In a lot of cases, we found that organisations tend to produce knee-jerk reactions to incidents. For example, after a fraud is uncovered, the payment system is made so restrictive that it hinders the proper functioning of the organisation.
GuardianERM.Net provides the framework to perform a Root Cause analysis of the incident which will lead to more appropriate treatments for the root cause of the problem.
To start the Root Cause analysis, on the Risk Register screen, after creating or selecting an incident, click the New button next to Root Cause Analysis/Treatment:
Enter a short name and a detailed description of the most immediate or direct cause of the incident. Click Add Cause to create the new cause.
If you want to create another immediate cause, click the New button again.
If you can identify a cause which is the cause of the immediate cause, click the Add button and enter a name and description of the cause:
Click the small Save button in the Root Cause Analysis section of the screen (not the big blue one at the top of the screen)::
By repeatedly tracing the immediate cause to the eventual root cause, a relational tree of causes can be established (as the above diagram).
To add treatments to any of the causes, select the cause and enter the details:
If the treatment has not been performed, leave the Treatment Date blank for now and enter the date when the treatment is implemented.
The treatment plan can be emailed by clicking the Email button. You may change or add recipients (separated by semi-colons ;) and change any data on the email before sending.
To complete the treatment, click the Treatment Completed button and enter the details and click the Save button: