Internal Audit Presentation
Financial Stewardship Accountability Transparency Port of Seattle Audit Committee Glenn Fernandes - Director, Internal Audit May 7, 2020 Audit Committee Meeting 1:30 PM 3:15 PM Operational Excellence Governance Internal Audit Director's Annual Communication Annual communication required by the Institute of Internal Auditors' (IIA) standards on: Organizational independence Internal Audit Charter Quality assurance and improvement program Open issue follow-up and monitoring process 2 INDEPENDENCE REQUIREMENT International Standards for the Professional Practice of Internal Auditing (Standard 1110) requires annual confirmation of organizational independence. Internal Audit Department continues to maintain organizational independence by reporting functionally to the Audit Committee and administratively to the Executive Director. 3 INTERNAL AUDIT CHARTER REQUIREMENT International Standards for the Professional Practice of Internal Auditing (Standard 1000) requires periodic review of the Internal Audit Charter. Internal Audit activity is formally defined in the charter. Periodic review to assure that the charter is still relevant and reflects our departmental activities. 4 QUALITY ASSURANCE REQUIREMENTS IIA Standard 1300 requires both an internal and external quality assurance and improvement program. External assessments (Peer Reviews) need to occur at least every 5 years. Generally Accepted Government Auditing Standards / Government Accountability Office requires an external assessment every 3 years. Our approach: Most recently in December 2018, an external assessmentwas conducted by the Association of Local Government Auditors (ALGA). Conduct a self-assessment each year. 5 OPEN ISSUE FOLLOW-UP REQUIREMENT IIA Standard 2500.A1 requires a system to monitor that management actions have been effectively implemented. Internal Audit has implemented a new monitoring / follow-up process: Beginning with audit reports from the 2017 Audit Plan Focus on High or Medium rated issues Status update on outstanding audit issues has been periodically presented at Audit Committee meetings. 6 Open Issue Follow-Up Status Audit Type January 1, 20201 Added2 Closed3 April 30, 20204 Operational 8 8 (4) 12 Capital 5 0 (1) 4 Limited Contract Compliance 1 1 (1) 1 IT 24 4 (1) 27 Total 38 13 **(7) *44 1 Number of open issues that existed as of 1/1/2020 2 Number of open issues added since 1/1/2020 3 Number of issues closed between 1/1/2020 and 4/30/2020 4 Number of open issues that still exist as of 4/30/2020 * See Appendix A for a listing of issues outstanding as of April 30, 2020 ** See Appendix B for a listing of issues closed between January 1, 2020 and April 30, 2020 7 Approved 2020 Audit Plan Limited Contract Compliance Operational Information Technology Lenlyn Limited Asset Disposal Process Network Password Management Concourse Concessions, LLS Ground Transportation Taxi Cabs Secure Configuration for McDonald's USA, LLC Cash Controls Hardware and Software on Concessions Int'l, INC Outside Services (Professional) Mobile Devices, Laptops, Fireworks Workstations and Servers Qdoba Restaurant Capital T2 Airport Garage Parking Corporation Service Tunnel Renewal/Replace System Replacement1 E-Z Rent A Car Central Terminal Infrastructure Inventory and Control of Upgrade Software Assets North Terminal Utilities Upgrade Biometrics4 Phase 1 ____________________________ AOA Perimeter Fence Line Payment Card Industry (PCI) - Standards Compliance Qualified Security Assessor2 Criminal Justice Information Services (CJIS)3 1 Due to delays with the system replacement, this audit was moved from the 2019 Audit Plan to the 2020 Audit Plan. 4. This work will be a review only, not for a full audit, and the results will be presented via a memo. 2 This work will be performed by an outside firm. Internal Audit will provide a summary report to the Audit Committee. 3 This work will be performed by the Washington State Patrol. Internal Audit will provide a summary report to the Audit Committee. 8 Contingency Audits - If resources exist, at Internal Audit Director's discretion, these audits will be moved to the 2020 Audit Plan. Limited Contract Compliance Operational Information Technology Avis Budget Car Rental Delegation of Authority Malware Defenses Compliance Architectural & Engineering Consultant Rates Follow-Up Audit Capital Flight Corridor Safety Program Lora Lake Site Remediation 9 2020 Audit Status Table 2020 AUDIT PLAN STATUS Audit Title Type Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Cash Controls Operational Equipment Acquisition, Monitoring and Disposal Operational Network Password Management IT McDonald's USA, LLC Contract Compliance Service Tunnel Renewal/Replace Project Operational - Capital E-Z Rent A Car Contract Compliance Qdoba Restaurant Corporation Contract Compliance Fireworks Contract Compliance AOA Perimeter Fence Line Standards Compliance Operational - Capital Outside Services (Professional) Operational Secure Configuration for Hardware and Software on Mobile Devices, Laptops, IT Workstations and Servers Concourse Concessions, LLS Contract Compliance Payment Card Industry (PCI)-Qualified Security Assessor IT Biometrics Population IT Criminal Justice Information Services (CJIS) IT Ground Transportation-Taxi Cabs Operational T2 Airport Garage Parking System Replacement IT Central Terminal Infrastructure Upgrade Operational - Capital Concessions Int'l, INC Contract Compliance Lenlyn Limited Contract Compliance Inventory and Control of Software Assets IT North Terminal Utilities Upgrade-Phase 1 Operational - Capital Complete KEY In Process Not Started 10 Special Projects 1) FEMA Reimbursement Guidance 2) Interlocal Agreement Mapping Audits Completed 1) Cash Controls 2) Equipment Acquisition, Monitoring and Disposal 3) Service Tunnel Renewal/Replace Project 4) Network Password Management* 5) McDonald's USA, LLC *Security Sensitive Exempt from Public Disclosure per RCW 42.56.420 Results of this audit are not discussed in public session. 11 Special Project FEMA Public Assistance Program Coronavirus (COVID-19) In light of the COVID-19 pandemic and strains placed on Port resources, Internal Audit volunteered to research potential FEMA reimbursable expenditures and provide a report back to the Port's Executive Team. March 13, 2020 - President's National Emergency Declaration of COVID-19 March 19, 2020 FEMA news release on Eligible Emergency Protective Measures Reimbursement Eligibility under the FEMA Public Assistance Program Category B Expenses, dating back to January 20, 2020, are considered eligible. FEMA assistance at a 75 percent federal cost share, if not funded by other federal agencies. Remaining 25 percent should be funded through the State of Washington's Disaster Fund. 12 FEMA will reimburse certain expenses specific to COVID-19-related emergency and safety, incurred above normal operating costs, including: Emergency Operation Center costs Training/communication specific to the declared event Disinfection of eligible public facilities Emergency personnel expenses (overtime and new hires) Medical sheltering (e.g., when existing facilities are reasonably forecasted to become overloaded in the near future and cannot accommodate needs) Construction certain safety-related change orders 13 Assessment of Reimbursable Costs at Port: Construction Related The Port will incur additional expenses for COVID-19 safety-related change orders that are grouped in the following categories. Change orders are yet to be finalized, accordingly, costs are pending. Activity Cost Reimbursable 1-2 hour staggering starting times Pending No Addition of a full-time prevention site supervisor Pending Yes Hand washing stations Pending Yes Hand tool sanitation Pending Yes Purchase of duplicate hand tools Pending No Enhanced COVID-19 project-specific safety costs Pending Possibly 14 Disinfection of Eligible Public Facilities FEMA will reimburse the Port for any cleaning materials purchased. This includes overtime related to cleaning and installation of cleaning dispensers/stands, and to create a revised schedule to meet employee safety needs. Activity Cost to Date Reimbursable Sanitizer, stands, disinfecting spray/wipes, face shields, etc. $738,486 Yes Marine Maintenance overtime cleaning / installation of cleaning stands $ 13,926 Yes Aviation Maintenance overtime safety needs $ 1,020 Yes Emergency Personnel Expenses FEMA will reimburse the Port for emergency services overtime and new hires specifically for emergency services. The Port has not incurred any police department overtime. To date, only fire department overtime is reflected below. Activity Cost to Date Reimbursable Fire Department overtime $ 6,450 Yes 15 Interlocal Agreement (ILA) Mapping and Risk Ranking At the December 9, 2019, Audit Committee meeting, Commissioner Calkins requested a listing of Port ILA's to obtain a high-level understandingof how the deliverables are tracked and whether they are met. Internal Audit (IA) obtained the listing of 36 current ILA's from the Port's publicly facing source. Commissioner Calkins' request was made to lay the groundwork for perhaps an audit in 2021 and included the following deliverables: 1) A mapping of the responsible department to each ILA, and 2) A ranking by risk We ranked the ILA's from highest to lowest risk (criteria provided in memo). We intend to incorporate this analysis into our annual risk assessment when developing our 2021 audit plan. We will then select a sample of ILA's to audit and assure compliance to stated deliverables. 16 Cash Controls IA Port-wide risk assessment of cash receipts identified audit areas Fishermen's Terminal (FT), Shilshole Bay Marina (SBM), and Airport Lost and Found (L&F) Cash is the most liquid of assets and is inherently susceptible to loss Evaluated the design and effectiveness of internal controls supporting cash processes Audit Scope: January 2019 December 2019 Audit Criteria, including: RCW 43.09.240 - Local government accountingPublic officers and employeesDuty to account and reportRemoval from officeDeposit of collections [FT and SBM] RCW 63.21.060 - Duties of governmental entity acquiring lost propertyDisposal of property [L&F] Internal controls principles (e.g., Segregation of duties, review/approval by authorized personnel) 17 Sources of Cash Receipts Department 2018 Revenue 2019 Revenue Total Revenue % of Total Revenue Airport Public / Employee Parking $3,343,444 $2,971,534 6,314,978 87.3% Shilshole Bay Marina Operations 294,835 233,551 528,386 7.3% Bell Harbor Int. Conf. Center/World Trade Center 19,942 133,639 153,582 2.1% Fishermen's Terminal Operations 60,301 84,941 145,242 2.0% Aviation Customer Service (Airport Lost & Found)* 14,531 * 43,000 ** 57,531 0.8% Bell Harbor (Pier 66) Marina 13,584 6,352 19,936 0.3% Accounting and Financial Reporting 7,080 5,049 12,129 0.2% Total $3,753,717 $3,478,067 $7,231,784 100% * Reflects non-claimed currency deposited into Port's account ** April through December / Hallmark contract commenced April 2019 (does not include foreign currency) 18 1) Rating: Medium Segregation of Duties were not integrated into the cash processes at Fishermen's Terminal and Shilshole Bay Marina. Staff levels were limited at these locations, however, introducing a few key control enhancements to the existing processes could reduce the risk of misappropriation. A fundamental element of internal control is the segregation of key duties. The basic idea underlying segregation of duties is that no employee or group of employees should be in a position both to perpetrate and conceal errors or fraud in the normal course of their duties. In general, the principal incompatible duties to be segregated are: * Custody of cash Authorization or approval of related transactions affecting cash Recording or reporting of related transactions Reconciliations * The Institute of Internal Auditor (IIA) 19 Recommendations At a minimum, we recommend requiring that two people, as opposed to one, receive and record the cash. We also recommend that management review the reconciliation daily. That way, if misappropriation were to occur, after the initial receipt and recording, it would more likely be detected. These control enhancements to the existing processes should be reflected in written policies and procedures and communicated/enforced to staff who are engaged in cash handling. 20 Management Response Fishing & Commercial Operations/Fishermen's Terminal Control Gap 1 - Fishermen's Terminal management shall implement two-person receipt and validation process for checks and cash: FT has discontinued the person-to-person receipt of moorage and storage payments after-hours. Customers who desire to pay after-hours will be provided an envelope to pay using the Overnight Drop Box. Additionally, all daily deposits will be validated using a two- person process (one staff and one manager). 21 Management Response (continued) Control Gap 2 - No managers approval for adjustment (e.g., overrides) except for account credits: The Information Communications and Technology department or ICT Client Services Team is taking steps to modify permissions in our existing Marina Management System (MMS) platform. Effective immediately, written guidance shall be provided to all employees indicating that overrides must be accomplished by a manager or supervisor. Additionally, monthly reviews will be conducted by management to validate compliance. This function has been elevated to a mandatory function in our Vessel Management System (VMS). 22 Management Response (continued) Control Gap 3 - No cash handler's ID in system or physical documentation: An Electronic Stamp will be created to provide signature blocks on the Reconciliation Sheets (produced by the Marina Management System). Shower coins are not collected/deposited timely (weekly). FT shall improve existing controls to ensure weekly deposits are in accordance with our most current Treasury Waiver. All exceptions to the waiver will be identified in writing. Each explanation will be reviewed by the Senior Manager and Department Director. Furthermore, Internal Audit's recommendation to discontinue cash collection for showers will be reviewed during our next Tariff #6 Review. 23 Management Response (continued) Recreational Boating/Shilshole Bay Marina Control Gap 1 - No segregation of duties in the daily processes: Shilshole Bay Marina will maintain a single person to receive and record cash based on staffing limitations. Management will review the daily reconciliation. This process will be defined in a Standard Operating Procedure. Harbor Operations Specialists do not accept after-hours payments. 24 Management Response (continued) Control Gap 2 - No manager/supervisor review in the daily process: The Information Communications and Technology department or ICT Client Services Team is taking steps to modify permissions in our existing Marina Management System (MMS) platform. Effective immediately, written guidance shall be provided to all employees indicating that overrides must be accomplished by a manager or supervisor. Additionally, monthly reviews will be conducted by management to validate compliance. This function has been elevated to a mandatory function in our Vessel Management System (VMS). 25 Management Response (continued) Control Gap 3 - No cash handler's ID in system or physical documentation: An Electronic Stamp will be created to provide signature blocks on the Reconciliation Sheets (produced by the Marina Management System). Coin payment collection boxes to utilize the customer showers have been removed, thus eliminating the need to collect shower coins. With the newly constructed Customer Service Facilities opening this year, management is exploring ways for alternative payment methods to eliminate on-going theft and vandalism associated with these pay-at-point machines. Alternative forms of payment for this service have been endorsed by Internal Audit. 26 2) Rating: Medium The Airport (SEA) Lost and Found staff did not follow established procedures on cash handling. Accordingly, during our testing, we were unable to verify transactions where currency received was accurately recorded, retained, released to the claimant, or deposited to the Port's bank account. During the audit period, April through December 2019, total cash turned over to the Lost and Found, was approximately $43,000 (excluding foreign currencies), of which approximately $28,500 was not claimed and deposited into the Port's bank account. 27 Recommendations The Port's Aviation Customer Service team should establish a process with Hallmark to regularly monitor the contractor's compliance with cash handling procedures, to assure that Hallmark: 1) Enforces existing procedures with staff through communication and training; 2) Monitors staff's compliance with the procedures through, existing review and approval protocols and implementation of daily cash reconciliations; and 3) Retains all documentation as required by the procedures. 28 Management Response Aviation Customer Service and Hallmark Aviation Services agree with the findings that Hallmark Aviation staff did not follow establish procedures for cash handling during the audit period. The audit provided a substantial opportunity to carefully review the existing Lost and Found procedures and to review what actions are further needed to improve staff performance. The Lost and Found at SEA provides a valuable service to customers and provides a peace of mind to thousands of airport guests who lose personal items every day. Since April 15, 2019 when Hallmark Aviation joined the Port of Seattle, SEA's Lost and Found has recovered a volume of 25,306 items with an average recovery rate of 61%. Of those, 567 items involved currency, amounting to $43,000 USD, with an average recovery rate of 51%. Hallmark Aviation Services has taken the inconsistencies that were identified in the audit and has rebuilt a foundation of checks and balances that will help prevent any further error. 29 Management Response (continued) Additionally, the following actions will be taken: Request that Hallmark Aviation conduct a root-cause analysis within 30 days of this report to determine why Hallmark employees did not follow the establish procedures and request that Hallmark Aviation identify the corrective measures (training, reports) that will be taken as a result of this report. Within 45 days, Hallmark Aviation will implement a new daily reconciliation process and reporting system to document currency transactions. Effectively immediately, the Senior Manager, Customer Experience, will meet monthly with Hallmark Aviation's Business Manager to review weekly reconciliation reports. 30 Equipment Acquisition, Monitoring and Disposal The purpose of this audit was to follow up on a hotline complaint regarding the misappropriation of equipment and assess the adequacy and effectiveness of internal controls over asset management. Assets need to be 1) purchased for a valid business purpose, 2) tracked and safeguarded to assure continued usefulness for its intended purpose, and 3) properly disposed of. Small and attractive assets, as implied by the name, are generally "small" in size and purchase price (i.e., $5,000), and "attractive" as a degree of susceptibility to misuse (e.g., personal uses). There are two Port Policies, Policy AC-13, Disposition of Property, and Policy AC-14, Small and Attractive Assets. Audit period: January 2015 through December 2019 31 1) Rating: Low Our work found that in several instances the disposal of certain assets did not follow Port policy AC-13, however, the value of these assets was de minimis and could have been due to a general unfamiliarity with the policy. Many of the concerns raised, that were followed up on by Internal Audit, were without merit. 32 Recommendations Going forward, the fire department should follow Port Policy AC-13 when disposing of equipment. Disposition forms should be filled out, signed and uploaded to the SharePoint Site. 33 Management Response Beginning immediately the Fire Department will follow Port Policy AC-13 and fill out, sign, and upload appropriate forms into the SharePoint Site regarding dispositioning, transferring, or surplus equipment. 34 2) Rating: Medium We also noted an opportunity for the fire department to work with Finance to enhance their tracking and disposal of small and attractive assets to assure that they comply with Port Policy AC-14. The policy provides guidance and Port requirements for management of small and attractive Assets. 35 Recommendations 1. As required by Port Policy AC-14, the fire department should designate a custodian to be responsible for maintaining its small and attractive assets tracking database (additions and deactivations), tagging assets and conducting annual physical inventories to verify the existence and proper disposal of assets. The fire department should also leverage off the draft EF-1 & 2 policies as needed. 2. The tool room and training supply room should be properly secured to limit access to only authorized personnel. 36 Management Response Effective immediately, the Administration Team will take over the responsibility of "custodian" and will be responsible for maintaining small and attractive assets database (additions and deactivations), tagging of assets and coordinating annual physical inventories for accountability of assets and proper disposal of such assets. Once EF-1 & 2 are released, the Fire Department will ensure system is established and followed per these policies. A database will be established for small & attractive assets by June 1, 2020. Once the database is established existing assets will be loaded into the database and as new assets are acquired, they will be put into the database for monitoring and tracking. 37 Management Response (continued) The tool room and training supply room will be secured with limited access by June 1, 2020. Policies, procedures or guidance documents will be written in support of this process improvement and comply with EF- 1 & 2 and will provide clear guidance for personnel regarding purchasing, accounting for, and dispositioning of small and attractive assets. 38 Service Tunnel Renewal / Replacement Project Located below the Airport arrivals drive, the 2,500-foot long service tunnel runs the full length of the main terminal. Designed, constructed and commissioned in phases between 1968 and 1974. As an essential Airport facility, the tunnel is structurally linked to other critical Airport Infrastructure. Seismic standards have changed greatly since the construction of the tunnel, which required an update. Project was bid on April 11, 2017, and was awarded to the lowest of the two bidders, James D. Fowler Co. Project delivery method was design-bid-build with a lump sum contract. Total project estimate is $26 million. Estimated completion is August 2020. Audit period: November 2017 through March 2020. Reviewed pay application approval process, WMBE utilization, and project scope changes. 39 No issues noted. We did note an instance, through no fault of the Service Tunnel Project, where the Port incurred $160,000 in additional costs because of another major project's schedule slippage. With multiple major capital projects occurring concurrently at the SEA Airport, it is critical that each project stays on schedule. If one project's schedule slips, it will often impact other projects and the Port will continue to incur additional costs. 40 Network Password Management* This audit is security sensitive and will be discussed in Executive Session. *Security Sensitive Exempt from Public Disclosure per RCW 42.56.420 Results of this audit are not discussed in public session. 41 McDonald's USA, LLC Lease agreement established in 2012 Gross revenue about $6 - $9 million annually Percentage fees paid about $700,000 to $1.1 million annually 42 1) Rating: Medium McDonald's paid the July 2016 percentage fee late and was not assessed a late fee of $1,574. McDonald's underreported gross revenue in June 2017, resulting in an underpayment of $890. Additionally, non-product sales were not billed by the Port, resulting in $7,801 of percentage fees underbilled by the Port. Although AFR did not bill percentage fees on the "non- product" sales, McDonald's paid percentage fees on these sales and has a credit balance on their account. 43 Recommendations 1. AFR should collect $1,574 in unpaid late fees. 2. AFR should seek and recover $890 in unpaid percentage fees. Assess the applicability of a one-time late charge and any accrued interest. 3. AFR should bill $7,801 in percentage fees resulting from the deduction of non-product sales at year-end, reducing the credit balance on McDonald's account. 44 Management Response Aviation Commercial Management will seek to recover the late fee for July 2016 concession fees, which Internal Audit calculated as $1,574. Aviation Commercial Management will also reach out to the tenant to ensure awareness that payments should be received by the due date stated in the agreement or outstanding amounts will be subject to late fees. Currently, Port contracts have varying terms regarding due dates and grace periods, among others, which complicates the potential for automating the calculation of late fees. These complications contribute to the current manual process which occurs three times a month and which calculates fees on prescribed dates. Thus, there is a risk of missed late fees, such as the one identified in this audit report, due to the varying terms in the Port's agreements. Aviation Commercial Management will work with the Port's Accounting and Financial Reporting department, which runs the late fee process, to find opportunities to standardize agreement terms when contracts are executed or renewed. 45 Management Response (continued) Aviation Commercial Management will seek to recover the revenue understatement for June 2017, which Internal Audit calculated as $890. Accounting and Financial Reporting (AFR) will recover 2016-2018 unbilled revenue, which Internal Audit calculated as $7,801. The customer's certified annual report excluded items from gross sales that were product sales resulting in unbilled amounts. AFR will work with customer to match existing credits on account to clear these items. Aviation Commercial Management will work with the Port's Accounting and Financial Reporting department, which trues up annual reporting, to find opportunities to standardize reporting when contracts are executed or renewed. 46 Appendix A - Issues Outstanding as of April 30, 2020 B - Closed Issues between January 1, 2020 April 30, 2020 47 Appendix A Issues Outstanding as of April 30, 2020 Operational, Capital, and Limited Contract Compliance Audits Status Type Audit Description Rating Target Date Operational Marine Maintenance Fleet and Fuel High 6/30/2020 Operational Marine Maintenance Keys and Badges High 7/31/2020 Operational Fishing & Commercial Operations Manual Billing Process at Risk of Error High 5/31/2020 Operational Airport Employee Access Security Sensitive High 6/30/2020 Operational Architecture & Engineering Determine Fair and Reasonable High 6/30/2020 Operational Architecture & Engineering Management Review Over Max High 6/30/2020 Operational Architecture & Engineering Contract Accuracy High 6/30/2020 Operational Architecture & Engineering Governance Medium 6/30/2020 Operational Cash Controls Seg. of Duties - Fish Term. & Shilshole Medium 6/30/2020 Operational Cash Controls Procedures - Airport Lost and Found Medium 6/30/2020 Concession McDonald's Late Fee / Underbilled Revenue Medium 6/30/2020 Operational Equipment Monitoring & Disposal Monitoring of Theft Sensitive Assets Medium 6/1/2020 Capital Baggage Optimization- Phase I Liquidated Damages Medium 6/30/2020 Capital Concourse D Hardstand Holdroom Audit Clause Restriction Medium 6/1/2020 Capital Concourse D Hardstand Holdroom Designer Error & Omission Medium 6/30/2020 Capital Shilshole Bay Customer Facility Invoice Review Medium 6/1/2020 Operational Equipment Monitoring & Disposal Legend Asset Disposal Process Low 6/1/2020 Not Due 1-60 DPD Over 60 DPD 48 Appendix A Issues Outstanding as of April 30, 2020 (continued) Information Technology Audits Status Type Audit Description Rating Target Date IT AVM/F&I Data Centers Physical Access to Facilities High No Date Supplied IT AVM/F&I Data Centers Protection Against Environmental Factors High No Date Supplied IT Security of PII Security Sensitive High 12/31/2019 IT HIPAA Security Security Sensitive High 7/31/2020 IT HIPAA Security Security Sensitive High 7/31/2020 IT Closed Network System Security Security Sensitive High 12/31/2019 IT IT Disaster Recovery Capability Security Sensitive Medium 5/31/2018 IT IT Change Mgmt & Patch Mgmt Security Sensitive Medium 6/30/2019 IT AVM/F&I Data Centers Physical Facilities Management Medium No Date Supplied IT Security of PII Security Sensitive Medium 12/31/2019 IT Security of PII Security Sensitive Medium 12/31/2019 IT Security of PII Security Sensitive Medium 3/31/2020 Legend Not Due 1-60 DPD Over 60 DPD Status delayed due to COVID-19 priorities Remediation is ongoing and reasonable * Estimated date, final will depend on options and budget 49 Appendix A Issues Outstanding as of April 30, 2020 (continued) Information Technology Audits Status Type Audit Description Rating Target Date IT HIPAA Security Security Sensitive Medium 7/31/2020 IT HIPAA Security Security Sensitive Medium 7/31/2020 IT HIPAA Privacy Security Sensitive Medium 11/30/2019 IT HIPAA Privacy Security Sensitive Medium 12/31/2019 IT HIPAA Privacy Security Sensitive Medium 10/31/2019 IT HIPAA Privacy Security Sensitive Medium 10/31/2019 IT Closed Network System Security Security Sensitive Medium 3/31/2020 IT Closed Network System Security Security Sensitive Medium 3/31/2020 IT Closed Network System Security Security Sensitive Medium 6/30/2020 IT Closed Network System Security Security Sensitive Medium 12/31/2020 IT Inventory and Control of HW Assets Security Sensitive Medium 6/30/2023 IT Network Password Management Security Sensitive Medium 12/31/2020* IT Network Password Management Security Sensitive Medium 9/30/2020 IT Network Password Management Security Sensitive Medium 12/31/2020 IT Network Password Management Security Sensitive Low 12/31/2020 50 Appendix B - Closed Issues between January 1, 2020 April 30, 2020 Operational, Capital, and Information Technology, and Limited Contract Compliance Audits Status Type Audit Description Rating Target Date Closed IT HIPAA Privacy Security Sensitive High 11/30/2019 Closed Capital Noise Insulation Program Controls Over JOC Proposed Work High 12/31/2019 Closed Operational Sea-Tac utilities Completeness and Accuracy Medium 12/31/2019 Closed Operational Sea-Tac utilities Timeliness of Billing Medium 12/31/2019 Closed Operational Airport Employee Access Security Sensitive Medium 12/31/2019 Closed Operational Airport Employee Access Security Sensitive Medium 12/31/2019 Closed Concession EAN Holdings LLC Late Fee Medium 12/31/2019 51
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.