Our Team

Meet the Team

Sage Audits is a Colorado-based CPA firm focused exclusively on IT audit, assurance, and advisory work. Our advantage lies in the depth and breadth of our team's expertise, an end-to-end perspective that ensures trust with your customers.

Connect with an Expert

Jordan Novak, Managing Partner

Former B4 · CPA · CISA · CRISC · CISM · CITP · CISSP

Jordan Novak

Managing Partner

University of Northern Colorado

Masters of Accountancy (MAcc)
B.S. in Business Administration — Computer Information Systems

Jordan is Managing Partner at Sage Audits LLP, with a background in Big Four public accounting and many domains in information technology. He has led SOC 1 and SOC 2 engagements, IT advisory, and GRC work across private companies, publicly traded enterprises, and government organizations. His client experience spans early-stage SaaS companies, mid-market technology firms, and large-scale public sector engagements.

His approach centers on direct partner involvement throughout every engagement, clear communication, and a practical understanding of the technical environments his clients operate in. He brings the rigor of a large firm with the accessibility of a boutique practice.

CPA

CISA

CRISC

CISM

CITP

CISSP

Tasya Novak, Managing Director

Former B4 · CISA

Tasya Novak

Managing Director

James Madison University

B.B.A. in Business Administration — Computer Information Systems

Tasya is Managing Director at Sage Audits and former IT Audit Director at KPMG, where she spent more than 12 years advancing from Advisory Associate to director. Her engagements have spanned SOC reporting, SOX 404 IT controls, FISCAM-based governmental audits, financial statement audit support, and audit readiness across technology, financial services, and government sectors.

At the director level, she led teams of IT auditors, managed client relationships, and served as an internal peer reviewer ensuring compliance with PCAOB and firm compliance standards. At Sage, she coordinates SOC 2 engagements, bringing that institutional depth to every client: precise fieldwork, thorough documentation, and clear judgment on what controls need to demonstrate.

CISA

Our Experience

0+ Years Combined

Big Four Trained

At the Big Four, we led IT audit engagements spanning SOC reporting, SOX 404 IT general controls, FISCAM-based governmental audits, and financial statement audit support across government, private, and public sector clients. That work was performed against PCAOB and AICPA standards, across a wide range of environments and industries.

We have also been on the other side. Jordan has worked as a GRC analyst and security professional, building internal compliance programs and leading a financial services company through its first SOC 1 and SOC 2 attestation from the inside. He has designed the control frameworks, gathered the evidence, and navigated the process as the client, not the auditor.

Having both implemented controls and audited them, we understand what reasonable looks like from both directions. That perspective shapes how we scope engagements, what we ask for, and how we help clients build programs that hold up when it matters.

Active members of

ISACA

AICPA

ISC2

Attending AICPA Annual Conference in Las Vegas, NV

Credentials

Our team holds certifications across financial reporting, cybersecurity, IT auditing, and risk management. We stay current with industry changes to help clients build practical controls, assess risk effectively, and meet audit goals.

CPA Certified Public Accountant (Colorado lic: CPA.9039499)
CISSP Certified Information Systems Security Professional
CISA Certified Information Systems Auditor
CRISC Certified in Risk and Information Systems Control
CISM Certified Information Security Manager
CITP Certified Information Technology Professional

AICPA Member Firm

Colorado CPA Firm License: FRM.5000785

Why Certifications Matter

Each certification represents rigorous examination, applied field experience, and mandatory continuing education: credentials that must be earned and maintained, not just held.

For your engagement, this means the team leading your audit is technically current, ethically accountable, and independently verified, with the goal of making sure your audit is worth it: that you come out of it genuinely secure and compliant with the industry standards or customer demands you are facing.

Ready to work with us?

No obligation, just an honest conversation about your needs.

Connect with an Expert

September 9, 2025

SOC 3 Reports Explained

Answers to frequently asked questions about what SOC 3 Reports are used for and the differences between SOC 3 and SOC 2.

August 26, 2025

SOC 2 Type I vs Type II: Key Differences

What is the difference between a SOC 2 Type I and Type II report? Learn which report your company needs, key differences,…

August 19, 2025

10 Critical SOC 2 Compliance Gaps

A look at the 10 most common gaps in SOC 2 compliance and how to address them effectively.

July 14, 2025

What Is a SOC 2 Report? Why It Matters

SOC 2 will provide you with a competitive advantage in the marketplace while allowing you to close deals faster and win new…

July 12, 2025

Why Your SOC 2 Auditor Choice Matters

Choosing a SOC 2 Auditor? Insights on what to look for in an audit partner to help you achieve and maintain SOC…

April 7, 2025

The 5 Trust Services Categories of SOC 2 Reports

Discover the critical elements of internal control that help organizations protect assets and maintain compliance.