Yes on all 4 counts.
You could do 4) on your own desktop if you want to make that step even more private. Or you could just use the coins from your desktop.
There’s little need to “check” whether the coins are there or not. If you generate the address/private key combo in a secure way (and it can be done on your desktop too, say with Armory or shell scripts), the only leak can be you. The other possibility is that someone figures out a way to get around the Bitcoin security (in which case you’d read about that in the news).