1. Presentation
Port of Seattle Audit Committee Slides
Financial Stewardship Accountability Transparency Port of Seattle Audit Committee Internal Audit Update Glenn Fernandes - Director, Internal Audit June 30, 2023 P69 Commission Chambers 11:00 AM – 1:00 PM Operational Excellence Governance Open Issue Status – Aging Report as of June 15, 2023 Item #4 1. Ten issues outstanding for over one year from the Target Date consist of: Concourse Concessions LLC (1) - Port RE-2 Policy and Surety Amount Review Architecture & Engineering (2) - Fair and Reasonable Rate Determination and Management Review Over Max Rates Information Technology Audits (7) (Security Sensitive - Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session.) These are: Security of Personal Identifiable Information (1)*, Closed Network System Security (1), HIPAA Security (1)*, Network Password Management (2), and Secure Configuration for Hardware & Software on Mobile Devices, Laptops, Workstations and Servers (2). * Internal Audit is in the process of validating remediation efforts for this audit finding. 2. Four Information Technology issues do not have Target Dates and are not included in this chart. These issues are in the process of being addressed, however, they are more than two years past the Report Date: Disaster Recovery Capability (1), and Aviation Maintenance and Facilities & Infrastructure Data Centers (3). See Appendix A for a detailed listing of outstanding issues aging as of June 15, 2023. 2 Approved 2023 Audit Plan Item #5 Limited Contract Compliance Performance Information Technology • Louis Dreyfus Company Washington, LLC • Port-wide Payroll Controls • Email and Web Browser Protection (ICT and • Seattle Air Ventures, JV (AIR002018, • Airport Parking Garage Aviation Maintenance)4 AIR002733) • Equity Policy Directive Compliance • Network Infrastructure Management (ICT) • Seattle Air Ventures, JV (AIR002017, • Social and Environmental Reporting • Network Infrastructure Management (Aviation AIR002732) • Fishermen’s Terminal Maintenance) • ATZ, Inc. dba Doug Fox Parking • Security Awareness and Skills Training Capital • T-5 Berth Modernization • Supply Chain Disruption Management • Post IAF Airline Realignment – GC/CM Construction1,2 • C Concourse Expansion (Pre-construction) GC/CM1 • Main Terminal Low Voltage System Upgrade GC/CM1 • T-117 Sites 23-25 Restoration Construction Project GC/CM1 • Concourse A Building Expansion for Lounges/DELTA TRA3 1. RCW 39.10.385 requires an independent audit, paid for by the public body, to confirm the proper accrual of costs, for General Contractor/Construction Manager (GC/CM) projects. This audit work will be performed by external, contract auditors through a multi-year, Indefinite Delivery, Indefinite Quantity (IDIQ) contract. Year-end status report will be provided at the December Audit Committee. Internal Audit will perform continuous cost reviews of these projects, review areas that are not looked at by the contract auditors, and partner with the contract auditors as needed. Internal Audit will issue an audit report on areas covered. 2. Project start may potentially be delayed to 2024, with an estimated completion date in 2027. 3. This is a contingency audit per the Approved 2023 Audit Plan. 4. Audit name has changed to note that it now includes both ICT and Aviation Maintenance. 3 Item #5 2023 AUDIT PLAN STATUS Audit Title Type Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Port-wide Payroll Controls Performance Airport Parking Garage Performance Equity Policy Directive Compliance Performance Social and Environmental Reporting Performance Fishermen's Terminal Performance Supply Chain Disruption Management Performance - Capital Terminal 5 Berth Modernization Project Performance - Capital Airline Realignment - GC/CM Construction1,2 Performance - Capital C Concourse Expansion (Pre-construction) GC/CM1 Performance - Capital Main Terminal Low Voltage System Upgrade GC/CM1 Performance - Capital T-117 Sites 23-25 Restoration Construction Project GC/CM1 Performance - Capital Concourse A Building Expansion for Lounges/DELTA TRA3 Performance - Capital Email and Web Browser Protection (ICT and Aviation Maintenance)4 IT Network Infrastructure Management (ICT) IT Network Infrastructure Management (Aviation Maintenance) IT Security Awareness and Skills Training IT Louis Dreyfus Company Washington, LLC Contract Compliance Seattle Air Ventures, JV (AIR002018, AIR002733) Contract Compliance Seattle Air Ventures, JV (AIR002017, AIR002732) Contract Compliance ATZ, Inc. dba Doug Fox Parking Contract Compliance Complete KEY In Process Not Started 1. RCW 39.10.385 requires an independent audit, paid for by the public body, to confirm the proper accrual of costs, for General Contractor/Construction Manager (GC/CM) projects. This audit work will be performed by external, contract auditors through a multi-year, Indefinite Delivery, Indefinite Quantity (IDIQ) contract. Year-end status report will be provided at the December Audit Committee. Internal Audit will perform continuous cost reviews of these projects, review areas that are not looked at by the contract auditors, and also partner with the contract auditors as needed. Internal Audit will issue an audit report on areas covered. 2. Project start may potentially be delayed to 2024, with an estimated completion date in 2027. 3. This is a contingency audit per the Approved 2023 Audit Plan. 4. Audit name has changed to note that it now includes both ICT and Aviation Maintenance. 4 Item #s 6-9 Audits Completed in Second Quarter, 2023 1) Port-wide Payroll Controls (Item #6) 2) Social and Environmental Reporting (Item #7) 3) T-117 Sites 23-25 Restoration Construction Project (Item #8) 4) ATZ, Inc. dba Doug Fox Parking (Item #9) 5 Port-wide Payroll Controls Item #6 Internal Audit (IA) completed an audit of the Port of Seattle’s (Port’s) payroll controls for the period January 2022 through December 2022. The audit was performed to evaluate the current payroll process and related internal controls (preventive and detective) to determine if they were operating as intended to manage business risk. The audit scope included: system access controls, segregation of duties, common payroll fraud assessments/testing, and different time-recording systems used by some business areas that might increase risk exposure to the Port. In general, the relevant controls we reviewed in the payroll process were reasonably designed and operating effectively. However, our audit identified opportunities where internal controls could be enhanced or developed. 6 Port-wide Payroll Controls Item #6 The Port employed approximately 2,530 full-time equivalents for all or part of 2022. As of 12/31/2022, the salaries and benefits were the Port’s largest operating expenses, $317,574,261, representing roughly 67% of the total operating expenses. Since 1997, the Port has used the Human Capital Management system (HCM) to manage from hiring to resignation. HCM keeps track of worked hours, and calculates wages, withholding taxes, and other deductions. Along with HCM, at least three other systems were being used to track shifts, schedules, and attendance and/or to manage work orders: Maximo (Aviation and Maritime Maintenance Departments) TeleStaff (Fire Department) PlanIt (Police Department) Maximo system is the only system that is currently interfaced with HCM, which eliminated the need for manual entry. 7 1) Rating: High Item #6 The Maximo System used by Aviation Maintenance Department (AVM) had generated semi-annual, preventive maintenance work orders for certain retired assets, requiring maintenance staff to spend up to 3 hours for each unnecessary work order over 10 years. A lifeline system – Sayfglida fall protection cable located on the Central Terminal roof at Seattle-Tacoma International Airport had been marked “Out of Service, DO NOT USE” by physical signs, therefore, requiring no regular maintenance. We found that the lifeline system had been in the “red-tagged” status for over 10 years. Current, “Out of Service” physical signs were placed in April 2021. If an asset was red-tagged, it would be possible to place it in a “Down” status in Maximo. However, there was an indication that the process of using a “Down” status was not in use. While Maximo users had the ability to use it, they would likely need training on how to use it. 8 (Issue 1 continued) Item #6 Regular maintenance service tickets have been auto created/pushed to work orders in Maximo every six months for over 10 years, and work time has been recorded by carpenters each time (0.5 – 3 full estimated hours). Even after the lifeline system was visibly marked “Out of Service” in April 2021, work orders continued to be auto-generated and work time (0.5 – 1.5 hours) was recorded for safety inspections on a piece of equipment that could not be used. Without relevant work documentation, as required by the AVM Work Rules, we were unable to determine what work had actually been done and whether related recorded time was supported, valid, or accurate. Responsibilities for preventive maintenance on lifeline systems have recently been transferred to Health and Safety, which should address the issue for lifeline system. However, other systems will face a similar problem. 