18 - Incident Analysis
Incident analysis is a measure to monitor loss relevant events or nearly events which have happened in the past. Incident analysis provides the possibility to evaluate and quantify the past and actual risk situation in the company. This is the base to implement efficient and measurements to prevent the company from similar events and losses in the future. For the management incident analysis is also an indicator for the effectiveness of actual safeguards and controls in the company.
What do we look for?
- Risks are not evaluated systematically.
- Risk evaluations and incident analyses are unplanned, not documented, and/or not carried out in a systematic fashion.
- There is no action planning and control as a consequence of prior incidents.
- Management is not adequately informed of incidents.
- All incidents are investigated and documented in a systematic and structured fashion.
- All necessary actions to improve the risk situation as a result of incident analyses are in place and well controlled..
- Risks are exactly described and quantified.
- Management is formally informed of all incidents.
- Implement a regular and systematic investigation procedure of all incidents with liability loss relevance.
- Record all results of incident investigations in a systematic way.