You can’t prevent every last employee complaint. But you can have a plan in place for receiving, investigating, and reviewing those complaints when they do come in. Such a plan is the backbone of incident management, which any organization needs to promote a culture of compliance.
Though boards, executives and compliance officers may consider an incident management program as a means to satisfying regulatory requirements, it can actually solidify your organization’s competitive advantage. But only if that program is well-designed and operated.
In a recent white paper, we detailed the eight best practices all compliance officers should implement in their incident management program. Start with these six key considerations for building or improving an incident management system, then download the full white paper to access our complete set of recommendations.
1 – Good Incident Management Is About Hearing, Investigating, and Acting
Good incident management happens when several different tools work together to bring a complaint from an employee to a supervisor. That supervisor then needs several more tools to effectively investigate, document, and analyze the complaint. Your incident management system needs to consider each of these steps, which include everything from internal reporting hotlines to data analytics.
As detailed as an incident management system needs to be, compliance doesn’t have to be complicated. Try to remember that the end goal is to create a system that allows your organization to be responsive to problems. That’s what regulators are looking for and what should always be your true north.
2 – Different Groups Will Encounter Different Incidents
No two incidents are alike. One employee or group of employees might encounter a problem that another will never face. But each should be given equal consideration so you can build them into your incident management program.
Take the time to evaluate the types of problems each group is likely to report and design your system accordingly. In the white paper, we give the example of a manufacturing firm. The manufacturer would need a system that can both accept reports from blue collar workers about forced labor or theft and handle complaints from their white collar workforce on issues like insider trading or improper billing. By accounting for these differences at the outset, you can ensure that your program serves each and every worker. This sets the bar for a strong culture of compliance.
3 – There’s No One Best Way to Accept Incident Reports
Just as no two incidents are alike, neither are their intake models. Employees might file their report via email, a telephone hotline, or even text messaging. Compliance managers should design a program with an intake capability as broad as possible, meaning every employee will have a reporting option that suits their needs.
Like the type of incident, this can vary by employee group. Workers on your factory floor might need a kiosk where they can safely and quickly submit a report, whereas your white collar employees may prefer to write an email. Keep your intake broad, but also ensure that every option you do build in is quick and easy for the reporter.
4 – Consistency Is Key
An employee should never wonder how to report an incident or whether management will even act on their report. Creating consistency within the incident management system will ensure they won’t have to. Though consistency can help build trust in the system over time, it’s also beneficial for those overseeing incident management. Compliance managers and their boards can conduct consistent, well-documented investigations while building valuable insights into what’s working and what isn’t.
Consistency is best established at the start. Consider what it would take to act on every incident in the exact same way. Things like workflows, communication plans, and more can make your incident management programs run smoothly. Integrated risk management solutions can also house all of your compliance intelligence in one place, making it easier to execute your risk management system across the board.
5 – Use Technology to Simplify Investigation and Review
Investing in cloud-based, integrated risk management is one of the simplest ways you can create consistency within your incident management program. Technology can streamline your entire incident management system from the initial report to the analytics, allowing you to spend less time sifting through reports and more time solving the problems facing your organization.
Automating the collection of internal reports is a great first step for any incident management program. You can even automate the investigation of those reports, which is key to scaling incident management to the enterprise level. What’s more, incident management technology can cut back on the need for managers to pore over reports and find important details—technology can do that for them.
6 – Leverage Data to Assess Policy, Training and Controls
Successful incident management programs don’t merely solve individual reports. They track reports over time to identify what’s working and what’s not in the organization, leading to real growth. To do that, you must consider how you’re going to collect and leverage data at every step in your incident management system.
With automation in place, organizations can generate huge amounts of data, then use it to make their processes better. This is how the competitive advantage grows. Compliance managers can pave the way for a better business by pinpointing exactly what within the organization needs fine tuning. Software solutions that can manage and process data make compliance even simpler, which will make your organization even stronger.
There is no “one size fits all” for incident management. But if you do your due diligence, you can design an incident management system that helps employees submit complaints and helps companies secure their competitive advantage.
Whether your system must serve blue collar workers, a white collar workforce, or a mix of both, the fundamentals remain: a flexible intake process, consistent management of incidents, and automation to ensure successful incident management can happen at scale. Compliance managers should start today to design an integrated, defensible compliance program that builds a better business.
Download our white paper, Best Practices for Incident Management Programs, below to learn more.