) Avis Budget was unable to provide us with details regarding 
adjustments made to customer bills.  This led us to conclude that Avis 
Budget did not maintain the details of adjustments in their recordkeeping 
systems. Additionally, this issue was a repeat finding that was identified in a 
prior internal audit of Avis Budget Group, LLC Audit (Report No. 2012-20).
Internal Audit is therefore disallowing $94,039 in adjustments that were 
noted during the audit period and seeking reimbursement for this amount. 
Management Response: 
Aviation Commercial Management will pursue collection of concession fees
from Avis Budget for the adjustments, for which they were not able to
provide supporting documentation, and the applicable late fees and
interest. Aviation Commercial Management will also clarify with Avis Budget
the records we expect them to retain in accordance with Article 8 of the
Lease. 


42