Some questions to consider
How do you think about risk in your firm? Do you consider and report on Strategic, Business, Financial, Operational and Conduct risk?
Do you look to turn risks into opportunities to gain competitive advantage?
How resilient is your business? What information do you use to show this?
What coping mechanisms do you have in place for the loss of people, premises, technology and suppliers? Have you tested them for effectiveness?
Is risk management embedded throughout your organisation?
Do key decision makers within the organisation get regular risk reporting?
What are the main assets of your firm and how do you protect them?
Do you have a response plan in place if you were to fall victim to a cyber attack? What key people within your firm would you go to? Who would you contact externally?