1. Presentation

Port Audit Committee Slides

Financial Stewardship                    Accountability                       Transparency
Port of Seattle Audit Committee
Internal Audit Update
Glenn Fernandes - Director, Internal Audit

September 7, 2023
P69 Commission Chambers
9:00 AM – 11:00 AM

Operational Excellence                    Governance

          Department Overview        Item #4
Internal Audit, through an annual audit plan, provides assurance that
the Port’s controls are effective and efficient. The department facilitates
four public Audit Committee meetings per year and non-public Audit
Committee meetings as needed.
The department facilitates RCW required Independent Audits on General
Constructor/Construction Management (GC/CM) Projects and periodically
performs the required Payment Card Industry Audit.
The department provides advisory services to the Port, to the extent that it
does not compromise the department’s independence.
The department maintains its independence and objectivity by reporting
functionally to the Audit Committee and administratively to the
Executive Director.
2

      2024 Department Major Initiatives   Item #4
 Manage RCW Required Independent Audits for GC/CM Capital Projects.
 Enhance Concession Audit Program and increase volume.
 Standardize repetitious functions.
 Enhance usage of automation tools.
 Minimize impact to concessionaires.
 Develop a tracking and enforcement system to assure compliance with
the Equity Policy Directive including:
 Anti Human Trafficking Policies
 Potential Third-Party Code of Conduct

3

   Internal Audit Organization Structure         Item #4



4


2024 Budget Overview       Item #4
Note: Run report from AI and paste results here. To edit, double click on table or right click,
choose Worksheet Object, open Excel worksheet.
Internal Audit (2280)             2022             2023            2024        2023 to 2024    2023 to 2024
Line        Account Description            Budget           Budget          Budget     Budget Change $ Budget Change %
1  Salaries and Benefits        $   1,706,357          $   1,979,053  $   2,083,191  $    104,138         5.3%
2  Equipment Expense         $       2,749  $      4,063  $        563  $     (3,500)      (86.1%)
3  Supplies & Stock            $       1,000  $      1,000  $      1,000  $        -           0.0%
4  Outside Services            $     297,090  $    140,928         $     42,095  $     (98,833)      (70.1%)
5  Travel & Other Employee Exp $     27,695        $     52,261  $     52,287  $        26         0.0%
6  Promotional Expenses       $        -    $       -     $       -     $        -           0.0%
7  General Expenses           $       3,893  $        702  $        505  $       (197)      (28.1%)
8  Other Expenses            $       8,890  $      8,801  $      8,397  $       (404)       (4.6%)
9  Total Charges To Capital      $    (180,000)         $    (139,408) $       -     $    139,408      (100.0%)
Non-Payroll Subtotal      $      161,317  $      68,347  $    104,847          $      36,500          53.4%
Total              $   1,867,674            $   2,047,401  $   2,188,038  $     140,637           6.9%

5

                                                                                                            Item #4
New Budget Request
Operating &
Full Year 2024 Cash                                    Priority
Item #         Short Description          Maintenance                        Request Type   No. of FTEs
including Capital                                      (H/M/L)
Expenses
1    Outside Temp Services – Backfill         $40,000            $40,000   One-Time        0        Medium
for Staff on Maternity Leave
To ta l                                                                    $40,000                     $40,000                                   0





