Enterprise Technology
Performance and Risk Assessment 

September 5, 2012

Protiviti Team


Protiviti Team 
Team                             Employment                  Professional
Title           Role                                Education 
Member                           History                  Licensure (s) 
Tony Samer    Managing  Account Managing   10 years US Navy, 11  B.S.  Mechanical  CISA 
Director   Director            years professional     Engineering, MBA 
services 
Daniel Hansen   Associate  Overall Project      11 years professional   B.S.  Management CISA, CBCP,
Director   Manager and IT Risk  services             Information        PCI -QSA 
Assessment QA                    Systems 
Jason Brucker   Associate  IT Performance     11 years professional   B.S.  Chemical    PMP, ITIL
Director   Assessment Lead     services             Engineering       Foundations,
CISA 
Tim Maloney     Senior   IT Performance     9 years professional   B.S.  Computer   CRISC, CISA,
Manager   Assessment QA     services          Information      PMP, ITIL
Systems         Foundations 
Tyler Jacobsen    Senior   IT Risk Assessment   10 years professional   B.S.  Information   CISA, CRISC 
Manager   Lead           services          Systems 
Torin Larsen      Senior    IT Risk Assessment   10 years professional   B.A.  Economics,   CISA, CISSP,
Manager   Team           services          MBA          CISM, PCI-QSA 

2       2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Protiviti Overview 
and Background

Protiviti Overview Background 
Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in
risk, advisory and transaction services.
Protiviti was launched in May 2002 and has over 20 years' investment in consulting tools, methodologies, business
process improvement and people. Protiviti is a wholly owned subsidiary of Robert Half International Inc., a $3.78 billion
public firm listed on the New York Stock Exchange (NYSE symbol: RHI), Our parent company, Robert Half
International, was founded in 1948 and has over 400 offices worldwide. RHI is the world's leading specialized staffing
and consulting services firm, in the placement of accounting, finance and technology professionals. 

Protiviti's clients include more than: 
35% of all Fortune 100 Companies 
25% of all Fortune 500 Companies 
20% of all Fortune 1000 Companies 
Protiviti is one of the fastest growing consulting firms worldwide. Our revenues have increased from US $15 million
in 2002 to US $424 million in 2011. 
Largest Independent risk consulting firm 
2,500+ professionals 
1,000+ clients 
70 offices 
14 countries in Americas, Europe and Asia-Pacific 


4       2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Global Presence 
Over 2,500 Professionals in Over 70 Offices 








5       2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Project Outline

Project Outline 
Phase 1: Understand IT Organization and Structure 
Gather and review existing documentation around applicable IT processes, entity level, strategy/planning,
controls, and identify key stakeholders. 
Gain an understanding of strategic company initiatives, critical projects (both planned and currently in flight). 
Develop initial plan for interviews to be executed and locations to be considered. 
Phase 2: Understand IT Environment 
Hold interviews with key IT management, process owners, and system owners to develop an IT footprint for
consideration of risk analysis. 
Analyze systems architecture and topology to gain an understanding of critical systems, applications, and
processes. 
Phase 3: Determine and Prioritize Risk Universe 
Aggregate findings from interviews and analysis of IT processes, applications, infrastructure and projects
and evaluate underlying IT process maturity and risk levels. 
Utilizing IT Governance frameworks currently in place (or widely accepted frameworks such as ITIL, CoBIT,
etc.), prioritize the populated risk universe based on raw and perceived risk ratings along with our experience
and internally developed risk assessment tools (Protiviti IT Risk Assessment Tool). 
Categorize IT processes and controls by process area into the Capability Maturity Model to highlight the
Company's processes and controls maturity. 


7       2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Project Outline (continued) 
Phase 4: IT Processes and Controls Benchmarking 
Work with key stakeholders and IT process owners to gather ITPI data for the IT benchmarking exercise, then
tabulate the results from the ITPI survey data.
Generate ITPI benchmarking results based on company size, industry, and objectives. 
Phase 5: IT Organizational Assessment and Improvement 
Benchmark gathered Port IT data and metrics against APCQ and Gartner data sources. 
Determine whether the IT environment, systems, and strategy are appropriate to effectively support the
business  today and into the future. 
Determine the adequacy of the Company's controls environment, especially in the areas of IT performance
metrics and capacity planning. 
Utilizing the results of this phase assessment along with the IT Risk Assessment and the IT benchmarking
exercise, determine and align the maturity of key IT organizational elements into the capability maturity model. 
Develop a roadmap to realize business and systems improvement opportunities and/or address existing gaps.
Develop detailed list of observations and recommendations of findings, control and process improvements, and
best practices for each phase executed. 
Develop a framework for tracking, comparing and reporting on core technology costs going-forward to
demonstrate general improvement and departmental efficiencies. 
Phase 6: Finalize IT Audit Plan 
Develop a 3-year IT audit plan with defined scope and objectives with consideration of the results from the IT
Risk Assessment and IT benchmarking exercise. The audit plan will be laid out in a timeline with consideration
of the level of effort, resources required, and perceived/recommended organizational priorities. 
Communicate the IT Risk Assessment, Risk Universe, and Benchmarking results along with the 3-year audit
plan to key stakeholders. 

8       2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Project Deliverables

Deliverables 
At the conclusion of this assessment, Protiviti will provide Port with a final report that will include the
following elements: 
Executive Summary 
Overview of the review procedures performed 
Summary of observations and key Improvement opportunities 
Summary of IT Risk Assessment approach and results 
IT improvement roadmap 
Audit Results 
IT risk heat map outlining key IT risk areas based on likelihood and impact to Port 
Three year audit plan with a brief description of each proposed audit, required skill sets and
estimated hours 
Audit analysis details of IT risk universe will be included in an appendix 
ITPI Results: 
Summary of ITPI results (KPIs, key control maturity, etc.) 
Capability maturity model summary of core IT processes 
Detailed results will be included in the appendix 


10     2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Deliverables (continued) 
IT Organizational Performance Results: 
Capability Maturity Model breakdown of Port IT based on IT Governance Framework (i.e., Strategic
Alignment, Value Delivery, Risk Management, Resource Management, Performance Metrics) 
Detailed observations and recommendations: 
IT organization cost analysis to comparable industry organization 
Recommended improvement in IT policies and procedures 
Improvement opportunities based on Protiviti's Model for Organizational Transformation (i.e.,
Strategy, Technology, Process, Organization, Common Language, Metrics, Skills, Structure,
and Cultures &Values) 
A process maturity summary for reach critical IT process areas (e.g., Asset Management,
Information Security, Business Continuity, etc.) 
Additional metrics and benchmarking details based on Gartner, APCQ and IT Process Institute 
Monitoring benchmark framework for tracking costs over time. 




11     2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

High-Level Project Timeline

Estimated Timing 
Project Week     Week 1     Week 2     Week 3     Week 4     Week 5     Week 6     Week 7     Week 8     Week 9     Week 10     Week 11     Week 12 
Project Phases 

Phase 1: Understand IT Organization and Structure            

Phase 2: Understand IT Environment                              

Phase 3: Determine and Prioritize Risk Universe                                   

Phase 4: IT Processes and Controls Benchmarking                                    
Phase 5: IT Organizational Assessment and

Improvement 
Phase 6: Finalize IT Audit Plan                                                                

13     2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

Confidentiality Statement and Restriction for Use 
This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half International Inc.
("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be
used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate
manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties. 


14     2012 Protiviti Inc. An Equal Opportunity Employer. 
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.