INTERNAL AUDIT REPORT Operational - Capital Audit TSE Phase 2 Bollards and ADA Ramps Project February 2022 – July 2024 Issue Date: September 04, 2024 Report No. 2024-12 TABLE OF CONTENTS Executive Summary 3 Background 4 Audit Scope and Methodology 5 Schedule of Observations and Recommendations 6 Appendix A: Risk Ratings 8 Executive Summary Internal Audit (IA) completed an audit of the TSE Phase 2 Bollards and ADA Ramps Project (Project) for the period February 2022 through July 2024. The audit was performed to provide a systematic and independent examination of the quality of the Port of Seattle’s (Port) monitoring of the Project, to determine if best practices were being followed, to verify compliance with contractual requirements, and to identify potential risks that may affect the Project’s schedule and budget. The Port utilized a Design-Build with a lump sum delivery method, plus certain scope of work line items that were reimbursed on a cost of work basis. The intent of the project was to create accessibility and safety enhancements to the Main Terminal Arrivals and Departures curbsides, and in the main garage at the pedestrian sky bridge entrances and Courtesy Vehicle Plaza. The original contract agreement between Hoffman and the Port was approximately $13.8 million. During the Project, there have been approximately $101K in change orders and an additional 80 days added to the schedule, primarily because of unknown varying site conditions identified during the project. Additionally, there is currently approximately $111K in Open Trends and an additional 50 days that may be added to the schedule because of discretionary, Port requested changes, that occurred after the Project began. The total projected cost is anticipated to be approximately $14 million. Although the Project encountered multiple difficulties, primarily because of the lack of adequate management between Hoffman and the subcontractors, we did note that the Port’s Project team was diligent in monitoring these issues and held the Contractor accountable to complete the Project as required in the Agreement. In general, Port management followed policies and Standard Operating Procedures (SOP). However, we identified opportunities where internal controls could be enhanced or developed. These opportunities are listed below and discussed in more detail beginning on page six of this report. 1. (Medium) The failure to verify all required insurance coverages before project commencement risked non-compliance with contractual terms, potentially leading to disputes, delays, or increased costs. 2. (Low) The Port started joint sealant work without creating a change order, risking project budget integrity and potentially violating contractual obligations. Glenn Fernandes, CPA Director, Internal Audit Responsible Management Team Sofia Mayo, Assistant Director of Central Procurement Office Karen Goon, Deputy Executive Director Janice Zahn, Chief Engineer Brian Sweet, Director of Engineering – Construction Management Background As the risk of attacks on public facilities in the U.S. increases, several Security Joint Vulnerability Assessments have been conducted in recent years. These assessments have identified several key vulnerabilities on the public side of the terminal that places the travelling public at higher risk of injury and/or death in the event of an incident. This project will implement improvements that will reduce impacts to passengers and employees at the Airport. The improvements to be incorporated into the overall comprehensive Security Program at SeaTac Airport are the installation of crash-rated security bollards at Arrivals/Departures terminal entries, fourth floor garage-skybridge entries, and third floor parking garage shuttle loading/unloading zone, in conjunction with the construction of ADA compliant accessible loading zones at passenger drop-off and pick-up areas. The project was separated into two phases. The purpose of the first phase included shatter proofing all the windows in the main terminal as well as the skybridges that connect the parking garage to the main terminal by installing security/safety film on the interior side of the windows. The second phase of the project was to install shallow-mount structural bollards and complete ADA access improvements at the entrances to the Main Terminal from the Arrivals and Departures curbsides. The Arrivals curbside was upgraded to a zero-curb environment. The sidewalk at the north end of the Departures curbside was modified to remove existing sidewalk and re-channelize the entrance lanes. Shallow-mount structural bollards were also installed in the Main Garage at the entrance to each of the six pedestrian skybridges and along the third-floor Courtesy Vehicle Plaza. Curb modifications reduced the vertical clearance height by 6 inches under the skybridges and required adjusting the height of the signage and barriers to accommodate the new elevation. Substantial completion was met on 11/13/2023 (3-day delay). Final completion is to be completed by 60 days after substantial completion. However, as of 07/30/2024, final completion is not yet achieved. The anticipated project completion date is 09/30/2024 (262-day delay). Original Contractual Substantial Completion Date 7/3/2023 Change Orders (+days) 80 Adjusted Contractual Completion Date 9/21/2023 Trend 16 (+days)1 50 Adjusted Contractual Completion Date 11/10/2023 Actual Substantial Completion Date 11/13/2023 Contractual Phys. Completion 1/12/2024 Anticipated Project Completion Date 9/30/2024 Audit Scope and Methodology We conducted the engagement in accordance with Generally Accepted Government Auditing Standards and the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and conduct an engagement to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our engagement objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our engagement objectives. In some instances, we used judgmental sampling methods to determine the samples selected for our audit test work. In those cases, the results of the work cannot be projected to the population as a whole. The period audited was February 2022 through July 2024 and included the following procedures: Insurance Test * Obtained an understanding of what type of insurance coverage was required for this project, per the contract * Obtained the insurance coverage evidence * Compared the evidence of existing coverage with contractual requirements Project Delivery Method * Obtained an understanding of legal requirements for the design build project delivery method * Assessed if legal requirements were met * Assessed if the design approval process was adequate   Change Orders * Identified change orders that require engineer estimate and confirmed that the estimates were performed  * Reviewed change orders to get an understanding of the root causes of those change orders, their impact, and the controls around the associated risks * Obtained additional information for change orders that stand out as unusual or high risk   Pay Application Review Process * Reviewed pay applications to understand if there were signs of frontloading expenses * Obtained an understanding of the inspection process of materials on site * Reviewed Inspector Daily Report samples Substantial Completion / Liquidated Damages * Compared the time between actual completion dates vs. contractual completion dates for substantial and physical completion Schedule of Observations and Recommendations The failure to verify all required insurance coverages before project commencement risked non-compliance with contractual terms, potentially leading to disputes, delays, or increased costs. The Contract’s General Conditions (G.11.04 A 2) stipulate that Contractors who provide design and architectural services must obtain Errors and Omissions Professional Liability insurance within ten days following the Notice of Intent to Award, which was issued on October 15, 2021. Per the SOP Section 3_Contract Award_3_4_3_Bonds and Insurance, the Port’s Central Procurement Office (CPO) is tasked with obtaining evidence of this insurance coverage to ascertain compliance. CPO was unable to provide us with proof that they verified this insurance coverage was satisfied. Internal Audit worked with Risk Management team and determined that the insurance requirements were met. However, our review identified that CPO had not obtained proper insurance endorsements for stop gap insurance, pollution insurance, and commercial general liability insurance. Additionally, Hoffman had a combined Pollution and Professional Liability insurance policy which creates a risk of exhausting the insurance limit on one coverage, thereby reducing the available coverage for the other. Failure to ascertain the Contractor has satisfied all insurance requirements prior to commencement of the Project jeopardized adherence to contractual terms, which could have led to contract disputes, claims, delays, or increased costs. Recommendations: Existing SOP (3_Contract Award_3_4_3_Bonds and Insurance) should be followed to ascertain that all insurance documentation is obtained project commencement. Management Response/Action Plan: CPO agrees with the recommendation and will continue to train staff to improve compliance with these existing requirements. Currently, CPO receives annual training from Risk Management on reviewing the insurance certificates and endorsements. When a procurement officer has a question, such as they can’t find the language specified in the endorsements, or when endorsements are difficult to interpret, then they engage with Risk Management to ensure compliance is met. Currently, CPO utilizes an Insurance Matrix that was co-created with Risk Management so we would not have to seek Risk Management’s help to analyze every Certificate of Insurance and endorsement. Currently, CPO and Risk Management engage on those insurance policies where a company is self-insured, have a contractor-controlled insurance program, or when submitted endorsements don’t appear to match the requirements (manuscript/non-standard) and for any policies difficult to interpret. The Port started joint sealant work without creating a change order, risking project budget integrity and potentially violating contractual obligations. During the construction phase of this Design-Build project, the Port identified that joint sealant requirements were not adequately defined during the design phase. Once identified, the contractor suggested, and demonstrated a relatively inexpensive and low-labor intensive self-leveling product for an additional $85K and 7 days. However, this proposal was found to be insufficient by the Port Maintenance department. The required scope was more clearly defined as needing a more robust sealing joint option to reduce future trip hazards and allow for more efficient cleaning, and this was captured in a Discretionary Change Document from AV Maintenance which was approved by the AV Project Review Board. This more complex, and labor-intensive scope lead to discussions of up to $250K with the Contractor. The Port and the Contractor, Hoffman, could not agree on the cost estimate for this additional work. Consequently, the Construction Management team decided to direct the work to proceed on a Force Account basis that saved approximately $139K. This more complex scope cost $111K and resulted in 50 days added to the project. Although the Port team tracked and managed the project diligently and worked closely with the contractor, they failed to create a not-to-exceed change order prior to the start of the additional work. Construction Management Procedure 40.01 states “The expectation is that Change Orders are issued prior to the start of any Change Order work as much as practical.”   The absence of a not-to-exceed change order before starting the work jeopardized adherence to project budget controls and contractual terms, which in certain situations, could lead to financial overruns and contractual disputes.  Recommendations: Existing SOP (40.01 Change Orders – Change Management) should be followed to ascertain that no additional work commences without an approved not-to-exceed change order in place. Management Response/Action Plan: Engineering Construction Management agrees with the recommendation and will continue to train staff to improve compliance with these existing requirements. Appendix A: Risk Ratings Findings identified during the audit are assigned a risk rating, as outlined in the table below. Only one of the criteria needs to be met for a finding to be rated High, Medium, or Low. Findings rated Low will be evaluated and may or may not be reflected in the final report. Rating Financial/ Operational Impact Internal Controls Compliance Public Commission/ Management High Significant Missing or partial controls Non-compliance with Laws, Port Policies, Contracts High probability for external audit issues and / or negative public perception Requires immediate attention Medium Moderate Partial controls Not functioning effectively Partial compliance with Laws, Port Policies Contracts Moderate probability for external audit issues and / or negative public perception Requires attention Low Minimal Functioning as intended but could be enhanced Mostly complies with Laws, Port Policies, Contracts Low probability for external audit issues and/or negative public perception Does not require immediate attention 1 Open Trend: An open trend refers to a known or potential cost/schedule risks to the project that have not yet been formally approved or finalized by the Port. --------------- ------------------------------------------------------------ --------------- ------------------------------------------------------------ TSE Phase 2 Bollards and ADA Ramps Project