Incident management – a quick and easy way to improve your business

by | Jun 19, 2024 | Governance, Risk Management, Risk Mitigation | 0 comments

Okay, I lied, incident management is not a quick and easy way to improve your business, but it does provide good bang for your buck. By implementing a robust incident management process, your organisation can reap amazing rewards. What rewards, you ask?

  1. By dealing with the small incidents effectively the first time around, you save time and money, and could even save a life, as bigger incidents are prevented.
  2. Employees and contractors know that they work in a proactive environment, which boosts overall well-being and morale.
  3. Proactively managing incidents leads to better health and safety as well as quality improvements.
  4. By reporting incidents, trends and patterns can be identified to drive continuous improvement.
  5. Your organisation is better protected against non-compliance issues.
  6. It can lead to a robust culture of prevention and active improvements.
  7. Finally, it is an integral part of business continuity planning. For more information about this, check out this

What is an incident?

An incident is an event that occurs that is out of the ordinary, something that you did not plan, or intend, to happen. This could include:

  • An injury
  • Property damage, such as damages to raw materials, finished goods, operating equipment, or even infrastructure damage
  • A security incident, such as a break-in, hijacking, kidnapping, or denial-of-service-attack

There could also be other triggers to kick off your incident management process, such as:

  • Customer complaints
  • Internal audits 
  • Management reviews 
  • Product complaints
  • Product quality reviews  
  • Inspections
  • External audits 

What should your incident management process contain?

It is tempting to go into “’n boer maak ‘n plan” mode, where the issue is fixed and we all try to get back to business as usual. This is NOT an incident management process, and will never lead to sustainable business improvements.

The incident management process starts with identifying the incident. This should include detailed information about when the incident occurred, who was involved, and any other pertinent information.

The second step is to analyse the incident. This means determining all who are impacted by the incident, not only departments and people within the organisation, but any parties outside of the organisation, as well as all other parties that could affect the outcomes. For instance, if there is severe flooding, not only is your organisation impacted, but your customers and suppliers may also be, as well as emergency services and general infrastructure. The infrastructure damage could lead to further issues, such as a lack of services.

Once all the affected parties have been identified, the impact on each of them must be determined, and the likelihood of reoccurrence. This will lead to prioritising containment and mitigation, which is the next step.

Containment involves putting in place whatever corrective actions are needed to prevent the incident from spreading and causing further disruptions. Mitigation involves putting in place actions to reduce the severity and impact of the incident to reduce the financial impacts and loss of resources. The containment and mitigation action plans – as with any action plan – must be documented, and each activity assigned a responsible person who will feedback on progress, as well as a timeline for completion. It is also important to prioritise the actions based on the impact and severity assessment done in the previous step.

We are not done yet!

Once the incident has been contained, recovery to business as usual can start. Often this is when an organisation will stop the incident management process. Unfortunately, that will not yield any desirable long-term benefits. It is what happens next that creates sustainable improvements and takes your business from good to great.

 

The second last step is prevention, which starts by doing a root cause analysis of the incident. By reviewing the domino effect of what caused the incident, and all subsequent incidents, you can put in place actions to prevent it from occurring again. And should prevention not be possible, you need to put an early warning system in place.

The last step is to close out the incident. This is where you ensure all the actions have been completed, and all the lessons learned documented. Like any project, closing out is very important, for more information read this article.

Who should be involved?

The entire company must at the very least know about this procedure, as anyone should be able to instigate the incident management process. While superficial knowledge of the process in enough for most, the heads of departments should have more detailed knowledge, as they are most likely going to be involved in the detailed execution. But the owners of the process, the department responsible for managing this procedure, should be the quality assurance department. They are also ideally situated to perform trend analysis and track progress, to ensure ongoing success.