11a. Presentation - 2021 Internal Audit Annual Briefing
Financial Stewardship Accountability Transparency Item No. 11a supp Meeting Date: December 14, 2021 2021 Summary of Internal Audits Glenn Fernandes - Director, Internal Audit December 14, 2021 Remote Meeting 12:00 PM 5:00 PM Operational Excellence Governance 2021 Audit Committee Commissioner Stephanie Bowman, Committee Chair Commissioner Sam Cho, Committee Member Dr. Christina Gehrke, Committee Public Member 2 Dr. Christina Gehrke, Committee Public Member We'd like to thank Dr. Gehrke for her dedication to and support for the Port's Audit Committee since January 2011. Dr. Gehrke has played a pivotal role by serving as an independent advisor & subject matter expert on Internal Audit matters, risk and internal control assessments, and Governance. Dr. Gehrke has brought extensive experience and expertise to the Committee. This has contributed to enhancing transparency, rigor, and discipline within the Port's Internal Audit Processes, and has helped the Committee in fulfilling its oversight responsibilities. 3 About Internal Audit Internal Audit conducts independent, objective, risk-based audits of the Port's operations, activities and vendors. Our audits add value by helping the Port achieve its mission and contribute to: financial stewardship, accountability, transparency, governance, and operational excellence. Internal Audit derives its authority from the Port Commission. Internal Audit is a catalyst in the Port's sound governance and risk management. 4 The governing body, management,andinternal audit have their distinct responsibilities, but all activities need to be aligned with the objectives of the organization. The basis for successful coherence is regular and effective coordination, collaboration, and communication. Source: The Institute of Internal Auditors, THE IIA'S THREE LINES MODEL An Update of the Three Lines of Defense, published in July 2020. 5 19 Audits Completed in 2021 Limited Contract Compliance Operational Information Technology Lenlyn Limited Rent and Concession Deferral Recovery Malware Defenses Aviation Seattle-Tacoma International Capitalization of Assets Maintenance Limousine Association (STILA) Art Program Continuous Vulnerability Management Dilettante Chocolate, Inc. Noise Monitor Data Accuracy Biometrics Fruit & Flower, LLC d/b/a Floret South King County Fund Payment Card Industry (PCI) TNC (Lyft, Inc. & Rasier, LLC) Compliance Data Recovery Capital Central Terminal Infrastructure Upgrade (Construction and Closeout Phases) North Terminals Utilities Upgrade Phase 1 Baggage Optimization - Phase 2 Restroom Renovations Phase 3 Prototype 6 Key Themes 2021 Audits identified 4 High Risk, 12 Medium Risk, and 5 Low Risk rated issues for management action. Internal Audit value proposition to respond to COVID-19 impact and associated business risks: Audit of Rent & Concession Deferral Recovery - Direct relevance of the Port's financial relief to tenants and repayment activities Capital Project Audits Incorporated COVID-19 related expenses and Change Orders into audits Cruise Terminals of America 2020 Cruise Season Rent Credit Review Memo The Port has opportunities to strengthen internal controls. The Port has opportunities to reduce change orders, schedule delays, and design issues on future projects. 7 Highlighted Audits 1) South King County Fund 2) Art Program 3) Central Terminal Infrastructure Upgrade (Construction and Closeout Phases) 8 Operational Audit - South King County Fund Provides resources and support for Seattle-Tacoma International Airport area communities, specifically benefiting South King County nonprofit organizations that support communities of color and historically marginalized communities through environmental sustainability, smallbusiness capacity building, and economic recovery strategies. Established and approved by the Port Commission through Motion 2018-14 on November 27, 2018. $10 million budgeted between 2019 and 2023. Motion 2019-10 - Commission retained review and approval authority for proposed projects. 9 Operational Audit - South King County Fund (Medium) - The Port's website states that 10 South King County organizations were recommended to receive funding through the first cycle of the South King County Fund (SKCF) Economic Recovery Grants Program and were approved by Port Commission on December 15, 2020. However, three additional Economic Development projects have been awarded from the SKCF, two* of which did not receive commission approval. *Find Ventures $150,000 and Economic Alliance Snohomish County $50,000. Status: Closed - Process improved going forward. 