7/27/2019 Incident Reporting - Preliminary Guidelines
2/4
INCIDENT REPORTING
INTRODUCTION
INCIDENTS CAUSED BY: The failure of people, processes, systems
and our environmentto behave or react as expected
INCIDENT INVESTIGATIONS: determine howand whythese failures
occur.Investigation activities are directed towards defining the
facts and root cause relating to theevent, determining the causes
and developing remedial action to control the risks.
Investigations are NOT intended to place blame on an individual
but to identifythe root cause of the failure and ensure probability
of re-occurrence is
minimized.
OBJECTIVE OF INCIDENT REPORTING
reveal the immediate and underlying causes of incidents
provide an accessible database to prevent recurrences of similar
incidents
develop remedial actions that address causes to prevent
recurrence
provide information in case of litigation and information on the
costs of accidents
reduction of operating costs through control of preventable
losses
follow-up to ensure that actions taken are successfully
implemented and relevant riskassessments updated
2
7/27/2019 Incident Reporting - Preliminary Guidelines
3/4
EXAMPLES OF INCIDENTS TO BE REPORTED
Unauthorized entry (physical or virtual)
Individual wins case due to wrongful dismissal
Downtime caused by industrial action strike
Fines / censure by OCHS officials Public compensation claims due
to negligence or
personal injury
Discrimination due to religion, sex, age, ethnicity
Repairs or replacement of assets or buildings dueto employee
negligence, natural disasters
Damage from terrorism, vandalism
Mechanical failures of physical assets e.g.elevators,
generators, etc.
Damage to company vehicles, billboard, signage e
IT system failures
Software failures
Viruses and security breaches
Telephone and system failures Prolonged power outages
System hacking
Fines due to tax breach
Product related complaints
Theft, fraud by employee, client
Misleading product literature complaints
Customer service failures
Incorrect data entry
Data corruption Incorrect management information
Reconciliation errors
Pricing errors or backdated transactions
Projects initiated then cancelled
Failure of staff to follow required procedures
Failed mandatory reporting
Incomplete/incorrect application documents
Inaccurate external reporting
Inappropriate underwriting
Inappropriate reinsurance
Missing policy documentation
Payments to incorrect customers / client
Incorrect payments to customers / clients
Transaction reversals
Failure of vendors to deliver e.g. advertisingagencies,
reinsurers, brokers etc.
Vendor disputes
Missed investment opportunities
7/27/2019 Incident Reporting - Preliminary Guidelines
4/4
CONCLUSION
INCIDENT CATEGORIES
All the below incident categories are to be reported: Actual
loss- an incident resulted in a negative direct or indirect
financial impact for
the business regardless of the amount.
Potential loss an incident that has been discovered, but is
still underinvestigation, that may or may not ultimately result in
a financial loss; and
Near miss an incident that is discovered through means other
than standard
operating practises and through good fortune or focused
management action and thefinal preventative control operating
effectively which has resulted in a nil or positivefinancial
impact
HOW TO REPORT
Staff who becomes aware of the incident should report it through
their respective Head
of Department by sending an email ccd to the Risk &
Compliance Manager brieflydescribing the incident and the date it
happened or when it was discovered.
4
