Constant Mak

EDP Audit specialist

Curriculum Vitae

 

 

Professional bodies

· NOREA (Dutch association of post graduate certified IT auditors)

· ISACA (Information Systems Audit and Control Association)

· ISC2 (International Information Systems Security Certification Consortium)

· IIA Nederland (Institute of Internal Auditors Nederland)

· Examinator of exams at the “Executive Master in IT Auditing” postgraduate education (Vrije Universiteit Amsterdam)

 

Education (year of graduation):

 

2003  

· Post graduate IT auditing course at the Vrije Universiteit Amsterdam (Free University of Amsterdam): 2.5 years education to become certified IT auditor (Register EDP auditor), graduated in May 2003. Admitted to the professional association for EDP auditors in February 2004.

· Certified Internal Auditor (CIA), certified as of November 2003

 

2002

· Certified Information System Auditor (CISA), certified as of June 2002

· Certified Information System Security Professional (CISSP), September 2002              

2001

Erasmus University Rotterdam, Master of Science (M.Sc.) in Business Economics

Accountancy (doctorandus), started in September 1990, date of passing the Master’s

 examination 1 September 2001.

                                           

Graduation thesis: ‘Auditing of Metrics of Internet Advertisements Reports’.

 

1990                                 

VWO, St. Laurenscollege, Rotterdam (diploma)

 

Relevant experience:              

 

2008 - 2010

Ad interim - Getronics PinkRoccade. Constant has been working ad-interim as Internal Auditor for three project to prepare Third Party Memorandums for key customers of Getronics PinkRoccade.

 

2009 Timex Group B.V. Constant has been working as temporary global head of audit at the Timex Group.

 

2008

Ad interim – Fortis IST Constant is working as of February 2008 on a SAS 70 readiness

project for the Fortis Information System and Technology (IST). Fixed end date of this

project is 30 May 2008.

 

2006 – 2007

TomTom International B.V. Constant has joined the Risk Management/Internal Audit

department of TomTom as of October 2006 as an EDP Audit Specialist. Constant has led

audits on the IT Department, Data Center operations, Internet projects, software

development, interfacing including US-EDI and the Product Management department.

Constant has performed two reviews of local offices (TomTom Work and TomTom

Edinburgh).

 

Constant has performed audits, consultancy and guidance for vendor selection related to

outsourced activities for the ERP project, the new webshop including its payment provider

and fraud management. Constant has also been the lead auditor on the hosting activities in

data centers and the new corporate headquarters.

 

Constant has acted as project manager on audit/risk management projects relating to Digital

Rights Management, business process review as part of the ERP implementation, privacy

and corporate information security. Constant has been involved at a strategic, tactical and

operational level for these projects.

 

In addition, Constant has been the key contact between the Internal Audit department and

other departments on IT and product developments, such as the project team for the new

ERP system and attending milestone meetings of Product Management. Constant has been

the key contact on IT matters with the statutory external auditors.

 

2005 – 2006 

Liberty Global Europe B.V. Constant joined the Internal Audit department of Liberty Global

Europe as Senior IT Auditor as of July 2005. Given departmental changes in roles, Constant

has become IT Audit Manager as of 1 July 2006. Liberty Global Europe is the owner of UPC

Broadband and Chellomedia and is active in 13 European countries.

 

Constant has been strongly involved in preparing UPC Swiss (Cablecom) to become SOX

compliant. On a European level, Constant has been involved in the service level

management of local entities with the European shared service center in Schiphol-Rijk.

Constant is also experienced with the review of SAS70 declarations.

 

Constant has been involved as lead auditor and/or team member in audits on IT General

Controls reviews and operational audits in several European offices (e.g. Amsterdam,

Dublin, Limerick, Bucharest, Warsaw, Zurich, etc.) and the shared service center (invoicing)

in Schiphol-Rijk. 

 

Constant has been the lead writer on the Office Review work program to review new entities

and a Revenue Assurance review program to analyse the revenue chain.

 

Constant also has participated in designing, consulting and actual performing of Sarbanes

Oxley test work on IT, financial and operational areas of control. Constant has reviewed the

IT controls at the LGI headquarters in Denver (USA).

 

2002 – 2005            

Euronext Amsterdam, Internal Audit Services. Constant joined the Internal Audit

Services of Euronext as IT Auditor in May 2002, was promoted as Senior IT Auditor and left

the organisation in June 2005. Euronext N.V. is the merger of the bourses of Amsterdam

Stock Exchange, Brussels, Paris, and Lisbon bourses, and the London Derivatives Market.

