Internal Audit Department
Risk Assessment Approach
Strategic/Governance     Operational      Accountability/Transparency       Reporting       Information Technology (IT)      Compliance


Review Prior
Review Port                                     Final Risk
Audit Coverage                                                       Identify Risks
Audit Universe                                                          Data Analytics
Assessment
and Issues

? Reviews organization        ? Review prior audit        ? Determine            ? Conduct comprehensive    ? Conduct risk interviews
structure, changes,             coverage ? Likelihood                data analytics involving       with various key leaders
processes ? Impact   revenues and expenses across the Port
? Assess the status of prior ? Risk Scoring
? Inventory new/old           audit issues                                ? Identify risks based on     ? Obtain risk assessments
initiatives, projects, etc                                   ? Assess Available Audit         past and current             from management
? Identify emerging issues       Resources               financial performances       perspectives
? Set priorities
? Identify emerging issues

GENERATES

INTERNALAUDIT WORK PLAN

Internal Audit Department
Risks, Audit Universe, and Auditable Units Coverage
Strategic/Governance           Operational         Accountability/Transparency        Reporting        Information Technology (IT)          Compliance


KeyCentral
Comprehensive
Processing                                      Lease and               3rd Party               Limited                 Information
Operational
Systems                                   Concession             Management            Operational              Technology
Audits                 Audits                  Audits                 Audits                   Audits

? Reviews of systems         ? Reviews of Individual      ? Reviews of Lease and      ? Reviews of 3rd party      ? Reviews of Port or        ? Reviews of critical Port IT
common to multiple          operating unit reviews       Concession agreements      management            Division wide functional       infrastructure
Port operational units                                                         agreements               activity
? Audit Units
? Audit Units               ? Audit Units             ? Individual agreements     ? Audit Units            ? Audit Units             ? Audit Units
? accounts payable          ? Fire Dept                                 ? Individual service        ? Port wide operational      ? general and application
? payroll                 ? Police                                      agreements             issues/concerns            controls
? Aviation Maintenance                                                                  ? data security
? Prior Audit Coverage
? Prior Audit Coverage         ? Prior Audit Coverage       ? CTA                 ? Prior Audit Coverage      ? Prior Audit Coverage       ? Prior Audit Coverage
? payroll                 ? Ground Transportation     ? Avis Rent-A-Car         ? WTCS               ? Fleet Management        ? No audit specific
? accounts payable          ? Airport Public Parking      ? Host International        ? BHICC               ? Aviation Division           coverage in prior years
? receivable               ? Aviation Maintenance      ? Anthony's                                   overtime practices        ? will begin specific
? asset management         ? Marine Maintenance                                           ? P-card administration       covereage based on the
results of the Enterprise
and Risk Assessment in
2012
PROVIDES
? ASSURANCE
? CONTINUOUS IMPROVEMENT
? ACCOUNTABILITY
? EFFICIENCY
? EFFECTIVENESS

ATE:   November 13, 2012 
TO:    Audit Committee 
FROM:  Joyce Kirangi, Internal Audit Director
SUBJECT: Summary of Suggested 2013 Audit Projects Based on Risk Survey of Key Port Leadership

Internal Audit conducts a variety of procedures to prepare its annual risk assessment. Included are a series
of interviews with key Port leaders across five divisions to obtain management perspectives on the current
business environment and to assess risk landscape in their respective responsibility areas and for the Port
as a whole. Specifically, the following two questions were posed to each interviewee:
1.  What risks do you see in your area to which Internal Audit can add value through an independent
and objective review?
2.  Considering the Port as a whole, what areas (e.g., systems, processes, activities, departments, etc.)
do you see risks of negative impact?
We began the process early October and have recently completed the interviews. We held interviews with 
approximately fifty senior leaderships across the Port who understands Port business to include all
Division Directors, Chief Financial Officer, Chief of Staff, and CEO.
The following activities are not all-inclusive, but represent common areas of suggested 2013 orfuture 
audits.
They are not listed in any order of importance.
Lifecycle of purchases below $20,000 from acquisition to disposal or surplus
Small federal grants administration (e.g., cost allocation, supplemental compliance requirements)
Continue to cycle rental and concession agreements
Payroll processes at Police and Fire Department
Airport public parking
Issues related to fleet such as the cost of regular lube & oil and vehicle titles
Airport Federal Inspection Services (FIS) revenues
Port Jobs contract review before expiration
Review of Port's small business program (Small Contractors and Suppliers) for effectiveness
Review process of declaring emergencies in Port projects
Port Construction Services (PCS) close-out process for efficiency
Review process to ensure reliable container volume information to be used for the new volume driven
terminal leases
Aviation Maintenance inventory, small tools & equipment, and polices regarding mobile device usage
Continue to ensure adequate controls over Port expenses
Controls over the Port's deferred compensation programs
Controls over debt services