ExpertMedium1 markMultiple Choice
CPA · Question 40 · Area III: SOC Engagements
In a SOC 2® engagement, what are 'Complementary User Entity Controls' (CUECs)?
In a SOC 2® engagement, what are 'Complementary User Entity Controls' (CUECs)?
Answer options:
A.
Controls performed by the subservice organization.
B.
Controls that the service organization assumes the user entity will implement to achieve the control objectives.
C.
Controls that are optional for the service organization.
D.
Controls that replace the need for a SOC report.
How to approach this question
Break down the term: 'User Entity' = Customer. 'Complementary' = Needed to complete the picture.
Full Answer
B.Controls that the service organization assumes the user entity will implement to achieve the control objectives.✓ Correct
Controls that the service organization assumes the user entity will implement to achieve the control objectives.
CUECs are essential because the service organization cannot control everything (e.g., user password strength, user device security).
Common mistakes
Confusing CUECs with CSOCs (Subservice controls).
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium