How to Take a

Risk-Based Approach to
Incident Management

+1 617 530 1210 | logicmanager.com | info@logicmanager.com ©LogicManager, Inc.

Introduction
Across industries, incident management goes by many names. In the finance industry
it’s often called fraud risk management; in retail, it’s known as customer complaint
management. Even across departments within an organization incident management is
called different processes: infosecurity incident response, workers comp management,
business continuity and disaster recovery, etc.

An incident is any unplanned event that threatens the quality of service, safety, or
security of a business. System downtime is an incident, hacking is an incident, someone
getting hurt is an incident, and all of these could threaten the success of your business. So
the truth is, no matter what industry or department you work in, and no matter what you
choose to call incident management, your goal remains the same: report, remediate, and
prevent.

The good news is, if the goal remains the same, the approach remains the same as well.
Companies with robust incident management programs take a risk-based approach. By
implementing your incident management process across silos of your organization, you
can be sure to catch every incident that gets escalated and tackle it with a standardized
approach. By creating a system that can simultaneously report current incidents and
identify trends in recurring ones, you can prevent mishaps from occurring in the first
place. The key, therefore, is to not only focus on remediating outstanding incidents, but preventing future
ones.

The benefits of this risk-based approach are numerous. If you think about it, we put our well-being into the
hands of organizations every single day. When you ate breakfast this morning, you trusted that your local
supermarket sold you fresh food safe for consumption. When you took your car to work, you trusted there
wasn’t some defect the manufacturer failed to tell you about. And when you sent your children to school, you
had faith the school would take care of them. This blind trust we put into the organizations that permeate our
lives is implicitly based on the belief that they have systems in place to manage and prevent incidents.

By adopting an effective incident management program, you’re earning the trust of your consumers,
investors, and fellow employees. You’re building a better tomorrow.

In this eBook, we’ll take you through how to build the most robust incident management processes you can.
Specifically, we’ll present you with five steps that build off of each other to create a program that boosts
efficiency, integrates across your business, and proactively manages incidents.

1
Table of Contents
5 Steps to Risk-Based Incident Management

Scenario: What Would You Do?

Page 3

Step 1: Centralize Your Incident

Collection Process 1
Page 4

Step 2: Enable Online Incident

2 Reporting
Page 5

Example: Sample Incident Webform

Page 7

Step 3: Automate Workflows

3 Page 8

Step 4: Identify the Root Cause

Page 9
4

Step 5: Report on Incident Trends

5 Page 11

Scenario: Putting It Together

Page 12

2
Incident Management Scenario:
What Would You Do?
Based on your current incident management process, how would the following scenario, or lack thereof, play out at
your organization?

Scenario: A customer logs on to her mobile banking app and sees that one of her accounts has been closed, even
though she did not request or execute this action. She wishes to alert someone of this issue and get it resolved.

1. How would she do this?

2. Where would the complaint be housed?

3. Who would be responsible for its remediation and how would they know it’s their responsibility?

4. Do you have a way to compare this incident to others that came before it?

5. What kind of report would you pull to see whether this incident relates to a larger trend?

3
Step 1. Centralize Your Incident Collection Process

A common pain point for customers, employees, and management alike is the organization doesn’t have a
standardized, centralized process for escalating incidents. A lot of companies toggle between paper incident
forms, emailing incidents in, or reporting them online.

The reason for these disparate systems could be as simple as the company is in a period of transition, or may-
be management believes the more ways there are to report incidents, the more likely people are to speak up.
Either way, these organizations are missing out on a lot of benefits of standardizing their incident collection.

When the reporting process is too cumbersome, be it too many steps, confusing paperwork, or unclear pol-
icies, employees are far less likely to report, which means your business is far less likely to uncover the root
causes of incidents and therefore discover the keys to prevention.

A survey published by Accident Advice Helpline revealed that hazards aren’t always being reported in the
workplace. 1 in 6 said they would not report identified workplace hazards despite 25% admitting that they or
someone they worked with had been harmed at work.

When asked why, the respondents gave the following answers:

Said they didn’t have the time 29%

Felt the hazard didn’t affect them 24%
Said it wasn’t their responsibility 23%
Didn’t know who to report a hazard to 23%

Worried about getting in trouble 13.2%

Were told not to report an issue 7.5%

Consider the steps you can take to encourage employees to report incidents of all types at work. One huge
step you can take is to pick one method of incident reporting and stick to it. Make this process clear in poli-
cies throughout your organization so employees always know how to report and what to expect from there,
such as who the incident will be reported to.

Most importantly, the key to this first step is to make sure you house these incidents in one place. An email
server, desktop folder, or filing cabinet is not ideal, as these locations require manual updating and pose the
risk of losing sight of an incident in the pipeline. The most effective option is to adopt a system built to house,
track, and analyze incidents as they arrive, which will save you time, effort, and even ave you from an irrepa-
rable scandal.

4
Step 2. Enable Online Incident Reporting

When it comes to picking and sticking with one incident reporting method, we recommend online forms.
Let’s review the benefits of web-based reporting.

First, being able to provide a link to an online incident reporting form makes the reporting process
much easier. You can make the link accessible in a number of ways, such as including it at the
1 bottom of customer copies or receipts, embedding it onto your website, or linking it to PDFs of
internal employee policies.

Second, employees and customers feel more compelled to report incidents the easier it is to
report them. Today, the vast majority of the population is comfortable using a web browser,
2 and as long as they can easily access the link, there won’t be any obstacle preventing them
from reporting an incident. Our customers have seen sizable up-ticks in incidents reported after
implementing our online incident webform.

Third, in addition to ease-of-use for the end user, online incident webforms are incredibly
beneficial to the business itself. Digital reporting allows you to have complete control and
customization over how incidents are reported. A common pain point among organizations is
3 that incident forms are filled out incorrectly or vaguely, making follow up and remediation near
impossible. With a customizable incident webform, you can dictate exactly what information
management would need in order to resolve the issue.

There are also a plethora of customization options you can explore with online forms. Most systems will allow
the end user to choose whether they wish to remain anonymous or attach their name to the report. Some
forms can include severity levels that either the user or the reviewer can select to help prioritize incidents
as they come in. There are also systems that allow you to design access rights to certain forms or collected
incidents. If you’re considering choosing an incident management software, make sure to look for these kinds
of capabilities.

5
 Did you know?

LogicManager uses Automation and Visibility Rules to help our clients customize
their incident webforms. Depending on how users answer certain questions on
the form, additional fields will populate to collect more specific information.

This enables our customers to collect every piece of information they need in
relation to specific incidents the first time around, which means less duplicate
effort and more remediation and prevention.

Ultimately, implementing online incident reporting will streamline your incident management process in
many respects: users will feel more encouraged to report, management will have all the information they
need for resolution, and everyone’s time will be better spent on improving business performance and staying
out of the wrong kind of spotlight.

An additional benefit to choosing this approach is you can often use the same system to create your
webforms as you do to house and track them, which means you’ll never lose sight of an incident and you’ll
boost efficiency to a dramatic degree.

Check Out This Case Study!

LogicManager won the GRC 20/20 Value Award in Risk Management
for helping Winona Health integrate incident management into their
ERM program. Download a free copy to see how Winona Health
developed a risk-based program in just 45 days.

6
Sample Incident Webform
Here’s an example of the types of questions a customized incident webform could ask.

General Information
Do you wish to remain anonymous? Yes No

First Name John

Last Name Doe

Department Sales

Supervisor Ms. Sally Smith

Phone Number 123 - 456 - 7890

Email Address john.doe@email.com

How would you like

Email Phone In-Person
to be contacted?

What type of issue would you like to report? Fraud Harassment Theft Unsafe Conditions

Date of alleged incident: 02/06/2018

Please provide details regarding this matter: For the past three weeks, I’ve noticed one of my cowork ...

Location of Incident
Where did this incident occur? While Traveling On-Premise Working Remotely

Traveling From: New York City

Traveling To: Los Angeles

Where it occurred: Conference

Supporting Documentation
Please submit any relevant documentation supporting this allegation.

7
Step 3. Automate Workflows

Now that we’ve covered the best practices of reporting and housing incidents, we’re ready to take your pro-
gram to the next level.

An incident gets reported. Now what? Do you know what kinds of incidents get routed to which employees? If
you already know this protocol, or could easily look it up, do you know how this person gets notified?

Just as we discussed with reporting incidents themselves, emails and share folders aren’t sufficient notifica-
tion methods. With these more manual systems in place, it takes a lot more manual effort to follow up on an
incident until it gets resolved.

The absolute best way to make sure incidents are remediated is to automate your incident management
workflow with a system in which you can design the workflow for each type of incident before they start
flowing in. As soon as they’re reported, they’re already on their way to remediation.

For instance, let’s say you have one incident form for issues of harassment and another form for unsafe
working conditions. These types of incidents are very different, so they should probably be assigned to dif-
ferent individuals within the company. You should be able to design a workflow that automatically routes the
harassment incident to HR and the unsafe working conditions issue to Maintenance, for example. The most
successful and streamlined incident management programs will take this process a step further and config-
ure workflows to activate based on the answers a user provides on the form itself.

Did you know?

The infamous Equifax data breach, in which 150 million records were
compromised, happened because a warning email from the U.S. Department of
Homeland Security didn’t get escalated to the right party.

According to CEO Richard Smith, the Department of Homeland Security alerted

Equifax on March 8 to flaws in its software, but an “individual” in Equifax’s
technology department failed to heed security warnings and did not ensure the
implementation of software fixes that would have prevented the breach.

Automated incident workflows, in combination with reminders and alerts, ensure no incident is left behind.

8
Step 4. Identify the Root Cause

It’s not enough to know an incident occurred, or even to know it’s been resolved. You should be able to take
your incident management program to the next level and rest assured the incident will never happen again.

Moving beyond remediation toward prevention requires you to identify the root cause of incidents at your
organization. There are of course some one-off incidents that can occur, like a lost laptop for example, that
you can’t dive much further into other than knowing you have the processes in place to respond efficiently.
Many other incidents, however, can occur again and again if nothing is changed at the organization.

Let’s look at an example.

Incident One Incident Two

One customer logs on to her A customer sees he’s been charged

mobile banking app and attempts an overdraft fee after transferring
to transfer money from her check- money to another bank account,
ing to her savings account, but the even though he had enough money
transaction won’t go through. to cover the transfer.

Are these two incidents

connected?

At first glance, these two incidents seem like separate issues. One has to deal with a failure to transfer
between types of accounts within one bank, while the other is concerned with a resulting overdraft fee from
transferring between two different banks. So then what do they have in common?

9
This bank actually uses an incident management software with a taxonomy to create relationships between
incidents and other areas of the business like applications, people, policies, vendors, data, and assets. These
connections allowed the bank to see these incidents were related in one way: they’re both related to the
mobile banking app. Upon further investigation, the bank discovered these errors were related to a glitch in
the transfer functionality in the app.

The key here is to be able to identify trends in your incident data. These trends will lead you to the root cause,
which you can then implement a control to address, thereby preventing future incidents of this nature.
Devise a way to create relationships between incidents and other facets of the business.

APPLICATIONS

DATA PEOPLE

INCIDENT
MANAGEMENT

ASSETS POLICIES

VENDORS

10
Step 5. Report on Incident Trends
This is the final step to bringing your incident management program to the highest level of maturity.

The previous steps, collecting, centralizing, remediating, and preventing incidents are the building blocks
you’ll need to report on the effectiveness of your program. You should be able to leverage these processes to
generate a wide variety of reports.

For instance, once you’ve designed a workflow of tasks associated with each type of incident, you can pull a
report comparing the number of incidents reported, the number on incidents in the process of remediation,
and the number of incidents successfully resolved. You could also pull a report showing the number of inci-
dents reported over time to eventually show a decrease in the number of incidents cropping up. These types
of reports should be filterable by characteristics like type, department, location, etc. to provide more focus to
your audience.

Another useful report is to leverage the taxonomy you’ve created to drill down deeper into the risks incidents
have uncovered. For example, let’s say you want to focus on incidents you’ve tied to different vendors, and
you want to see if there’s a vendor that stands out among the rest.

From the adjacent report, you can

easily see that the IT support vendor
IT Support 51% is the root cause of the majority of
vendor-related incidents. This report
Consultants 29% will therefore encourage manage-
ment to look deeper into how these
Office Supplies 12% incidents can be prevented in the
future, as well as what additional
Catering 9%
resources they’ll need to implement
new controls.

Flexible reports are also extremely

advantageous when presenting to
the board. In the above example, this report would be a great way to get buy-in for the additional resources
needed to prevent future IT vendor incidents. You can also consider showing reports that connect incidents
to strategic objectives, which have proven to be valuable to senior leadership, as they showcase how these
incidents can impact larger company objectives.

Ultimately, regular reporting is the key to maintaining a healthy incident management program, as it can help
you identify areas for improvement as changes occur within and outside of the company.

11
 Incident Management Scenario:
Putting It Together
Now that we’ve taken you through the steps to creating a robust incident management
program, let’s revisit the scenario we presented at the beginning of our eBook.

Scenario: A customer logs on to her mobile banking app and sees that one of her accounts
has been closed, even though she did not request or execute this action. She wishes to alert
someone of this issue and get it resolved.

Incident Report
The customer fills out the online
form in the Help Center.

Centralize
The incident is logged in one
centralized repository.

Notify Automate Identify Root Cause

One employee reaches out to the Key personnel are automatically
customer to notify her the incident notified of the incident and The incident is categorically tied
is being resolved. prompted to carry out their tasks. to the mobile banking application.

Remediate Report
A report is made on all application
Another employee reopens the incidents, showing there has been
customer’s account. an up-tick in incidents related to
the mobile banking app.

Prevent
After investigation, a bug is found
in the mobile app and a patch is
deployed to avoid future incidents.

12
Achieve Risk-Based Incident Management with LogicManager

As you probably noticed, the best way to build a risk-based incident management program is
to implement a centralized risk management platform. LogicManager provides all the out-of-
the-box forms, reports, and support you need to build your program
Since 2005, LogicManager’s enterprise risk management (ERM) software has empowered
organizations to uphold their reputation, anticipate what’s ahead, and improve business
performance through strong governance.

REQUEST A DEMO

AUDIT BUSINESS COMPLIANCE

MANAGEMENT CONTINUITY & DR MANAGEMENT

INCIDENT ENTERPRISE RISK FINANCIAL

MANAGEMENT MANAGEMENT REPORTING (SOX, MAR)

POLICY VENDOR IT GOVERNANCE

MANAGEMENT MANAGEMENT & SECURITY

+1 617 530 1210 | logicmanager.com | info@logicmanager.com ©LogicManager, Inc.

13