Vendor risk assessment questionnaire offers insight into various areas of vendor management and their core and non-core functions. Information gathered through this questionnaire will assist in proper vendor management and help in decreasing the overall risks associated with it.

Vendor Risk Assessment Questionnaire Sample

Name of Vendor___________________________________________

Address of the vendor: ______________________________________

City: ________________ State: ___________________  Zip: _________________

Telephone: ____________________  Fax: ____________________________

Website: ______________________________  Email: _______________________________

Q1. What industry and market does your company exist in?


Q2. What risk rating will you give your company?

a)   High

b)   Medium

c)   Low

Q3. What is the risk rating of projects you are handling?

a)   High

b)   Medium

c)   Low

Q4. Do you have a risk response plan for your company? Elaborate


Q5. Which of the following according to you are high risks?

a)   Project implementation and delivery

b)   Project milestone and operation

c)   Estimated project cost

d)   Actual project cost

e)   Experience of project team

f)    Technology implemented

Q6. What is the standard operating procedure followed by the company?

Q7. Which of the following quality system documentation procedures have you implemented?

a)   Validation Planning

b)   Risk Management

c)   Design and Development

d)   Testing

e)   Operational Support

f)    Traceability

g)   Change Management Plan

h)   Disaster Recovery Plan

i)     Business Continuity Plan

j)    Training plan

Q8. Which of the following requirements have been satisfied?

a)   Security requirements

b)   Financial requirements

c)   Risk management requirements

d)   Risk recovery requirements

Q9. What changes in procedures have been implemented since last vendor risk assessment?


Q10. When was the last time, company audited vendor risks and what was the result of audit?


Q11. What changes in procedures will be implemented after this vendor risk assessment?




Risk Assessments