Port of Seattle

Internal Audit Report

Central Procurement Office
Procurement System Review

Current Practices in 2008




Issue Date: February 27, 2009
Report No.: 2009-03

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008

Table of Contents

Internal Auditor's Report............................................................................................................3 
Executive Summary....................................................................................................................4 
Background .................................................................................................................................5 
Audit Objective............................................................................................................................5 
Audit Scope .................................................................................................................................5 
Audit Approach ...........................................................................................................................6 
Conclusion ..................................................................................................................................6 
Audit Findings and Recommendations ....................................................................................7 
1.  Major Public Works 
2.  Small Works 
3.  Miscellaneous Purchases  A & C Type Purchase Orders, S Type Contracts, and P-Cards 











2 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008

Internal Auditor's Report

We have completed a system review of the Central Procurement Office. The purpose of the review
was to identify risks related to procurement and assess key controls designed to mitigate these risks.
Management has the primary responsibility to establish and implement effective controls. Our audit
objective was to assess and test those controls in order to determine if the controls were adequate and
operating effectively as intended.
We conducted the audit using due professional care. We planned and performed the audit to obtain
reasonable assurance that existing controls over procurement within Central Procurement Office are
working efficiently and effectively as intended.
We identified certain control weaknesses related to documentation and inadequate segregation of
duties which are discussed in the subsequent sections of this report.
We extend our appreciation to the Central Procurement Office management and staff for their
assistance and cooperation during the audit.


Joyce Kirangi, CPA
Internal Audit Manager








3 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008
Executive Summary 
Audit Scope and Objective  The purpose of our review was to identify risks and assess the key
controls that mitigate those risks.  Our review included the Central Procurement Office's major
categories of procurement. The scope of the review included the current practices of the CPO in 2008.

Background The Central Procurement Office as an organizational unit was created in response to
the 2007 SAO Performance audit. A number of contract services and administration staff from various
organizational units have been combined to establish the CPO. The office provides oversight on overall
procurement activities and is grouped into the major procurement categories: 1) Major Public Works, 2)
Small Works, 3) Service Contracts, and 4) others (S, A and C purchases). The CPO centrally is
responsible for procurement policies/procedures and their compliance.
For a 4-year period ending 2008, the Port annually disbursed on the average $300 millions, $10
millions, $ 100 million, and $ 70 millions for Major Works, Small Work, Service Contracts, and others
(S, A, and C purchases), respectively.
Audit Results Summary The review identified a number of control weaknesses related to
documentation and inadequate segregation of duties as well as opportunities to strengthen existing
controls.










4 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008
Background
The Central Procurement Office as an organizational unit was created in response to the 2007 State
Auditor's Office performance audit report. A number of contract services and administration staff from
various organizational units have been combined to establish the CPO. The office provides oversight on
overall procurement activities and is grouped into the major procurement categories.
The following are some examples of the CPO's involvement in the procurement of goods and services:
Advertisement related to bid                 Vendor setup
Centralizing documentation                 Purchase Order setup
Contract/Agreement setup                 Procurement Policy/Procedure
The Central Procurement Office is grouped into major categories that include:
Major Public Works are projects initially estimated to be in excess of $200,000.
Small Works are projects initially estimated to be less than or equal to $200,000.
Service Contracts include personal and professional services.
A-Type purchase orders are one-time purchases of specific goods and/or services.
C-Type purchase orders are recurring fixed-price contracts with pre-established terms and
conditions.
S-Type vendor contracts are for recurring purchases with a specific vendor (also known as a
Blanket Vendor Contract).
Port-wide procurement disbursements for a 4-year period ending 2008 are as follows:
in millions         2005      2006      2007      2008
Major Public Works   $ 340    $ 317  $ 270    $ 217
Small Works       $ 11    $ 10    $ 9     $ 7
Service Contracts    $ 104    $ 111  $ 100     $ 80
S- Type Purchases    $ 50    $ 41   $ 38    $ 39
A- Type Purchases    $ 27    $ 25   $ 23    $ 25
C- Type Purchases    $ 4     $ 2    $ 2     $ 3
Source: PeopleSoft 
Audit Objective
The objective of our review was to identify risks to the Central Procurement Office (CPO) and assess
controls to mitigate those risks within the Port's major categories of procurement: 1) Major Public
Works, 2) Small Works, 3) Service Contracts, 4) others (S, A and C purchases).

