Internal Audit Department

An asterisk indicates services currently provided by IA Page 1

Types of Audits

All audits engagements begin with an audit objective. The audit objective or the audit question

determines the type of the audit and the audit standards to follow.

Internal auditing is an important part of overall governance, accountability, and internal control.

Per government auditing standards, a key role of many internal audit organizations is to provide

assurance that internal controls are in place to adequately mitigate risks in order to achieve

organization goals and objectives.

The Institute of Internal Auditors (IIA’s) International Professional Practices Framework (IPPF)

defines Internal Auditing as follows:

• Internal auditing is an independent, objective assurance and consulting activity designed

to add value and improve an organization’s operations.

• It helps an organization accomplish its objectives by bringing a systematic, disciplined

approach to evaluate and improve the effectiveness of risk management, control, and

governance processes.

Port of Seattle Framework for Audit Consideration

Commission

CEO/Port Management

Port Staff

Overall Desired

Results (Outcomes

and Outputs)

Sets the overall

direction and

Policy

Establish governance structure/

functions/departments to carry out the

objectives

Operate systems as

management

Outcomes, outputs,

Desired Results

Design and establish strategies and

systems for accomplishing goals and

objectives

Carry out processes

as designed by

management

Outcomes, outputs

Desired Results

Establish processes for each

function/department

Maintain financial

records and

documents actions

taken

Outcomes, outputs

Desired Results

Develop policies and procedures for

each process

Carry out the

established

processes and

policies.

Desired Results

Ensures established processes/

infrastructure meet requirements

Report results to

management

Desired Results

Internal Audit Department

An asterisk indicates services currently provided by IA Page 2

Port of Seattle Mission Statement: Create Economic Vitality HERE

Port of Seattle Organization Chart and Framework for Audit Consideration

King County Voters

Commission

Executive Office

Aviation

Seaport

Cruise &

Maritime

Operations

Real Estate

Development &

Planning

Facilities

Management

Maintenance

Portfolio

Management

Real Estate

Administration

Capital

Development

Aviation Project

Management

Capital

Development

Administration

Engineering

Port Construction

Services

Seaport Project

Management

Corporate

Airport

Operations

Aeronautical

Landside

Utilities

Business

Development

Airport

Properties

Concessions

Business

Development &

Management

Lease & Asset

Management

Harbor Services

Fishing &

Commercial

Vessels

Recreational

Boating

Central

Procurement

Office

Airport Office

Building

Management

Aviation

Facilities

Building

Department

Facilities &

Infrastructure

Maintenance

Aviation

Executive

Aviation

Director’s Office

Finance &

Budget

Fire Department

Environmental

Management and

Planning

Community

Development

Security

Human Resources

& Development

Information &

Communications

Technology

Health & Safety

Accounting &

Financial

Reporting

Legal

Risk Services

Internal Audit Labor Relations

Office of Social

Responsibility

Finance & Budget

Public Affairs

Regional

Transportation

Police

Department

External Affairs

Commercial

Strategy

Environmental &

Planning

Finance & Budget

Seaport

Administration

Internal Audit Department

An asterisk indicates services currently provided by IA Page 3

Government Auditing Standards (GAGAS) classifies audits into three broad categories as

follows:

Financial Audits

Performance Audits, and

Attestation

1. Financial audits – Financial audits provide an independent assessment of whether an

organization’s reported financial information (e.g., financial condition, results, and use of

resources) are presented fairly in accordance with recognized criteria (for example, FASB or

GASB pronouncements). The auditor issues an independent opinion on the fair presentation

of the financial statements.

As part of the financial audit, the auditor also reviews the following processes only to the

extent that the systems are significant over financial reporting:

 Internal control system and process*

 Compliance with laws and regulations*

 Provisions of contracts and grants*

Professional firms outside the organization typically conduct these types of audits.

Currently, Moss Adams conducts the Port financial audit.

2. Performance audits – Performance audit objectives may vary widely and include

assessments of program effectiveness, economy, and efficiency; internal control; compliance;

and prospective analyses. Performance audits are intended to improve organizations

performance, operations, reduce costs, facilitate decision-making, and contribute to public

accountability.

*The audit objectives that focus on program effectiveness and results typically measure the

extent to which an organization is achieving its goals and objectives. Example, how well is

the program/department working? Is it achieving the intended results? Is it meeting the

target?

The audit objectives that focus on economy and efficiency address the costs and resources

used to achieve organization results. Example, why does it cost this much? Would it cost

less…? How can we do the same for less (economy)? How can we produce more with the

same resource (productivity)?

Internal Audit Department

An asterisk indicates services currently provided by IA Page 4

Performance audit objectives vary widely and may include review and assessment of the

following:

 Organizations/Programs effectiveness*

 Organizations or Program economy/efficiency --includes development of

benchmarks criteria against which performance is evaluated against

 Internal controls*

 Compliance*

 Prospective analyses and other information* – analysis and conclusions based on

assumptions about events that may occur in the future

Typical questions in performance audits

 Is this organization/program accomplishing what it’s supposed to?

(program results/effectiveness)*

 Are the procedures adequate or sufficient to…? (process results/effectiveness)*

 Does it have to cost this much? (program/service efficiency)

 Can we produce more with the same resources? (productivity)

 Is this agency doing what’s required? (compliance)*

 Is the agency handling resources responsibly? (compliance*/efficiency)

 What really happened? (investigation)*

 How much, how many, what if…? (information)*

Currently, the Washington State Auditor’s Office (SAO) conducts Port’s performance audits

at the Port.

3. Attestation Audits - An attest engagement is an engagement in which a practitioner is

engaged to issue, or does issue, an examination, a review, or an agreed-upon procedures

report on specified subject matter, or an assertion about the subject matter, that is the

responsibility of another party. The responsible party in attest engagements is the person,

individual or representative of the entity, who is responsible for the subject matter.

Internal Audit, conducts a combination of many elements of audit attestations as outlined on

the operational audits section.

Other Types of Audits

4. Operational Audits –Operational auditing involves an objective review and assessment

of the control (strategies, processes, systems, and other operating activities) that management

has designed and implemented in order to achieve organizational goals and objectives. The

auditor’s objective is to provide independent assurance on the effectiveness of management

Internal Audit Department

An asterisk indicates services currently provided by IA Page 5

controls. The auditor gives an assurance of the end-results that management is trying to

accomplish. For example, if management objective is to create jobs, the auditor gives an

assurance whether the established (infrastructure) controls are effective to allow the creation

of jobs. An operational auditor can also audit to determine whether such jobs were created.

As part of the audit, an operational auditor evaluates and assesses the following:

 Management efforts such as established internal controls which includes the

overall governance, plan, operational strategies, policies, methods, and procedures

adopted by management to meet its missions, goals, and objectives. *

 The processes implemented by management for planning, organizing, directing,

and controlling business unit/department operations. *

 The systems put in place for measuring, reporting, and verifying the reliability

and relevance of information, including monitoring business units/ or departments

performance. *

 Internal control is critical as it serves as a defense in safeguarding assets and in

preventing and detecting errors; fraud; noncompliance with provisions of laws,

regulations, contracts and grant agreements; and abuse. Part of operational

auditing involves assessing and evaluating the following areas which are an

integral part of internal control:

 Risk assessment/Risk management efforts*

 IT governance/information systems controls

 Controls over compliance with applicable laws, regulations, contracts,

and grant agreements*

 Accountability*

 Fraud*

 Analysis of financial activities and non-financial information*

5. Compliance Audits* – reviews for compliance with governance regulations and

policies aimed at increasing fiscal transparency of an organization. At the Port, this

includes compliance audit of over 600+ lease and concession agreements. Currently,

Internal Audit spends a great deal of time auditing Port contracts and concessions. In

addition, other Washington State agencies like Department of Revenue and Department

of Retirement audit various compliance requirements within the Port. Compliance

requirements can be financial or non-financial.

6. IT Audits –reviews and assesses the design and effectiveness of computer general and

application controls.