COMMISSION 
AGENDA MEMORANDUM                        Item No.          9a 
BRIEFING ITEM                             Date of Meeting     December 10, 2019 
DATE:     December 2, 2019 
TO:        Stephen P. Metruck, Executive Director 
FROM:    Glenn Fernandes, Director, Internal Audit 
SUBJECT:  Internal Audit  Audits Completed in 2019 
EXECUTIVE SUMMARY 
The purpose of this memo is to brief the Commission and the public on audits performed in the
2019 calendar year. The 2019 Audit Plan was approved at the December 7, 2018 Audit
Committee Meeting. 
Internal Audit has completed 18 audits and partnered with Information Security to report on
the results of the 2019 Payment Card Industry required annual self-assessment, per the 2019
Audit Plan. The audits identified 13 High Risk and 29 Medium Risk issues for management
action. Implementation of the associated recommendations will  strengthen internal controls,
enhance processes, and improve efficiencies. Internal Audit has a process in place where we
periodically follow up on recommendations and agreed upon management action plans to
assure action is taken. Delinquent action  plans are  periodically  brought to the Audit
Committee's attention. 
BACKGROUND 
On December 11, 2007, the Port of Seattle Commission passed a motion, which resulted in the
creation of an independent and objective audit function. In discharging their duty, the Internal
Audit Director and his staff are accountable to the Audit Committee and to the Executive
Director. 
For 2019, the Audit Committee was chaired by Commissioner Steinbrueck and Commissioner
Calkins served as the secretary. Christina Gehrke, Senior Vice President and Chief Audit
Executive at Sound Community Bank, served as the external member of the Audit Committee.
The Audit Committee serves as an arm of the Port Commission. 
Internal Audit conducts independent, objective, risk-based audits of the Port's operations,
activities and vendors. Our audits add value by helping the Port achieve its mission and result
in: financial stewardship, accountability, transparency, governance, and operational excellence. 
Internal Audit derives its authority from the Port Commission. 

Template revised April 12, 2018.

COMMISSION AGENDA  Briefing Item No. 9a                                  Page 2 of 2 
Meeting Date: December 10, 2019 
LISTING OF 2019 INTERNAL AUDITS COMPLETED 
Below is a list of audits completed by Internal Audit in 2019. These audits are categorized by
audit type. 
Limited Contract Compliance: 
1)  Sixt Rent A Car 
2)  EAN Holding, LLC 
3)  Anton Airfood of Seattle, Inc. 
4) Mad Anthony's, Inc. 
5)  Airport Tenant Marketing Program 
Operational: 
6)  Marine Maintenance Shop1 
7)  Airport Employee Access1, 2 
8)  Architectural and Engineering Consultant Rates1 
9)  Diversity in Contracting 
Operational (Capital): 
10) Noise Insulation Program1 
11) Concourse D Hardstand Holdroom1 
12) Checked Baggage Optimization Project (Phase 1) 
13) Shilshole Bay Marina Customer Facilities Project 
Information Technology:
14) Closed Network System Security1, 2 
15) HIPAA Security Compliance1, 2 
16) HIPAA Privacy and Breach Compliance1 
17) Inventory and Control of Hardware Assets1, 2 
18) Security of Personally Identifiable Information2 
19) Payment Card Industry (PCI)2, 3 
1 Highlighted audits have findings that are more significant. 
2 Security Sensitive  Exempt from public disclosure per RCW 42.56.420; these will not be discussed. 
3 This work was performed by an external Qualified Security Assessor. Internal Audit provided a summary report to 
the Audit Committee. 

ATTACHMENTS TO THIS BRIEFING 
(1)  Presentation slides 
PREVIOUS COMMISSION ACTIONS OR BRIEFINGS 
None. 

Template revised September 22, 2016.