Mike leads FGMK’s Risk & Controls Practice, providing clients with information security and privacy, cybersecurity, internal control, and internal audit services. His expertise includes System and Organization Controls (“SOC”) Reporting: SOC for Service Organizations (SOC 1® (formerly SAS 70 / SSAE 16), SOC 2®, and SOC 3®), and SOC for Cybersecurity, information security and cybersecurity process and controls consulting, IT risk assessments, Sarbanes-Oxley (SOX) readiness and internal audits, and PCI/HIPAA compliance.
Mike has over 30 years of experience in auditing and IT consulting for public and private companies nationally. His industry expertise includes technology, real estate, healthcare, not-for-profit, manufacturing and distribution, and state and federal government agencies.
Mike joined FGMK in 2013. His background includes 12 years at PwC, where he managed and delivered services that include IT audits for SOX compliance for over 35 publicly traded companies, SAS 70 (now called SOC 1®) reviews, IT and enterprise risk assessments, internal controls improvement, IT internal audit, and design and implementation of technology solutions to automate business processes.
Frequently Asked Questions about AICPA System and Organization Controls ("SOC") Reports