Photo of Kimberly A. Koch
Kimberly A. Koch
Principal
CPA
kim.koch@mossadams.com
(509) 777-0107
My Profile

Industry Expertise

Communications & Media Government Services Higher Education Professional Services Technology

Practice Focus

Health Care Consulting Internal Audit IT Compliance Performance Audits Process & Internal Controls Risk & IT Compliance SOC Examinations

Biography

Kim has practiced public accounting since 2001 and has over fifteen years’ experience in conducting System and Organization Control (SOC) readiness assessments and audits, compliance audits, attestation examinations, and internal controls evaluations. She serves clients across a variety of industries such as technology, telecommunications, and higher-education, and with varying business structures including publicly-traded entities, private businesses, third-party administrators, and government agencies. Her expertise includes:

  • Professional review of service organization controls to evaluate a user-entity's internal control over financial reporting
  • Supervision of audit and assessment teams
  • Controls evaluation and definition improvement to ensure they meet the objective(s)
  • Testing internal controls and monitoring IT compliance
  • Research of technical issues as IT complexity and fraud strategies evolve
  • Identifying risk and control gaps and providing remediation suggestions

Kim regularly provides educational training and seminars on SOC 1-2-3 topics and has a preference for empowering business-process owners.

Selected Speaking Engagements

  • Third-Party Risk and the New SSAE 18
    (ISACA Sacramento, March 2017)

Professional Affiliations

  • Member, American Institute of Certified Public Accountants
  • Member, Washington Society of Certified Public Accountants

Education

  • BA, business administration (accounting), University of Washington (cum laude)

Insights from Kimberly A. Koch

Article
How to Comply with Trust Services Criteria for SOC 2 Examinations
The criteria enhances SOC 2 reporting by providing greater coverage over IT governance and operational management. Learn more.
Article
Webcast
Value of SOC 2 Reporting to Mitigate Cyber-risk
Learn about SOC 2 audit procedures, best practices, and how to determine if a SOC 2 audit is right for your organization.
Webcast
Article
Why It’s Important to Review Vendors’ SOC Reports
Obtain a new vendor’s SOC reports, so you can address the risks related to outside service providers.
Article
Article
What Is a SOC Report, and Why Is It Important?
Learn all the different types of SOC reports, why they’re important, and what information they provide.
Article
Article
C5 Compliance Can Increase the Transparency of Data Protection
The Cloud Computing Compliance Criteria Catalogue (C5) could increase customer security and result in time-saving measures.
Article
Webcast
Best Practices to Bolster Your SOC 2 Report
Gain insight into best practices and current trends for improving your System and Organization Controls (SOC) 2 report.
Webcast
Article
How Technology Companies Can Improve Their SOC 2 Audit and Stay Competitive
See how technology companies can enhance their SOC 2 audit report, increase credibility, and maintain a competitive edge.
Article
Article
Why It’s Key for Technology Companies to Prove Integrity of Internal Controls
Instill confidence that your internal controls are sound is with a system and organization control (SOC) examination.
Article
Article
Efficiencies with Data and Internal Controls Could Translate to Revenue
How to improve efficiencies with data and internal controls for technology, communications, and life sciences companies.
Article

Baker Tilly US, LLP, Baker Tilly Advisory Group, LP and Moss Adams LLP and their affiliated entities operate under an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly Advisory Group, LP and its subsidiaries, and Baker Tilly US, LLP and its affiliated entities, trading as Baker Tilly, are members of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. Baker Tilly US, LLP and Moss Adams LLP are licensed CPA firms that provide assurance services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and consulting services to their clients and are not licensed CPA firms. ISO certification services offered through Moss Adams Certifications LLC. Investment advisory offered through either Moss Adams Wealth Advisors LLC or Baker Tilly Wealth Management, LLC.