7b
PORT OF SEATTLE MEMORANDUM COMMISSION AGENDA Item No. 7b STAFF BRIEFING Date of Meeting February 05, 2013 DATE: January 25, 2013 TO: Tay Yoshitani, Chief Executive Officer FROM: Joyce Kirangi, Director, Internal Audit SUBJECT: Enterprise Technology Risk and Performance Assessment SYNOPSIS: Protiviti has completed its report on the Port of Seattle Enterprise Technology Performance and Risk Assessment. The report encompasses the analyses, conclusions, observations and recommendations derived by Protiviti as a result of the procedures it performed. Protiviti is also scheduled to brief the Audit Committee on February 5, 2013. Highlights The IT cost benchmarking analysis conducted by Protiviti indicates the Port IT functions have effectively managed costs, including the following key results: The Port has generally outperformed comparable industries in controlling IT operations (or "run") costs. The Port has successfully shifted more of its IT spending towards growth and transformation of business operations. The Port's IT process activities perform favorably when compared to organizations of comparable size and industry-groups. Opportunities The report suggests opportunities to: Further mature certain core IT processes Continue to align ICT and Aviation IT operations Explore additional avenues to collaborate and communicate with the Commission and Executive Team Protiviti also conducted a technology risk assessment and recommends the following thee-year IT Audit plan, including direction on staffing levels and appropriate skills sets to complete the recommended audits: 2013 o Scheidt Bachman Parking System o Data Center COMMISSION AGENDA Tay Yoshitani, Chief Executive Officer January 25, 2013 Page 2 of 2 o PeopleSoft Post-Implementation Review 2014 o End-Point Security o IT Asset Management o HIPAA Compliance Assessment 2015 o Data Loss Prevention o IT Change Management Diagnostic o Business Continuity/Disaster Recovery BACKGROUND: Technology is rapidly changing and absolutely critical to the Port's overall operations. It is essential to enhance the efficiency and effectiveness of the Port's business processes through the protection, reliability, availability, and analysis of business information. The Audit Committee and the Executive Team recognized such critical roles and recommended a third party conduct an assessment of the Port enterprise technology risk and performance. The Port, using its competitive procurement process, engaged Protiviti to conduct the assessment. The project was initiated in the September 2012 time frame and completed in December 2012. The project consisted of two primary objectives: 1. Assess the overall management, efficiency and effectiveness of Port information and communication technology assets and services within the following key areas: Strategy, Operations, Investment, Governance and Risk Management 2. Execute a technology risk assessment resulting in a three-year IT Audit plan, including direction on staffing levels and appropriate skills sets to complete the recommended audits. Provititi performed a number of procedures, including a broad set of interviews with organization leadership and process leads; review of provided policies, procedures, and process documentation; and conducted detailed benchmarking analysis. OTHER DOCUMENTS ASSOCIATED WITH THIS BRIEFING: Protiviti Detailed Report on the results of the Enterprise Technology Risk and Performance Assessment PowerPoint presentation (summary) PREVIOUS COMMISSION ACTIONS OR BRIEFINGS: None
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.