10 Operational Audit - Art Program The Port of Seattle (Port) has been an active proponent of art since the late 1960s as the first public airport to establish a civic art collection. In November 2019, the Port Commission approved the Arts and Cultural Program Policy Directive (Policy). The Policy aspires to position the Port as a national leader among its peers for art and cultural programming; promote programming throughout all Port and Port-related facilities; and engage the public. The Policy required that effective January 1, 2020, one percent of the capital construction project costs will be budgeted to art, less allowable exclusions. Prior to January 2020, one-half of one percent of design and construction costs were required to be allocated to the program. 11 Operational Audit - Art Program (Medium) - Governance by the Port-Wide Arts and Culture Board and funding has not occurred as required by the Arts and Cultural Program Policy Directive. Staffing levels and resources may also not be sufficient to develop and sustain an art program at both the Aviation and Maritime Divisions. Status: Closed - Process improved going forward. 12 Capital Audit - Central Terminal Infrastructure Upgrade (Construction and Closeout Phases) The Central Terminal Infrastructure Upgrade project (CTIUP) provided an additional 10,000 square feet of airport, dining and retail space to the Central Terminal plus associated vertical circulation. CTIUP was audited in two parts: the first audit focused on the bid and design phases. The results of that audit were presented to the Audit Committee in December 2020. This audit focused on the construction and closeout phases. Osborne Construction was awarded the contract for $9.3M. There were $2.9M in executed change orders and potential cost risks, which increased the construction budget to $12.2M. The original expected date of substantial completion was December 26, 2019. The Port approved 278 days that extended substantial completion to September 29, 2020. Substantially completed on December 31, 2020, with physical completion expected in April 2021. 13 Capital Audit - Central Terminal Infrastructure Upgrade (Construction and Closeout Phases) (High) - The Port was overbilled approximately $18,181 through Force Account change orders. These were primarily due to incorrect labor hours and billing rates submitted by Osborne and an inadequate review of documentation by the Port. (Medium) - Osborne did not meet critical milestones which resulted in the overall Project not being completed on time and the Port incurred additional costs to oversee the Project. Status: Closed. Deductive Change Order was executed, and Milestones were reconciled/resolved. 14 Information Technology Audits Information Technology Audits are generally security sensitive and are discussed in non- public sessions. Five audits were completed in 2021. Foundational Information Technology Controls Center for Internet Security (CIS) 18 Key Audits Ongoing efforts to perform CIS audits to help assure the Port has a solid foundation of information technology controls. We completed three CIS Audits in 2021; over the three years, we have completed 6 of 18. The Payment Card Industry (PCI) The PCI Audit was previously performed by an external Qualified Security Assessor (Consultant). Internal Audit staff obtained the required certifications and performed this audit in 2021. The 2021 PCI resulted in an overall COMPLIANT rating. 15 Limited Contract Compliance Audits Self reported revenue from concessionaires and rental car companies. Audits focus on compliance with lease agreement terms. Four audits performed in 2021: 1) Seattle-Tacoma International Limousine Association (STILA) 2) Lenlyn Limited 3) Fruit & Flowe r, LLC d/b/a Floret 4) Dilettante, Inc. # of Audits Under-Paid MAG* Due to Port 1 $157,284 $157,284 # of Audits Under-Reported Revenue Due to Port 1 $324,836 $12,023 # of Audits Over-Reported Revenue Due to Concessionaire 1 $10,610 $849 * Minimum Annual Guarantee 16 2022 Audit Strategy Stay independent and objective. Emphasis on developing/training staff. Continue to identify risk, help strengthen controls, and highlight efficiency opportunities through audits. Continue to focus on Capital Delivery (Financial, Quality, and Schedule). Continue to focus on the 18 "Center for Internet Security" audits that will provide the groundwork for well-established cybersecurity controls. 17
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.