 

The Internal Audit Services performs audits in all Euronext locations including the

outsourced IT activities of AtosEuronext. Given the full integration of IT and operational

processes (all Euronext market have migrated to electronic screen trading), most audits

require an integrated approach of IT, operational and financial audit skills.

 

Since all IT development and operations of Euronext has been outsourced, Constant has

gained extensive experience in service level management, partner relationships and vendor

selection of outsourced activities (core IT systems, ERP, billing, etc.). Constant is also

familiar with SAS70, Third Party Memorandums, Enterprise-wide Risk Management, IT

legislation and Compliance.

 

Constant’s reports on the audits on the core trading systems have been send by the

Management Board of Euronext to financial regulators such as the Dutch Authority Financial

Markets. Constant has been lead auditor on audits on critical business systems and

business processes such as the stock exchange and derivatives trading systems, financial

systems (e.g. CODA Financials, billing & collection of trading fees), data center operations

and historical databases.                    

                                                    

Other audits have been the verification of the completeness of revenues for FY 2005 of all

SBUs of Euronext, investigations of trading disruptions and the review of the Systems

Development processes.

 

Constant also participated as auditor/quality assurance consultant into project teams,

vendor selections and has given support to the corporate security officer.

 

1998 - 2002            

Arthur Andersen Accountants, Technology Risk Consulting, Amstelveen. Constant has

performed the position of IT-auditor and consultant. Constant joined Andersen in October

1998 and has build up an extensive experience in IT audits, Revenue Assurance reviews,

operational audits and consultancy engagements in the telecom, media and entertainment

industry. As part of a financial audit team on financial yearly statements of various

organisations (e.g. trading, manufacturing, lease, banking organisations), Constant has

performed IT audits and data analyses.

 

Constant has been strongly involved with outsourcing relationships in telecom companies

(inter- operator connectivity, IT and billing) and with the Dutch government (shared IT

service center of the Department of Defense).

 

During these engagements Constant has gained deep knowledge of business processes of

telephony operators, cable television companies and Internet Service providers. Constant

has large experience in reviewing various billing applications, mediation platforms,

telephony switches, cable modem platforms, technical IT security and network

infrastructure.

 

Constant also has experience with auditing and advising E-Commerce companies, mainly

on IT security, data protection and integrity, and efficiency of the business process.

 

For the Royal Dutch Navy, Constant has written 6 information security plans for critical

business information systems during a 9 month period.  These information security plan

were based upon the method developed by the CCTA (founders of ITIL) for performing a

risk based approach for information security (CRAMM). These security plans included

security aspects of outsourced activities.

 

1998                        

Lodder & Co Registeraccountants, Nieuwegein, in the position of assistant-accountant.

From March 1998 till September 1998.  Constant performed financial audits and accounting

activities.

 

1997 - 1998            

Accountantskantoor Admiraal, Castricum, Constant fulfilled the position of assistant

accountant. Constant was hired for a year project starting in February 1997 and ending in

February 1998. Constant was in charge of implementing a bookkeeping application

involving about 300 different financial administrations. For this system he maintained the

standing ledger data and programmed the templates for the report generator to produce

annual reports and financial statements. Constant also performed several consulting

assignment in this position.

 

Other (1995-98):

Constant has been editor for a financial accounting magazine of the accounting students association of the Erasmus University (Pacioli) for three years and has written articles on IT security and e-Commerce. Constant also has designed and maintained the website for this accounting students association.

 

Languages:           

· Dutch         (naturally speaking and writing)

· English       (fluently in speaking, writing and reporting)

· (French is on my wish list)

 

 

Special courses:  

· IIA Conference 2007               

· EuroCACS 2006

· Auditing of Oracle Financials, November 2005

· Internet Security Scanner, October 2000

· CRM Basic, Arthur Andersen, 1998

 

Special skills:       

· All round financial auditing      

· Operational review

· Privacy and security reviews

· IT/Revenue Assurance/Operational audits on technical infrastructure and business processes (service delivery, billing & collection) of telecom operators regarding telephony, CATV, pay-per-view, en Internet services (ISP, web hosting).

· Expert knowledge regarding frameworks and methodology such as ISO 17799/27001, CoBIT, ITIL Service Level Management and PRINCE2 Project Management.

· Review of accounting systems and consolidation applications, such as Oracle Financials and Hyperion Financial Manager, financial spreadsheet controls, etc.

· Data analyses using computer aided audit techniques as ACL software, MS Excel and MS Access.

· IT Forensics supporting Fraud and Integrity investigations of forensic accountants with the use of specialist forensic software (Encase) and review of system loggings.