COMMISSION 
AGENDA MEMORANDUM                        Item No.          11b 
BRIEFING ITEM                             Date of Meeting      December 8, 2020 
DATE:     December 1, 2020 
TO:        Stephen P. Metruck, Executive Director 
FROM:    Glenn Fernandes, Director, Internal Audit 
SUBJECT:  Internal Audit  Audits Completed in 2020 
EXECUTIVE SUMMARY 
The purpose of this memo is to brief the Commission and the public on audits performed in the
2020 calendar year. The 2020 Audit Plan was approved at the December 9, 2019 Audit
Committee Meeting. 
Internal Audit has completed 20 reports for the Audit Committee in 2020. These include 17 
audits and 1 analysis; a dditionally, we submitted summary reports on the results of, the 2020 
Payment Card Industry required annual self-assessment performed by MegaPlanIT, L.L.C., and
the Criminal Justice Information Systems Audit performed by the Washington State Patrol. The
audits identified 3 High Risk, 21 Medium Risk and 4 Low Risk issues for management action.
Implementation of the associated recommendations will strengthen internal controls, enhance 
processes, and improve efficiencies. Internal Audit has a process in place where we periodically
follow up on recommendations and agreed upon management action plans to assure action is
taken. This process also relies on attestations from Management. Delinquent action plans are 
periodically brought to the Audit Committee's attention. 
BACKGROUND 
On December 11, 2007, the Port of Seattle Commission passed a motion, which resulted in the
creation of an independent and objective Internal Audit function. In discharging their duty, the
Internal Audit Director and his staff are accountable to the Audit Committee and to the
Executive Director. 
For 2020, Commissioner Calkins chaired the Audit Committee and Commissioner Bowman 
served as the other commission member. Dr. Christina Gehrke, Principal Faculty, City University
of Seattle, served as the external member of the Audit Committee. The Audit Committee serves
as an arm of the Port Commission. 
Internal Audit conducts independent, objective, risk-based audits of the Port's operations,
activities and vendors. Our audits add value by helping the Port achieve its mission and

Template revised April 12, 2018.

COMMISSION AGENDA  Briefing Item No. 11b                                 Page 2 of 3 
Meeting Date: December 8, 2020 
contribute to: financial stewardship, accountability, transparency, governance, and operational
excellence. Internal Audit derives its authority from the Port Commission. 
The Three Lines Model, a widely accepted model developed and recently updated by the
Institute  of  Internal  Auditors  (IIA)  for  organizing  governance  and  risk  management  in
organizations, clearly outlines the roles of various leaders within an organization, including
oversight by the governing body, management and operational leaders (First and Second-Line
roles) and independent assurance through Internal Audit (Third Line). 

LISTING OF 2020 INTERNAL AUDITS COMPLETED 
Below is a list of audits completed by Internal Audit in 2020. These audits are categorized by
audit type. 
Operational: 
1)  Equipment Acquisition, Monitoring & Disposal 
2)  Ground Transportation  Taxi Cabs1 
3)  Cash Controls1 
4)  Interlocal Agreement Mapping2 
5)  Delegation of Authority 
6)  Public Health Emergency Leave Program (PHEL)1 

Operational (Capital): 
7)   Service Tunnel Renewal/Replace Project 
8)   Central Terminal Infrastructure Upgrade (Bid and Design Phases) 
9)   AOA Perimeter Fence Line Standards Project 
Information Technology:
10)   Network Password Management3 
11)   Secure Configuration for Hardware and Software on Mobile Devices, Laptops,
Workstations and Servers3 
12)   Inventory & Control of Software Assets3 
13)   Malware Defenses (ICT)3 
14)   Payment Card Industry (PCI)  Qualified Security Assessor 4 
15)   Criminal Justice Information Systems (CJIS)3 5 



Template revised September 22, 2016.

COMMISSION AGENDA  Briefing Item No. 11b                                 Page 3 of 3 
Meeting Date: December 8, 2020 
Limited Contract Compliance: 
16)   Concourse Concessions, LLC 
17) McDonald's USA, LLC 
18)   Fireworks Galleries, LLC 
19)   Qdoba Restaurant Corporation 
20)   E-Z Rent A Car, Incorporated 
Special Projects by Management Request: 
21)   FEMA Public Assistance Program  Coronavirus (COVID-19) 
22)   Capital Assets  Construction Work in Progress 
1 Highlighted audits have findings that are discussed in more detail to the Commission. 
2 This was a focused analysis, not an audit, accordingly, Internal Audit issued a memo. 
3 Security Sensitive  Exempt from public disclosure per RCW 42.56.420; these will not be discussed. 
4 This work was performed by an external Qualified Security Assessor. Internal Audit provided a summary report to 
the Audit Committee. 
5 This work was performed by the Washington State Patrol. Internal Audit provided a summary report to the Audit
Committee. 
ATTACHMENTS TO THIS BRIEFING 
(1)  Presentation slides 
PREVIOUS COMMISSION ACTIONS OR BRIEFINGS 
None. 








Template revised September 22, 2016.