2. Minutes

for approval April 7th, 2022

P.O. Box 1209 
Seattle, Washington 98111 
www.portseattle.org; 206.787.3000 
APPROVED MINUTES 
AUDIT COMMITTEE SPECIAL MEETING
April 7, 2022
The Port of Seattle Commission Audit Committee met in a special meeting Thursday, April 7, 2022. The 
meeting  was  held  remotely  in  accordance  with   Senate  Concurrent  Resolution  8402  and 
Governor Inslee’s Proclamation 20-28. Committee  members  present  included  Commissioners  Cho 
and Mohamed. 
1.    Call to Order: 
The committee special meeting was called to order at 2:30 p.m. by Commissioner Cho.  The agenda was
approved without objection.

*Internal Audit Department presentation is found here and contains information for Agenda Items 4 through
8. 
2.    Approval of Audit Committee Meeting Minutes of December 9, 2021:
The minutes of the Audit Committee special meeting of December 9, 2021, were approved without 
objection. 
3.    Office of the Washington State Auditor – Accountability Audit Results for 2020 (presentation 
and report)
Presenters: 
Joseph Simmons, Program Manager 
Angela Funamori, Assistant State Auditor 
Maddie Frost-Shaffer, Assistant Audit Manager 
The Office of the Washington State Auditor provided the Port of Seattle Accountability Audit results from 
January 1, 2020, through December 31, 2020.
The presentation summarized the accountability results as follows: 
• Port operations complied, in all material respects, with applicable state laws, regulations, and its
own policies, and provided adequate controls over the safeguarding of public resources;
• the following areas were examined during the period; and 
o  financial condition – reviewing for indications of financial distress

            PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 2 of 3 
THURSDAY, APRIL 7, 2022 
o  self-insurance for health and welfare, unemployment, workers compensation and paid
family and medical leave 
o  rent deferral payment plans – compliance with state law 
o  telework equipment reimbursement policy 
o  procurement – personal service contracts 
o  payroll – overtime 
• the next audit is expected in Fall 2022 and will address: accountability for public resources; review
of  CPA  work  papers; and  a  ssessment  audit  of  the  Port of  Seattle  Industrial  Development
Corporation.
Members of the Committee thanked the audit team for their report.
4.   Director’s Annual Communication – Independence, Internal Audit Charter, Quality Assurance,
and Follow-Up 

Presenters: 
Glenn Fernandes, Director, Internal Audit 
Mr. Fernandes overviewed the Internal Audit Director’s Annual Communication information containing
audit standard requirements, including independence to perform audits and quality assurance. 
Members of the Committee thanked Mr. Fernandes for the report.
5.     2022 Audit Plan Update 
Presenters: 
Glenn Fernandes, Director, Internal Audit 
Mr. Fernandes overviewed the items approved in the 2022 Audit Plan, included for Limited Contract
Compliance audits, Operational audits, and Information Technology audits and discussed audits completed
in the first quarter of 2022. 
Members of the Committee thanked Mr. Fernandes for his report. 
6.   Open Issue Status 
Presenters: 
Glenn Fernandes, Director, Internal Audit 
The report addressed the status of open audit issues, as of April 7, 2022.  It was noted that fourteen
issues are outstanding for over one year from the target date and 4 information technology audits do not
have target dates and are not included in the report. These issues are in the process of being addressed,
however, they are more than two years past the report date.  Appendix D of the presentation contains a
detailed listing of outstanding issues.
Discussion ensued regarding the status of open items.


PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 3 of 3 
THURSDAY, APRIL 7, 2022 
Members of the Committee thanked Mr. Fernandes for his report. 
7.  ACH Payment Fraud (See Report)
Presenters: 
Glenn Fernandes, Director, Internal Audit 
Dan Chase, Manager, Internal Audit 
Spencer Bright, Manager, Internal Audit - Capital 
The presentation addressed:
• Internal Audit completed a targeted audit of the processes that contributed to eight payments
totaling $572,682.79, being wired into fraudulent bank accounts;
• the payments were for the Port of Seattle’s (Port’s) Opportunity Youth Initiative and were intended
for the Seattle Parks Foundation (Seattle Parks) and the Urban League of Metropolitan Seattle
(Urban League);
• the purpose of the audit was to identify the control breakdowns that allowed the fraud to occur and
to recommend ways to reduce the likelihood of future misappropriations;
• the criminal aspect of this case was handed off to the Port Police for their continuing investigation;
• the chain of the fraud was investigated and determined to be the result of an email phishing scam;
• internal controls to validate changes to supplier information, including banking information, were
not functioning as intended;
• supervisory oversight needed improvement for this critical role;
• procedures to confirm the authenticity of supplier requested bank account changes were not
placed at the appropriate level;
• adequate controls did not exist to assure that supplier information, including banking and 
• contact information, was entered accurately, consistently, and correctly;
• with the high number of users, the risk of internal fraud increases, because an employee could
change bank account data, putting the onus on one individual to approve these changes;
• detective controls to identify fraudulent activity and payments did not exist;
• the Port was notified of the fraud by the client, approximately two months after the fact;
• bolstering of Port mandatory information security awareness training was recommended.
Recommendations were made by the Internal Audit Department regarding this audit and management
provided their response. 
Members of the Committee and staff discussed:
• similar attacks on other jurisdictions; 
• detective controls; 
• increased cyber security training for vendors and staff; 
• implementing protocols to reduce human error; and 
• controlling source records to populate data fields.
Members of the Committee thanked the Internal Audit Department for its review and Management for their
response.


PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 4 of 3 
THURSDAY, APRIL 7, 2022 
8.    Interim Westside Fire Station (See Report) 
Presenters: 
Glenn Fernandes, Director, Internal Audit 
Dan Chase, Internal Audit Manager 
Spencer Bright, Internal Audit Manager - Capital 
The presentation addressed: 
• a stand-alone, fully functional fire station on the west side of the airfield to meet Federal Aviation
Administration mandated airfield firefighting requirements;
• the fire station providing necessary accommodations to house five firefighters and two Aircraft Rescue
Fire Fighting vehicles for 24/7/365 operations;
• the project was originally approved as a modular building, using the design-bid-build project delivery
method with a total project cost of $5.5 million;
• in May 2019, the project delivery method was changed to design-build, as a stand-alone building;
• approximately $850,000 was spent prior to the change;
• Macro-Z-Technologies was awarded the contract on October 31, 2019, for $4.95 million;
• with approval of additional days during the project, substantial completion was scheduled to occur on
April 23, 2021;
• with approved change orders, the construction contract, with MZT, now stands at $5.6 million;
• total project costs to-date, including Port soft costs, is $9,010,000;
• the Project is 11 months behind schedule and substantial completion has not yet been achieved;
• the contractor did not complete the project by the substantial completion date, resulting in a delay of
use of the fire station;
• the Port was potentially overbilled approximately $106,983 out of $140,942 in COVID-19 not-to-exceed
change orders; and 
• payment for COVID 19-related expenses were approved prior to receiving accurate and complete
supporting documentation from the contractor.
Recommendations were made by the Internal Audit Department regarding this audit and management
provided their response. 
Members of the Committee and staff discussed:
• cost overruns due to change of building type based on runway considerations; 
• a low bidder response created issues for costs; and 
• Covid 19 change order billing protocols. 
9.    Account Management (ICT)
(Discussed in non-public session as a security-sensitive information technology item.) 
10.  Account Management Aviation Maintenance 
(Discussed in non-public session as a security-sensitive information technology item.)

            PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES             Page 5 of 3 
THURSDAY, APRIL 7, 2022 
11. Committee Comments 
Committee Chair, Commissioner Cho, acknowledged staff in the ACH Fraud matter and the difficulties
working through it and making corrections as needed.  Mr. Rudy Caluza, Director of Accounting and
Financial Reporting, appreciated earlier comments from Commissioner Cho with respect to how we
address bias as an organization in reviewing these types of matters and warned against subconscious bias. 
16. Adjournment 
There being no further business, the special meeting recessed for a five-minute break at 4:30 p.m. and reconvened
in a non-public session to address security-sensitive information technology audit information for 
Agenda Items 9 and 10, for approximately 30 mins. The meeting adjourned immediately at the conclusion
of the discussion and no further action was taken. 

Prepared:                                         Attest: 

__________________________________           __________________________________ 
Michelle M. Hart, MMC, Commission Clerk            Sam Cho, Audit Committee Chair
Minutes approved: June 17, 2022.



Limitations of Translatable Documents

PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.