Programs, Architecture & Analytics

Action Items Management

ThinkGRC Action Items Management

The 4 Rs Concept of ResilienceAction Items Management is a critical element within the Incident/Problem/Root Cause Analysis (RCA) framework/methodology.  The primary driver of Action Items is to extract value out of the Incident/Problem/RCA process by assigning actions to reduce, mitigate or eliminate risk and to reduce the probability of recurrence to an acceptable level.

The process of assigning “Action” within Incident/Problem/RCA process is commonly referred to as Corrective Actions / Preventative Actions Management (abbreviated as CAPA).  At ThinkGRC, we refer to CAPA as Action Items Management (AIM); the principles and methodology are the same, but our take is that Action Items Management should have a wide scope across the organization and CAPA is a very Process Safety Industry specific terminology.   

Action Items Management within in the ThinkGRC RCA framework is a basic concept.  In RCA, we identify the Root Causes and Causal Factors for the Incident/Problem.  After doing so, we develop one or more Corrective and Preventative Actions per Root Cause and/or Causal Factor to reduce, mitigate or eliminate “risk” and reduce the probability of recurrence to an acceptable level.

Action Items Best Practices:

  • All Root Causes should have at minimum one Corrective Action and one Preventative Action assigned.  This can be a one-to-many or many-to-many relationship.
  • Action Items should reduce, mitigate or eliminate “risk” and reduce the probability of recurrence to an acceptable level.
  • Action Items should be evaluated based on a cost benefit analysis.  Actions Items with the most advantageous cost to benefit ratio should be recommended for implementation.
  • Action Items should be (primarily) prioritized by risk and cost benefit.
  • Action Items should contain clear implementation requirements, assignments and timelines.
  • Action Items should contain additional classifications/metadata so they can be easily tracked, analyzed and reported as metrics.
  • Action Items should be properly analysed, tested and monitored to ensure that they do not introduce new or unforeseen issues prior to and post implementation.
  • Action Items should be transparent and communicated to all parties involved and impacted by the Action.
  • Action Items Management should be integrated into Change Management.
  • Action Items should be viewed on an individual and aggregate level.
  • Action Item metrics should be developed that support organizational objectives and culture change.

Correct & Preventative Action Item Definitions:

Corrective Actions:

  • Corrective Actions are actions taken during a negative impacting event or during remediation to fix, stop, or mitigate the event. Corrective Actions have a direct & tangible impact and address Root Causes and Causal Factors.
    • Sample Corrective Action: An incident was caused due to the failure of a hard disk on a business critical production server with no redundancy.  The Corrective Actions are to fix/replace the hard disk and return the server to production operations.   

Preventative Actions:

  • Preventative Actions are actions taken to implement controls to prevent, mitigate or eliminate the probability/risk of future event recurrence.  Preventative measures are (in general) controls implemented in the areas of people (training), processes/procedures (documentation) and/or technologies (monitoring/fail-safes).   
    • Sample Preventative Action:  An incident was caused due to the failure of a hard disk on a business critical production server with no redundancy.  The Preventative Actions should be focused on redundancy which will lower the probability/risk of failure.  Preventative Actions could be one or more of the following all of which have multiple technologies that can be implemented: disk redundancy, server redundancy, load balancing, monitoring, and/or preventative maintenance procedures.

Action Item Record and Data

Action Items should be documented.  It is important to keep concise documentation on Action Items to ensure that they are tracked, implemented and effective.  Closure of Actions is important for the closure of an Incident/Problem and the overall RCA process.  At ThinkGRC, we recommend that an Action Item contain a core set of data points to support the Action Items Management process.

Actions should be documented along with the Incident/Problem/RCA documentation, in addition as a best practice, we recommend that you also consolidate Action Item records into a single tracking mechanism such as a spreadsheet, database or software application to enable easy access and sharing of data.  Software Applications also have functions such as email, reminders, and time based business rules to help facilitate the Action Items Management process.   

Regardless of the technology used, we recommend that you define Action Items with the following attributes.  These attributes will give you the (minimum) best set of data points for performance metrics which are described in the next section.

Action Item Record Data:

  • Reference to Incident/Problem/RCA (ID) (Name/Description)
  • Action Item Description
  • Priority (e.g. High, Medium, Low)
  • Target Date
  • Completed Date
  • Assigned To: (Operational Area/Department)
  • Assigned To: (Individual/Person)
  • Action Status (e.g. Not Started, In Progress, Completed, Overdue)
  • Corrective or Preventative Classification
  • Estimated Cost
  • Actual Cost
  • Approved By (if approval is required)
  • Post implementation review assessment

Previous | Next

Print Friendly, PDF & Email