Constant Mak      

Audit Specialist

Ad interim – Fortis IST Constant has been working from February 2008 till July 2008 on a SAS 70 readiness project for the Fortis Information System and Technology (IST).

Constant joined the Internal Audit department of Liberty Global Europe as Senior IT Auditor as of July 2005. Given departmental changes in roles, Constant has become IT Audit Manager as of 1 July 2006. Liberty Global Europe is the owner of UPC Broadband and Chellomedia and is active in 13 European countries.


Constant has been strongly involved in preparing UPC Swiss (Cablecom) to become SOX compliant. On a European level, Constant has been involved in the service level management of local entities with the European shared service center in Schiphol-Rijk. Constant is also experienced with the review of SAS70 declarations.


Constant has been involved as lead auditor and/or team member in audits on IT General Controls reviews and operational audits in several European offices (e.g. Amsterdam, Dublin, Limerick, Bucharest, Warsaw, Zurich, etc.) and the shared service center (invoicing) in Schiphol-Rijk. 


Constant has been the lead writer on the Office Review work program to review new entities and a Revenue Assurance review program to analyse the revenue chain.


Constant also has participated in designing, consulting and actual performing of Sarbanes-Oxley test work on IT, financial and operational areas of control. Constant has reviewed the IT controls at the LGI headquarters in Denver (USA).

Arthur Andersen Accountants, Technology Risk Consulting, Amstelveen. Constant has performed the position of IT-auditor and consultant. Constant joined Andersen in October 1998 and has build up an extensive experience in IT audits, Revenue Assurance reviews, operational audits and consultancy engagements in the telecom, media and entertainment industry. As part of a financial audit team on financial yearly statements of various organisations (e.g. trading, manufacturing, lease, banking organisations), Constant has performed IT audits and data analyses.


Constant has been strongly involved with outsourcing relationships in telecom companies (inter- operator connectivity, IT and billing) and with the Dutch government (shared IT service center of the Department of Defense).


During these engagements Constant has gained deep knowledge of business processes of telephony operators, cable television companies and Internet Service providers. Constant has large experience in reviewing various billing applications, mediation platforms, telephony switches, cable modem platforms, technical IT security and network infrastructure.


Constant also has experience with auditing and advising E-Commerce companies, mainly on IT security, data protection and integrity, and efficiency of the business process.


For the Royal Dutch Navy, Constant has written 6 information security plans for critical business information systems during a 9 month period.  These information security plan were based upon the method developed by the CCTA (founders of ITIL) for performing a risk based approach for information security (CRAMM). These security plans included security aspects of outsourced activities.

Constant joined the Internal Audit Services of Euronext as IT Auditor in May 2002, was promoted as Senior IT Auditor and left the organisation in June 2005. Euronext N.V. is the merger of the bourses of Amsterdam Stock Exchange, Brussels, Paris, and Lisbon bourses, and the London Derivatives Market.


The Internal Audit Services performs audits in all Euronext locations including the outsourced IT activities of AtosEuronext. Given the full integration of IT and operational processes (all Euronext market have migrated to electronic screen trading), most audits require an integrated approach of IT, operational and financial audit skills.


Since all IT development and operations of Euronext has been outsourced, Constant has gained extensive experience in service level management, partner relationships and vendor selection of outsourced activities (core IT systems, ERP, billing, etc.). Constant is also familiar with SAS70, Third Party Memorandums, Enterprise-wide Risk Management, IT legislation and Compliance.


Constant’s reports on the audits on the core trading systems have been send by the Management Board of Euronext to financial regulators such as the Dutch Authority Financial Markets. Constant has been lead auditor on audits on critical business systems and business processes such as the stock exchange and derivatives trading systems, financial systems (e.g. CODA Financials, billing & collection of trading fees), data center operations and historical databases.

Other audits have been the verification of the completeness of revenues for FY 2005 of all SBUs of Euronext, investigations of trading disruptions and the review of the Systems Development processes.


Constant also participated as auditor/quality assurance consultant into project teams, vendor selections and has given support to the corporate security officer.


Constant has joined the Risk Management/Internal Audit department of TomTom as of October 2006 as an EDP Audit Specialist. Constant has led audits on the IT Department, Data Center operations, Internet projects, software development, interfacing including US-EDI and the Product Management department. Constant has performed two reviews of local offices (TomTom Work and TomTom Edinburgh).


Constant has performed audits, consultancy and guidance for vendor selection related to outsourced activities for the ERP project, the new webshop including its payment provider and fraud management. Constant has also been the lead auditor on the hosting activities in data centers and the new corporate headquarters.


Constant has acted as project manager on audit/risk management projects relating to Digital Rights Management, business process review as part of the ERP implementation, privacy and corporate information security. Constant has been involved at a strategic, tactical and operational level for these projects.


In addition, Constant has been the key contact between the Internal Audit department and other departments on IT and product developments, such as the project team for the new ERP system and attending milestone meetings of Product Management. Constant has been the key contact on IT matters with the statutory external auditors.

SAS70 type 1

Euronext NV


Arthur Andersen accountants

Liberty global Europe BV

Tomtom international

Project List & CV

Ad interim - 2008 — now . Constant has been working ad-interim as Internal Auditor/Security Engineer/Consultant on a large amount of IT projects for financial institutions and IT companies.

Third Party memorandum