ExpertMedium1 markMultiple Choice
CPA · Question 35 · Area III: SOC Engagements
Which of the following is an example of a 'Complementary User Entity Control' (CUEC) that might be listed in a payroll service provider's SOC 1® report?
Which of the following is an example of a 'Complementary User Entity Control' (CUEC) that might be listed in a payroll service provider's SOC 1® report?
Answer options:
A.
The service provider backs up the database nightly.
B.
The service provider performs background checks on its employees.
C.
The service provider encrypts data in transit.
D.
The user entity is responsible for notifying the service provider of employee terminations in a timely manner.
How to approach this question
Identify the control that the CUSTOMER (User Entity) must perform.
Full Answer
D.The user entity is responsible for notifying the service provider of employee terminations in a timely manner.✓ Correct
D
CUECs are controls that the service organization assumes, in the design of its system, will be implemented by user entities to achieve the control objectives. Timely notification of changes is a classic CUEC.
Common mistakes
Thinking the report only lists the provider's controls.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard