Audit Committee Minutes of March 1, 2019, submitted for review on April 12, 2019, and proposed for approval on June 28, 2019.

APPROVED MINUTES

AUDIT COMMITTEE SPECIAL MEETING MARCH 1, 2019

The Port of Seattle Commission Audit Committee met in a special meeting Friday, March 1, 2019, in the

International Conference Room at the Conference Center at Seattle-Tacoma International Airport, Seattle,

Washington. Committee members present included Commissioner Steinbrueck, Commissioner Calkins,

and Christina Gehrke. Also present were Glenn Fernandes, Director, Internal Audit; Bruce Klouzal, Senior

Information Technology Auditor; Spencer Bright, Senior Internal Auditor; Ritika Marwaha, Senior Internal

Auditor; Rudy Caluza, Director, Accounting and Financial Reporting; Debbie Browning, Assistant Director of

General Accounting, Accounting and Financial Reporting; Joseph Simmons, Audit Manager State Auditor’s

Office; Sandy Nguyen, Audit Lead, State Auditor’s Office; Katie Gerard, Senior Director, Human

Resources; Jim Schone, Director, Aviation Business Development; Aaron Pritchard, Commission Issues

and Policy Manager; and Amy Dressler, Deputy Commission Clerk.

Call to Order:

The committee special meeting was called to order at 11:04 a.m. by Commissioner Steinbrueck.

Approval of Audit Committee Meeting Minutes of December 7, 2018

The minutes of the Audit Committee special meeting of December 7, 2018, were approved.

External Audit – Office of the Washington State Auditor Accountability Audit for 2017

The Committee received a presentation from Joseph Simmons, Audit Manager, and Sandy Nguyen,

Assistant State Auditor, Washington State Auditor’s Office, that contained the following relevant

information:

 It was found that Port operations complied with applicable requirements, state laws, and the Port’s

own policies and procedures, and had adequate safeguarding controls in most areas audited.

 A management letter was issued related to communication of compensation increases.

o It was recommended that when jobs are evaluated and Exhibit A to the Salary and

Benefits Resolution is modified, changes are communicated to the Commission.

o This would not be an approval process, simply an opportunity for the Commission to

review and ask questions.

P.O. Box 1209

Seattle, Washington 98111

www.portseattle.org

206.787.3000

PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES Page 2 of 4

FRIDAY, MARCH 1, 2019

o Ms. Gerard noted that Human Resources plans to notify the Commission of changes on a

quarterly basis so that any concerns may be addressed.

 Internal controls and revenue transactions were reviewed at Salmon Bay Marina, acquired in 2018,

to determine that fees were calculated in compliance with established tariffs and revenue was

handled in an accurate and timely manner. No issues were identified.

 A citizen hotline call related to the closing of the rooftop plaza at Pier 66 during Seafair was

reviewed. The closure was requested by the Navy and Coast Guard; no evidence was found that

the closure was inappropriate.

 Recommendations were provided regarding controls in place for safeguarding Aviation

Maintenance and Information & Communications Technology Assets susceptible to loss or theft.

 Areas of focus were determined by current events, prior audits, and with the guidance of the SAO’s

Port specialist.

Update – 2016-2018 External Peer Review Results

The Committee received a presentation from Glenn Fernandes, Director of Internal Audit, that included the

following relevant information:

 Standards require an external peer review every three years. Independent parties review

workpapers and reports.

 The Port’s most recent peer review was completed in January, covering the period of November 1,

2015-October 31, 2018.

 Certificates of Compliance from the Association of Local Government Auditors were issued for

International Accounting Standards, and Government Auditing Standards.

 The Port reciprocates by sending internal audit staff to review other entities.

 The Internal Audit department also conducts an annual self-assessment.

Update – Audit Work Plan Status

The Committee received a presentation from Glenn Fernandes, Director of Internal Audit, that included the

following relevant information:

 Three audits on the 2019 work plan are carryovers from 2018; Personally Identifiable Information

and Sixt Rent-a-Car were added late in 2019, and the auditor originally assigned to Marine

Maintenance left the Port, so the audit had to be reassigned.

 For 2019, there is a contingency list; if there is capacity to take on additional projects late in the

year, they can be added without new plan approval and would carry over automatically to 2020 if

they were not completed.

 Capacity to keep up with audit needs of Capital Programs is being built. Benchmarking the Port’s

Internal Audit department against similar municipalities revealed that it operates with a leaner staff.

 The status of the entire 2019 plan was reviewed, and it was expected that the 2019 plan will be

closed out, with appropriate adjustments, by year-end.

PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES Page 3 of 4

FRIDAY, MARCH 1, 2019

Information Technology Audit – Security of Personally Identifiable Information

The Committee received a presentation from Bruce Klouzal, Senior Information Technology Auditor, that

included the following relevant information:

 Personally Identifiable Information (PII) is defined as a first name or first initial and last name in

combination with a social security number, driver’s license number, state identification number,

etc., a financial account number in combination with a security code, access code, or password,

and medical or health insurance information.

 This information should be restricted to authorized personnel.

 Four issues, which are deemed security sensitive and are exempt from public disclosure, were

identified and discussed privately in one-on-one sessions with audit committee members.

Management is addressing these issues.

 A tool that scans the network for PII was used, as well as a manual examination of data.

 Staff will validate the redaction process for public disclosure documents to ensure that digital

redaction includes metadata.

Limited Contract Compliance Audit – Airport Tenant Marketing Program

The Committee received a presentation from Glenn Fernandes, Director of Internal Audit, that included the

following relevant information:

 This program was established in 2005 to increase awareness of Airport Dining and Retail locations.

 It is funded by the concessionaires, who contribute 0.05 percent of gross sales.

 It was found that:

o the 2017 annual business plan was not created;

o formal processes have not been established;

o the marketing advisory group does not have concessionaire representation;

o the budget is not formally approved; and

o the contribution limit was increased despite a budget surplus.

Mr. Schone stated that management concurs with the findings. Transitions among tenants and Airport

Dining & Retail staff contributed to a lack of processes for this program. These processes will be

established and followed moving forward.

Limited Contract Compliance Audit – Sixt Rent-a-Car

The Committee received a presentation from Glenn Fernandes, Director of Internal Audit, that included the

following relevant information:

 It was found that Sixt did not report $432,991 in incidental gross revenue, resulting in an additional

$43,299 in additional percentage fees owed to the Port.

 There has been a trend of incidental revenue (cancellation fees, administrative fees for tolls and

tickets, vehicle upkeep recovery, etc.) not being reported by rental car companies, although the

lease terms are very clear about which items are exempt from gross revenue reporting. This matter

will be addressed in an annual meeting with rental car companies.

 Management will seek repayment of the fees with applicable late charges and interest charges.

PORT COMMISSION AUDIT COMMITTEE MEETING MINUTES Page 4 of 4

FRIDAY, MARCH 1, 2019

Committee Comments

None.

Adjournment

There was no further business, and the special meeting was adjourned 12:30 p.m.

Prepared: Attest:

Amy Dressler, Deputy Commission Clerk Peter Steinbrueck, Audit Committee Chair

Minutes approved: June 28, 2019.