6

           (Capitalized) Outside Services      Item #4
GC/CM Audit Costs (Outside Services) are now directly capitalized to the projects and are not reflected
in the expense budget. Below is a summary of GC/CM Spend for informational purposes.
Estimated
Estimated Audit Spend
Project                    Construction                                      Project Timing
over Life of Project
Cost
Post IAF Airline Realignment                        $65 MM               $222,445 In Process Estimated completion 2027
C Concourse Expansion Project                  $49.2 MM              $304,000 In Process Estimated completion 2026
Main Terminal Low Voltage Project                 $55 MM                $73,555 In Process Estimated completion 2026
South Concourse Evolution                          $1 B               $900,000 Estimated 1st Qtr. 2024 - 2032
Primary Fire Station (Eastside)                       $15 MM                 $13,500 Estimated 3rd Qtr. 2023 - 2026
Industrial Wastewater Treatment Plant -            $92 MM                $82,800 Estimated 3rd Qtr. 2024 - 2029
Heavy Civil GC/CM
Baggage Optimization 3                         $300 MM              $270,000 Estimated 3rd Qtr. 2023 - 2027
Concourse HVAC Improvement                 $200 MM             $180,000 Estimated 2nd Qtr. 2025 - 2031
Renewal/Replacement Program (CHIRRP)
Terminal 25 Restoration (Heavy Civil GC/CM)  Not Available           Not Available Estimated 2025 - 2028
Main Terminal Improvement Program            $520 MM              $499,200 Estimated 4th Qtr. 2024 - 2034
To ta l         $2.296 B                     $2,545,500

7

           Open Issue Status – Aging Report as of August 23, 2023      Item #5


1. Eight issues outstanding for over one year from the Target Date consist of:
 Architecture & Engineering (2) - Fair and Reasonable Rate Determination and Management Review Over Max Rates: CPO-1, Port Policy for Consulting Services, was
updated to include a definition that aligns to the RCW 39.80.050, Procurement of Architectural and Engineering Services – Contract Negotiations. However, a specific
mark-up has not been defined. This appears to be on the agenda for the Procurement Council in September of 2023.
 Information Technology Audits (6) (Security Sensitive - Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session.): These are:
Closed Network System Security (1), Network Password Management (2), Secure Configuration for Hardware & Software on Mobile Devices, Laptops, Workstations and
Servers (2), and Continuous Vulnerability Management (1).
2. Three Information Technology issues do not have Target Dates and are not included in this chart. These issues are in the process of being addressed, however, they are more
than two years past the Report Date: Aviation Maintenance and Facilities & Infrastructure Data Centers (3).
See Appendix A for a detailed listing of outstanding issues, including: Report Finding, Issue Owners, and Current Status, as of August 23, 2023.

8

  Approved 2023 Audit Plan                           Item #6
Limited Contract Compliance                              Performance                                   Information Technology
•  Louis Dreyfus Company Washington LLC             •  Port-wide Payroll Controls                                        •  Email and Web Browser Protections (ICT and
•  Seattle Air Ventures, JV1                               •  Airport Parking Garage                                               Aviation Maintenance)4
•  ATZ, Inc. dba Doug Fox Parking                        •  Equity Policy Directive Compliance2                             •  Network Infrastructure Management (ICT)7
•  Social and Environmental Reporting                             •  Network Infrastructure Management (Aviation
•  Fishermen’s Terminal                                                 Maintenance)
•  Police Department3,4                                              •  Security Awareness and Skills Training
Capital
•   T-5 Berth Modernization
•   Supply Chain Disruption Management
•   C Concourse Expansion (Pre-construction) GC/CM5
•   Main Terminal Low Voltage System Upgrade GC/CM5
•   T-117 Sites 23-25 Restoration Construction Project
GC/CM5
•   Concourse A Building Expansion for Lounges/DELTA
TRA3
•   Post IAF Airline Realignment GC/CM Constructio5,6
1. Two separate audits were originally planned for different lease agreements; however, they were combined for administrative efficiency, due to substantially similar processes.
2. This audit is deferred to 2024. The policy was recently approved by the Commission, and it is too early to assess compliance with it.
3. This is a contingency audit per the Approved 2023 Audit Plan.
4. The audit name has changed to reflect the expanded audit scope.
5. RCW 39.10.385 requires an independent audit, paid for by the public body, to confirm the proper accrual of costs, for General Contractor/Construction Manager (GC/CM) projects. This audit work will be performed by
external, contract auditors through a multi-year, Indefinite Delivery, Indefinite Quantity (IDIQ) contract. Year-end status report will be provided at the December Audit Committee. Internal Audit will perform
continuous cost reviews of these projects, review areas that are not looked at by the contract auditors, and partner with the contract auditors as needed. Internal Audit will issue an audit report on areas covered.
6. Due to construction delays, this audit is deferred to 2024.
7. Due to resource constraints, this audit is deferred to 2024.

