Questionnaires
A questionnaire is structurally similar to an application but with unique qualities that enable you to better create and support risk assessment processes. A questionnaire targets an individual application, such as Assets, Vendors, or Business Processes, to assess those specific objects.
Questionnaires include questions (a field type specific to questionnaires) that users must answer and system-generated fields that calculate the progress, status, and scoring of individual questionnaire records. These system fields also enable you to assign submitters and reviewers for questionnaire records and to specify due dates.
Questionnaires are available for on-prem, hosted, and SaaS deployments.
Note: The Questionnaire feature is available only if your organization has licensed one or more use cases that contain questionnaires. Questionnaires can be configured to run on mobile devices if Archer is licensed for mobile questionnaires.
On this page
Question types
|
Type |
Description |
|---|---|
|
Enable users to upload documents, pictures, diagrams, and other types of files to a questionnaire record to provide supporting information or evidence. You can specify the total number of files that can be uploaded (attached), as well as the size (between 1 and 100 MB) permitted for each file. You can also enable end users to keyword search into attached Microsoft Word and Excel, PDF, and text documents. |
|
|
Enable users to associate records from other applications or questionnaires with a questionnaire record. When you create a Cross-Reference question, a Related Records field is automatically added to the related application or questionnaire. Within an individual record in the related application or questionnaire, you can see all records that have been cross-referenced to that record. |
|
|
Enables users to either enter dates directly or click The Date question type also supports a default date value. The default date value is set when a questionnaire record is created. When configuring the default value, you can select to display the date of questionnaire record creation, a date that is a specific number of days after the date of record creation, or a static, specific date. You can also select to display no default value. |
|
|
Accepts both positive and negative values and, by default, accept values of any size. However, you can choose to apply minimum and maximum value constraints. You can also specify the number of decimal places permitted for the value. |
|
|
Accepts both alphabetic and numeric entries. It can be displayed to users in a single-line or a multi-line (scrolling) text area. If the question is configured as a text area, you can specify the height (in lines) for the control. By default, entries in this question type are not restricted. However, when configuring this question type, you can choose to set a maximum character length for entries. In addition, you can restrict users from entering a value in the Text question that is identical to a value entered in another record within the questionnaire, thereby ensuring that all values in the Text question are unique. |
|
|
Provide users with a list of predetermined values from which to choose. This field type can be expressed using one of several interface control types:
You can also add a numeric weight to a question and assign a numeric value to the individual selections available within the question. These numbers are used to compute the score for a questionnaire. You can populate a Values List question with either a custom or a questionnaire values list. If you use a custom answer list, you must define the answers for the question. Custom answer lists cannot be reused to populate any other Values List question. You can create questionnaire values lists that you can reuse for any Values List question within the questionnaire. |
to select a date from the Date Range dialog box. You can also enable users to enter a time of day to associate with the date.Question library
The Question Library is an application in Archer that stores assessment questions that you can reference and copy into a questionnaire. Each question is stored as an individual record, and each record contains information including the question and answer text as well as information necessary to display and score the question. Depending on the use cases that you have licensed, the Question Library contains a large set of pre-built questions by default. In addition, you can add new questions and store them in the Question Library.
When you create a questionnaire, you can copy any number of questions from the Question Library to the questionnaire. Once copied, you can modify and configure that question as needed, without affecting the original question record stored in the Question Library.
Questionnaire risk scoring
Question weighting is a numeric attribute that can be assigned to any Values List question.
The question weight is used to generate the question score. The score is determined by the following formula:
[question weight] * [numeric value assigned to selected answer] = question score
or (for multi-select Values List questions):
[question weight] * SUM ([numeric value assigned to selected answer1], [numeric value assigned to selected answer2]) = question score
Question scores are rolled up to determine an inherent score for the questionnaire. This score represents the natural risk associated with the target in absence of any remediation activities or changes in the environment.
Findings document incorrect answers to questions in a questionnaire. Findings are managed through the Findings application and can be automatically generated when findings rule criteria are satisfied. Users can also create findings manually. Using the Findings application, administrators can document, categorize, and remediate issues of non-compliance. Findings are not a required component of the assessment process, but by enabling findings, administrators can gain valuable insight into areas of non-compliance within their organization.
The risk that remains in a target after findings are remediated is the residual score. This score is calculated as Inherent Risk – Remediation Changes = Residual Risk. While inherent risk is calculated only once, residual risk changes over time as findings are remediated. The residual score is displayed in the Quantitative Summary in a questionnaire record, enabling end-users to monitor changes to the score over time.
System-generated questionnaire fields
When you create a questionnaire, system-generated fields are added to the questionnaire. You can configure the properties of some of these fields, while others must remain in their original state.
|
Name |
Field Type |
Configuration |
Description |
|---|---|---|---|
|
% Correct |
Calculated Numeric |
Field access only |
The percent of Values List questions that were answered correctly rounded to the nearest whole number. |
|
All Findings |
Calculated Numeric |
Field access only |
The number of findings related to the questionnaire record. |
|
Campaign Name |
Values List |
Field access only |
The name of the campaign to which the questionnaire record belongs. |
|
Comments |
Sub-Form |
Fully configurable |
A sub-form that captures comments made for individual questions. |
|
Correct |
Calculated Numeric |
Field access only |
The number of Values List questions that were answered correctly. |
|
Created By |
User/Groups List |
Fully configurable |
The user who created the questionnaire record. |
|
Created Date |
First Published |
Fully configurable |
The date the questionnaire record was created. |
|
Due Date |
Date |
Fully configurable |
The date by which the questionnaire record should be completed and submitted. |
|
Findings |
Cross-Reference |
Fully configurable |
Findings associated with the questionnaire record. |
|
Findings Generation Status |
Values List |
Fully configurable |
The status of findings-generation activity for the questionnaire record. |
|
History Log |
History Log |
Fully configurable |
A history log that tracks the following fields: Due Date, Year, Quarter, Submitter, Submission Status, Submit Date, Reviewer Review Status, and Review Date. |
|
Incorrect |
Calculated Numeric |
Field access only |
The number of Values List questions that were answered incorrectly. |
|
Inherent Score |
Calculated Numeric |
Field access only |
The sum of all Values List question weighted scores. |
|
Last Updated |
Last Updated Date |
Fully configurable |
The date the questionnaire record was last updated. |
|
Maximum Score |
Calculated Numeric |
Field access only |
The maximum potential score for the questionnaire, calculated by summing the question scores for every Values List question displayed in the questionnaire record. |
|
Open Findings |
Calculated Numeric |
Field access only |
The number of findings related to the questionnaire record that have a status of "Open." |
|
Overall Status |
Calculated Values List |
Fully configurable |
The overall status of the questionnaire based on the Submission Status and the Review Status (values include In Process, Awaiting Review, Approved, and Rejected). |
|
Progress |
Calculated Text |
Field access only |
The number of questions that have been answered and the total number of questions in the questionnaire record, for example, "13 of 30." |
|
Progress Status |
Calculated Values List |
Field access only |
Percent of the questionnaire record that is complete rounded to the nearest 20% (values include 0%, 20%, 40%, 60%, 80%, and 100%). |
|
Quantitative Summary |
Calculated Text |
Field access only |
The results of the completed questionnaire in an HTML table with the following information grouped by category: correct questions, incorrect questions, percent correct, inherent score, residual score, and open findings. Note: This field will only be populated if you enable findings for the questionnaire. |
|
Quarter |
Values List |
Fully configurable |
The calendar quarter of the assessment. |
|
Questionnaire ID |
Tracking ID |
Fully configurable |
The unique tracking ID for the questionnaire record. |
|
Questions Scored |
Calculated Numeric |
Field access only |
The number of Values List questions in the questionnaire record. |
|
Queue Status |
Values List |
Fully configurable |
Tracks the success or failure of findings generation for a questionnaire. |
|
Remediation Score |
Calculated Numeric |
Field access only |
The maximum potential score for all findings that are closed, calculated by subtracting the score for each incorrectly answered question from the maximum possible score for each of those questions, and then adding the resulting values together. For example, you have a question that was incorrectly answered, resulting in a score of 1. If the questions were answered correctly, the score would have been 5. The difference is 4. If you have five questions that follow this same pattern, and the finding for each of these questions is closed, your remediation score would be 20. |
|
Residual Score |
Calculated Numeric |
Field access only |
The remaining inherent risk after the closure of some or all of the findings associated with the questionnaire record. |
|
Review Date |
Date |
Fully configurable |
The date the completed questionnaire record is reviewed. |
|
Review Status |
Values List |
Fully configurable |
The review status of the questionnaire (values include Awaiting Review, Approved, and Rejected). |
|
Reviewer |
User/Groups List |
Fully configurable |
The user who is responsible for reviewing the questionnaire record once it is submitted. |
|
Submission Status |
Values List |
Field access only |
The submission status of the questionnaire (values include In Process, Submitted, and Re-Submitted). |
|
Submit Date |
Date |
Fully configurable |
The date the completed questionnaire record is submitted. |
|
Submitter |
User/Groups List |
Fully configurable |
The user who is responsible for answering the questions in the questionnaire record. |
|
Target |
Cross-Reference |
Fully configurable |
The specific target of the assessment, located in your target application. |
|
Year |
Values List |
Fully configurable |
The year of the assessment. |
Assessment process
|
Assessment Phase |
User |
Details |
|---|---|---|
|
Configuration Administrator/Admin |
Create new questions or import your existing questions through the Question Library application. When configuring your questions, do the following:
|
|
| Building Your Questionnaire |
Configuration Administrator |
Build your questionnaire according to requirements outlined by your organization by doing the following:
|
|
End-users |
Users complete their assigned assessments through the Archer web-based interface. While assessing a target, the end user can include question-specific comments to support their answers, attach supporting evidence, and delegate additional users to an assessment as needed. |
|
|
End-users |
When users complete their assigned questionnaire records, they can view reports to determine the risk associated with specific targets. With the Findings feature enabled, Archer automatically generates Findings records for each incorrectly answered question to identify areas of noncompliance. |
|
|
End-users |
To help resolve issues of non-compliance, the Exception Requests and Remediation Plans applications are tied to Findings. In addition, as findings are discovered, you can assign, track, and manage open and completed activities associated with specific findings through the Task Management application. |
Who can work with questionnaires?
Through an access role, you must have the following rights:
- Configuration administrator of the questionnaire.
- The appropriate CRUD access role settings to the Administration | Application Builder | Manage Questionnaires page.
Full editing rights, as controlled by the access role, include:
-
Adding and arranging fields in the questionnaire.
-
Enabling notifications.
-
Configuring data driven events.