Risk Management Checklist

 

November 4, 2014

 

The following checklist has been designed to help identify potential directors and officers liability loss exposures. The checklist is intended to be educational and illustrative in nature, and although it contains more than 200 queries, it is not intended to address all elements of a comprehensive risk management program. Rather, the checklist provides the reader with a basis for conducting an evaluation of his own company's risk management program.

 

The checklist can also be an essential tool to help risk managers design and maintain an effective risk management program. Any “No” or “Unknown” answers may indicate a potential problem area that should be closely evaluated in order to reduce or eliminate civil or criminal liabilities imposed by state or federal laws and regulations.

 

 

General Corporate Bylaw Provisions

Yes

No

Unknown

1.

Do the corporation's bylaws conform to the rights and duties conferred upon the organization by statutes applicable in the state of incorporation?

____

____

____

2.

Have actual or potential violations of statutory provisions been brought to the attention of the board of directors?

____

____

____

 

 

 

 

 

 

Risk Management Policy

Yes

No

Unknown

1.

Does the corporation have a formal, documented risk management policy?

____

____

____

2.

Does the policy take into account any special requirements of the organization's structure, regulatory constraints, business strategy, and overall risk management philosophy of the board of directors?

____

____

____

3.

Does the risk management policy include identification of the organization's risks and systems to manage those risks?

____

____

____

4.

Has the board of directors issued clear guidelines for the corporation's internal risk analysis?

____

____

____

5.

Does the risk management policy include guidelines for communicating with customers, shareholders, governmental regulatory agencies, and other parties that deal with the corporation?

____

____

____

6.

Is a periodic legal audit conducted to evaluate the organization's legal structure, pending litigation, potential claims and internal policies, procedures, and guidelines?

____

____

____

7.

Are financial activities monitored against set limits?

____

____

____

8.

Do the guidelines specify what action is to be taken if set limits are exceeded?

____

____

____

9.

Does the corporation have the required expertise to provide and analyze financial reports?

____

____

____

10.

Are “what if” calculations performed to determine potential risks?

____

____

____

11.

Does the board receive timely updates on the corporation's financial activities and do those reports comply with corporate guidelines?

____

____

____

12.

Does the risk management policy include a system for control of management information and records retention?

____

____

____

13.

Does the policy contain procedures for identifying actual or potential conflicts of interest?

____

____

____

14.

Does the corporation have a document retention program that includes periodic review of documents to determine if the document should be retained or destroyed?

____

____

____

15.

Have board members and company personnel been instructed to cooperate fully with governmental investigations?

____

____

____

16.

Does the risk management policy include purchase of directors and officers liability insurance?

____

____

____

17.

Are directors and officers liability insurance contracts, including policy terms, conditions, and exclusions, reviewed at least annually for scope and adequacy?

____

____

____

 

 

 

 

 

 

Limitation of Liability

Yes

No

Unknown

1.

Are directors aware of state and federal laws applicable to the potential personal liabilities that may be imposed upon them?

____

____

____

2.

Are directors familiar with the specific statutory provisions that may be adopted by the corporation to limit their liability?

____

____

____

3.

Has the board taken the steps required to adopt the statutory limiting liability provisions?

____

____

____

4.

Have shareholders ratified the limiting liability provisions?

____

____

____

5.

Do directors register a formal dissent from any resolution if not convinced the proposed action is in the best interests of the corporation?

____

____

____

6.

Do directors follow the statutorily prescribed procedure for resigning from the board?

____

____

____

 

 

 

 

 

 

Indemnification

Yes

No

Unknown

1.

Do directors fully understand the extent of the indemnity provisions contained in the corporate bylaws or other agreement?

____

____

____

2.

Are directors and officers entitled to indemnification by the corporation if they can show they acted in good faith and in the best interests of the corporation?

____

____

____

3.

Is indemnity granted to directors and officers for all costs, expenses, and losses to the full extent permitted under applicable state corporation law?

____

____

____

4.

Do the indemnification provisions require the corporation to indemnify its directors and officers?

____

____

____

5.

Do the indemnification provisions require the corporation to advance legal defense costs, subject only to an unsecured obligation to repay the expenses if a court subsequently determines the indemnification was not permitted?

____

____

____

6.

Do the indemnification provisions require the corporation to prove that the directors or officers are not entitled to the requested indemnification?

____

____

____

7.

