What are Questionnaires

What is a questionnaire?

A questionnaire is a structured set of questions used to collect specific information from a defined audience. It is one of the oldest instruments in research, governance and procurement, and it remains the dominant way large organisations gather standardised information at scale — from market research and employee engagement, to security and compliance assessments, to formal procurement.

The strength of a questionnaire is structure: every respondent answers the same questions in the same order, making responses comparable across hundreds or thousands of participants. The weakness is rigidity — a poorly designed questionnaire constrains the answer you can give, which is why questionnaire design is a discipline of its own.

Categories of questionnaires

Research questionnaires

Market research surveys, academic studies, customer satisfaction surveys and NPS instruments. Designed to be representative, statistically valid and often anonymous. Tools include SurveyMonkey, Qualtrics, Typeform and academic survey platforms.

Compliance and risk questionnaires

Internal attestations, third-party vendor risk questionnaires, ESG questionnaires and regulatory due diligence. Focused on structured evidence and audit trails. Used by GRC, compliance, security and procurement teams.

Security questionnaires

Standardised assessments of an organisation's security posture: SIG, CAIQ, VSAQ and vendor-specific equivalents. Used in vendor onboarding, periodic recertification and enterprise procurement.

Procurement and RFP questionnaires

RFIs, RFPs, RFQs and tender questionnaires used by buyers to evaluate suppliers. Combine narrative answers, structured pricing, references and certifications. Closely intertwined with compliance and security questionnaires when bidding into regulated industries.

Internal questionnaires

Employee engagement, training assessments, exit interviews, code-of-conduct attestations, conflict-of-interest disclosures. Used by HR, internal audit and compliance functions.

Question types

• Closed questions — yes/no, multiple choice, scales (Likert, semantic differential, ranking). Easy to analyse, easy to compare across responses.
• Open questions — free-text answers where respondents explain in their own words. Richer but harder to compare.
• Matrix questions — grids of related questions sharing the same answer options, useful for rating multiple attributes consistently.
• Conditional / branching questions — follow-up questions that appear only if a previous answer met certain criteria, common in compliance and security questionnaires.
• Evidence-attached questions — require both an answer and supporting documentation (policy, certificate, audit report), heavily used in DDQs and security questionnaires.

Questionnaire design principles

Good questionnaire design is hard. Common principles across all categories include:

• Ask one thing per question. Double-barrelled questions ("Do you have a backup and an incident response plan?") force imprecise answers.
• Use clear, neutral language. Avoid jargon, leading wording and acronyms unique to one industry.
• Match question type to the question. Don't force a yes/no answer when the topic is nuanced; don't ask for free text when categorical comparison is what you'll need.
• Order matters. Demographics and easy questions at the start; harder or more sensitive ones later, when the respondent is engaged.
• Pilot first. A small pilot exposes ambiguous wording, missing answer options and length problems before the questionnaire goes out at scale.

Software for handling questionnaires

The software stack varies by category. Market research and internal surveys are dominated by survey platforms (Qualtrics, SurveyMonkey, Typeform, Microsoft Forms). Compliance and security questionnaires use specialised RFP/security response platforms with content libraries and evidence vaults. Procurement questionnaires are handled by RFx and tender management platforms. Even when the tooling is different, the underlying need is the same: distribute the questionnaire, collect responses, structure the data and produce useful output.

Increasingly, AI sits between the question and the answer. On the issuing side, AI suggests questions, flags ambiguous answers and clusters responses. On the responding side, AI drafts answers grounded in a knowledge base, surfaces uncertainty and prompts SMEs only on the questions that genuinely need them.

Common challenges

• Response fatigue — long questionnaires get rushed, abandoned or answered carelessly. Shorter, well-targeted questionnaires usually outperform exhaustive ones.
• Inconsistent answers — different contributors give different answers to the same question across instances; managed content libraries mitigate this.
• Evidence drift — attached documents go stale: an expired ISO certificate or outdated penetration test undermines the answer it supports.
• Question creep — enterprise questionnaires expand year on year, often duplicating questions across security, compliance and procurement teams.
• Low response rates — especially in market research and internal surveys, where response rates of 10–20% are common. Sample bias rapidly becomes a problem.

Questionnaires as a discipline

Behind the everyday word "questionnaire" sits a long methodological tradition: survey methodology, psychometrics, audit checklist design, regulatory inquiry. The same instrument shape — standardised questions, structured answers, comparable across respondents — underpins disciplines as varied as census-taking, customer research, vendor risk management and competitive procurement.

Whatever the use case, the core trade-off is the same: structure produces comparability, but rigid structure constrains nuance. The best questionnaires balance both, designed and operated as artefacts that need maintenance, not as one-off documents to be sent and forgotten.