An auditor is reviewing the 'Complementary User Entity Controls' (CUECs) in a SOC 2® report. Who is responsible for implementing these controls?

Answer options:

The service organization

The service auditor

The customer (User Entity) of the service organization

The subservice organization

How to approach this question

User Entity = Customer. CUEC = Controls the Customer must do.

Full Answer

C.The customer (User Entity) of the service organization✓ Correct

CUECs are controls that the service organization assumes, in the design of its system, will be implemented by user entities (customers) to achieve the control objectives.

Common mistakes

Thinking the service org does them.

Question 69 All questions Question 71

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →