11a. Presentation
2022 Internal Audit Annual Report
Financial Stewardship Accountability Transparency Item No. 11a supp Meeting Date: January 24, 2023 2022 Internal Audit Annual Report Glenn Fernandes - Director, Internal Audit January 24, 2023 AOB Conference Center 12:00 PM – 5:00 PM Operational Excellence Governance 2022 Audit Committee Commissioner Sam Cho, Committee Chair Commissioner Hamdi Mohamed, Committee Member Sarah Holmstrom, Committee Public Member 2 About Internal Audit Internal Audit conducts independent, objective, risk-based audits of the Port’s operations, technology, activities and vendors. Our audits add value by helping the Port achieve its mission and contribute to: financial stewardship, accountability, transparency, governance, and operational excellence. Internal Audit derives its authority from the Port Commission. The Director is a dual report, who reports functionally to the Audit Committee and administratively to the Executive Director. 3 ■ Combined Assurance to Break Down Silos: The governing body, management, andinternalaudit have their distinct responsibilities, but all activities need to be aligned with the objectives and collectively grow the value of the organization. ■ Beyond the Three Lines Model: Today’s environment of risk bedlam requires us to go a step further. Collaboration is a business imperative and a platform we can use to generate even greater enterprise value. Source: The Institute of Internal Auditors, THE IIA’S THREE LINES MODEL – An Update of the Three Lines of Defense, published in July 2020. 4 The Association of Local Government Auditors Certificate of Compliance Port of Seattle Internal Audit Recognizing that the organization’s internal quality control system was suitably designed and operating effectively to provide reasonable assurance of compliance with Government Auditing Standards and the International Standards for the Professional Practice of Internal Auditing for assurance and consulting engagements during the period November 1, 2018 through October 31, 2021. Crvive STohes Corrie Stokes ALGA Peer Review Committee Chair 5 17 Audits Completed in 2022 Limited Contract Compliance Performance Information Technology • In-Ter-Space Services, Inc. DBA Clear • Payroll Controls1 • T2 Airport Garage Parking System Channel Airports • Emergency Procurement Replacement • Avis Budget Car Rental LLC • Federal Grant Administration – Aviation • Account Management (ICT) • The Hertz Corporation Division • Account Management (Aviation • South King County Community Impact Fund2 Maintenance) • ACH Payment Fraud3 • Audit Log Management (ICT) • Audit Log Management (Aviation Capital Maintenance) • International Arrivals Facility (IAF) • Security Incident Response Management • Interim Westside Fire Station (ICT & Aviation Maintenance) 5 • North Satellite Renovation & Expansion Project (NSAT) • South Satellite Infrastructure Upgrade Project (SSAT) • Post IAF Airline Realignment4 • C-1 Building Expansion Construction Phase4 • Main Terminal Low Voltage4 1. Per the audit client’s request, this audit has been deferred to the 2023 Audit Plan. 2. The original audit title, “Community and Sustainability Initiatives,” per the 2022 Audit Plan, was updated as the audit scope was further refined. 3. This audit was added to respond to a known fraud that had occurred and to mitigate future fraud risk. 4. RCW 39.10.385 requires an independent audit, to confirm the proper accrual of costs, for General Contractor/Construction Manager (GC/CM) projects. This audit work is performed by external, contract auditors through a multi-year, Indefinite Delivery, Indefinite Quantity (IDIQ) contract. The work is ongoing. 5. Two separate audits were originally planned for ICT and Aviation Maintenance; however, they were combined for efficiency, due to substantially similar processes. 6 2022 Audit Plan Update The 17 completed Audits identified 4 High Risk, 19 Medium Risk, and 3 Low Risk rated issues for management action. The audits included a construction audit of the International Arrivals Facility that was performed jointly with HPM, LLC. This audit report is in draft form and will be finalized for the April 2023 Audit Committee meeting. Adapted workplan and recommended improvements to control weaknesses, when Port was hit with the ACH Fraud. [Audit reports can be found at https://www.portseattle.org/page/internal-audit-reports.] 7 Information Technology Audits Information Technology Audits are generally security sensitive and are discussed in non-public sessions. Six audits were completed in 2022. Foundational Information Technology Controls – Center for Internet Security (CIS) – 18 Key Audits Ongoing efforts to perform CIS audits to help assure the Port has a solid foundation of information technology controls. We completed 5 CIS related Audits in 2022; over the four years, we have completed 9 of 18 key CIS audits. 1 8 Limited Contract Compliance Audits Self reported revenue from concessionaires and rental car companies. Audits focus on compliance with lease agreement terms. Three audits performed in 2022: 1) In-Ter-Space Services, Inc. DBA Clean Channel Airports 2) Avis Budget Car Rental LLC 3) The Hertz Corporation # of Audits That Had Findings Under-reported Revenue (CFC)* Due to Port 2 $11,826 $11,826 * Customer Facility Charge 9 Highlighted Performance Audits 1) ACH Payment Fraud 2) South King County Community Impact Fund 10 Performance - ACH Payment Fraud Internal Audit (IA) completed a targeted audit of the processes that contributed to eight payments totaling $572,682, being wired into fraudulent bank accounts. The payments were for the Port of Seattle’s (Port’s) Opportunity Youth Initiative and were intended for the Seattle Parks Foundation (Seattle Parks) and the Urban League of Metropolitan Seattle (Urban League). The purpose of the audit was to identify the control breakdowns that allowed the fraud to occur and to recommend ways to reduce the likelihood of future misappropriations. The criminal aspect of this case was led by Port Police, but subsequently handed off to a Homeland Security task force. 11 Recovery Seattle Parks Foundation Urban League Funds wired to fraudulent accounts: Funds wired to fraudulent accounts: $184,675 ($48,997 returned – Account $388,007 ($307,523 Funds frozen and returned Closed) by Citibank) Initial Net Loss $135,678 Net Loss $80,485 Crime Insurance Recovery $110,678 Crime Insurance Recovery $ 55,485 Loss to Port (Deductible) $ 25,000 Loss to Port (Deductible) $ 25,000 12 Fraud Overview Seattle Parks Foundation Urban League • Falisha Kurji – Coordinator • Latonya Stuckey, A/P Specialist • Email compromised • Email compromised o Funds wired to fraudulent accounts o Funds wired to fraudulent accounts $184,675.02 ($48,997.39 returned) $388,007.38 Spoofed Domain names copied and used as Spoofed Domain names copied and used as bait: bait: Michelle@SeattlePraksFoundation.org mcamara@urbanIeague.org (“Parks” changed to “Praks”) jdelapena@urbanIeague.org Michelle Benetua – Director of Strategic alawton@urbanIeague.org Partnerships and Programs (lower case “l” changed to upper case “I”) 13 58 Users AFR Core Services (three employees): = Manager = Records Management Specialist Procedure failure/not Be = Administrative Professional occurring as intended. Procedure requires Be Add/Modify Vendor staff to validate gill - changes before Information; including Approve Vendor Changes approving banking information “Be Denied Approved RYT No validation of information notified of Changes live in denial Peoplesoft 14 Performance - South King County Community Impact Fund South King County Fund In 2019, the Port pledged $10 million, funded over a five-year period, to provide environmental benefits to near airport communities impacted by airport noise. South King County Community Impact Fund (SKCCIF) In November 2021, the name was changed to the SKCCIF and aims to develop equity-based partnerships and to provide resources and support in historically underserved, ethnically, and culturally diverse near-airport communities. Aligned to Port Mission To promote economic opportunities and quality of life in the region by advancing job creation in an equitable, accountable, and environmentally responsible manner. [See Appendix A for additional Program information.] 15 1) Rating: Medium Approvals were not always documented, expense reimbursements were not always supported with receipts, and expenses sometimes exceeded thresholds allowable by the contract. Although the financial impact is relatively small, these exceptions could be considered non-compliance with contract terms. Twenty-five percent (25%), or 25 of 99 invoices did not have a documented approval. Expense reimbursements sometimes exceeded contract thresholds. [See Appendix B for details.] 16 Recommendations Maintain documentation to evidence approval. Broaden contract reimbursement requirements. Granularity of contract language impacts efficiencies Grass roots organizations/limited resources More time for stakeholder partnerships/community engagement Status: Report was just issued. Management action target completion by 6/30/2023. 17 2023 Audit Strategy Stay independent and objective. Enhance processes, by viewing work through an “equity lens.” Streamline existing concession audit processes. Continue to focus on Capital Delivery (Financial, Quality, and Schedule). Continue to focus on the 18 “Center for Internet Security” audits that will provide the groundwork for well-established cybersecurity controls. 18 Appendix A - South King County Community Impact Fund (Additional Program Information) Environmental Program is governed by RCW 35.21.278 Contracts with community service organizations for public improvement. Contract values and reimbursements from January 1, 2021 – June 30, 2022: Organization Contract Value 2021 2022 Bridging Cultural Gaps $19,974 $14,050 $0 Tilth 14,800 5,535 9,265 Friends of Normandy Park 11,163 4,867 4,474 Federal Way Korean American Association 20,000 0 0 Multicultural Self-Sufficiency Movement 9,000 0 0 Puget Soundkeeper Alliance 10,902 0 0 Bhutanese Community Resource Center 13,488 6,500 0 Summer Search (Congolese Basketball Team) 19,000 0 3,075 Summer Search (Expanding Environmental Justice) 19,990 0 0 Partner in Employment 19,977 0 19,977 $158,294 $30,952 $36,791 19 Appendix A - South King County Community Impact Fund (Additional Program Information) (continued) Economic Recovery Program is governed by RCW 53.08.245 Economic development programs authorized - job training and education. Contract values and reimbursements from January 1, 2021 – June 30, 2022: Organization Contract Value 2021 2022 African Chamber of Commerce PNW $100,000 $21,539 $70,128 African Community Housing and Development 99,903 61,000 38,903 Asian Counseling and Referral Service 70,000 35,500 28,250 Business Ending Slavery and Trafficking (BEST) 100,000 61,800 15,162 Cares of Washington 91,160 77,387 13,773 Chief Seattle Club 100,000 57,500 42,500 El Centro de la Raza 99,985 75,000 24,985 Highline College Foundation 90,839 5,750 43,250 Partner in Employment 100,000 79,375 20,625 Washington Maritime Blue 99,995 99,995 0 $951,882 $574,846 $297,576 [Note: Numbers are rounded to the nearest dollar.] 20 Appendix B - South King County Community Impact Fund (Audit Issue Details - Expense Reimbursements Exceeding Contract Thresholds) Organization Contract Description Reimbursement ($) Amount not allowed ($) Description of Reimbursement Summer Search Refreshments $31.25 / event X 32 events = $1,000 97.04 65.79 13 Coins - Brainstorming Dinner Refreshments $31.25 / event X 32 events = $1,000 135.84 104.59 Buffalo Wild Wings - Park Cleaning Event Refreshments $31.25 / event X 32 events = $1,000 38.04 6.79 McDonalds - Park Cleaning Event Refreshments $31.25 / event X 32 events = $1,000 211.39 173.35 Taste of Congo - Park Cleaning Event Refreshments $31.25 / event X 32 events = $1,000 40.24 8.99 Jack in the Box - Park Cleaning Event Refreshments $31.25 / event X 32 events = $1,000 37.89 6.64 Target - Refreshments Refreshments $31.25 / event X 32 events = $1,000 94.69 63.44 Taste of Congo - Park Cleaning Event Partner in Employment Crew Lead $25 * 360 hours = $9,000 9,352.50 352.50 Staff / Contractor Time Youth Stipend $1,000 * 5 youths = $5,000 9,826.00 4,826.00 Volunteer Support Highline College Foundation Class Roster of Enrolled Participants in RiVET, AutoCAD or 32,000.00 12,470.00 Class Roster Civil3D courses ($19,530) Friends of Normandy Park 2 weed wrenches X $10.25 = $20.50 79.24 58.74 Weed Wrench 20 gloves X $1 = $20 187.24 167.24 Gardening Gloves Refreshments $35 / event X $6 events - $210 39.53 4.53 Starbucks Coffee Refreshments $35 / event X $6 events - $210 39.53 4.53 Starbucks Coffee Bhutanese Community Resource Center 1 Hand Washing Station X $70 = $70 79.18 9.18 Handwashing Station 25 boxes garbage bags X $20 = $500 523.76 23.76 Garbage Bags 25 compost bins X $46 = $1,150 1,277.10 127.10 Compost Bins Tilth Staff Training / Volunteer Coordination $30 X 260 hours = $7,800 7,923.70 123.70 Staff Support Guest Instructor Stipend $250 X 4 speakers = $1,000 1,700.00 700.00 Guest Instructors Project Supplies $3,000 3,526.30 526.30 Project Supplies Bridging Cultural Gaps Plants $500 1,800.00 1,300.00 Plants 21
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.