Audit Scope
The scope of the review was current practices in 2008.
5 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008

Audit Approach 
To achieve the objectives we performed the following procedures:
Obtained an understanding of the systems and transactions involved within the context of the
CPO including significant procurement compliance requirements
Assessed and identified risks associated with the CPO
Identified key controls to mitigate risk
Tested key controls for effectiveness

Conclusion 
The review identified a number of control weaknesses related to documentation and inadequate
segregation of duties as well as opportunities to strengthen existing controls.












6 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008
Audit Findings and Recommendations
1. Major Public Works

a). Involvement in Acquisition Planning
Construction Contract Services is not consistently included in the construction acquisition planning
meetings. The Project Management Group is responsible for inviting the Manager of Construction
Contract Services to the pre-design meetings for Major Works Construction projects. The current
practice involves the Project Management Group extending an invitation to the Manager of Contract
Services on an as needed basis after the Acquisition planning phase has been completed. In most
cases, the Manager of Contract Services is not invited to the meetings until the acquisition planning
is nearly completed. According to the Contract Administration Manual, Contract Administration will
participate in the pre-design meetings to the extent required to assure selection of the proper
contracting method, proper contracting category (Small Works or Major Public Works), funding
sources and tax issues/implications. If Contract Administration does not assure that the proper
contracting method, proper category, funding sources and tax issues/implication are addressed in
the pre-design phase this may delay the project as well as incur additional costs to properly redesign
the project.
Recommendation
We recommend that Construction Contract Services receive periodic updates of upcoming projects
from the Project Management Group. Construction Contract Services should participate in the
acquisition planning meetings to the extent required, to assure that the proper contracting method,
proper contracting category, funding sources and tax issue/implications are addressed. 
Management Response
The Port is implementing, via CPO-1, a stronger acquisition planning phase for all projects over
$200,000.  As part of acquisition planning for projects, the project management groups in
conjunction with CPO will conduct acquisition strategy planning meetings to develop an acquisition
plan. This plan shall be included in the project notebooks. At key dates specified in the acquisition
plan, whenever significant changes occur, or when CPO or other Port Departments request an
acquisition meeting, CPO and the project management group will review and, if appropriate, revise
the plan. CPO-1 training is underway and we have begun more formal acquisition planning on many
projects.
2. Small Works
a). Inadequate Documentation
During the course of our review, a number of instances of less than adequate documentation
related to the solicitation-to-bid process of small works were noted. Detail testing of a risk-based
sample of 10 contracts from a population of 50 contracts with the beginning dates in 2008 revealed
the following exceptions:
7 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008

1. One contract lacked documentation as to why the lowest bidder was not selected.
2. Some files did not include evidence of date stamping of sealed bids or evidence of an
appropriate sealed bid process.
Inadequate training and no standardization at outlying areas of the Port that perform solicitations of
small works contracts contributed to the observed condition.  Proper documentation provides
evidence of compliance with the competitive solicitation process, establishes confidence in our
processes, and assures accountability to Port policies. In the absence, compliance efforts by the
CPO cannot be objectively verified and consequently becomes questionable.
Recommendation
We recommend that management implement improved control procedures to correct the above
weaknesses. Specifically, we recommend that management:
1. Strengthen policies and procedures to assure adequate documentation in the small works files.
2. Continue to provide training on adequate file documentation and establish accountability of the
file information.
3. Continue the process of monitoring and correcting roster information.
4. Consider using a Port-wide standardized checklist of required documents for all small works
contracts.
Management Response
Four contracts were identified as having had inadequate documentation. Each contract was
initiated and executed during the process of establishing the Central Procurement office.
Specifically, SW-0315295 and SW-0315493 were procured out of Aviation Maintenance and
executed 3/14/08 and 5/5/08 respectively. SW-0315605 and SW 0315708 were procured by
Marine maintenance and the contracts were executed 2/27/08 and 1/22/08 respectively.
All four contracts had the finding that the file failed to contain the date stamp envelope. Since
establishing a centralized procurement office, CPO has been working with procurement
professionals responsible for small works roster procurements to establish consistent procedures
and compliance with legal and Port requirements. CPO will continue to provide training on these
matters as we continue to evaluate current processes and identify issues and new processes.
Two additional findings were noted for SW-0315605 executed in February 2008. First, with respect
to the finding that one contract did not include evidence as to why one bidder was not selected;
CPO investigated the matter and determined that the initial low bidder was found not responsible
because they did not meet the supplemental responsibility criteria. A letter should have been send
to the low bidder rejecting their bid and indicating that they were found not responsible. This letter
should be in the procurement file. We were unable to locate the letter. Training will be conducted
on this issue to ensure procurement professionals understand the requirements surrounding
responsibility reviews and bid rejections.

8 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008
3. Miscellaneous Purchases  A & C Type Purchase Orders, S Type Contracts, and P-Cards
a). Segregation of Duties
During the course of the audit we noted the following concerns regarding proper segregation of
duties:
There is no approval process in place for issuing or changing purchase orders or blanket vendor
contracts. Any Buyer within CPO has the ability to place or change a purchase order or blanket
vendor contract individually up to $25,000.
Vendors may also be created and approved by the same person. Detailed testing of the vendor
database for 2008 showed that the majority of new vendors were approved by the person with
the capability to also create vendors in the system.
Segregation of duties is a basic, key internal control designed to ensure that errors or irregularities
are prevented or detected on a timely basis by employees in the normal course of business.
Segregation of duties provides two benefits: 1) a deliberate fraud is more difficult because it
requires collusion of two or more persons, and 2) it is much more likely that innocent errors will be
found. Without proper segregation of duties in these areas the Port is subjecting itself to increased
risk of unauthorized or fraudulent purchases.

Recommendation
The CPO should review its processes to ensure that significant risk areas contain adequate
segregation of duties so that no single individual has control over two or more key phases of a
transaction or operation.
Management Response
Issuing & Changing PO 
With EX-2 the ability to make significant changes to purchase order is limited by EX-2. Buyers may
issue and maintain purchase orders within their delegated authority. This authority is limited to
$25,000 for Buyers and Mangers and $100,000 for Sr. Purchasing Manager. All other changes
must go to Director CPO and/or Managing Director of CDD or the CEO. Change orders may come
from the department (increase, decrease qty, substitute item, etc.) or the Buyer may authorize.
Most frequently the buyer will modify small amounts of pricing or quantities to clear payment
exceptions.
Vendor Creation 
The CPO agrees that vendor creation and approval present a risk area. CPO is in the process of
reviewing this issue and will likely establish a process that separate the function of entering the
vendor information for the person who approves the data and verifies the W-9.

9 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008
b). Inadequate S- Type Contract ( a.k.a. Blanket Vendor Contract) Documentation and
Approval
An S-Type contract is a written document with agreed-upon terms and conditions pertaining to
recurring purchases of goods and services (e.g., maintenance supplies and services, janitorial
services, etc.) The primary purpose is to provide customers with a more efficient way to acquire
typically small-dollar-value and frequently-needed goods and services.
Prior to negotiating a S-Type contract, the CPO documents the need and approval for the contract
on a S-Type Contract Request form, a Purchase Requisition, or a memo. PUR 1-d requires that the
Manager, Purchasing, approve all S-Type contracts before they are placed. When deciding
whether to renewal an existing S-Type contract, CPO will review the contract to ensure that is was
being used as it was intended and that a renewal is justified. This review will usually include
reviewing payments against the contract to ensure that purchases were frequent, that purchase
amounts were appropriate for the contract, and that only authorized departments were using the
contract.
Detail testing of 15 S-Type contracts revealed that:
20% did not contain any documentation justifying the need or approval for the contract.
53% were not approved by a Manager, Purchasing, as required by PUR1-d.
100% were renewals of an existing S-Type contract; however, no documentation was
maintained evidencing the review performed on the existing contract to justify the renewal.
Without adequate supporting documentation and approval, the CPO can not substantiate their due
diligence in executing contracts that are in the best interest of the Port.

