What is an SOP?

What is an SOP?


 SOP stands for standard operating procedure, a document that provides guidance to employees on how to carry out routine complex tasks. It is a really important document so the individuals who are writing it need to be familiar with the steps involved in the process. They might need to make important decisions, such as deciding if the SOP is right for the procedure it is prepared for. 

 Regardless of how complex a task is, it can be broken down into smaller parts that are easy to understand. Some industries that use SOPs include hospitality, healthcare, education and manufacturing.


Benefits of SOP

There are many benefits attached to a standard operating procedure. Some of the main ones are:






Following the instructions detailed in the standard operating procedure maintains consistency and ensures that employees are compliant with the quality standards of the business. It is especially helpful when hiring new people. Employees will receive the same training which allows for adjustments if errors are found and will enable them to get used to the position faster. The framework aims to maintain reliability and allow the business to run smoothly without worrying about the outcomes. 



Fewer mistakes will be made during the task as employees will have all the information they need and they will not be expected to come up with ideas. They will be able to gain knowledge from performing the same steps and the repetition of actions will make it easy for them to complete the task. In the case that an employee is absent, another one can take over the task as the instructions are already provided. SOP can make the procedure more efficient while increasing productivity. 



It can increase the level of safety as the steps provided in the document are in agreement with work health and safety requirements. As someone familiar with the procedure has created the document, it is expected that they have researched the safest way to complete the task. It will also protect employees and the organisation from any potential legal issues that might arise. 


Types of SOPs

SOP can be used as a tool to measure employee performance as everyone has to follow the same instructions. It makes it easier to review performance and provide feedback when all employees follow the same document. This is why it is important to choose the right type depending on the business. Management can choose from:

-Step-by-step SOP

-Hierarchical SOP

-Flowchart SOP


Step-by-step SOP

This type of SOP includes bullet points or numbered points. It is usually used for straightforward processes with a short time frame. Each point gives instructions that do not need a great amount of detail.

Hierarchical SOP

Hierarchical standard operating proceduress are necessary when the task requires a lot of information so steps need to have substeps and provide more instructions. It can look similar to a step-by-step SOP as it can be presented using numbered directions9


Flowchart SOP

Flowcharts can provide solutions if outcomes are hard to predict. They have more visual elements than the other SOP types. They give instructions on what employees need to do based on a task they performed. It could be a health inspection during which a doctor needs to determine what issue the patient is facing. 


How to write an SOP

 The business needs to determine whether a standard operating procedure will be beneficial. It needs to outline the goals it will achieve and what will count as a successful document. The management might also need to think about the ways they will measure its effectiveness.

 An individual will not be able to create an SOP by themselves. It is a complicated process that requires a team. After the team has been appointed they will need to collect all relevant information and details on the procedure. They can then choose the right type of SOP based on the task that will be performed. After writing the SOP they will need to review it carefully to detect inconsistencies or errors. They might need to test certain tasks, edit the document and test the new changes.

They can also ask for recommendations from other managers or staff members. After they decide on the final edits, they can implement and train employees on how to use the SOP correctly. Evaluations of the SOP might take place after it has been published as employees might not complete the task similar to the team that created the file. There is always space for improvement. 


What is included in an SOP

Every standard operating procedure has its own structure and it heavily relies on the type that has been chosen. The most common structure includes:

-Title page with the name of the business, name of the procedure and date of creation

-Table of contents which shows the main titles 

-Purpose of SOP


-Roles and responsibilities 

-Procedure (Instructions)

-Additional details or documents


-Approval signatures

 Definitions and references might also be included.


Potential problems with SOPs

 A standard operating procedure is not the perfect solution. It needs to be updated regularly as equipment and procedures are updated to ensure it does not provide employees with incorrect and outdated information. Some employees might struggle to use one as they want to incorporate their own ideas into their work. Their creativity and individuality will be lost as they have to apply preplanned actions to their tasks.

 If the team who created made it hard to read it will be difficult for employees to follow it. This is why the focus should not only be on grammar and language but on layout and readability. Short paragraphs will be necessary and information should be conveyed in simple terms. 

 Contrary to management belief the standard operating procedure might not suit the task as it has many components. In that case, the company could have wasted resources on creating a document that possesses no value. It might also not be suitable if the task requires a flexible approach that consists of more decisions. The standard operating procedure might not be enough, which is what Governor Philip Lowe believed in the case of Reserve Bank Australia. 



A standard operating procedure can be a very beneficial document if used correctly. Communication between the team, management and employees is necessary to ensure that it is implemented properly and achieves the purpose it was created for. The organisation needs to be flexible and understand that not all tasks require an SOP.

Book a Demo Now

Learn more about how Polonious can help you measure the effectiveness of your standard operating procedure. 

Why policies are necessary for your business

Why policies are necessary for your business


Policies outline how businesses should manage issues and set expectations for all employees regardless of their position. Businesses of any size or industry need to have policies as they help them in their mission to be successful entities. In some countries, policies are often required to promote compliance. They set standards for what is perceived as acceptable and unacceptable. 


Policy vs Procedures

 While policies act as a guide for decision making and day to day activities, procedures are most specific and explain step by step actions. Policies outline principles that need to be followed but they do not explain how they need to be enforced. They leave room for flexibility while setting a common standard. On the other hand, procedures provide a lot more detail that do not allow for extensive improvisation. Most of the time policies remain the same for a long amount of time. 


 Policies are usually created by senior management while procedures can be created by the lower-level staff. The language used in both is expected to be simple and easily understood by everyone. Procedures can supplement policies by showing employees how to implement them. The policies present the guidelines and the procedures give the flow of activity. 


Types of policies

A lot of policies are essential for every business to have. Important policies include:

-Code of conduct

-Work health and safety

-Anti-discrimination, harassment and bullying


Code of conduct

 The code of conduct is the set of rules, principles and responsibilities that everyone within an organisation needs to abide by. It describes how employees need to interact with customers, society and other third parties relevant to the business. It covers most departments of a company and encourages ethical behaviour and compliance by all staff. A code of conduct can help the company achieve its mission by establishing its values among employees. It will ensure that staff have a document to refer to when they want clarification on what is appropriate and what is not. Sometimes a code of conduct is required by law but it is necessary for a business to have one regardless. 


Work health and safety 

 This policy focuses on the obligation of a company to create a safe environment for people, whether they work for the company or not. It can include instructions on how certain duties must be performed or how workstations need to be organised. Employers have a duty of care to stakeholders, to provide a workplace where reasonable measures have been taken to eliminate risk. A work health and safety policy assists in avoiding incidents or accidents and therefore prevents unnecessary costs. It shows that the organisation takes safety seriously and is committed to reducing workplace injuries. Risk assessments and incident reports can be very beneficial in ensuring employee, client and stakeholder welfare is prioritised. 


Anti-discrimination, harassment and bullying

 Anti-discrimination policies are important for building a comfortable work environment for all employees. Discrimination can occur due to many factors including race, age, sex, and disability. Organisations should also develop policies to prohibit harassment and bullying, not only for the benefit of employees but to avoid legal trouble. Discrimination can be direct or indirect, but both types can cause conflict between employees and reduce productivity.

 How employees are treated at work can heavily impact their mental health which is why policies that discourage such behaviour are crucial. Managers need to be aware of staff bullying or of victims so they can stop it and enforce the policy’s expectations of promoting respect and equality. The last thing organisations want is a hostile work environment. 



 A grievance policy explains to employees the rules about raising concerns and filing complaints. What counts as a grievance should be clearly defined to avoid confusion. By resolving problems that occur, organisations can foster a supportive environment in which staff can share their worries. It can include a procedure employees need to follow in the case they have an issue, such as pay inconsistency, and steps management can take to address this issue. The grievance policy relates to the code of conduct, work health and safety and anti-discrimination policies. It outlines how employees and managers can deal with the guidelines of these policies not being followed.


Why policies matter

Without policies, employees have no rules to refer to when making decisions


A policy clearly sets out the rules and standards that the company expects all employees to follow. They are especially useful when hiring new people as managers can use the documents to communicate with them effectively. Policies reduce misunderstandings as all information is precisely provided to every member of the organisation. To increase clarity, a policy can be updated to reflect the changing work environment and protect both staff and the business. 

-Fair treatment

Policies ensure that all employees will be treated fairly and will be held accountable equally. They promote consistency as the same expectations apply to all employees regardless of their position. Policies such as the grievance policy encourage improvements, as complaints can be dealt with in a constructive manner that will make the work environment a better place for everyone. Diversity does not only apply to gender, race and culture. It also applies to different work backgrounds. Employees could have previously worked for many different organisations with different missions and expectations. Policies exist to remind employees of the guidelines of their current workplace and create an equal work environment.


A policy aims to reduce issues within a workplace and provide a collaborative work environment. There are many risks that could affect employee performance and by tackling problems, managers will be able to improve productivity and efficiency. They save time as they provide a reference for managers and remove the need for management to second guess their decisions. They support a coordinated approach towards achieving the company’s mission and vision and solidify the organisational values. Many companies in the UK try to benefit from a ”triple dividend policy” by implementing a 4 day work week. 


Policies are essential for every business. Policies such as code of conduct, anti-discrimination, harassment and bullying and work health and safety are crucial in protecting employees and avoiding lawsuits. Some governments might mandate a certain policy while others can be optional. Businesses should shape their policies to fit their organisation and its vision. This will increase productivity, clarity and ensure fair treatment of all employees.

Book a Demo Now

Learn more about how Polonious can help you implement your policies and increase compliance. 

How to implement the COSO framework

How to implement the COSO framework

COSO framework

 COSO stands for the Committee of Sponsoring Organizations. It refers to the system that allows businesses to assess their internal controls in regard to their organisation’s processes. The framework was introduced in 1992 and due to the changing business environment, it was updated in 2013 to increase its relevance. It includes five components of internal controls, objectives and principles to help a company make its vision a reality. It was created along with five other private organisations: 


  • Institute of Management Accountants (IMA) (formerly the National Association of Accountants) 
  • American Accounting Association (AAA)
  • The Institute of Internal Auditors (IIA)
  • American Institute of Certified Public Accountants (AICPA)
  • Financial Executives International (FEI)

The COSO framework is usually depicted as a cube that focuses on three of its sides. 



The COSO framework has 3 main objectives. To remember those the acronym C.O.R. might be useful.






Compliance is crucial as it focuses on whether the business is abiding by the laws and regulations. These objectives ensure that all relevant rules will be followed during the operation of the business and that managers are aware of all regulatory bodies that affect the company. 



 This COSO goal refers to the performance of the business and targets the effectiveness and efficiency of an entity. This objective can be set for the management to determine whether the operational goals that they have to achieve are realistic.



 It involves the requirements of reporting financial, non-financial, internal and external information. Businesses need to be aware of what they need to report and ensure that they produce quality documents that are reliable. 

 The objectives are on the top side of the cube and they need to be achieved through the components of the framework.  To determine the effectiveness of the framework the company can look at the areas that are covered which include the function, business unit, division and entity level. 


COSO framework components 

The front side of the cube focuses on the five components of the framework. Sometimes the acronym C.R.I.M.E. is used to make the components easier to remember. These are:

-Control environment 

-Risk assessment 

-Information and communication


-(Existing) Control activities 

Control environment 

 This component refers to the standards and processes within the business that enable the internal controls to be implemented. They ensure that the organisation is running in an ethical and responsible way. The board of directors and management of the company are very important in this component as they set expectations and ensure the enforcement of those standards. The control environment is crucial in setting the tone the enterprise operates in. Ideally, this would mean an environment where people are held accountable and there is a commitment to ethical values.

 An example of how the control environment can affect the business could be if the management stopped following the current controls, such as not performing bank reconciliations regularly. This can increase the risk of fraud and unauthorised withdrawals which can cause problems with cash flow and business growth. 


Risk assessment 

 Business risks are threats that could lower profit, efficiency, productivity and overall the achievement of financial goals. Every organisation faces some type of risk, such as compliance, operational and security risks. They could be either from the internal or external environment and they vary in impact and likelihood. A risk assessment helps to identify those risks and develop strategies to manage them. By controlling, reducing or eliminating risks an enterprise can achieve its goals effectively and minimise its losses.

 As the business environment changes, so do the threats that affect a company. For example, a manufacturing company might perform a risk assessment regarding a crucial piece of equipment malfunctioning ro predict the impact it will have on its projects and organisation. 


Information and communication 

 The COSO framework ensures that communications, whether internal or external, meet ethical and legal requirements. By maintaining the industry-standard practices, the business will be able to set and achieve its objectives in a responsible manner. The main focus is on quality information that assists in carrying out internal controls. Failing to obtain and use quality information can have a negative impact on the effectiveness of communications. There needs to be clear and direct communication between team members, supervisors, management and the board of directors. Emails and meetings between staff fall under information and communication.



 It is not enough to just establish internal controls, there needs to be monitoring to oversee the elements of the COSO framework. Monitoring is essential to ensure that internal controls are enforced. It gives reassurance that the components are carried out effectively and that staff are complying with the requirements set by the organisation. Separate evaluations might be needed. An example of monitoring are internal audits. These are usually carried out by auditors and results are reported to the board of directors. The information gathered from monitoring can show any issues that might exist within the organisation in relation to the internal controls. 


(Existing) Control activities 

 Control activities are related to the risk assessment component as they are in place to mitigate risks across different departments of the business and help it achieve its goals. They are created based on the policies and procedures and they need to be reviewed frequently to reflect the changing objectives and risks. They can be developed as a way to detect or prevent threats and they need to address all levels of the company. An organisation may implement regular preventative maintenance as a control activity to ensure its machinery does not malfunction. 


How to implement the COSO framework

COSO framework

 It is crucial to understand every aspect of the framework before trying to implement it. The more familiar the management is with the COSO framework, the more effective the implementation process will be. The steps include:




-Testing and reporting

-Optimisation of internal controls


 Like most actions, a plan will be required to implement the COSO framework in the organisation. The five components need to be considered before starting this step. A team that will be responsible for the implementation can be created. It can also be given to a committee, usually the compliance or audit committee. The team can then decide the resources that will be needed for the framework to cover all areas of the organisation, the timeframe and the responsibilities the staff within the team will have. There needs to be constant communication between the group and the management or the board of directors to ensure a smooth implementation. 


 At this stage, the control needs to be assessed and the committee needs to determine if there is a formal enterprise risk management process. Documentation will be needed of the ERM process, along with other risk management strategies. The committee might come to the conclusion that there is not enough documentation of business activities. If that is the case, a consultant might be required to organise this process and analyse whether the guidelines in place support the COSO framework or if they need to be changed. Once the processes and controls have been documented the committee might conduct interviews with certain employees to decide how to implement controls for different processes. 



 If the assessment step has identified gaps between the state of the organisation and the COSO framework components changes will need to be made to cover these gaps. A remediation plan can be created to address each of the weaknesses in the documents and outline the timeframe in which those weaknesses will need to be resolved. Every change needs to be overseen by the relevant staff. Once the remediation plan is implemented, it is important that it can be understood by both internal and external stakeholders. 


Testing and reporting

 Testing can help in determining which controls need prioritisation. Qualitative and quantitative data are relevant in this step to assist in rating internal controls. A test should identify which risk it is focusing on and the management strategies that have been taken to mitigate it. Through interviewing, observing and analysing, management can get a better idea of the effectiveness of each control. In some instances, quantitative data is more useful while others might require qualitative research. The committee needs to evaluate the approach they will take case by case to make the right decision on how to test and report their findings. 


