Michael Mekas

IT SOX & Controls Advisor

I've spent 12+ years on both sides of this: as an auditor at Deloitte evaluating IT control environments, and as an advisor helping companies build and manage those programs in practice.

Most IT SOX programs struggle for the same reason: no one truly owns them.

Responsibility gets split across IT, finance, and auditors. Controls become inconsistent, and audit requests start driving decisions instead of the other way around. That's where I come in.

Direct Access. Zero Layers.

No account managers, no layers of communication. You have my cell phone number. You get answers in minutes, not days.

One Advisor. Full Ownership.

You work with one senior practitioner from kickoff to audit sign-off. I personally lead the strategy and execution, bringing 12+ years of senior expertise to every phase.

Controls That Matter.

I design programs around the controls that actually matter, cutting out the ones that add burden without addressing real risk.

Services

How I Can Help

Whether you're preparing for an IPO, dealing with audit findings, or trying to get your IT controls program under control, here's where I typically come in:

IPO Readiness & Gap Assessments

I assess your current IT control environment, identify gaps, and build the ITGC framework your program needs to hold up under audit scrutiny.

• Strategic Scoping: Identifying critical systems to prevent scope creep and ensuring your team stays focused on the risks that add actual value to the audit.
• Control Design: Building practical processes for Logical Access, Change Management, and IT Operations.
• Technical Documentation: Drafting the narratives, scoping documents, and risk-control matrices (RCMs) that give auditors a clear picture of your control environment.

Remediation & Controls Optimization

I work directly with control owners to remediate IT audit findings and deficiencies. I don't just identify gaps, I partner with your team to build out the templates and processes needed to fix issues long-term.

• Gap Analysis: Identifying the root cause of audit findings or deficiencies.
• Hands-on Execution: Developing practical templates and working side-by-side with owners through every step of the process.
• Validation Testing: Re-testing remediated controls to ensure they are operating effectively before year-end.

IT SOX Program Ownership

For companies that need more than project-based help, I serve as an embedded, ongoing owner of the IT SOX program. I set the direction, bring strategy, and coordinate across teams to keep the program running effectively year-round.

Audit Support & Coordination

I act as the primary point of contact between your IT team and the auditors. I know how auditors think, what they're looking for, and how to keep the process moving efficiently.

• Request Management: Vetting and streamlining auditor request lists to ensure requests are reasonable and clear.
• Audit Bridge: I make sure your controls are clearly understood and fairly represented.
• Protecting Your Team's Time: Keeping the process focused on what matters so your team isn't buried in unnecessary requests and meetings.

Fractional Support

An extension of your team

Most companies don't need a full-time IT SOX Director. What they need is someone who can step in quickly, own the program, and operate like part of the team, without the overhead of a full-time hire. Here's what that looks like:

• Flat Monthly Retainer: No hourly billing, no scope creep, no surprises at the end of the month.
• Flexible by design: Some clients need ongoing weekly support. Others need focused help for readiness or remediation efforts.
• No overhead: A senior IT SOX Director can easily cost $180k+ before benefits, payroll taxes, and everything else. You get senior IT SOX expertise without the full-time cost.