9

                                                                                                          Item #6
2023 AUDIT PLAN STATUS
Audit Title                                              Type               Jan   Feb  Mar  Apr  May  Jun   Jul   Aug  Sep   Oct  Nov  Dec
Port-wide Payroll Controls                                                     Performance
Airport Parking Garage                                                        Performance
Social and Environmental Reporting                                          Performance
Fishermen's Terminal                                                      Performance
Police Department1,2                                                      Performance
Supply Chain Disruption Management                                      Performance - Capital
Terminal 5 Berth Modernization Project                                       Performance - Capital
C Concourse Expansion (Pre-construction) GC/CM3                            Performance - Capital
Main Terminal Low Voltage System Upgrade GC/CM3                         Performance - Capital
T-117 Sites 23-25 Restoration Construction Project GC/CM3                      Performance - Capital
Concourse A Building Expansion for Lounges/DELTA TRA1                      Performance - Capital
Email and Web Browser Protections (ICT and Aviation Maintenance)2           IT
Network Infrastructure Management (Aviation Maintenance)                 IT
Security Awareness and Skills Training                                          IT
Louis Dreyfus Company Washington LLC                                     Contract Compliance
Seattle Air Ventures, JV 4                                                        Contract Compliance
ATZ, Inc. dba Doug Fox Parking                                                 Contract Compliance
Equity Policy Directive Compliance5                                           Performance
Post IAF Airline Realignment - GC/CM Construction3,5                          Performance - Capital
Network Infrastructure Management (ICT)5                                  IT
Complete
In Process
KEY
Not Started
Deferred to 2024
1. This is a contingency audit per the Approved 2023 Audit Plan.
2. The audit name has changed to reflect the expanded audit scope.
3. RCW 39.10.385 requires an independent audit, paid for by the public body, to confirm the proper accrual of costs, for General Contractor/Construction Manager (GC/CM) projects. This audit
work will be performed by external, contract auditors through a multi-year, Indefinite Delivery, Indefinite Quantity (IDIQ) contract. Year-end status report will be provided at the December
Audit Committee. Internal Audit will perform continuous cost reviews of these projects, review areas that are not looked at by the contract auditors, and also partner with the contract auditors
as needed. Internal Audit will issue an audit report on areas covered.
4. Two separate audits were originally planned for different lease agreements; however, they were combined for administrative efficiency, due to substantially similar processes.
5. This audit is deferred to 2024.

10

                                                                                                           Item #s 7, 8, and 12
Audits Completed in Third Quarter, 2023
1)  C Concourse Expansion Project (Pre-Construction) (Item #7)
2)  Main Terminal Low Voltage System Upgrade Project (Pre-Construction)
(Item #8)
3)  Louis Dreyfus Company Washington LLC (Item #12)



11

    C Concourse Expansion Project (Pre-Construction) Item #7
The Concourse C Expansion Project spans the C and D Concourses with
additional dining and retail, adding amenities such as an Interfaith Prayer and
Meditation room, a Nursing Suite, and an all-new, more than 20,000 square
foot Alaska Airlines Lounge.
The project will increase the existing 81,000 square foot building into a 226,530
square foot facility.
Turner Construction Company (Turner) was selected as the General
Constructor/Construction Manager (GC/CM) for this project in December 2020.
The pre-construction work started in December 2020 and is anticipated to be
completed in the fall of 2023.

12

    C Concourse Expansion Project (Pre-Construction) Item #7
The pre-construction contract total at the time of the report was approximately
$4.44 million, which included approximately $1.94 million in change orders.
RCW 39.10.385 requires an independent auditor to confirm the proper accrual
of costs for any alternatively selected subcontractors. R.L. Townsend &
Associates LLC, a nationally recognized, Construction Audit firm, was engaged to
perform this part of the work.
Our work focused on review of GC/CM expenses for accuracy and contract
compliance.
Additionally, we performed a “Labor Rate Analysis,” by looking at the build-up
of Labor Rates used in the contract.

