5.Port of Seattle Audit Committee Presentation - Amended
Financial Stewardship Accountability Transparency Port of Seattle Audit Committee Internal Audit Update Glenn Fernandes - Director, Internal Audit June 17, 2021 Remote Meeting 2:30 PM – 4:30 PM Revised on June 17, 2021: Added a note on Slide 6 and added Slides 16 – 18. The subsequent slide numbers changed, accordingly. Operational Excellence Governance 2021 Audit Plan – Guiding Principles ➢ Professional Standards – Attestation & Advisory (Consulting) Services ✓ Generally Accepted Government Auditing Standards (GAGAS) ✓ International Professional Practices Framework (IPPF) ➢ Internal Audit (IA) value proposition to respond to COVID-19 impact and associated business risks: ✓ Limited Contract Compliance Audits, and Operational Audit of Rent & Concession Deferral Recovery - Direct relevance of Port’s financial relief and repayment activities ✓ Capital Project Audits – Incorporated COVID-19 related expenses and Change Orders into audits ✓ Cruise Terminals of America – 2020 Cruise Season Rent Credit Review Memo ➢ Capital Project Audits - Recent RCW changes require an independent audit of final cost reconciliation of any subcontractor selected through an alternative process when the GCCM project delivery method is used. IA will manage this process and will contract required work to external firms. ➢ IT Audit – Payment Card Industry (PCI) assessment is being done in-house for 2021. 2 Approved 2021 Audit Plan Limited Contract Compliance Operational Information Technology • Rasier, LLC • Rent & Concession Deferral Recovery • T2 Airport Garage Parking System • Lyft • Capitalization of Assets Replacement1 • Lenlyn Limited1 • Art Program • Malware Defenses – Aviation • Seattle-Tacoma International • Noise Monitor Data Accuracy Maintenance Limousine Association (STILA) • South King County Fund • Continuous Vulnerability Management • Dilettante Chocolate, INC • Biometrics1 • Fruit & Flower, LLC (DBA Floret • Payment Card Industry (PCI) - Internal Authority) Capital Security Assessor • Central Terminal Infrastructure Upgrade (Construction and Closeout Phases) • North Terminals Utilities Upgrade – Phase 11 • Baggage Optimization - Phase 2 • Restroom Renovations Phase 3 Prototype 1: Moved to 2021 audit plan from 2020 due to COVID-19 Pandemic. 3 2021 AUDIT PLAN STATUS Audit Title Type Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Noise Monitor Data Accuracy Operational South king County Fund Operational Central Terminal Infrastructure Upgrade (Construction and Closeout Operational - Capital Malware Defenses - Aviation Maintenance IT Seattle-Tacoma International Limousine Association (STILA) Contract Compliance Biometrics1 IT Art Program Operational Restroom Renovations Phase 3 Prototype Operational - Capital Lenlyn Limited1 Contract Compliance Payment Card Industry (PCI) - Internal Security Assessor IT Raiser, LLC Contract Compliance Lyft Contract Compliance Fruit & Flower, LLC (DBA Floret Authority) Contract Compliance Baggage Optimization - Phase 2 Operational - Capital T2 Airport Garage Parking System Replacement1 IT Continuous Vulnerability Management IT Rent & Concession Deferral Recovery Operational Capitalization of Assets Operational North Terminals Utilities Upgrade - Phase 11 Operational - Capital Dilettante Chocolate, INC Contract Compliance Complete KEY In Process Not Started 1: Moved to 2021 audit plan from 2020 due to COVID-19 Pandemic. 4 Open Issue Follow-Up Status – Aging Report as of June 17, 2021 *1 Nine issues outstanding for more than two years consist of: ▪One issue - Fishing & Commercial Operations - Manual Billing Process at Risk of Error – To be built in house / Commission approved $410,000 additional funding / implementation date, Q4 2021. ▪Two issues – Marine Maintenance Shop - One issue related to keys/badges tracking and the other issue related to fleet and fuel internal controls. ▪Six issues - IT Audits (Security Sensitive) - Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session. They are: Disaster Recovery Capability (1), AV/M Facilities & Infrastructure Data Centers (3), and Security of Personal Identifiable Information (2). *2 Four IT issues do not have Target Dates and are not included in this chart. These issues are in the process of being addressed, however, they are more than two years past the Report Date. See Appendix A for a detailed listing of outstanding issues aging as of June 17, 2021. 5 Audits Completed: 1) Art Program 2) Restroom Renovations Phase 3 Prototype 3) Biometrics* [Note: Slides 16 – 18 contain only the non-security sensitive contents from the audit report for discussion purposes.] 4) Lenlyn Limited * Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Report Not Discussed in Public Session. 6 Art Program ➢The Port of Seattle (Port) has been an active proponent of art since the late 1960s as the first public airport to establish a civic art collection. In November 2019, the Port Commission approved the Arts and Cultural Program Policy Directive (Policy). ➢The Policy aspires to position the Port as a national leader among its peers for art and cultural programming; promote programming throughout all Port and Port-related facilities; and engage the public. ➢The Policy required that effective January 1, 2020, one percent of the capital construction project costs will be budgeted to art, less allowable exclusions. Prior to January 2020, one-half of one percent of design and construction costs were required to be allocated to the program. 7 Governance by the Port-Wide Arts and Culture Board (Board) and funding has not occurred as required by the Arts and Cultural Program Policy Directive. Staffing levels and resources may also not be sufficient to develop and sustain an art program at both the aviation and maritime divisions. Governance The Board is comprised of nine members (two commissioners, four public members, and three executive leadership team members or designees from Aviation, Economic Development, and Maritime divisions). Due to complex scheduling requirements, governance meetings have not been occurring consistently, as scheduled. Staffing and Resources Although internal resources and a contractor have recently been assigned, only one full-time aviation employee manages the art function. 8 Funding (Issue continued) For Aviation, a one-time increase of $1.223 million was made as a retroactive adjustment in January 2021. This adjustment was for projects with an effective date of January 2017. In 2021, a $1.453 million decrease occurred and represented a reconciling adjustment for a 2014 decrease to the art budget (no funds were spent for art acquisitions*). For the International Arrivals Facility and North Satellite construction projects, the Aviation group procured art purchases directly out of the project budgets and did not use the art pool. Year Transfers In Transfers Out 2017 $10,000 - 2018 - - 2019 - - 2020 - - 2021 $1,223,000 $1,453,034* Maritime and Economic Development did not fund an art pool or make art purchases from the art pool between 2017 and 2021. 9 Recommendations Governance To assure meetings occur as scheduled, the Board should consider revising the requirements of who needs to be present for a meeting to proceed as scheduled. Funding To reduce administrative burden and accounting transactions, funding requirements should be simplified to a one-time annual allocation based on a percentage of the capital budget. Staffing The Board should review the Five-Year Strategic Plan including the resource assessment, performed by the Lumiere Group. Adjustments to the plan might be necessary based on committed resources. 10 Management Response Aviation Response The Aviation Division agrees with the recommendations and will work with the Executive Director and the Port-Wide Arts and Culture Board on the changes to the governance, funding and staffing resources necessary to implement the recommendations. The Aviation Division supports the recommended once a year art budget allocation to the Aviation Art Pool rather than percent (%) allocation for each project when the construction budget is authorized. Maritime and Economic Development Response The Maritime and Economic Development Divisions agree with the finding and recommendation related to the governance. With respect to funding, the Maritime Division agrees with the recommendation that funding and staffing/resources be aligned as well as simplified, however, we do not believe the same solutions will make sense to all divisions across the Port. We will work with the Executive Director and the Port-Wide Arts and Culture Board on the changes to the governance, funding and staffing resources necessary to address the findings in ways appropriate to our facilities. DUE DATE: 12/31/2021 11 Restroom Renovations Phase 3 Prototype ➢ The Project renovated and enlarged one public restroom set on Concourse D, which improved maintainability and accessibility. ➢ Construction phase of the Project included FAA entitlement funding that covered approximately 75 percent of the construction cost. ➢ Engineer’s estimate was $1.86 million. Two bids were received. The lowest was $3.08 million, or 65 percent more than the estimate. ✓ Internal Audit (IA) was told by the estimator, hired by the Port, that the estimate was an accurate reflection of what the Project’s cost should have been for an airport in the Seattle market, based on the 100% complete designs that were provided. The estimator brought to IA’s attention that the mechanical/plumbing subcontractor was the same for both companies who submitted bids and the possibility that if contractors are aware that there are few bidders, then it is likely bids will be higher. ✓ Port staff indicated that the bids were higher than expected because only two bids were received, which had an impact on competitive pricing, higher than anticipated bids and difficulty obtaining bids from subcontractors, and that the estimator was not familiar with the Seattle market. 12 Restroom Renovations Phase 3 Prototype (continued) ➢ PCL Construction Services was awarded the contract for $3.08 million. There were approximately $517K in executed change orders, which increased the construction budget to $3.59 million. ➢ The initial expected date of substantial completion was June 2, 2020. The Port approved 83 days that extended substantial completion to August 28, 2020. ➢ PCL met the required substantial completion date and physical completion was achieved on December 16, 2020. 13 1) Rating: Medium The Port was overbilled approximately $12,314 through force account change orders. This occurred because of incorrect labor hours and billing rates submitted by PCL for COVID-19 supervisors. ➢Errors were due to the Port being billed on a set rate for supervisors, instead of actual costs, and one day where the Port was billed for eight hours while the supervisor worked six hours. Hours Actual Billed Correct Rate Hour Overbilled/ Title Billed Hours Rate Rate Diff. Diff. Markup (Underbilled) Supervisor 1 424.0 424.0 $107.31 $110.59 $(3.28) 0 20% $(1,668.86) Supervisor 2 348.5 346.5 $107.31 $74.30 $33.01 2 20% 13,983.09 Total Overbilled $12,314.23 Source: Timesheets received from PCL, Daily Force Account Sheets, and monthly summaries of the amount paid for COVID supervisors. ➢We recommend that the Port seek and recover any amount due. 14 Management Response A deductive change order has been executed to recoup the amount that was overbilled by the Contractor and we are expecting repayment in June. Additional controls have been added to the Standard Operating Procedures (SOP) for Force Account work to specifically address verification of rates for non-labor (exempt) employees. The Port will reiterate to all our contractors the importance of verifying their information before submitting to the Port. DUE DATE: Completed 15 Biometrics ➢ This audit covered the period from January 2020 through May 2021. ➢ The audit was performed to evaluate the adequacy of internal controls related to secure data storage, privacy, and network security around the processes for creating, storing and transmitting biometric data for the Biometric Air Exit (BAX) project. ➢ In addition, Internal Audit reviewed compliance with the 49 requirements of the Port of Seattle’s EX-23 Biometric Air Exit Policy and the U.S. Customs and Border Protection’s (CBP’s) Biometric Air Exit Business Requirements (v2.0). ➢ CBP is congressionally mandated to implement a biometric entry/exit system. 16 Biometrics (continued) ➢ The Port of Seattle (Port) Commission, on March 10, 2020, directed staff to implement new policies governing the implementation of Biometric Air Exit at SEA. ➢ Based on the work we performed, and the information gathered, Internal Audit concluded that the BAX program has achieved reasonable compliance with both CBP and Port policy requirements. 17 Biometrics (continued) ➢ By implementing BAX, the Port was able to control the training of airline personnel and require that the training included sensitivity for dealing with passengers who might be concerned with facial recognition. ➢ Additionally, the Port was able to receive approval from CBP to develop and use its own signage at the departure gates to allow for considerably larger signs, with language that more clearly explains the passengers’ rights for accepting or declining to use facial recognition. 18 Lenlyn Limited ➢ A seven-year, Lease Agreement (Agreement) took effect in April 2014, to allow Lenlyn Limited to offer foreign currency exchange services at four locations - Concourse A, Baggage Claim 6, South Esplanade, and South Satellite at the Seattle-Tacoma International Airport (SEA). ➢ During COVID-19 pandemic, Lenlyn Limited was given a temporary suspension (elimination) of Minimum Annual Guarantee (MAG) from March through December 2020. The MAG amount paid for the month of March 2020 was retroactively credited to the tenant’s account. ➢ Agreement term expired in April 2021; since then operating in a month-to-month arrangement; and currently, negotiating a contract renewal. ➢ The table below reflects Gross Revenues as reported by Lenlyn Limited, and the MAG and percentage fees as billed by the Port: Agreement Year (April – March) Gross Revenue MAG Percentage Fees Total Rent 2017/2018 $16,752,045 $1,000,000 $317,763 $1,317,763 2018/2019 16,658,466 1,317,763 70,302 1,388,065 2019/2020 14,907,553 1,317,763 15,334 1,333,097 Total $48,318,064 $3,635,526 $403,399 $4,038,925 Source: Lenlyn Limited Monthly Revenue Reports; PeopleSoft Financials, and AFR Concession documents. 19 Lenlyn Limited underreported $324,836 in foreign currency and other service gross revenues, which resulted in approximately $12,023 in additional percentage fees owed to the Port. Furthermore, the Lease Agreement did not specify the customary five percent late fee, resulting in $4,260 in potential lost revenue to the Port. 20 Under-reported Gross Revenue: (Issue continued) Purchase Commission - The foreign currency gross revenue calculation erroneously subtracted Purchase Commission, resulting in $305,839 unreported revenue for the audit scope, or $12,023 percentage fees due to the Port. Agreement Year Purchase Commission Under Payment April 2017 - March 2018 (Four) $109,304 $10,930*1 April 2018 - March 2019 (Five) 105,096 1,093*1 April 2019 - March 2020 (Six) 91,439 N/A*2 Total $305,839 $12,023*1 Source: Lenlyn’s recalculation worksheets supported by its original monthly rent calculation worksheets, P&L and GL reports, etc. *1 Under payments subject to recovery. *2 For Agreement Year Six, MAG, which was greater than the total percentage fees, was used instead for the annual true-up to determine the under/over payments per the Agreement (Section 4.2). Therefore, the additional Purchase Commission per recalculation did not have any impact on the annual under/over payment determination. Other Services - SIM card sales of $18,997 were omitted from the reported revenue to the Port in Agreement Year Six.*2 Late Payment Fees - A five percent late fee of $4,260 in total for two late payments was not assessed, because the Agreement did not specify the customary late fee language. 21 Recommendations Management should: 1. Pursue collection of the additional percentage fees of $12,023 (estimate). 2. Define and specify in a new Lease Agreement, the foreign currency gross revenue calculation method/components, and gross revenue inclusion and exclusion items more clearly and thoroughly reflecting the foreign currency exchange concession. 3. Specify five percent late fees in the Late Charges section of a new Lease Agreement. 22 Management Response ➢Management has engaged the tenant to address the outstanding balance for the additional percentage fees of $12,023. The tenant has a credit on their account, which covers the outstanding balance, and they have requested that the outstanding balance be cleared via the application of the credit. In the preparation of a new Agreement, Management has engaged Lease Administration, Accounting, and Legal to ensure a clear understanding of the revenue reporting language of the contract for ease of administrations, and the late fee charges have been reinstated within the new Agreement as well. 23 Appendix A – Aging of Outstanding Issues as of June 17, 2021 24 Appendix A – Aging of Outstanding Issues as of June 17, 2021 Operational, Capital, Information Technology, and Limited Contract Compliance Audits Months/Years Months/Years Days Outstanding Outstanding Days Outstanding Outstanding Type Audit Description Rating Report Date Target Date (from Report Date) (from Report Date) (from Target Date) (from Target Date) Operational Audit Fishing & Commercial Operations Maritime Manual Billing Process at risk of error High 2/23/2018 12/31/2021 1210 More than 2 years -197 Not Due IT Audit AV/M Facility & Infrastructure Data Centers Security Sensitive High 12/4/2018 No date supplied 926 More than 2 years N/A N/A IT Audit AV/M Facility & Infrastructure Data Centers Security Sensitive High 12/4/2018 No date supplied 926 More than 2 years N/A N/A IT Audit HIPAA Security Security Sensitive High 9/4/2019 7/31/2020 652 1-2 years 321 6-12 months IT Audit HIPAA Security Security Sensitive High 9/4/2019 7/31/2020 652 1-2 years 321 6-12 months Operational Audit Architecture & Engineering Determine fair and reasonable High 12/9/2019 6/30/2020 556 1-2 years 352 6-12 months Operational Audit Architecture & Engineering Management review over max rates High 12/9/2019 6/30/2020 556 1-2 years 352 6-12 months Operational Audit Architecture & Engineering Contract accuracy High 12/9/2019 6/30/2020 556 1-2 years 352 6-12 months Operational Audit Ground Transportation - Taxicabs Reconciliation process High 12/1/2020 12/31/2021 198 6-12 months -197 Not Due IT Audit Disaster Recovery Capability Security Sensitive Medium 11/29/2017 No date supplied 1296 More than 2 years N/A N/A IT Audit AV/M Facility & Infrastructure Data Centers Security Sensitive Medium 12/4/2018 No date supplied 926 More than 2 years N/A N/A IT Audit Security of Personal Identifiable Information Security Sensitive Medium 2/26/2019 12/31/2019 842 More than 2 years 534 1-2 years IT Audit Security of Personal Identifiable Information Security Sensitive Medium 2/26/2019 3/31/2020 842 More than 2 years 443 1-2 years Operational Audit Marine Maintenance Shop Keys and badges tracking Medium 6/14/2019 12/31/2023 734 More than 2 years -927 Not Due Operational Audit Marine Maintenance Shop Fleet and fuel internal controls Medium 6/14/2019 12/31/2023 734 More than 2 years -927 Not Due IT Audit HIPAA Security Security Sensitive Medium 9/4/2019 7/31/2020 652 1-2 years 321 6-12 months IT Audit HIPAA Security Security Sensitive Medium 9/4/2019 7/31/2020 652 1-2 years 321 6-12 months IT Audit Closed Network System Security Security Sensitive Medium 9/5/2019 3/31/2020 651 1-2 years 443 1-2 years IT Audit Closed Network System Security Security Sensitive Medium 9/5/2019 3/31/2020 651 1-2 years 443 1-2 years IT Audit Closed Network System Security Security Sensitive Medium 9/5/2019 6/30/2020 651 1-2 years 352 6-12 months IT Audit Inventory and Control of Hardware Assets Security Sensitive Medium 11/12/2019 6/30/2023 583 1-2 years -743 Not Due Operational Audit Architecture & Engineering Governance Medium 12/9/2019 6/30/2020 556 1-2 years 352 6-12 months IT Audit Network Password Management Security Sensitive Medium 3/20/2020 9/30/2020 454 1-2 years 260 6-12 months IT Audit Network Password Management Security Sensitive Medium 3/20/2020 12/31/2020 454 1-2 years 168 0-6 months IT Audit Network Password Management Security Sensitive Medium 3/20/2020 12/31/2022 454 1-2 years -562 Not Due IT Audit Secure Configuration for Hardware and Software on Mobile Devices, Security Sensitive Medium 8/21/2020 12/31/2021 300 6-12 months -197 Not Due Laptops, Workstations and Servers IT Audit Secure Configuration for Hardware and Software on Mobile Devices, Security Sensitive Medium 8/21/2020 12/31/2021 300 6-12 months -197 Not Due Laptops, Workstations and Servers IT Audit Malware Defenses Security Sensitive Medium 9/4/2020 6/30/2021 286 6-12 months -13 Not Due Capital Audit AOA Perimeter Fence Liquidated damages Medium 9/8/2020 12/31/2020 282 6-12 months 168 0-6 months Lease and Concession Audit Concourse Concessions LLC RE-2 policy review Medium 9/10/2020 12/31/2020 280 6-12 months 168 0-6 months IT Audit Inventory and Control of Software Assets Security Sensitive Medium 11/24/2020 12/31/2021 205 6-12 months -197 Not Due IT Audit Inventory and Control of Software Assets Security Sensitive Medium 11/24/2020 12/31/2021 205 6-12 months -197 Not Due IT Audit Inventory and Control of Software Assets Security Sensitive Medium 11/24/2020 12/31/2021 205 6-12 months -197 Not Due IT Audit Malware Defenses - Aviation Maintenance Security Sensitive Medium 3/17/2021 6/30/2021 92 0-6 months -13 Not Due IT Audit Malware Defenses - Aviation Maintenance Security Sensitive Medium 3/17/2021 12/31/2022 92 0-6 months -562 Not Due Capital Audit Central Terminal Infrastructure Upgrade (Construction & Closeout) Critical milestones not met Medium 3/24/2021 6/30/2021 85 0-6 months -13 Not Due Lease and Concession Audit Lenlyn Limited Underreported revenue Medium 5/28/2021 6/30/2021 20 0-6 months -13 Not Due Operational Audit Art Program Governance, Funding, Staffing/Resources Medium 6/4/2021 12/31/2021 13 0-6 months -197 Not Due Lease and Concession Audit Seattle-Tacoma International Limousine Association (STILA) MAG payments Low 3/18/2021 3/31/2021 91 0-6 months 78 0-6 months 25
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.