Incident Management: How to contend with in this VUCA era?

My younger sister was needed to rush into Emergency Room of Parkview Hospital on account of acute Dengue fever in 2019. We were worried at its maximum height for her. But the doctors who were on duty at that time they were dealing along with my sister one severe cardiac arrest patient, another child who fractured his left foot and so forth. I was taken a step back after seeing this scenario in an Emergency Room. The way they were managing patients it seemed surreal as well as daring at the same time. The management viewpoint I came to experience then, is termed as “Incident Management”.

Across industries, incident management goes by many names. In the finance industry it’s often called "fraud risk management”; in retail, it’s known as “customer complain management”. Even across departments within an organization incident management is called different processes: “info-security incident response”, “workers complain management”, “business continuity and disaster recovery”, etc.

An incident is any unplanned event that threatens the quality of service, safety, or security of a business. System downtime is an incident, hacking is an incident, someone getting hurt is an incident, and all of these could threaten the success of business. However the reality is no matter what industry or department we work in, and no matter what we choose to call incident management, our goal should be the same: Report, Remediate, and Prevent.

Now-a-days companies with robust incident management programs take a risk-based approach. By implementing incident management process across silos of organizations, we can be sure to catch every incident that gets escalated and tackle it with a standardized approach. By creating a system that can simultaneously report current incidents and identify trends in recurring ones, we can prevent mishaps from occurring in the first place. The key, therefore, is to not only focus on remediating outstanding incidents, but preventing future ones.

This risk-based approach could be breakdown into 5 steps

Step-1: Centralize Incident Collection Process

A common agony for customers, employees, and management alike is the organization doesn’t have a standardized, centralized process for escalating incidents. A lot of companies toggle between paper incident forms, emailing incidents in, or reporting them online.

When the reporting process is too cumbersome, be it too many steps, confusing paperwork, or unclear policies, employees are far less likely to report, which means business is far less likely to uncover the root causes of incidents and therefore discover the keys to prevention.

Consider the steps we can take to encourage employees to report incidents of all types at work. One huge step we can take is to pick one method of incident reporting and stick to it. Make this process clear in policies throughout our organization so employees always know how to report and what to expect from there, such as who the incident will be reported to. 

Step-2: Enable Online Incident Reporting

The key to initial step is to make sure record incidents in one place. An email server, desktop folder, or filing cabinet is not ideal, as these locations require manual updating and pose the risk of losing sight of an incident in the pipeline. The most effective option is to adopt web-based reporting.

Step-3: Automate Workflows

After an incident gets reported it should get routed to concerned employees. But how this person gets notified?

Just as we discussed with reporting incidents themselves, emails and share folders aren’t sufficient notification methods. With these more manual systems in place, it takes a lot more manual effort to follow up on an incident until it gets resolved.

The absolute best way to make sure incidents are remediated - is to automate the process with a system in which the workflow can be designed for each type of incident before they start flowing in. As soon as they’re reported, they’re already on their way to remediation.

For instance, let’s say you have one incident form for issues of harassment and another incident form for unsafe working conditions. These types of incidents are very different, so they should probably be assigned to different individuals within the company. You should be able to design a workflow that automatically routes the harassment incident to HR and the unsafe working conditions issue to Maintenance (for example).

Step-4: Identify the Root Cause

It’s not enough to know an incident occurred, or even to know it’s been resolved. Moving beyond remediation toward prevention requires identifying the root cause of incidents at our organizations. There are of course some one-off incidents that can occur, like a lost laptop for example, that we can’t dive much. Many other incidents, however, can occur again and again if nothing is changed at the organization.

The key here is to be able to identify trends in incident data. These trends will lead us to the root cause, which we can then implement a control to address, thereby preventing future incidents of this nature. Devise a way to create relationships between incidents and other facets of the business.

Step-5: Report on Incident Trends

Once we’ve designed a workflow of tasks associated with each type of incident, we can pull a report comparing the number of incidents reported, the number on incidents in the process of remediation, and the number of incidents successfully resolved. We could also pull a report showing the number of incidents reported over time to eventually show a decrease in the number of incidents cropping up. These types of reports should be filterable by characteristics like type, department, location, etc. to provide more focus to our audience.

Another useful report is to leverage the catalog we’ve created to drill down deeper into the risks incidents have uncovered. Eventually, regular reporting is the key to maintaining a healthy incident management program, as it can help us to identify areas for improvement as changes occur within and outside of the company.

 Example: Workflow of an incident management

Scenario: A customer logs on to her mobile banking app and sees that one of her accounts has been closed, even though she did not request or execute this action. She wishes to alert someone of this issue and get it resolved.

The benefits of this incident management reporting are numerous. Just think about it, we put our well-being into the hands of organizations every single day. When we ate breakfast this morning, we trusted that our local market sold fresh food safe for consumption; and when we sent children to school, had faith that school would take care of them. This blind trust we put into the organizations that soak our lives is tacitly based on the belief that they have systems in place to manage and prevent incidents. By adopting an effective incident management reporting program, we can earn the trust of consumers, investors, and fellow employees in this era of VUCA (V=Volatile, U=Uncertain, C=Complex, A=Ambiguous).

References:

en.wikipedia.org, logicmanagers.com, medium.com

P.S: First time reading my post? Thanks for taking the steps to stop by! If you enjoy this write-up, you may also like:

• Financial Wisdom: Is it Mastery or Mystery?
• Artificial Intelligence: A reality check for Professional Accountancy
• SDGs to ensure no one is left behind.
• My Dear, Accountants can write travel story too.
• Food for thought for Board members: Non-Current Assets Management
• Forensic Accounting - An area less cherished in eastern world.
• Golden rule of business - Make profit while procuring!!!
• Fear Factor: Tax audit. Would you like to overcome?
• Cost cutting: It's easy never before!!