Moss Adams - Kimberly Koch

Industry Expertise

Communications & Media Government Services Higher Education Professional Services Technology

Practice Focus

Health Care Consulting Internal Audit IT Compliance IT Consulting Performance Audits Process & Controls SOC Audits

Biography

Kim has practiced public accounting since 2001 and has over fifteen years’ experience in conducting System and Organization Control (SOC) readiness assessments and audits, compliance audits, attestation examinations, and internal controls evaluations. She serves clients across a variety of industries such as technology, telecommunications, and higher-education, and with varying business structures including publicly-traded entities, private businesses, third-party administrators, and government agencies. Her expertise includes:

Professional review of service organization controls to evaluate a user-entity's internal control over financial reporting
Supervision of audit and assessment teams
Controls evaluation and definition improvement to ensure they meet the objective(s)
Testing internal controls and monitoring IT compliance
Research of technical issues as IT complexity and fraud strategies evolve
Identifying risk and control gaps and providing remediation suggestions

Kim regularly provides educational training and seminars on SOC 1-2-3 topics and has a preference for empowering business-process owners.

Selected Speaking Engagements

Third-Party Risk and the New SSAE 18
(ISACA Sacramento, March 2017)

Professional Affiliations

Member, American Institute of Certified Public Accountants
Member, Washington Society of Certified Public Accountants

Education

BA, business administration (accounting), University of Washington (cum laude)

Insights from Kimberly Koch

How to Comply with Trust Services Criteria for SOC 2 Examinations

The criteria enhances SOC 2 reporting by providing greater coverage over IT governance and operational management. Learn more.

Why It’s Important to Review Vendors’ SOC Reports

Obtain a new vendor’s SOC reports, so you can address the risks related to outside service providers.

What Is a SOC Report, and Why Is It Important?

Learn all the different types of SOC reports, why they’re important, and what information they provide.

C5 Compliance Can Increase the Transparency of Data Protection

The Cloud Computing Compliance Criteria Catalogue (C5) could increase customer security and result in time-saving measures.

Why It’s Key for Technology Companies to Prove Integrity of Internal Controls

Instill confidence that your internal controls are sound is with a system and organization control (SOC) examination.

Efficiencies with Data and Internal Controls Could Translate to Revenue

How to improve efficiencies with data and internal controls for technology, communications, and life sciences companies.