• There are no suggestions because the search field is empty.

TPRM: How to Write Effective Open Questions

By Alex Hollis at SureCloud
Published on 20th June 2023

Share:

 

In this Third Party Risk Management blog series, Alex Hollis will guide you through developing effective information gathering for third parties using five key steps to the formulation of a third party questionnaire. The webinar is available on-demand via BrightTALK here.

There are five key steps to the formulation of a third party questionnaire:

 

  • Requirements – establishing the needs of the organization both in terms of the risks that need to be managed and the compliance needs from regulation and any stakeholder commitments.

  • Research – obtaining an understanding of the types of information needed to satisfy the requirements and prioritizing the needs among the various types of third parties the organization has.

  • Planning – consideration for the method, structure, and number of assessments (this can also include non-questionnaire approaches such as audits and interviews)

  • Writing questions – Formulating the actual questions themselves and the method of response.

  • Testing – Obtaining validation and identifying any areas of improvement.

 

In the eleventh installment, Alex will explore the positives and negatives to using an open question in your questionnaire, detailing the techniques on how to get the most reliable answer from your respondent.

 

1. Provide appropriate space for answers

The size of the writing area is an indication to the respondent how much detail you are looking for in response to the question. A short box is suggesting a short answer. A long multi-line box is suggesting you are looking for the respondent to share more information.
 
There is a lot of benefit in collecting a detailed response; however, it is costly in terms of the assessment fatigue of the respondent and will require more effort during the review to read and comprehend.

2. Recognize the limitations of this type of question

An open question on a questionnaire allows a respondent to provide a directed but open response. Given the nature of the questionnaire, the time the respondent spends will be limited, and there is no opportunity for follow-up questions.
 
Worse if the question is vague in nature, the answer given will provide very limited value.
 
To improve the question, you should be as specific as possible and then spend time thinking about those follow-up questions in advance and build those prompts into the question text.
 
If you are finding that there are a number of these open questions, then consider changing the survey type to something more interactive in nature, such as an interview.

3. Consider adding an introductory statement to improve the quality of the responses

One way to get respondents to provide longer answers is to elaborate on why the data is important. Smyth, Dillman, Christian and McBride (2009) conducted experiments and found that introductory statements resulted in more words, more themes and more elaboration on themes and more time spent answering the questions. It primes the mind.
 
When asking open questions, try to include the details about the risk that is being evaluated and why it is important to the organization.
 
Worse if the question is vague in nature, the answer given will provide very limited value.
 
To improve the question, you should be as specific as possible and then spend time thinking about those follow-up questions in advance and build those prompts into the question text.
 
If you are finding that there are a number of these open questions, then consider changing the survey type to something more interactive in nature, such as an interview.
 

Stay tuned for next weeks blog which will be the last blog in the series TPRM Blog 12- Testing Your Third Party Questionnaire. The blog will discuss the steps that should be taken to test your questionnaire before you run your third-party assessment.

 

To view the previous blogs in the series click here.

 

See you next week!

Share:

Vector (7)
Vector-1
Content

Stay in the know
with SureCloud


Want to keep your fingers on the pulse of the information security world? Subscribe to the SureCloud newsletter and get the latest news, resources and insights – straight to your inbox.
Related Blogs
Optimizing PCI DSS Compliance: The Role of INFI in Continuous Compliance Improvement

Optimizing PCI DSS Compliance: The Role of INFI in Continuous Compliance Improvement

INFI: Improving PCI DSS v4.0 Compliance & Security

Compliance Management

GRC

CCM

Incident Response Testing: The Key to Your Security Strategy

The Vital Role of Incident Response Testing in Organizations’ Security

Incident Response Testing: The Key to Your Security Strategy

Cyber Risk Management

How SureCloud Empowers Organizations in Transitioning to PCI DSS Version 4 Compliance

How SureCloud Empowers Organizations in Transitioning to PCI DSS Version 4 Compliance

Transition to PCI DSS v4.0 Compliance with SureCloud

Compliance Management

GRC

CCM

ebook download image

Inspired? Find out how SureCloud can help you achieve success, too.

Get in touch for a demo or chat about your challenges
with one of our experts – we’re ready to help.
Talk to experts Book demo

Join the 1,000+ customers who count on us to guide their GRC transformation journey

Boltshift
Lightbox
FeatherDev
Spherule
GlobalBank
Nietzsche