Recommendation 
The CPO should ensure that its procedures are in compliance with all Port polices and procedures.
They should also document and maintain all key procedures performed in analyzing and justifying
the placement of S-Type contracts.
Management Response
The CPO agrees that evidence of the Sr. Manager's approval does not exist in the blanket order
contract files. This has been remedied and we are currently reformatting the contracts so all will be
signed by the Sr. Manager. Moreover changes to EX-2 redelegations require signature authority of
the Sr. Manager or higher level. An activity report with a checklist will be provided the Buyer
indicating the analysis was completed.

c). The Signature Requirement for Purchase Requisitions is Not Effective in Preventing
Unauthorized Purchase Orders.

10 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008
The CPO requires that departments submit a signed Purchase Requisition form before they will fill
the purchase order. However, CPO does not perform any procedures to ensure that the signature
is legitimate or that the Purchase Requisition has been appropriately approved. Detailed testing of
Purchase Requisitions associated with purchase orders revealed that 20% of the Purchase
Requisitions examined, while legitimate, were signed by an individual who did not have the
authority to approve purchases.  The current procedures do not mitigate the risk of filling an
unauthorized purchase order.

Recommendation 
As a central procurement office established to have a greater oversight of all Port purchases, the
CPO should consider having more involvement in the approval of purchase orders.
Management Response
CPO is working with Port to establish a better system for establishing who has authority to sign
requisitions.  Each Senior Executive Staff is providing CPO with a list of personnel who have
authority to sign requisitions and the level of their authority. CPO will review requisitions to make
certain appropriate parties have signed the document. It is up to the departments to make certain
staff given authority to sign requisitions acts within the best interest of the department and budget
constraints. This should minimize risk of CPO procuring unauthorized items/services.

d). Vendor Creation
Procedures associated with vendor creation are insufficient to ensure that the Port only contracts
with legitimate vendors. The CPO requires that any new vendor submit a W-9 form before they are
approved in the system. A Buyer may enter a new vendor in the system, but the vendor cannot be
paid until they are approved in the system by a Manager or Senior Manager, Purchasing. However,
the Buyers do not perform any procedures to verify that the vendor is a legitimate business. Also,
the Manager, Purchasing, responsible for approving vendors in the system does not require any
documentation for a new vendor other than the W-9 form.
20 vendors were examined to determine if available public records could substantiate them as
legitimate businesses. 10% of the vendors tested could not be substantiated. Subsequent audit
procedures did verify that these vendors were appropriate; however, there is no documentation
maintained within the CPO to support them.
Vendor creation is a significant risk to any organization, and an effective system of approving
vendors can substantially reduce the risk of fraud.
Recommendation
The CPO should establish procedures designed to ensure that only legitimate vendors are
approved to conduct business with the Port. Documentation should be maintained evidencing the
creation and approval of new vendors.
11 of 12

Internal Audit Report
Central Procurement Office
Review Period: Current Practices in 2008

Management Response
The CPO agrees that vendor creation and approval present a risk area. CPO is in the process of
reviewing this issue and will likely establish a process that separate the function of entering the
vendor information for the person who approves the data and verifies the W-9.
Purchasing staff will be allowed the authority to enter vendor information. AFR staff will be granted
approval authority to approve vendor requests and changes. W-9 information will be verified
against the IRS database by AFR Staff. This process maybe sufficient to limit risk and we are
investigating whether a mechanism to document the process is necessary and/or required.














12 of 12