9 Recommendations Item #6 1. AVM Management should take the Sayfglida fall protection cable asset out of service in the Maximo System. Additionally, the related auto-generated work orders against these retired assets should be cancelled. 2. AVM Management should develop a process to retire out of service assets and reflect them as retired in Maximo on a timely basis. This should prevent the system from auto-generating preventative maintenance work orders for these assets. 10 Management Response Item #6 1. Completed. 2. Aviation Maintenance leadership has identified dates to share the issue with the team and will then look to assign a process owner. Much of this should fall under the project manager, as part of the onboarding, they should define the assets being disposed of as well. The challenge is with how assets are booked currently, old way, versus new way. It is much easier with how we have booked assets as part of the onboarding process today, but the assets we are replacing today with new assets are hard to deal with. So there is a challenge with defining a deadline. We will continue to work the issue. DUE DATE: 12/31/2023 Management will discuss in detail. 11 2) Rating: Medium Item #6 Security Sensitive – Exempt from Public Disclosure per RCW 42.56.420 – Issues Not Discussed in Public Session. [This issue will be discussed during the September 7, 2023, Audit Committee Non-public Session.] 12 3) Rating: Low Item #6 There are currently no hard stops configured into the HCM system to prevent employees from modifying their time after supervisory approval. Proper approval by authorized personnel is a key preventive control in the timekeeping and payroll processes to establish the accuracy and completeness of the submitted time for payments. Employees should not be able to approve or modify their own time after supervisory approval. However, any employee time changes after supervisory approval do not affect time and leave balances in the payroll system. Any change would only result in a difference in balance reflected on payroll check stubs and the HCM summary page. According to Central Payroll management, reprocessing the changed time requires Central Payroll’s approval after obtaining the authorization and related support from the employee’s department. Otherwise, the changed time by an employee would not impact payroll payments. 13 Recommendation Item #6 Accounting Financial and Reporting should implement hard stop configurations into the HCM system to prevent employees from modifying their time after supervisory approval. 14 Management Response Item #6 We agree. It is noteworthy that once Central Payroll Administration pulls and processes time entered and approved by departments for payment, subsequent changes to time sheets do not affect the pay processed and a solid detailed audit record supporting these payments is maintained. Nevertheless, this is a good internal control recommendation to mitigate any record disparities. Steps are underway with ICT PeopleSoft developers to make the system change to lock down approved timesheets once Payroll Administration pulls and processed them. This is currently being tested and scheduled to move to production by 3rd Quarter 2023. DUE DATE: 9/30/2023 Management will discuss in detail. 15 1) Efficiency Opportunity Item #6 Different timekeeping sub-systems were used by business areas. This, coupled with the complexity of Collective Bargaining Agreements’ pay rate structures for represented employees, increases the risk of errors. Manual intervention was needed to continuously validate time data in various systems, resulting in operational inefficiencies. Along with PeopleSoft HCM system, three other systems were internally used by certain departments to track shifts, schedules, time and attendance, and/or to manage work orders: Maximo (Aviation and Maritime Maintenance Departments) TeleStaff (Fire Department) PlanIt (Police Department) Only Maximo is currently interfaced with HCM, which eliminates the need for manual entry. 16 (Efficiency Opportunity continued) Item #6 Table 1 - 2022 FTE Breakdown Highlighting Departments with Various Scheduling/Timekeeping Systems No. of Collective Non- Internal Bargaining Represented Represented Timekeeping Agreements & Department Employees % Employees % Total % Sub-system Used Addendums Aviation Maintenance 375 34% 50 4% 425 17% Maximo 8 Police 144 13% 7 0% 151 6% PlanIt 7 Marine Maintenance 133 12% 33 2% 166 7% Maximo 5 Fire 98 9% 10 1% 108 4% TeleStaff 1 Others 361 32% 1,321 93% 1,682 66% None 9 Total 1,111 100% 1,421 100% 2,532 100% 4 30 [Source: HRIS query summary of Port employees during all or Part of 2022, IA process walkthroughs with departments, and Labor Relations' information on Collective Bargaining Agreements.] Table 2 - Time Entry Flow to HCM by Department/Employee Type Internal Scheduling/ Department Type of Employee Timekeeping Sub-System Time Entry Into HCM System Aviation Maintenance Represented* Maximo customized by AVM Via Maximo Interface with HCM Non-Represented Maximo customized by AVM Direct entry by employee Police Represented PlanIt customized by Krono Direct entry by employee Non-Represented PlanIt customized by Krono Direct entry by employee Marine Maintenance Represented Maximo customized by MM Via Maximo Interface with HCM Non-Represented Maximo customized by MM Direct entry by employee Fire Represented TeleStaff Manual entry by Time Administrator Non-Represented TeleStaff Direct entry by employee * Excluding Distribution Center employees. [Source: IA process walkthroughs with departments, and the Port’s process narratives that have been updated for the Port’s financial statement audits.] 17 (Efficiency Opportunity continued) Item #6 Most of the Time Administrators and managers we interviewed expressed some level of frustration about the significant amount of time spent each pay period to validate and correct time data for accuracy. They also described the complexity of the Collective Bargaining Agreements’ (CBA) pay rate structures for represented employees and the time-consuming process to finalize and reflect the approved pay rates in their time-keeping systems. The current process involves multiple stakeholders in the Port processes (i.e., Labor Relations, HR Total Rewards, AFR Central Payroll, and Legal). Retroactive adjustments are common because of the prolonged negotiation process, contract signing, uploading of new pay rates into HCM and departments’ own time-keeping systems (if used). The Central Payroll Team processed approximately 2,000 corrections/adjustments per pay period in 2022, which were requested after time submission cut-off. Opportunity may exist to analyze data to identify correction patterns. The Fire Department’s Rapid Process Improvement is currently undergoing with the Port’s Continuous Process Improvement’s (CPI) Team. 18 Recommendations Item #6 Port of Seattle management should: 1. Reduce the number of timekeeping sub-systems. 2. Continue regular meetings with the Payroll Manager to discuss, clarify, and resolve issues timely. 3. Utilize available HCM system-generated reports to proactively analyze, identify, and resolve corrections and error patterns, such as types of corrections, departments, causes, etc. 4. Increase time keeping and approval training/education/communication to department management and staff. 5. Continue CPI’s Rapid Process Improvement efforts to streamline the time validation and correction processes taken by the above-mentioned departments. 19 Item #6 Management Response Management will discuss in detail. (Full response in Audit Report No. 2023-06) 20 Social and Environmental Reporting Item #7 Audit Period: January – December 2022 Scope included: Diversity in Contracting 2022 Annual Report Office of Equity, Diversity, and Inclusion (OEDI) 2022 Report Aviation and Maritime 2022 Environmental Year in Review Purpose: To evaluate internal controls. To assess the accuracy and reliability of reporting. 21 Social and Environmental Reporting Item #7 Background: Port of Seattle Aspirational Goals Triple the number of Women and Minority Business Enterprise (WMBE) firms that contract with the Port. Increase the amount spent over a five-year period. Port of Seattle Resolution 3737 Defines WMBE as a business that is at least 51 percent owned and controlled by women and/or minority group members. Adopted in January 2018. Port processes allow firms to self-declare WMBE status. Approximately 55% of firms were self-declared. 22 Social and Environmental Reporting Item #7 Background: Washington State Office of Minority & Women’s Business Enterprises (OMWBE) The sole agency statewide that certifies minority- and women-owned business enterprises to participate in public contracting and procurement. OMWBE has three requirements: 1) Socially disadvantaged: The owner must be a minority or a woman who owns at least 51%. 2) Economically disadvantaged: The owner must have a net worth of less than $1.32 million. This is a person whose ability to compete in business has been impaired due to diminished capital and credit opportunities. 3) Small: The business must have a three (3) year average gross annual receipts less than or equal to $30.4 million. 23 Item #7 1) Rating: Medium The Diversity in Contracting 2022 Annual Report contained duplicate WMBE firms. This highlights the need to perform validation procedures (internal controls) so that duplicates can be identified and removed. 17 duplicate non-public works WMBE firms. “WMBE Firm Number” reported in the Diversity in Contracting 2022 Annual Report (below) should be reduced from 271 to 254. Category WMBE Total WMBE Percentage WMBE Firm Number Public Works (Construction) $15.1M $203M 7.50% 87 Non-Public Works $44.2M $269.2M 16.40% 271 Total $59.3M $472.2M 12.60% 351* *Source: Page 11, Diversity in Contracting 2022 Annual Report. 24 Recommendations Item #7 Develop internal processes to validate that the data is accurate and can be relied upon so that duplicates are identified. We also recommend assessing Diversity in Contracting reports published from 2019 - 2021 to identify any duplicates that might have been reported in prior years. 25 Management Response Item #7 We concur with recommendations to check and validate data on WMBE firms prior to publishing the Diversity in Contracting annual report. We will also review reporting data from previous years to identify any duplicate firms and adjust results from those years as needed. At the time of Resolution 3737’s passage, the Port considered whether to require some type of certification for WMBE businesses working with the Port. We elected not to require certification. When the resolution was being considered, certification processes were lengthy, cost money, and provided companies little or no benefit in terms of competing for Port projects. Given these circumstances, we were also concerned that requiring certification could become a barrier to WMBE participation on Port projects. DUE DATE: 12/31/2023 26 Item #7 2) Rating: Low The Office of Equity, Diversity, and Inclusion 2022 Report stated “1,219 People hired into jobs through the Seattle-Tacoma International Airport Employment Center.” This number should have been reported as 1,479. The final numbers were not available and instead an estimate was used. Recommendation We recommend indicating in the OEDI report that this is an estimate or alternatively, waiting to publish the report until the numbers are final. 27 Management Response Item #7 Office of Diversity, Equity and Inclusion staff agree with the audit report’s findings and will work to implement stronger managerial controls. The current number has been updated in the report with the correct annual numbers and is posted on the Port website now. We have underreported numbers from the annual job placements for Port Jobs, and it sounds like that is because we did not align our report to be able to report on a full year. We will align the timing of our reporting so that we have all final numbers. If we do not have final numbers at the time of our reporting, we will indicate them as preliminary. 28 T-117 Sites 23-25 Restoration Project Item #8 Between 1937 to 1993, the Duwamish Manufacturing Company and Malarkey Asphalt Company used the site for asphalt shingle manufacturing, which left the site with contaminated soil and sediments. The Port acquired the land in 1999, which was designated as an Early Action Area as part of the Lower Duwamish Waterway Superfund site by the U.S. Environmental Protection Agency (EPA). The Port and the City of Seattle worked together to conduct multiple large-scale cleanups with EPA oversight. Large-scale cleanups were done in two phases: Phase I was for the uplands and sediments cleanup which included the removal of pavement, derelict structures, and about 60,000 tons of soil and sediment. Phase II, another round of cleanup, was done for streets and stormwater. These two phases were completed in 2015 and 2016. 29 T-117 Sites 23-25 Restoration Project Item #8 The Restoration Project began in 2020 with the purpose of restoring 14 acres of habitat and shoreline access on the west bank of the Lower Duwamish Waterway in South Park, Seattle. The Port contracted with Scarsella Brothers Inc. to be the General Contractor/ Construction Manager (GC/CM) of the project in August of 2020. The original contract amount was $14.2 million. Considering executed change orders and the closing of open change order trends, the final contract amount is projected to be approximately $14.9 million. The Project, named the Duwamish River People’s Park, opened in the summer of 2022. 30 T-117 Sites 23-25 Restoration Project Item #8 Independent Audit by Branch, Richards & Co., P.S. – Scope of Work RCW 39.10.908 requires an independent audit, to confirm the proper accrual of costs as outlined in the contract. Branch, Richards & Co., P.S., a local WMBE firm, was engaged to: Perform sufficient testing and attest procedures on Pay Applications submitted by Scarsella. Conclude on whether any costs invoiced were not reimbursable due to a lack of accounting support, unallowable per contract terms, or noncompliant with regulations pertaining to the GC/CM construction contract. 31 T-117 Sites 23-25 Restoration Project Item #8 Independent Audit by Branch, Richards & Co., P.S. - Preliminary Results Actual Costs Incurred per System Cost Total Billed (Under) Contract Equipment Material Other Through Over VS. Item Description Amount Labor Cost Cost Cost Cost Total Cost August Billed 103.001 Temporary Erosion & Sediment Controls $ 232,393 $ 69,904 $ 12,986 $ 243 $ 58,371 $ 141,504 $ 185,914 $ 44,410 106.001 Excavation to Subgrade 775,782 154,101 105,714 9,612 218 269,645 775,782 506,137 108.001 Off-site Disposal-Subtitle D 892,215 62,935 75,001 - 2,165,589 2,303,525 2,022,977 (280,548) 109.001 Log Edge 223,737 66,006 42,121 138,361 2,024 248,512 223,737 (24,775) 110.001 Log Footer 131,265 22,626 16,528 18,309 - 57,462 106,306 48,844 111.001 Log Toe 145,980 55,669 31,541 16,275 1,734 105,218 145,980 40,762 112.001 Log Crib Wall 157,683 39,563 38,703 16,320 111 94,698 157,683 62,985 705.001 Environmental Clean-Up - 29,788 24,739 - 2,476 57,003 - (57,003) $ 2,559,055 $ 500,592 $ 347,333 $ 199,120 $ 2,230,523 $ 3,277,567 $ 3,618,379 $ 340,812 Source: Branch, Richards & Co., P.S. 32 1) Rating: Low Item #8 The GC/CM did not include a notification of their intent to bid on the public solicitation for subcontract work, as required by state law (RCW 39.10.390). Additionally, the Trucking bid package was competitively bid for Site 25, but not for Site 23. Since the time of these solicitations in 2020, the Central Procurement Office has updated their processes to assure future solicitations comply with state laws. In the four subcontract bid packages where the GC/CM was a bidder, they did not include a notification of their intention to bid in the public solicitation, as required by state law (RCW 39.10.390). Trucking for Site 25 was properly bid ($206,100), but not for Site 23. Total contractual estimated amount for Trucking was $458,000. CPO implemented new processes in May 2022 to assure compliance with procurement state laws. 33 2) Rating: Low Item #8 The Port was overbilled by approximately $44,728 for Street Sweeping and $122,385 for Traffic Control subcontract expenses. Payments were made on a percentage of completion basis rather than actual hours, as required by the contract. The Construction Management project team were aware of the overbilling and correction needed, prior to the start of the audit. Street Sweeping: We were able to confirm labor hours totaling $125,000. An amount of $44,728 was overpaid. Traffic Control: Designated traffic control work was added to the competitive bid, resulting in an overpayment of $122,385. Both overpayments were identified and planned to be collected on the next Pay Application by the Construction Management project team, prior to beginning the audit. 34 Management Response – Issue 1 Item #8 Engineering – Construction Management (CM) appreciates the updated CPO processes to help identify these issues earlier. CM will focus on implementing training for awareness of GC/CM processes including CPO management of bid packages when the GC/CM is bidding the work. 35 Management Response – Issue 2 Item #8 Engineering – Construction Management (CM) and Central Procurement Office – Construction Contracting (CPO) recognize this as a training and oversight opportunity for project teams to further understand the set-up of Heavy Civil GC/CM contract items for proper payment and tracking. We will be doing the training on the processes that are in place that allowed us to catch this in advance of this audit. 