Internal Audit Report 

ICT Department Audit 

January 1, 2007 through December 31, 2008 




Issue Date: April 6, 2010 
Report No. 2010-06

Internal Audit Report 
ICT Department Audit 
Audit Period: January 1, 2007 December 31, 2008 

Audit Period: July 1, 2005  June 30, 2008 
Table of Contents 
Internal Auditor's Report ...................................................................................................... 3 
Executive Summary ............................................................................................................ 4 
Background ......................................................................................................................... 5 
Audit Objectives .................................................................................................................. 6 
Audit Scope ......................................................................................................................... 6 
Audit Approach .................................................................................................................... 7 
Conclusion ........................................................................................................................... 7 











2

Internal Audit Report 
ICT Department Audit 
Audit Period: January 1, 2007 December 31, 2008 

Audit Period: July 1, 2005  June 30, 2008 Internal Auditor's Report 

We have completed   an audit of the Information and Communication Technology's (ICT)
Department. Based on our risk assessment and review of audits conducted by other outside
auditors, our worked focused primarily on the Business Services and Service and Delivery work
groups of the ICT Department. The main objective of the audit was to assess and determine
whether management has established adequate and effective controls to reasonably ensure that: 
1.  Port information technology equipment is properly procured and accounted for. 
2.  Port information technology surplus equipment is properly disposed in accordance with Port
policies and directives. 
We reviewed information relating to fiscal years 2007-2008. 
Management has the primary responsibility to establish and implement effective controls. Our audit
objective was to assess and test those controls in order to establish whether the controls were
adequate and operating effectively. 
We conducted the audit using due professional care. We planned and performed the audit to
obtain reasonable assurance that department controls are adequate and operating as intended. 
We found no significant issues during the review; however, we identified opportunities to 
strengthen existing controls over accountability and disposition of Port information technology
equipment. That information has been communicated to management in a separate letter. 
We extend our appreciation to the ICT Department for their assistance and cooperation during the
audit. 



Joyce Kirangi, CPA 
Director, Internal Audit 



3

Internal Audit Report 
ICT Department Audit 
Audit Period: January 1, 2007 December 31, 2008 

Audit Period: July 1, 2005  June 30, 2008 Executive Summary 
Audit  Scope  and    Objective The purpose  of the audit was to review Information and
Communication Technology's (ICT) Department. Based on our risk assessment and review of
audits conducted by other outside auditors, our audit focused primarily on the Business Services 
and Service and Delivery work groups of the ICT Department. For these work groups, we
determined that the area with the most significant risk was accountability of the ICT equipment. 
The main objective of the audit was to assess whether management has established adequate
controls to ensure: 
1. Port information technology equipment is properly procured and accounted for. 
2.  Port information technology surplus equipment is properly disposed in accordance with Port
policies and directives. 

We reviewed information relating to fiscal years 2007-2008. 
Background  The mission of the ICT Business Services and Service Delivery work unit groups is
to support the business functions, solve business problems, improve Port security and promote
Port transparency. Both of these work unit groups were staffed with approximately 50 full time
equivalents (FTEs), and had actual operating expenses of approximately $6 million annually during
the audit period. Actual operating expenses included approximately $500,000 annually in capital
charges during the audit period. These work units do not generate any income, but incur a variety
of expenses in delivering and maintaining the Port's IT infrastructure. 

Audit Result Summary
We found no significant issues during the review; however, we identified opportunities to
strengthen existing controls over accountability and disposition of Port information technology
equipment. That information was communicated to management in a separate letter. 





4

Internal Audit Report 
ICT Department Audit 
Audit Period: January 1, 2007 December 31, 2008 

Audit Period: July 1, 2005  June 30, 2008 
Background 
The mission of the   Information and Communication Technology (ICT) Business Services and
Service Delivery is to support the business functions, solve business problems, improve Port 
security, and promote Port transparency.
ICT Business Services includes the following work units: 
The Business Analysis Team -- researches new technologies and business process, drafts 
business plans for technology projects and documents project processes. 
The Project Management unit -- administers technology projects such as Computer Aided
Dispatch and Parking Garage Floor Count. 
The Financial Services unit -- provides asset planning for technology projects, project detail
reports,  and monthly labor distribution reports  as well as asset management,  and
procurement of information technology hardware. 
Contract Management -- oversees information technology contracts and vendors. 
The Administration unit --  procures cell phones and software, processes invoices,
processes travel requests and includes the support staff.
ICT Service Delivery includes: 
The Desk Services unit -- provides help desk support by troubleshooting information
technology issues over the phone.
Client Services -- provides computer and desktop support such as installing software and
set up of computers as part of the ICT Service Delivery service. 
The ICT Business Services and ICT Service Delivery work groups do not generate any income. A
listing of significant expenses for 2007 and 2008 were as follows: 

Accounts         2007     2008 
Salaries & Benefits*           5,128,627   5,702,356 
Equipment Expense***        1,296,639    819,747 
Supplies & Stock              33,485     33,082 
Outside Services**           4,075,925   3,851,109 
Travel & Other Employee        94,862     97,769 
Telecommunications          382,911    297,523 
Source: PeopleSoft 

5

Internal Audit Report 
ICT Department Audit 
Audit Period: January 1, 2007 December 31, 2008 
*There were approximately 50 full time equivalents (FTEs) for both ICT Business Services and ICT 
Service Delivery during the auditAudit Period: July 1, 2005  June 30, 2008 period. Payroll for both work units consisted of mainly exempt
employees, and less than half percent (1/2%) of total payroll was attributed to overtime. 

**Both work groups use outside services to supplement the support of various systems, projects,
and services they have to deliver to the Port. Outside service is procured through the use of Master
Professional Service (MPS) agreements which are competitively selected and used by ICT for a
couple of years. 
***Computer and telephone acquisitions comprised approximately 97% of the ICT Business
Services and ICT Service Delivery equipment expense account. ICT also procures IT equipment
(computers, monitors, and individual components) on behalf of other Port departments and those
costs are accounted for in each respective department budget. Based on our analysis, Port-wide
disbursement to IT vendors was approximately $4 million annually. These figures reflect the extent
of ICT involvement (i.e., accountability). In procuring IT equipment on behalf of other departments,
ICT retains physical custody of the equipment in terms of receiving, storage, and surplus of
equipment no longer in use.  Equipment expense decreased in 2008 when compared to 2007
because ICT suspended the purchases of computers for the ICT's computer replacement program. 
The computer replacement program will resume in the 2010 budget. 
The ICT Department maintains a roster or inventory of Port equipment that needs ICT technical
support and the equipment is tracked in a system commonly referred to as DK. Per Port policy,
each Port department is responsible for maintaining a comprehensive inventory of its equipment 
Audit Objectives 
The purpose of the audit was to review ICT's Business Services and Service Delivery work groups. 
Based on our risk assessment and analysis of these ICT work groups, we determined that the area
of most significant risk was accountability of the ICT equipment. The main objective of the audit
was to assess and determine whether management has established adequate and effective
controls to ensure that: 

1.  Port information technology equipment is properly procured and accounted for. 
2.  Port information technology surplus equipment is properly disposed in accordance with Port
policies and directives. 

Audit Scope 
The scope of the audit covered the period of January 1, 2007 through December 31, 2008. 

6

Internal Audit Report 
ICT Department Audit 
Audit Period: January 1, 2007 December 31, 2008 
Audit Approach 
Audit Period: July 1, 2005  June 30, 2008 
To achieve the audit objective, we performed the following procedures: 
Obtained an understanding of the department operations. 
Reviewed department controls related to the audit area. 
Obtained and analyzed relevant financial and non-financial data. 
Performed audit procedures to achieve the audit objective. 

Conclusion 
We found no significant issues during the review; however, we identified opportunities to
strengthen existing controls over accountability and disposition of Port information technology
equipment. That information was communicated to management in a separate letter. 












7