Michael Mekas

IT SOX & Controls Advisor

The technical standard of a Big 4 firm.
The agility of an independent partner.

I work with companies navigating IT SOX readiness, remediation, and ongoing compliance by acting as a true extension of your team to design and operate programs that are risk-based, defensible, and built to hold up over time.

With 12+ years in the trenches of IT SOX, I swap out the 'big firm' overhead for a direct, hands-on partnership. My goal is simple: make compliance manageable so you can focus on running the business.

Direct Access. Zero Layers.

No account managers, no layers of communication. You have my cell phone number. You get answers in minutes, not days.

Senior-Led Execution.

You work with one senior practitioner from kickoff to audit sign-off. I personally lead the strategy and execution, bringing 12+ years of senior expertise to every phase.

Right-Sized Scoping.

I design compliance programs around the critical risks that matter, removing the noise of burdensome controls that are unnecessary to the audit.

Services

Core capabilities

IPO Readiness & Gap Assessments

I prepare your IT environment for the scrutiny of a public market debut by performing the initial gap assessment and designing a scalable ITGC framework that meets audit standards.

• Strategic Scoping: Identifying critical systems to prevent scope creep and ensuring your team stays focused on the risks that add actual value to the audit.
• Control Design: Building practical processes for Logical Access, Change Management, and IT Operations.
• Technical Documentation: Drafting the narratives, scoping documents, and risk-control matrices (RCMs) that auditors expect to see.

Remediation & Controls Optimization

I work directly with control owners to remediate IT audit findings and deficiencies. I don't just identify gaps, I partner with your team to build out the templates and processes needed to fix issues long-term.

• Gap Analysis: Identifying the root cause of audit findings or deficiencies.
• Hands-on Execution: Developing practical templates and working side-by-side with owners to complete them.
• Validation Testing: Re-testing remediated controls to ensure they are defensible before year-end.

Annual IT SOX Testing (Execution)

I take full ownership of your testing program, acting as your go-to compliance lead without the headcount cost. I manage the entire cycle, from initial walkthroughs to year-end.

• Walkthrough Leadership: Coordinating with process owners to validate control design.
• Sample Testing: Executing rigorous testing of operating effectiveness.
• Evidence Management: Organizing audit-ready workpapers to minimize Big 4 friction.

Audit Defense & Liaison

I act as the primary "interpreter" between your IT team and the auditors. I speak their language and defend your controls so your team doesn't have to spend their days in audit meetings.

• Request Management: Vetting and streamlining auditor request lists to ensure requests are reasonable and clear.
• Technical Defense: Advocating for your existing processes to prevent unnecessary findings.
• Scope Control: Keeping auditors focused on high-risk areas to reduce billable hours.

Fractional Support

An extension of your team

Most companies don’t need a full-time IT SOX Director, but they do need senior-level expertise. I operate on a fractional basis, acting as an integrated partner who works seamlessly alongside your existing team.

• Flat-Fee Monthly Retainer: I partner with companies on a fixed-cost basis to provide steady oversight, ensuring your compliance program remains audit-ready year-round.
• Scalable Involvement: Whether it’s a few hours a week for ongoing maintenance or a deep-dive project for IPO readiness, I scale my involvement to match your specific needs.
• Predictable Results: You get 12+ years of experience and audit-ready results without the revolving door of junior associates or the unpredictability of hourly billing.

About me

I founded Mekas Consulting to work more directly with the people and teams I can genuinely help, without the layers and overhead of a big firm.

My specialty is bringing structure to IT controls in a way that actually works: clear, practical, and aligned with both business needs and audit expectations.

I live in Georgia with my wife and three young kids. Outside of work, I enjoy playing tennis, coaching baseball, being outdoors, and generally trying to keep up with our little ones.