ExpertHard1 markMultiple Choice
CPA · Question 70 · Area III: SOC Engagements
An auditor is reviewing the 'Complementary User Entity Controls' (CUECs) in a SOC 2® report. Who is responsible for implementing these controls?
An auditor is reviewing the 'Complementary User Entity Controls' (CUECs) in a SOC 2® report. Who is responsible for implementing these controls?
Answer options:
A.
The service organization
B.
The service auditor
C.
The customer (User Entity) of the service organization
D.
The subservice organization
How to approach this question
User Entity = Customer. CUEC = Controls the Customer must do.
Full Answer
C.The customer (User Entity) of the service organization✓ Correct
The customer (User Entity) of the service organization
CUECs are controls that the service organization assumes, in the design of its system, will be implemented by user entities (customers) to achieve the control objectives.
Common mistakes
Thinking the service org does them.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard