INTERNAL AUDIT DEPARTMENT CHARTER

Port=~

Seattle

I. INTRODUCTION

The Port of Seattle maintains an active audit function that has a dual reporting responsibility.

This Charter defines the Internal Audit Department authority and accountability; mission and

scope; responsibility; independence; and commitment to outstanding audit service.

II. AUTHORITY AND ACCOUNTABILITY

The Internal Audit Department derives its authority from the Port of Seattle Commission. The

Department was first established in 2002 in the Accounting and Financial Reporting (AFR),

and on December 11, 2007, the Port Commission passed a motion to change the reporting

structure of the Department. In discharging their duty, the Internal Audit Director and his or her

staff are accountable to the Audit Committee and to the Chief Executive Officer (CEO). The

Director reports functionally to the Audit Committee and administratively to the CEO, and

serves at the pleasure of the full Commission. Two Port Commissioners serve as members of

the Audit Committee and the Committee is an arm of the Port Commission.

Internal Audit conducts audits of Port departments, programs, functions, systems, contracts

and activities based on the approved audit plan or specific requests that have been approved

by the Audit Committee.

The Director and his or her staff are authorized to:

• Have unrestricted access to all Port functions, records, property staff and other relevant

materials necessary to accomplish their work.

• Access information from contracted third parties and handle the information in accordance

with contractual terms.

• Handle documents provided to Internal Audit in the same prudently manner as by those

employees normally accountable for them.

• Have full access to the Audit Committee and to the Port Commission as needed.

• Allocate resources, set frequencies, select subjects, determine scope of work and apply

the techniques required to accomplish audit objectives.

• Obtain the necessary assistance of personnel in units of the Port where they perform

audits, as well as other specialized services from within or outside the Port.

2 of 5

• Report significant issues related to the processes for controlling the activities of the Port

and its tenants, customers and vendors, including potential improvements to those

processes, and provide information concerning such issues through resolution

• Provide information periodically on the status and results of the annual audit plan and the

sufficiency of department resources

• Coordinate with and provide oversight of other control and monitoring functions (e.g., risk

management (ERM), compliance, security, legal, ethics, environmental, external audit)

III. MISSION AND SCOPE OF WORK

The Internal Audit Department's (lAD) mission is to provide independent, objective assurance

and nonaudit or consulting services designed to add value and to improve Port's operations.

The lAD helps the Port accomplish its objectives by bringing a systematic, disciplined

approach to evaluate and improve the effectiveness of risk management, control and

governance processes.

The lAD scope of work is to determine whether the Port's network of risk management,

control, accountability and governance processes, as designed and represented by

management, is adequate and functioning in a manner to ensure:

• Risks are appropriately identified and managed.

• Significant financial, managerial and operating information is accurate, reliable and timely.

• Employee's actions are in compliance with policies, standards, procedures and applicable

laws and regulations.

• Resources are acquired economically, used efficiently and adequately protected.

• Programs, plans and objectives are achieved.

• Quality and continuous improvement are fostered in the Port's control process.

• Significant legislative or regulatory issues impacting the organization are recognized timely

and addressed properly.

• Opportunities for improving management control, streamlining processes, and improving

public perception may be identified during audits. These will be communicated to the

appropriate level of management.

IV. RESPONSIBILITY

A. The Director and His or Her Staff Have Responsibility To:

• Develop a flexible annual audit plan using appropriate risk-based methodology, including

any risks or control concerns identified by management, and submit that plan to the Audit

Committee for review and approval.

• Implement the annual audit plan, as approved by the Audit Committee, including any

special tasks or projects requested by management and the Audit Committee

• Maintain a professional audit staff with sufficient knowledge, skills, experience and

professional certifications to meet the requirements of this Charter

• Establish a quality control and assurance program by which the Director monitors the

operation of internal auditing activities.

• Provide non-audit and consulting services beyond internal audltinq's assurance services,

to assist management in meeting its objectives (e.g., facilitation, process design, training

and advisory services), provided the services do not impair auditor's independence.

• Evaluate and assess significant functions and new or changing services, processes,

operations and control processes coincident with their development, implementation

and/or expansion.

• Issue quarterly reports (or more frequently as requested) to the Audit Committee and

management summarizing results of audit activities.

