ExpertMedium1 markMultiple Choice
CPA · Question 16 · Area III: SOC Engagements
Which of the following is a 'Complementary User Entity Control' (CUEC) likely to be found in a payroll service provider's SOC 1® report?
Which of the following is a 'Complementary User Entity Control' (CUEC) likely to be found in a payroll service provider's SOC 1® report?
Answer options:
A.
The service provider backs up the payroll database nightly.
B.
The user entity must notify the service provider of terminated employees within 24 hours.
C.
The service provider encrypts data in transit.
D.
The service provider performs background checks on its employees.
How to approach this question
Identify the control that the CLIENT (User Entity) must perform, not the auditor or service provider.
Full Answer
B.The user entity must notify the service provider of terminated employees within 24 hours.✓ Correct
B
CUECs are controls that the service organization assumes, in the design of its system, will be implemented by user entities (customers) to achieve the control objectives. Notifying the provider of terminations is a classic user responsibility.
Common mistakes
Selecting a control performed by the service provider.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium