Attachment Ramp Ins for Audit Meeting held Oct 06, 2015 1:00PM at Pier 69

Ramp Ins

INTERNAL AUDIT REPORT

AIRPORT OPERATIONSRAMP/AIRFIELD INSURANCE PROGRAM

LIMITED OPERATIONAL AUDIT

January 1, 2014 August 31, 2015

ISSUE DATE: October 6, 2015
REPORT NO. 2015-10

EXECUTIVE SUMMARY

AUDIT OBJECTIVES AND SCOPE

The Port of Seattle has established requirements for driving onto the airfield or Air Operation Areas
(AOA). The AOA is an area "enclosed by the Airport security fence, including ramps, aprons, runways,
taxiways, gate positions, airport parking areas, and FAA facilities." Vehicles driving onto the airfield
are required to show evidence of general and auto liability insurance.
The purpose of this audit was to determine whether Port management controls are adequate and
sufficient to ensure:
1. Effective monitoring of the insurance requirements for all vehicles or motorized equipment
accessing the airfield.
2. Compliance with Port policy (Sections of 6E. of Seattle-Tacoma International Airport Schedule of
Rules and Regulations No. 5) and procedure (Ramp Insurance requirements).
We reviewed information for the period January 1, 2014 August 31, 2015. Details of the audit scope
and methodology are on page two.

BACKGROUND
The Port of Seattle Airport Schedule of Rules and Regulations is the Commission policy governing many
aspects of airport operations, including eligibility and insurance requirements for all motor vehicles
and equipment accessing the AOA.
The Airport Operations Department within the Aviation Division is responsible for monitoring the
Aviation Ramp Insurance Program.
On average, over 1,800 individual vehicles access the AOA daily. A large part of this traffic is
attributable to multiple trips by in-flight meal catering companies. The rest of the traffic consists of
vehicles from federal agencies, ground handlers and contractors, tenants, vendors, and concessionaire
deliveries. Vehicles entering the airfield may be from companies that have a direct contract with the
Port or from companies that do not contract with the Port directly.

AUDIT RESULT
Port Management controls are inadequate to mitigate risks related to uninsured vehicles and/or
vehicles without proper insurance accessing Sea-Tac airfield. Further, Port management does not have
a comprehensive and effective process to verify insurance compliance for activity on the airfield. See
discussion in Finding 1 of the Schedule of Findings.

TABLE OF CONTENTS

EXECUTIVE SUMMARY................................................................................................................................................. i
I. TRANSMITTAL LETTER ................................................................................................................................... 1
II. BACKGROUND ................................................................................................................................................ 2
III. AUDIT SCOPE AND METHODOLOGY ............................................................................................................. 2
IV. CONCLUSION.................................................................................................................................................. 4
V. SCHEDULE OF FINDINGS AND RECOMMENDATIONS ................................................................................ 5
1. .. PORT MANAGEMENT RAMP INSURANCE CONTROLS ARE INADEQUATE TO MITIGATE THE RISK OF
UNINSURED OR UNDERINSURED VEHICLES ACCCESSING THE AIRFILED .................................................. 5

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015

TRANSMITTAL LETTER
Audit Committee
Port of Seattle
Seattle, Washington

We have completed an audit of the Aviation Ramp Insurance Program. We reviewed information for the
period of January 1, 2014 August 31, 2015.
We conducted this performance audit in accordance with Generally Accepted Government Auditing
Standards and the International Standards for the Professional Practice of Internal Auditing. Those
standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to
provide a reasonable basis of our findings and conclusions based on our audit objectives. We believe
that the evidence obtained provides a reasonable basis for our findings and conclusions based on our
audit objectives.
We extend our appreciation to the management and staff of AV Operations, AV Business Development,
AV Security, Risk Management, AV Resident Engineering, CPO/Construction, and AV Maintenance
Department for their assistance and cooperation during the audit.

Joyce Kirangi, CPA, CGMA
Internal Audit, Director

AUDIT TEAM RESPONSIBLE MANAGEMENT TEAM
Margaret Songtantaruk, Senior Auditor Michael Ehl, Director Airport Operations
Jack Hutchinson, Manager Mark Coates, Senior Manager Airport Operations

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015
BACKGROUND
The Port of Seattle Airport Schedule of Rules and Regulations policy governs many aspects of airport
operations from sanitation to security requirements. As part of the security, these regulations govern
and establish eligibility requirements for all motor vehicles and equipment accessing Air Operations
Areas (AOA). The AOA is an area "enclosed by the Airport security fence, including ramps, aprons,
runways, taxiways, gate positions, airport parking areas, and FAA facilities."
Under Section 6-E of the policy, any person operating motor vehicles or motorized equipment in the
AOA is required to:
Be assigned to duty in such areas.
Be authorized by the Director of Airport Operations.
Possess authorized identification.
Possess current proof of liability insurance.
The Port Risk Management Department has established specific insurance requirements and forms in
compliance with the policy. These guidelines and forms are commonly referred to as "Ramp Insurance"
requirements.
The Airfield Operations Department oversees the Aviation Ramp Insurance Program, to ensure that all
vehicles/equipment driving onto the airfield are properly insured (general and auto liability
insurance). Although Airfield Operations is primarily responsible for the program, there are other
Aviation departments (e.g., Aviation Security and Aviation Business Development) that are also
involved in the program.
For the period January 1, 2015, through July 6, 2015, approximately 297 companies accessed the
airfield by vehicle. These companies have more than 8,000 non-Port employees who use company
vehicles to access the airfield throughout the year. See statistics below:
TRAFFIC STATISTICS FOR VEHICLES ACCESSING THE AIRFIELD
January 1, 2015 July 6, 2015
vehicle in/out count % of the total in/out count
Top 10 companies 179,100 54%
Top 20 companies 218,543 66%
Top 30 companies 247,546 75%
Data Source: Aviation Credential Center
Note: The data do not include vehicles under escort and/or construction vehicles accessing the Airfield

AUDIT SCOPE AND METHODOLOGY
We reviewed information for the period January 1, 2014 August 31, 2015. We utilized a risk-based
audit approach from planning through testing. To obtain a complete understanding of the Department
operations, we gathered information through surveys, document reviews, staff interviews,

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015
observations, and data analyses. We assessed significant risks and identified controls to mitigate those
risks. We evaluated whether the controls are functioning as intended.
We applied additional audit procedures to areas with the highest likelihood of significant negative
impact as follows:
1. To determine whether Port management controls are adequate and sufficient to ensure effective
monitoring of automobile and general liability insurance requirements for vehicles accessing the
airfield:
Conducted a nonscientific survey of 25 members of the Association of Airport Internal Auditors
(AAIA). The survey focused on other airports' practices for vehicle insurance monitoring. The
intent was to establish a baseline expectation for management monitoring by Aviation
Operations.
Reviewed Port public web sites to determine whether the insurance requirements are clearly
and consistently communicated.
Reviewed and assessed the effectiveness of insurance monitoring procedures at airfield access
gates, in order to determine whether the uninsured vehicles or vehicles without proper
insurance are permitted to enter the airfield.
Reviewed the Ramp Insurance Mailbox to determine whether incoming emails with insurance
information and certificates are timely reviewed and processed.
Reviewed the airport credential new system to determine whether:
o The system provides an efficient interface to update insurance records.
o There are available system reports to assist management.
Reviewed insurance records on file to determine whether proof of insurance is complete and
proper.
Reviewed insurance folders for 15 non-construction companies and compared insurance
provisions to determine insurance complied with Risk Management requirements and is
consistent.
Analyzed 17 of 305 Risk Management insurance incidents and 101 Aviation Maintenance
reimbursable work orders, to determine the effectiveness of management controls.
2. To determine compliance with the Risk Management Department's established insurance forms,
limits, types, and endorsement requirements:
Selected 81 of 364 (22%) third-party companies (i.e., companies with no contractual
relationship with the Port) with airfield access to determine whether:
o Proof of insurance is on file and current.
o The Port is identified as an additional insured.
o The general liability and automobile insurance amounts comply with the Port Risk
Management Department's requirements.
Selected and agreed 1 company from the Ramp Insurance Mailbox and compared its reported
insurance to the hard copy records maintained by Airport Operations and information in the
Credential Center Office data.

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015
Selected and agreed 4 companyies' hard copy insurance records maintained by Airport
Operations to the Ramp Insurance Mailbox and to the Credential Center Office data.
Selected 5 prime construction contractor agreements to determine whether:
o The insurance requirements are consistent and the coverage limits comply with Risk
Management requirements.
o The Port of Seattle is named as an additional insured.
Selected 27 sub-contractors working on SEATAC RUNWAY 16C/34C to determine whether:
o Insurance coverages are adequate as required by policy.
o The Port of Seattle is named as an additional insured.

CONCLUSION

Port Management controls are inadequate to mitigate risks related to uninsured vehicles and/or
vehicles without proper insurance accessing Sea-Tac airfield. Further, Port management does not have
a comprehensive and effective process to verify insurance compliance for activity on the airfield. See
discussion in Finding 1 of the Schedule of Findings.

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015
SCHEDULE OF FINDINGS AND RECOMMENDATIONS
1. PORT MANAGEMENT RAMP INSURANCE CONTROLS ARE INADEQUATE TO
MITIGATE THE RISK OF UNINSURED OR UNDERINSURED VEHICLES ACCCESSING
THE AIRFILED
Uninsured and underinsured non-Port vehicles accessing the airfield could result in financial loss
to the Port in the event of an accident. To mitigate this risk, the Port requires commercial
general liability and automobile liability insurance for all non-Port vehicles and equipment
driving onto the Airfield. The Port's Aviation Operations Department has the primary
responsibility for monitoring airfield vehicle general and auto liability insurance requirements
and maintains an insurance file on each company.
As of June 5, 2015, the Port's badging information system at the Airport Credential Center had
a record of approximately 364 third-party companies with approval to access the airfield. Those
companies were properly authorized to enter the airfield with vehicles and/or motorized
equipment. Of the 364 companies granted airfield access, our testing identified approximately
147 companies for which the Aviation Operations Department had no insurance information on
file.
We tested 81 of 217 companies with insurance folders on file and identified the following
exceptions:
21 companies or 26% did not have proof of insurance.
25 insurance certificates or 31% had expired.
12 automobile insurance coverages or 15% did not meet the $5 or $10 million minimum.
2 or 2% did not meet the $1 million minimum in general liability insurance coverages.
1 or 1% did not list the Port as an additional insured.
We obtained insurance certificates for 27 sub-contractors from one prime contractor and tested
for insurance compliance with Risk Management requirements. We identified the following
exceptions:
22 did not meet the $5 or $10 million minimum coverage.
5 did not list the Port as an additional insured.
Based on the test results, we concluded that Aviation Operations management does not have a
comprehensive system to effectively monitor the insurance requirements of vehicles or
motorized equipment accessing the Airfield. The current system is fragmented and contains
gaps. We determined that the following control weaknesses have contributed to the ineffective
management monitoring:

