About Us
Chris Bruhn, CPA, CITP, CISA
Early Career:
Chris started his career as a financial auditor at a in 2004. He spent 6 years learning and understanding the financial risks organizations face, as well as how to identify auditing risks. Chris quickly rose to the level of Manager, and his interests began to expand beyond financial audits. In 2010 Chris was asked by the firm if he had interest in supporting the IT Audit practice.
Specialization:
As the future of audit was shifting to a required understanding of information systems and risks, Chris jumped at the opportunity and has continued expanding his knowledge of IT and Data Security since then. Within the IT Audit practice at the firm, Chris performed a variety of different IT risk assessments and audits. Chris worked his way up to Director and primarily ran and oversaw the SOC practice. Throughout this time Chris built strong relationships with Partners overseeing the firm’s quality control and adherence to standards. His attention to detail and understanding of the standards allowed him to participate in Peer Reviews and enhance internal quality control processes. With a deep understanding of audit requirements, experience with IT and financial risks, and the desire to keep expanding his knowledge, Chris decided to leave the firm and join a small consulting group specializing in Data Security and Privacy.
Consulting:
Chris joined consulting group in early 2021 as a Director. Although it was a short-lived relationship of only 18 months, the time here was invaluable. He got the opportunity to:
- support internal audit testing for IT component of client businesses,
- perform IT Audits on clients under various frameworks including; NIST 800-53, ISO27001, SOC 1 and 2, and CIS,
- support clients in preparation for compliance assessments or audits by performing risk assessments, control analysis, and control or documentation gaps,
- streamline large company compliance operations through identification of similar processes performed by unique groups, consolidation of disparate
processes into centralized groups, and utilizing synergistic evaluation and monitoring for consolidated reporting.
Independent:
With all this experience and knowledge, Chris established his own practice in late 2022 as an independent contractor and consultant. In early 2023 MCE CPA & Advisory was established to provide audit and attestation services.
Why we exist
MCE was established to simplify IT assurance and attestation for small and medium sized businesses. The thought of starting my own firm to support small and medium size businesses navigate IT Security audits and attestations began many years ago. It was shortly after the Target HVAC data breach that third-party risk management became a consistent topic for Boards and management of companies.
Monitoring of third-parties and supply-chains for security risk was now encompassing SMB organizations, including sole proprietors. These organizations did not have the financial resources or personnel to pay for audits, or respond to security inquires. Contracts were starting to require a SOC 1, SOC 2, or any other IT Security Framework report. We could tell it was frustrating.
MCE's goal is to provide high quality service at a price that's appropriate and without unnecessary overhead.