The Audit Meeting meeting scheduled for 2025-03-18 at Pier 69

Transcript

The Audit Meeting meeting scheduled for 2025-03-18 at Pier 69

Today is Tuesday, March 18, 2025
And the top
The time is now 8:45am we are meeting today at the Port of Seattle headquarters, Commission Chambers and virtually via Microsoft Teams Platform
Present with me today are Commissioner Calkins and public member Sarah, who's joining us virtually to make this meeting more accessible to the public
The meeting is digitally recorded and will be uploaded to the Commission website
A call and telephone number is also provided for anyone who would like to listen into the meeting today
Our first item of business is the office of the Washington State Auditor Accountability audit results from 2023
Glenn, please introduce our speakers for today and the item
Thank you, Commissioner
Today we have Sonia Kocar from the State Auditor's Office
Sonia will be presenting the results
Sonia today, welcome
And Sonia is Assistant State Auditor
Thank you
Good morning everyone
Thank you for the opportunity for me to be here today to share the results of the Port of Seattle's most recent accountability audit
My name is Sonia Kokar
I'm the audit lead for the audit this year
We also have the Program Manager Joe Simmons and Audit Supervisor Maddie Frost Schaefer, who were part of the who were part of conducting your audit
They're unfortunately out of office today for some other work commitments that they had, so they weren't able to join us
But I will be leading this presentation for today
In the next slide, I'll talk about a little bit about our audits
Our audit's role is to increase trust in government
We're an independent organization that conducts over 2,600 audits of state and local governments each year
Each year
And our audits help improve efficiency and effectiveness of governments
With that being said, I'll go over our accountability audit results in the next slide
So we conducted a accountability audit for the period of January 1, 2023 through December 31, 2023 for the purpose of an accountability audit is to examine the Port's compliance with state laws, regulations, contracts and their own policies and procedures
And also looking to examine internal controls to ensure safeguarding and public resources
Under headings and brief
Under the headings results and brief in your audit report, you'll see the audit found the Port complied in all material aspects, applicable laws, regulations, grants, contracts and their own policies, and also provided adequate controls over safeguarding of public resources
You can also see the results detailed on page seven of the exit packet that was handed out as well
On the next slide, I'll go over the areas that we audited using a risk based approach for the Port, we examined the following areas during the period we looked at cash receipting and accounts receivable, timeliness of deposits, billing and collections at Fisherman's Terminal in Shilsho Bay Marina
We also looked at compliance with public works projects, particularly prevailing wages
And then we examined fuel stations and fuel cards, looking at the tracking and monitoring of fuel usage and fuel cards
In addition, we looked at open public meetings, looking at compliance with minutes, meetings and executive session requirements
And then we also looked at financial condition, reviewing for indicators of financial distress
In the next slide, I'll talk about the work of other auditors
A financial statement and federal grant audit was performed by Moss Adams of the Port
We look, we take a look at the audit that was performed by Moss Adams to see if we can rely on it
And we took a look at the, both the financial statement and federal grant audit that was performed by Moss Adams and didn't find anything, anything about their work that caused us concern about its quality
And then we didn't have any limitations restricting our analysis of the other audits
And then we also didn't notice any instances in which material misstatement of the financial statements has or may have resulted from fraud or suspected fraud
All right, and then in the next slide, I'll go in with a couple of closing remarks to kind of highlight and bring to your attention
Before I conclude this presentation, I'm pleased to announce audit costs are in alignment with our original estimate
And then our next accountability audit will be scheduled in fall of 2025, as long as, as well as reviewing CPA work papers
And then we'll also be conducting a assessment audit of the Port of Seattle Industrial Development Corporation
An estimated cost of your next audit has been provided in your exit practice exit packet
And then in the next slide, this gives you a little details on when our audit report will be published for the Port of Seattle
It will be published on our website probably around the end of March
You can sign up to receive notifications by email
When our audit reports are posted to our website, you can just go on to sao.w.gov and they'll kind of give you guidance on how to sign up
In addition, when your audit report is released, you'll be receiving an audit survey from us
And you know, go ahead and take that survey if you'd like
If you don't have access to that survey, I believe Glenn, Andrew and Lisa do
So you can ask them to send a link for that survey
We always appreciate your feedback and opinions in order for us to improve whatever we need to, to help better serve you
And in the next Slide
I just wanted to give a little bit of kudos
Particularly want to give big thanks to Lisa Lamb, Andrew Kartika and Glenn Fernandez for all your communication throughout the audit
Really appreciate you working with you guys
You're amazing to work with
And thanks for helping me throughout this audit and making sure it runs smoothly
So appreciate that and then also appreciate all the staff that helped with the particular audit areas that we are working on
So appreciate everybody at the port working with us to make our, make sure our audit went smoothly throughout the process
So thank you
That being said, any questions? Thank you, Sonia for the presentation and it's always good to get a clean audit that makes things a lot easier
Any questions from my colleagues who are online? Hearing None
Thank you so much for presenting and for sharing the information and we'll, we'll
Hamdi, I might, I might jump in just with a quick comment
Go for it
Yeah
Thank you so much for the presentation and concur with OMDI's assessment
That sure is nice to get a clean audit
I'm just really proud of staff for the work they do
Both our own internal audit group, but also just generally our staff working to ensure that we're within compliance
This is the first time I've heard the, I don't know if that's an official motto of the state auditor's office, but the, the, the line about increasing trust in government, it just feels particularly timely right now
And as we are in a period in which there's a lot of, I think often spurious charges leveled against government at the federal, state and local level
And yet for the most part, government, and in particular the people, the public servants who are doing the work on a day to day basis are working in good faith, truly believing in the mission that they're engaged in
And so the work of an audit group like this, you know, that idea of ensuring the public can trust government, it's really important right now
So just a little bit of editorial comment here, but thank you so much and we look forward to working with you next year too
Great
Thank you
Commissioner Calkins
Thank you
Commissioner, any additional comments or questions? Hearing None
Thank you again, Sonia
I appreciate you
Awesome
Thank you
All right, moving us along in the agenda
Director Fernandez, do, would you like to introduce the next topic for discussion today? Yes
Great
Aubree, if you can pull up the deck, the tormented deck and next slide please
Commissioners, item three is an annual communication that I'm required to make on our organizational independence and our quality assurance program
So the global internal audit standards require me on an annual basis to come out and talk to the audit committee and say I'm still independent and a little bit about the program
So
Next slide please, Aubree
So relatively simple statement, but it essentially says that, you know, we internal audit report functionally to the audit committee and administratively to the executive director
And that continues to be how we're situated
We're set up, you know, also we had a state audit in 2007 that recommended the same thing
So we continue to be consistent with the auditor's recommendations as well
Next slide please, Aubree
So we also have a quality assurance program requirement and we follow the global internal audit standards, which we call the red book, and then the GAO or the Government Accountability Office standards, which is essentially a yellow book and it's just the color of the book so they get named that
But both standards require us to have both internal and an external quality assurance program
And the yellow book of the GAO requires that to happen every three years
You know, so, so we do do that every three years
The red book or the global standards, say five
But yes, since we're following vote, we do the three
We also require to have an annual internal assessment, which we've done
And we'll talk about our last external peer review
Oh gosh, it was about three years ago, so we were due for one this year in 2025
But because of the cyber event and all our documentation being lost through it or temporarily lost, we're postponing that to 2026 and we're in the process of getting our systems back up and running during this phase
Next slide please
Yeah, just a quick question
Does your team go through those, the quality assurance requirements are, is there like a certain training that staff are required to take to those standards or when, when we
So we have, our external one is done by association of local government auditors and you know, we participate in that
And in order to do that you do have to sit in a one day training course with them, whoever's doing it, and learn the methodology of how these external audit, external peer reviews are conducted
When, when obviously when we're being audited, it's audit the auditor
We have, you know, some government somewhere in the country that volunteers to come in and their staff that's trained and follow procedures, they come in, look at all our audit work, our audit work papers and then they make sure that we're following standards and they give us recommendations, if any
Our last one was, like I said was three years ago and we got a pass rating, which is the highest rating you can Get
So I think I remember that
Yeah, great
We also, for our internal Commissioner, we do an internal one
And you know, generally this is when we look at our own work papers internally and say, hey, what are we doing? What can we do better? I think we did one in the fourth quarter of 2024 and primarily because our key thing was we just lost all our systems and we had moved to SharePoint
So we're documenting things in Excel and Microsoft Word and then storing them in a certain format in SharePoint
So when our team did this internally, it was just a process to make sure that we're all doing it the same way, because we've got a capital audit team, we've got an IT audit team and an operational audit team, and we want to make sure that everyone's storing their data during this disruption period for, in a similar consistent manner
So, you know, we had some recommendations and improvement opportunities internally, which we implemented
But in a nutshell, you know, we are doing this to be better and to maintain our documentation
And fingers crossed, by the next three or four months, three months, we'll have a new system up
So with that, Commissioner concludes item three on the agenda
Great, thank you
Director Fernandez, any questions from my colleagues at this time? None for me
All right, great
I will move us along to item number four then
Okay
Which is the internal audit outreach program update
Director Fernandez, you have the floor
Thank you, Commissioner
So, Commissioner, an update on our outreach program
You know, we partnered in order to do this, we partnered with the Office of Equity, Diversity and Inclusion and created training, a training presentation targeted to leaders of these small community based organizations
Our goal is we do two things
We do audits and then this is outreach
You know, when we come in with and do an audit on a firm or their compliance to a contract, these really grant recipients, we want to make sure that, you know, they're complying with the terms of the grant requirement and
Please continue
Yeah, and with the grant requirement, you know, you sometimes find issues
They're small organizations, they're not well versed in having the big structure of an established organization
So, you know, you'll find opportunities for improvement and issues and sometimes the reporting might need improvement or
And an audit comes in in a much harder way, comes in and says, okay, you've done this, this, and this, this wrong
The outreach program strives to build trust and develop partnerships and help them
So when you do go in to audit them, if anyone does, they've already established some framework which, you know, they might not have had the opportunity to build up last week I attended the quarterly South King County Fund economic recovery partner meeting
So about 20 plus partners were at the airport and for an afternoon and I met with them and talk a little bit about what we were doing, our initiative and how we could help them and what we could offer
So as you had recommended Commissioner Muhammad it's a matter of building trust with them and owning their, you know, before going out and, and actually partnering with them because if, if they don't trust us, they're going to lock up
And you know, and, and they were still nervous but they were happy that with this approach they said God, that adds so much more value to us
And they asked us some very basic questions that you know, phishing, we've had the ACH fraud and, and the small organizations have been targeted that some members highlighted the amount of phishing emails they get and asked about what they could do about it and how they prevent, protect themselves from these
Others talked about segregation of duties and you know, how could they with small organizations and how could they with one person when they don't have the resource to divvy out jobs to many different people and they have, how do they build controls? So I did talk to them and say well we're going to, you know, we have this program where we can spend a few hours with you a day and help you build better controls or protect yourself against phishing, build it controls and so forth
So they were very appreciative of that
Next slide please Aubree
And continuing on, you know our, our goal is with this presentation that I've created
It's, it's to spend some time with the executive directors, it's really targeted for them of these firms and talk about, you know, where are your pain points and how can we help you with these before they become problems and before a bad actor comes and takes over your system
So it's one on one consultations that we'll do and you know, rather than a large group presentation like last week so said we'll come out and we'll meet with you and we'll offer technical assistance
Our goal is to meet with about 20 of them in 2025 and it should only take about 15 minutes
And if they want more help we can provide that to them
You know, our environmental group and our OEDI group are going to go out and meet with these, with a lot of these community based organizations this year
So we're just going to piggyback along and go with them occasionally and spend some time with them and provide them the assistance
And that concludes item four
Commissioner, thank you so much
And thanks everybody for accommodating my late arrival
Sometimes juggling parenthood and Commissioner dumb as challenging as my colleague understand it
I want to see if Sarah's got any questions for Glenn at this point
I don't have any
Thanks
And Commissioner, just a quick one
First of all, I just wanted to say thank you for the work that you guys are doing with this outreach and engagement
Do you see this? Like, is this beneficial to some of the smaller businesses that we contract with? Absolutely
You know, we've tried this in a
We're using a phased approach, actually
So first phase is we updated our WET website to provide resources to them, a vast array of resources
But they're not going to come in, you know, unless they're guided to it and look at their internal audit website at the Port of Seattle
So the next phase was when we have opening meetings when we're doing audits
We also promote the website and the things that we offer besides audits
And if they're larger organizations, they have established controls and they're like, yeah, we know that stuff
But the smaller organizations seem to be interested
They're cautious
They don't want to tell you where their weaknesses are if you're coming in to audit them and things that they're not doing
Right
But once you build that trust and you say it's different, this is, this is helping you out before an audit, it's helping you be strong and protecting you
An audit, it aims to do the same thing in a different manner
So yes, for the small businesses and I think the community based organizations and grant recipients from the port absolutely benefits them
And if their organization is a certain size, they're required by the state auditor to have to do audits annually
Right? Well, it depends if they're only if they're public organizations, if they're public
So if they're non
If they're nonprofit, they're not required
Okay, interesting
So I mean, they might have some
Depending on where they're getting funding from, they might have some other unique requirements
But it's interesting that they're not required because most of these nonprofit organizations are getting funding from public agencies
Like, and then
So in that case, a public agency can come in and audit then just like we do
Right
And if it's, if they're getting it from the state, state auditors can come in and audit them
But that's a different approach than coming in and saying, hey, these are your weaknesses before an audit
And helping Them, you know, shore up when they're getting started before
Before they fall to fishing scheme or anything like that
That's right
Okay, thank you for that
Yeah, I think I was on a similar train of thought when you had given me my pre brief
It got me thinking about my own experience starting a nonprofit in 2008 and then how that sort of compared to starting a business
And there's an interesting difference there, which is we, and this includes the port, have created a lot of robust systems around business startups and helping first time entrepreneurs navigate a very complicated process for licensing, you know, tax compliance, you name it, even luring investors doing that kind of stuff
And while there, there is a little bit of an ecosystem out there for nonprofits, that kind of supportive ecosystem, it is much, much smaller than what you find on the for profit business side
And so this is very, for me, reminiscent of our small business incubation programs that we have kind of spread out through port services where the goal is recognizing what a high hurdle it is to work with the Port of Seattle and all of our internal requirements and external requirements to conduct business with the Port of Seattle
There's a similar analogy here for nonprofits that want to work with us where we do have very high expectations for transparency and compliance and end result of the service that you provide and so providing them with the kind of support in getting started
So that in my own experience, 2008, when I started a non profit, we made all sorts of mistakes, none of which were malicious or, you know, malfeasance of any sort
It was just we didn't know better
And so I think this kind of outreach may stave off some of those mistakes and provide a little bit of a, almost like training wheels for first time nonprofits working to, to provide a real service
And that's important for me because most of the folks who come to this work come with a genuine passion for, for doing good in their own communities
And we need to be able to catalyze that passion for good in communities
And so helping them navigate the nuts and bolts of it, which is never what you wake up in the morning excited to do for your nonprofit, I think is a great service that we provide
So thank you for initiating this too
I know we were instrumental in it and I think it's a great addition to our audit program
Thanks, Glenn
Oh, you're welcome
And by the way, when I did speak last week to the community based organizations, they all said to say thank you to you
All right
I think we're going to move on to the next item, which is item number five on the agenda
Director Fernandez, will you please proceed? Commissioners Committee members, you know this is an update, item 5 is an update of our audit plan
Where do we stand? What's our audit plan? It's also for the benefit of Commissioner Muhammad who's back on the audit committee this year
So thank you for that
This is essentially a Gantt chart that shows you all our audits and where we stand
Everything in green is completed, everything in yellow is in process and reddish pinkish, it's the light red shade is still to be started or kicked off
So I'll move over to the next slide, please
Aubree, some things on this, this is a complete audit plan
But the community initiatives audit under performance, the third one down, you know, like we talked about, we're doing an audit of community Initiatives primarily because we had, well we had, we've had issues in the past with ACH fraud with the Partners in Employment audit that we did last year
So it's a two phased approach
I want to do eventually not have to do any of these and I'd rather focus on the outreach and make sure that they have controls
But right now we do occasionally still have to do a few here and there
So we will be doing one this year looking at a few sample of this fund recipients and just making sure that they do follow the grant guidelines and the funds that the port invests are being used for their intended purpose
We'll also talk about several of these audits today
But on the left hand side, the limited contract compliance audits, we're flying through those and we've improved our processes so we can go through more of them quickly
And whenever we find an issue, as we'll talk about later, we expand our scope and rather than the six months, look at all we can under the contract and recoup the funds for the port accordingly
And then the IT side, there's a lot of critical audits there and those are discussed in the non public session
Next slide please
So by state law, because we have a lot of general contractor construction manager type construction projects, we're required to audit those
And this slide just highlights the seven that are in process that we all have under contract and they're all being audited
We have a third party independent auditor that works for us with us and works to continuously audit all of these
And on an annual basis they come and present to the audit committee and provide you with an update
And with that, that concludes item five on the agenda
Commissioner
So you'll Be on that
Are there any questions from our committee members? I have a quick question
How are these prioritized in a certain way? I'm looking at the widen arrival roadway
I don't remember if we've
If you've did that audit before or
Yeah, sorry
Okay, one more
It's on this also
Yeah, but it's under capital
You'll see it 1, 2, 3, 4, 1 down under capital in the center, in the blue
Are they prioritized in a certain way? Is it like, you know, when we highlight, when we build them out and build our plan, we look, we do look at risk and that's how we put them on the plan to begin with
What's a higher risk to the fort? What's had more change orders, you know, what's behind schedule? And then the next step is are they ready for us to come in and audit them? Like Wyden's Arrivals Roadway? No, we have not
I don't believe we've looked at that before
Yeah
Okay
Because the reason I asked that question is thinking about what will come in front of commissioners in, in our whole commission meetings and if there's some level of, like, coordination and prioritization around some of that
Oh, so you know what I mean? Like
Yeah, when they come for approval
Yeah, exactly
Approvals
Or if there's a new contract associated with something that's being audited, is there some sort of connection? And prioritization that happens in that kind of way is just what I'm
Yeah, I'm curious about
Probably
You bring up a very good point
Commissioner could probably be coordinated a little better in the scheduling
You know, some of these constantly come up for funding
Right
And they come to the commission for that
So we definitely have an opportunity there to highlight them and look at the commission calendar and what's coming up, especially if there's like a high risk item that's on your list and somehow you know that there's going to be items that are coming before the commission
I think it would be helpful for us to be able to know that something's being audited and maybe there's like some serious concern from you all
That would be helpful information for me for sure
I think
Also on the next slide, please, Aubree, on all of these construction projects, these are all really large and they're real time
So, you know, there might be an opportunity
We do provide an annual update of all the issues that we're seeing, but there might be an update, an opportunity, and I will look into how I can communicate that Better when funding comes up for all of these, like the south concourse evolution that's going to be really large or any of the other ones
You know, while we're real time working to address them with construction management folks, there might be an opportunity to also educate and update you
So we'll do
Just giving Sarah a moment here in case she wants to chime in, but the
It seems based on the chart here that everything is on schedule so far
Are you anticipating any
Any major delays before the end of the year? No, this year I think, Commissioner, we're fully staffed and I'm hoping to meet the plan and then some
Right
So
Okay
All right, well, let's
No questions for me, thanks
Thanks, sir
Moving into our performance audit section of the agenda, item number six is a performance audit for consultants, contractor management
Go ahead, Director Fernandez
Thank you, Commissioner
I'm going to ask Dan Chase, who did the audit and worked on it, to come up and speak
He's our performance audit manager
And while Dan's coming up getting situated
Aubree, next slide please
On this particular audit, I want to just highlight that in a given year we have 200 plus consultants and contractors come in, sometimes more sometimes
And we give these consultants and contractors System access, building access, parking cards and other port assets
And how do you manage all of that? That becomes really complicated
We did have the cyber event earlier and System Access is a huge item
And while Dan didn't focus on System access and this audit, we are doing an IT audit specifically in System Access that we'll highlight
But Dan's recommendations and findings will affect everything
And you know, it's just getting your arms around all the contractors at the fort has been a challenge and issue for years
And the only way, you know, one of the critical things we need to do is improve in this
So with this, I'll pass it to Dan
Okay, thanks, Glenn
And yeah, just to clarify, I did not look at System access
I don't know if that was clear or not
Yes, System Access will be looked at in another audit in the second quarter
Dan did not look at System access
So
Good morning
Good to see you again
So I'll first give you some information on why we did the audit and then I'll share some guidance that we used and then I'll move into our finding and recommendation and then I'll pause, turn it back to the, to the committee for comments and questions
We also have Deputy Executive Director Karen Goon on the line
She might want to provide some comment on the management response as well
So we had Two objectives
The first was to assess compliance with Port Policy EX10, which has guidance for overseeing contracted workers at the port
And the second was to evaluate our on and off boarding processes
EX10 says that contracted workers are hired under a contractual relationship and not an employee employer relationship
So what that means is that we don't treat our contractors like employees
We don't have them attend new employee orientation, employee recognition events, regular staff meetings, things like that
And the more you do those things, treat them like employees, the more likely someone could argue that they should be classified as an employee and not a contractor
Next slide, please
So the IRS also has criteria that they use, and those criteria are behavioral control, financial control, and the type of relationship
I think, in my view, the strongest argument that the board has is that we have contracts with specific start and end dates
So it makes it very clear to both parties that the relationship is not permanent
And I think it would be hard to argue otherwise
So we did conclude that we do comply with EX10
As we progressed, we evaluated the on and off boarding process
Things like if badges, parking permits, cell phones were returned
If we go to the next slide, please
And that moves us into our issue that we came up with
We don't really have a standard on and off boarding process, just real generally, I'll say that
And it really made it hard to determine whether we collected everything when they left
I would say that based on the various people that I talked to throughout the port in different departments, everyone kind of has their own way of doing it
Next slide
So I'll give you some specific examples
There were nine contractors
So I received data, and there were nine contractors that showed that their account was disabled at some time during 2024
But subsequent to that, the date that the account was disabled, they still had an active parking permit
And so I reached out to our ground transportation folks and confirmed that they were still being used
Then I went back to the, you know, the port manager
Who's
Who's
It's not the manager of the contracted worker, but the person that's kind of responsible for them
And they told me that
That they
That those contractors were still at the port
So it was hard to rely on
I didn't
Couldn't really use the data to
To really draw any conclusions
I was also informed that
That
That contracted workers are sometimes issued keys as well
But it was
It was also hard to determine what keys were issued, whether they were returned
Of course, when I spoke to the manager on the port side, they said, yeah, we've collected all the keys before they leave
But it's really just based on their word
There's disparate systems I would say probably most likely in Excel where we're tracking this
And the final thing I'll say is it's inconsistent between groups
Depending on who you ask
Some groups use an on and off boarding checklist, which I thought was a good idea, that something that maybe should be implemented holistically across the board
Next slide
And this goes into our recommendation
What Glenn and I, we kind of talked about is what we thought would be good is if we have a uniform system and methodology to track, you know, both the start and end dates of these contractors
Also what was issued and when it was returned
I think having something like that in place would, would greatly improve like how we off board contractors when they leave
So that concludes my comments
I'll turn it back to the audit committee
Glenn, if you have anything
Next slide please
And Karen Gruen actually is online
Karen, if you want to provide the response or talk a little bit about it since you're here
Good morning
Thank you
Morning Commissioners and committee member Holmstrom
The good news I took away from was that there were no violations of EX10
So in terms of the audit and its purpose, there was no negative finding, which I took as a great news
But it did point out an opportunity for us to look at how we collect this information
And so I'll be working with administrative staff and key departments such as Engineering who have a defined process to see if we could migrate that across the rest of the organization
So appreciate Dan and Glenn and all their work on this and we'll certainly have something to report back in the near future
Thank you
Terrific
Thank you Deputy Executive Director Goon and Glenn and Dan for the presentation
This again speaks to the value of having an internal audit group to be able to look at some of these issues that while may not yet have resulted in significant security lapses, could potentially have resulted in very serious concerns for the organization
And so genuinely appreciate the work on this
But I'm going to turn it over to, to Commissioner Muhammad and Sarah for comments, questions
I have a question I just want to confirm
So basically we're saying there isn't a consistent process in place for retrieving these access type things back
But we didn't actually find any non compliance specifically
We're just saying it could happen
Is that accurate? Yeah, I would say that's accurate
The data that I received, it was hard to use and to rely on to really identify contractors that had left the port to make sure that they had returned everything
Because as I found out, that account disabled date did not mean that they weren't still at the port
But yes, that's
That's correct
And
And if I can add something, Sarah, to you know, so, so what Dan did also is he focused on the process, right
And found that every department or every group has a different way of doing it
And that in itself creates probleMS I mean, we've had audits in the past when we've looked at keys and we find that contractors have left and their keys are gone
Right
So Dan looked at keys in this audit
He found, you know, that the contractors were still around from the sample
But those keys, if you have a different, different system, sometimes things get missed
So whilst he didn't specifically find, you know, I go down that route, he focused more on process
That process weakness does result in items being, you know, not handed back timely or lost
And even from the parking garage audit we did a few years ago, a couple years ago, we noted that there were a lot of parking cards that were being used for people that had long left the port
As I was reading through this one, this is just more curiosity than anything
As somebody who's never really been an operations or facilities manager, I trust that there's an expertise for a huge operation like ours
But when do we use physical keys versus coded entry or some other form of door access where you don't actually have a physical implement that could get lost or, you know, stolen? Well, the airport's large and there are keys to many, many, many doors
And, and there's a key shop that produces keys to concessionaires
I
You learned something new? I
We have our own key shop
That's incredible
So, so there are keys and
And management of keys is a huge opportunity for improvement for the port
I mean, there, you know, whilst they
There's segments of keys that are not so important to a closet, the janitor's closet perhaps, but then there's a key into a secure area that should be in it and is more tightly managed
But is there a sort of best practice, you know, oh, it's minimizing keys and going to electronic where you can
It is shut that at least for the critical systeMS Right, okay
And then having the keys and accounted for and secure for an emergency when the, when the electronic system can't be used, but otherwise electronic is probably easier to manage
I know there's been efforts to go from physical keys to electronic keys and I don't know exactly how successful those projects happened, but I know there was kind of
I remember at Marine Maintenance, we were kind of recommending that as well
Where they are, I'm not sure
And where we are with at the port, I'm not sure either
I also want to add that on the aviation side, Wendy Ryder has made huge inroads
