SureCloud logo
Request a demo Contact us Resources

Author: GRC Practice Director, Alex Hollis.

Blog Series Introduction

In this Third Party Risk Management blog series, Alex Hollis will guide you through developing effective information gathering for third parties using five key steps to the formulation of a third party questionnaire. The webinar is available on-demand via BrightTALK here.


There are five key steps to the formulation of a third party questionnaire:

  • Requirements – establishing the needs of the organization both in terms of the risks that need to be managed and the compliance needs from regulation and any stakeholder commitments.
  • Research – obtaining an understanding of the types of information needed to satisfy the requirements and prioritizing the needs among the various types of third parties the organization has.
  • Planning – consideration for the method, structure, and number of assessments (this can also include non-questionnaire approaches such as audits and interviews)
  • Writing questions – Formulating the actual questions themselves and the method of response.
  • Testing – Obtaining validation and identifying any areas of improvement.

In the eleventh installment, Alex will explore the positives and negatives to using an open question in your questionnaire, detailing the techniques on how to get the most reliable answer from your respondent. 

1. Provide appropriate space for answers

The size of the writing area is an indication to the respondent how much detail you are looking for in response to the question. A short box is suggesting a short answer. A long multi-line box is suggesting you are looking for the respondent to share more information.
There is a lot of benefit in collecting a detailed response; however, it is costly in terms of the assessment fatigue of the respondent and will require more effort during the review to read and comprehend.

2. Recognize the limitations of this type of question

An open question on a questionnaire allows a respondent to provide a directed but open response. Given the nature of the questionnaire, the time the respondent spends will be limited, and there is no opportunity for follow-up questions.
Worse if the question is vague in nature, the answer given will provide very limited value.
To improve the question, you should be as specific as possible and then spend time thinking about those follow-up questions in advance and build those prompts into the question text.
If you are finding that there are a number of these open questions, then consider changing the survey type to something more interactive in nature, such as an interview.

3. Consider adding an introductory statement to improve the quality of the responses 

One way to get respondents to provide longer answers is to elaborate on why the data is important. Smyth, Dillman, Christian and McBride (2009) conducted experiments and found that introductory statements resulted in more words, more themes and more elaboration on themes and more time spent answering the questions. It primes the mind.
When asking open questions, try to include the details about the risk that is being evaluated and why it is important to the organization.

Next week…

Stay tuned for next weeks blog which will be the last blog in the series TPRM Blog 12- Testing Your Third Party Questionnaire. The blog will discuss the steps that should be taken to test your questionnaire before you run your third-party assessment.

To view the previous blogs in the series click here.

See you next week!

A

Get Started with SureCloud