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015

1. Untimely Processing of Submitted Insurance Certificates
Companies are required to submit their insurance certificates and endorsements to the
Port's Ramp Insurance Mailbox. There were 28 emails in the Ramp Insurance Mailbox for a 5-
month period from January to May 2015. We reviewed all emails and determined that 15 of
28 (54%) emails received had not been opened by Airport Operations as of June 1, 2015.
Untimely opening or processing of insurance emails delays status updates in the system and
consequently defers necessary management follow-up if/when noncompliance is identified.
Accordingly, the Port does not know whether it is insured against liabilities.
2. Insufficient Coordination Among Departments
Insurance monitoring efforts at the Port are decentralized among several departments.
Aviation Business Development, for example, monitors insurance for compliance with
concession agreements. The Central Procurement Office (CPO) monitors insurance for
compliance with construction contracts, purchased goods and services, and service
agreements. Many of these agreements and contracts are with companies, which have
badged employees who are authorized to access the airfield. However, badges are issued
without checking insurance coverage. Thus the result of other departments' monitoring
efforts could inform Aviation Operations, if there were coordinated efforts, which, currently
there are not.
The lack of coordination among departments leaves a gap in management controls, and
results in the absence of assurance that the Port is protected against potential liabilities
caused by non-Port vehicles or equipment accessing the airfield.
3. Insufficient Monitoring of Ramp Insurance at Each Gated Point of Entry onto the Airfield
Ramp or airfield insurance requirements established by the Port Risk Management
Department mandate that a list of companies with proper insurance be maintained at each
gated point of entry to the airfield. Company vehicles without proof of proper insurance
should not be allowed to access the airfield.
Insurance monitoring at the airfield point of entry is not effective. Vehicles entering the
airfield are not checked for proof of general or auto liability insurance. Only the vehicle
operator's identification (ID badge) is validated.
A valid airport ID badge does not guarantee valid insurance. Badges are issued without a
check of insurance coverage. Allowing vehicles or equipment onto the airfield without a
proper insurance check exposes the Port to unintended liabilities, and could result in the
Port having to fund or pay for these liabilities.

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015
Recommendations
We recommend that Port Management:
1. Set clear and comprehensive direction and information about the airfield insurance
requirements.
2. Fully implement the airfield insurance requirements as established by the Port Risk
Management Department, in order to ensure that insurance coverage meets the Port's needs:
general liability, auto liability, appropriate endorsement, and specified insurance limits.
3. Open and process incoming ramp insurance emails timely.
4. Implement effective insurance coordination and/or monitoring among Port departments, to
ensure timely and accurate updates.
5. Implement and maintain a system to validate the proof of proper insurance at each gated
point of entry to the airfield, as required by Risk Management procedures.
6. Consider implementing a Continuous Process Improvement (CPI) program or Lean to increase
program effectiveness and efficiency.
Management Response
To further promote the ongoing development of an airfield Safety Management System, the 2015
Aviation Division business plan included a request for the Port of Seattle Internal Audit
department to conduct a preliminary assessment of the existing ramp insurance program to
establish a baseline measure of compliance for insurance verification and validation. This
communication documents the management response from Aviation Operations resulting from
the recent completion of the internal audit which was conducted from January 1, 2014 to August
30, 2015.
The audit resulted in a single finding:
Port management ramp insurance controls are inadequate to mitigate the risk of uninsured
vehicles accessing the airfield.
This finding specifically encompasses the identification of several opportunities for
centralization of ramp insurance processes and procedures across and within the Port of Seattle
enterprise.

AIRPORT OPERATIONS RAMP INSURANCE PROGRAM INTERNAL AUDIT
JANUARY 1, 2014 AUGUST 31, 2015

Despite the identified areas for improvement, it is important to note that significant progress
has been made in attempting to automate the insurance verification mechanism through the
incorporation of insurance coverage data associated with the security credential media utilized
by individuals seeking to access the airfield ramp environment. While insurance confirmation
data for some constituent credential holders accessing the ramp are currently included in the
access control data base, others are not, thus requiring further coordination of Aviation Division
and Port of Seattle corporate departments. A meeting of all identified relevant stakeholders
will be conducted on October 9th to review ramp insurance gathering and recording processes
and practices, with the intent to establish a comprehensive data sharing program and the
associated incorporation of improved controls.
Key objectives of the meeting will be to identify the appropriate departmental center of
expertise for the Port of Seattle, and to establish the subsequent work plan, deliverables,
schedule for completion, resource requirements, and continuous improvement feedback
mechanism necessary for sustainability of the program. In keeping with of our commitment to
quality assurance, we request the Audit Committee reassess and evaluate the effectiveness of
our insurance program post implementation of these proposed mitigations and corrective actions
on or about the 2017 audit cycle.

Limitations of Translatable Documents

PDF files are created with text and images are placed at an exact position on a page of a fixed size.

Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.

PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.