User Entity Responsibility for Complementary User Entity Controls (CUECs)

Which of the following is a responsibility of user entity management over complementary user entity controls (CUECs)?

A) Implement CUEC(s) that address each control deemed necessary by the service organization for each relevant control objective.

B) Obtain an understanding of the CUEC(s) designed and implemented by the service organization.

C) Implement CUEC(s) exactly as specified by the service organization for each relevant control objective.

D) Confirm that the service auditor's report provides an opinion on the operating effectiveness of the CUEC(s).

Answer: B) Obtain an understanding of the CUEC(s) designed and implemented by the service organization.

User entities are responsible for understanding the CUECs designed and implemented by the service organization. They are not required to implement CUECs themselves or confirm the auditor's opinion on their effectiveness. While aligning implemented CUECs with the service organization's control objectives is good practice, it is not the primary responsibility.