Not logged in - Login
View History

Common Tasks - Questionnaires and Distribution

Questionnaires

Adding questions

Questions must be related to controls. A set of questions for each control are provided with Abriska. It is possible to edit or add additional questions in relation to a control.

Controls are mapped to categories, hence assigning category to a supplier ensures that the appropriate questions are asked. Where a control features in multiple categories, Abriska recognises this and ensures the question is only asked once.

Note that categories are not evaluated, controls are evaluated based on the response to the questions. *Under SRM Setup, select Controls - move into control assessment questions

Available question formats

  • Multiple choice. These questions can be automatically scored based on user criteria
  • Yes/No, e.g. "do you have a policy?" automatic rating by the system
  • Yes/Not applicable; automatic rating by the system
  • Descriptive/freetext e.g. "how do you enforce the policy?" These questions require manual review and scoring.

Example of question setup option

Question branching

When setting up a question, there is an option to introduce nested questions. For example where the answer to the question is ‘yes’, then one or more additional questions can be set to request additional explanation or uploading of documentation.

Filter Questions can also be associated to a control, allowing you to remove questions for a supplier should a control or particular control question not be relevant. See SRM Setup for more details on setting up filter questions.

Information style questions are also available to provide you with more context, these do not impact the risk score. See also SRM setup.

You can also view a short video on questions in Supplier Risk Management - Video Guides

Reducing the number of questions received by a supplier

In the first instance, consider the categories that have been set up. Could additional categories be created to refine control questions? Can control questions be branched further to ensure supplier are receiving the most appropriate questions?
View the videos page that can guide you through this process or go back to SRM Setup.

Improving questionnaire completion rates

URM is happy to advise and support. In essence, completion rates are enhanced by ensuring that relevant questions are sent to the supplier only. This is where the application of ‘Categories’ can help refine the overall question set in line with the risk presented by the supplier in the context of the service or commodity supplied.

A control-based view of the assessment is obtainable by selecting ‘Controls Analysis’ on the menu sidebar. The initial display is at overall or parent Control Type level, e.g. ISO 27002:2013. Selection of the Control Type displayed will allow review at a per control level.

Questionnaire refresh

There are the options to send a blank questionnaire or send the previous completed one. If the previous completed questionnaire is selected, then Abriska will compare the newly submitted questionnaire against the old one and highlight the changes.

Questionnaire Previewer

Questionnaire Previewer can be used to test changes to control/category association, check how many questions a supplier may receive based on their linked categories and enable you to view a questionnaire before it is sent to a supplier. To utilise this go to the Supplier Dashboard page > left panel 'Questionnaire Previewer' > select the 1-3 scale of impact criticality > select the categories you want to check > generate the questionnaire. This will show you which controls are part of this questionnaire and the associated categories as well as they desired answers.
Questionnaire Previewer settings

Questions Preview

Please note you can also preview a questionnaire before it is directly sent to the supplier, enabling you to make any supplier specific edits.

Revising scores

Scores can be revised, each question can be review and the scoring updated to provide a more accurate result. Commentary is added to support the score and change to any score. A full history of scores and core revisions is maintained.

There is also the option to ‘reopen questionnaire’ which allows the supplier to edit an answer and resubmit the question.

Viewing responses before completion of the questionnaire

Abriska is configured such that the question responses can only be viewed by the customer when the supplier has fully completed their response and submitted. Progress against the number of questions assigned can be viewed at any time.

Reviewing, scoring and analysing a questionnaire response

Select ‘Analyse Questionnaire Answers’ on the Supplier Workflow tab. Then select the relevant questionnaire and select the ‘Review’ icon. The response against the question is visible. Select ‘score’ icon against the question. Select the answer score (1 to 10 scale) and provide a justification. These scores can be adjusted over time as actions raised are completed. The audit trail is retained within the questionnaire and the overall risk profile updated.

Deleting questionnaires

Questionnaires with answers cannot be deleted due to auditing requirements. Contact URM Support if there is a need to delete a completed questionnaire.

Distribution

To send a questionnaire to a supplier you can follow the 'Questionnaire Workflow' outlined in Supplier Command Centre.

Distributing the questionnaire within the supplier organisation

Suppliers can invite members of the same organisation to complete a questionnaire.

To add additional users to answer questions there are three steps: Once the supplier is logged into Abriska, they must open the questionnaire they would like to add an additional user to. > Select 'Manage People' on the left sidebar >’Add Contact’ > Enter the email address of the user who requires access and press the search icon. This must match the same domain as the primary contact for security reasons.

Once added, the user will receive an email with details to create their own account.

Issuing guidance for suppliers

We recommend informing suppliers in advance that Abriska is being used to assess the supplier as the questionnaires are sent as a default from the Abriska.com (note this can be customised through contacting URM Support). Suppliers need to be made aware that they need to complete the questionnaire in full and ‘Submit’ their response before it is made available to the issuing organisation.

The templates for supplier communications can be found under 'SRM Setup' > 'Supplier Communications'.

What the supplier sees

Please do not share this page with your supplier. This is for Abriska members-only information.

When the supplier has created an account they will be presented with questions to answer. There is a reminder for when the supplier need to complete and submit this questionnaire and they are able to add their colleagues to complete the questions.
Question Grouping by Control Types

The Abriska profile for suppliers is clear and direct and they can come through to URM support if any issue occur. The supplier contact needs to complete the survey so it is sent back to you for review.
Questionnaire submit & complete

Types of supplier data that can be stored

Additional fields can be created to hold information about each supplier. This may be information collected on supplier onboarding checklists such as financial reports, insurance information and governance information. Some customers add information regarding terms and conditions in place, e.g. standard terms and conditions, supplier terms, and negotiated terms.

Data can be extracted through ‘Other data’ under the Divisional Resources Report.

Loading large number of suppliers

Contact URM Support who are able to bulk load suppliers into Abriska.

Questionnaire Review

From the Supplier Dashboard > Questionnaires (for the desired supplier organisation) > list of questionnaires will be available > click 'Review' for the desired questionnaire you would like to analyse the answers of.

From this page you can;

  • Assign Reviewers - an organisation or division administrator can assign others within the organisation to review questions where relevant.
  • Control Analysis - view the related controls to this questionnaire and there percentage effectiveness
  • Risk Treatment - set a risk treatment and action plan
  • Questions for Review - view that manual questions that require scoring for the questionnaire to be fully completed. Note this is only for questions where is answer type is 'Text', this is a free text box answer, requiring manual review.
  • Reopen Questionnaire - you can resend the questionnaire to your supplier if answers need more clarification or evidence.

Risk Analysis

Analysing the answers to the most recent questionnaire; from the 'Questionnaire Workflow' tab, select ‘Risk Analysis’ and list of questions will appear from the most recent questionnaire.
To view questions from previous or other questionnaires go to > 'Questionnaire Options' > 'Questionnaires' > select the questionnaire you wish to view.

Risk Treatment

This is the supplier risk treatment strategy page. It will highlight to the user at what risk level the questionnaire classifies the supplier at. The user has the option the select a 'Risk Strategy' from a dropdown box to 'Accept', 'Reduce', 'Avoid' or 'Transfer'.
You must select and 'Submit' a review date before submitting a 'Risk Action'. Where a control assessment is inadequate, 'Risk Actions' can be created for remediation activity. Actions can be created on internal staff or supplier contacts. Actions are raised and recorded against a questionnaire rather than a control area.

Example for Risk Treatment and Action



Return to Supplier Risk Management