How many incidents, hazards and near misses does your organisation experience in a year? Failing to manage and resolve incidents not only puts your employees’ well-being at risk but also the future of your organisation. In this blog, we will examine 10 common signs that indicate you need a better incident reporting process, we share the key benefits of bringing your incident management process online, and we explore the technology available to build a best-practice framework for incident reporting.
Incident reporting or incident management involves the logging of workplace events, including outages, near misses, injuries, and accidents; and it requires the documentation of all facts relating to each incident. Incidents can be classified as accidents that cause injuries to employees or damage to property & equipment, or events that disrupt business operations. It is not enough to simply keep a log of incidents, for a truly comprehensive process, you must have steps in place to resolve incidents quickly and use the results to prevent future occurrences.
Comprehensive incident programmes also enable employees to log ‘near misses’ – an incident that didn’t result in any injury or outage as it was resolved before significant problems occurred – but had the potential to do so. Near misses are an important indicator of potentially harmful future events and are valuable warning signs that allow us to identify and eliminate potential hazards.
Incident data contains vital information for organisations, it enables management teams to see which sites or individuals are causing the most incidents and how often they are occurring – this fundamental data enables organisations to alter processes or put measures in place to prevent future occurrences. Therefore, reporting should be an integral part of any incident management process. Comprehensive reports have the power to minimise the frequency and severity of incidents within an organisation.
Manual, ad hoc incident reporting processes using spreadsheets & emails with no formal reporting capabilities are guaranteed to produce poor data. This will result in inadequate incident response plans, a string of avoidable incidents, and delayed response to incidents – which could cause an increase in injuries, fines, or significant operational outages.
No clear process for logging incidents & near misses
An unclear process for reporting and logging incidents remains one of the biggest indicators of poor incident management. If organisations are using manual processes, like spreadsheets & emails to log and resolve incidents, it will result in incomplete data that produces partial or deceptive reports.
Difficulty viewing and analysing your incident data
Incident reporting isn’t a ‘’set and forget it event.’’ It’s an ongoing process that involves keeping a close tab on areas for improvement. Unfortunately, you can forget about measuring the health of your current processes if it doesn’t produce the necessary data to indicate which areas need to be improved.
Unclassified and unprioritised incidents
Not all incidents are equal in urgency and severity. Some will demand a speedy response, and some can be resolved over a longer period of time. One cannot be prioritised over the other without certain incident reporting features including the ability to rate and categorise incidents to designate them as high or low priority.
Vague or unclear incident records
Incomplete, unclear, or inconsistent incident documentation often means the report is missing crucial details about who was involved, what processes were affected, who was informed, and photographic evidence is often required. To resolve unclear incident documentation, teams should use a system with standardised online templates that prompt on-scene staff for the required data.
The incident reporting process lacks accountability.
Accountability and ownership of risk related incidents is of critical importance. If your incident reporting doesn’t link to your active directory of staff, sites, and departments, it can be difficult to run analysis on which teams or individuals are responsible for causing incidents – making it difficult to prevent future occurrences.
No formal escalation process
When an incident process doesn’t have a formal escalation route it can take a long time to resolve incidents. Companies that use automated workflows to escalate incidents to relevant stakeholders via a pre-defined escalation route will resolve incidents much faster.
No framework to conduct investigations and perform route cause analysis
When an incident is logged, it is only the start of the process. If your current incident process has no formal way to escalate the incident and perform route cause analysis investigations, then you should look at implementing a formal solution to manage this.
Incident reports aren’t influencing decision-making
Proactive organisations use incident reporting metrics to influence decision-making. They use incident data to identify high risk areas and use the intel to implement further safety measures, administer training, roll out new policies and safety guidelines, and to allocate budget for areas that require significant investment to improve processes.
Relying on outdated, siloed incident reporting software
Still relying on outdated or disparate software? When businesses use a stand-alone software platform for incident management, it doesn’t offer integrations with other core GRC processes like risk management, compliance, and cyber & IT risk. Therefore, it can be difficult to make improvements or understand likelihood of further risk or incidents without this critical mapping. Many organisations even end up with different incident reporting tools with IT incidents logged in one tool and accident and health & safety related events in another tool – making it hard to understand the impact of incidents on other business areas.
The incident reporting process doesn’t enable third parties to log incidents
Most organisations rely on a network of third-party vendors, contractors, and suppliers to run their businesses. Any incidents relating to vendors & contractors should be captured as part of your incident management process – to understand their criticality and impact on other business areas. Many organisations choose incident reporting tools with online vendor portals and mobile apps – enabling vendors to log risks directly into the tool.
Need to proactively Manage risk exposure
When it comes to Incident management, what separates a successful organisation from the pack is how well they understand the need to manage risk exposure by proactively protecting its employees and its brand by resolving incidents rapidly. Once a business’s incident reporting processes become digitised, it can achieve the level of visibility, responsiveness, and efficiency it needs to handle every kind of incident with the rigour it deserves.
To do this, mature organisations use an incident reporting tool that is part of a wider GRC platform – to implement a structured collaborative approach that links to risk registers and compliance obligations. Here we explore 3 of the main benefits of bringing your incident management process online using a best-practice GRC tool.
Online incident reporting tools make it easy for any employee to log an incident. Standardised forms ensure critical information is captured consistently. Many companies link the solution to their active directory enabling employees to assign incidents to people, processes, locations, and departments for better oversight. Many solutions offer a mobile app – allowing employees to log incidents anytime, anywhere.
Once an incident is logged, automated workflows kick into action, alerting the relevant stake holders and allowing the appropriate team to work the incident through to resolution – with all remediation actions captured within the tool – ensuring a thorough incident investigation process.
Risk management and incident reporting are intrinsically linked with many items on the risk register turning into actual incidents and many incidents being added to the risk register to monitor the situation and prevent reoccurrence. Therefore, managing risk and incident in the same GRC tool is a logical step as it allows for the mapping needed between these 2 functions to understand the impact.
Linking and analysing data from past incidents is vital to predict the likelihood of future potential risk events. Creating a linkage between incident programmes and risk management helps to extend the sense of responsibility to the ERM programme. After all, enterprise risks are just potential future incidents that are also owned by the business. In this way linking incidents and ERM can help improve organisational buy-in for ERM, while helping to elevate the visibility and demonstrate the business value of the incident reporting programme. Instead of being seen as merely an operational activity, an incident reporting programme can be recognised for what it really is – a valuable source of quantifiable data that can improve decision-making, strategy execution, and ERM.
Instant dashboards & reports can make managing and understanding your incident data much easier by generating in depth reports which can be used to drill down into the incident process. With this feature, incident management teams can easily identify areas with high rates of incidents, home in on how to reduce them, view reports on unresolved incidents, and identify which individuals, departments and locations are causing the most incidents. Time spent on admin & reporting is significantly reduced – enabling teams to focus on reducing & resolving incidents.
Real-time access to dashboards helps to identify fluctuations in key business metrics as soon as they happen without having to wait for daily or weekly reports. The resulting insights and analysis will help business leaders make decisions on where to assign budget, training, or safety measures to reduce incidents. Organisations can use the dashboards & reports to drill down into the detail to scrutinise the data – making informed decisions and judgments so much easier.