The Usefulness of Incident Reporting

Date: 02/04/2020

By: Duncan Stephenson

Risk, Audit and Compliance Management Software - Symbiant Risk Articles (Blogs)

Incidents are a component of any risk management methodology. This means having an approach to responding to incidents, to recording them, and to reviewing them to build future resilience. An additional part to this is to be outward looking: when something serious happens elsewhere, to another organisation, even in another sector or country, then this means considering whether your organisation would have been able to handle it, if your controls would have dealt with it effectively, and to adopt the learning from that consideration.

The first learning from Coronavirus was that delay is fatal. China initially delayed but then went into overdrive to combat it. Spain’s first cases arose after a funeral in the Rioja region. The Rioja regional authorities warned Madrid to take action, but the Women’s Day march and another large political rally were allowed to go ahead on 8th March. All the government ministers who attended the Women’s Day march came down with the virus. Then came action, but the horse had bolted.

The second learning from the early days of the virus, was that it is essential to test extensively, and to contact-trace – to find who has been in contact with anyone who has tested positive. Singapore and Taiwan both did this, without delay, and there have been only four deaths from the virus between the two of them. Not many countries have adopted the learning from this, which makes you wonder if governments have risk management methods in place.

A 2016 three-day pandemic exercise showed that the UK NHS would be overwhelmed. In 2018, a UK government biological security strategy recognised the risk and stated that action would be taken: “We will develop a UK government response plan for major international diseases to ensure the government is fully prepared to respond quickly.” A 2019 inquiry into the preparedness of this was cancelled to focus on Brexit.

As with any example of risk management, recognising the risk is one thing, but that is no protection if the appropriate action is not taken.

The Symbiant Risk license includes Incident Reporting, Indicators, Risk Workshops and action plans, as part of the risk set, by logging incidents and capturing performance data the business can identify a potential threat early and then collaborate in the workshops on how best to mitigate and manage those threats. You can then create action plans and give ownership of tasks to ensure new measures are put in place. See the Risk Modules overview video

Data Sources: The Guardian, BBC News Online, The Economist, The Financial Times, Google