SOC 2: A Deeper Dive into Implementing 2017 Trust Services Criteria

Presented on:
November 15, 2018 9:00 AM PT
1 hour

In an ongoing effort to provide service organizations with a means of communicating the security of their internal controls to customers, recent changes to the 2017 Trust Services Criteria are designed to align with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework and promote best practices.

Companies that currently issue an annual System and Organization Controls (SOC) 2 report—or that plan to issue a SOC 2 report in the near future—need to be aware of the changes. They’re effective for any SOC 2 reports issued after December 15, 2018.

In our webcast, we’ll cover SOC 2 changes and focus on areas where service organizations can expand their controls to better meet the SOC 2 criteria. We’ll also discuss methods for approaching the following:

  • Performing a risk assessment
  • Evaluating vendors and service providers
  • Successfully assessing fraud
  • Strengthening your company’s internal controls


Kim Koch, Partner, Moss Adams

Kim has practiced public accounting since 2001 and has over fifteen years’ experience in conducting System and Organization Control (SOC) readiness assessments and audits, compliance audits, attestation examinations, and internal controls evaluations. She serves clients across a variety of industries such as technology, telecommunications, and higher-education, and with varying business structures including publicly-traded entities, private businesses, third-party administrators, and government agencies. Her expertise includes professional review of service organization controls to evaluate a user-entity's internal control over financial reporting; supervision of audit and assessment teams; controls evaluation and definition improvement to ensure they meet the objective(s); testing internal controls and monitoring IT compliance; research of technical issues as IT complexity and fraud strategies evolve; and identifying risk and control gaps and providing remediation suggestions. Kim regularly provides educational training and seminars on SOC 1-2-3 topics and has a preference for empowering business-process owners.

Maria Braun, IT Audit Manager, Moss Adams

Maria is a manager in the IT Auditing and Consulting group where she provides support for internal controls reviews, SOC audits, SOC 2 readiness assessments, IT assessments, and SOX 404 compliance programs. Maria also has extensive experience reviewing technology environments and she specializes in providing various social engineering services.

Registration Form

Please make sure Javascript is enabled and your browser is up-to-date.


Registration information for this event may be shared with the event's co-hosts, speakers, and sponsors.