Request for Proposal (RFP)
Preliminary Scope of Work
IT Risk Assessment and Performance Audit
Technology is rapidly changing and Port operations are fully dependent on
technology; this makes it critical that such technology is fully integrated with the
Port's strategic plan.
IT operations and delivery is broad and include, but is not limited to IT hardware, software, IT
security, data storage, licensing handling, outsourced services, communications and operational
management etc.

A. IT Risk Assessment and Development of a Long-term Audit Work Plan

Identify and evaluate technology risks for the Port of Seattle as it relates to
IT operations and service delivery. Assess the effectiveness of the current
IT risk management and strategies for mitigating such risks.
Leveraging on IT work that has already been conducted by other Port
consultants or Port staff, develop a technology auditable universe and
rank the universe items based on a specific weighted risk model.
Present the weighted risk model and observations for management
review.
Based on the current technology environment and the risk exposure for IT
operations and service delivery, develop recommendations for a three-
year IT Audit Work Plan that is aligned with the Port strategic direction. 

B. Assess the overall management, efficiency, and effectiveness of all Port
information and communications technology assets and services with
focus on the following key areas:

Strategy
Are all Port technology assets and services managed, and driven by clear
and effective strategies?

Are Port technology investments and operations in alignment with
Corporate and Business Unit needs?
Are new and rapidly evolving technology industry trends leveraged to
effectively best serve Port wide strategies and initiatives?
Operations
Are Port wide technology staffing levels, organizational structures, and
level of infrastructure investment appropriate for the size and complexity of
the Port's operations and business requirement?
Are Port technology costs in alignment with relevant industry
benchmarks?
Does the Port follow industry best practices in the delivery of its
technology services?
Are capacity, performance, and availability monitored to ensure Port
technology assets and services are maximizing the investment in these
resources?
Are Port wide security, PCI, software licensing, and other enterprise
technology compliance issues being properly managed?
Do effective technology cost management processes exist?
Are technology cost allocation/recovery methodologies utilized, and are
they reasonable and appropriate?
Investment
Are technology costs and investments visible, and managed from a Port
wide perspective?
Are Port technology investment decisions optimized from an enterprise
wide perspective, and are they made using well-founded business cases
and decision processes?
Are technology projects effectively managed and monitored as to cost,
schedule, risks and achievement of stated benefits? 
Are technology asset life cycles properly managed? 
Governance
Is there effective enterprise wide governance over all Port technology
investments, budgets and operations?
Risk Management
Are technology operational and service interruption risks effectively
identified and managed?