Page | 1

Inside this edition: - ISACA Belgium Board decisions - page 3

- ISACA in the press - page 4

- ISACA Belgium COBIT5 Launch - page 6

- The end of SAS70 – page 11

Upcoming events in Belgium:

Tuesday 11th of September 2012

“COBIT 5 for information security:

the overview” presented by

ISACA Location: Smals vzw, Fonsnylaan 20, B-

1060 Brussel

Thursday 13th of September 2012

“Security Global Compliance:

how CISOs are coping with

increasing demands of

compliance laws” with guest

speakers from Carrefour and

ISACA Location: ISACA / IIA, rue Royale

109/111, 1000 Brussels

Wednesday 19th-Thursday 20th of

September 2012

“COBIT 5 introduction course /

workshop” presented by Prof. Dr.

Steven De Haes and Prof. Dr.

Wim Van Grembergen Location: Holiday Inn Ghent Expo,

Maaltekouter 3 - 9051 St-Denijs-Westrem

Thursday 27th of September 2012

“New EU privacy approach” with

a security expert, a lawyer and

ISACA Location: Smals vzw, Fonsnylaan 20, B-

1060 Brussel

Tuesday 9th of October 2012

“Celebrating new ISACA joiners

and newly certified” with the

ISACA Belgium Board members Location: PARK INN Brussels Midi, Place

Marcel Broodthaers, 3 - 1060 Brussels

Word from the ISACA Belgium Chapter President: Dear ISACA Belgium member,

This is my first message to you as your new chapter president.

First of all I’d like to thank Philip De Picker who presided our chapter in

the last six years leading it to one of the most successful chapters in

Europe with lots of activities, strong and well attended certification

exam bootcamps and a significant growth of membership in Belgium.

I am very fortunate to keep having access to Philip’s wisdom and

knowledge since he remains on the board as immediate past

president. Secondly, as an ISACA member since 1995 I am very

honored to be a member of this international organization and the

Belgian chapter. I have seen ISACA grow, in members, and also in

knowledge domains. Especially the knowledge around IT audit, IT

governance, IT risk and information management crafted by

volunteers worldwide is quite impressive. Thus it is an honor to be

chosen to become president of the Belgian Chapter. Finally, as your

new president, I will continue the vision and mission of ISACA Belgium

as stated by Philip De Picker in the beginning of 2012 for the coming

three years and make you proud of being member of our association:

A. Reaching out towards all members (existing and new): I am still

meeting people today who never heard about ISACA or COBIT. The

Board is undertaking specific actions to make ISACA and COBIT more

visible to all types of relevant audiences.

B. Simplifying membership administration: in 2012 we will make use of IT

tools to help you subscribe to our events, get your CPE credits and get

access to the presentations and materials from our Belgian ISACA

website.

C. COBIT 5: we will continue to organize activities around this new

version of our framework and its lenses (more about that in this

newsletter) during 2012 and beyond with key speakers.

D. Certification guidance: we will continue to organize and improve

our certification exam bootcamps to enhance the success rate of

people participating in the ISACA certification exams in June and

December.

I hope to meet you at one of our ISACA events in Belgium. In the

meantime, I wish you a well-deserved vacation during July and

August.

Mr. Marc Vael President of the ISACA Belgium Chapter

Page | 2

Request For ISACA Belgium Newsletter articles ISACA Belgium Chapter is inviting you to write an article for the next newsletter to be issued in September 2012. The

deadline for submissions is Friday 7th of September 2012. Please forward your article to education@isaca.be and

include a high quality picture of yourself.

Job Postings

zoekt ter ondersteuning van het auditcomité een interne auditor (m/v) Emmaüs is een netwerk in de provincie Antwerpen van meer dan 20 voorzieningen en 5.900 medewerkers met zin in zorg. Emmaüs is actief in algemene ziekenhuizen, geestelijke gezondheidszorg, ouderenzorg, ondersteuning van personen met een beperking, kinderdagopvang, bijzondere jeugdzorg en kinderzorg & gezinsondersteuning. De coördinatiedienst bevindt zich in Mechelen.

Je functie: - je werkt in opdracht van het auditcomité en hebt een sleutelrol in de uitbouw van het interne controlesysteem - je voert financiële, administratieve en operationele audits uit met als doel de risico’s in kaart te brengen en het interne controlesysteem of de procesefficiëntie te verhogen - op basis van een globale risico-analyse stel je een 3-jaarlijks auditplan op en stuurt dit bij volgens de beslissingen van het auditcomité - je rapporteert aan het auditcomité over de lopende en afgehandelde audits - je geeft advies over het uittekenen van nieuwe of het aanpassen van bestaande processen om de efficiëntie en effectiviteit te verbeteren

Je profiel: - je hebt een masterdiploma en minimum 7 jaar ervaring in audit - als je een Certified Internal Auditor (CIA) bent, is dit een pluspunt - je beheerst de courante MS Office toepassingen - je bent sterk in het helder presenteren van auditdossiers en processen, zowel mondeling als schriftelijk - je bent analytisch en kritisch ingesteld en werkt flexibel en accuraat - je werkt graag en goed zelfstandig - je bent vlot in contacten op alle niveaus in de organisatie

Je krijgt: - een contract van onbepaalde duur - een competitief loon met extralegale voordelen oa. een bedrijfswagen - een uitdagende en gevarieerde functie met aandacht voor je ontwikkeling in een groeiende sector

Interesse? Mail je cv en gemotiveerde sollicitatiebrief tegen 25 juni 2012 naar ilse.janssens@emmaus.be

Voor meer info: http://www.emmaus.be

For a major service provider, with worldwide headquarters in Brussels we are currently looking for a

MANAGER IT AUDIT COMPETENCE CENTER (m/f) FUNCTION: Working within the Corporate Audit Department for the Internal Audit services division, the incumbent will be responsible for the Management and further development of the IT audit competence center (ITACC). Thus providing strong support to the Corporate Audit in assuring the Board and Direction Committee on the IT related risk management and internal controls.

Responsibilities: - Lead the IT audit competence center within the corporate audit department . - Together with the Chief Auditor determine the strategic direction of the IT auditing area - Perform and lead IT audit missions and provide IT audit support to all other audit assignments. - Be the key interface between ICT senior Management, corporate Audit and be the SPOC for the CIO for information on audit results and other corporate Audit activities and developments - Further develop the vision & further promote and position the department as trusted advisor on IT related risk & control matters. - Coordinate audit plans and missions with external IT audit. - Help defining the overall audit approach of the Internal Audit services by e.g. developing standard audit programs for the IT aspects and develop IT risk indicators.

PROFILE: Master degree with at least 5 years of relevant experience, gained in (internal or external) IT Audit, IT advisory. Excellent IT controls and process knowledge. Having obtained a CISA or similar certification is an asset. Driven/proactive and visionary attitude. Excellent relationship skills. Demonstrated team coaching skills. Well-structured and highly analytical approach. Knowledge of the two national languages combined with excellent English.

OFFER: Our client offers a unique opportunity to join a leading Belgian company that is in full transformation and is completely reinventing itself. All of this in a well-controlled way. They offer a key function that offers high visibility, close business collaboration and excellent career progression possibilities. Interested to know more about this challenging position, call Jan Declercq or send in your application and detailed curriculum

vitae, MERIT SELECT, Bd. St. Michel 73 – 1040 Brussels Tel: 02/743 27 87 – E-mail: jan.declercq@meritselect.com

Page | 3

ISACA Belgium Board Decisions The ISACA Belgium Board meets on a monthly basis and will provide insights to its members in the newsletter:

A/ New ISACA Belgium board

As of May 2012, the board of ISACA Belgium has distributed the roles and responsibilities as follows:.

President Mr. Marc Vael

Vice President Mr. Gunnar Mortier

Secretary Mr. Philip De Picker

Treasurer Mrs. Monique Garsoux

Education Coordinator Mrs. Annick Loks

Membership Coordinator Mr. Roger Leboulanger

Certification Coordinator Mr. Peter Houtmeyers

Research Coordinator Mr. Sanjay Vaid

Government & Regulatory Advocacy Coordinator Mr. Georges Ataya

Academic Relations Coordinator Mr. Hans Van Mingroot

Webmaster Mr. Philip De Picker

Audit Chair (external to the board) Mr. Peter Van Mol (external board member)

B/ ISACA membership fees will remain the same in 2013

Also for 2013, the board has approved that the chapter dues will stay the same as last year for new members,

renewing members, students and academic advocates. For retired members, ISACA has lowered the chapter dues

to 25 US Dollars (from 45 US Dollars). The board hopes that this might help its Belgian members to keep choosing for

ISACA as one of its key memberships.

C/ ISACA Belgium continues to support the Audit Software Watch day

The Board has agreed to continue supporting the Audit Software Watch day in 2012 together with IIA Belgium.

More details will follow on location, agenda and speakers.

The ISACA Journal features articles on topics of immediate interest to the IT audit, IT governance, IT risk and information security community.

This bi-monthly journal is provided free to all ISACA members. Visit the Apple App Store and search for "ISACA Journal" to download the free app on your iPhone, iTouch or iPad.

Page | 4

ISACA in the press ISACA Belgium in the news

Based on the interview with ISACA International President Mr. Ken Vander Wal on the INFOSECURITY event in March 2012, a full page article was published in the DATANEWS magazine in June.

The article describes COBIT 5 as the integrated framework and also mentions the link with Belgium.

The article can be found in full on www.datanews.be

Page | 5

http://www.sai.be

Page | 6

ISACA Belgium COBIT 5 Launch (Wednesday 25th until Friday 27th of April 2012): some

impressions

As announced ISACA Belgium organized one of the first COBIT 5 presentations in Belgium for its members. After

deliberation within the board of ISACA Belgium, it was decided to make this afternoon introduction session free for

all ISACA members.

As a consequence, 104 ISACA members responded to the invitation which gave a full house experience and made

the room look very small indeed.

Page | 7

Philip De Picker opened the event with an introductory speech focusing on the importance of COBIT in general and

COBIT 5 as a new release. It was a great honor to have Mr. Erik Guldentops as first speaker to talk about the history

of COBIT and to hear his views on COBIT 5. Mr. Guldentops is the “father” of COBIT and gave a great speech on the

past, the present and the future of COBIT in his personal way.

Then Mr. Dirk Steuperaert, one of the members of the ISACA COBIT 5 development team gave a proper overview of

COBIT 5 framework. He was supported by Mrs. Greet Volders during his presentation.

a

Page | 8

On Thursday and Friday, a COBIT 5 workshop was held and the participants were mainly interested in COBIT 5 from

an assurance/audit point of view and a governance point of view. Mrs. Greet Volders and Mr. Dirk Steuperaert led

these workshops in a professional manner and provided cases whereby the participants were able to find out how

COBIT 5 can be used in practice. All participants received the 3 COBIT 5 books, which came directly from the US.

All presentations provided by the speakers can be found on www.isaca.be

Page | 9

ISACA Belgium Past Events Overview Workshop “COBIT 5 introduction” (Tuesday June 5th 2012) Based on the numerous requests by members from ISACA Belgium, a special COBIT 5 workshop was organized in Brussels. The maximum number of 25 participants was reached and after an introduction presentation by Mr. Dirk Steuperaert, the participants worked on 4 distinct case studies (develop an initial IT assurance plan, develop an assurance program, develop a privacy audit workprogram, develop an IT Disaster Recovery Plan) in order to better understand how COBIT 5 works and how they can apply this in their own organization. Here also all participants received the new COBIT 5 books.

https://www.isaca.org/COBIT/Pages/info-sec.aspx

Page | 10

Page | 11

The retirement of SAS70 (by Mr. Dirk Timmerman, KPMG Advisory Belgium, CISA, MCA) The American audit standard SAS 701 and its predecessors have been in place for 40 years. In the post-SOX era, SAS

70 became the global standard for assurance reports on service organization controls. In principle, the SAS 70

report was meant to be an ‘auditor to auditor’ report focusing only on financial reporting risks and controls. In

practice, however, there is an increasing need for assurance on services and quality aspects of services that are

not (or less) related to financial reporting (e.g. managed security services, data center co-location services;

infrastructure security, availability, confidentiality, privacy). Although assurance vehicles2 were (and are) available

to accommodate those needs, these were – contrary to the SAS 70 standard – not well known by the broader

public. As a consequence, control objectives in SAS 70 reports were stretched to (partially) meet the broader

assurance needs. Another alternative was the reliance on ISO certificates (e.g. ISO 27001 for security). The

assurance provided by ISO certificates, however, is sometimes suboptimal as they – contrary to SAS 70 reporting –

do not address the operational effectiveness of controls and provide no description of the system nor detailed

information on test procedures and test results.

On June 15, 2011, SAS 70 was “retired” and replaced by the international assurance standard ISAE 34023, which was

implemented in the US under the name SSAE 164. The AICPA took advantage of the retirement of SAS 70 to meet

the above mentioned broader assurance needs and created the following new breed of service organization

control (SOC) reports:

SOC1 is the new label for SSAE 16/ISAE 3402 (former SAS 70) reports and is designed to be “laser-focused” on

controls that could impact users’ financial reporting.

SOC2 has been developed to have the look and feel of a SOC1 report (e.g. including a description of the system

and information on the test procedures and test results). However, it uses the following “trust services principles” that

are far more broadly applicable:

Page | 12

For each trust principle a standard set of trust services criteria has been developed that is publicly available5. The

SOC2 report includes a description of the controls that have been implemented by the service organization to

meet the trust services criteria.

Note that the SOC2 report may relate to one or more trust principles and that the primary users of SOC2 reports are

not user auditors, but, rather, management of the service organization and management of the user entities.

A SOC3 report is a short form, general-use report that management of the service organization may provide to

anyone with the option of displaying a web site seal.

And for Europe?

The label SOC1 is likely to become the commonly used label for ISAE 3402 report as it’s much more easy to

pronounce (just try it out). In addition, Europe will be able to take advantage of the branding effort performed by

the AICPA for SOC2 and SOC3 reports, and to fill the need for a practical assurance vehicle for non-financial

reporting related services and quality aspects (in its reports Europe will refer to ISAE 3000 rather than the US

attestation standards).

For more information on ISAE: http://isae3402.com and http://www.ifac.org/sites/default/files/downloads/b014-

2010-iaasb-handbook-isae-3402.pdf

Dirk Timmerman, CISA, MCA

KPMG Advisory Belgium

email: dtimmerman@kpmg.com

http://www.kpmg.be

KPMG IT Internal Audit International Survey 2012

Help us shape the future of IT Internal Audit

The current economic situation, the complexity of organisations, globalisation and technological developments are resulting in an ever increasing demand for internal control. During the past few years, many organisations have become ever more dependent upon technology to deliver their core business functions. From our discussions in the market place it seems that more and more organizations are interested in getting a better understanding of international developments in this field and want to put more focus on the developing role of IT Internal Audit. Building on our previous study published in 2009, we would like to create greater insight for you into the current views and trends of your peers within Europe, the Middle East and Africa and are therefore conducting research into the role of IT Internal Audit – including how ITIA is organised, the topics it covers, the objectives and approach of ITIA, the ITIA lifecycle, tools used, skills and development. . Research will be conducted using an on-line survey questionnaire which KPMG have developed to address these issues. Please follow this link and complete the survey at your earliest convenience. The key results will be summarized in a white paper and will be issued to all respondents. Thank you for your time and participation in this survey. Your views are important to us.

Page | 13