1. Compare and contrast the following disaster recovery options: empty shell, recovery operations center, and internally provided backup. Rank them from most risky to least risky, as well as from most costly to least costly.
2. Who should determine and prioritize the critical applications? How is this done? How frequently is it done?
3. Discuss the differences between the attest function and assurance services.
4. Define the management assertions of existence or occurrence, completeness, rights and obligations, valuation or allocation, and presentation and disclosure.