Management Letter 
To:   Peter Garlock 
Chief Information Officer 
From:  Joyce Kirangi 
Director, Internal Audit 
Date:  March 18, 2010 
Re:   Internal Audit of ICT Department 

Internal Audit has completed an audit of the  Information and Communication Technology (ICT) 
Department. The audit covered the period of January 1, 2007 through December 31, 2008. Our audit
report contains no findings; however, during the course of our audit, we noted weaknesses in the ICT
department as well as Port wide internal controls related to IT equipment that could be improved. The
ICT control weaknesses related to accountability of equipment and the Port wide weaknesses related to
accountability as well as surplus of IT equipment. 
The noted weaknesses were not significant enough to warrant inclusion in the report; however, if not
addressed, the issues could become significant in the future. 
I.    Accountability of Equipment 
Complete and accurate records are one of many required elements to properly establish
accountability over purchased equipment. ICT purchases equipment for other departments and has
physical custody of the equipment when it is received, in storage, and awaiting surplus.  ICT
maintains accountability using DK Inventory Manager (DK), which is an equipment tracking system 
that is maintained by the ICT department. We noted the following internal control weaknesses with
regard to DK during the audit. 
Deleted Records 
Two-hundred-forty-eight records were deleted from DK without any supporting documentation. The
equipment management module of DK does not prevent the user from deleting records. Based on the
recorded serial numbers, we were able to classify 71 records as internal components. However, we 
could not ascertain the remaining 177 as to the type of equipment. In the absence of documentation, 
we were not able to determine if the deletions were proper. 
We noted that there were 398 deletions of records during the audit period as follows. 
Supported with
Type          Count    documentation? 
Laptops                 75         Yes 
Docking Stations            75         Yes 
Internal Components         71         No 
Unidentifiable              177          No 
Total                     398 

Management Letter  Information and Communication Technology                                      Page 1

Inaccurate records 
We selected one-hundred-sixty-five  equipment records and tested them for accuracy  of
documentation in DK. Our testing disclosed eight exceptions where the status of the equipment (the
department it was assigned to) was inaccurate in DK and there were two instances where the
equipment was missing.
Count            Type                 Exception 
8      2 laptops, 2 monitors, 2 docking     Inaccurate status 
stations, 2 cell phones 
1      1 laptop                       missing 
1      1 docking station                  Missing 

When equipment records are inaccurate or incomplete, proper accountability may not be sustained.
When proper accountability is not maintained the equipment may not be properly safeguarded or
maintained. 
Recommendation 
We recommend that ICT implement controls to completely maintain equipment records and
documentation. Integrity of data should also be maintained by reviewing and approving record
deletions. 

ICT Management Response 
We agree that equipment records should not be deleted from the DK inventory management system,
and instead, the record should be updated to reflect the reason why the equipment was not placed
into service, or why it was returned to supplier, etc. We have already implemented this process. 
Separate from the internal audit, ICT conducted a full inventory of all 2,088 Personal Computers
(PCs) that were issued throughout the Port. Twenty of the 2,088 PCs listed in DK (less than 1%) could
not be found, and were reported to the Port of Seattle Police department as either lost or stolen. For
comparison, Gartner Group, the largest Information Technology Consulting firm, has established a
benchmark for annual PC loss at a rate of 3%-5% for a company of our size and mix of IT equipment. 
We agree that when equipment records are inaccurate or incomplete, proper accountability might not
be sustained. Current Port-wide policy requires all departments to individually maintain records for
their PC's, because ICT no longer has physical control of the assets once they have been delivered to 
using Departments. Departments frequently move or reassign equipment without notifying ICT, so it is
impossible for ICT to maintain accurate records. In addition, a recent ICT staff reduction has 
decreased our ability to track all equipment changes. 



Management Letter  Information and Communication Technology                                      Page 2

II.   Port wide Accountability of Non-Capitalized IT equipment 
The Port'spolicy for non-capitalized purchases requires that all Port departments are individually
responsible for maintaining proper records for purchases of tangible, non-consumable items with
individual costs of less than $20,000.
During the audit, we observed that the procedure was not being followed as intended. Certain
departments do not properly maintain records for non-capitalized information technology equipment.
Specifically, of the nine Port departments that we visited for testing purposes, 
Three departments did not maintain any records. 
Four departments had records that were incomplete/ inaccurate.
Although Port policy requires individual departments to track their tangible non-consumable items
including information technology equipment, ICT's DK system has become a de facto list for ICT
supported equipment for the Port as a whole. 
Recommendation 
We recommend that Port management evaluate the current procedures and practices over noncapitalized
assets, and strengthen existing controls to assure proper accountability of IT related
equipment. 
ICT Management Response 
We agree with Internal Auditing that Port-wide policies, procedures and controls regarding noncapitalized
Port purchases should be strengthened. Accountability should be improved not only for IT
assets, but for all Port assets. For IT equipment, we recommend that Port management implement a
policy and process that holds individual users accountable and responsible for all IT equipment that
they have been assigned until the asset is returned to ICT. 

III. Surplus 
The Port surplus its unneeded information technology equipment through the state surplus program
that is administered by the Washington State General Administration (GA) agency.  To use this
surplus program, the State Surplus General Administration requires an itemized Property Disposal
System (PDS) report be completed online prior to accepting surplus equipment. The state then
approves the online request and provides an authorization number to be submitted with surplus
equipment for proper receiving/handling. 
The Port's Central Procurement Office completes the online PDS report based on surplus information
provided by ICT. When the online request is approved by the state, the Central Procurement Office
informs ICT who provides the Maintenance Department with a copy of the PDS report for pick-up and
delivery of the surplus equipment to the state. At the time of delivery of the surplus, the Maintenance
Department provides a copy of the PDS report to the State Surplus. The report contains the
authorization number. The online PDS report is then updated by State Surplus to acknowledge receipt
of equipment. 
For the period 2007 to 2008, a total of 25 shipments of ICT surplus equipment were delivered to the
State Surplus. Five of those shipments were not acknowledged as having been received, and an
additional four shipments had only a portion of the equipment acknowledged by State Surplus. We
Management Letter  Information and Communication Technology                                      Page 3

noted approximately 610 out of a total of approximately 2,499 pieces of equipment were not
acknowledged as having been received by State Surplus. There seems to be a lack of coordination
between the Port departments involved with the surplus process. Without coordination or surplus
record reconciliation, we could not determine where in the surplus process the equipment may have
been lost. A summary of the unacknowledged equipment is as follows: 

Computers      412 
Laptops         19 
Monitors         86 
Printers           39 
Scanners         6 
Plotter             1 
Fax             3 
Camera         1 
Misc. Equip       43 
Total            610 

Recommendation: 
We recommend that Port management evaluate the current procedures and practices over surplus to
improve accountability through better coordination between the departments. 
ICT Management Response 
ICT strictly follows and complies with all current Port-wide procedures regarding surplusequipment 
disposal. However, we recommend that the Port's Central Procurement Office review these
procedures to improve accountability of surplus equipment disposal with outside agencies. 









Management Letter  Information and Communication Technology                                      Page 4