INTERNAL AUDIT REPORT
Operational Audit - Banking/Fraud Controls
January 2022 - December 2024
Source: CPA Journal
Issue Date: March 04, 2025
Report No. 2025-07
This report is a matter of public record, and its distribution is not limited. Additionally, in accordance with
the Americans with Disabilities Act, this document is available in alternative formats on our website.
Banking/Fraud Controls
TABLE OF CONTENTS
Executive Summary ................................................................................................................................................. 3
Background ............................................................................................................................................................. 4
Audit Scope and Methodology ............................................................................................................................... 5
Appendix A: Risk Ratings ......................................................................................................................................... 6
2
Banking/Fraud Controls
Executive Summary
Internal Audit (IA) completed an audit of the Banking/Fraud Controls for the period January 2022 through
December 2024. The purpose of the audit was to assess the effectiveness of internal controls related to
banking, federal grant reimbursements, and subcontractor selection on federally funded projects.
Our review assessed whether the Port of Seattle has adequate safeguards to prevent unauthorized
banking activity, detect any unauthorized bank accounts opened in the Port's name, ensure proper
reimbursement of federal grants, and confirm that subcontractor selection by prime contractors remains
independent and fair.
In general, we concluded that Port's processes were operating effectively. We did not identify
any issues that warranted reporting.
We extend our appreciation to Port management and staff for their assistance and cooperation during
this audit.
Glenn Fernandes, CPA
Director, Internal Audit
Responsible Management Team
Karen Goon, Deputy Executive Director
Lisa Lam, Director Accounting and Financial Reporting
Sofia Mayo, Director Central Procurement Office
Dan Thomas, Chief Financial Officer
3
Banking/Fraud Controls
Background
Our review found that the Port's internal controls over banking processes, federal grant reimbursements,
and subcontractor selection for federally funded projects are functioning as intended. We did not identify
any unauthorized transactions, compliance issues, or control weaknesses.
Banking controls include maintaining an authorized list of financial institutions, reviewing transaction
activity, and ensuring that only approved accounts are used for fund transfers. To further validate the
effectiveness of these controls, IA conducted independent verification with external entities. We
contacted twenty-five financial institutions to verify that no unauthorized accounts had been opened in
the Port's name. As of the report date, nine institutions responded, confirming that no unauthorized
accounts were found.
The Port enforces strict access protocols for Delphi, the federal grant reimbursement system, to prevent
unauthorized claims. Access is restricted to users with a Port-issued email address, and accounts are
automatically deactivated if inactive for ninety days. Additionally, federal grant reimbursements are
deposited into a single designated bank account to mitigate fund misdirection risks. To verify
compliance, we contacted the Delphi helpdesk for access records; however, due to federal-level delays,
we did not receive a response. As an alternative test, we internally reviewed reimbursement transactions
by generating a system report and reconciling it with bank statements, confirming all funds were received
in the authorized account.
In reviewing the subcontractor selection process, we interviewed prime contractors working on federally
funded projects to understand how they choose subcontractors, including Disadvantaged Business
Enterprises (DBEs). Contractors consistently reported that their selection process was independent and
not influenced by the Port. These external confirmations reinforced our assessment of the Port's controls
and helped verify that the subcontractor selection process was both independent and fair.
By combining internal control assessments with external verifications, this audit provided a
comprehensive evaluation of the Port's financial safeguards, ensuring that banking security, federal
funding compliance, and procurement integrity were maintained.
We are still awaiting responses from external agencies, including the financial institutions and the Delphi
Helpdesk, and the timeline for their replies remains uncertain. In the unlikely event that any new relevant
information comes to light impacting the conclusion of this audit report, we will promptly update both the
Audit Committee and management accordingly.
4
Banking/Fraud Controls
Audit Scope and Methodology
We conducted the engagement in accordance with Generally Accepted Government Auditing Standards
and the Global Internal Audit Standards. These standards require us to plan and execute the
engagement to obtain sufficient, appropriate evidence to support our findings and conclusions based on
the engagement objectives. We believe the evidence obtained provides a reasonable basis for our
findings and conclusions.
In some instances, we used judgmental sampling methods to determine the samples selected for our
audit test work. In those cases, the results of the work cannot be projected to the entire population.
The period audited was January 2022, through December 2024 and included the following procedures:
Banking Controls
• Requested the list of the Port's authorized banks
• Reviewed the bank statements of all authorized banks to verify that all transfers were made to
the correct authorized accounts
• Contacted multiple banks and credit unions to verify that no unauthorized accounts were opened
in the Port's name for fraudulent purposes
Federal Grants Reimbursement Control
• We evaluated how the Port seeks reimbursements for federally funded projects
• We obtained the current list of authorized users in Delphi to verify that only the appropriate
individuals have access
• We requested the list of claims submitted during the audit period and the banks the funds were
disbursed to
• We verified whether all federal reimbursement funds were directed to the correct bank accounts
Contractor Management
• Selected all federally funded construction contracts during the audit period
• Interviewed five prime contractors on these contracts to understand their subcontractor selection
process, including the process of selecting DBEs
• We confirmed with these Prime Contractors that the Port does not influence or mandate the
selection of subcontractors
5
Banking/Fraud Controls
Appendix A: Risk Ratings
Observations identified during the audit are assigned a risk rating, as outlined in the table below. Only
one of the criteria needs to be met for an observation to be rated High, Medium, or Low. Low rated
observations will be evaluated and may or may not be reflected in the report.
Rating
High
Financial/
Operational
Impact
Internal
Controls
Compliance
Significant
Missing or
partial
controls
Non-compliance
with Laws, Port
Policies,
Contracts
Partial
controls
Medium
Low
Moderate
Minimal
Not
functioning
effectively
Functioning
as intended
but could be
enhanced
Partial
compliance with
Laws, Port
Policies
Contracts
Mostly complies
with Laws, Port
Policies,
Contracts
6
Public
High probability
for external audit
issues and / or
negative public
perception
Moderate
probability for
external audit
issues and / or
negative public
perception
Low probability
for external audit
issues and/or
negative public
perception
Commission/
Management
Requires
immediate
attention
Requires
attention
Does not
require
immediate
attention