Author: GRC Practice Director, Alex Hollis.
In this Third Party Risk Management blog series, Alex Hollis will guide you through developing effective information gathering for third parties using five key steps to the formulation of a third party risk assessment questionnaire.
In this second installment, he discusses decision orientated requirements and looks at how you can remove the inefficiency of collecting unnecessary data.
When thinking about questionnaires, we need to plan what to do with the information.
The first level is informational; these requests say nothing about what will be done with the information or how much is required to reach a decision.
The next level is study-type requests, which focus not only on the information but also ensure there is further study to follow this up.
Finally, there are decision requests; these begin with the heart of the matter. The information to be gathered and the most appropriate method will be far easier to determine.
This move to decision-orientated research is far superior to the approach of obtaining data simply for the sake of having more information or expecting an epiphany from the data set.
Try asking “What decision am I looking to make?” if you are struggling to think about the decision try thinking about what hypothesis you are trying to prove or disprove.
This decision-orientated approach is helpful because it will cut through the inefficiency of collecting data that you have no intention of making any decision on. This goes further to managing the focus of the respondent but also reduces the need to process that data.
Moving from the informational approach to a decision-orientated approach is difficult when working with others. Allowing the informational questions to be captured and then working back to the decision is often helpful.
When doing this exercise if you can’t establish the reason then you have discovered redundant data. You may also find that a given question has some decisions to which it relates, this is great as you have already identified an efficiency.
In March 2019 we hosted a free webinar taking you through the five key steps to the formulation of a third party questionnaires. Hear from Alex Hollis, SureCloud’s GRC Practice Director as he discusses efficient and effective information gathering from third parties. The session covers topics such as:
The webinar is available on-demand via BrightTALK here.
Discover the next blog in the third party risk management series here, where we look at understanding thresholds needed to make decisions, setting the expected level and being clear on what the minimum accepted level might be.
To view the previous blogs in the third party risk management series click here.
See you next week!