Periscope's June Update
Consistent with Periscope Software’s Road Map: Strategic Theme 1 – An exceptional and seamless customer experience, we have made some exciting new changes to the look of the Welcome Page, Home Page, Administration Page and App. These are detailed in the attached document, with future work to also be undertaken on the Dashboard.
We have also commenced discussions with one of our clients regarding the ability to accept incident reports into Periscope’s system that have been created in conjunction with an artificially intelligent application. This is an exciting development, as our product roadmap has a focus on implementing initiatives that support seamless data movement through APIs (application programming interface) and leveraging emerging technologies such as artificial intelligence. Periscope’s, Praveen Reddy, has also recently successfully completed an online course with MIT in the US entitled “Artificial Intelligence: Implications for Business Strategy” to support the uplift of knowledge in this developing area.
What is Trending?
Some of Periscope’s recent client activities are briefly described below:
Periscope presented to another energy company in relation to compliance and risk modules last week. With tighter regulation and greater focus from regulators, a number of energy companies have approached us in the last few months to look at systems to support improved governance
Periscope has been working with a client to develop an App that is to be used to complete relevant checklists for the decommissioning of government IT infrastructure at over 60 sites throughout Victoria
One of Periscope’s water authority clients visited in recent weeks to discuss the application of the Board agreed risk appetite statements to individual strategic risks with KPI measurements. Conceptually this sounds great, but has proven to be challenging in practical terms. The conversation also covered one of the perennial risk issues which is whether to duplicate health and safety risks (linked to a standard library of corporate controls) across each business unit in the organisation or to have one set of risks being managed at higher levels within the organisation
Discussion were undertaken with a client organisation regarding the broader rollout of a client manual handling risk assessment tool that identifies the risks associated with caring for people who require partial or full assistance in undertaking daily activities. While the focus is on the carer, it also reflects greater understanding of the client. The output includes a report that identifies equipment, behavioural, clinical and procedural risk factors and another report that details the client manual handling procedures required based on the task and activities being undertaken
A leading UK based biomedical research institute committed to using Periscope’s risk management module, which is hosted on Amazon servers located in Dublin.
Some of our modules that clients have implemented in the last month include:
Chemical risk assessment tool
Health and safety incident reporting
For another client, Periscope has developed a form that allows Executives to have a helicopter view of risks within their part of the business. The form includes a chart displaying all risks and the Top 10 risks by risk ratings, as well as allowing easy access to the linked records that make up the statistics.
VicWater 2019 Audit and Risk Symposium
Periscope’s Ian Dockeary attended VicWater’s 2019 Audit and Risk Symposium on 12 June. Ian was able to meet some representatives of client organisations, with his two key takeaways being:
Cybersecurity – the need to continually educate staff in relation to using appropriate passwords, phishing and other scams and managing the privacy of sensitive data
Data analytics – the need for organisations to understand the data sets they have captured, how they were derived (including any data bias) and then using it to improve organisational performance.
Office of the Australian Information Commissioner (OAIC) Notifiable Data Breaches Scheme Annual Report
The OAIC has released its first annual report covering the notifiable data breaches scheme introduced in February 2018. While malicious or criminal attack accounts for 60% of the breaches report, greater than one third of breaches are related to human error. A link to the report is provided OAIC data breach annual report
Case Study – Health and Safety Hazard and Incident Reporting Key Issues
Last month, Periscope presented a case study of a hazard and incident reporting system that has been recently implemented. Based on our experience of hazard and incident reporting systems, we thought it was worthwhile capturing the typical conversations we have with clients when implementing these systems.
What does your success story look like? – Using this technique allows everyone to focus on the outcomes that are important without getting bogged down in the detail of data fields and layouts.
Who are your stakeholders? What are their needs and concerns? What are your needs of them? – By identifying the key stakeholders and their relevant attributes, it ensures a more holistic view of the system that is built and capture of relevant information for reporting purposes such as regulatory reporting.
What information do you want to capture at the reporting stage? – Too often we see clients expecting their users to capture a lot of information and in some cases, require users to guess or estimate information that is then presented as factual data as part of KPI and analytical reporting All this tends to do is discourage people from reporting the hazard or incident. In our most recent build, the App only requires users to complete around five data fields, which was strongly emphasised by the CEO.
What hazard or incident types are to be captured? – Different event types can be captured within the system beyond health and safety, with each type resulting in different workflows and notifications. Other event types can include property damage, water quality, environment, information technology, material supply and quality and corporate incidents such as fraud. We have also seen an increase in the use of incident categories related to harassment, bullying and mental health and wellbeing.
How do you rate a hazard or incident? – This is one area that causes significant confusion. Some clients have chosen to risk rate an incident, but this can be problematic as based on the likelihood, the incident has already occurred. The more effective categorisation we have seen have used the organisation’s consequence matrix to assess the impact of the incident and the potential impact of the incident.
What is involved in the process of investigation? – The conduct of the investigation varies from organisation to organisation and can include who can undertake the investigation (e.g supervisor), timeframes to be met, different levels of investigation depending on the incident. severity and the level of analysis based on root cause and classification of the injury. Some clients have found using an image of a body easier to deal with than complex classification structures
How do I deal with an injury? – One of the areas that Periscope strongly advocates for is the use of a separate injury form rather than capturing injury information in the incident record. This ensures additional layers of security and workflow can be applied to the injury form to protect privacy of the injured party.
What should be done with corrective actions? – It is quite common to have a separate Action form where corrective actions can be allocated to other staff members to complete. The Action form can have its own workflow. Statistics can be captured from the Action form that feed back into the Hazard and Incident form.
When do I close a hazard or incident? – This is a question we get asked quite often, but it comes back to the organisation. Some organisations close the event once the investigation has been completed and corrective actions identified, while other organisations only close the incident report when all corrective actions have been completed. The challenge with the latter approach is that the event can remain open for a considerable period of time, as some corrective actions may have budgetary implications, and funding may not be available for several years, so in essence an event is being reported that is several years old. Also some close out processes can include verification processes to ensure that an event has not been brushed over.
What lessons have we learned? – This is the essence of why you have a system but is very rarely done. Each event should be assessed for the lessons that have been learned and this knowledge should be shared to drive continuous improvement and innovation. Quite often we will encourage clients to have a data field and some categorisation to capture this information and then have an automated scheduled report running on a weekly or monthly basis to disseminate this information to relevant staff. One of the most effective uses we have seen of this reporting was the scheduling of an incident lessons report every Monday morning at 5.30 am prior to staff toolbox meetings.
Other elements that haven’t been touched on are:
The application of legal privilege
The importance of providing positive feedback and thanking the event raiser to reinforce a culture of reporting
Being conscious of how far and wide email notifications are being sent
Analysis of data such as looking at the ratio of near misses and hazards to incidents
How the data is being used beyond health and safety. For example hazard and incident statistics inform the likelihood and/or consequence of risks, the performance or absence of controls and breaches against compliance obligations.
As with any system, clients should be running an appropriate change management process to bring staff along the journey.
Tips and Tricks
Google address API
The use of the Google address API linked to a text field ensures that there is data integrity for addresses entered into the system. This is particularly useful for freedom of information, complaints and hazard/incident locations.
Questionnaire/Survey Progress Bar
The use of the questionnaire/survey progress bar is a useful visual cue that can be used to guide users on their progress when completing such forms. This can be used on questionnaires for activities such as compliance, attestation and conflict of interest.
As always, please do not hesitate to contact me at firstname.lastname@example.org or 03 9882 1896, if there are any matters you would like to discuss.