Commissioners                                                                  Tay Yoshitani 
Bill Bryant 
Chief Executive Officer 
Commission President 
Tom Albro                                      P.O. Box 1209 
John Creighton                            Seattle, Washington 98111 
Rob Holland                                  www.portseattle.org 
Gael Tarleton                                    206.787.3000 
An audio recording of the meeting proceedings and meeting materials are available on the Port of Seattle
web site - www.portseattle.org. 
APPROVED MINUTES 
AUDIT COMMITTEE SPECIAL MEETING DECEMBER 6, 2011 
The Port of Seattle Commission Audit Committee met in a special meeting Tuesday, December 6, 2011, in
the Commission Chambers at Pier 69, 2711 Alaskan Way, Seattle, Washington.  Committee members
Commissioner Albro, Christina Gehrke, and Alternate Member Commissioner Tarleton were present, as
well as Tay Yoshitani, Chief Executive Officer; Dan Thomas, Chief Financial Officer; Lauren Smith,
Manager of Human Resources  Information  System; Jeff Hollingsworth, Senior Manager of Risk
Management; Joyce Kirangi, Internal Audit Department Director; Jack Hutchinson, Internal Audit Manager; 
Tom Barnard, Research and Policy Analyst; and Katherine Blair, Commission Records Specialist. 
Commissioner Holland was absent. 
Call to Order: 
The committee special meeting was called to order at 9:10 a.m. by Commissioner Albro. 
Approval of Audit Committee Meeting Minutes of November 1, 2011: 
On motion by Commissioner Tarleton, seconded by Commissioner Albro, the minutes of the Audit
Committee special meeting of November 1, 2011, were approved. 
Enterprise Risk Management Project: 
Mr. Thomas stated that enterprise risk management (ERM) examines risk at an enterprise level with an
emphasis on an organization's strategies and objectives. The main purpose is to establish a common
framework and methodology for evaluating risks.  Particular focus is in the dialog between the board and
management.  Port staff concentrated on the COSO (Committee of Sponsoring Organizations of the
Treadway Commission) ERM framework. Mr. Thomas noted that the first ERM pilot project was undertaken
last year with Harbor Services. In 2011 the ERM project focused on Information Communication and
Technology (ICT).  Mr. Thomas noted the importance of concentrating on evaluating the usefulness and
benefit of the framework for considering enterprise-level risks and the appropriate degree of application of the
methodology for Port operations. 
Ms. Smith stated there are two stages to the ERM process, including a series of interviews and a
workshop. Interviews included 19 different people, senior managers, middle managers, and front line staff,
both in ICT and five ICT stakeholders. Members in the ICT department were asked: 
Given your strategic objectives what are the biggest risks to achieving those? 
ICT users where asked: 
What do you see as the biggest risks to achieving your business objectives with regard to ICT
services?


PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 2 of 4 
TUESDAY, DECEMBER 6, 2011 
Over 50 risks were identified and consolidated in a draft risk register, which was shared at the workshop. 
In response to Commissioner Albro, Mr. Hollingsworth noted that five ICT stakeholders were identified in
conjunction with Kim Albert, Senior Manager of ICT Business Services, and included Lindsay Pulsifer, Mark
Coates, Dakota Chamberlin, Rudy Caluza, and Mike Ehl. 
Ms. Smith noted that after discussing the results in the workshop, the second part of the workshop focused
on creating a risk matrix that included the likelihood of a risk's occurrence and the impact if the risk occurs. 
In response to Commissioner Tarleton, Ms. Smith stated that the people who were interviewed were the
ones invited to participate in the workshop.  Commissioner Tarleton stated that the fact that the 50 risks
were consolidated into 17, which were then consolidated down to 16 at the workshop, demonstrates that
the methodology for consolidating those risks is sound. 
Ms. Smith stated that the workshop used real-time voting software, which participants used to vote on the
likelihood the risk would happen and the impact if the risk happens (given the mitigation efforts already in
place). In response to Commissioner Albro, Ms. Smith stated that time was spent discussing the rating
scale of one to nine and what the numbers meant, but there was not a criteria-by-criteria rating.  If there
was a wide discrepancy, time was taken to discuss why there was a large variation in view.  Mr.