Do the indemnification provisions require the corporation to reimburse the directors and officers for any expenses incurred m a claim against the corporation for such indemnification if the director or officer is successful in whole or in part?

____

____

____

8.

Do the indemnification provisions give directors and officers the right to an appeal as to indemnification entitlement?

____

____

____

9.

Has legal advice been obtained by the board as respects the terms and extent of corporate indemnification provisions?

____

____

____

10.

Have the indemnity provisions been ratified by the corporation's shareholders?

____

____

____

11.

Does the corporation use methods other than insurance to fund its indemnity obligations to directors and officers?

____

____

____

 

 

 

 

 

 

General Obligations of Directors

Yes

No

Unknown

1.

Do directors adhere to the standard of care and skill of an ordinarily prudent person?

____

____

____

2.

Do directors maintain awareness of new and ongoing affairs of the corporation?

____

____

____

3.

Do directors exercise judgment independently of management or other directors?

____

____

____

4.

Do directors act with a valid business or corporate purpose?

____

____

____

5.

Do directors act based on a reasonable belief that their actions are in the best interests of the corporation?

____

____

____

6.

Do directors seek counsel of individuals more knowledgeable about the issues being considered by the board?

____

____

____

7.

Do directors weigh all the pros and cons before acting or refraining from acting?

____

____

____

8.

Do directors refrain from actions that may be considered self-serving or made for personal gain or profit?

____

____

____

9.

Are directors aware of any actual or potential activities of the corporation that might violate specific statutory provisions and thus trigger personal liability?

____

____

____

10.

Do directors avoid acts that are beyond the express or implied powers of the corporation or that are contrary to public policy?

____

____

____

11.

Are directors alert to any actions taken by the corporation that may constitute criminal activity?

____

____

____

12.

Do directors attend board meetings regularly and in person?

____

____

____

13.

Do directors register a formal dissent from any resolution if not convinced the proposed action is in the best interests of the corporation?

____

____

____

 

 

 

 

 

 

Fiduciary Responsibility

Yes

No

Unknown

1.

Has the board adopted a corporate policy that sets out compliance requirements regarding anti-fraud or anti-corruption laws?

____

____

____

2.

Has the board ensured that loans and other types of financial assistance

____

____

____

are made only with a reasonable expectation that the corporation will benefit?

3.

Has the board obtained a report from accountants or the chief financial officer to ensure that the corporation meets solvency tests?

____

____

____

4.

Are board members familiar with anti-fraud and anti-corruption laws applicable to the corporation?

____

____

____

 

 

 

 

 

 

Conflict of Interest Situations

Yes

No

Unknown

1.

Do directors act without self-interest or conflict of interest?

____

____

____

2.

Do directors avoid participating in discussions or voting regarding matters that may place them in a conflict of interest situation?

____

____

____

3.

Are directors required to disclose any actual or potential conflict of interest in a written notice to the board of directors and to the corporation?

____

____

____

4.

If directors must participate in a discussion or decision regarding matters that are a conflict of interest, is full disclosure of the conflict made to others (including shareholders) who are involved in the decision-making process?

____

____

____

 

 

 

 

 

 

Selection of Directors

Yes

No

Unknown

1.

Are there established criteria for selection of board members?

____

____

____

2.

Do prospective directors understand the functions and responsibilities imposed on the board by law, including the duty to manage the corporation?

____

____

____

3.

Do prospective directors understand the standards of conduct that are imposed by law on corporate directors?

____

____

____

4.

Do prospective directors understand the potential liabilities that corporate directors face upon assuming their position as board members?

____

____

____

5.

Are prospective directors aware of the business and social environment in which the corporation operates?

____

____

____

6.

Do prospective directors have any affiliation with the corporation, its management, its customers, or its shareholders that may impair their objectivity in making decisions as directors?

____

____

____

7.

Do prospective directors have any interests or business opportunities that may conflict with the interests of the corporation?

____

____

____

8.

Do prospective directors have the required expertise, training, and experience to make prudent and informed decisions on matters that come before the board?

____

____

____

9.

Do prospective directors have an inquiring and independent mind to question management's assumptions?

____

____

____

10.

Do prospective directors have an understanding of business fundamentals (finance, law, marketing, accounting, investments, etc.)?

____

____

____

11.

Do prospective directors have the time to attend board and committee meetings?

____

____

____

12.

Do prospective directors have the time to review and study reports and other materials in preparation for meetings?