• Keep the Audit Committee informed of emerging trends and successful practices in

internal auditing.

• Provide a list of significant measurement goals and results of the lAD to the Audit

Committee (e.g., the status of the work plan accomplished, budget hours used).

• Assist in the investigation of suspected fraudulent activities within the organization and

notify management of the results.

• Consider the scope of work of the external auditors and regulators, as appropriate, for the

purpose of providing optimal audit coverage to the organization at a reasonable overall

cost.

• Follow up on audits to ensure agreed-upon corrective actions have been taken and

provide periodic follow up reports.

• Exercise due professional care in the conduct of the audits.

• Obtain an external peer review at least once every three years.

• In February of every year, the Director will provide to the Audit Committee the mandatory

annual communication required by the IIA standards specifically on the organizational

independence, department charter review, and results of the department quality

assurance program.

B. Port Management is Responsible To:

• Maintain an effective system of internal controls, document policy and procedures, and

ensure information is accurate and reliable.

• Comply with laws and regulations including Port policies and procedures.

• Cooperate fully with auditors during discharge of their duties including making available

material or information requested by internal audit staff or any other external auditors

managed by the Internal Audit Department.

• Provide timely response to audit findings and recommendations.

• Assure timely implementation of agreed-upon corrective action(s) to audit

recommendations.

INDEPENDENCE

Internal Audit is independent of the activities it reviews. Specifically, internal audit staff may not

review areas where they were responsible for the design or operation of the area. The audit

staff is responsible for maintaining their independence and integrity in all services they provide.

All Internal Audit activities shall remain free from interference relative to matters of audit

selection, scope, procedures, frequency, timing, or report content to maintain independence

and objectivity. The Director shall report any impairment to independence, or unjustified

restriction or limitation to audit selection, scope, procedures, frequency, timing or report

content promptly to the Audit Committee and to the CEO.

To provide for the independence of the Internal Audit Department, its staff reports to the

Internal Audit Director. The Director reports administratively to the Chief Executive Officer

and functionally to the Audit Committee. This structure permits the rendering of impartial

and unbiased judgment essential to the proper conduct of audits.

The Audit Committee will regularly review Internal Audit Department's staffing needs including

its annual budget and recommend to the full Commission for approval.

The Audit Committee will review the appointment, replacement or dismissal of the Internal

Audit Director and recommend to the full Commission to take action.

To further ensure independence, the Director and staff of the Internal Audit Department are

not authorized to:

• Perform any operational duties for the Port.

• Initiate or approve accounting transactions external to the Internal Audit Department.

• Direct the activities of any Port employee not employed by the Internal Audit Department,

except to the extent such employees have been appropriately assigned to the audit team

to assist the internal auditors.

VI. COMMITMENT TO QUALITY -- STANDARDS OF AUDIT PRACTICE

Internal Audit staff commits to providing outstanding audit service through timely, unbiased,

value-added assurance, and consulting services.

Audit CommitteeChair

;/<-2-'-Z-_-.c7"~-:-,

/2-/

1zo1Z-

We will work as a team with Port management to assist with process improvements aimed at

achievement of strategic goals and objectives.

We will enhance the services we provide by continuously improving our audit activities.

The Internal Audit Staff Will Adhere to the Following Professional Standards and

Codes:

• Government Auditing Standards promulgated by the Comptroller General of the United

States (Yellow Book).

• The International Standards for the Professional Practice of Internal Auditing (the

Standards) of the Institute of Internal Auditors (Red Book).

• Technology information systems auditing standards as appropriate.

• The Port of Seattle Employee's Code of Conduct.

• The Institute of Internal Auditors Code of Ethics.

• The Port of Seattle Internal Audit's Handbook including its protocols, policies, and

procedures.

The Internal Audit Department Charter may be modified by a written document executed

by all of the participating parties. This Charter will be effective upon execution and will

continue indefinitely until it is modified.

IN WITNESS WHEREOF, the parties hereto have caused this Internal Audit Charter to be

executed by their proper officers thereunto duly authorized, and their official seals to be

affixed as of ~, 2012.

Date

IR-/lr

/Zb!

Date

Chief.§¢utive 'cer