13

                                                                                                           Item #7
1) Rating: Medium
The model that was used to determine billable rates for contractor’s
staff, utilized inputs that could result in paying higher than market
rates for labor.
There are generally two industry standard approaches an owner can take when approving
contractor rates: 1) using a Rate Tool or “market rate” analysis, which uses an in-house
model to price each position title, or 2) using a Cost-Plus approach, which includes
negotiating a profit margin and vetting the build-up of proposed rates.
CPO used a Rate Tool that integrates Market Survey Data, Port Historical Data, and Firm
Data, to negotiate rates for each position title.
Turner was paid the negotiated rate for each position, which was generated from the rate
tool.
Within the contract, Turner used a rate build-up for each position, which equaled the
negotiated rate.
14

      Issue Continued:
Attached to Contract
Negotiated Rate by
Internal Rate Tool                                                                        Turner’s Rate Build-up
Position/Individual

We looked at Turner’s Rate Build-up to identify anything that was incorrect, excessive, etc.
In essence, we performed a Cost-Plus Build-up, which we then compared to the Negotiated Rate.
We identified several items that would be questioned if a Cost-Plus method was employed, such as:
   Lack of detail on the build-up of “Base Cost.”
   Benefits charged in Turner’s model included items that are often not allowed. For example:
End of Year Premium Pay                      Bonuses/Staff Retention
Tuition Reimbursement                       Employee Assistance Programs
   General Liability Insurance rate of 1.2% vs Industry Standard Range of 0.50 % - 0.75%.
   A Virtual Design and Construction rate of between $5 and $75 per hour. After discussions with
Turner, they indicated that these rates should be $6.14.
   “B&O tax” percentage of 2.5% vs Washington State Construction B&O rate of 0.471%.

15

                                                                                                           Item #7
Issue Continued:
 Upon a recalculation of adjusted rates with the information provided by Turner, we determined
that, if a Cost-Plus methodology had been employed, the billed cost to the Port could have
been between approximately $160,316 and $257,974 less than the rates generated from the
Port’s rate tool, dependent on the negotiated fee with the contractor.
Additionally:
 The Agreement language on allowable billable rate build-up was vague, which increased the
risk of rate components being included that normally would not be or, included in multiple
areas.
 Examples include: the Agreement stated in part, “The hourly labor rates cover the GC/CM's
direct and indirect costs or expenses…. including but not limited to..." Additionally, it allowed
for the inclusion of "home office overhead and profit" without specifying further details,
leading to a broad interpretation of allowable items.


16

                                                                                                           Item #7
Recommendations
1. CPO should either modify the inputs to the current rate tool or
employ a Cost-Plus approach.
2. CPO should work with Legal to strengthen preconstruction services
agreement language to help decrease the possibility of
misinterpretation.



17

        2) Rating: Medium                                                                            Item #7
The Port’s oversight process and documentation could be improved to support
justifications for approving rates above the Market Maximum, and collaboration
with other departments or teams.
 We reviewed CPO’s “market rate” analysis process and noted some of Turner’s staff members
were not subject to negotiation, nor was any documented evidence of the negotiation found. The
total that was billed so far to the project for these staff members was $1.34 million.
 We observed instances where certain Turner employees were approved rates that exceeded the
Market Maximum allowed rate for their respective titles. CPO explained that such approvals over
the maximum were permissible, in certain cases, if the contractor provided documentation
justifying the higher rate, and the rate was within the Port’s Historical Maximum. However, no
records were maintained.
 Reasons cited for the absence of documentation was that the rate analyst, responsible for
approving these rates, was no longer employed by the Port.
 Based on our review, we were unable to ascertain whether rates for all Turner staff members were
subject to negotiation or if the approval of higher rates (above the Market Maximum) was
adequately supported.
18

                                                                                                           Item #7
Recommendations
1. CPO should establish a comprehensive documentation process, and
clear guidelines for negotiations and approvals of rates for
contractor staff. This includes maintaining records of negotiations,
justifications for rates above the Market Maximum, and
collaboration with other departments or teams.



19

                                                                                                           Item #7
Management Response – Issue 1
Management does not concur with the finding.
Port negotiated fair and reasonable billing rates, and the review of
cost information did not account for risk and contract administration.
Potential savings from cost reimbursement contracts were
miscalculated.

DUE DATE: 12/31/2023      Management will discuss in detail. (Full response in Audit Report No. 2023-09)

20

                                                                                                           Item #7
Management Response – Issue 2
Port did conduct negotiations of all contract rates, and we
believes the negotiations were documented appropriately. We
will take the opportunity to review our process, guidance
documents, and record retention.


DUE DATE: 12/31/2023    Management will discuss in detail. (Full response in Audit Report No. 2023-09)

21

        3) Rating: Medium                                                                            Item #7
We identified opportunities for Port Management to strengthen controls during the pay
application review process. Additionally, we identified several instances where there has
been a lack of adherence to the stipulated Agreement. These observations highlight
opportunities to enhance oversight and assure compliance with contractual
requirements.
 Review process: We reviewed Pay Applications (PA) 1-27 and noted instances where supporting documentation was not
present, and/or contract requirements were not followed. Examples included:
 After PA 11, timesheets were not submitted. Upon inquiry, Port Management confirmed that they had given the
direction to discontinue the practice due to excessive workload involved.
 Our test of billed hours determined that the Port had been overbilled $997.05. Turner indicated that they would
make the adjustment on the May 2023 PA. We verified that there was an adjustment on PA 29.
 A total of $924,039 in forecasted payments were spread across 27 pay applications, resulting in an average monthly
payment of $34,224. There was no dedicated review process in place to ensure the completion of services and
subsequent reimbursement to the Port for these forecasted prepayments. We noted that, while Washington State
Law does not explicitly prohibit prepayments, the Agreement only allowed reimbursements of actual incurred costs.
 Personnel and staff changes occurred during the pre-construction phase, and Port Management failed to provide
the necessary support stipulated in the contract for certain changes. These individuals worked hours totaling around
$190,000, without verification from the Port. To validate the cost reasonableness, we directly sought support from
Turner, who supplied agreed-upon rates for most of these individuals.
22

                                                                                                           Item #7
Recommendations
1. Maintain timesheets for everyone to track the days worked, with
careful verification of hours and rates during the Pay Application
review process.
2. Follow existing Standard Operating Procedures to pay for services
rendered.
3. Maintain supporting documentation of Port Management approval
for all key personnel changes. For any staff change including key or
supplemental staff, there should be support provided for a
negotiated agreed upon rate.

23

                                                                                                           Item #7
Management Response
Engineering Construction Management agrees with these
recommendations and will continue to train staff to improve
compliance with existing requirements. Additionally, Engineering
Construction Management will ensure Standing Operating
Procedures thoroughly capture GC/CM specific procedures.


DUE DATE: 12/31/2023     Management will discuss in detail. (Full response in Audit Report No. 2023-09)

24

     Main Terminal Low Voltage System Upgrade Project               Item #8
(Pre-Construction)
General Contractor/Construction Manager (GC/CM) contract was executed on August 9,
2019, with M.A. Mortenson.
Initial Not-to-Exceed amount was $1.5 million but was expected to increase since design
was less than 30% complete.
In August of 2021, an additional $1.5 million was authorized to fund the remainder of the
Pre-Construction services, bringing the total budget to $3 million.
Pre-Construction was completed in November 2022 with an anticipated construction
completion in early 2026.
Total budgeted cost is approximately $120 million, with a 7% Women-Owned and
Minority-Owned Business Enterprise aspirational goal.
Areas reviewed:
 Change Orders - No deficiencies noted.
 Pay Applications - Recommendations for improvement noted.
 Contingency - Recommendations for improvement noted.
25

        1) Rating: Medium                                                                            Item #8
We identified opportunities for Engineering Construction Management to
strengthen controls during the pay application review process. Additionally,
supporting documentation to show compliance with the Port’s Standard Operating
Procedure 40.08, State law, and the Contract, was not always maintained.
Non-labor costs totaling $1,223 were overpaid for expenses identified in the contract as
non-reimbursable costs (including security badges, delivery services and parking).
Timesheets were not submitted by the GC/CM as required. Our review identified a total of
$7,387 in overpayments.
Documentation of approval for a Key Personnel change (Project Manager) was not
maintained, as required by the contract.
The Contingency budget and Other Stipulated Direct Costs budget were used for expenses
related to completing pre-construction areas, not for expenses outlined in the contract and
change order. Additionally, the Port’s approval for using these budgets was not maintained.

26

   Recommendations                          Item #8
Construction Management should:
1.  Review overpayments identified in the audit and collect overpayment from
the GC/CM, as appropriate.
2.  Assure compliance with Standard Operating Procedure 40.08, the Washington
State Auditor’s Budgeting, Accounting and Reporting System (BARS) GAAP
Manual 3.1.4.10/RCW 43.09.200, and the Contract, by requiring the GC/CM to
submit all required documentation to support transactions. For example,
timesheets should be obtained as supporting documentation for the Pay
Applications.
3.  Maintain supporting documentation of Port management approval for all key
personnel changes. For any staff changes, including key or supplemental staff,
there should be support provided for a negotiated agreed upon rate.
27

   Management Response                      Item #8
1.  Engineering Construction Management will review the identified
overpayments and collect reimbursement as appropriate.
2.  Engineering Construction Management, in collaboration with Central
Procurement Office (CPO), and AV/Waterfront Project Management, will
review documentation requirements for GC/CM preconstruction services
contracts and ensure all SOPs contain GC/CM specific procedures.
3.  Engineering Construction Management agrees with the recommendation and
will continue to train staff to improve compliance with these existing
requirements.
DUE DATE: 12/31/2023        Management will discuss in detail. (Full response in Audit Report No. 2023-10)

28

                                                                                                            Item #12
Louis Dreyfus Company Washington LLC (Louis Dreyfus)
As a company, it has had an active presence in the US since 1909 and is involved
in diverse industries worldwide.
Top exporter of various agricultural commodities, such as cotton, soybeans,
wheat and corn.
Operator of the Port’s Grain Facility at Terminal 86.
Terminal is a completely automated grain facility, which assures quick and
efficient movement of commodities from trucks and/or rail cars to silos and
ships’ holds.
Total storage capacity is approximately 4 million bushels (101,000 metric tons)
WA State Department of Agriculture is responsible for the independent
certification of grain quality and quantity.

29

                                                                                                            Item #12
Louis Dreyfus Company Washington LLC (Louis Dreyfus)
 Breakdown of commodities exported during audit period:

Commodity                   Year
(in Metric Tons)      2020           2021           2022
Yellow Corn       1,240,437      1,904,159                1,859,757
Soybeans        2,751,841      1,485,865               1,870,459
Grain Sorghum      247,526               467,779        660,395
Total            4,239,804       3,857,803       4,390,611


30

                                                                                                            Item #12
Louis Dreyfus Company Washington LLC (Louis Dreyfus)
Lease agreement between Louis Dreyfus and the Port was signed in November
2014, allowing Louis Dreyfus to operate the Terminal.
Monthly payment consists of base rent and a concession fee (tonnage rent fee)
based on loaded ship tonnage.
The table below reflects the yearly base rent and tonnage rent during the audit
period:
Year   Tonnage Rent     Base Rent          Total
2020   $    4,273,743           $   1,097,511          $    5,371,254 
2021   $    5,451,248           $   1,082,405          $    6,533,652 
2022   $    5,077,095           $   1,085,105          $    6,162,200 
Total   $   14,802,086             $   3,265,021           $   18,067,106 


31

                                                                                                            Item #12
No Issues
Internal Audit concluded that Louis Dreyfus materially complied
with the significant terms of the Agreement.