36 ATZ, Inc. dba Doug Fox Parking (Doug Fox) Item #9 Lease and Concession Agreement originally entered by the Port and Doug Fox on July 30, 2013, and extended since. Agreement requires a Minimum Annual Guarantee (MAG) of $2 million during the years audited, payable in equal monthly payments of $166,667 due on or before the first day of each month. Percentage Fee is equal to 58% of gross revenues, provided that the fee is higher than the monthly MAG. This fee decreases to 45%, 30%, 10%, and 10% during the four months comprising the Lessee Winding Down Period. For the audit period (July 2019 to June 2022): Gross Revenues - $14.6 million Percentage Fees - $6.6 million 37 Item #9 No Issues Internal Audit concluded that Doug Fox materially complied with the significant terms of the Agreement. 38 Appendix A – Aging of Outstanding Issues as of June 15, 2023 39 Appendix A – Aging of Outstanding Issues as of June 15, 2023 Performance, Capital, Information Technology, and Limited Contract Compliance Audits Days Outstanding Days Outstanding Audit Type Audit Description Rating Report Date Target Date (from Report Date) (from Target Date) IT AVM/Facility & Infrastructure Data Centers Physical access to facilities High 12/4/2018 No date supplied 1654 N/A IT AVM/Facility & Infrastructure Data Centers Protection against environmental factors High 12/4/2018 No date supplied 1654 N/A IT Security Awareness and Skills Training Security Sensitive High 3/23/2023 6/1/2023 84 14 Performance Architecture & Engineering Determine fair and reasonable rates High 12/9/2019 6/30/2020 1284 1080 Performance Architecture & Engineering Management review over max rates High 12/9/2019 6/30/2020 1284 1080 Performance Port-wide Payroll Controls Time recording for red-tagged assets High 6/14/2023 12/31/2023 1 -199 IT Account Management - ICT Security Sensitive Medium 3/15/2022 6/1/2023 457 14 IT Audit Log Management - Aviation Maintenance Security Sensitive Medium 6/2/2022 12/31/2023 378 -199 IT Audit Log Management - Aviation Maintenance Security Sensitive Medium 6/2/2022 12/31/2022 378 166 IT Audit Log Management - Aviation Maintenance Security Sensitive Medium 6/2/2022 12/31/2022 378 166 IT Audit Log Management - ICT Security Sensitive Medium 11/22/2022 1/31/2023 205 135 IT AVM/Facility & Infrastructure Data Centers Physical facilities management Medium 12/4/2018 No date supplied 1654 N/A IT Closed Network Systems Security Security Sensitive Medium 9/5/2019 6/30/2020 1379 1080 IT Continuous Vulnerability Management Security Sensitive Medium 11/29/2021 6/30/2022 563 350 IT HIPAA Security Security Sensitive Medium 9/4/2019 7/31/2020 1380 1049 IT Disaster Recovery Capability Security Sensitive Medium 11/29/2017 No date supplied 2024 N/A IT Inventory and Control of Hardware Assets Security Sensitive Medium 11/12/2019 6/30/2023 1311 -15 IT Network Password Management Security Sensitive Medium 3/20/2020 12/31/2020 1182 896 IT Network Password Management Security Sensitive Medium 3/20/2020 9/30/2020 1182 988 IT Secure Configuration for Hardware and Software Security Sensitive Medium 8/21/2020 12/31/2021 1028 531 on Mobile Devices, Laptops, Workstations and Servers IT Secure Configuration for Hardware and Software Security Sensitive Medium 8/21/2020 12/31/2021 1028 531 on Mobile Devices, Laptops, Workstations and Servers IT Security of Personal Identifiable Information Security Sensitive Medium 2/26/2019 3/31/2020 1570 1171 IT T2 Airport Garage Parking System Replacement Security Sensitive Medium 11/11/2022 6/2/2023 216 13 IT Security Awareness and Skills Training Security Sensitive Medium 3/23/2023 6/1/2023 84 14 IT Security Awareness and Skills Training Security Sensitive Medium 3/23/2023 6/1/2023 84 14 Contract Compliance Concourse Concessions LLC RE-2 policy review Medium 9/10/2020 12/31/2020 1008 896 Contract Compliance The Hertz Corporation Investigate Under-collections Medium 6/3/2022 12/31/2022 377 166 Performance Fishermen's Terminal Billing and Collections Medium 3/20/2023 3/31/2024 87 -290 Performance Port-wide Payroll Controls Security Sensitive Medium 6/14/2023 1/31/2024 1 -230 Performance Port-wide Payroll Controls Timesheet Modification Low 6/14/2023 9/30/2023 1 -107 40
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.