Davide Ciani

Director - IT Internal Audit at Merck KGaA, Darmstadt, Germany

Frankfurt Rhine-Main Metropolitan Area

About

Experience

  • Director - Group Internal Audit at Merck KGaA, Darmstadt, Germany
    Apr 2017 - Present · 9 yrs 3 mos

  • Manager at Ernst & Young
    Oct 2008 - Mar 2017 · 8 yrs 6 mos

    Manager within Ernst & Young in the Advisory (Risk) practice, focusing on Service Organisation Controls Reporting (SOCR), Third Party Reporting and IT Audits. Beside this, he is working in IT-Effectiveness, IT-Service Management (Cobit, ITIL), IT Project Management, Software Certification, Security and Segregation of Duties analysis and SAP role design. Professional experiences covers: - Third Party Reporting: SOC reports (including SAS70, ISAE 3402, ISAE3000 and SSAE16) also performed on multi-location and with international teams. Specific purpose audit reporting for internal audit or compliance department. - Financial Audit Support: IT-Assurance, SOX, internal audits and legal compliance engagements for several clients in different industries. Performing also specific testing and data analysis like: Financial Audit NSJE extraction and IT-General Controls, Process Analytics and Audit Performance Improvement. - Data Quality & Migration Test: System Migration between several clients systems. Analyzing the process of importing legacy data to a new system improving data management activities (data quality) and validating the data migrated. - Business Impact Analysis and Business Continuity: support in the identification and evaluation of risks and impacts on the principal business process and in the draw of the Business Continuity management and IT disaster recovery plan. - Segregation of Duties Analysis and Profile Design: analyze and re-designing SAP R/3 roles and authorization profiles in compliance with internal control and law requirements. Specialized fields: - Third Party Reporting and SOC reporting (SAS70, ISAE 3402, ISAE3000 and SSAE16) - Project Management - Data Analysis - IT-Assurance and software certification - Post implementation and data conversion reviews - Business Impact Analysis and Business Continuity - Segregation of duties

  • Student at Bocconi University
    Jan 2008 - Dec 2008 · 1 yr

    Master Management of Information System

  • Analyst Programmer at Eureka
    Sep 2006 - Dec 2007 · 1 yr 4 mos

  • Analyst Programmer at PGM srl
    Dec 2005 - Jul 2006 · 8 mos

    Requirement analysis, design and developement of a specialistic application for automotive technical support.