Hollingsworth noted that each participant had a copy of the risk assessment worksheet.  Commissioner
Albro stated in his experience there is value in naming the consequence to the risk. Mr. Hollingsworth
noted that if they were going to look into mitigating any of the identified risks that the next steps would
include identifying the consequences. 
Mr. Hollingsworth noted impact and likelihood were weighted equally for the final score. Commissioner
Tarleton noted it was interesting that decentralized systems were identified as the highest risk and highest
likelihood out of the 16.  Decentralized systems can also create a cushion to help rebuild capacity and
potentially rebuild systems due to catastrophic loss. Ms. Smith commented that the decentralized systems
also included decentralized management and decision making and coordination.  Commissioner Albro
asked about the ICT budget as a risk.  Mr. Thomas stated it was a risk of having insufficient funding. 
Commissioner Albro stated that there is also opportunity cost from a growing ICT budget as it pulls money
away from other projects.  He stated it is important to look at the enterprise as a whole when identifying
risks. 
Commissioner Albro noted there has been some concern with the governance model used to prioritize ICT
projects.  Commissioner Albro asked where that process was identified.  Mr. Hollingsworth stated it is
embedded within multiple risks.  Ms. Smith stated in the discussions it did not come up as a risk.  Mr.
Yoshitani stated the governance model forces everyone to sit at the same table and recognize there is a
limited resource and capacity. Commissioner Tarleton stated there is no perfect governance model for ICT,
but there is an appropriate one and the performance audit should help determine if the model used by the
Port is appropriate. 
Ms. Gehrke observed that all 16 risks were either likely or almost certain. She asked if there was
something in the modeling that overstated risk.  Mr. Hollingsworth stated there were other items identified,
but because of the mitigation already in place were not included in the risk matrix.  Ms. Gehrke suggested a
statement that the only risks listed are those of high likelihood in the interest of transparency. 
Comprehensive Operational Audit  Airfield Operations: 
At the discretion of the Chair, a written report was accepted in lieu of a staff presentation on the 
Comprehensive Operational Audit of Airfield Operations, covering the period of January 1, 2008, to
December 31, 2010.  The purpose of the audit, as reported, was to determine whether management had
implemented adequate controls to ensure the following:

PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 3 of 4 
TUESDAY, DECEMBER 6, 2011 
Revenue generated by the Airfield Operations Department is complete and accurate; 
Professional services contracts are in compliance with requirements; 
Small and attractive items are properly safeguarded; and 
Benchmarks are available and can be used to help improve Airport operations. 
The report included no findings of significance, and there was no discussion of this agenda item. 
Approval of Peer Review for Internal Audit Department: 
Ms. Kirangi stated that a lot of time has been spent discussing different auditing standards and models and
there is a commitment to have a peer review completed in 2012 of the Internal Audit department. She said
there are two questions for discussion and approval: 
What framework of internal audit is the Port following? 
Who will conduct the peer review? 
Ms. Gehrke stated that it is clear that the Port has to follow the Government Accountability Office's
Government Auditing Standards (Yellow Book) as a government entity; however, there may be items in the 
International Standards for the Professional Practice of Internal Auditing (Red Book) that should be looked
at that would be beneficial.  Ms. Gehrke noted that there were no concerns with having the Association of
Local Government Auditors (AGLA) do the peer review work. Ms. Kirangi noted the opinion letter would be
on the Yellow Book, and that if elements are selected from the Red Book a second opinion letter would be
necessary. Ms. Gehrke suggested having an opinion on both the Yellow and Red Book with gaps identified
so the committee can discuss the gaps and see if they are applicable.  Ms. Kirangi stated that the Internal
Audit department used the Yellow Book and, when the department is audited, that is the standard that is
used.  In terms of combined processes, the Internal Audit department uses the Government Auditing
Standards rather than the Red Book.  Ms. Gehrke responded that the structure at the Port includes an 
Audit Committee, which is not provided for in the Yellow Book. She stated this structure suggests there are
elements applicable to the Red Book that are in use. 