32

                  Appendix
A – Aging of Outstanding Issues as of August 23, 2023



33

      Appendix A – Aging of Outstanding Issues as of August 23, 2023
Performance, Capital, Information Technology, and Limited Contract Compliance Audits
Days Outstanding  Days Outstanding
Audit Type                  Audit                   Rating    Report Date    Target Date  (from Report Date) (from Target Date)         Issue Owner                          Report Finding                     Current Status from Management as of 8/23/2023
IT         AVM/Facility & Infrastructure Data Centers          High       12/4/2018 No date supplied            1723            N/A Director, Aviation Security        Physical Access to Facilities                          F&I Response: There is a project to add card readers to
All rooms in our sample were protected with varying levels of  communications room doors in the passenger terminal areas.
restricted access. Some were well protected, allowing few    The project is scheduled to be at physical completion in Q2
individuals access, while others allowed access to hundreds of 2025.
people with no legitimate business need.
IT         AVM/Facility & Infrastructure Data Centers          High       12/4/2018 No date supplied            1723            N/A Director, Aviation Security        Protection Against Environmental Factors                F&I Response: Project U00494 replacing water-based
Facilities should be protected against fire and water damage.  sprinklers with clean-agent fire suppression in 6 critical
In our sample of 31 rooms, 35% of the rooms did not have fire communications rooms (MDR 1, MDR 2, MDR 3, MER/ES,
suppression capability and 55% did not have fire           MER/VD, CER) has anticipated Substantial Completion date of
extinguishers. Four rooms had Halon fire extinguishers which  Q2 2026. Alternatives to Halon clean-agent fire suppression
are ozone-depleting and do not support the Port’s value for   have been investigated, but major drawbacks exist (e.g. PFAS,
being a responsible steward of the environment.           asphyxiation from CO2, large space requirements). Water
Mist per NFPA 750 may be a promising solution. No update on
other rooms nor fire extinguishers. More discussion is needed
regarding fire rating of communications room doors.
Performance Architecture & Engineering                      High       12/9/2019     6/30/2020            1353           1149 Director, Central Procurement     CPO had not established guidelines for what is determined fair CPO-1, Port Policy for Consulting Services, was updated to
Office                      and reasonable. Our testing of over 400 A&E consultants     include a definition that aligns to the RCW 39.80.050,
identified many instances where profit markups exceed what  Procurement of Architectural and Engineering Services –
the industry deemed reasonable.                      Contract Negotiations. However, a specific mark-up has not
been defined. This appears to be on the agenda for the
Procurement Council in September of 2023.
Performance Architecture & Engineering                      High       12/9/2019     6/30/2020            1353           1149 Director, Central Procurement     Management approval was not required when hourly rates    CPO-1, Port Policy for Consulting Services, was updated to
Office                      exceeded the maximum rates produced by the service rate    include a definition that aligns to the RCW 39.80.050,
negotiation tool / model.                            Procurement of Architectural and Engineering Services –
Contract Negotiations. However, a specific mark-up has not
been defined. This appears to be on the agenda for the
Procurement Council in September of 2023.
IT         Security Awareness and Skills Training              High       3/23/2023      6/1/2023            153             83 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session

34

      Appendix A – Aging of Outstanding Issues as of August 23, 2023
Performance, Capital, Information Technology, and Limited Contract Compliance Audits
Days Outstanding  Days Outstanding
Audit Type                  Audit                   Rating    Report Date    Target Date  (from Report Date) (from Target Date)         Issue Owner                          Report Finding                     Current Status from Management as of 8/23/2023
Performance Port-wide Payroll Controls                       High       6/14/2023    12/31/2023             70            -130 Director, Aviation Maintenance    The Maximo System used by the Aviation Maintenance      Work-in-Progress: AVM is changing work processes in
Department (AVM) had generated semi-annual, preventive    Maximo for appropriate work tracking. AVM will be
maintenance work orders for certain retired assets, requiring  performing a gap assessment with the asset management
maintenance staff to spend up to 3 hours for each          vendors to define processes, which will close the gap that
unnecessary work order over 10 years.                  was defined in the audit processes. Some of that work is done
in 2023 and more in 2024 to codify the onboarding and
disposal process. AVM has several systems and processes
that have to be coordinated across multiple groups at the
Port: AVM, AV Facilities & Infrastructure, AV Program
Management Group, and Engineering/Construction
Management, and Port Construction Services.
IT         AVM/Facility & Infrastructure Data Centers         Medium      12/4/2018 No date supplied            1723            N/A Director, Aviation Security        Physical Facilities Management                       F&I Response: No change in status from previous quarter -
In our sample of 31 rooms, we noted that 52% of the rooms   Project scope is being reviewed by F&I managers prior to
had equipment on the racks that was not properly secured,    submittal.
and that 16% of equipment racks (while securely bolted to the
floors) lacked seismic bracing.
IT         Closed Network Systems Security                Medium       9/5/2019     6/30/2020            1448           1149 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Inventory and Control of Hardware Assets          Medium     11/12/2019     6/30/2023            1380             54 Chief Information Officer              Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Network Password Management                Medium      3/20/2020    12/31/2020            1251            965 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Network Password Management                Medium      3/20/2020     9/30/2020            1251           1057 Chief Information Officer              Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Secure Configuration for Hardware and Software     Medium      8/21/2020    12/31/2021            1097            600 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Secure Configuration for Hardware and Software     Medium      8/21/2020    12/31/2021            1097            600 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
on Mobile Devices, Laptops, Workstations and                                                                     Chief Information Officer
IT         Continuous Vulnerability Management            Medium     11/29/2021     6/30/2022            632            419 Director, Aviation Maintenance         Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session


35

      Appendix A – Aging of Outstanding Issues as of August 23, 2023
Performance, Capital, Information Technology, and Limited Contract Compliance Audits

Days Outstanding  Days Outstanding
Audit Type                  Audit                   Rating    Report Date    Target Date  (from Report Date) (from Target Date)         Issue Owner                          Report Finding                     Current Status from Management as of 8/23/2023
IT         Account Management - ICT                    Medium      3/15/2022      6/1/2023            526             83 Chief Information Officer              Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Audit Log Management - Aviation Maintenance      Medium       6/2/2022    12/31/2022            447            235 Director, Aviation Maintenance         Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
Contract    The Hertz Corporation                        Medium       6/3/2022    12/31/2022            446            235 Director, Aviation Commercial     Hertz’s systems and records were unable to clearly discern    Aviation Commercial Management continues to be in contact
Compliance                                                                                                         Management                 which customers were eligible to receive a CFC waiver.      with Hertz and Avis.
Internal Audit identified 3,081 rental tickets, totaling
approximately $173,000, where the CFC was not charged and
remitted. Hertz asserted that approximately $164,000 were
insurance replacement rentals and therefore allowable
exclusions.
IT         T2 Airport Garage Parking System Replacement      Medium     11/11/2022      6/2/2023            285             82 Chief Information Officer              Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
Chief Information Security Officer
Performance Fishermen's Terminal                        Medium      3/20/2023     3/31/2024            156            -221 Director, Maritime Operations and  Billing and collection procedures at Fishermen’s Terminal were A request for an additional FTE to strengthen segregation of
Security                     informal and internal controls needed to be strengthened. We duties was submitted and pending budget approval.
identified underbilling of revenue and a sizable accounts
receivables balance primarily managed by one individual.
IT         Security Awareness and Skills Training            Medium      3/23/2023      6/1/2023            153             83 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
IT         Security Awareness and Skills Training            Medium      3/23/2023      6/1/2023            153             83 Chief Information Security Officer        Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
Chief Information Officer
Performance Port-wide Payroll Controls                     Medium      6/14/2023     1/31/2024             70            -161 Chief Information Officer              Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session
Performance Social and Environmental Reporting              Medium      6/20/2023    12/31/2023             64            -130 Director, Diversity in Contracting   The Diversity in Contracting 2022 Annual Report contained    Report was issued, 6/20/2023. No update required at this
duplicate WMBE firms. This highlights the need to perform    time.
validation procedures (internal controls) so that duplicates can
be identified and removed.


36



Limitations of Translatable Documents

PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.