Transcript

The Audit meeting scheduled for 2022-04-07 at Remote

  • THIS IS COMMISSIONER CHO CALLING TO ORDER THE PORT OF SEATTLE AUTO COMMUNITY SPECIAL MEETING TODAY IS THURSDAY, APRIL 7, 2022, AND THE TIME IS 230 03:00 P.M.
  • WE ARE MEETING REMOTELY TODAY VIA THE TEAM'S PLATFORM TO COMPLY WITH SENATE CONCURRENT RESOLUTION 8402 AND GOVERNOR INSLEE PROCLAMATION 20-28
  • PRESENT WITH ME TODAY IS COMMITTEE MEMBER COMMISSIONER HAMDI MOHAMED
  • ALL RIGHT
  • AS THIS IS A VIRTUAL MEETING, WE HAVE MADE SPECIAL ARRANGEMENTS TO PROVIDE FOR REMOTE PARTICIPATION FOR OUR STAFF AND ANY OUTSIDE PRESENTERS AND COMMITTEE MEMBERS TO MAKE THIS MEETING MORE ACCESSIBLE TO THE PUBLIC
  • THE MEETING IS BEING LIVE STREAMED AND DIGITALLY RECORDED AND MAY BE VIEWED OR HEARD AT ANY TIME ON THE PORT WEBSITE
  • HEADING OVER TO THE AGENDA
  • OUR FIRST ITEM OF BUSINESS IS APPROVAL OF OUR LAST MEETING MINUTES FROM DECEMBER 9
  • I GUESS HAMDI
  • IF WE COULD JUST REVIEW THE MINUTES AND I'LL ASK IF THERE ARE ANY CORRECTIONS TO THE MINUTES AND IF THERE ARE ANY OBJECTIONS TO THE APPROVAL MINUTES AS PRESENTED
  • NOPE
  • NO OBJECTION
  • HEARING? NONE
  • THE MINUTES ARE APPROVED
  • PERFECT
  • OUR NEXT ORDER OF BUSINESS IS EXTERNAL AUDITS
  • THE AUDIT REPORT TODAY IS PROVIDING THE ACCOUNTABILITY AUDIT RESULTS FOR 2020 FROM THE OFFICE OF THE WASHINGTON STATE AUDITOR
  • PRESENTERS, PLEASE UNMUTE YOURSELVES
  • COMMITTEE MEMBERS MAY USE THE HAND RAISING TOOL TO INDICATE THAT YOU WASH, DOT SPEAK OR ALSO CALL FOR QUESTIONS AT THE CONCLUSION OF THE PRESENTATION
  • MR FERNANDEZ, PLEASE INTRODUCE OUR FIRST SPEAKERS AND THE TOPIC INSURANCE
  • TODAY WE HAVE JOE SIMMONS AND ANGELA FUNAMORI FROM THE STATE AUDITOR'S OFFICE
  • AND THEY'VE DONE A LOT OF WORK OVER THE LAST FEW MONTHS, AND THEY'RE GOING TO PRESENT THE RESULTS OF THEIR REPORT, WHICH IS ALREADY PUBLIC, I BELIEVE
  • BUT ANGELA AND JOE, PLEASE, YOU HAVE THE FLOOR
  • THANK YOU, GLENN
  • AND THANK YOU FOR YOUR TIME TODAY
  • COMMISSIONERS, AS I'M SAID, WE'RE HERE FOR THE RESULTS OF OUR ACCOUNTABILITY AUDIT FOR 2020
  • MICHELLE, COULD YOU PULL THE DECK UP, PLEASE? SOUNDS GOOD
  • AND MADDIE, WHAT'S ON THE SIDE AS A SUPERVISOR? SHE IS OUT THIS WEEK, SO SHE WON'T BE HERE
  • ON THE NEXT SLIDE, WE HAVE OUR STATE AUDITOR, OUR DIRECTOR OF LOCAL AUDIT, AND ASSISTANT DIRECTOR OF LOCAL AUDIT
  • AND THEN ON THE THIRD SLIDE, JUST A BRIEF OVERVIEW THAT WE LOOK AT OURSELVES AS A STATE AUDITOR'S OFFICE AS AN INDEPENDENT, OBJECTIVE, OUTSIDE REVIEW OF LOCAL GOVERNMENT AND STATE GOVERNMENT, AND LOOK AT IT AS A ROLE OF WORKING IN PARTNERSHIP WITH GOVERNMENT TO PROVIDE INDEPENDENT AND TRANSPARENT EXAMINATIONS AND ALSO LOOK AT WAYS TO PROVIDE RECOMMENDATIONS THAT CAN HELP IMPROVE EFFICIENCY AND EFFECTIVENESS OF GOVERNMENT
  • AND I WILL GO AHEAD AND TURN IT OVER TO ANGELA TO TALK ABOUT THE RESULTS SPECIFIC TO YOUR ACCOUNTABILITY AUDIT
  • THANK YOU, JOE
  • SO AS JOE MENTIONED, WE CONDUCTED AN ACCOUNTABILITY AUDIT THAT COVERED THE PERIOD OF JANUARY THROUGH DECEMBER 31 OF 2020
  • AND THE PURPOSE OF THE ACCOUNTABILITY AUDIT IS TO DISCERN WHETHER THE PORT COMPLIED WITH STATE LAWS, REGULATIONS, CONTRACTS, GRANT AGREEMENTS, AND ITS OWN POLICIES AND PROCEDURES
  • IN ADDITION, THESE AUDITS ALSO LOOK AT WHETHER, IN GENERAL, THE PORT HAS ADEQUATE CONTROLS TO SAFEGUARD PUBLIC FUNDS AND IN THE NEXT SLIDE IN ORDER TO SELECT SPECIFIC AREAS TO REVIEW, WE CONDUCTED A NUMBER OF PLANNING PROCEDURES THAT INCORPORATED REVIEWING THE MEANING MINUTES OF THE GOVERNING BODY AND ANALYZING TRENDS IN FINANCIAL DATA
  • THIS INCLUDES PAYROLL, VENDOR INFORMATION, AND CREDIT CARDS
  • WE ALSO CONDUCTED RISK ASSESSMENTS WITH SEVERAL KEY STAFF AND A COMMISSIONER, AND FROM THE INFORMATION WE GATHERED, WE BRAINSTORMED THE VARIOUS AUDIT AREAS THAT INDICATED POTENTIAL RISK OF NON COMPLIANCE
  • AS A RESULT, INCLUDED ON THE SLIDE ARE THE AREAS THAT WE SELECTED FOR FURTHER TESTING, AND THE FIRST AREA THAT WE'D LIKE TO DISCUSS IS THE FINANCIAL CONDITION, WHERE WE PERFORMED A TREND OF KEY FINANCIAL INDICATORS, ASSESSED ADDITIONAL NON FINANCIAL INFORMATION TO IDENTIFY POTENTIAL IMPACTS, AND ANALYZED THE PORT'S RESPONSE TO COVID
  • THIS INCLUDES THE MONITORING PERFORMED BY MANAGEMENT IN OUR AUDIT DETERMINED THE PORT'S INTERNAL CONTROLS ARE WORKING EFFECTIVELY AND MUTED, NO ISSUES IN THE PORT'S FINANCIAL CONDITION AND SUSTAINABILITY
  • THE SECOND AREA THAT WE'D LIKE TO DISCUSS IS THE PORT'S SELF INSURANCE PROGRAM
  • THIS AREA COVERS HEALTH AND WELFARE, UNEMPLOYMENT, WORKERS COMPENSATION, AND PAID FAMILY AND MEDICAL LEAVE
  • WE REVIEWED THE PORT POLICIES AND PROCEDURES OVER THIS AREA, GAINED AN UNDERSTANDING OF THE PORT CONTROLS AND SELECTED TRANSACTIONS FOR TESTING TO ENSURE IT COMPLIED WITH STATE REGULATIONS
  • OUR AUDIT DETERMINED THE PORT INTERNAL CONTROLS ARE WORKING EFFECTIVELY, AND NO SIGNIFICANT RECOMMENDATIONS WERE IDENTIFIED
  • WE DID, HOWEVER, IDENTIFY AN AREA OF OPPORTUNITY FOR THE PORT TO BETTER DEMONSTRATE ITS COMPLIANCE WITH THE WASHINGTON ADMINISTRATIVE CODE
  • WE ALSO WANT TO KNOW THAT THE EXIT ITEMS ADDRESS CONTROL, DEFICIENCIES, OR NON COMPLIANCE WITH LAWS OR REGULATIONS THAT HAVE AN INSIGNIFICANT EFFECT ON THE ENTITY
  • WE ALSO WOULD LIKE TO NOTE THAT EXIT ITEMS ARE NOT REFERENCED IN THE AUDIT REPORT
  • THE NEXT AREA THAT WE'D LIKE TO DISCUSS IS THE PORT'S RENT DEFERRAL PAYMENT PLAN, AND FROM THE PRIOR AUDIT, WE IDENTIFIED THAT THE PORT CREATED AND IMPLEMENTED THIS PAYMENT PLAN AS A WAY TO ENSURE FINANCIAL SUPPORT TO THE LOCAL ECONOMY AND TO PROTECT THE COURT'S ASSETS
  • FOR THIS AUDIT, WE GAINED AN UNDERSTANDING OF WHERE THE PROGRAM STAYED
  • THIS INCLUDED OUR REVIEW OF THE AUDIT WORK THAT WAS PERFORMED BY THE INTERNAL AUDIT TEAM, THEIR REVIEW OF CONTROLS, AND THEIR TESTING SPREADSHEET, AND WE'VE REVIEWED THE PROGRAM OVERALL TO ENSURE THAT IT COMPLIES WITH STATE LAW ENFORCE POLICY
  • AND SO WE ARE PLEASED TO REPORT
  • OUR AUDIT DETERMINED THE PORT INTERNAL CONTROLS ARE WORKING EFFECTIVELY, AND NO RECOMMENDATIONS WERE IDENTIFIED
  • THE NEXT AREA THAT WE'D ALSO LIKE TO DISCUSS IS THE PORT THE PORT'S TELEWORK EQUIPMENT REIMBURSEMENT POLICY
  • SO WE REVIEWED THE PORT PORTS POLICIES AND PROCEDURES RELATED TO THE TELEWORK REIMBURSEMENT PROGRAM
  • YOU GAINED AN UNDERSTANDING OF THE INTERNAL CONTROLS AND SELECTED REIMBURSEMENT TRANSACTIONS FOR TESTING, AND WE DETERMINED THE PORT AND TONAL CONTROLS ARE WORKING EFFECTIVELY AND TRANSACTIONS COMPLIED WITH PORT POLICY WERE VALID AND ADEQUATELY SUPPORTED BY THE APPROPRIATE RECORDS
  • THE NEXT AREA THAT WE'D LIKE TO DISCUSS IS THE PROCUREMENT PERSONAL SERVICE CONTRACTS
  • WE REVIEWED THE COURT'S POLICIES AND PROCEDURES OVER THE PERSONAL SERVICE CONTRACTS, GAINED AN UNDERSTANDING OF THE INTERNAL CONTROLS AND SELECTED CONTRACTS TO ENSURE THAT THE CONTRACTS COMPLIED WITH COURT POLICIES AND STATE LAW
  • AND THE LAST AREA WE'D LIKE TO DISCUSS IS THE PAYROLL OVERTIME
  • SO FROM THE PRIOR AUDIT, WE REVIEWED THE PORT POLICIES AND PROCEDURES OVER THIS AREA AND CONDUCTED DETAILED TESTING ON SPECIFIC TRANSACTIONS
  • OUR AUDIT IDENTIFIED AN AREA OF OPPORTUNITY FOR THE PORT TO STRENGTHEN ITS INTERNAL CONTROLS RELATED TO TIMESHEET APPROVALS
  • AND FOR THIS AUDIT PERIOD, WE FOLLOWED UP ON THOSE RECOMMENDATIONS BY GAINING AN UNDERSTANDING OF THE LATEST INTERNAL CONTROLS RELATED TO THE TIMESHEET APPROVALS IN OUR AUDIT DETERMINED THE PORT'S INTERNAL CONTROLS ARE WORKING EFFECTIVELY
  • AND SO NOW I'D LIKE TO PASS IT BACK OVER TO JOE NEXT SLIDE, PLEASE
  • MICHELLE
  • AND JOE, FEEL FREE TO ASK MICHELLE TO WHEN YOU'RE READY FOR THE NEXT SLIDE
  • CERTAINLY
  • AND I SHOULD HAVE SAID AT THE BEGINNING, PLEASE LET US KNOW AT ANY TIME IF YOU HAVE ANY QUESTIONS ABOUT ANY OF THE SLIDES AS WE GO OVER THIS
  • ONE THING WE ALWAYS LIKE TO POINT OUT IS, AS YOU KNOW, CPA FIRM OF MOSS ADAMS PERFORMS THE FINANCIAL STATEMENT AND FEDERAL SINGLE AUDIT, THE GRANT AUDIT OF THE PORT OF SEATTLE
  • SO WE APPRECIATE HOW THE PORT PROVIDES COMMUNICATIONS WITH US SO THAT WE'RE LOOPED IN EVEN INTO SOME STATUS MEETINGS WITH THE MOSS ADAMS GROUP
  • SO WE'RE AWARE OF ANY ISSUES THAT ARISE IN THOSE AUDITS
  • AND THEN WHEN THE WORK IS COMPLETED, WE REVIEW THE WORK THAT WAS DONE BY MOSS ADAMS WE REVIEW THEIR WORK PAPERS, AND WE REVIEW THAT TO ALSO BE ABLE TO LEVERAGE ANY WORK THAT THEY DID
  • SO WE DEFINITELY AVOID TRYING TO DUPLICATE ANY WORK THAT'S DONE IN YOUR FINANCIAL STATEMENT OR FEDERAL SINGLE AUDIT
  • AND WE JUST ALWAYS LIKE TO JUST CONFIRM THAT WE DID NOT HAVE ANY CONCERNS ABOUT THE WORK THAT WAS DONE BY THE CPA FIRM
  • THERE WAS NO LIMITATIONS RESTRICTED ANALYSIS OF THOSE OTHER AUDITS, AND THERE'S NO MATERIAL STATEMENT OR FINANCIAL STATEMENTS THAT HAS OR MAY HAVE RESULTED FROM FRAUD OR SUSPECTED FRAUD
  • AND THEN ON THE NEXT SLIDE, JUST TALKING ABOUT NOW, WE'RE KIND OF MORE INTO CLOSING REMARKS THAT WE JUST WANT TO CONFIRM THAT THE AUDIT COSTS THAT WE ESTIMATE AT THE BEGINNING AUDIT OR ALIGNMENT WITH OUR ORIGINAL ESTIMATE
  • ONCE AGAIN, APPRECIATE THE WORK DONE BY PORT STAFF TO HELP MAKE OUR AUDIT PROCESS EFFECTIVE AND EFFICIENT
  • REALLY APPRECIATE THE WORKING RELATIONSHIP THERE
  • OUR NEXT AUDIT WILL BE LATER THIS YEAR
  • IN THE FALL, WE'LL BE AGAIN CONDUCTING OUR ACCOUNTABILITY AUDIT
  • AND AS PART OF THAT, WE'LL BE REVIEWING THE WORK DONE BY MOSS ADAMS AND ONE THING FOR THIS CURRENT PERIOD IS WE ARE REQUIRED TO CONDUCT WHAT WE CALL AN ASSESSMENT AUDIT OF THE PORT OF SEATTLE'S INDUSTRIAL DEVELOPMENT CORPORATION EVERY THREE YEARS
  • IT'S A VERY TINY GOVERNMENT BUT IT IS STILL CONSIDERED A SEPARATE LOCAL GOVERNMENT
  • SO WE DO A VERY SMALL AUDIT ON THAT ONE BASED ON THE SIZE
  • BUT WE'RE STILL REQUIRED TO CONDUCT EVERY LOCAL GOVERNMENT IN THE STATE ON AT LEAST A THREE YEAR CYCLE
  • SO THAT'S WHERE THAT CYCLE IS UP FOR THE IDC, AND THAT ESTIMATED COST IS INCLUDED IN THE MORE DETAILED INFORMATION IN THE EXIT PACKAGE
  • AND THEN ON THE NEXT SLIDE, AS WE NOTED IN THIS CASE, WE'VE ALREADY ISSUED THE REPORT
  • I'LL JUST REAFFIRM AGAIN THAT IT WAS A CLEAN REPORT
  • THERE WERE NO FINDINGS, AND WE HAVE ALREADY PUBLISHED IT IN MARCH, SO IT'S ALREADY THERE AVAILABLE ON OUR WEBSITE, AND THERE'S A LINK IF YOU ARE INTERESTED IN BEING UP BY EMAIL WHEN ANY OF OUR REPORTS ARE POSTED ON THE WEBSITE, THAT WE HAVE AN EMAIL ALERT THAT GOES OUT WHEN OUR REPORTS ARE PUBLISHED, WHICH IS TWICE A WEEK ON MONDAYS AND THURSDAYS
  • AND WE ALSO PROVIDE A SURVEY TO SUPPORT STAFF SO THAT THEY CAN PROVIDE US FEEDBACK
  • WE REALLY DO APPRECIATE GETTING FEEDBACK ON OUR AUDIT SO WE CAN CONTINUE TO IMPROVE ON OUR AUDIT SERVICES
  • AND THEN ON THE NEXT SLIDE JUST TALKS ABOUT A COUPLE OF OTHER SERVICES THAT WE PROVIDE FOR THE STATE AUDITOR'S OFFICE AT NO ADDITIONAL COST TO THE LOCAL GOVERNMENT
  • ONE IS CALLED THE LOCAL GOVERNMENT SUPPORT TEAM, AND THAT PROVIDES TECHNICAL ASSISTANCE THROUGHOUT THE YEAR RELATED TO THE PUGET COUNTY REPORTING SYSTEM, WHICH IS THE COUNTY MANUAL THAT PROVIDES INFORMATION ABOUT WHAT'S REQUIRED FOR REPORTING IN THE STATE OF WASHINGTON AND ALSO ANY REQUIREMENTS RELATED TO THE ANNUAL ONLINE FILING
  • WE ALSO HAVE SOME ACCOUNTING AND REPORTING TRAINING THAT'S AVAILABLE TO LOCAL GOVERNMENTS AND ALSO A HEALTH DESK THAT'S AVAILABLE FOR ANY QUESTIONS THAT COME UP DURING THE YEAR
  • AND THEN WE ALSO HAVE A CENTER FOR GOVERNMENT INNOVATION THAT'S MORE FOCUSED ON BEST PRACTICES, GUIDANCE, RESOURCES, TOOLS
  • BASICALLY, THIS GETS MORE INTO HELPING PROVIDE SOME RESOURCES FOR LOCAL GOVERNMENTS THAT THEY MAY BE ABLE TO USE TO LOOK AT PROVING CONTROLS OR PROVIDING PRACTICES OR JUST PROVIDING BEST PRACTICES ON DIFFERENT AREAS LIKE PAYROLL ACCOUNTS PAYABLE
  • ONE AREA THAT WE'RE VERY FOCUSED ON IS CONTINUE TO PROVIDE RESOURCES RELATED TO CYBERSECURITY AND WAYS TO BE ABLE TO ADDRESS THAT WITH THE RISKS THAT ARE OUT THERE NOW AND THEN
  • WE ALSO HAVE THE FINANCIAL INTELLIGENCE TOOL, WHICH IS BASICALLY WHERE WE TAKE ALL THAT INFORMATION THAT'S SUBMITTED BY LOCALS THROUGHOUT THE STATE THROUGH THE END REPORT FILING PROCESS
  • AND WE COMPILE THAT INFORMATION INTO VARIOUS REPORTS THAT ALLOW GOVERNMENTS TO BE ABLE TO MEASURE THEMSELVES AGAINST SOME KEY FINANCIAL INDICATORS AND ALSO BE ABLE TO COMPARE TO OTHER LOCAL GOVERNMENTS IN THE STATE
  • AND THEN I'M GOING TO TURN IT BACK OVER TO ANGELA FOR SOME THANK YOUS FOR APPRECIATION FOR THE WORK, YEAH, AS I SAID
  • I REALLY APPRECIATE HOW PORT STAFF WAS VERY TIMELY IN THEIR COMMUNICATIONS AND PROVIDING US OUR AUDIT INFORMATION THAT WE REQUEST DURING THE AUDIT
  • I KNOW IT'S JUST ONE MORE THING FOR EVERYONE WITH UNDERWAY, BUT REALLY APPRECIATE HOW WELL THE PORT STAFF PROVIDES US THE INFORMATION WE NEED
  • SO I'LL HAND IT BACK TO ANGELA
  • THANK YOU, JOE
  • YEAH
  • SO AS JOE, AS JOE MENTIONED BEFORE, WE WRAP UP OUR PRESENTATION TODAY, WE'D LIKE TO THANK FOR MANAGEMENT AND OFFICIALS FOR THEIR ASSISTANCE IN COOPERATION DURING OUR AUDIT
  • SPECIFICALLY, WE'D LIKE TO EXTEND OUR APPRECIATION TO DON, RUDY, GLENN AND MELANIE FOR KEEPING THE AUDIT RUNNING SMOOTHLY, FOLLOWING UP WITH OUR REQUEST AND MEETING EACH WEEK TO DISCUSS OUR PRELIMINARY RESULTS
  • AND ADDITIONALLY, WE'D LIKE TO THANK THE PORT STAFF IN THE VARIOUS DEPARTMENTS FOR THEIR TIMELY RESPONSES AND ASSISTANCE WITH THE AUDIT
  • NEXT SLIDE
  • AND SO THIS CONCLUDES THE PRESENTATION TO THE PORT FOR OUR FISCAL YEAR 2020 AUDIT RESULTS
  • WE THANK EVERYONE FOR YOUR TIME TODAY AND YOUR PARTICIPATION IN THIS MEETING
  • AND SO AT THIS POINT, IF YOU HAVE ANY QUESTIONS, WE'D LIKE TO OPEN IT UP FOR
  • THANK YOU SO MUCH, ANGELA AND JOSEPH, AND ALSO TO OUR SUPPORT STAFF, GLENN AND YOUR TEAM
  • COMMISSIONER MOHAMED, DO YOU HAVE ANY QUESTIONS AT THIS TIME? I DON'T HAVE ANY QUESTIONS, BUT I WILL ALSO JUST SAY THANK YOU SO MUCH FOR THIS IMPORTANT WORK THAT YOU'RE DOING AS STEWARDS OF PUBLIC DOLLARS
  • AUDITS ARE SO IMPORTANT AND IMPORTANT TO OUR PUBLIC
  • AND SO JUST GRATEFUL FOR THE WORK THAT EVERYONE HAS DONE TO PRODUCE THIS REPORT
  • SO THANK YOU
  • YEAH
  • AND LIKEWISE, I DON'T THINK IT WOULD BE WISE FOR ME TO QUESTION A CLEAN AUDIT
  • SO I'M ALSO NOT GOING TO ASK ANY MORE QUESTIONS
  • AND SO IF THERE ARE NO ADDITIONAL QUESTIONS FOR THE AUDIT TEAM OR MR FERNANDO ON THIS ITEM, WE WILL MOVE ON TO THE NEXT TOPIC
  • THANK YOU SO MUCH TO OUR FRIENDS OVER AT THE STATE AUDITOR'S OFFICE FOR BEING HERE TODAY
  • ALL RIGHT
  • THANK YOU
  • THANK YOU AGAIN FOR YOUR TIME
  • TAKE CARE
  • ITEM NUMBER FOUR ON THE AGENDA IS AN UPDATE REGARDING THE DIRECTOR'S ANNUAL COMMUNICATION INDEPENDENCE, INTERNAL AUDIT, CHARTER QUALITY ASSURANCE, AND FOLLOW UP
  • GLENN, PLEASE PROCEED
  • THANK YOU, COMMISSIONER CHO
  • MICHELLE, IF YOU COULD PULL UP OUR DECK
  • GIVE ME JUST A SECOND HERE
  • THANK YOU
  • NEXT SLIDE, PLEASE, MICHELLE
  • SO, COMMISSIONER, SINCE COMMISSIONER MOHAMED IS NEW, I FIGURED I'D START WITH AN.ORG CHART JUST TO INTRODUCE YOU TO OUR DEPARTMENT
  • A LOT OF THE FOLKS I KNOW WE'RE VIRTUAL
  • I'M HOPING WE'RE IN PERSON NEXT TIME SO YOU CAN SEE ALL THE FACES THAT PUT CALL THE ROLL TOGETHER THAT I'LL DISCUSS TODAY
  • ON THE OPERATIONAL SIDE, YOU HAVE DAN, WHO'S OUR MANAGER THERE
  • AND ACTUALLY, RUMI OKUMA, DOES A LOT OF OPERATIONAL AUDITS AS WELL
  • SHE DOES A LOT OF COMMISSION INTERACTION AS WELL
  • WE DO A LOT OF CAPITAL AT THE PORT
  • WE SPENT A LOT OF MONEY, SO IT'S IMPORTANT THAT WE HAVE A CAPITAL AUDIT FUNCTION
  • AND SPENCER AND TEAM MANAGE THAT REDDISH COLOR THERE
  • AND THEN IT AND CYBERSECURITY CRITICAL AND BECOMES MORE IMPORTANT TO EVERY DAY WITH ALL THE RISKS OUT THERE
  • AND BRUCE AND RIDICARD THAT DOMAIN, AND THEY DO A GREAT JOB THERE
  • NEXT SLIDE, PLEASE
  • CHRIST, THERE'S TWO BOOKS YOU'LL HEAR US REFER TO, RED BOOK AND A YELLOW BOOK
  • THE RED BOOK IS THE INTERNATIONAL PROFESSIONAL PRACTICES FRAMEWORK
  • IT'S ISSUED BY THE IA STUDENT INTERNAL AUDITORS
  • AND IT'S USED BY ORGANIZATIONS AROUND THE WORLD THAT HAVE INTERNAL AUDIT FUNCTIONS
  • IT'S ESSENTIALLY A GOLD STANDARD FOR CORPORATE AND EVEN GOVERNMENT FOR INTERNAL AUDIT SHOPS
  • AND THEN THERE'S THE YELLOW BOOK, WHICH IS THE GAO, THE GOVERNMENT AUDITING STANDARDS
  • AND THE YELLOW BOOK IS DESIGNED MORE FOR GOVERNMENT ORGANIZATIONS, FOR EXTERNAL AUDITS OF GOVERNMENT ORGANIZATIONS
  • IT TALKS ABOUT INDEPENDENCE AND HOW YOU CONDUCT AN AUDIT, WHICH IS IN MANY CASES IN THE RED BOOK AS WELL
  • THE YELLOW BOOK ALSO SUGGESTS FOR INTERNAL AUDIT SHOPS LIKE OURSELVES THAT WE ALSO PUT A LOT OF WE USE THE RED BOOK AS WELL
  • SO THE YELLOW BOOK IS VERY PRESCRIPTIVE ON CERTAIN THINGS
  • WE WANT TO BE INDEPENDENT
  • YOU HAVE TO DO THIS AND THIS
  • BUT THEY ALSO SAY YOU NEED TO LOOK AT THE RED BOOK AND START USING A LOT OF THINGS IN THERE
  • SO TOGETHER, THESE TWO GUIDES CONTROL THE WAY WE DO OR GUIDE US
  • THEY'RE GUIDEBOOKS AND THEY'RE CONSTANTLY UPDATED
  • NEXT SLIDE, PLEASE
  • SHELL SO ON AN ANNUAL BASIS, THE RED BOOK OR THE INSTITUTE OF MATERNAL LAUNDERS REQUIRES US TO COME BACK TO YOU AND JUST TELL THE AUDIT COMMITTEE THAT, YES, WE'RE INDEPENDENT
  • OUR CHARTER IS STILL VALID AND TODAY CONFIRMING THAT OUR CHARTER RECENTLY UPDATED A YEAR AND A HALF AGO, STILL VERY VALID, THAT WE DO HAVE A QUALITY INSURANCE PROGRAM, QUALITY ASSURANCE PROGRAM
  • BOTH THE RED BOOK AND THE YELLOW BOOK REQUIRE US TO GET BETTER EVERY YEAR
  • HOW DO YOU IMPROVE INTERNALLY? HOW DO YOU MAKE SURE THAT YOUR TEAM'S GETTING BETTER AND IMPROVING? AND THEN WHEN WE DO AUDITS, ARE THEY BEING FOLLOWED UP ON OR SOMEBODY TAKING THE AUDIT REPORT, PUTTING IT ON A SHELF AND NOTHING'S DONE THEREAFTER BECAUSE THAT ADDS NO VALUE
  • SO YOU DO AUDITS AND THINGS GET FIXED, AND IS THERE A MECHANISM IN PLACE TO FOLLOW UP ON THOSE AUDITS AND ADDRESS THOSE ISSUES? SO NEXT SLIDE, PLEASE, MICHELLE
  • SO ON ORGANIZATIONAL INDEPENDENCE, I'M JUST CONFIRMING BACK THAT WE CONTINUE TO REPORT TO YOU TO COMMISSIONERS CHO AND MOHAMED AND THE AUDIT COMMITTEE FUNCTIONALLY AND THEN ADMINISTRATIVE LEADERS, STEVE METRUCK, THE EXECUTIVE DIRECTOR
  • SO OUR WORK FOR WORK RELATED STUFF, WE'RE DIRECTLY ACCOUNTABLE TO THE AUDIT COMMITTEE, AND THAT MAKES SURE THAT THINGS ARE TRANSPARENT AND WE'RE A CONDUIT FOR YOU TO EVERYTHING WITHIN THE ORGANIZATION AND THEN WORK WITH STEVE ALSO
  • AND IF STEVE SOMETHING RAISES TO AYE
  • CONCERN, ABSOLUTELY
  • I THINK IT'S IMPORTANT TO WORK WITH STEVE AS WELL
  • SO NEXT SLIDE, PLEASE, MICHELLE
  • A QUALITY ASSURANCE PROGRAM
  • WE DO IT EVERY THREE YEARS BECAUSE THE RED BOOK INTERNATIONAL STANDARDS SAY YOU HAVE TO HAVE AN EXTERNAL PARTY COME IN AND LOOK AT YOU EVERY FIVE YEARS
  • THE YELLOW BOOK, WHICH IS A LITTLE MORE STRINGENT, SAYS EVERY THREE YEARS
  • SO WE DO IT EVERY THREE YEARS BECAUSE OF COVID IT'S BEEN PUSHED OUT A LITTLE BIT, BUT WE ARE GOING TO HAVE ONE SOMETIME THIS YEAR
  • AND I THINK THEY WAIVED THE STANDARDS DURING THE PANDEMIC A LITTLE BIT BECAUSE PEOPLE AYE UNCOMFORTABLE COMING ON SITE
  • BUT I THINK THAT'S ALL DONE NOW AND WE'VE GOT ONE PLANNED, BUT WE ARE REQUIRED EVERY YEAR TO DO AN IN HOUSE ASSESSMENT, AND WE HAVE AN INDIVIDUAL WITHIN OUR TEAM RUMI THAT OKUMA, THAT LOOKS AT THE WORK THAT WE'VE DONE AND DOCUMENTS IT AND WRITES A MEMO ON IMPROVEMENT OPPORTUNITIES
  • AND SHE'S CONSISTENTLY DONE THAT
  • AND WE IMPROVE, WE DOCUMENT, WE IMPLEMENT WHAT IS RECOMMENDED AND MOVE FORWARD
  • NEXT SLIDE, PLEASE
  • OPPORTUNITY TO GET BETTER
  • AND THEN THE LAST THING IS OUR FOLLOW UP, OPEN ISSUE FOLLOW UP, LIKE I TALKED ABOUT, THEY WANT TO MAKE SURE THAT THESE ISSUES ARE BEING ADDRESSED AND MANY OF THEM ARE BEING ADDRESSED
  • WE ARE ADDING NEW ONES CONSTANTLY, BUT THERE AYE SOME THAT ARE LAGGING ALSO
  • I JUST WANT TO KIND OF HIGHLIGHT SOME THAT ARE SITTING OUT THERE
  • THE IT ONES ARE SECURITY SENSITIVE, AND WE'LL TALK ABOUT THOSE IN NON PUBLIC SESSIONS
  • I'M NOT GOING TO DISCUSS THEM NOW
  • THE THIRD BULLET DOWN ON ITEM ONE, THE OTHER TWO IS ABOUT SURETY
  • THE FIRST ONE IS ABOUT SURETY
  • SO SURETY IS WHEN YOU HAVE A CONCESSIONNAIRES AT THE AIRPORT
  • STATE LAW REQUIRES THAT A CERTAIN PERCENTAGE OF THEIR INCOME OR THEIR REVENUE IS MAINTAINED
  • SURETY
  • MINIMUM SURETY THAT YOU CAN HAVE FOR THE RCW
  • IS THIS LIKE A YEAR'S WORTH? AND THERE'S SOME PARAMETERS AROUND THAT
  • HOW DO YOU GET TO THAT? BUT THEN THE STATE LAW RCW ALSO NAYS, THE COMMISSION CAN CHANGE THAT THROUGH A RESOLUTION OR THROUGH GUIDANCE OR POLICY
  • SO THERE'S SOMETHING CALLED RE TWO THAT THE COMMISSION ISSUED IN 1995 THAT SET IT AT SIX MONTHS, ROUGHLY, WITH SOME PARAMETERS THERE
  • AND, YOU KNOW, THINGS HAVE CHANGED
  • MAYBE BUSINESS NEEDS HAVE CHANGED
  • WE'VE GOT A DIFFERENT MIX OF TENANTS IN AND MAYBE SIX MONTHS IS TOO HIGH
  • MAYBE IT'S THE RIGHT AMOUNT, BUT WHATEVER IT IS, THAT DECISION IS SUPPOSED TO COME FROM THE COMMISSION, AND RIGHT NOW, WE'RE NOT COMPLYING WITH THAT
  • WE'RE BELOW THAT AND WE'RE BELOW STATE LAW
  • BUT THAT NEEDS TO COME BACK TO COMMISSION NEEDS TO BE UPDATED AND THERE NEEDS TO BE SOME SORT OF AGREEMENT AS TO WHAT SURETY NEEDS TO BE
  • SO THAT'S ONE FOLLOW UP ITEM THAT'S BEEN SITTING OUT THERE FOR A WHILE AND THAT WE NEED TO ADDRESS
  • THE OTHER ONE IS ARCHITECTURAL AND ENGINEERING AUDIT THAT WE DID BACK IN LATE 2019
  • AND IT'S ESSENTIALLY AN ARCHITECTURAL AND ENGINEERING FEES, AND THERE WERE SOME GAPS AND A LOT OF OPPORTUNITIES FOR IMPROVEMENT
  • SO WHILE THAT'S BEING WORKED ON, IT'S STILL BEHIND SCHEDULE
  • A LOT OF THE ITEMS I WANT TO HIGHLIGHT THAT, LIKE I SAID, THE INFORMATION TECHNOLOGY AUDITS WILL TALK ABOUT PUBLIC SECTION
  • SO I'LL PAUSE AT THAT RIGHT NOW AND SEE IF ANYONE GOT ANY QUESTIONS
  • YOU, COMMISSIONER COMMENTS
  • I THINK WE'RE GOOD
  • OKAY, NEXT SLIDE, PLEASE, MICHELLE
  • OKAY, SO NEXT, WE'VE GOT OUR 2022 AUDIT PLAN AS APPROVED IN DECEMBER
  • SO, COMMISSIONER MOHAMED, JUST TO BRING YOU UP TO SPEED, THIS IS ESSENTIALLY OUR PLAN, OUR WORK PLAN FOR THE YEAR
  • WE'RE MAKING PROGRESS ON IT
  • WE DID ADD ACH PAYMENT FRAUD TO THIS, AND THAT WAS ADDED LATE DECEMBER, EARLY JANUARY, AFTER THE AUDIT COMMITTEE
  • BUT IN A NUTSHELL, WE'VE GOT A LOT OF WORK TO DO, A LOT OF GROUND TO COVER, AND TIME FLIES QUICKLY
  • BUT THIS IS JUST A SNAPSHOT OF ALL THE OTHERS
  • I'M NOT GOING TO GO THROUGH THEM, BUT JUST FOR YOUR INFORMATION, NEXT SLIDE, PLEASE, MICHELLE
  • SO THIS GANTT CHART ESSENTIALLY ILLUSTRATES HOW WE'RE GOING TO COMPLETE ALL THESE AUDITS THROUGH THE COURSE OF THE YEAR
  • EVERYTHING IN GREEN WE'VE COMPLETED, AND WE'RE GOING TO TALK ABOUT TODAY
  • EVERYTHING IN YELLOW IS KICKED OFF OR SOMEWHAT IN PROCESS, AND IT WILL BE DISCUSSED IN THE JUNE ON COMMITTEE
  • THEN THE OTHER ONES WILL ADJUST AS WE GO THROUGH THE YEAR
  • IT'S A PRELIMINARY SNAPSHOT AS TO HOW WE PLAN ON COVERING THE AUTO PLAN AS OF RIGHT NOW
  • PRETTY COMFORTABLE THAT WE'LL BE ABLE TO ADDRESS ALL OF THESE BY YOUR END
  • I ALSO WANT TO POINT OUT THAT THERE ARE SOME CONSTRUCTION AUDITS, SUCH AS THE POST IAF AIRLINE REALIGNMENT, THE C ONE BUILDING EXPANSION, AND THE MAIN TERMINAL LOW VOLTAGE, WHICH ARE LONGER TERM PROJECTS THAT WILL GO ON FOR FIVE YEARS
  • AND SINCE THE GCCM GENERAL CONTRACTOR CONSTRUCTION MANAGER AUDITS PROJECTS, THE RCW REQUIRES AN AUDIT OF THOSE THROUGH THE COURSE OF THE AUDIT OF THE PROJECT
  • SO THOSE AUDITS WILL GO ON WHILE THE PROJECT IS RUNNING FOR ABOUT FIVE YEARS
  • THEY WILL NOT BE COMPLETED THIS YEAR, BUT THERE'LL BE ONGOING PROJECTS AS THE PROJECT WORKS FOR
  • OKAY, THAT'S OUR AUDIT PLAN, IF YOU HAVE ANY, I'LL ASSUME NO QUESTIONS
  • AND I'M GOING TO JUMP FORWARD TO THE NEXT SLIDE
  • ARE YOU JUMPING FORWARD TO ITEM FIVE? SORRY, I JUST WANT TO MAKE SURE I KNOW WHERE YOU'RE ON THE AGENDA
  • SORRY
  • NOW, COMMISSIONER, SHOW BACK TO YOU FOR INTRODUCTION FOR OPERATION AUDITS
  • YEAH, WE'RE GOING TO JUMP TO ITEM SEVEN, ITEM OF PAGE FIVE, COMMISSIONER
  • OKAY
  • ALL RIGHT, MOVING TO OPERATIONAL AUDITS AND ITEM NUMBER SEVEN, ACH PAYMENT FRAUD
  • GLENN, PLEASE INTRODUCE THE ITEM AND PRESENTERS
  • YES, COMMISSIONER
  • CHAIR
  • I'M GOING TO TALK ABOUT FOUR AUDITS HERE
  • ACH PAYMENT FRAUD IS THE FIRST ONE
  • THE TWO ONES IN RED WILL TALK ABOUT NON PUBLIC SESSION
  • SO, MICHELLE, NEXT SLIDE, PLEASE, COMMISSIONER, I'M GOING TO INTRODUCE THE AUDIT COMMISSIONERS, AND THEN I'M GOING TO HAVE DAN CHASE FROM MY STAFF AND BRUCE CLAUSAL, WHO IS OUR IT MANAGER AS WELL, PRESENT CERTAIN ISSUES
  • BUT FRAMEWORK HERE IS WE JUST COMPLETED OR NOT, IT OFF ACH PAYMENT FRAUD, WHERE THROUGH A BUSINESS EMAIL COMPROMISE OF A VENDOR, THE PORT INCORRECTLY WIRED $572,000 PLUS INTO FRAUDULENT PROSPEROUS BANK ACCOUNTS OR FRAUDULENT BANK ACCOUNTS
  • BOTH SEATTLE PARKS FOUNDATION AND URBAN LEAGUE WERE COMPROMISED, AND THAT'S WHERE THE PAYMENTS WERE SUPPOSED TO GO
  • BUT AS WE'LL TALK ABOUT THROUGH THEIR EMAIL COMPROMISE, THEY GENUINE EMAIL ADDRESSES FROM THEIR ORGANIZATION WAS SENT TO THE PORT OF SEATTLE AND CONVINCED US TO CHANGE BANK ACCOUNT INFORMATION TO THE FRAUDSTERS BANK ACCOUNT
  • SO THE AUDIT WAS TO IDENTIFY THERE'S TWO PARTS OF THIS
  • WHAT BROKE DOWN AT THE PORT OF SEATTLE THAT ALLOWED THIS TO HAPPEN? BECAUSE WE SHOULD HAVE CONTROLS THAT CATCH THIS AND OUR CONTROLS FAILED
  • MULTIPLE LAYERS OF CONTROLS FAILED TO THE POINT WHERE THE MONEY WAS WIRED OUT
  • SO WHAT DID WE DO WRONG? THAT WAS THE GIST OF THE AUDIT THAT WE COULD IMPROVE TO PREVENT THIS FROM HAPPENING AGAIN
  • AND THEN THE CRIMINAL ASPECT, ALTHOUGH IT WAS HANDED OFF TO THE PORT POOR POLICE, WHO HAVE SUBSEQUENTLY HANDED IT OFF TO THE NSA
  • AND NSA HAS LUMPED ALL THESE CASES TOGETHER AND LOOKING AT THEM COMPREHENSIVELY
  • NOW THE MONEY MOVES QUICKLY
  • THEY'RE SOMEWHAT ORGANIZED, AND WE'LL SEE WHAT HAPPENS WITH THAT REPORT BACK IN TIME
  • NEXT SLIDE, PLEASE
  • SO AS AN OVERVIEW, THERE WAS A COORDINATOR AT SEATTLE PARKS WHOSE EMAIL WAS COMPROMISED AND THEN ESSENTIALLY A FRAUDSTER MIMICKING HER SENT AN EMAIL TO THE PORT ASKING FOR BANK ACCOUNT INFORMATION TO BE CHANGED
  • AND THEN FRAUDSTER ALSO COVID CREATED A FAKE DOMAIN
  • WELL, IT'S A REAL DOMAIN NAME, BUT SEATTLEPRACTICESFOUNDATION.ORG, THEY CHANGED THE SWAP THE R AND THE A AND MIMICKED THE DIRECTOR OF SEATTLE PARKS, AND THEY SENT THE EMAIL OVER
  • AND THEN THEY DID SOMETHING VERY SIMILAR FOR URBAN LEAGUE, WHERE AN AP SPECIALIST'S EMAIL WAS COMPROMISED
  • AND ON URBAN LEAGUE, THEY CHANGED THE L TO AN I ON SPOOFED ON DOMAIN NAMES THAT WERE FRAUDULENTLY CREATED TO MAKE IT LOOK LIKE THEY WERE LEGITIMATE
  • AND AT THE SAME TIME, I THINK PART OF THE REASON THE FRAUDSTERS DO THIS IS IN CASE FELICIA OR LATONIA, THE PEOPLE WHOSE EMAILS HAVE BEEN COMPROMISED BLOCK THOSE OR CATCH ON TO IT OR CHANGE THEIR PASSWORD
  • THEY CAN STILL AT THAT POINT, POTENTIALLY OPERATE UNDER THESE FRAUDULENT DOMAIN NAME, THE SPOOFY DOMAIN NAYS AND MAYBE CONTINUE YOUR DIALOGUE
  • THE CONVERSATION GET YOU TO CHANGE BANK ACCOUNT INFORMATION OR WHATEVER THEY'RE TRYING TO ACCOMPLISH
  • OF COURSE, A LOT OF MONEY WAS WIRED OUT BECAUSE OF THAT
  • NEXT SLIDE, PLEASE
  • SO THIS IS A SLIDE FROM INTERPOL
  • THIS IS HAPPENING GLOBALLY AND QUITE THROUGHOUT THE US, AND IT'S IMPORTANT TO DEFEND AGAINST IT HACKING
  • ITEM NUMBER ONE
  • AND THE EMAIL IS COMPROMISED THROUGH MALWARE, EMPLOYEE INTRUSION OR BUSINESS EMAIL COMPROMISE
  • IN THIS CASE, SOMEHOW THEY GOT ACCESS TO SOMEONE'S EMAIL AT A VENDOR ORGANIZATION AND THEN THE SOCIAL ENGINEERING FRAUD
  • ITEM NUMBER TWO, WE AS THE VICTIMS WHO AYE MANIPULATED INTO PROVIDING OR CHANGING BANK ACCOUNT INFORMATION AND PROVIDING FUNDS
  • AND THREE, WHICH IS PROBABLY HAPPENING RIGHT NOW, HAS ALREADY HAPPENED
  • DES MOINES LAUNDERING AND TRANSFERS QUICKLY INVOLVED IN FOREIGN BANKS AND INSTITUTIONS
  • AND THAT THIRD PART IS THE NSA IS TO GO SEE IF THEY CAN GET THE MONEY BACK AND WHAT THEY CAN DO WITH THESE ORGANIZATIONS AND HOW THEY CAN PREVENT THIS STUFF FROM HAPPENING
  • BUT THE FIRST LINE OF DEFENSE IS US PROTECTING OUR SYSTEMS, NOT HAVING GOOD CONTROLS AT THE FRONT END, PROTECTING OUR EMAIL, AND NOT LETTING IT HAPPEN TO THE PORT OR OUR VENDORS
  • SO THIS IS A CAMPAIGN THAT'S BEEN RUNNING THAT'S BEING RUN BY INTERPOL AND BRUCE CLAUS
  • I'LL TALK A LITTLE BIT ABOUT IT LATER
  • NEXT SLIDE, PLEASE
  • SO I'M GOING TO FRAME THIS UP FOR DAN AND HAND IT OVER TO HIM TO TALK ABOUT THE FIRST ISSUE
  • BUT IN A NUTSHELL, AT THE POINT OF THE AUDIT OR THE FRAUD, WE HAD 58 USERS OF PEOPLESOFT THAT COULD MODIFY ADD BANKING INFORMATION, VENDOR INFORMATION
  • AND WE THINK THAT WAS MAYBE A LITTLE TOO MANY
  • THEY ALSO DIDN'T VALIDATE THE INFORMATION WHEN THEY PUT IT IN
  • A LOT OF TIMES, PHONE NUMBERS WORN IN
  • WHEN WE LOOKED AT DATA LAST YEAR, WE SAW EMAIL ADDRESSES, VENDOR CONTACT NAMES WEREN'T IN, PHONE NUMBERS WEREN'T IN WHICH ALL OF THIS DATA AFTER THEY ENTER IT OR PUT IN THE REQUEST, THEY TYPE IT INTO THE SYSTEM
  • IT THEN MOVES OVER TO AFR'S, CORE SERVICES TEAM AND ONE OF THE INDIVIDUALS, ONE OF THE THREE INDIVIDUALS THERE HAS TO IMPROVE THESE
  • AND IF IT'S APPROVED, THEN IT'S LIVE IN PEOPLESOFT
  • IF IT'S DENIED, THE USERS NOTIFIED OF THE DENIAL AND PROCESS MOVES FORWARD
  • NOW, AS I MENTIONED, AT THE FRONT END, THE 58 USERS WEREN'T COMPREHENSIVE
  • AND PUTTING DATA IN ON APPROVING VENDOR CHANGES
  • THERE WERE SOME GAPS THERE AS WELL, AND THAT FAILED BOTH TIMES
  • AND THERE WERE GAPS BECAUSE OF FRAUDULENT REQUESTS WERE APPROVED
  • THEY SHOULDN'T HAVE PUT IT IN THE FIRST PLACE AND CAUGHT AT THE FRONT END, BUT THEY GOT THROUGH THE PROCESS
  • THE KEY CONTROL THAT FAILED WAS THE APPROVAL OF THE NEW CHANGES, AND THEY WENT LIVE IN PEOPLESOFT
  • AND PAYMENTS JUST CONTINUED TO GO UP
  • NEXT SLIDE, PLEASE
  • AND I'M GOING TO INTRODUCE DAN CHASE, OUR MANAGER OF OPERATIONAL AUDIT
  • DAN, I'LL TALK YOU THROUGH THE NEXT TWO ISSUES
  • YEAH, THANKS, GLENN
  • SO GOOD AFTERNOON
  • LIKE GLENN SAID, I'LL GIVE AN OVERVIEW OF ISSUES ONE AND TWO, AND THEN I'LL TURN IT BACK TO GLENN
  • YOU'RE GOING TO GO OVER THREE AND FOUR, I THINK, AND THEN BRUCE WILL CLOSE IT OUT WITH THE FINAL ISSUE
  • AND I THINK HOW WE'RE GOING TO DO THIS IS WE'RE GOING TO RUN THROUGH THE ISSUES IN TOTALITY, AND THEN AT THAT POINT, WE'LL LET RUDY AND OTHERS PROVIDE COMMENTS
  • DO YOU STILL WANT TO DO IT THAT WAY, GLENN? OKAY, SO THE FIRST ISSUE IS REALLY WHAT I CONSIDER THE MOST IMPORTANT
  • AND AS GLENN DISCUSSED IN A PRIOR SLIDE, WHEN CHANGES ARE MADE TO SUPPLIER INFORMATION AND WHEN I SAY SUPPLIERS, I'M TALKING ABOUT IT'S ANOTHER TERM FOR A VENDOR, A THIRD PARTY VENDOR
  • SO WHEN THESE CHANGES ARE ENTERED INTO PEOPLESOFT
  • IT THEN GOES TO A DIFFERENT GROUP WHO REVIEWS THAT INFORMATION AND THEN EITHER APPROVES OR DENIES THAT CHANGE
  • AND IT'S ONLY AFTER THE APPROVAL THAT THE SUPPLIER WITH THIS NEW INFORMATION CAN BE USED
  • RIGHT
  • AND THE WAY IT'S DESIGNED, IT ESTABLISHES A STRONG SEGREGATION OF DUTIES BECAUSE THE PERSON THAT'S REQUESTING THE CHANGES AND ENTERS THEM INTO THE SYSTEM CAN THEN NOT APPROVE THOSE CHANGES
  • IT HAS TO GO TO A SEPARATE PERSON WHO THEN APPROVES IT
  • WHAT HAPPENED IN THE FRAUD INSTANCES IS THAT THE BANK ACCOUNT WAS CHANGED UNKNOWINGLY, THAT THE REQUEST WAS MADE FROM THE FRAUDSTER
  • AND WHAT WAS SUPPOSED TO OCCUR IS THE PERSON WHO THEN APPROVED THOSE REQUESTS NEEDED TO CALL THE SUPPLIER TO VALIDATE THE AUTHENTICITY OF THE REQUEST
  • AND WHEN THAT DIDN'T HAPPEN, THAT'S WHAT ALLOWED THE PAYMENTS TO BE MADE TO THE FRAUDSTER AND NOT TO THE SUPPLIER
  • THERE'S OVERLAP, I THINK YOU'LL SEE, WITH ALL THESE ISSUES WHICH KIND OF LEADS INTO THE SECOND ISSUE THAT WE HAVE, AND IT REALLY TALKS ABOUT THE CRITICAL APPROVAL FUNCTION
  • IS THAT REALLY PLACED AT THE APPROPRIATE LEVEL? DO THOSE PEOPLE THAT ARE DOING THOSE APPROVALS, DO THEY HAVE THE NECESSARY KNOWLEDGE, SKILL AND UNDERSTANDING OF HOW IMPORTANT THAT VALIDATION PROCESS IS? WE'VE MADE SOME RECOMMENDATIONS THAT KIND OF FLOW FROM OUR OBSERVATIONS
  • NUMBER ONE, TO ESTABLISH AN OVERSIGHT FUNCTION TO MAKE SURE THAT THE APPROVALS ARE BEING DONE
  • DAN, YOU NEED TO MOVE TO THE NEXT SLIDE
  • YEAH, I'VE ONLY GOT ONE SCREEN, SO I'M SORRY
  • YEAH
  • NEXT, THIS IS YOUR RECOMMENDATION
  • HOPEFULLY YOU'RE LISTENING TO ME AND NOT FOLLOWING ALONG ON YOUR SLIDES
  • AND THEN THERE'S ALSO SOME POLICY UPDATES THAT NEED TO BE MADE SO THAT THE POLICIES ARE CURRENT AND CAN BE FOLLOWED
  • THERE'S ALSO A SOFTWARE SERVICE THAT IF IT WERE PURCHASED, THAT WOULD HELP VALIDATE SOME OF THE CHANGES THAT ARE REQUESTED
  • SO THESE ARE SOME OF THE RECOMMENDATIONS THAT WE'VE COME FORWARD WITH
  • AND I THINK THE MANAGEMENT RESPONSES, YOU PROBABLY READ THEM IN THE PORT, AND I THINK RUDY AND MAYBE OTHERS WANT TO PROVIDE SOME ADDITIONAL CONTEXT TO IT
  • SO, GLENN, I'LL TURN IT BACK TO YOU SLIDE WISE
  • YOU STILL ON THE RECOMMENDATION OF ISSUE ONE
  • SO, MICHELLE, NEXT SLIDE, PLEASE
  • AND DAN, ARE YOU NOT ABLE TO SEE THE SLIDES? I CAN, BUT LIKE I SAID, I ONLY HAVE ONE SCREEN
  • OKAY
  • SO YOU'RE AN ISSUE TWO
  • NOW, THE RELIANCE PLACED SO PROCEDURES TO CONFIRM AUTHENTICITY OF SUPPLIER REQUESTED BANK ACCOUNT CHANGES NOT PLACED AT THE APPROPRIATE LEVEL
  • SO IF YOU WANT TO TALK TO SPEND A MINUTE OR TWO TALKING ABOUT THIS
  • YEAH
  • SO I ALREADY TOUCHED IT ON THAT
  • RIGHT
  • IT'S REALLY THE PERSON OF THE INDIVIDUAL THAT'S PERFORMING THAT APPROVAL FUNCTION
  • IS THAT REALLY PLACED AT THE APPROPRIATE LEVEL, GIVEN HOW IMPORTANT THAT VALIDATION STEP IS IN THE PROCESS? SO I DID KIND OF TOUCH ON THAT
  • THAT'S THE SPIRIT OF WHAT WE'RE GETTING OUT THERE
  • YEAH
  • DAN SAID VERY IMPORTANT JOB CRITICAL AND REQUIRES TRAINING AND AWARENESS
  • RIGHT
  • THE INDIVIDUAL THAT WAS IN THIS ROLE HADN'T ATTENDED INFORMATION SECURITY AWARENESS TRAINING IN BOTH 2021
  • SO IF YOU HAVE SOMEONE IN THAT CRITICAL ROLE, YOU HAVE TO TRAIN THEM
  • THERE'S A RESPONSIBILITY TO MAKE SURE THAT THEY HAVE THE TOOLS, THE EQUIPMENT
  • SO IT'S NOT JUST THE INDIVIDUAL'S FAULT, IT'S THE SYSTEM AND THE STRUCTURE THAT PUT THE PERSON IN THAT POSITION WHERE THEY WON'T PROVIDE WITH THE RESOURCES TO ADEQUATELY DO THEIR JOB
  • NEXT SLIDE, PLEASE, MICHELLE
  • AND THAT'S JUST THE RECOMMENDATION THAT DAN TALKED ABOUT
  • SO WOULD THAT JUMP INTO THE NEXT SLIDE, PLEASE, MICHELLE? CAN I ASK A QUESTION? YEAH, ABSOLUTELY, COMMISSIONER, IS THERE A WAY WE CAN RESTRUCTURE THE POLICY OR THE STANDING OPERATING PROCEDURE SO THAT THE ONUS IS NOT ON US TO CONFIRM, BUT ON OUR VENDOR? LIKE, FOR INSTANCE, I'M THINKING ABOUT, LET'S SAY, LIKE YOUR CELL PHONE CARRIER
  • RIGHT
  • WHEN I GO AND TRY TO MAKE A CHANGE TO MY PHONE PLAN, THERE IS THE MAIN ACCOUNT HOLDER, BUT ALSO A DELEGATE, AND IT'S ALREADY IN THE ACCOUNT
  • SO WHEN I GO TO SPRINTER RISE AND I SAY, HEY, I WANT TO ADD A LINE, THEY LOOK AND SEE WHETHER OR NOT THAT PERSON IS ON A LIST
  • RIGHT
  • IT SOUNDS LIKE WHAT THIS POLICY IS DOING IS PUTTING ON THE ONUS, ON OUR STAFF TO GO INVESTIGATE WHETHER OR NOT THIS PERSON IS THE APPROPRIATE PERSON TO MAKE THE CHANGES, OR IS IT THE SAME THING STARTS OFF WITH AND IT TIES INTO THIS ISSUE? WELL, THAT WE'RE GOING TO TALK ABOUT IT'S GETTING THE DATA CORRECTLY IN THE FIRST PLACE
  • SO JUST LIKE YOUR CELL PHONE CARRIER, WHEN YOU PUT THE DATA IN FOR, SAY, SEATTLE PARKS, YOU SAY JUST THE PEOPLE THAT ARE AUTHORIZED TO MAKE CHANGES ARE THESE TWO INDIVIDUALS OR THIS INDIVIDUAL
  • SO IT'S PUTTING THE DATA IN THE FIRST PLACE
  • AS YOU MENTIONED, AS I TALKED ABOUT, WE WEREN'T DOING THAT
  • WE'RE REQUIRED TO
  • AND THEN THE BACK END TEAM IS SUPPOSED TO GO TO THAT TO SAY, OKAY, ONLY MICHELLE CAN MAKE CHANGES
  • AND THIS ISN'T MICHELLE
  • THIS IS MICHELLE'S CONTACT INFORMATION
  • SO WHEN YOU LEAVE, WHEN YOU DON'T HAVE THAT DATA IN AT THE FRONT END, THE BACK END CAN'T DO ANYTHING WITH IT
  • YES
  • THIS ISSUE SAID THERE WERE TOO MANY EMPLOYEES AND THEY WEREN'T PUTTING THE DATA IN JUST LIKE YOU TALKED ABOUT
  • SO THEY NEED TO DO THAT
  • TOO MANY EMPLOYEES PUTTING INCORRECT DATA
  • AND THEN LIKE YOU MENTIONED, COMMISSIONER, SHOW POLICY DOES REQUIRE THAT THE PERSON THAT'S VERIFYING LOOK AT THAT DATA, THE APPROVED PEOPLE WHO'S APPROVED LOOK AT THE PHONE NUMBER AND ALL OF THAT INFORMATION
  • BUT IF THAT INFORMATION ISN'T PUT IN, THEN THE BACK END PEOPLE, AYE, FLYING BLIND, OR IT MAKES IT A LOT MORE DIFFICULT FOR THEM
  • I BELIEVE THAT'S BEING DONE
  • AND RUDY WILL TALK ABOUT THAT IN AYE
  • RESPONSE
  • THESE WERE GAPS THAT THE AUDIT IDENTIFIED AND HIGHLIGHTED
  • SO WAY TOO MANY PEOPLE
  • AND THAT'S A BIG ISSUE
  • COMMISSIONER, MOHAMED, I NOTICED THAT YOU MENTIONED SEATTLE PARKS EARLIER, AND THERE SEEMS TO BE AN INCREASE OF THE PORT OF FRAUD HAPPENING ACROSS THE BOARD WITH A LOT OF DIFFERENT GOVERNMENT AGENCIES
  • HAVE WE SEEN A SIMILAR ATTACK LIKE THIS IN OTHER AGENCIES? AND HOW ARE WE COMMUNICATING WITH THEM? HOW ARE WE LIKE, COLLABORATING AND ENSURING WE HAVE STRONG TOOLS IN PLACE? SO THE CITY OF SEATTLE HAD ABOUT 805,000 STOLEN FROM THEM IN THE SAME MANNER ABOUT A YEAR AND A HALF, TWO YEAR AND A HALF AGO, AND THEY COMMUNICATED TO US, AND IT WAS IN EVERY NEWSPAPER, AND IT'S WIDELY AVAILABLE
  • BUT THE ONUSES ON US TO ADDRESS OUR WEAKNESSES AND OUR GAPS
  • RIGHT
  • WHEN THOSE COME ACROSS, JUST GETTING THE DATA AND SHARING IT IS IMPORTANT
  • BUT YOU NEED TO ALSO TAKE IT TO THE NEXT STEP AND LOOK IN HOUSE AND SAY, WHAT ARE WE DOING WRONG? AND I THINK WE HAD A LOT OF GAPS THAT WHILST AWARE, OBVIOUSLY, WE SHOULD HAVE DONE BETTER
  • THERE'S ALSO COMMUNICATION, LIKE I MENTIONED, I PUT THAT SLIDE UP FROM INTERPOL WHERE THEY HAVE THIS HUGE CAMPAIGN
  • BE CAREFUL WHERE THEY TALK ABOUT THESE
  • AND I SEE RON JIMISON'S HAND IN
  • RON, DO YOU WANT TO JUMP IN AND SPEAK FOR A SECOND? YEAH
  • I'M RON JAMESON
  • I'M THE CHIEF INFORMATION SECURITY OFFICER FOR THE PORT HERE, AND I JUST WANTED TO QUICKLY INTERJECT THAT WE ARE ASSOCIATED WITH MANY COMMUNITIES OF PRACTICES, ESPECIALLY IN A LOCAL AREA
  • SO WE HAVE GOOD VISIBILITY OF WHAT'S TAKING PLACE
  • AND THE ANSWER TO YOUR QUESTION, COMMISSIONER, IS YES, WE ARE SEEING THIS TYPE OF OCCURRENCE IN OTHER TYPES OF INDUSTRIES AND OTHER TYPE OF ORGANIZATIONS, NOT JUST THROUGHOUT THE PORT, AND ESPECIALLY WITH THE RUSSIAN UKRAINIAN PRICES TAKING PLACE
  • THERE'S BEEN AN UPTICK IN THAT AREA
  • SO WE ARE BEING EXTREMELY VIGILANT IN HOW WE
  • AYE APPROACHING THAT, ESPECIALLY WITH THE INFORMATION THAT WE'RE RECEIVING FROM OUR FEDERAL ORGANIZATIONS
  • SO I HOPE THAT GIVES YOU A LITTLE BIT MORE INSIGHT INTO HOW WE'RE APPROACHING THIS
  • YEAH
  • THANK YOU BOTH FOR THAT ANSWER
  • AND OUR PRIORITY IS TO ENSURE THAT WE HAVE STRONG CHANNELS IN PLACE TO DETER AND DISRUPT ANY OF THOSE TYPES OF FRAUDS AND SCAMS SO THE INFORMATION YOU AYE PROVIDING IS HELPFUL
  • NEXT SLIDE, PLEASE
  • MICHELLE, THE COMMISSIONERS, AGAIN, SOME OF THESE THINGS HAVE ALREADY BEEN DONE
  • MANY OF THEM, NOT ALL OF THEM HAVE BEEN ADDRESSED AT THIS POINT
  • SO WE DO HAVE BETTER CONTROLS IN PLACE
  • THIS WOULDN'T OCCUR RIGHT NOW, BUT I JUST WANT TO HIGHLIGHT WHAT WE WERE RECOMMENDING CLEARLY REDUCED THE NUMBER OF INDIVIDUALS
  • EVERY POINT THAT YOU HAVE IS A WEAKNESS THAT'S UNNECESSARY
  • AND ALSO CERTAIN FIELDS NEED TO BE REQUIRED OR BY POLICY, PREFERABLY SYSTEM CONTROLS SUCH AS PHONE NUMBERS OR INFORMATION
  • SO, COMMISSIONER CHO, AS YOU MENTIONED, SO IT'S PUT IN CORRECTLY IN THE FRONT END, LIKE CELL PHONE COMPANIES
  • NEXT SLIDE, PLEASE
  • AND WITH THIS, I'M GOING TO HAND IT OVER TO BRUCE CLAUS, ALL OUR IT MANAGER I'VE GOT ONE MORE BEFORE I PUGET OVER BRUCE DETECTIVE CONTROLS
  • SO ALSO, DETECTIVE CONTROLS DIDN'T EXIST AND NEEDED TO BE CREATED
  • DETECTIVE CONTROL
  • WITHOUT A DETECTIVE CONTROL, YOU ONLY FIND OUT ABOUT THESE THINGS AFTER THE FACT
  • AND WHILE A DETECTIVE CONTROL WOULDN'T IMMEDIATELY TELL YOU WHAT THAT FRAUD OCCURRED, YOU WOULDN'T WAIT SEVERAL MONTHS BEFORE YOU FOUND OUT IT WOULD OCCUR A LITTLE FASTER
  • SOME EXAMPLES OF A DETECTIVE CONTROL WOULD BE LIKE YOUR CREDIT CARD COMPANY OR YOUR BANK
  • IF YOU MAKE CHANGES, THEY SEND YOU EITHER AN EMAIL OR A LETTER TO YOUR HOUSE SAYING, GLENN, YOUR BANK ACCOUNT HAS CHANGED
  • IF YOU DIDN'T MAKE THIS CHANGE, PLEASE CALL THIS NUMBER IMMEDIATELY
  • AND PEOPLE WILL TAKE THEIR TIME, BUT THEY WILL
  • IF SOMETHING LOOKS FISHY, IT'S A GOOD CHANCE THEY'LL CALL AND YOU'LL CATCH IT A LITTLE BIT QUICKER
  • AND IT'S NOT A PREFERRED IT'S A BACK END CONTROL RATHER THAN THE FRONT END, BUT IT'S ONE LAYER, ONE ADDITIONAL LAYER OF PROTECTION
  • NEXT SLIDE, PLEASE
  • MICHELLE, OUR RECOMMENDATIONS
  • JUST SOME EXAMPLES THAT WE PROVIDED SENDING NOTIFICATIONS TO SUPPLIERS AND THINGS CHANGE
  • SOME OTHER AUTOMATED CONTROLS THAT EXIST THAT CAN BE PUT TOGETHER, WHICH WOULD NOTIFY YOU SAY, HEY, GLENN, THERE'S SOMETHING WEIRD HAPPENING
  • YOU MIGHT WANT TO TAKE A LOOK AT THIS
  • IT'S LIKE AN ELECTRONIC DON'T SKATE THESE FRAUD CONTROLS THAT ARE OUT THERE
  • AND YOU CAN BUILD THIS INTO YOUR DAY TO DAY WORK
  • BUT THE MOST SIMPLISTIC ONES ARE JUST SENDING OUT AN EMAIL OR LETTER TO THE CLIENT SAYING, I CHANGE YOUR BANK INFORMATION
  • AND DO YOU AGREE OR DO YOU THINK SOMETHING'S WRONG? SO WITH THAT NOW, I THINK I'M READY TO HAND IT OVER TO BRUCE
  • BRUCE, YOU'RE ALL UP
  • YOU'RE READY? NEXT SLIDE, PLEASE, MICHELLE AND BRUCE, YOU'VE GOT THE SLIDE
  • SO TELL THE SHOW WHEN
  • THANK YOU
  • SO GOOD AFTERNOON, EVERYBODY
  • AS GLENN MENTIONED, FOR THE RECORD, YOU ALREADY DID THAT, BUT I'LL DO IT AGAIN
  • SO
  • AYE, I'M BRUCE PAUSEL
  • I'M THE IT AUDIT MANAGER FOR THE PORT
  • SO AS GLENN MENTIONED EARLIER, THIS WHOLE FRAUD IS BASED UPON BUSINESS EMAIL COMPROMISE, PHISHING EMAILS
  • AND SO ONE OF THE BEST THINGS THAT WE CAN DO TO PROTECT AGAINST THOSE EMAILS IS TO TRAIN OUR STAFF AND HOW TO RECOGNIZE THEM AND BE AWARE OF THEM
  • AND IT'S ACTUALLY A LOT HARDER THAN IT SOUNDS
  • OUR POOR INFORMATION SECURITY DEPARTMENT HAS DONE A GREAT JOB IN DEVELOPING ANNUAL REQUIRED TRAINING FOR ALL THE EMPLOYEES TO TAKE EVERY YEAR THAT TALKS ABOUT PHISHING AND HELPS TO TRAIN THEM AND KEEP THEM AWARE
  • AND SO I THOUGHT IT WOULD BE HELPFUL TO SHOW YOU A COUPLE OF EXAMPLES OF THE DOCUMENTS AND EMAILS THAT CAME ACROSS DURING THIS FRAUD
  • AND SO, FOR INSTANCE, THIS IS THE ONE THAT RELATES TO THE SEATTLE PARKS FOUNDATION
  • AND SO IF YOU LOOK AT THIS EMAIL, YOU CAN SEE ON THE VERY TOP LINE THE MICHELLE BENETUA, THIS IS THE SPOOF DOMAIN FOR A QUICK REVIEW
  • IF YOU'RE NOT LOOKING CAREFULLY, IT LOOKS LIKE SEATTLE PARKS FOUNDATION, BUT IT'S NOT
  • IT'S SEATTLE PRATT FOUNDATION
  • AND SO THE FRAUDSTERS LITERALLY HAD TO GO OUT AND PURCHASE THAT DOMAIN NAME, THAT FAKE DOMAIN NAME, IN ORDER TO GET THIS EMAIL TO WORK
  • AND SO IF YOU LOOK AT THE REST OF IT, THAT'S A HUGE RED FLAG SEEING THAT INCORRECT DOMAIN NAME
  • IF YOU LOOK AT THE REST OF THE EMAIL, IF YOU LOOK IT OVER, YOU CAN SEE THAT THERE'S POOR GRAMMAR IN SEVERAL PLACES IN THE EMAIL
  • THAT'S ALSO ANOTHER RED FLAG THAT YOU TYPICALLY SEE IN PHISHING EMAILS UP THERE IN THE HEADER OF THE CC THAT YOU SEE THE FELICIA AT SEATTLE PARK
  • THAT WAS ACTUALLY THE COMPROMISED EMAIL
  • THAT WAS THE EMAIL
  • THAT WAS THE PERSON WHOSE EMAIL CREDENTIALS THEY ACTUALLY GOT
  • THEY HAD HER PASSWORD AND GOT ACCESS INTO HER EMAIL, AND THEY LITERALLY WERE HER
  • SO THIS IS ONE EXAMPLE
  • SO NOW NEXT SLIDE, PLEASE
  • SO CAN I JUST IF YOU DON'T MIND, TWO THINGS
  • ONE IS A QUESTION, ANOTHER IS A COMMENT
  • BUT IS THE PURPOSE OF CSI THE COMPROMISED EMAIL FOR THESE PEOPLE TO ADD A LAYER OF LEGITIMACY OR THE PERCEPTION OF LEGITIMACY? I DON'T UNDERSTAND WHY THAT EXACTLY
  • SO ACTUALLY, GO BACK A SLIDE, PLEASE
  • LET'S LOOK AT THIS
  • THIS IS A LITTLE MORE COMPLICATED THAN IT APPEARS BECAUSE THIS ONE EMAIL THAT YOU SEE HERE IS ACTUALLY PART OF LIKE A 15 EMAIL CONVERSATION
  • AND AT THE VERY BEGINNING OF THAT EMAIL CONVERSATION, IT WAS REAL PEOPLE
  • AT THE BEGINNING OF THAT CONVERSATION, THERE WAS NO SPOOF DOMAIN NAME
  • THE FELICIA THAT YOU SEE WAS PROBABLY THE REAL FELICIA
  • AND THEN SOMEPLACE ALONG THAT CONVERSATION, THE FRAUDSTERS INSERTED THEMSELVES INTO IT WAS A FAKE IT
  • AND AT THAT POINT, WHEN THEY INSERTED THEMSELVES IN, THEY NEEDED TO MAKE SURE THAT ANYBODY ELSE THAT WAS CC FROM SEATTLE PARKS FOUNDATION WEREN'T THE REAL PEOPLE
  • RIGHT
  • THEY SENT THE EMAIL IN, FELICIA'S INBOX, SO SHE DIDN'T SEE IT
  • SO WE DON'T ACTUALLY KNOW WHAT HAPPENED
  • BUT IT'S POSSIBLE
  • AND I KNOW THIS FROM TALKING TO OUR SECURITY FOLKS THAT IF YOU GET ACCESS TO SOMEBODY'S EMAIL SO I CAN GET IN THERE AND THE FIRST THING I CAN DO IS SET UP RULES IN YOUR EMAIL SO THAT ALL OF YOUR INCOMING EMAIL FROM THE PORT OF SEATTLE GETS SENT OUT TO ME IN ANOTHER ACCOUNT
  • YOU WILL NO LONGER SEE INCOMING EMAIL FROM SEATTLE FROM THE PORT OF SEATTLE IN YOUR INBOX
  • BUT I'LL BE ABLE TO SEE IT IN MY OTHER ACCOUNT AND I'LL BE ABLE TO RESPOND BACK
  • SO SOMETHING LIKE THAT COULD HAVE BEEN SET UP THAT ALLOWED THIS TO HAPPEN
  • OKAY
  • BUT YOU'RE RIGHT
  • AS SOON AS YOU SEE ALL THESE OTHER THINGS LIKE TITLE, PRACTICE, FOUNDATION, IT THEN LOOKS LEGITIMATE
  • RIGHT
  • BECAUSE YOU'RE SAYING SHE SEES SEEING SOMEBODY
  • AND ACTUALLY, AS THESE CONVERSATIONS CONTINUED, THEY CHANGED OVER TO ONLY BEING FROM FELICIA
  • BUT THEY WERE C SEEING MICHELLE
  • SO IT ALWAYS LOOKED LIKE SOMEBODY ELSE WAS BEING SUCCEED TO MAKE IT LOOK LIKE A LEGITIMATE EMAIL CONVERSATION
  • FIRST, I HAVE A QUESTION
  • I WAS JUST GOING TO ASK A QUESTION ABOUT THAT
  • SO HOW COME YOU'RE NOT ABLE TO IDENTIFY OR KNOW THAT CHANGE HAPPENED, THAT FELICIA'S INBOX OR THAT THE REQUIREMENTS IN HER INBOX? THIS IS A GOOD QUESTION, BUT THAT'S A QUESTION FOR SEATTLE PARKS FOUNDATION AND THEIR OWN INTERNAL SECURITY AND THEIR OWN INTERNAL PROCESSES
  • WELL, THE POLICE DEPARTMENT HAS OUR POLICE DEPARTMENT HAS TALKED TO THEM ABOUT THIS AND EVEN OUR SECURITY DEPARTMENT CONTACTED THEM
  • INFORMATION SECURITY CONTACTED THEM AND ACTUALLY CUT OFF ALL EMAIL ACCESS TO THEM UNTIL THEY COULD BE ASSURED THAT THEY HAD LOOKED AT THEIR OWN SYSTEMS AND MADE SURE THAT THEY HAD CLEANED OUT ALL THIS
  • SO THEY DID THAT BACKGROUND WORK
  • BUT TO YOUR QUESTION, IF I WERE TO GO INTO YOUR EMAIL ACCOUNT AND SET UP A RULE THAT SENDS ALL YOUR EMAIL FROM THE PORT OF SEATTLE OUTBOUND TO SOME OTHER EMAIL ACCOUNT, YOU WOULD NEVER SEE THIS UNLESS YOU HAPPEN TO BE A TYPE PERSON THAT GOES IN AND CHECKS YOUR EMAIL RULES, WHICH ARE TEN MENU SELECTIONS AWAY
  • SO IT WOULD BE HARD FOR ANYONE TO NOTICE THIS ONCE IT HAD BEEN DONE
  • SO COMMISSIONERS, IF I CAN JUMP IN AND THEN RON, I'LL HAND IT TO YOU BECAUSE I SEE YOUR HAMDI OUT
  • SO THIS WAS A CONVERSATION BETWEEN THE PORT AND FELICIA TO CHANGE FILES FROM JPEG TO PDF OR SOMETHING VERY TRADITIONAL WORK
  • AND THEN SOMEWHERE IN THE MIDDLE IN THAT CONVERSATION WITH BRUCE IS TALKING ABOUT THE FRAUDSTER, JUMPED IN, TOOK OVER FELICIA'S EMAIL AT THAT POINT AND STARTED JPEG FILES, STARTED ASKING ABOUT BANK ACCOUNT INFORMATION CHANGES AND SAY HEY, AN URGENCY
  • IF YOU PAY US NOW, WE'LL GIVE YOU 5% DISCOUNT AND LET'S CHANGE BANK ACCOUNT INFORMATION
  • SO THOSE ARE RED FLAGS THAT RON'S TEAM TALKS ABOUT AND RON WILL TALK ABOUT LATER
  • BUT ALL OF THIS IS ENOUGH TRAINING AND YOU GOT TO WATCH OUT FOR THOSE THINGS AND CATCH THOSE
  • BEFORE YOU HAND IT OFF, COULD I JUST MAKE A REAL QUICK COMMENT? YEAH, I COULD UNDERSTAND WHY POOR GRAMMAR MIGHT BE A RED FLAG
  • BUT I ALSO JUST WANT TO FLAG THAT A LOT OF THESE COMMUNITY GROUPS AND ORGANIZATIONS ARE RUN BY PEOPLE WHO HAVE PROGRAMMER
  • AND I REALLY DON'T WANT US TO GO DOWN THE PATH WHERE WE'RE PROFILING PEOPLE BECAUSE ENGLISH IS SECOND LANGUAGE
  • I TOTALLY UNDERSTAND WHY A SCAMMER MIGHT HAVE BAD ENGLISH, BUT IT'S KIND OF KILLING ME INSIDE TO KNOW THAT WHEN WE SEE POOR GRAMMAR, WE JUST ASSUME THAT WE THINK THAT THIS MIGHT BE A SCAMMER
  • RIGHT
  • I REALLY DON'T THINK THAT'S A SCIENTIFIC OR DATA BACKED FILTER
  • IT IS
  • NO, I UNDERSTAND, COMMISSIONER CHO, BUT YOU HAVE TO LOOK AT A VARIETY OF THINGS
  • THESE OCCURRED LIKELY IN SPAIN AND TURKEY
  • THAT'S WHERE THESE CRIME RINGS ARE RUNNING OUT OF
  • IT'S JUST ONE
  • BUT THE DOMAIN NAME
  • THE SPOOF DOMAIN NAME
  • SURE
  • NO, THAT MAKES SENSE
  • THE DOMAIN NAME MAKES SENSE
  • BUT JUST LIKE IN THE BODY OF THE PARAGRAPH WHEN YOU HAVE MISSPELLINGS OR GRAMMATICAL ERRORS, I JUST DON'T WANT THAT TO BE THE ONLY REASON WHY WE GO DOWN THE RABBIT HOLE OF THIS MUST BE FRAUD
  • WELL, NO, IT TURNS OUT THIS PERSON, THEY JUST DON'T SPEAK GREAT ENGLISH
  • AND PLUS, IF YOU'VE EVER SEEN MY EMAILS, YOU WOULD NOTICE THEY'RE FULL OF MISSPELLINGS, TOO
  • BUT I THINK WHEN YOU DO HAVE CONCERNS OR ANYTHING, IT'S AS SIMPLE AS PICKING UP THE PHONE AND TALKING TO THE PERSON
  • IF YOU'RE WORKING VIA EMAIL, YOU DON'T KNOW IF YOU'RE WORKING WITH SOMEONE INTERNATIONALLY OR THOSE RELATIONSHIPS AND THE ABILITY TO JUST TALK TO A PERSON ELIMINATES THEM
  • I KNOW YOU GUYS AREN'T PROFILING PEOPLE, BUT WE TALK ABOUT INCREASING THE SHARE OF MINORITY BUSINESS OWNERS AND SOME OF THOSE MINORITY BUSINESS AYE DOORS TO BE PERFECT ENGLISH IS ALL I WANT
  • RON, DID YOU STILL HAVE A COMMENT? YEAH, I JUST WANTED TO SAY THAT A LOT OF THESE SMALLER ORGANIZATIONS THAT WERE ASSOCIATED WITH, ESPECIALLY IN THE PAYMENT PROCESS, THAT THEY'RE NOT OFTEN ADEQUATELY EQUIPPED IN THE REALM OF CYBER FOR PROTECTING THEIR SYSTEMS SO IN THESE PARTICULAR PLACES, WE REALLY HAD TO COLLABORATE WITH AYE
  • TO GET THEM TO EVEN UNDERSTAND WHAT WAS GOING ON
  • SO THAT WAS AN EDUCATION THAT WE PROVIDED ON OUR PART TO THEM SO THAT IN THE FUTURE WE'D BE BETTER OFF
  • SO I JUST WANT TO MAKE IT CLEAR THAT THERE'S SOME THINGS THAT WE DID WORK COLLABORATIVELY WITH THESE ORGANIZATIONS TO TRY TO GET THEM TO UNDERSTAND HOW THIS HAPPENED AND WHAT THEY COULD DO TO PREVENT THAT IN THE FUTURE
  • AND MAYBE THIS IS SOMETHING WE SHOULD BE ROLLING OUT IN GENERAL TO OUR VENDORS AND AS PART OF THE ONBOARDING PROCESS, TO BE A VENDOR TO THE PORT OF SEATTLE, YOU HAVE TO GO THROUGH SOME FORM OF TRAINING
