As former Chief Information Officer of a Fortune 500 company, I wonder how many CEOs and CIOs are sleeping well these days. While the debate rages on whether leaders should have predicted COVID-19 or at least better prepared for managing the impacts, some countries and businesses have handled the crisis far better than others. I doubt those that are doing well fully predicted all aspects of the pandemic, but they appear to have robust risk management operating models able to handle the negative impacts and some are even exploiting opportunities. A well-defined IT risk management structure should extend beyond the narrow confines of cyber security, regulatory, and systems recovery controls to encompass all potential corporate threats to the enterprise. Here are some questions worth asking your IT leader to help you assess how effectively IT risks are being managed within your company.