Commissioner Albro requested that Ms. Kirangi review the minutes from November 1, 2011, particularly the
prior discussion on the peer review for Internal Audit. Commissioner Albro stated there are two ways the
peer review can be completed.  One would be to audit to both the Yellow and Red Books and identify the
gaps.  The other option would be to include specific items from the Red Book, including looking at the
charter; looking at the reporting and communication to the Audit Committee; and management of the Audit
Department, among others.  Commissioner Albro asked to see a letter of engagement or a letter of
invitation that describes exactly what the Port is asking the agency that will do the peer review to do.  The
Audit Committee will need to see the official document and approve it before it is mailed or published.
Commissioner Albro asked to have the letter at the January 10, 2012, committee meeting for approval. 
In response to Ms. Kirangi, Ms. Gehrke clarified the committee does not need a request for proposal, rather 
an engagement letter that clearly states what the scope of work will include. 
Mr. Barnard stated that there are no concerns if the AGLA needs to submit two letters of opinion as long as
the content is covered. Commissioner Tarleton stated that she is not as concerned with who does the
work, but wants the scope of work to be clear and approved by the Audit Committee. 
2011 Work Plan Status Update: 
At the discretion of the Chair, a written report was accepted in lieu of a staff presentation on the 2011 Work
Plan Status Update, showing the status of various Internal Audit department projects and allocation of
department resources. There was no discussion of this agenda item. A copy of the presentation material
is on file in Port offices.



PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 4 of 4 
TUESDAY, DECEMBER 6, 2011 
2012 Proposed Internal Work Plan: 
Mr. Hutchinson stated the Internal Audit department uses a risk-based audit approach.  Key leaders from
across the Port have been interviewed and shared what their key concerns are in their divisions and Portwide.
Six overall risks where identified including ICT, strategic/governance, operational, compliance,
accountability/transparency, and reporting risks. He reported that the preliminary 2012 work plan includes
lease and concession, limited operational, business units/department, third-party management, and central 
key processing system audits. 
Ms. Gehrke asked for statistics of the auditable units that shows how many belong to which group, such as 
lease and concession audits. Mr. Hutchinson stated that over 90 percent would be lease and concession
audits. Ms. Gehrke requested that lease and concession audits be separated from the remaining auditable
units, and for the remaining to be listed out. 
Ms. Gehrke stated that it is unclear how the six different areas of impact are combined to form one impact
score. She noted the maximum total score is 25, but the highest score is a 14.25, which suggests there is
no critical risk at the organization, although the results of the ERM showed a lot of high critical risk in ICT. 
Ms. Gehrke asked if there was a disconnect between how Internal Audit and management view risk and
how ERM should be incorporated into the Internal Audit risk assessment.  Mr. Hutchinson stated they 
would provide the requested information and noted that the scale used by ERM is different from the Internal
Audit department and is completed from the management perspective.  Commissioner Tarleton stated that
the ERM is still a pilot and before the systems are blended there should be more discussion.  Ms. Gehrke
stated there should be some examination of why the ERM would show high risk, when the auditors do not
show a high risk. Commissioner Tarleton commented that the peer review might help when looking at the
way risk is determined. Ms. Kirangi stated that one of the items used in determining risk is information from
past audits. 
Commissioner Albro asked that the Internal Audit department look at the concerns raised by Ms. Gehrke. 
Commissioner Albro then stated the work plan presentation shows Commission Directives/Policies as a
strategic/governance risk, but that he also views it as a compliance risk, accountability/transparency risk,
and a reporting risk. He asked that the governance section in the Annual Risk Assessment Plan and 2012
Proposed Work plan document be revised to include compliance risk, accountability/transparency risk, and
reporting risk for Commission Directives/Policies and that the delegation of authority auditable unit be
rescored. 
At the discretion of the Chair, the following agenda item  
Preliminary Scope Discussion for IT Risk Assessment and Performance Audit 
was postponed to a subsequent committee meeting. 
Adjournment: 
There being no further business, the special meeting was adjourned at 10:30 a.m. 
Rob Holland 
Secretary 
Minutes approved: January 10, 2011