____

____

____

13.

Are a majority of board members from outside the corporation?

____

____

____

 

 

 

 

 

 

Duties of Directors

Yes

No

Unknown

1.

Are directors familiar with current problems and issues confronting the organization and support the corporation's long-range plans and objectives?

____

____

____

2.

Does the board oversee and monitor the company's operations?

____

____

____

3.

Are board members required to monitor management's performance by setting objectives and measuring results against those objectives?

____

____

____

4.

Do board members review the corporation's internal financial reports, forecast reports, and any studies from outside experts or consultants?

____

____

____

5.

Has the board consulted with the auditors of the corporation to obtain objective information about the financial condition of the organization?

____

____

____

6.

Are board members required to do, and to document, adequate research before making decisions?

____

____

____

7.

Are directors required to evaluate and question the adequacy and accuracy of any information obtained from outside sources?

____

____

____

8.

Has the board established guidelines and compliance standards to prevent criminal conduct by employees, management, or individual directors?

____

____

____

9.

Do directors periodically review the adequacy of employee benefit and compensation programs, including compliance with ERISA regulations?

____

____

____

10.

Are board members required to personally attend board meetings?

____

____

____

11.

If unable to attend a board or committee meeting, do directors obtain and read copies of the minutes and any materials considered at the meeting?

____

____

____

12.

If they disagree with an action taken by the board, do directors immediately send a written dissent of the action to the board for inclusion in the minutes?

____

____

____

13.

Are board members made aware of exactly what is expected of them?

____

____

____

14.

Do directors have access to, and communicate with, senior management?

____

____

____

 

 

 

 

 

 

Board Committees

Yes

No

Unknown

1.

Do the bylaws require the establishment of specified board committees?

____

____

____

2.

Are board committees granted powers that are in compliance with state statutes governing such committees?

____

____

____

3.

Are outside experts or professionals included on board committees?

____

____

____

4.

Is the executive committee composed of both directors and executive officers of the corporation?

____

____

____

5.

Does the executive committee ensure continuous supervision of management when the board is not in session?

____

____

____

6.

Does the audit committee serve as a liaison between the board, the corporation's independent auditors, and the shareholders?

____

____

____

7.

Does the audit committee review, monitor, and provide recommendations as respects the corporation's internal financial data and controls?

____

____

____

8.

Does the nominating committee evaluate and recommend qualified candidates for the board?

____

____

____

9.

Does the compensation committee review and approve the compensation of senior executives and board members?

____

____

____

10.

Are additional committees, such as a public relations committee, a securities committee, or a risk management committee created as needed to address specific problems or concerns of the corporation?

____

____

____

11.

Are board members periodically rotated between committees to broaden their experience and understanding of the organization?

____

____

____

12.

Is there a “financial expert” on the audit committee?

____

____

____

 

 

 

 

 

 

Education

Yes

No

Unknown

1.

Is an orientation provided for all new directors that includes a description of the organization, his general and specific duties as directors, and an introduction to corporate management personnel?

____

____

____

2.

Are board members provided with continuing education as respects the company's operations and policies?

____

____

____

 

 

 

 

 

 

Conduct of Board Meetings

Yes

No

Unknown

1.

Are board and shareholder meetings scheduled on a regular basis and as frequently as prescribed in the bylaws or as necessary?

____

____

____

2.

Are directors and committee members given a meeting agenda and any relevant materials and information at least a week or two prior to the meeting?

____

____

____

3.

Where specific board action is to be discussed, are directors provided with written reports or memoranda describing the subject action and that set forth management's recommendations and the reasons therefore?

____

____

____

4.

Are copies of documents such as merger agreements, contracts, letters of intent, and an executive summary of particularly long or complex reports from outside advisors provided in advance of the meeting?

____

____

____

5.

Is ample time allotted at the meeting for both informal and formal discussion of the agenda?

____

____

____

6.

Do board members have the opportunity to actively question and challenge management and outside advisors in connection with transactions under consideration?

____

____

____

7.

Are company officers, other key management personnel, or legal counsel invited to attend the meeting when necessary?

____

____

____

 

 

 

 

 

 

Corporate Records

Yes

No

Unknown

1.

Does the corporation comply with bylaw provisions regarding the preparation and maintenance of corporate books and records, including the person(s) responsible for preparation and maintenance?

____

____

____

2.

Are directors given a copy of the minutes of all board, shareholder, and committee meetings?

____

____

____

3.

Are accurate and complete minutes of all board and committee meetings taken and retained?

____

____

____

4.

Do the minutes describe the matters discussed and the authorities relied upon in reaching the board's decision?

____

____

____

5.

Do the minutes clearly and concisely set forth exactly what action occurred during the meeting, including any limitations placed on the action taken or authority granted and any decision not to act?

____

____

____

6.

Are documents referred to at the meeting described in or attached to the minutes?

____

____

____

7.

Are the minutes reviewed prior to finalization by both the directors and by legal counsel?

____

____

____

8.

Does the corporation have a document retention program that includes periodic review of documents to determine if the document should be retained or destroyed?

____

____

____

9.

Are documents retained if there is uncertainty about whether or not they should be destroyed?

____

____

____

 

 

 

 

 

 

Takeover/Acquisition Situations

Yes

No

Unknown

1.

Do directors act to defend the corporation against a takeover in a manner appropriate to the threat posed?

____

____

____

2.

Are directors fully briefed by legal and other advisors to the corporation as to the ramifications of implementing a proposed transaction, including the standard of care directors will be expected to exercise with respect to the transaction?

____

____

____

3.

Do directors act to protect the interests of minority shareholders?

____

____

____

 

 

 

 

 

 

Employee Benefit Plans

Yes

No

Unknown

1.

Does the board of directors carefully review the qualifications of each named fiduciary, plan administrator, and investment manager to ensure that each individual or institution is eligible and qualified?

____

____

____

2.

Does the conduct of benefit plan administrators and other responsible persons comply with the fiduciary standards imposed upon them by the Employee Retirement Income Security Act of 1974 (ERISA)?

____

____

____

3.

Are administrative procedures in place to review all plan transactions in advance to ensure they are not prohibited?

____

____

____

4.

Does a designated board committee or director monitor the performance of each plan fiduciary?

____

____

____

5.

Does the committee or director responsible for monitoring fiduciary performance submit periodic reports to the board of directors?

____

____

____

6.

Are all meetings in connection with management of plan assets documented?

____

____

____

7.

Are the questions and objections of directors and officers participating in discussion of benefits plans thoroughly documented?

____

____

____

 

 

 

 

 

 

Employment Laws

Yes

No

Unknown

1.

Are supervisory personnel trained in anti-discrimination laws and the sensitivities of protected classes of employees?

____

____

____

2.

Does the corporation have written policies and procedures in place to protect against discrimination?

____

____

____

3.

Are personnel having authority to hire and fire aware of the relevant legal standards and laws governing the employment relationship?

____

____

____

4.

Are management personnel sensitized to the potential for employee claims and are they encouraged to use common sense and courtesy when dealing with employees?

____

____

____

5.

Are decisions relating to hiring, firing, promotions, and evaluations made on the basis of objective criteria and free from discrimination or bias?

____

____

____

6.

Are job applicants evaluated based on their ability to perform the essential functions of the job they are seeking?

____

____

____

7.

Are job interviews free from discriminatory questions?

____

____

____

8.

Has a confidential forum been established in which employees are able to air their grievances?

____

____

____

9.

Are all employment-related complaints made by employees thoroughly investigated and well-documented?

____

____

____

10.

Are employment-related decisions well documented?

____

____

____

11.

Are all performance reviews, particularly those of an unsatisfactory nature, carefully documented to help provide a valid defense against employees who claim to have been wrongfully disciplined or terminated?

____

____

____

12.

Are new employees removed from potential conflict of interest situations?

____

____

____

13.

Do all employees receive at least minimum regular and overtime wages as required by the Fair Labor Standards Act?

____

____

____

14.

Has the company determined the essential functions of each employment position?

____

____

____

15.

Are applicable federal and state guidelines regarding employment discrimination properly posted?

____

____

____

16.

Are efforts made to assist terminated employees in finding alternative employment?

____

____

____

 

 

 

 

 

 

Compliance with Securities Laws

Yes

No

Unknown

1.

Do securities offerings comply with state and federal statutory requirements?

____

____

____

2.

Are directors and officers familiar with the requirements of federal securities laws and regulations governing the sale of corporate stocks, bonds, and other securities?

____

____

____

 

 

 

 

 

 

Information Disclosure

Yes

No

Unknown

1.

Does the corporation have well-defined assignment of responsibilities with respect to various securities laws and disclosure issues?

____

____

____

2.

Do directors review all important securities law filings and disclosure statements to assure themselves that the corporation has taken reasonable steps to accurately and completely disclose all relevant material information?

____

____

____

3.

Does the board monitor any statements or other activities that could be construed as “offers” to sell the securities prior to the effective date of registrations?

____

____

____

4.

Do directors review reports to shareholders, proxy statements, and prospectuses and any interim financial statements or reports?

____

____

____

5.

If the board of directors has established a securities committee, does the committee review all filings made to the Securities and Exchange Commission?

____

____

____

6.

Does the board review all materials associated with a potential or actual proxy solicitation for accuracy and completeness and to make sure they comply with procedural requirements of securities laws and SEC regulations?

____

____

____

7.

Are pending registration statements or prospectuses reviewed periodically to update information, avoid misrepresentation, and make sure no material facts are omitted or misstated?

____

____

____

8.

Do all written and oral forward-looking statements include the statutorily required information disclosure?

____

____

____

9.

Are institutional investors kept abreast of significant developments?

____

____

____

10.

Do the company's CEO and CFO certify the accuracy of all company financial statements filed with the SEC as required by the Sarbanes-Oxley Act of 2002?

____

____

____

 

 

 

 

 

 

Analyst Communication

Yes

No

Unknown

1.

Does the company comment on analyst reports in its annual reports or in other published materials describing the company's financial status?

____

____

____

2.

Do communications involving a discussion of any estimates or projections disclose the adverse risks, trends, or uncertainties that might have a negative impact on expectations?

____

____

____

3.

Are updated or revised projections prepared and released as soon as previously published comments are no longer consistent with projections?

____

____

____

4.

Are all comments or disclosures made to analysts documented?

____

____

____

5.

Does the documentation include contrary opinions within the company as well as why the opinions were rejected?

____

____

____

6.

Does the corporation retain a copy of all documents released to analysts, as well as transcripts of all statements given or comments made to help avoid ambiguity over what information was actually communicated?

____

____

____

 

 

 

 

 

 

Insider Trading

Yes

No

Unknown

1.

Is the availability of material nonpublic information limited only to those persons who need to know the information in order to participate in relevant discussions?

____

____

____

2.

Do directors minimize trading of the corporation's stock to avoid suspicion that such trading was based on insider knowledge?

____

____

____

3.

Are employees who have access to confidential information given a policy statement informing them of their obligation to safeguard that information and instructing them not to trade on the basis of the information?

____

____

____

4.

Has a central authority or compliance committee within senior management been established for the purpose of monitoring insider trading of company securities?

____

____

____

5.

Does the policy provide for clearly defined “trading windows” when trading is permitted by insiders who are not in possession of material non­public information and who have obtained pre-trade approval by the designated internal authority?

____

____

____

6.

Does the policy provide for clearly defined “blackout periods” during which all insider trading is strictly prohibited?

____

____

____

 

 

 

 

 

 

Periodic Reports

Yes

No

Unknown

1.

Are the persons within the company who are to be responsible for securities risk identification and disclosure clearly identified in periodic reports?

____

____

____

2.

Do the reports include a separate “risk factor” section that contains a discussion of the risks, trends, and uncertainties that the company faces?

____

____

____

 

 

 

 

 

 

Registration

Yes

No

Unknown

1.

Have the directors approved any future plans to make a securities offering, recapitalize, or to participate in a merger, divestiture, or acquisition?

____

____

____

2.

Do the registration and offering materials comply with SEC requirements?

____

____

____

3.

Are registration and offering materials, including forward-looking statements, free from false or misleading information?

____

____

____

 

 

 

 

 

 

Proxies

Yes

No

Unknown

1.

Are all proxy materials reviewed for accuracy, completeness, and compliance with procedural requirements of securities laws and SEC regulations?

____

____

____

2.

Does the process of preparing, publicizing, and issuing proxy materials and solicitations comply with SEC requirements?

____

____

____

 

 

 

 

 

 

Forward-Looking Statements

Yes

No

Unknown

1.

Do forward-looking statements contain the necessary cautionary language to qualify for safe harbor protection under the Private Securities Litigation Reform Act of 1995?

____

____

____

2.

Do written forward-looking statements contain a “meaningful disclosure” of the important factors that might cause actual financial results to vary from those expected?

____

____

____

3.

Do oral forward-looking statements, such as discussions with analysts, investors, or the media contain a statement that the information being conveyed is forward-looking in order to qualify for safe harbor protection?

____

____

____

4.

Are the factors that could cause financial results to vary from those expected specifically identified in publicly available documents such as an annual report or SEC reports?

____

____

____

 

 

 

 

 

 

Form Filings/Stock Ownership Requirements

Yes

No

Unknown

1.

Does the corporation comply with all form filing requirements specified under state and federal securities laws and regulations?

____

____

____

2.

Do directors and officers holding corporate securities file the forms, disclosure statements, and reports regarding their personal holdings as required by state and federal securities laws and regulations?

____

____

____

 

 

 

 

 

 

Directors and Officers Insurance

Yes

No

Unknown

1.

Does the corporation purchase directors and officers liability insurance?

____

____

____

2.

Are the directors and officers aware of the policy's terms, conditions, and exclusions?

____

____

____

3.

Does the company's risk manager or insurance representative make an annual presentation summarizing the directors and officers liability insurance?

____

____

____

 

4.

Are directors and officers liability insurance contracts, including policy terms, conditions, and exclusions, reviewed at least annually for scope and adequacy?

____

____

____

5.

Are coverage limits adequate for the size of the corporation?

____

____

____

6.

Are deductibles, retentions, or coinsurance provisions acceptable?

____

____

____

7.

Have policy provisions regarding defense costs, including provisions related to advancement of expenses and allocation, been clearly explained to directors and officers?

____

____

____

 

 

 

 

 

 

Public Health and Safety

Yes

No

Unknown

1.

Do company operations comply with federal, state, and local environmental health and safety statutes and regulations?

____

____

____

2.

Do board members and managers receive regular reports on operations governed by health and safety statutes, including information about public health and safety issues?

____

____

____

3.

Is there an ongoing system for monitoring activities governed by public health and safety statutes?

____

____

____

4.

Does the corporation comply with Occupational Safety and Health Act (OSHA) and right-to-know regulations, including maintenance of any required written safety programs?

____

____

____

5.

Is the company in compliance with federal, state, and local statutes and regulations governing the use, discharge, and disposal of hazardous materials and toxic waste?

____

____

____

6.

Is the company in compliance with Resource Conservation and Recovery Act (RCRA) requirements?

____

____

____

7.

Is the company in compliance with the Clean Water Act (CWA) requirements?

____

____

____

8.

Is the company in compliance with Air Quality Protection Act requirements?

____

____

____

 

 

 

 

 

 

Compliance with Miscellaneous Laws

Yes

No

Unknown

1.

Does the corporation comply with federal, state, and local requirements governing the withholding, reporting, and payment of taxes?

____

____

____

2.

Does the corporation have a program to protect against violating provisions of the Racketeer Influenced and Corrupt Organizations Act (RICO)?

____

____

____

3.

Does the corporation comply with applicable provisions of the Immigration Reform and Control Act (IRCA)?

____

____

____

4.

Does the corporation comply with applicable provisions of the Endangered Species Act of 1973 (ESA)?

____

____

____

 

 

 

 

 

 

 

 

 

 

 

Cyber Liability

Yes

No

Unknown

1.

Is the responsibility and accountability for the creation, implementation, enforcement, and updating of an integrated and company-wide cyber risk management program clearly defined at the executive level?

____

____

____

2.

Does the management team that addresses cyber risks include senior representatives from executive management, IT, legal, risk management, public relations, and compliance/audit?

____

____

____

3.

Is the overall cyber risk management program periodically reviewed by the board?

____

____

____

4.

Does a board committee have designated oversight responsibility for the cyber risk management program?

____

____

____

5.

What are the company's greatest cyber risks, and how are those risks being anticipated, managed, and mitigated?

____

____

____

6.

Is each component of the cyber risk management program documented, frequently tested, and periodically audited by independent experts, and what are the results of that testing and audit?

____

____

____

7.

Are protocols for reacting to a cyber risk crisis when it occurs well-defined and broadly understood?

____

____

____

8.

Are all employees required to participate in regular education and training programs relating to cyber risks?

____

____

____

9.

What is the company's budget and staffing for cyber risk management, and how does that compare with peer companies?

____

____

____

10.

What, if any, insurance coverage does the company maintain for cyber risks, and is that coverage adequate in scope and amount?

____

____

____