Which of the following configurations of elements represents the most complete disaster recovery plan? Vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team. Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan. Off-site storage procedures, identification of critical applications, test of the plan. Vendor contract for alternate processing site, names of persons on the disaster recovery team, off-site storage procedures. Candy and Steve are working on the audit of Peagram Enterprises, LLC, a distributor of frozen foods throughout the continental United States, and are attempting to assess the firm's level of segregation of duties. Which of the following represents a possible procedure they could perform to document this for the audit? The auditors could opt to use an observation procedure, whereby they observe selected employees performing their duties. The auditors should request written assurances from senior management which can be documented and added to the audit file. The auditors should document their understanding of the client's structure, and then prepare a flowchart as confirmation of segregation of duties. The auditors should compile questionnaires to be distributed to all employees, requesting they attest to how well duties are. segregated. Carrie and her supervisor Michael, an audit manager assigned to the attestation engagement of Southwood Enterprises are discussing management letters. Carrie advises Michael that she understands what a management letter is, but isn't really sure of what benefits sending such a letter provides for the auditors. What is the most appropriate response by Michael to this question? Auditing firms typically spend a considerable amount of time carefully crafting management letters, as this can be used to increase the number of billable hours associated with the audit. The auditors typically send management letters to the client's senior management to confirm that upon receipt of the auditors assessment of internal control, management will work to eliminate all potential misstatements caused by any deficiencies or weaknesses. One of the benefits to the auditing firm of sending a management letter is that in so doing, the client is accepting any and all legal liability for misstatements in the financial statements caused by internal control. Upon sending management letters to a client's senior management, the auditors are able to gauge management's response to any notable items, which provides a measure of how management prioritizes internal control. During the audit of Sloan Enterprises, one of the audit managers assigned to the engagement, Diane, is discussing the client's internal controls with an audit team that is getting ready to begin testing these internal controls. One of the audit staff associates mentions that the client has historically had robust controls in place, which has enabled the auditor to previously adopt a reliance strategy. Another staff associate agrees, and notes that the client has a large number of new employees this year. Based on this information, which of the following responses would best represent the auditor's approach to auditing the client's system of internal control? The auditor has had prior experience with the client's system of internal control, and has found it to be robust and effective. As a result, it is more likely that the auditors will focus on increasing substantive procedures and only minimally auditing internal control. As the client's system of internal control has historically proved to be robust and effective, it is most likely that the auditors will deem this to be a lower risk area of the audit. As a result, the auditors will formally request that the internal audit function complete the audit of internal control. While it is likely that the cllent's system of internal control is still robust and effective, the auditor is likely to employ protessional skepticism and consider the competence and integrity of employees who perform the controls. The auditor is required by generally accepted auditing standards to perform the same extensive audit each year on the client's syitem of internal control. As a result, the audit of internal control will remain largely unchanged from prior years, but the auditor may wish to obtain assurances from new employees that they are competent with the new controks