  • I REALIZE THAT'S, TEDIOUS, FOR US, BUT I THINK IN THE BROAD STEAM OF THINGS, TRAINING OUR NEW SUPPLIERS, VENDORS, SOME OF THIS STUFF WOULD BE, I THINK IN THE LONG RUN, A HUGE VALUE ADD
  • I'LL LET RUDY TALK ABOUT THIS LATER ON, BUT WE DID JUST DO SOME MESSAGING TO THAT VERY FACT RIGHT THERE
  • WE PUT SOME LEARNING INFORMATION OUT THERE ON THE WEBSITE AND WE'VE GIVEN OUR VENDORS A LITTLE MORE INSIGHT AS TO HOW THEY NEED TO BE MORE CAREFUL
  • BUT I'LL SAVE THAT FOR RUDY
  • CAN GO INTO THAT LATER
  • BOOTH, BACK TO YOUR NEXT SLIDE, PLEASE
  • SO THIS WAS ACTUALLY FOR THE
  • LET'S GO BACK ON SLIDE
  • THANK YOU
  • SO THIS IS ACTUALLY FOR THE URBAN LEAGUE FRAUD
  • AND SO THEIR EMAILS WERE ACTUALLY MUCH TOUGHER TO RECOGNIZE THAT SOMETHING WAS GOING ON
  • BUT THEY INCLUDED THIS DOCUMENT IN WEATHER EMAILS AND IT HAD SOME OBVIOUS THINGS THAT COULD HAVE BEEN NOTICED
  • CITIBANK IS MISSPELLED
  • IT DOESN'T HAVE A SPACE BETWEEN CITY AND BANK
  • ONCE AGAIN, WE HAVE THAT KIND OF POOR GRAMMAR IN A BANK LETTER, WHICH IS AN ODD THING IN A BANK LETTER
  • THE SIGNATURE IS LIKE BELOW THE PERSON'S NAME
  • THE SIGNATURE DOESN'T REALLY MATCH THE PERSON'S NAME
  • SO THERE WERE SOME THINGS IN HERE THAT COULD HAVE BEEN FLAGS TO CAUSE SOMEBODY TO THINK ABOUT IT
  • MICHELLE, NEXT SLIDE
  • SO THE BEST WAY WE HAVE TO ADDRESS THESE KINDS OF PHISHING EMAILS IS REALLY TO TRAIN OUR PEOPLE, BECAUSE WE CAN TRAIN THEM TO LOOK FOR PHISHING STUFF
  • WE CAN TRAIN THEM TO LOOK FOR THE RED FLAGS, WE CAN TRAIN THEM TO BE AWARE OF IT
  • AND THE AWARENESS IS ACTUALLY IMPORTANT
  • JUST SO THEY'RE THINKING ABOUT THE FACT IT'S A POSSIBILITY
  • SO THAT EMAILS GO ACROSS, THEY KIND OF OCCASIONALLY THINK ABOUT IT
  • SO, LIKE I SAID EARLIER, THE PORT INFORMATION SECURITY DEPARTMENT HAS DEVELOPED NICE REQUIRED ANNUAL TRAINING FOR ALL PORT EMPLOYEES
  • AND SO THE TRAINING IS PROVIDED BY AN HR ONLINE APPLICATION
  • AND AS PART OF OUR AUDIT, WE REQUESTED DATA FROM HR FOR WHICH EMPLOYEES COMPLETED THE REQUIRED TRAINING IN 2021
  • AND WHEN WE LOOKED AT THAT, WE DECIDED THAT THE METHODOLOGY TO ENSURE THAT VULNERABLE EMPLOYEES RECEIVE THE REQUIRED TRAINING WASN'T FUNCTIONING EFFECTIVELY
  • BECAUSE AS WE LOOKED AT THE SEVEN PEOPLE WHO HAD THE MOST INTERACTION WITH THESE EMAILS, ONLY TWO OF THE SEVEN COMPLETED THEIR TRAINING IN 2021
  • AND WHEN WE LOOKED AT THE PORT OVERALL, ONLY 51% OF THE EMPLOYEES HAD COMPLETED THEIR TRAINING
  • SO CLEARLY WE HAVE SOME ROOM FOR IMPROVEMENT IN MAKING SURE THAT EVERYBODY ACTUALLY TAKES THAT TRAINING
  • AND I'LL BE THE FIRST TO SAY, EVEN IF YOU TAKE THE TRAINING, IT'S NO GUARANTEE THAT YOU'RE ACTUALLY GOING TO CATCH ANYTHING
  • IT JUST HELPS IMPROVE THE CHANCES
  • THERE'S NO ONE HERE
  • SOME OF THESE WERE VERY DIFFICULT TO CATCH
  • SO FROM THIS, WE HAVE TWO RECOMMENDATIONS
  • NEXT SLIDE, PLEASE
  • AND ACTUALLY THE SECOND RECOMMENDATION IS JUST A RECOMMENDATION TO KIND OF FIX THE EXISTING PROCESS SO THAT THERE'S SOME ASSURANCE THAT PEOPLE ACTUALLY COMPLETE THE TRAINING WHEN THEY'RE SUPPOSED TO COMPLETE THE TRAINING
  • THE FIRST ONE IS MORE FOCUSED UPON THIS PARTICULAR RISK FOR BUSINESS EMAIL COMPROMISE
  • IN THAT MEMBER, I SAID THE TRAINING IS GOOD FOR MAKING PEOPLE AWARE OF THE WHOLE PHISHING CONCEPT
  • SO WE'VE KIND OF RECOMMEND HERE THAT THE PEOPLE INVOLVED WITH THIS VENDOR PROCESS RECEIVE TRAINING LIKE A MINIMUM OF TWICE A YEAR ON BUSINESS EMAIL COMPROMISE RISKS TO KIND OF MAKE SURE THAT THEY'RE MORE AWARE OF IT AND THEY KEEP AWARE OF IT
  • IT'S KIND OF BURDENSOME, BUT IT PROBABLY INCREASES OUR CHANCES OF CATCHING THIS
  • AND AS A MATTER OF FACT, THE AUDIT DOESN'T MENTION
  • BUT IN A PERIOD OF TIME BETWEEN THIS, WHEN THIS HAPPENED AND TODAY, WITH ALL THE AUDITING AND ALL THE DISCUSSIONS THAT WENT BACK AND FORTH ABOUT THE PHISHING EMAILS AND EVERYTHING LIKE THIS, THE DEPARTMENTS THAT RECEIVED THIS ACTUALLY RECEIVED A THIRD ATTEMPT TO DEFRAUD US
  • IN THIS ATTEMPT, THEY ACTUALLY CAUGHT THE EMAILS BEFORE THEY GOT TO THAT STAGE OF SENDING THEM OFF TO FINANCE
  • SO CLEARLY, AWARENESS IS A VERY VALUABLE THING THAT'S OFF TO THE CTO TEAM
  • THE CUPBANK
  • YEAH
  • THANK YOU
  • NEXT SLIDE, PLEASE
  • MICHELLE, RUDY, DID YOU OR SOMEBODY FROM YOUR TEAM WANT TO TALK ABOUT MANAGEMENT RESPONSES? YES
  • THANK YOU SO MUCH
  • I APPRECIATE THE OPPORTUNITY
  • I'M RUDY CALUSA, ACCOUNTING FINANCIAL REPORTING DIRECTOR, AND I APPRECIATE THE OPPORTUNITY TO ADDRESS THE COMMISSION OUT OF THE COMMITTEE THIS AFTERNOON
  • THANK YOU, COMMISSIONER AND COMMISSIONER MOHAMED
  • WELCOME TO YOU
  • COMMISSIONER MOHAMED, AS I HAVE FOUND OVER MY 21 YEARS AT THE PORT OF SEATTLE FOR AN EXCEPTIONAL ORGANIZATION AND WITH VERY DEDICATED EMPLOYEES
  • JUST A LITTLE BIT MY BACKGROUND
  • I'VE BEEN AT THE PORT OF SEATTLE FOR 21 YEARS
  • PRIOR TO I'VE HAD A CAREER WITH THE FEDERAL GOVERNMENT, THE UNITED STATES GOVERNMENT ACCOUNTABILITY OFFICE, CONDUCTING CONGRESSIONAL AUDITS FOR LEGAL PUBLIC LAW COMPLIANCE NATIONWIDE, AS WELL AS THE DIRECTOR OF THE EXECUTIVE INTERNAL AUDIT FOR THE EXECUTIVE BRANCH OF KING COUNTY GOVERNMENT, AS WELL AS CHIEF ACCOUNTING OFFICER AND NOW WORKING AT THE PORT OF SEATTLE
  • AND THE CURRENT POSITION IS ACCOUNTING FINANCE REPORTING DIRECTOR
  • THIS FRAUD EXPERIENCE HAS BEEN VERY DISHEARTENING TO MANY OF US, AND IT'S NOTABLY DIFFICULT FOR US IN ACCOUNTING LEADERSHIP HERE IN TERMS OF WHAT HAS HAPPENED, BECAUSE WE HOLD OURSELVES VERY ACCOUNTABLE AND HOLD OURSELVES TO A VERY HIGH BAR
  • WITH REGARD TO THE NOTABLE ACCOMPLISHMENTS FOR THE SEATTLE PORT OF SEATTLE, THE PRIORITY THAT WE PLACE ON SOLID PUBLIC ACCOUNTABILITY, AND JUST A COUPLE OF THINGS THAT I LIKE TO PUT A ROUNDED PICTURE ON THIS
  • WITH REGARD TO THE PORT OF SEATTLE, WE'RE VERY COMMITTED TO PUBLIC ACCOUNTABILITY AND WE HAVE ACCOMPLISHMENTS TO DEMONSTRATE THAT THE PORT OF SEATTLE WE HAVE EARNED FOR THE 16 CONSECUTIVE YEARS IN A ROLE NOW REGARD TO THE AWARD FOR FINANCIAL REPORTING EXCELLENCE FOR THE GOVERNMENT FINANCE OFFICE ASSOCIATION OF UNITED STATES AND CANADA AS THE HIGHEST FORM OF RECOGNITION FOR GOVERNMENT FINANCIAL REPORTING, ACCOUNTABILITY AND PUBLIC TRANSPARENCY
  • YEAR TO YEAR, WE HAVE CONSISTENTLY ACHIEVED CLEAN, UNQUALIFIED AUDIT OPINIONS ON THE PORT'S FINANCIAL STATEMENTS AS WELL AS MINIMAL AUDIT OBSERVATIONS AND NO AUDIT FINDINGS
  • IT RELATES TO AFR OPERATIONS, ACCOUNTING FINANCIAL REPORTING WITH REGARD TO OUR INTERNAL CONTROLS FROM OUR INDEPENDENT EXTERNAL CERTIFIED PUBLIC ACCOUNTING FIRM CURRENTLY IN LOS ADAMS, AND ALSO WITH REGARD TO THE STATE AUDITOR'S OFFICE ON THEIR PUBLIC ACCOUNTABILITY OFFICE, AS DEMONSTRATED JUST PRIOR TO ON THIS PRESENTATION, THE ACCOUNTING DEPARTMENT REALLY HAS HAD NO AUDIT FINDINGS AS IT RELATES TO LEGAL COMPLIANCE AND PUBLIC ACCOUNTABILITY
  • AND SO I JUST WANT THE PUBLIC AND THE COMMISSION TO UNDERSTAND THAT WE HOLD OUR ACCOUNTABILITY FOR PUBLIC ACCOUNTABILITY VERY HIGHLY AND WE HAVE ACCOMPLISHMENTS TO DEMONSTRATE THAT
  • IT'S JUST A VERY FEW OF WHAT WE ARE PROUD OF HERE AT THE PORT OF SEATTLE
  • NOW WITH REGARD TO THIS FRAUD EXPERIENCE, THERE ARE, A COUPLE OF ASPECTS OF THIS
  • ONE IS THERE HAVE BEEN MANY ATTEMPTS AT THE PORT AT THE PORT OF SEATTLE OVER THE YEARS WITH REGARD TO FRAUDULENT CHECKS, BUT WE HAVE SOLID AND INTERNAL CONTROL PROCESSES IN PLACE OVER THE DISPERSE FROM THE PUBLIC FUNDS AND WE'VE CAUGHT EVERY ONE OF THEM, ESPECIALLY WITH RELATIONS WITH THE BANK OF POSITIVE PAY
  • AND WE HAVE NOT LOST A DOLLAR WITH REGARD TO THESE FRAUDULENT CHECKS AT THE PORT OF SEATTLE RECENTLY, ONLINE CRIME TO DIVERT ELECTRONIC PAYMENTS IS NOW GROWING
  • IT'S GETTING MUCH MORE AGGRESSIVE, GETTING MORE SOPHISTICATED INVOLVED OTHER COUNTRIES
  • AND IT'S A VERY ORGANIZED NETWORK THROUGHOUT
  • AND WITH REGARD TO VENDOR ELECTRONIC PAYMENTS ARENA, THIS IS THE FIRST FOR THE PORT OF SEATTLE THAT WE'VE BEEN AYE., WE'VE BEEN SPOOFED AND SPONSORS ARE FRAUDULENTLY DIVERTED, UNFORTUNATELY
  • BUT NONETHELESS, WE CAN AFFIRM THAT THIS IS AN ISOLATED SITUATION BECAUSE WE WERE ABLE TO GET RIGHT ON TOP OF THIS TO MITIGATE FURTHER EXPOSURE
  • SO WHEN WE BECAME AWARE OF THIS EXPOSURE, WE TOOK IMMEDIATE STEPS IN TERMS OF STOP GAP MEASURES TO MITIGATE FURTHER RISK TO PUBLIC FUNDS
  • I PUT A DIRECT ORDER TO HALT ALL AUTOMATED CLEARINGHOUSE ACH PAYMENTS PERIOD UNTIL WE EVALUATE HOW WE'RE GOING TO SAFEGUARD PUBLIC FUNDS ELECTRONICALLY
  • AND THE METHOD WE USED WAS BASICALLY WHEN WE RUN OUR ACH PAYMENTS WEEKLY, THAT FILE IS COMPARED TO A COMPREHENSIVE LIST OVER A YEAR AND THREE MONTHS PAST OF ANY ACH BANK ACCOUNT ESTABLISHMENTS OR CHANGES, ANY MATCHES ON PENDING ACH PAYMENTS
  • EACH WEEKLY WE PICK UP THE PHONE AND WE CALL THE SUPPLIER, THE VENDOR, THE CONTRACTOR
  • WE ARE IN A VOLATILE SITUATION
  • WE WANT TO CONFIRM BEFORE WE RELEASE ELECTRONIC PAYMENT TO YOU THAT YOU DID IN FACT REQUEST A CHANGE TO YOUR ACH BANK PAY TO ACCOUNT ON THIS DATE AND WE CONTACT THE SUPPLIER DIRECTLY
  • WE DON'T HAVE THE INFORMATION TO THE SUPPLIER DATA FILE
  • WE CONTACT THE CENTRAL PROCUREMENT OFFICE, THE BUYER, AND THEY PROVIDE US WITH THE RELIABLE INFORMATION BECAUSE THAT'S WHERE THE INFORMATION SHOULD COME FROM
  • ALSO, ANY INTERNAL CONTROL SITUATION DOES NOT EVER PROVIDE ABSOLUTE ASSURANCE OR PREVENTION OF MISAPPROPRIATION OF PUBLIC FUNDS OR FRAUD
  • IT PROVIDES A REASONABLE ASSURANCE
  • ONE CHALLENGE HERE IS THE HUMAN ELEMENT
  • WE ALL MAKE ERRORS
  • THERE ARE SOLID POLICIES AND PROCEDURES IN PLACE AS IT WAS IN THIS SITUATION
  • BUT IT WAS A HUMAN ERROR THAT LED TO THIS
  • AND FOR US TO BE ABLE TO DECIPHER PDF AND JPEG FILES AND THE WAY EMAILS ARE WRITTEN AND IT'S A CHALLENGE AS WELL AS THEN THERE'S THE HUMAN ERROR ELEMENT THERE
  • AND THAT'S EXACTLY WHAT HAPPENED HERE
  • WE DO HAVE CONTROLS IN PLACE THAT HAVE HELD US IN A SAFE ENVIRONMENT UP TO THIS POINT
  • AND SO I JUST WANTED TO EMPHASIZE WITH REGARD TO THE WORK THAT WE'VE DONE IS WE ALSO NOW REQUIRE TWO SEPARATE CALLS TO MITIGATE THE RISK OF HUMAN ERROR
  • WE DON'T RELY ON ONE INDIVIDUAL AND THE TWO CALLS ARE MADE FROM SEPARATE PARTS OF OUR OPERATIONS
  • WE PICK UP THE PHONE, IT CAN BECOME A USELESS SUPPLIER, BUT IT PROTECTS PUBLIC FUNDS AND IT MITIGATES THE RISK EXPOSURE RELATED TO HUMAN ERROR
  • AND THAT'S WHAT WE'RE DOING
  • AND WITH REGARD TO THE COMPARATIVES THAT WE'VE DONE, THAT I INDICATED WITH REGARDS TO THE ACH PAYMENTS, IT'S BEEN DONE FOR THE LAST FOUR MONTHS AND WE HAVE NOT IDENTIFIED ANY FURTHER EXPOSURES WITH REGARD TO THIS
  • AND THAT'S WHERE I FEEL CONFIDENT
  • THESE ARE ISOLATED SITUATIONS AND I FEEL THE CONTROLS THAT WE HAVE IMPLEMENTED IMMEDIATELY
  • AND AS YOU FIND IN THE AUDIT RESPONSE, WE HAVE COMPLETED MANY OF THE RECOMMENDATIONS AND THESE RECOMMENDATIONS HAVE COME FROM OUR STAFF AS WELL, WHICH PARALLEL AUDIT RECOMMENDATIONS HAVE BEEN COMPLETED
  • BUT GENERALLY THE INTERNET CONTROLS AT THE PORT OF SEATTLE ARE STRONG AND THEY HAVE BEEN PROVEN TO BE EFFECTIVE OVER THE MANY YEARS AND THEY ARE BOTH IN THE CONTEXT OF SYSTEM CONTROLS
  • THEY AYE DETAILED IN THE MANAGEMENT RESPONSE AS WELL AS PROCESS CONTROLS
  • WE HAVE A CLEAR PROCESS WITH REGARDS TO WHAT EXPECTED
  • IT'S JUST SOMETIMES THERE'S AN ERROR MADE IN TERMS OF CONFORMANCE AND WE END UP WITH AN EXPOSURE HERE
  • ALSO, WE TOOK VERY SERIOUSLY WITH REGARD TO LOOKING AT THIS VERY COMPREHENSIVELY IMMEDIATELY IN TERMS OF OUR CONTROL CENTRIC, LEAN PROCESS IMPROVEMENT INITIATIVE CONTROL CENTRIC
  • SO WE LEVERAGED THE EXPERTISE OF THE LEAN SPECIALIST OF THE OFFICE OF STRATEGIC INITIATIVES TO FACILITATE A COMPREHENSIVE REVIEW WITH REGARD TO MITIGATING FURTHER RISK AND ENHANCING CONTROLS AND COORDINATING OUR PROCESSES
  • AND INVOLVED A DEDICATED INVOLVEMENT BY MANY PROFESSIONALS FROM THE CENTRAL PROCUREMENT OFFICE AS WELL AS THE ACCOUNTING FINANCIAL REPORTING DEPARTMENT AS WELL
  • AND THE TEAM HAS IDENTIFIED MANY IMPROVEMENTS
  • MANY HAVE BEEN IMPLEMENTED IMMEDIATELY THUS FAR TO TIGHTEN UP THE CONTROLS IN OUR ENVIRONMENT
  • I JUST LIKE TO ADDRESS A COUPLE OF THINGS THEN
  • WITH REGARD TO THE REFERENCE TO 58 EMPLOYEES, I JUST NEED TO CLARIFY HERE THAT IT'S NOT BROUGHT ANYBODY AT THE PORT OF SEATTLE CAN DO THIS STUFF
  • IN TERMS OF ENTERING THERE'S MADE REFERENCE TO 58 EMPLOYEES CAN ADD OR MODIFY SUPPLY INFORMATION NO EMPLOYEES CAN ADD OR MODIFY
  • AND PRECISE THAT THE SECOND PART OF THE EXPLANATION
  • TURN AUDIT ONLY WHEN IT'S AFTER IT IS VETTED AND APPROVED
  • BUT THE 15 EMPLOYEES ARE REALLY PREDOMINANTLY IN THE CENTRAL PREGNANT OFFICE AND THESE ARE PROFESSIONALS THAT ARE INVOLVED WITH THE PROCUREMENT AND THE LIGHTING OF THE CONTRACTS
  • AND THROUGH THAT PROCESS IS A RELIABLE PROCESS TO SECURE SUPPLIER INFORMATION
  • AND SO WITH REGARD TO THE SOURCE OF INFORMATION, IT IS PREDOMINANTLY FROM THE CENTRAL PROCUREMENT OFFICE BUYERS THAT HAVE THE DIRECT VENDOR RELATIONS THAT ESTABLISH THE MORE RELIABLE PROCESS TO OBTAIN SUPPLIER INFORMATION
  • WHAT WE'VE DONE HERE AT PARALLEL INTERNAL AUDIT RECOMMENDATION IS REQUIRED FIELDS THERE'S MENTIONED WITH REGARD TO THE SUPPLIER DATA FILE NOT BEING TOTALLY COMPLETE
  • IT'S A REQUIRED FIELD NOW
  • SO WHAT WE'VE DONE BASICALLY IS IMPLEMENTED IN TWO STEPS TO ENSURE THAT IT'S IMMEDIATE IMPLEMENTATION OF EFFECTIVE CONTROL
  • WE BUY BUSINESS PROCESS
  • WE RECEIVE A REQUEST TO ESTABLISH OR MAKE CHANGES TO A SUPPLIER
  • THE BUSINESS PROCESS IS IF WE FIND THAT THE INFORMATION THAT'S REQUIRED IS A COMPLETE DENIED AND SENT BACK TO THE REQUESTER PRIMARILY IN THE CENTRAL PREMIERE OFFICE TO OBTAIN THAT INFORMATION, WE HAVE SINCE LEVERAGE TECHNOLOGY TO IMPLEMENT A PROCESS IN THE SYSTEM THAT'S CALLED REQUIRED FIELDS AND THAT PARALLELS INTERNAL ARTIST RECOMMENDATIONS AS WELL
  • WHEN YOU SET UP A SUPPLIER, THESE ARE FIELDS YOU MUST ENTER OR YOU CANNOT GO TO THE NEXT STEP OF INITIATING A REQUEST TO SET UP OR MAKE CHANGES TO THE SUPPLIER
  • WHAT KEY BENEFIT IT PROVIDES HERE IS THAT WE ARE ABLE TO ONLY SOURCE ONE PLACE FOR VENDOR CONTACT PHONE NUMBER, WHICH IS THE VENDOR DATA FILE AND THAT'S SUPPORTED IN TERMS OF COMPLETENESS THROUGH THE REQUIRED DATA FIELDS AND PRACTICE NOW
  • AND SO WHEN WE GO THROUGH THE PROCESS, THROUGH THE ACCOUNTING DEPARTMENT TO PICK UP THE PHONE, WE SOURCE THAT INFORMATION IN TERMS OF THE CONTACT NUMBER AND THE NAME AND THE PORT CENTRAL DATA FILE FOR SUPPLIERS THAT WE HAVE A RELIABLE PROCESS IN TERMS OF MOVING FORWARD
  • AND ONE INTERESTING POINT COMMISSIONER JOE MENTIONED WITH REGARD TO CAN'T WE PUT THE ONUS ON THE VENDORS TO THE PORT INTO ENSURING VALIDITY OF THE INFORMATION? AND SO WE HAVE BEEN PROGRESSIVE AND MOVING AND WE WON'T STOP UNTIL WE TIGHTEN UP CONTROLS
  • AND WE'RE FINDING THAT THIS IS EMAIL COMPROMISE
  • WHAT HAS BEEN REFERRED TO HERE IS A HIGH RISK ENVIRONMENT FOR THE PORT OF SEATTLE OR ANY ENTITY WHEN WE HAVE TO TRAIN EMPLOYEES TO LOOK FOR PDF, JPEGS, BAD ENGLISH, AND SO WHAT WE'RE TRYING TO JUST FIND A WAY TO REDUCE THE AMOUNT OF COMMUNICATION, IN FACT MITIGATE WITH VENDORS
  • AND SO WE'RE LOOKING AT IMPLEMENTING AND THAT'S THE SUPPORT OF INFORMATION COMMUNICATION TECHNOLOGY DEPARTMENT LEVERAGING THE PEOPLE'S FINANCIAL SYSTEM, THE FRONT END CALLED VENDOR CONNECT AND WE AYE GOING TO ESTABLISH A BUSINESS PROCESS THAT THEY WILL NOT BE COMMUNICATED THROUGH THE EMAIL, BUT WE WOULD REQUIRE THE VENDOR TO ENTER INTO VENDOR CONNECT, ENTER THEIR DATA
  • THEN WE WOULD ACCESS THE CONTACT INFORMATION FOR THE VENDOR SUPPLIER AND THEN WE WOULD THEN CONTACT THE SUPPLIER VENDOR WITH REGARD TO VALIDATING AND VETTING THE REQUEST
  • MOVING FORWARD, BUT WE'RE MOVING FORWARD TO REDUCE THE AMOUNT OF EMAIL BECAUSE THIS IS JUST TOO RIPE FOR FRAUD
  • WITH REGARD TO BEING SPOOFED TOO EASY BEING SPOOKED
  • NO MATTER HOW WELL YOU'RE TRAINED, THERE'S THE RISK OF NOT SEEING WHAT YOU'RE SUPPOSED TO BE SEEING THAT YOU'RE TRAINED AND IT'S A COMPLEX EXPECTATION OF EVERYONE
  • THE OTHER HOWEVER, I DO RESPECT WITH REGARD TO THE 58 EMPLOYEES MENTIONED, ALTHOUGH THEY DO NOT HAVE THE ABILITY TO DIRECTLY MODIFY OR ADD A CHANGE, THEY HAVE TO GO TO THE VETTING PROCESS AND THEY ARE APPROPRIATELY SET WITH REGARDS TO PROFESSIONALS IN THE CENTRAL PROCUREMENT OFFICE REGARD TO PROCUREMENT CONTRACTS ADMINISTRATION LETTING
  • WHAT WE'RE DONE THOUGH ALREADY IS WE REMOVED THE ABILITY FOR ANYONE TO INPUT ACH BANKING INFORMATION THAT HAS BEEN REDUCED TO A TEAM WITHIN THE ACCOUNTS PAYABLE LEADERSHIP TEAM AND THEY WOULD HAVE THE DIRECT COMMUNICATION WITH THE SUPPLIER VENDOR CONTRACTOR IN TERMS OF ESTABLISHING THE ACH BANKING ACCOUNT INFORMATION IN THE SYSTEM
  • AND THEY WOULD ALSO INDEPENDENTLY MAKE THE CALL THAT'S THE FIRST CALL I MENTIONED WITH REGARDS TO THE SECOND CALL WOULD BE BY THE ACCOUNTING, FINANCE, REPORTING OR SERVICES TEAM TO VALIDATE AND EITHER APPROVE OR DENY THE CHANGE AS WELL
  • SO WE ARE MAKING PROGRESS WITH REGARD TO REDUCING EXPOSURE
  • AND IN FACT, WITH REGARD TO THIS REDUCTION, NOBODY CAN SEE THE BANKING ACCOUNT INFORMATION ANYMORE
  • WE HAVE CLOSED THAT OUT IN TERMS OF SUPPLIER DATA FILE, IT'S ONLY EXCLUSIVELY AVAILABLE TO THE FOUR TO FIVE TEAM MEMBERS IN THE ACCOUNTING DEPARTMENT
  • SO WE'RE PROTECTING SUPPLIER INFORMATION AS WELL
  • SO IF YOU COULD LOOK AT THE VARIOUS RECOMMENDATIONS, YOU'LL SEE THAT WE HAVE COMPLETED MANY OF THEM
  • MANY OF THEM HAVE PARALLELED WHAT HAS COME UP WITH OUR CONTROL CENTRIC LEAN PROCESS IMPROVEMENT TEAM
  • AND I LIKE TO ALSO MENTION THAT THE PORT OF SEATTLE IS VERY PROACTIVE WITH REGARD TO PROTECTING PUBLIC FUNDS
  • WE'RE NOT ONLY FOCUSED ON PREVENTATIVE CONTROLS, BUT WE UNDERSTAND LIFE IS NOT PERFECT AND WE ARE GOING TO END UP IN SITUATIONS WHERE THERE ARE POTENTIAL LOSSES AND WE KEEP THEM TO A MINIMUM
  • AND I'M GLAD THIS HAS BEEN KEPT TO A MINIMUM
  • AND OVER THE YEARS, WE APPROVED OUR COMMITMENT TO PUBLIC ACCOUNTABILITY OVER PUBLIC FUNDS, BUT NEVERTHELESS, THINGS CAN HAPPEN
  • SO THE PORT IS VERY PROACTIVE AND WE HAVE CRIME INSURANCE IN PLACE, AND ON THESE TWO INSTANCES, THERE'S A $25,000 DEDUCTIBLE, BUT IT'S BEING COVERED BY INSURANCE
  • SO THERE'S NOT GOING TO BE A PUBLIC FUNDS LOST BEYOND THE DEDUCTIBLE ON THIS
  • THAT'S THE FALLBACK THAT WE'RE LEVERAGING IN THE PORT OF SEATTLE'S RISK MANAGEMENT OFFICE IS NOW IN ACTIVE DISCUSSIONS WITH REGARD TO THE INSURER, AND WE'RE AT A POINT OF PROVIDING DOCUMENTATION
  • SO WE CAN SHOW THAT UP IN TERMS OF COVERAGE AS WELL AND IN TERMS OF DETECTIVE CONTROLS, I DEFINITELY EMBRACE INTERNAL AUDITS RECOMMENDATIONS
  • HOW WE CAN MOVE FORWARD
  • AGAIN, THOUGH, WE ALL ACKNOWLEDGE THAT PREVENTATIVE CONTROLS ARE THE BEST AND AVOIDANCE CONTROLS ARE THE BEST AS WELL, AND THAT'S WHAT WE'RE FOCUSING ON
  • BUT NEVERTHELESS, WE CAN HAVE SECONDARY AWARENESS THROUGH DETECTIVE CONTROLS
  • WE WILL WORK WITH INTERNAL AUDIT TO SEE WHAT CAN BE REASONABLY PROVIDED
  • WE CAN EASILY SHOOT EMAILS TO THE VENDORS, BUT THE PROBLEM IS SOME MAY NOT READ IT, SOME MAY NOT RESPOND
  • WE HAVE THAT EXPERIENCE WITH THE VETTING OF THE BANK ACCOUNT AND CHANGES WITH REGARD TO THAT
  • WE DON'T ALWAYS GET RESPONSES BACK FROM SUPPLIERS AS WELL, AND THAT'S AN INDEPENDENT ISSUED EMAIL, BUT NEVERTHELESS, THERE'S MERIT TALKING ABOUT DETECTIVE CONTROLS, ALTHOUGH WE ARE PRIMARILY FOCUSED ON PREVENTATIVE AND AVOIDANCE CONTROLS AS WELL
  • COMMISSIONER MOHAMED HAS A QUESTION
  • YES, THANK YOU, FIRST OF ALL, FOR ALL OF THE HELPFUL INFORMATION THAT YOU'VE PROVIDED THUS FAR
  • I JUST HAD A QUICK QUESTION
  • WHAT IS THAT DEDUCTIBLE AMOUNT? I KNOW YOU SAID WE HAVE INSURANCE
  • THAT'S RIGHT NOW
  • YES, COMMISSIONER
  • IT'S $25,000 DEDUCTIBLE FOR EACH INCIDENT, SO IT'D BE A $50,000 EXPOSURE HERE AGAINST PROBABLY $580,000 EXPOSURE, WHICH THE NET IS BEING COVERED BY INSURANCE
  • WHEN WE BECAME AWARE OF THIS
  • WE'RE AWARE OF NEEDING TO LEVERAGE THE INSURANCE COVERAGE
  • SO WE HAVE ALREADY ACCRUED THIS AGAINST THE 2021 BUDGET AND EXPENSE
  • AND WHEN WE MAKE PAYMENT AND WE ARE PROCEEDING AS WELL
  • IN YOUR INTEREST TO YOUTH OPPORTUNITY INITIATIVES PROGRAM, WE AYE VERY SENSITIVE TO THE CASH FLOW CHALLENGES THAT WE PULL SO WE DON'T GET THE MONEY TO ORGANIZATIONS IN OUR COMMUNITY AS TIMELY AS POSSIBLE
  • EXECUTIVE DIRECTOR METRUCK AND AFTER BEING CONSULTED WITH THE PORT POLICE WITH REGARD TO OUR INVESTIGATION AND LEGAL, WE FIND IT APPROPRIATE TO RELEASE PAYMENTS FOR THE FUNDS THAT WERE UNFORTUNATELY DIVERTED TO THE FRAUD PAYMENTS
  • AND WE'RE MOVING TO MAKE PAYMENT TO URBAN LEAGUE OF METROPOLITAN SEATTLE, AS WELL AS SEATTLE PARTS FOUNDATION NEXT WEEK
  • WE'RE GOING TO DO IT IN A MORE SAFE WAY, THOUGH
  • ANYTHING UNDER INVESTIGATION
  • I SHUT DOWN THE ABILITY TO PAY BY ACH UNTIL THE INVESTIGATION
  • WHAT WE'RE DOING IS WE'RE CUTTING CHECKS AND THERE'S GOING TO BE A DELIVERY OF THE CHECK TO A KNOWN CONTACT OF EACH OF THE AGENCIES TO THE REPRESENTATIVE AND ECONOMIC DEVELOPMENT WITH REGARD TO THE HANDING OF THE CHECK
  • AND THAT WILL HAPPEN NEXT WEEK AS WELL TO PROTECT THE PORT OF SEATTLE
  • THAT'S HELPFUL
  • I HAVE ONE OTHER QUESTION
  • I THINK NOW MORE THAN EVER, WE HAVE TO EXERCISE HEIGHTENED AWARENESS WITH JUST EVEN JUST THE THREATS THAT WE ARE SEEING FROM RUSSIA
  • SO I'M ALSO WONDERING IF THERE IS AND THIS MIGHT BE A QUESTION THAT WAS FOR BRUCE
  • I THINK EARLIER HE SAID THERE IS YEARLY TRAINING, THE PHISHING TRAININGS FOR STAFF MEMBERS
  • IS THAT CORRECT? THAT'S CORRECT
  • BRUCE, YOU WANT TO JUMP IN AND ANSWER THAT QUESTION? IT IS FOR ALL PORT EMPLOYEES, NOT CONTRACTORS, BUT PORT EMPLOYEES
  • OKAY, THAT'S GREAT
  • SO I'M JUST WONDERING, IN THIS SORT OF UNPRECEDENTED TIME THAT WE'RE IN, IF WE ARE CONSIDERING INCREASING THAT TO A MORE QUARTERLY BASIS, ARE WE CONSIDERING ADDING MORE REGULAR FISHING EXERCISES ACROSS THE PORT FOR EMPLOYEES? I'M THINKING OF THINGS LIKE A TEST THAT MAYBE INVOLVES AN EMAIL THAT GETS SENT TO AN EMPLOYEE THAT MAYBE RESEMBLES A MALICIOUS ATTEMPT TO GAIN THAT EMPLOYEES LOG IN AND IF THEY DO CLICK THE LINK OR SOMETHING ALONG THOSE LINES AND PROVIDE THEIR INFORMATION, AND THEN THEY'RE ASSIGNED A PREVENTATIVE PHISHING TRAINING IN ONE OF OUR PLATFORMS, BUT DOING THAT MORE SO ON A QUARTERLY BASIS AND NOTIFYING THEIR SUPERVISOR OR THEIR MANAGER TO JUST MAKE SURE THAT WE ARE RECOGNIZING THAT WE SHOULD BE EXERCISING JUST HEIGHTENED AWARENESS AND ENSURING THAT THIS IS ON THE TOP OF OUR EMPLOYEE'S MIND
  • WHILE THESE TRAININGS CAN'T PREVENT FRAUD FROM HAPPENING OR THESE SORT OF SCAMS FROM HAPPENING, I THINK WE ARE IN A VERY UNUSUAL TIME WHERE WE'RE SEEING THIS FRAUD ACROSS AGENCIES
  • SO IS THERE SOME CONSIDERATION TO MOVE THAT TRAINING FROM ONE YEAR TO MORE GOOD POINTS
  • I THINK RON JIMMERSON HAS THE ANSWER FOR YOU
  • GO AHEAD, RON
  • JEFFERSON, INFORMATION SECURITY HERE AGAIN ON COMMISSION
  • YES
  • WE ACTUALLY HAVE BEEN CONDUCTING QUARTERLY FISHING EXERCISES SINCE LAST YEAR
  • WE ACTUALLY CREATED A BASELINE OF THE LEVEL OF VULNERABILITY THAT WE FOUND OUR EMPLOYEES TO BE AT
  • AND AS OF THIS YEAR, WE REDUCED THAT BY 15%
  • SO THE ACTUAL NUMBER WE WERE UP TO ABOUT 21% LAST YEAR OF OUR EMPLOYEES BEING VULNERABLE TO THESE TYPES OF ATTACKS
  • WE'VE GONE THROUGH A MASSIVE AND PRETTY AGGRESSIVE INFORMATION AWARENESS TRAINING, AND WE BOUGHT MORE TO THE FOREFRONT
  • AND WE'RE NOT JUST PROVIDING TRAINING THROUGH OUR LMS SYSTEMS, WE'RE DOING IT IN A HOLISTIC MANNER WHERE WE'RE TRYING TO REALLY SHAPE THE CULTURE AROUND AN AWARENESS AND HOW WE'VE DONE THAT, AYE THROUGH SPECIAL MESSAGING THROUGH OUR EMPLOYEES, ESPECIALLY WHEN WE RECEIVE INTELLIGENCE TO HAVE HEIGHTENED AWARENESS AND THINGS THAT ARE TAKING PLACE AROUND OUR ORGANIZATION
  • WE HAVE SEMINARS THAT WE CONDUCT ON A MONTHLY BASIS, USER AWARENESS TRAINING
  • WE'VE GOT A SHAREPOINT SITE THAT OFFERS A VARIETY OF RESOURCES AND TOOLS THAT PEOPLE CAN CONNECT WITH, AND WE ARE PERSONALLY CONNECTING WITH THOSE THAT WE THINK AYE VERY INVULNERABLE POSITIONS THAT WE KNOW WE NEED TO WORK WITH A LITTLE BIT MORE AND THINGS LIKE THAT
  • SO IT'S AN ONGOING CAMPAIGN TO MAKE SURE THAT OUR FOLKS ARE STAYING CURRENT AND INDIVIDUAL
  • AND I'LL JUST ADD VERY QUICKLY, OUR LEARNING MANAGEMENT SYSTEM
  • WE HAVE RECENTLY SWITCHED VENDORS, SO WE'RE GOING TO BE PROVIDING SOME TRAINING THAT'S A LITTLE BIT MORE ROUNDED AROUND USER BEHAVIOR FROM WHAT WE SEE ON OUR PART AS WELL
  • SO SOME OF THE NUMBERS AND THINGS LIKE THAT THAT FOLKS SHOW UP ON TRAINING AREN'T ACTUALLY ACCURATE BECAUSE OF THE WAY OUR LMS SYSTEM WAS UPGRADED LAST YEAR
  • SO WE'RE STILL WORKING THE BUGS OUT OF ALL THAT JUST TO SEE EXACTLY WHERE WE ARE
  • BUT WE'VE GOT SOME MECHANISMS THAT WE'RE PUTTING IN PLACE TO MAKE SURE THAT WE'RE MONITORING WHO SAID WHAT KIND OF THING
  • SO I HOPE THAT ANSWERS YOUR QUESTION THAT DOES THAT'S SUPER HELPFUL
  • AS STEWARDS OF PUBLIC DOLLARS, I THINK IT'S GREAT FOR THE PUBLIC TO HEAR THIS AS WELL
  • THAT AS A PORT WORK, CONTINUING TO BE TRANSPARENT AND HAVING THESE CHANNELS IN PLACE TO ENSURE THAT OUR EMPLOYEES AYE TRAINED AND THEY KNOW WHAT'S HAPPENING OUT THERE AS WELL
  • AND IT'S ALSO GOOD TO KNOW THAT WE'RE CONTINUING TO WORK WITH LAW ENFORCEMENT AND SECURITY STAFF ON INVESTIGATING THESE TYPES OF CRIMES WHEN THEY DO HAPPEN
  • SO THANK YOU FOR ALL THE INFORMATION YOU'VE ALL PROVIDED
  • CAN I ALSO ADD REAL QUICKLY, WE EMBARKED ON AN INITIATIVE FOR EMPLOYEE COMMITMENT AND CYBER SECURITY WHERE EMPLOYEES WOULD SIGN UP AND MAKE A PLEDGE THAT THEY WOULD DO THEIR PART TO BE VIGILANT IN THIS PROCESS
  • AND I DON'T HAVE THE EXACT NUMBERS, BUT WE HAVE A VERY LENGTHY LIST OF INDIVIDUALS THAT HAVE GONE OUT OF THEIR WAY TO COMMIT THEMSELVES TO BEING PART OF THIS EFFORT
  • YEAH
  • ALSO IN THE INTEREST OF TIME, MICHELLE JUST PINNED US AND SAID, WE'RE RUNNING UP AGAINST OUR TIME
  • RON, ARE YOU GOING TO DISCUSS THE LAST ISSUE RESPONSE OR RUDY, IS RUDY GOING TO I CAN TAKE THAT OVER
  • I TRIED TO PREVIEW SOME OF THAT, BUT GOING BACK TO CREATING AND SHAPING THE CULTURE OF CYBERSECURITY
  • SO THE LEARNING MANAGEMENT SYSTEM WAS UPGRADED IN JUNE LAST YEAR
  • THERE HAVE BEEN SOME BUGS INTO THAT
  • SO WE'RE NOT ACTUALLY GETTING ACCURATE REPORTS AS TO WHO'S RECEIVING THE RETRAINING
  • AND I THINK COMMISSIONER CHO WAS A VICTIM OF HATE AS WELL
  • BUT ONCE THIS NEW SYSTEM THAT WE HAVE IN PLACE, ONCE WE GET THAT ALL PULL UP AND RUNNING, WE'RE GOING TO GET A LITTLE BIT MORE ACCURATE LISTING OF NOT ONLY WHO'S HAD THE TRAINING, BUT HOW WE CAN MONITOR THAT BETTER
  • SO WE PUT IN THE PROCESS IN FOR THAT
  • AND GOING BACK TO THE AFR FOLKS IN PURCHASING AND CPO SERVICE AGREEMENTS AND THINGS LIKE THAT, WE HAVE ALREADY CONDUCTED SPECIAL TRAINING FOR THOSE FOLKS BASED OFF THE RECOMMENDATIONS OF THE AUDIT TEAM
  • SO WE FOLLOWED THAT
  • WE'VE COMPLETED THAT
  • AND THEN I SPOKE ALREADY ABOUT THE EFFICIENT CAMPAIGN THAT WE RAN LAST MONTH BEEN INVOLVED ABOUT OVER TWO, 2000 HUNDRED PERSONNEL, AND THEN JUST ONCE AGAIN DID THE RESOURCES THAT WE HAVE OUT THERE
  • THIS IS AN ONGOING PROCESS AND IT'S A CONTINUING CAMPAIGN WHICH IS SUPPOSED TO BE
  • SO IF YOU'VE GOT ANY QUESTIONS, I'M HERE TO ANSWER
  • AND RUDY, WE'RE ABOUT OUT OF TIME
  • I SEE YOUR HAND UP
  • DO YOU WANT ANY FINAL COMMENTS? YES
  • THANK YOU SO MUCH, GLENN
  • NOW, I JUST WANT TO EMPHASIZE WHAT RON JUST INDICATED THERE
  • AND WE MADE IT A TOP PRIORITY, REALIZING THAT IT WASN'T A COMPLETE RECORD WITH THE GUY WHO WAS TRAINED
  • AND WE MADE A TOP PRIORITY TO TRAIN BOTH ALL OF THE AFR DEPARTMENT STAFF AS WELL AS CPU STAFF AND AS WELL AS THEM
  • JUST TWO AND A HALF YEARS AGO, AFR STAFF WAS A MANDATORY TRAINING AS WELL ON SECURITY
  • IT'S JUST BEEN A GAP WITH REGARD TO THIS, BUT WE'RE TAKING TRAINING VERY SERIOUSLY
  • THANK YOU, GLENN
  • I NEED TO PASS SO THAT WE CAN RESPECT THE TIME FOR COMMISSIONER, BUT THANK YOU SO MUCH, COMMISSIONER CHO AND MOHAMED, FOR YOUR INSIGHT GUIDANCE
  • AND JUST PLEASE BE SURE
  • AND I NEED TO EMPHASIZE THIS IN PUBLIC TO THE PUBLIC
  • LISTEN TO THIS
  • WE ARE VERY COMMITTED TO PUBLIC ACCOUNTABILITY AND INTEGRITY, AND WE HAVE DEMONSTRATED THAT WE JUST BEEN SPOOKED HERE, BUT WE'RE NOT GOING TO LET THIS HAPPEN AGAIN
  • MICHELLE, IF YOU CAN ADVANCE US TO THE FIRE STATION, THE NEXT AUDIT, COUPLE NEXT SLIDE
  • KEEP GOING
  • ONE MORE AND ONE MORE
  • OKAY, I'M JUST CATCHING UP IN HERE
  • THERE WE GO
  • THERE WE GO
  • SO, COMMISSIONER, UNLESS YOU HAVE ANY OTHER QUESTIONS ON ACH, I WILL NOTE, THOUGH, ON THAT, JUST ONE CLOSING COMMENT
  • WHEN YOU DO GO BACK TO INSURANCE COMPANIES, THEY GENERALLY OFTEN GET YOU BACK BY RAISING YOUR RATES
  • SO THE BEST CONTROL IS TO HAVE STRONG FINANCE CONTROLS
  • AS RUDY SAID ON THIS AUDIT, WE PARTNERED WITH JANISON AND HER TEAM IN CONSTRUCTION MANAGEMENT
  • WE HAVE A REALLY GOOD WORKING RELATIONSHIP WITH THEM
  • THEY MANAGE THE CONSTRUCTION OF PROJECTS
  • WHEN YOU DECIDE TO BUILD SOMETHING LIKE FIRE STATION, THERE ARE MANY GROUPS INVOLVED
  • THERE'S PROGRAM MANAGEMENT, THERE'S EXECUTIVE, AND THEN THERE'S THE FIRE DEPARTMENT
  • BUT WHEN THE CONSTRUCTION IS BEING DONE, I BELIEVE THAT ALL FALLS INTO JANICE'S TEAM
  • AND THIS IS WHAT WE DID OVER HERE
  • WE LOOKED AT THE WEST SIDE FIRE STATION
  • IT'S A STANDALONE BUILDING, A FIRE STATION NEXT TO THE PACCAR HANGAR ON THE NEXT SLIDE OF THE FIRE STATION
  • I MEAN NEXT SLIDE OF THE AIRPORT
  • SO IT'S BY RUNWAY THREE
  • AND I BELIEVE IN ABOUT 2015
  • INITIALLY, THERE WAS A NEED IDENTIFIED BECAUSE OF SOME CONSTRUCTION TO GET FIREMEN TO THE MIDDLE OF RUNWAY THREE IN A CERTAIN AMOUNT OF TIME AND COULDN'T BE DONE FROM THE REGULAR FIRE STATION
  • SO THEY NEEDED A FACILITY
  • AND LATE 2015, WE RENTED A COUPLE OF ROOMS FOR THEM IN THE PACK OUR HANGAR, AND WE PUT A MAKESHIFT SHELTER FOR THE FIRE METRUCK OVER THERE
  • AND THERE WAS A PLAN TO BUILD OR LOOK AT IT, CREATE SOME SHELTER FOR THEM
  • THIS HAS BEEN A LONG PROCESS
  • IT'S BEEN IN PROCESS FOR A WHILE
  • IT ORIGINALLY CAME TO THE COMMISSION WITH A MODULAR DESIGN USING DESIGN BID BUILD METHODOLOGY, AND IT WAS ABOUT FIVE AND A HALF MILLION
  • IT STARTED OFF WITH THAT, BUT THERE WERE SOME CHANGES
  • IT WENT OUT AS A FULL FLEDGED BUILDING EVENTUALLY AND YOU CAN FROM THE STATE WILL SEE THE BUDGET INCREASES
  • AND I THINK PART OF THIS IS JUST BECAUSE THE TIME IS TAKEN AND THE CHANGES THAT HAVE OCCURRED
  • NEXT SLIDE, PLEASE
  • AND SPENCER, I'M GOING TO HAVE YOU JUMP IN ALSO AS I TALK, I'M GOING TO INTRODUCE YOU BEFORE YOU HAND IT OFF TO JANICE
  • YOU CAN TALK THROUGH SOME OF THE WORK YOU'VE DONE
  • SPENCER BRIGHT IS OUR CAPITAL AUDIT MANAGER THAT DID THE WORK HERE
  • AND HE IDENTIFIED WHEN HE LOOKED AT THIS THAT EVEN BEFORE IT WAS HANDED OFF TO CONSTRUCTION MANAGEMENT, THERE WAS SOME DESIGN WORK THAT WAS DONE WITH ARCHITECTURAL AND ENGINEERING CONSULTANTS THAT DESIGNED THE OLD FACILITY BEFORE IT WAS MOVED TO THE NEW STANDALONE BUILDING
  • AND THERE WERE SOME SUNK COSTS THERE
  • ABOUT $850,460 WAS IN DESIGN
  • THE REST WAS JUST BECAUSE STAFF HAD WORKED A LOT OF TIME WHEN WE CHANGED TRACKS, ESSENTIALLY, THE CONTRACT WITH MACROS WAS EVENTUALLY SIGNED FOR FOUR POINT 95 MILLION
  • AND THERE AYE SOME CHANGE ORDERS
  • AND ALTHOUGH MACRO'S EAST CONTRACT ENDED UP AT ABOUT FIVE, SIX IN TOTAL, THERE'S A LOT OF SOFT COST
  • SO WHEN YOU HAVE A PROJECT SITTING OUT THERE FOR A LONG TIME AND THE CONTRACTOR TAKES A LOT OF TIME TO DO IT, THE PORT IN TURN INCURS COSTS
  • SO THAT'S KIND OF WHY THE BUDGET INCREASES AND THE SOFT COSTS THAT KIND OF RUN UP ACCORDINGLY
  • THE PROJECT IS WAY BEHIND SCHEDULE ON THE BACKGROUND
  • SPENCER, ON THIS, IS THERE ANYTHING ELSE YOU WANT TO ADD OR ANYTHING I MISS? NO, THAT SOUNDS GOOD, GLENN
  • YEAH
  • SO NEXT SLIDE, PLEASE
  • AND I'LL HAND IT OVER TO SPENCER, ESPECIALLY OF THIS
  • I THINK SPENCER RELAYED BACK TO US THAT CONSTRUCTION MANAGEMENT DID EVERYTHING THEY CAN COULD
  • THEY DID A GREAT JOB
  • THIS PARTICULAR ISSUE IS ALL MCT
  • MCT TOOK A LONG TIME AND THEY WERE A VERY DIFFICULT VENDOR TO WORK WITH, FROM WHAT I UNDERSTAND
  • BUT IN SOME RESPECTS
  • BUT SPENCER, YOU CAN PROVIDE INSIGHT INTO THAT
  • GOOD AFTERNOON, COMMISSIONER
  • AS GLENN MENTIONED, I'M SPENCER BRIGHT, THE CAPITAL PROJECTS AUDIT MANAGER
  • WE HAD, OUT OF THE ABOUT FIVE AREAS THAT WE REVIEWED, THERE WERE TWO THAT WE HAVE PROVIDED SOME OBSERVATIONS, THE OTHER AREAS WE DIDN'T FIND ANYTHING TO REPORT
  • EVERYTHING LOOKED GOOD
  • SO ON THE FIRST ISSUE HERE, MCT HAD NOT COMPLETED THE PROJECT FILE THE CONTRACTUAL SUBSTANTIAL COMPLETION DATE, WHICH RESULTED NOT ONLY IN THE PORT INABILITY TO UTILIZE THE NEW FIRE STATION, BUT THE PORT IS ALSO INCURRING ADDITIONAL OVERSIGHT COSTS
  • AND THEN SO CONTRACTUALLY, WHEN A CONTRACTOR DOES NOT COMPLETE A PROJECT ON TIME, THE PORT IS ENTITLED TO PURSUE LIQUIDATED DAMAGES TO HELP RECOVER THESE ADDITIONAL COSTS OR FOR THE FIRE STATION, THE PORT CONSTRUCTION MANAGEMENT TEAM PROVIDED MCT MULTIPLE OPPORTUNITIES TO GET THE PROJECT BACK ON TRACK, AND IF THEY HAD DONE THAT, THE PORT WAS WILLING TO FOREGO ASSESSING ANY LIQUIDATED DAMAGES
  • HOWEVER, MCT WAS UNRESPONSIVE TO THOSE OPPORTUNITIES
  • FOR PURPOSES OF OUR AUDIT CALCULATION OF LIQUIDATED DAMAGES, WE USED MARCH 31 AS THE DATE TO ESTIMATE THAT AT THAT TIME, THE PORT IS ENTITLED TO APPROXIMATELY $680,000 IN LDS
  • THE PORT HAS ALREADY WITHHELD 300,000 FROM PREVIOUS MONTHLY PAY ESTIMATES, WITH THE ANTICIPATION THAT THERE WERE GOING TO BE LIQUIDATED DAMAGES TO PURSUE
  • ADDITIONALLY, THE PORT WILL BE INCURRING APPROXIMATELY $200,000 IN ADDITIONAL INSPECTOR COSTS THAT WERE NOT INCLUDED IN THE LIQUIDATED DAMAGE DAILY CALCULATION
  • THOSE COSTS WILL NOT BE COLLECTIBLE
  • THE REASON BEING WAS THE ORIGINAL DAILY CALCULATION CONSIDERED THE COST OF HAVING AN IN HOUSE DAILY INSPECTOR INSTEAD OF THE COST FOR USING AN OUTSIDE CONSULTING FIRM, WHICH WAS THE CASE
  • NEXT SLIDE, PLEASE
  • WE PROVIDED TWO RECOMMENDATIONS
  • THE FIRST ONE, OF COURSE, IS PORT CALCULATE AND PURSUE LIQUIDATED DAMAGES UPON COMPLETION OF THE PROJECT
  • AND THE SECOND RECOMMENDATION IS MORE OF A GENERALIZED RECOMMENDATION FOR FIXED FUTURE PROJECTS TO CONSIDER CRITERIA OF CONTRACTORS PERFORMANCE THAT MIGHT HELP MITIGATE POTENTIAL SCHEDULE SLIPPAGE PROJECTS IN THE FUTURE
  • NEXT SLIDE
  • I'M SORRY, WHY DOESN'T THE RECOMMENDATIONS ADDRESS ANY OF THE COST OVERRUNS? I'M SORRY COMMISSIONER, CAN YOU REPEAT THAT? ARE WE GOING TO TALK ABOUT THE COST OVERRUN SOME PROJECT OR I DON'T SEE ANY RECOMMENDATIONS ON HOW WE CAN ADDRESS WHY THIS PROJECT COST TWICE WHAT IT WAS ORIGINALLY PROJECTED TO COST
  • LET'S SEE HERE AND MAYBE JANICE WHEN SHE COULD PROVIDE MAYBE SOME BETTER OR ADDITIONAL INFORMATION
  • I DO KNOW
  • FOR ONE, THERE IS DEFINITELY AN INCREASE IN COST BY THE SWITCH IN THE PROJECT FROM WHEN IT WAS ORIGINALLY GOING TO BE A DESIGN BID BUILD AND THE DESIGN WAS FULLY COMPLETE
  • AND THEN THE PROJECT METHODOLOGY CHANGED AND ALL OF THOSE COSTS BASICALLY BECAME SOME COSTS THAT WAS CLOSE TO A MILLION DOLLARS IN TOTAL BETWEEN PORT COSTS AND DESIGN COSTS
  • SO THAT DEFINITELY PLAYED A ROLE INTO COSTS
  • BUT I SEE
  • JANICE, DO YOU HAVE ANY INSIGHT, JANICE, OR DO YOU THINK THAT COULD PROBABLY BE MORE ON MAYBE A PROJECT MANAGEMENT STAFF MEMBER? IF THEY'RE AVAILABLE AS TO WHY WE WENT FROM SOMEONE FROM PROJECT MANAGEMENT IS AVAILABLE, THEY WOULD BE THE MOST APPROPRIATE TO COMMENT ON THIS
  • IF WE DON'T HAVE SOMEONE, I CAN CERTAINLY PROVIDE SOME CONTEXT
  • I'M LOOKING HERE, I DON'T SEE WAYNE ON
  • SO WHY DON'T I JUST GIVE SOME CONTEXT? SO INITIALLY FOR THIS PROJECT, THE TEAM BELIEVE THAT THIS COULD BE A MODULAR BUILDING WHICH THEN WOULD COME ONTO THE JOB SITE
  • UNFORTUNATELY, BECAUSE OF THE LAYOUT OF THIS PARTICULAR LOCATION ON THE OPPOSITE SIDE OF THE RUNWAY, THE ACCESS IS SUCH THAT THE TEAM DIDN'T BELIEVE THAT A MODULAR WOULD ACTUALLY BE ABLE TO EASILY COME ONTO THE JOB SITE WITHOUT HAVING TO SHUT DOWN THE RUNWAY AND HAVE IT COME ALL THE WAY ACROSS
  • AND SO WHAT THAT MEANT THEN IS THE TEAM STARTED TO LOOK AT WHAT ARE SOME OTHER WAYS THAT WE COULD DELIVER THE PROJECT INSTEAD OF EXPECTING IT TO BE A MODULAR CONSTRUCTION
  • AND SO ALL OF THOSE PERMUTATIONS RESULTED IN SOME ADDITIONAL COST
  • I WOULD SAY THAT THE OTHER PART OF WHAT DROVE THE COST
  • AND PERHAPS I SEE KYLE FROM CPO ON HERE
  • SO HE CAN ALSO COMMENT THAT THIS IS A VERY MESSY PROJECT FROM THE STANDPOINT OF THE PROXIMITY TO THE RUNWAY ITSELF
  • SO WE ONLY RECEIVED PROPOSALS FROM THREE PROPOSERS AND ONLY TWO OF WHICH WE FOUND TO BE RESPONSIVE TO ADVANCE TO THE FINAL PRICING
  • AND SO WHEN YOU DON'T HAVE A REALLY COMPETITIVE MARKET OF A LOT OF PROPOSERS THAT ARE INTERESTED IN THE PROJECT, THEN IT CREATES SOME ISSUES FOR COST
  • I WOULD SAY THAT IN SPITE OF THAT, THE TWO PROPOSALS WE GOT, THIS PARTICULAR ONE WITH MCT, WAS JUST ABOUT $5 MILLION
  • AND I BELLEVUE THAT THE SECOND PROPOSER, KYLE, WAS CLOSER TO 8 MILLION
  • IF YOU COULD UNMUTE AND MAYBE COMMENT, I WANT TO MAKE SURE I DON'T PROVIDE ERRONEOUS INFORMATION
  • KYLE
  • YEAH, THANKS, JANICE
  • I WOULD HAVE TO VERIFY AS WELL
  • I DO REMEMBER SOMETHING LIKE 7.9 MILLION, BUT I WILL VERIFY WHAT YOU'RE DISCUSSING
  • YEAH
  • AND COMMISSIONER, IF I CAN CHIME IN
  • SO YOUR QUESTION WAS THE AUDIT FOCUSED SPECIFICALLY ON THE CONSTRUCTION AND THIS PARTICULAR CONTRACT? WE DID LOOK AT OPTIONS AND SCENARIOS BACK IN 2018, AND THERE WAS A LOT OF COMMISSION NOISE DISCUSSION, CONCERN ABOUT HOW THIS COST THIS WAS GOING UP A LITTLE BIT, BUT THE FOCUS OF THIS AUDIT WAS EXCLUSIVELY ON THE CONSTRUCTION CONTRACT
