What are complementary user entity controls $($CUEC$\text{'}$s$)$ in the context of a SOC $1$

engagement?

Controls that management of the service organization assumes, in the design of the service

organization's system, will be implemented by the subservice organizations and are necessary to

achieve the control objectives stated in management's description of the service organization's

system.

Controls that management of the service organization assumes, in the design of the service

organization's system, will be implemented by user entities and are necessary to achieve the control

objectives stated in management's description of the service organization's system.

The policies and procedures at a service organization likely to be relevant to user entities' internal

control over financial reporting.

The aim or purpose of specified controls at the service organization. Control objectives address the

risks that controls are intended to mitigate.