Mekas Consulting

Michael Mekas

Senior IT Risk and Controls Advisor

Founder, Mekas Consulting

No matter where you are in your SOX journey, just starting out or already midflight, I can step in quickly and help make sense of what matters. I’ve worked in IT compliance from both sides, with Big 4 external audit experience and hands-on support for companies building, assessing, and refining their IT controls.

My goal is to bring clarity and structure to areas that are often overwhelming or overcomplicated, always focused on practical solutions and real risk.

Please reach out anytime if you have questions or need support.

Services

I provide fractional IT SOX support that’s flexible, hands-on, and tailored to your timeline, team, and priorities. Whether you're preparing for SOX, remediating audit findings, or building your SOX program, I help design and strengthen your IT control environment. Most clients engage me for 10-20 hours per week; enough to drive progress and keep things moving, without the commitment of a full-time hire.

Ongoing IT SOX Advisory

For companies that need experienced SOX support, but don't necessarily need a full-time hire. I work directly with your team to help with walkthroughs, documentation, control remediation, audit prep, and real-time questions. Whether it's steady weekly support or a short-term push, I'm here to help move things forward and make them easier to manage.

IT Control Design and Implementation

Whether you're building controls for the first time or refining what's already in place, I help design practical, audit-ready IT control frameworks. I'll collaborate with your team to identify key risks and tailor controls to fit your systems, processes, and environment.

SOX Readiness and Remediation Support

Getting ready for SOX, or cleaning up after a tough audit? I help you figure out where gaps exist, and what needs to be done. I can work directly with your team members to remediate gaps and implement controls. what's missing, what needs work, and how to build solutions that are clear, effective, and makes sense for the business.

Foundational Controls Support

The basics matter. I help you build the underlying documentation and structure your program relies on. That includes risk assessments, RCMs (risk control matrices), scoping documenatation, and control mapping. All tailored to reflect how your business actually works, and easy to maintain going forward.

About Me

I’m an independent IT compliance consultant with over 10 years of experience helping companies design, assess, and improve their IT control environments. I’ve worked in both internal and external audit roles, including 7 years at Deloitte, and have since supported dozens of companies through IPO readiness, SOX 404 compliance, and remediation efforts. Starting my own consulting practice has allowed me to work more directly with the people and teams I can genuinely help, without the layers and overhead of a big firm. My specialty is bringing structure to IT controls in a way that actually works: clear, practical, and aligned with both business needs and audit expectations.

Outside of work, I enjoy spending time with my family, playing tennis, coaching baseball, and generally chasing after our three young kids.

Credentials & Background:

Certified Information Systems Auditor (CISA)
M.S. in Information Systems, Georgia State University
10+ years of experience in IT controls and compliance

FAQ

Can you help during a system implementation or major system change?

Yes. I’ve supported ERP implementations, system migrations, and redesign efforts to help companies ensure their IT controls remain sound throughout major change. I can help assess risks, refine control design, and support documentation and testing efforts.

Do you only work with pre-IPO companies?

No. I work with companies at all stages — whether they’re maturing their controls post-IPO, responding to audit pressure, or building from scratch.

Can you work directly with our team?

Yes. I often work closely with IT, compliance, and internal audit teams to provide guidance, support execution, and ensure alignment with SOX expectations.

Do you offer short-term or long-term support?

Yes. I’m open to both — whether you need a few weeks of help with a specific issue or ongoing support as a part-time advisor.