  • SO THAT'S WHY YOU DON'T SEE IT IN THIS
  • SO, GLENN AND COMMISSIONER, IF YOU HAVE AN INTEREST STAFF TO CERTAINLY PUT TOGETHER A SEPARATE MEMO WITH MORE INFORMATION ABOUT THE HISTORY OF THE PROJECT AND WHAT LED TO WHERE WE ARE TODAY, BECAUSE AS GLENN SAID, IT WASN'T A SUBJECT OF THIS PARTICULAR AUDIT
  • BUT CERTAINLY I THINK THAT THERE IS A LOT OF INFORMATION ABOUT THE CHRONOLOGY AND HOW WE GOT TO WHERE WE ARE TODAY
  • THAT WOULD BE HELPFUL
  • I SEE SOME HEAD NODS
  • OKAY, THAT'S RIGHT
  • BACK TO YOU FOR YOUR NEXT ISSUE
  • I GOT IT
  • SO THE SECOND ISSUE IS RELATED TO CHANGE ORDERS, SPECIFICALLY THE COVID-19 EXPENSE REIMBURSEMENT CHANGE ORDER
  • THE INTENT OF THIS PARTICULAR CHANGE ORDER WAS WHEN COVID 19 AYE
  • AND STATE STARTED MAKING MANDATES TO ALLOW CONSTRUCTION PROJECTS TO RESUME
  • WITH SAFETY MEASURES IN PLACE, THE PORT REALIZED THAT CONTRACTORS WOULD BE INCURRING ADDITIONAL COSTS
  • AND THE PORT ALSO WANTED TO IMPLEMENT ADDITIONAL MEASURES BEYOND STATE MANDATES TO HELP MITIGATE THE POTENTIAL RISK OF COVID CASES
  • SO WHAT WE LOOKED AT WAS THE REIMBURSEMENT COMPARED TO WHAT THE PORT COURT ISSUED A LETTER ON HOW AND WHAT WOULD BE REIMBURSED
  • CAN YOU NEXT SLIDE, PLEASE, MICHELLE? SO OVERALL, THE BIGGEST AREAS THAT WE FOUND ERRORS IN POTENTIAL OVER BILLING WERE INSTANCES WHERE THE PORT WAS BILLED FOR ONE OF THEIR COVID SUPERVISORS STATING THE SUPERVISOR WAS ON SITE
  • BUT OUR REVIEW IDENTIFIED THAT THEY WEREN'T ON SITE OR ONE SUPERVISOR IN PARTICULAR THAT POTENTIALLY COULD BE ALLOWABLE REIMBURSABLE, BUT WE WERE NOT PROVIDED THE DOCUMENTATION THAT WE REQUESTED, SO WE COULDN'T VERIFY THOSE COSTS
  • AND THEN LESTER AREA WAS THE BILLABLE RATES THAT THE PORT WAS CHARGED AT $89 FLAT RATE WAS DIFFERENT THAN THE COVID SUPERVISOR'S ACTUAL PAY RATE OF $52, WHICH THE PORT LETTER STATED THAT ACTUAL COSTS WOULD BE REIMBURSED
  • YEAH
  • SPENCER, IF I CAN JUMP IN, WHAT DO YOU THINK? COMMISSIONERS HAVE BEEN SEEING A LOT OF COVID CHANGE ORDERS, AND GENESIS KIND OF SENT A VERY CLEAR MESSAGE TO PEOPLE THAT THEY CAN'T DO THIS
  • PEOPLE CHARGE US FOR THINGS THAT THEY'RE NOT SUPPOSED TO
  • AND WE'VE SEEN THIS SEVERAL TIMES
  • COVID SUPERVISORS THAT ARE SUPPOSED TO BE ON SITE, AND THEN SPENCER AND TEAM WILL FIND THAT THEY'RE NOT THERE OR YOU GET BILLED FOR HOURS OR RATES THAT ARE DIFFERENT
  • SO IT'S PART OF WHY WE DO THE AUDITS TO IDENTIFY THESE THINGS
  • HISTORICALLY, JANICE'S, TEAM WOULDN'T HAVE ACCESS TO A LOT OF THIS STUFF
  • SPENCER DOES GO OUT TO LNI AND GET REPORTS FROM THEM
  • SO YOU CAN CROSS CHECK EVERYTHING AND SAY, HEY, WAIT A MINUTE, YOU SHOULDN'T BE BILLING US FOR THESE THINGS
  • SO OPPORTUNITIES TO CLEAN UP
  • AND SPENCER, YOU WANT TO GO TO YOUR RECOMMENDATION AND THEN THE INTEREST OF TIME, CLOSE THAT, PASS IT OVER TO JANICE
  • YEAH
  • IF WE COULD JUST GO THROUGH
  • HOLD ON
  • YES, COMMISSIONER, I HAD A QUICK QUESTION
  • YOU SAID, DIRECTOR GLENN, THAT PEOPLE CHANGE AND CHARGE US FOR THINGS THAT THEY'RE NOT SUPPOSED TO
  • IS THERE, LIKE CONTRACT TEMPLATES THAT WE COULD PUT IN PLACE OR HAVE IN PLACE THAT THEY'RE EITHER BREACHING OR WE COULD INCORPORATE TO ENSURE THAT DOESN'T HAPPEN? WHAT ARE THE PREVENTED MEASURES, OR IS THE PORT OF THE RECOMMENDATION? THERE'S DEFINITELY CONTRACT LANGUAGE THAT SAYS THEY SHOULDN'T DO THAT
  • BUT, JANICE, I DON'T KNOW HOW YOU'RE I WANT TO PROVIDE AN EXAMPLE
  • SO WHAT WE'RE TALKING ABOUT IS THAT WHAT WE EXPECT IS TO HAVE A DEDICATED COVID SUPERVISOR TO MAKE SURE THAT WE AYE KEEPING WORKERS AS SAFE AS POSSIBLE
  • SO IN LOOKING AT PAYROLL RECORDS, THAT INTERNAL AUDIT WAS ABLE TO PULL ADDITIONAL RECORDS FOR THAT
  • WHAT THEY DISCOVERED IS THAT PERHAPS THE COVID SUPERVISOR WAS ON SITE FOR HALF A DAY, BUT NOT FOR THE WHOLE DAY, OR THAT WHEN THEY LOOKED AT THE ACTUAL PAYROLL INFORMATION, THEY WERE SPENDING HALF THE DAY AS A COVID SUPERVISOR
  • BUT THE OTHER HALF, MAYBE THEY WERE DOING QUALITY CONTROL DUTIES, WHICH WOULD NOT BE PART OF THE REIMBURSEMENT
  • WHAT THEY'VE IDENTIFIED HERE IS WHERE THOSE FORCE ACCOUNT SHEETS THEY SIGN ON THE BOTTOM ATTESTING TO THE ACCURACY OF THE INFORMATION
  • AND THEN WHAT THEY'RE FINDING WHEN THEY DIG INTO ADDITIONAL RECORDS
  • THAT IS NOT CUSTOMARILY
  • WHAT WE DO FOR VALIDATION, THEY'RE FINDING THAT THESE ERRORS ARE OCCURRING, AND THEY APPEAR TO BE ONLY DURING THESE COVID CHANGE ORDER PIECES, BECAUSE I BELIEVE THAT IN THE LAST SEVERAL YEARS, WE'VE DONE MANY AUDITS OF FORCE ACCOUNTS WITHOUT ISSUE, BUT CERTAINLY FOR THE COVID FORCE ACCOUNTS, WE HAVE IDENTIFIED SOME ISSUES WHERE COLLATERAL DUTIES WOULD MEAN THAT WE DON'T PAY FOR THE ENTIRE EIGHT HOUR DAY BECAUSE THEY WERE NOT DEDICATED SOLELY ON COVID ACTIVITIES AS A SUPERVISOR
  • SO THIS RECOMMENDATION WE WILL TAKE A LOOK AT FOR OUR STANDARD OPERATING PROCEDURES, WHAT ADDITIONAL MEASURES WE SHOULD CONSIDER TO IDENTIFY WHEN THESE FACTUALLY INCORRECT PIECES OF INFORMATION ARE BEING PRESENTED TO US, BECAUSE THE WAY WE EXPECT ACCOUNTABILITY FROM THE CONTRACTOR, THAT'S WHY WE ASKED THEM TO ATTEST TO THE ACCURACY WHEN THEY SIGNED THE NAME TO THE SHEET SAYING THAT THIS IS HOW MUCH FORCE ACCOUNT IS BEING DONE HERE'S, WHO IS PERFORMING THE WORK, AND HERE IS THE HOURS
  • SO WE ARE GOING TO TAKE A LOOK AT WHAT WE MIGHT WANT TO DO DIFFERENTLY TO TRY TO IDENTIFY IDS AS PART OF OUR EVERYDAY ACTIVITIES
  • THE ISSUE HERE, THOUGH, IS THAT IT DOES INCUR ADDITIONAL ADMINISTRATIVE COST FOR US TO TAKE ON ADDITIONAL REVIEW OF RECORDS AND PULL MORE RECORDS
  • SO WE WANT TO WORK WITH LEGAL AND CPO TO LOOK AT WHAT OTHER MEASURES YOU MIGHT WANT TO TAKE TO PREVENT THIS FROM HAPPENING IN THE FUTURE
  • AND THEN IN THIS PARTICULAR SCENARIO, WE ARE GOING TO, AS PART OF THE RECONCILIATION OF THAT CHANGE ORDER, RECOVER ANY AMOUNTS THAT WERE OVERPAID FOR COVID COST, WHERE THEY BUILD MORE THAN THEY HAD ACTUALLY INCURRED AS COSTS, BECAUSE THIS IS A REIMBURSABLE
  • SO WHAT WE'RE SAYING TO CONTRACTORS IS TO KEEP OUR WORKERS SAFE, WE'RE PAYING THE ACTUAL COST YOU INCURRED FOR THAT COVID SAFETY AND CULVERT SUPERVISOR
  • THANKS FOR THAT, JANICE
  • IS THERE ANYTHING ELSE, OR IS THERE MORE TO THIS PRESENTATION? GLENN, THIS IS IT
  • JANICE, ON THE FIRST ISSUE, ON THE LIQUIDATED DAMAGES, I'M GUESSING YOU CONCUR WITH SPENCER AND WE'RE GOOD THERE
  • SO THAT'S IT, COMMISSIONER
  • THAT'S THE END OF OUR DISCUSSION FOR PUBLIC SESSION
  • GREAT
  • ANY LAST QUESTIONS, COMMISSIONER HAMDI? NO, THANK YOU
  • THANK YOU FOR THIS PRESENTATION
  • PERFECT
  • OKAY
  • WELL, WITH THAT, WE HAVE NO SCHEDULE, LIMITED CONTRACT COMPLIANCE AUDITS FOR DISCUSSION TODAY
  • AND ITEM IS NUMBER NINE AND TEN ON THE AGENDA ARE SECURITY SENSITIVE IN NATURE, SO WE'RE GOING TO BE DISCUSSING THIS IN NON PUBLIC SESSION, SO WE WILL MOVE THE CLOSING COMMENTS AT THIS TIME
  • MS FERNANDEZ, DO YOU HAVE ANY CLOSING COMMENTS? I DO NOT, COMMISSIONER
  • OKAY
  • COMMISSIONER MOHAMED? NO, THANK YOU
  • WELL, I JUST WANTED TO BEFORE WE COVID ON TO THE FIRE STATION CONVERSATION, I DID WANT TO SAY REGARDING THE ACH FRAUD THAT I REALIZED IT'S AN UNFORTUNATE SCENARIO AND IT'S UNFORTUNATE THAT WE HAD TO GO THROUGH THIS PROCESS, BUT I FEEL LIKE THIS IS A GREAT LEARNING MOMENT FOR THE ORGANIZATION
  • I WANT TO THANK RUDY AND GLENN FOR KIND OF TAKING AYE
  • HEAD ON AND ROLLING WITH THE PUNCHES
  • I UNDERSTAND THAT SOMETIMES SOME OF THESE ADMINISTRATIVE PROCEDURES CAN BE TEDIOUS AND IT CAN TURN TO BE JUST APPROVED APPROVED
  • BUT I DO APPRECIATE YOU ALL ON THE LEADERSHIP KIND OF RALLYING AROUND IT AND MAKING SURE THAT WE ARE MAKING ALL THE RIGHT CORRECTIONS
  • THIS DOESN'T HAPPEN AGAIN
  • AND RUDY, I APPRECIATE YOUR COMMITMENT TO MAKING SURE IT DOESN'T SAY THAT WE'RE GOING TO HOLD YOU TO IT
  • RUDY, IT'S NOT HAPPENING AGAIN
  • RIGHT
  • YOU CAN DON'T MEAN DISRESPECT
  • IF I COULD JUST HAVE A MINUTE, PLEASE GO FOR IT
  • THANK YOU SO MUCH
  • AND IT'S RELATING TO THE GOOD COMMENT YOU MADE WITH REGARD TO BEING SENSITIVE, WITH REGARD TO BIAS
  • AND I JUST RESPECTFULLY SUGGEST THAT WE USE CAUTION WITH REGARD TO HOW WE APPROACH RECOMMENDATIONS
  • WE HAVE TO REHAB A PRIORITY HERE AT THE PORT OF SEATTLE WITH REGARD TO EQUITY, DIVERSITY, INCLUSION
  • YOU AYE SOLID LEADER, COMMISSIONER CHO, WITH REGARD TO ADDRESSING INSTITUTIONAL RACISM
  • I MEAN, I FEEL SO PROUD TO BE ALIGNED WITH YOU
  • AND THEN WHAT, COMMISSIONER MOHAMED AND HATHAY GALA STANFOR COMING IN
  • I FEEL SO PROUD TO BE A PERSON OF COLOR, TO BE AT THE PORT OF SEATTLE
  • AND THEN I CAN SPEAK FREELY AND I CAN AMPLIFY SOME THINGS THAT WE NEED TO BE AWARE OF, AND WE DON'T INTEND IT
  • BUT WE SAY THINGS AND THINGS IN REPORTS THAT REALLY NEED TO BE SENSITIVE WITH REGARD TO THE POINT IN TERMS OF THE LEVEL OF WORK THAT'S BEING DONE, IN TERMS OF FRAUD, IDENTIFICATION AND VETTING, THE ACH ACCOUNT CHANGES, IT IS REFERENCE TO THE ADMINISTRATIVE PROFESSIONALS
  • AND I KNOW IT'S NOT INTENDED, BUT WE CAN'T SAY IN A PUBLIC DOCUMENT THAT ADMINISTRATIVE PROFESSIONALS AREN'T CAPABLE OF DOING THIS WORK
  • WHAT YOU DO IS YOU PICK UP THE PHONE AND CALL THE VENDOR
  • DID YOU ASK FOR ACH CHANGE? YES OR NO? THAT IS NOT COMPLICATED WORK
  • AND I'VE RECEIVED A LOT OF COMMENTS BACK WITH REGARD TO THAT, WITH REGARD TO ADMINISTRATIVE PROFESSIONALS, BECAUSE I EVEN EXPERIENCED THE GREATNESS OF ADMINISTRATIVE PROFESSIONALS AT THE PORT OF SEATTLE, ESPECIALLY A TEAM MEMBER THAT I HAVE ON TEAM AFR CORE SERVICES, WHO'S THE ADMINISTRATIVE PROFESSIONAL
  • BUT WHAT IS SHE? SHE'S A KENMORE CITY COUNCIL MEMBER
  • ALL RIGHT
  • AND THEN SHE'S BEEN VOTED AS DEPUTY MAYOR
  • AND FOR US TO STAY ADMINISTRATIVE PROFESSIONALS CAN'T PICK UP THE PHONE AND CALL A SUPPLIER AND VALIDATE
  • I THINK IT'S JUST A DOLLAR DISRESPECT TO ADMINISTRATIVE PROFESSIONALS AT THE PORT OF SEATTLE
  • AND I JUST SUGGEST, PLEASE, THAT WE BE VERY CONSCIOUS ABOUT NOT BEING SUBCONSCIOUS BIAS AND BY DEFAULT, INSTITUTIONALIZING INPUTS OF BIAS
  • WE GOT TO BE VERY CAREFUL ABOUT MICROAGGRESSIONS UNINTENDED
  • WE'RE SIMPLY NOT INFORMED STATEMENTS MADE ANYTHING IN TERMS OF PUBLIC DOCUMENTS, BECAUSE AS WE CONCLUDE AUDITS AND REPORTS TO THE AUDIT COMMITTEE, IT'S BY FUNCTION THAT THE AUDIT COMMITTEE, AND THEREFORE REPRESENTING COMMISSIONER, SANCTIONED THESE REPORTS AS WELL AS THE SUBSTANCE
  • AND I JUST PLEASE YOU AYE LEADERS HERE THAT REALLY UNDERSTAND WHERE I'M COMING FROM
  • I FEEL VERY SAFE TO SPEAK UP
  • AND I AM
  • I'M NOT BEING CRITICAL
  • I'M JUST SAYING LET'S JUST DO BETTER
  • LET'S WORK TOGETHER TO BE BETTER
  • THANK YOU SO MUCH FOR THE OPPORTUNITY
  • THANKS, RUDY
  • I APPRECIATE YOUR COMMENTS AND YOUR WISDOM
  • YEAH
  • THANK YOU FOR SPEAKING UP ON IT
  • IT'S IMPORTANT
  • IT'S PART OF THE TRANSPARENCY THAT WE TALK ABOUT AND ENSURING THAT WE ARE GOOD STEWARDS OF PUBLIC DOLLARS, AND THAT IS ALSO ENSURING THAT WE'RE NOT BEING BIASED AND THAT WE SPEAK TRUTH TO POWER AT ANY POINT
  • AND SO IT'S IMPORTANT THAT WE'RE DOING THAT
  • SO I APPRECIATE YOU SAYING THAT
  • YEAH
  • ALTHOUGH TO MAKE SURE, I DO WANT TO POINT OUT, THE REPORT DOES NOT SINGLE OUT
  • IT JUST SAYS WHOEVER YOU PUT IN THAT ROLE, YOU NEED TO ENSURE THAT THEY HAVE THE RIGHT TRAINING
  • YEAH, I UNDERSTAND
  • BUT THE CHALLENGE IS THE PERSON IN THAT ROLE IS A WOMAN OF COLOR
  • ALRIGHT? AND WE JUST GOT TO BE CAREFUL
  • COURT KNOWS WHO WE'RE TALKING ABOUT
  • THANK YOU
  • THANK YOU ALL
  • HEARING NO FURTHER COMMENTS
  • IF IT'S OKAY WITH COMMISSIONER HOMICIDE, I'D LIKE TO FOREGO A BREAK
  • WE DON'T KNOW WE'RE SUPPOSED TO TAKE A BREAK BETWEEN PUBLIC AND PRIVATE, BUT IF YOU'RE GOOD, I'M GOOD
  • ANYONE ELSE IS GOOD
  • OKAY, GOOD
  • ALL RIGHT
  • SO HEARING NO FOR THE COMMENTS, WE WILL BREAK INTO THE NON PUBLIC PORTION OF OUR MEETING
  • THE TIME IS NOW 430 P
  • M
  • EXACTLY ON TIME TO DISCUSS TWO MATTERS RELATED TO SECURITY SENSITIVE INFORMATION
  • THE NON PUBLIC PORTION OF THE MEETING WILL LAST APPROXIMATELY 30 MINUTES AND THE MEETING WILL ADJOURN WITH NO FURTHER BUSINESS AFTER THAT TIME
  • PARTICIPANTS JOIN THE NON PUBLIC PORTION OF THE MEETING, PLEASE
  • PARTICIPANTS JOINING THE NON PUBLIC PORTION OF THE MEETING, PLEASE CLOSE OUT OF THIS MEETING LINK AND JOIN BEFORE 30 P
  • M
  • TEAMS MEETING INVITATION THE CURRENT AND TIME IS 04:30 P.M.
  • AND WE WILL SEE YOU IN THE NON PUBLIC SIDE DEAL
  • THANK YOU,

Limitations of Translatable Documents

PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.