Application: Perform procedures to obtain an understanding of entity-level controls and how an entity has responded to risks arising from the use of IT, including identifying and testing the design and implementation of relevant IT general controls.