Author: GRC Practice Director, Alex Hollis.
Blog Series Introduction
In this Third Party Risk Management blog series, Alex Hollis will guide you through developing effective information gathering for third parties using five key steps to the formulation of a third party questionnaire. The webinar is available on-demand via BrightTALK here.
There are five key steps to the formulation of a third party questionnaire:
- Requirements – establishing the needs of the organization both in terms of the risks that need to be managed and the compliance needs from regulation and any stakeholder commitments.
- Research – obtaining an understanding of the types of information needed to satisfy the requirements and prioritizing the needs among the various types of third parties the organization has.
- Planning – consideration for the method, structure, and number of assessments (this can also include non-questionnaire approaches such as audits and interviews)
- Writing questions – Formulating the actual questions themselves and the method of response.
- Testing – Obtaining validation and identifying any areas of improvement.
In the eleventh installment, Alex will explore the positives and negatives to using an open question in your questionnaire, detailing the techniques on how to get the most reliable answer from your respondent.
1. Provide appropriate space for answers
2. Recognize the limitations of this type of question
3. Consider adding an introductory statement to improve the quality of the responses
Stay tuned for next weeks blog which will be the last blog in the series TPRM Blog 12- Testing Your Third Party Questionnaire. The blog will discuss the steps that should be taken to test your questionnaire before you run your third-party assessment.
To view the previous blogs in the series click here.
See you next week!