Financial Stewardship               Accountability                    Transparency    Item No. 11a supp
Meeting Date: December 14, 2021

2021 Summary of Internal Audits
Glenn Fernandes - Director, Internal Audit

December 14, 2021
Remote Meeting
12:00 PM  5:00 PM

Operational Excellence                      Governance

2021 Audit Committee
Commissioner Stephanie Bowman, Committee Chair
Commissioner Sam Cho, Committee Member
Dr. Christina Gehrke, Committee Public Member


2

Dr. Christina Gehrke, Committee Public Member
We'd like to thank Dr. Gehrke for her dedication to and support for the Port's
Audit Committee since January 2011.
Dr. Gehrke has played a pivotal role by serving as an independent advisor &
subject matter expert on Internal Audit matters, risk and internal control
assessments, and Governance.
Dr. Gehrke has brought extensive experience and expertise to the Committee.
This has contributed to enhancing transparency, rigor, and discipline within
the Port's Internal Audit Processes, and has helped the Committee in fulfilling
its oversight responsibilities.

3

About Internal Audit
Internal Audit conducts independent, objective, risk-based
audits of the Port's operations, activities and vendors.
Our audits add value by helping the Port achieve its mission and
contribute to: financial stewardship, accountability,
transparency, governance, and operational excellence.
Internal Audit derives its authority from the Port Commission.
Internal Audit is a catalyst in the Port's sound governance and
risk management.
4

The governing body,
management,andinternal
audit have their distinct
responsibilities, but all
activities need to be aligned
with the objectives of the
organization.
The basis for successful
coherence is regular
and effective
coordination,
collaboration, and
communication.


Source: The Institute of Internal Auditors, THE IIA'S THREE LINES MODEL  An Update of the Three Lines of Defense, published in July 2020.

5

19 Audits Completed in 2021
Limited Contract Compliance                 Operational                     Information Technology
Lenlyn Limited                               Rent and Concession Deferral Recovery            Malware Defenses  Aviation
Seattle-Tacoma International              Capitalization of Assets                                Maintenance
Limousine Association (STILA)            Art Program                                     Continuous Vulnerability Management
Dilettante Chocolate, Inc.                   Noise Monitor Data Accuracy                        Biometrics
Fruit & Flower, LLC d/b/a Floret            South King County Fund                              Payment Card Industry (PCI)
TNC (Lyft, Inc. & Rasier, LLC)                           Compliance
Data Recovery
Capital
Central Terminal Infrastructure Upgrade
(Construction and Closeout Phases)
North Terminals Utilities Upgrade 
Phase 1
Baggage Optimization - Phase 2
Restroom Renovations Phase 3 Prototype


6

Key Themes
2021 Audits identified 4 High Risk, 12 Medium Risk, and 5 Low Risk rated
issues for management action.
Internal Audit value proposition to respond to COVID-19 impact and
associated business risks:
Audit of Rent & Concession Deferral Recovery - Direct relevance of the Port's financial relief to
tenants and repayment activities
Capital Project Audits  Incorporated COVID-19 related expenses and Change Orders into audits
Cruise Terminals of America  2020 Cruise Season Rent Credit Review Memo
The Port has opportunities to strengthen internal controls.
The Port has opportunities to reduce change orders, schedule delays, and
design issues on future projects.
7

Highlighted Audits
1) South King County Fund
2) Art Program
3) Central Terminal Infrastructure Upgrade
(Construction and Closeout Phases)


8

Operational Audit - South King County Fund
Provides resources and support for Seattle-Tacoma International Airport
area communities, specifically benefiting South King County nonprofit
organizations that support communities of color and historically
marginalized communities through environmental sustainability, smallbusiness
capacity building, and economic recovery strategies.
Established and approved by the Port Commission through
Motion 2018-14 on November 27, 2018.
$10 million budgeted between 2019 and 2023.
Motion 2019-10 - Commission retained review and approval authority
for proposed projects.

9

Operational Audit - South King County Fund
(Medium) - The Port's website states that 10 South King County
organizations were recommended to receive funding through the first
cycle of the South King County Fund (SKCF) Economic Recovery Grants
Program and were approved by Port Commission on December 15, 2020.
However, three additional Economic Development projects have been
awarded from the SKCF, two* of which did not receive commission
approval.
*Find Ventures $150,000 and Economic Alliance Snohomish County $50,000.
Status: Closed - Process improved going forward.

10

Operational Audit - Art Program
The Port of Seattle (Port) has been an active proponent of art since the
late 1960s as the first public airport to establish a civic art collection. In
November 2019, the Port Commission approved the Arts and Cultural
Program Policy Directive (Policy).
The Policy aspires to position the Port as a national leader among its
peers for art and cultural programming; promote programming
throughout all Port and Port-related facilities; and engage the public.
The Policy required that effective January 1, 2020, one percent of the
capital construction project costs will be budgeted to art, less allowable
exclusions. Prior to January 2020, one-half of one percent of design and
construction costs were required to be allocated to the program.
11

Operational Audit - Art Program
(Medium) - Governance by the Port-Wide Arts and Culture Board and
funding has not occurred as required by the Arts and Cultural Program
Policy Directive. Staffing levels and resources may also not be sufficient to
develop and sustain an art program at both the Aviation and Maritime
Divisions.


Status: Closed - Process improved going forward.

12

Capital Audit - Central Terminal Infrastructure Upgrade (Construction and Closeout Phases)
The Central Terminal Infrastructure Upgrade project (CTIUP) provided an additional
10,000 square feet of airport, dining and retail space to the Central Terminal plus
associated vertical circulation.
CTIUP was audited in two parts: the first audit focused on the bid and design phases.
The results of that audit were presented to the Audit Committee in December 2020.
This audit focused on the construction and closeout phases.
Osborne Construction was awarded the contract for $9.3M. There were $2.9M in
executed change orders and potential cost risks, which increased the construction
budget to $12.2M.
The original expected date of substantial completion was December 26, 2019. The Port
approved 278 days that extended substantial completion to September 29, 2020.
Substantially completed on December 31, 2020, with physical completion expected in
April 2021.
13

Capital Audit - Central Terminal Infrastructure Upgrade (Construction and Closeout Phases)
(High) - The Port was overbilled approximately $18,181 through Force
Account change orders. These were primarily due to incorrect labor
hours and billing rates submitted by Osborne and an inadequate review
of documentation by the Port.
(Medium) - Osborne did not meet critical milestones which resulted in
the overall Project not being completed on time and the Port incurred
additional costs to oversee the Project.

Status: Closed. Deductive Change Order was executed, and Milestones were
reconciled/resolved.
14

Information Technology Audits
Information Technology Audits are generally security sensitive and are discussed in non-
public sessions.
Five audits were completed in 2021.
Foundational Information Technology Controls  Center for Internet Security (CIS) 
18 Key Audits
Ongoing efforts to perform CIS audits to help assure the Port has a solid foundation of
information technology controls. We completed three CIS Audits in 2021; over the three
years, we have completed 6 of 18.
The Payment Card Industry (PCI)
The PCI Audit was previously performed by an external Qualified Security Assessor
(Consultant). Internal Audit staff obtained the required certifications and performed this
audit in 2021.
The 2021 PCI resulted in an overall COMPLIANT rating.
15

Limited Contract Compliance Audits
Self reported revenue from concessionaires and rental car companies.
Audits focus on compliance with lease agreement terms.
Four audits performed in 2021:
1)  Seattle-Tacoma International Limousine Association (STILA)
2)  Lenlyn Limited
3)  Fruit & Flowe r, LLC d/b/a Floret
4)  Dilettante, Inc.
# of Audits                           Under-Paid MAG*                                    Due to Port
1                         $157,284                             $157,284
# of Audits                      Under-Reported Revenue                                Due to Port
1                              $324,836                                   $12,023
# of Audits                       Over-Reported Revenue                          Due to Concessionaire
1                              $10,610                                     $849
* Minimum Annual Guarantee

16

2022 Audit Strategy
Stay independent and objective.
Emphasis on developing/training staff.
Continue to identify risk, help strengthen controls, and
highlight efficiency opportunities through audits.
Continue to focus on Capital Delivery (Financial, Quality, and
Schedule).
Continue to focus on the 18 "Center for Internet Security"
audits that will provide the groundwork for well-established
cybersecurity controls.
17