consideration of inherent risk and control risk through which the auditor arrives at
the risk assessment. ... The auditor should consider whether specialized CIS skills are needed in an audit. obtain a sufficient understanding of the accounting and internal control systems affected by the CIS environment