Third Party Risk Blog Series: The Problem with Questionnaires is Human Nature
Questionnaires aren’t inherently bad; they are an efficient means of collecting information across some respondents to form a consistent and comparable set of data.
The issue is with the effectiveness, and the primary cause of that ineffectiveness is caused by human involvement in the process. The cognitive process involved in answering questions is quite a resource intensive for the respondent. The respondent first has to read and understand the question, applying any context to the question. The respondent must then recall the related facts (or recognize they don’t have the information and conduct an investigation) and summarise that information into the context of the question. Additionally, the Respondent has a motive around answering the questions. With third-party questionnaires, there is a desire to meet that obligation, as such if there is not a direct answer, there will be an additional cognitive effort to reframe the answer in a preferable light.
Humans spend much of their day operating from the basal ganglia which require less energy to operate. The evaluation of new information and higher level thinking depends on the prefrontal cortex, which is less energy efficient (Rock and Schwarz 2006). Switching from basal ganglia to prefrontal cortex creates some feelings of anxiety and being outside of one’s comfort zone. In the same way that we often feel fatigued after a long meeting or training, answering complex questions has a similar effect. This deep thinking shouldn’t be taken for granted in the respondent.
We have borrowed the term ‘assessment fatigue’ from the world of medicine, to describe the mental fatigue that a respondent feels from answering questions. When completing a voluntary assessment when the respondent reaches that fatigued state they can simply stop answering the questions and leave the assessment. Our third parties, however, are normally committed to completing such assessments, so the respondent doesn’t have the option not to complete the assessment; however, the fatigue is no less present due to this commitment.
What we should take away from this is that the respondent has a finite amount of mental focus to provide answers. To make an effective questionnaire, it is the responsibility of the person designing the survey to be aware and manage that finite resource.
About SureCloud
SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.
About Alex
Alex has over 16 years’ experience in IT, mobile technology and software development. He has spent the last seven years specializing in governance, risk, and compliance (GRC). After just six months in the industry, Alex received a platinum-level excellence award for his work around risk bow-tie modeling, Solvency 2 and Basel 3. Now focusing primarily on operational risk, Alex has analyzed, designed and implemented GRC technology into 60 companies, including some of the largest and most complex environments. His experience spans multiple sectors, including telecommunications, aviation, pharmaceuticals, manufacturing, retail, public sector, financial services and insurance.