Skip to content
Log in

Complementary User Entity Controls (CUECs)

Definition

Controls that the service organisation's system design assumes the user entity will implement. Listed in the SOC 2 report. If the user entity does not implement CUECs, the service organisation's controls may not achieve the stated control objectives.

Related terms

SOC 1 (SSAE 18)
A report on controls at a service organisation that are relevant to user entities' financial statements. Governed by Statement on Standards for...
SOC 2
A report on controls relevant to the AICPA's Trust Service Criteria. Produced under the AT-C 205 attestation standard. Covers Security (mandatory) plus...
Trust Service Criteria (TSC)
The five criteria used to evaluate controls in a SOC 2 engagement: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The criteria are...
Type I report
An attestation report that provides an auditor's opinion on whether controls are suitably designed to meet the stated control objectives, assessed at...
Type II report
An attestation report that provides an auditor's opinion on both the suitability of design and the operating effectiveness of controls over a...

Explained in

  • SOC Reports and Third-Party AssuranceControls that the service organisation's system design assumes the user entity will implement. Listed in the SOC 2 report. If the user entity does not implemen...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account