Michael Mekas

IT SOX & Controls Advisor

I've spent 12+ years on both sides of IT SOX: first as an auditor at Deloitte evaluating IT control environments, and more recently as an advisor helping companies build and manage those programs in practice.

Most IT SOX programs struggle for the same reason: no one truly owns them. Responsibility gets split across IT and finance, and audit requests start driving decisions instead of the other way around. That's where I come in.

Direct Access. Zero Layers.

No account managers, no layers of communication. You have my cell phone number. You get answers in minutes, not days.

One Advisor. Full Ownership.

You work with one senior practitioner from kickoff to audit sign-off. I personally lead the strategy and execution, bringing 12+ years of senior expertise to every phase.

Get The Basics Right.

Most IT SOX programs become too complicated too fast. I focus on getting the fundamentals right first, then building from there only where it actually makes sense.

You might be in the right place if...

→ You're preparing for an IPO and not sure what should actually be in scope
→ You've started SOX work, but things feel reactive or unclear
→ Audit requests are increasing and not always making sense

That's exactly the gap I fill. I come in as the embedded owner, setting direction and building controls that actually work.

Services

How I Can Help

Whether you need someone to own your IT SOX program long-term, or help with a specific initiative, here's where I typically come in:

IT SOX Program Ownership

For companies where no one inside currently owns this

I serve as an embedded, ongoing owner of your IT SOX program — setting direction, coordinating across teams, and keeping the program running effectively year-round. Most companies don't need a full-time IT SOX Director. What they need is someone who can step in quickly, own the program, and operate like part of the team, without the overhead of a full-time hire.

• Flat Monthly Retainer: No hourly billing, no scope creep, no surprises at the end of the month.
• Strategy & Direction: I set the program direction and own the decisions, not just the execution.
• Audit Bridge: I know how auditors think. I manage the relationship, vet requests, and make sure your controls are fairly represented.

Targeted Engagements

Readiness assessments, gap analysis, remediation, system implementations & migrations

Not every situation calls for ongoing support. Sometimes you need focused help with a specific problem: a gap assessment before your first audit, remediating findings, or navigating a system change that puts controls at risk.

• SOX Readiness & Gap Assessments: Evaluating your current control environment and identifying what needs to be in place before auditors arrive.
• Remediation: Working side-by-side with control owners to fix findings and build processes that hold up the next time around.
• System Implementations & Migrations: Making sure new or changing systems don't introduce control gaps or disrupt what's already working.

About me

I founded Mekas Consulting to work more directly with the people and teams I can genuinely help, without the layers and rigidity of a big firm.

I live around Atlanta with my wife and three young kids. Outside of work, I enjoy playing tennis, coaching baseball, being outdoors, and generally trying to keep up with our little ones.