You know, I think there were keys to go into the secure side of the airport, and she's done a really great job and minimizing those and making sure that everyone goes to security checkpoints because you've got so many staff going back and forth, contractors
But in the high risk areas, absolutely
Those keys need to be managed very tightly and electronic needs to be that answer
But maybe that could be a part of the response
Karen is just a little bit of an update on some of the work that's already been done and in a transition towards more electronic access as opposed to physical key access
Can do
Okay
All right, well, I'm going to assume that wraps up that discussion
Item
Thank you, Dan
Item number seven is a performance audit for banking and fraud controls
Glenn, go ahead
Thank you, Commissioner
So this is a clean audit, but just to provide a little background as to what we did, because it is an important audit
Banking and fraud controls are quite important, critical for the port and, you know, to prevent fraud
This is just one of the controls of many
What we ended up doing is we focused on three iteMS We reached out to financial institutions and sent them letters
You want to make sure that nobody's got a bank account in the Port of Seattle's name, because if there is, then they can deposit checks that might come in to the Port of Seattle and siphon that money elsewhere
So we reached out to a variety of local financial institutions
While the banks have improved their controls in the last few years, we're still doing this and sending out confirmation letters, and we didn't detect anything there
On the federal government side, they have a system called Delphi, and all grant information and grants that are being paid to the Port of Seattle go through this Delphi system
So we wanted to make sure also that access to the system and anything coming through the system wasn't being rerouted anywhere else
You know, currently the faa, with the current changes that they're going through, are kind of slow to respond or not really responsive
So we did validate that everything that was coming through Delphi on our end was being deposited into the port's bank accounts
We reconciled those out
So grants coming in were tied out to what was being deposited
And then we also
The third step is we reached out to all our prime contractors or a good segment sample of them to make sure that when they submit, when they pull in subcontractors, especially the minority subcontractors, that you know, that are required under federal contracts, that it's a fair and independent process and they have control of that
And, and they all unanimously said, yes, we feel that we control that process
So we didn't find any issues here, but it's just check the box and make sure that we have strong controls in that this great tier
It's clean audit
Any, any questions from members? All right, thank you for the presentation
And let's move on to item number eight, performance audit for 2023 airfield projects, contract two
So on airfield projects, I'm going to ask Spencer Bright, who's our capital audit manager, to come down and talk a little bit about it
You know, although it's a clean audit, he's seen improvements also in the work that he's done
So he's going to give you a few highlights here on that
Spencer, the floor is yours
Thank you, Glenn
Good Morning, commissioners and MS Holmstrom
For this project, it was a contract two of the 2023 airfields projects
So this contract includes five
It's five critical projects which address the airport's airfield infrastructure
During this audit, we reviewed the high, the higher audit risk areas which included unit pricing, the PORTS pay estimate oversight, and then refocused on the monitoring of contractor trip ticket documentation
I am pleased to report that we've been noticing that through previous observations and recommendations that the court has been very proactive in implementing them and that has been evidenced in our recent audits
Accordingly, in the areas that we have we reviewed the PORTS processes are effective and meeting industry standards and we did not identify any issues that warrant reporting
Terrific
Thank you, Spencer, Any questions for members? All right, hearing none
Thank you so much
Thank you, Spencer
All right, item number nine on the agenda is an information technology audit
This item will be discussed in closed session after the public session adjourns
Due to the security sensitive nature of the item as such, we'll now move on to the next order of business addressing limited contract compliance audits
And this one is for BF Foods llc
Glenn, go ahead with the report
So, Commissioners, one of the things, as I mentioned earlier, one of the things we do is we're trying to cycle through these at a much more efficient rate
And we look at six months and if we find that there are problems in those six months, then we expand our scope
BF Foods operates poke to the max at SEA Tac Airport, it's Poke Place
They are an ACDBE business
And we looked, you know, Jan
2023 to June 2023
In this audit we also, we did identify issues
So we expanded our scope from 2022 to 2024 and there you have about in a calendar year, about $5 million in sales and the percentage fees run about $600,000 to us
So next slide please
Now it's a relatively small item when you look at six months, but there are bag fees and retail fees that they weren't reporting as revenue to the port
If you remember, revenue self reported
So they submit a report to the port saying this is our revenue and these are percentage fees
And based on that revenue that's self reported, we collect their percentage fees
So in this case they were omitting bag fees which are, it's an 8 cent charge for a plastic bag
I believe that started in 2021 and late 2021 the state of Washington required a bag fee for plastic bag
And the other one was retail, which is like tumblers and other to go snack packs and other things that they might be selling at their stores
So they omitted, you know, which doesn't amount to a very large amount
When you just look at the six months it's 12,963
But then we did, and that's 1,500 in percentage fees unpaid
