Port of Seattle Audit Committee March 1, 2019 Seattle-Tacoma International Airport 11:00 AM - 12:30 PM 1 2 3 Staff Development / Recognition 4 Ritika Marwaha - Sr. Internal Auditor • Passed the Certified Information Systems Auditor( CISA) exam on February 7, 2019. • Diligence and hard work. • Certification strengthens dept's IT audit expertise 5 Spencer Bright - Acting Capital Audit Manager • Selected for the Port's Link Leadership Program. • 10 Week Program • Focuses on Key Leadership Attributes: - Fixed vs. Growth Mindset, Self-Awareness, Emotional Intelligence, Living our Values, Leading One's Self. 6 Dan Chase - Manager, Internal Audit • Began an MBA program at Albers School of Business at Seattle University. • Subject matter is directly applicable to work performed at the Port. (e.g. Statistical Sampling Methods) • Accepted into the Port's Tuition Reimbursement Program. 7 2019 Audit Plan Limited Contract Compliance • Sixt Rent A Car LLC • Enterprise Rent A Car • Anton Airfood • Mad Anthony's • Marketing FundConcessions INTERNAL AUDIT Operational • Airport security screening program • Diversity Program • Marine Maintenance Capital • Baggage Optimization • Noise Insulation Programs (FAA Part 150) • Concourse D Hardstand Terminal • Shilshole Tenant Service Building Information Technology • Security of Personally Identifiable Information1 • HIPAA - Compliance • PCI-Quality Security Assessor • Closed Network System Security • T2 Airport Garage Parking System Replacement 2019 AUDIT PLAN STATUS Audit Title Type Sixt Rent A Car LLC Limited Compliance Marketing Fund-Concessions Limited Compliance Security of Personally Identifiable Information IT Noise Insulation Programs (FAA Part 150) Operational - Capital Marine Maintenance Operational Mad Anthony's Limited Compliance Baggage Optimization Operational - Capital Closed Network System Security IT Diversity Program Operational Enterprise Rent A Car Limited Compliance Anton Airfood Limited Compliance Airport Security Screening Program Operational Concourse D Hardstand Terminal Operational - Capital Shilshole Tenant Service Building Operational - Capital HIPAA Compliance IT PCI Quality Security Assessor IT T2 Airport Garage Parking System Replacement IT Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Complete Key: In Process Not Started 9 INTERNAL AUDIT Audits to be discussed 1) Security of Personally Identifiable Information (PII)* 2) Airport Tenant Marketing Program 3) Sixt Rent A Car *Security Sensitive - Exempt from Public Disclosure per RWC 42.56.420 10 INTERNAL AUDIT Personally Identifiable Information Definition • First name or first initial and last name in combination with: SS#. DL #, State ID #..etc. • Financial account # + security code, access code or password • Medical or health insurance info. Should be restricted to authorized personnel Protected by various laws Fiduciary responsibility to individual 11 INTERNAL AUDIT Results  Four issues which are deemed security sensitive and exempt from public disclosure.  Discussed in 1:1 with Audit Committee Members.  Management is in the process of addressing issues. 12 INTERNAL AUDIT Airport Tenant Marketing Program Established in 2005 Increases awareness of Airport Dining and Retail locations Concessionaire Funded ~ $1.2MM Annual  0.05% of gross sales ($24,000 Cap)  $30,000 Cap - leases signed after January 2016 13 Results INTERNAL AUDIT Medium - Formal Processes have not been established 2017 Annual Business plan was not created Marketing Advisory Group  Does not have concession representation  Budget not formally approved Contribution limit increased from $24,000 to $30,000 despite budget surplus 14 INTERNAL AUDIT MANAGEMENT RESPONSE Management to discuss in person. Detailed response presented in audit report. 15 INTERNAL AUDIT Sixt Rent A Car Minimum Annual Guarantee - 10% of Gross Revenue Customer Facility Charge - $6 • 2015 - 2018 ~ $1.2 - 1.4 Percentage Fees • 2015 & 2016 ~ $1.2 MM / Year • 2017 ~ $1.4 MM • 2018 ~ $1.2 MM (June - December) 16 INTERNAL AUDIT Results Medium - Sixt did not report $432,991 in incidental gross revenues, resulting in $43,299 in additional Percentage Fees owed to the Port. • Reservation cancellation fees • Vehicle upkeep recovery • Administrative fee for tolls • Counter processing recovery • Tickets 17 INTERNAL AUDIT MANAGEMENT RESPONSE (IN PART) Management will seek to recover the fees together with any applicable late fees and interest charges. Since exclusions from gross revenue appear to be a common audit finding, we will also reengage with all rental car tenants regarding acceptable exclusions.