Michael Mekas

IT SOX & Controls Advisor

The technical standard of a Big 4 firm.
The agility of an independent partner.

I work with companies navigating IT SOX readiness, remediation, and ongoing compliance by helping design and operate programs that are risk-focused, defensible, and built to hold up over time.

With 12+ years in the trenches of IT SOX, I swap out the 'big firm' overhead for a direct, hands-on partnership. My goal is simple: make compliance manageable so you can focus on running the business.

Direct Access. Zero Layers.

No account managers, no layers of communication. You have my cell phone number. You get answers in minutes, not days.

Senior-Led Execution.

No "bait and switch" where a partner sells the work and a junior does it. One senior practitioner from start to finish.

Audit-Ready, Every Time.

Because I’m doing the work, the documentation is done right the first time. No re-work. No missed deadlines.

Services

Core Capabilities

IPO Readiness & Gap Assessments

Establishing a PCAOB-level control environment for companies 12–18 months from going public. I perform the gap assessment, design the initial ITGC framework, and build the rigorous documentation required for a successful debut.

• Scoping & Materiality: Defining the audit perimeter to prevent unnecessary scope creep.
• Framework Construction: Formalizing Logical Access, Change Management, and IT Operations.
• Technical Documentation: Drafting the narratives and RCMs that external auditors demand.

Annual IT SOX Testing (Execution)

I take full ownership of your testing program, acting as your go-to compliance lead without the headcount cost. I manage the entire cycle, from initial walkthroughs to year-end.

• Walkthrough Leadership: Coordinating with process owners to validate control design.
• Sample Testing: Executing rigorous testing of operating effectiveness.
• Evidence Management: Organizing audit-ready workpapers to minimize Big 4 friction.

Audit Defense & Liaison

I act as the primary "interpreter" between your IT team and the auditors. I speak their language and defend your controls so your team doesn't have to spend their days in audit meetings.

• Request Management: Vetting and streamlining auditor request lists to ensure requests are reasonable and clear.
• Technical Defense: Advocating for your existing processes to prevent unnecessary findings.
• Scope Control: Keeping auditors focused on high-risk areas to reduce billable hours.

Remediation & Controls Optimization

Cleaning up after a difficult audit or a significant deficiency. I don't just find the gaps; I work with your team to implement practical solutions that fix the issues long-term.

• Gap Analysis: Identifying the root cause of deficiencies or failed controls.
• Practical Fixes: Designing sustainable control processes that resolve deficiencies while minimizing manual effort.
• Validation Testing: Re-testing remediated controls to ensure they are defensible before year-end.

Engagement Model

Fractional Support

Most companies don’t need a full-time IT SOX Director, but they do need senior-level expertise. I operate on a fractional basis, acting as a dedicated extension of your team for a fraction of the cost of a full-time hire or a large consulting firm.

• Flat-Fee Monthly Retainer: I partner with companies on a fixed-cost basis to provide steady oversight, catching gaps early to help prevent material weaknesses at year-end.
• Scalable Involvement: Whether it’s a few hours a week for ongoing maintenance or a deep-dive project for IPO readiness, I scale my involvement to match your specific needs.
• Predictable Results: You get 12+ years of experience and audit-ready results without the revolving door of junior associates or the unpredictability of hourly billing.

About Me

I founded Mekas Consulting to work more directly with the people and teams I can genuinely help, without the layers and overhead of a big firm.

My specialty is bringing structure to IT controls in a way that actually works: clear, practical, and aligned with both business needs and audit expectations.

I live in Georgia with my wife and three young kids. Outside of work, I enjoy playing tennis, coaching baseball, being outdoors, and generally trying to keep up with our little ones.