But we did go back and ask them for the data and they did provide us with 2023 and 2024 data which then amounts to about another $50,000 in unreported retail and bag fees, which is another $6,000
And they said at this point they don't have 2022 data because of some system issues or
2020
Yeah, 2022 data
So you know, if you go back to October of 2017, you're probably looking at even more money
And then it's the go, go forward money also, you know, it's fixing it going forward
The contract does have some stipulations that say if they can't provide their financial statements for the three year period, then there's a certain amount in penalties that they have to pay, which is something to the tune of $40,000
So this starts becoming material really quickly
So you know, it just goes back to Commissioner Calkins
As you said in last month's meeting, we, you know, rarely find issues but when we do that, that it's important for a business to be comprehensive and report their numbers because when, when you've got to go back and pay for all these years
It adds up very quickly
So one, one last slide, please, and then I'll pass it back to you
And, and the management response from the Aviation ADR Group, or Aviation Dining and Retail is, yes, we'll go back and collect the money from them
So with that, back to you
All right, any questions, members? Thank you for sharing this
So they'll go back and collect the money and then is there anything else that could be done to make sure that this doesn't happen in the future? So I think going forward, you know, obviously the bag fees with this and the retail fees will be added, and we'll verify that that's happening, and the ADR Group will do that as well
So at least for this particular thing, it's addressed going forward
But, you know, our, our entire process is like, it's 1 or 2% of the concessionaires that have the issues
So it's finding those when you've got 150 plus, you know, we cycle through as quickly as we can, identify the ones that have issues and then help them be compliant going forward
Thank you for that, Sarah
Any questions? Yeah, I do have a question
So did we
Sorry, I'm not clear
So we had the 12,000 represented the six months
Did we expand the scope and we didn't find additional issues or
Oh, no, we did expand the scope, Sarah
So we went back
So we looked at six months and then we expanded it to 20, 22, 23 and 24 calendar years
And the reason being that's what the
The records they have and the contract allows
The contract says they have to keep at least three years of records from when an audit starts
So per the contract, they should have 2022 records
They gave us 2023 and 2024 records
And based on that, you know, we calculated the 50,000 underreported revenue, which is 6,000 and unreported concession fee
Now, you have to obviously assume that they haven't paid the retail fee
Well, the bag fee was a 2021 start, so that won't be very big in the past
But the retail fee all the way to their contract start date, they haven't been paying that
Right
So now you go back to 2017 and you add that up cumulatively, and you have to somehow come to a number as to what's reasonable for the retail fee for all these years
And the ADR Group is going to have to work with them to calculate that
But from an audit perspective, we've got 22, 23 and 24 that we'll have a number for them for
Does that help answer your question? Oh, you're on
Sounds good
Got it
Thank you
All right, let's move on to the next
Items number 10 and 11 are limited contract compliance audits for Concourse Concessions LLC and Gate Gourmet Incorporated
Limited contract compliance audits are only discussed if issues are identified
These two audits have no issues as the concessionaires material materially complied with the lease agreements
Do you have any closing comments for the committee today? I just want to say thanks to all commission committee members
Thanks Commissioner Muhammad for coming back to the audit committee and to Sarah for all her efforts also and for her time
So thank you commissioners
All right, any other closing comments from our committee members today? Yeah, I'll just say thank you to the entire audit team
I am excited to be back on the audit committee and want to thank Sarah for also being a part of the audit committee
I understand she's a public member and you're doing this on your volunteer time and what a great way to provide public service
Thank you so much
Oh, and Commissioner Calkins, if I can, Sarah does have a new role
She has left Amazon and Sarah, I'll let you talk about it
You're the CFO here at the port
No, with the tribe
Kidding
I'm kidding
Sarah, it's all yours
Hi
Yes
Yeah, so I've left Amazon and I'm actually back at where I was pre Amazon
I went back to the Swinomish tribe and I work at their opioid treatment center as their CFO here
I live up north so a much better commute than north into Seattle is and also a really high impact important area here
So I'm off
Obviously not there today but I think in the future I'll still be able to come for the meetings and I'm excited to continue but yeah, kind of big change here of where I'm at for employment
Congratulations on the new rule
Thank you
Sounds like another form of incredible public service
Nice job, Sarah
All right
Hearing no further comments will now recess into the non public portion of our meeting at 10am to discuss audit matters related to security sensitive information
The non public portion of the meeting will last approximately 45 minutes and the meeting will adjourn with no further business after that time
Participants joining the non public portion of the meeting via teams please close out of this meeting link and join the 10am teams meeting
Invitation for everyone joining in the physical meeting room please proceed to the third floor Conference Room 3 CC01
Current time is 9:43
We are in recess.

Limitations of Translatable Documents

PDF files are created with text and images are placed at an exact position on a page of a fixed size.

Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.

PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.