Have you seen the LifeLock commercial about the bank robbery?  A group of robbers comes in with baseball bats and demand that everyone get on the floor. The customers ask the uniformed security officer to do something. Instead, he says, “Oh, I’m not a security guard. I’m a security monitor. I only notify people if there’s a robbery.” He looks at the customers and reports, “There’s a robbery.” The narrator asks, "Why monitor a problem if you don't fix it?"

Of course, LifeLock is being a little silly to make a point, but the truth is that many incident reporting systems are much like this “security monitor.” They are well-intentioned and designed to allow people to easily report problems, but not to solve them or prevent recurrence. I guess having a list of incidents is better than not, but real progress comes from corrective and preventative action. Reporting is only the first step.

The best solutions combine incident reporting with corrective action, prevention, and impact assessment features.

Listen to this Post or Subscribe to the Podcast!

Incident Reporting

The idea of incident reporting has been around for a long time and used heavily in high-reliability industries like aviation and healthcare. The approach is gaining traction in other industries as well. Our argument is that incident reporting alone is not enough, but that doesn’t mean it isn’t essential. Employees must have a simple way to report issues whenever and wherever they happen.

In order to capture an accurate narrative of the problem, it is useful to have one system of record where all of the relevant information, including supporting documents and images can be stored. This prevents any key information from getting lost in translation as the situation is reviewed by additional team members. With one source of the truth, everyone stays on the same page and has the context they need to understand the nature of the issue.

If you are a healthcare organization, make sure to look for a solution that is HIPAA compliant. Of course, incident reports should not include patient identifiable information, but it is important to have control over who can see what information in any technology that you deploy.

Corrective Action

Once the incident has been reported, the next step is to take measures to solve the problem. In some cases, the person who reported the situation will be the right person to take action, but sometimes other players will need to be involved. The best incident reporting solutions have built-in notifications and alerts that let managers know when an issue has been identified and support efforts to prioritize and resolve the problem. If the right corrective action is not immediately apparent, teams can begin an improvement cycle such as PDSA or DMAIC to analyze root causes and come up with the best solution.

Prevention

Incidents happen, but ideally, problems are addressed in such a way that they don’t happen again. Improvement techniques, such as the 5 Whys are useful for getting to the heart of the matter. Reporting is also essential so that leaders can review past incidents to look for patterns of recurrence. If the same issue keeps cropping up, it is necessary to understand why it keeps happening, what measures have been taken in the past, and how the situation can be permanently resolved. Information silos that keep people from learning about what has happened in other parts of the organization can hamper prevention efforts and stifle improvement.

Impact Assessment

When we chat with organizations about incident reporting and other improvement activities, one thing that is frequently overlooked is the power of reporting on the impact of incident resolution. It is important for a number of reasons. Understanding the financial, customer satisfaction, and regulatory risk of an incident helps people make good decisions about what to prioritize. It also keeps team members engaged and willing to make the effort to report future incidents. For leaders, impact assessment provides justification for any necessary financial or resource investments necessary to solve existing problems and prevent future ones. We also believe that success is something to be shared. When people report problems and successfully find solutions, their efforts should be recognized across the organization to encourage everyone to stay vigilant.

The TSA says, “If you see something, say something.” That’s fair enough, but in companies, we don’t want people like the security monitor in the LifeLock commercial. We want people actively engaged in both corrective and preventative actions. An improvement system that goes beyond incident reporting with built-in support for improvement is the right choice for organizations that don’t want history to repeat itself.