Optimisation of internal controls

Based on the findings of the previous steps, new internal controls can be created or current ones altered. The decisions for these developments should be made in accordance with the business’s objectives and ethical responsibilities. The COSO framework will help the business connect its goals to its control and assist in the effective operation of the organisation. Just like most steps, monitoring will be necessary to ensure the optimisation of the internal controls and ensure they are still addressing the threats they were developed for. Monitoring usually involves the collection of data and reports that highlight the performance of the measures. 



The COSO framework offers many benefits if implemented correctly. One of them is the improvement of internal controls. The internal controls allow the organisation to manage its risks and make better decisions. The business is more likely to identify potential threats and be proactive when responding to risks that it is facing. It encourages reliable reporting which can result in better decision making.


It can also reduce business costs as organisations understand risks better and are able to collect meaningful data from their operations. By focusing on operating ethically and legally the business will prevent costs associated with lawsuits and damage to its reputation. This will also attract more investors as the business is reducing its exposure to legal issues and community backlash. It will also be better protected against fraudulent activities. 


COSO framework is very broad and can be changed to address various business needs that might arise. It can also be applied to many industries and different business models. It allows businesses of any size to improve their governance and as a result their security and compliance. 



The COSO framework relies on human judgement, which can be flawed. Human errors could negatively impact the success of the framework or its implementation as decision making heavily affects the success of COSO in the business. COSO relies on accurate reporting and a control environment that encourages its implementation. But humans are the ones responsible for creating that environment and producing reports that meet the framework’s standards. The reports can only be as good as the employees who create them. 

As it has been made to apply to many industries, it can be hard to adapt it to every business and can result in a complex process for the management. The framework also fails to recognise that risk methods can be put in place without the risk being identified or assessed extensively beforehand. It can prove to be ineffective when handling unpredictable events as it is constructed around the likelihood of a risk occurring. It does not take into account the uncertainty that surrounds business objectives. 



The COSO framework can be very beneficial for a company if the implementation focuses on its five core components. Each step needed for its implementation is crucial and contributes to the success of the business. Management should not try to force the COSO framework onto the business as it might not be the correct system for every organisation. In order to increase effectiveness, there must first be an assessment of whether the business in question meets the requirements for the framework. An evaluation of the advantages and disadvantages should also occur to support decision making.

Book a Demo Now

Learn more about how Polonious can help you manage risks in your organisation.

What is a risk matrix?

What is a risk matrix?

Risk matrix

 A risk matrix is a visual tool that allows employers, managers and supervisors to visualise the risks that threaten a business. It depicts the likelihood of a risk materialising and the impact the risk will have on the organisation. Risks are sometimes unknown and businesses are unprepared to handle them. 

 To understand the level of a risk, internal and external research can be conducted, experts can be consulted and employees can help by providing feedback.  By picturing both elements, it is easier to determine whether a business can be operated successfully and the steps needed to be taken for that to happen.  

How does the risk matrix work?

 A risk matrix will usually include colours, red, orange, yellow and green to indicate how important a risk is and the urgency in which it needs to be addressed. It has two axes, one for the probability and one for the impact of the risks. Red can be chosen for an area with critical impact while green is usually chosen for areas with a low impact. Yellow can depict the medium risks and orange can show the high risks. More than four colours can be used if deemed necessary.

 People conducting a risk analysis can decide on how to set the likelihood of an event based on their analysis. Very high, high, medium and very low labels can be used to describe the levels of probability of a risk occurring. For example, 0% to 10% could be a very low likelihood while 90% to 100% could be a very high likelihood. The event in which a risk materialises depends on many factors, such as the economy, so the probability will not be the same for every risk and every organisation. 


How to make a risk matrix

 Before designing a risk matrix, it is important to understand the size, budget and industry the business is in. This will allow for risk criteria to be created, against which the risk can be compared to determine whether it can be classified as a risk to the business. Every company will have its own criteria which will show whether it is affected by a threat or not. A risk analysis can be performed to identify the risks that affect the company.  After the risk analysis, a risk evaluation can follow to assess whether a risk can be controlled, eliminated or accepted.

 Establishing the likelihood of risk is a slightly complex process. Industry data, feedback from employees and expert consultations can be needed to get the most accurate result. Internal and external research is necessary to make the probability more precise. Qualitative and quantitative measures can be used to determine the likelihood of an event occurring. 

 A similar process needs to be followed to evaluate the impact of a risk. Once the likelihood has been established, it is important to look at the measures that are in place to handle that risk. If there are adequate control measures then the risk can be controlled. If they are not, then the consequences of the risk materialising need to be considered. The results might be invisible or catastrophic. Depending on the measures, the likelihood and the consequences, a risk rating is given that is reflected by the colour, either green, yellow, orange or red. 

 The effort invested into making a risk matrix determines its effectiveness so all information needs to be looked at thoroughly. A risk matrix can be created in different software such as Excel.

Parties involved in workplace investigations

Why is the risk matrix important?

 A risk matrix has many benefits. 



-Mitigation strategies

-Completion of projects



A risk matrix is a simple but effective tool. People within the business to visualise the risks they are dealing with or might deal with in the future. Rather than having multiple lines of text it summarises the risk severity and probability in one picture. It provides a very straightforward overview that ensures that more people within the business will understand why a risk is important even if they are not familiar with the language used in risk assessments. 


 By having all tasks organised, managers can see which tasks need to be prioritised. They can see the urgency of addressing certain risks and the severity if they fail to do so. To ensure that risk prioritisation is effective the risk matrix needs to be constantly updated with new risks, probability and the impacts they have on the business. Otherwise, the decisions will be made based on the wrong information. 

Mitigation strategies

The risk matrix encourages a proactive rather than a reactive approach. This prevents businesses from unnecessary costs and damage to the business and its reputation. Developing a risk matrix helps as it is supported by the risk evaluation which develops strategies to eliminate or reduce the risk. Controlling and mitigating the risk is the overall goal of the risk matrix.

Completion of projects

Once risks have been identified and analysed strategies can be developed to manage them. This allows projects to be completed successfully and on time. Constantly updating the risk matrix ensures that the project is carried out smoothly as threats are being handled and the business is prepared to deal with them. It can also help in preventing issues within a project that arise from accidents or incidents. For example, thanks to aligning their exercising with their risk matrix, the SNZ managed to attend the Tokyo Olympics during the COVID-19 pandemic. 



Just like every tool, a risk matrix has its own disadvantages. There are more disadvantages for poorly designed risk matrices but the most common ones are:

-Inaccurate information 

-Compressed data

-Lack of timeline


Inaccurate information

A poorly executed risk analysis can paint a very different picture than what is really happening. It can show some risks as being insignificant while in reality, they could pose a great threat to the business. Sometimes the depiction of the risks might not be an accurate visualisation of the impact a risk can have on a business as colours are mostly assigned based on percentages or estimations. 


Compressed data

Detailed data is presented in a simple form that can remove important elements from the risk. While this can make the severity and likelihood of the risk easier to understand it can reduce the complexity that comes with risks. Most of the time risks are not simple. They are very hard to address and to mitigate and the risk matrix does not differentiate them clearly. It might also not present how risks are connected with one another and how one risk can affect the final outcome.


Lack of timeline

A risk matrix does not specify the timeline in which risks need to be dealt with. It is just a visualisation of the probability and impact. This can lead to poor decision making as managers and employees just see colours rather than a plan. For example, medium urgency risk might need to be eliminated faster than a high-risk one due to the timeline of a project. If a risk matrix is not updated regularly it can fail to show the timeline in which a risk is changing.



Being organised and identifying vulnerabilities will help the organisation survive in an environment where risks constantly evolve. A risk matrix can be a helpful visual technique to highlight the impact and likelihood of risks but it can only be effective if used correctly. It is also not made for every business. Each manager needs to evaluate whether a risk matrix is appropriate for their business. 

Book a Demo Now

Learn more about how Polonious can help you conduct a successful and effective risk assessment to help you create your own risk matrix.

Incident report template

Incident report template

Incident report template

 Incident report template: A very useful form for every business. An incident report is a form that needs to be filled out with facts about an occurrence, regardless if it has caused an injury or not. An incident report could also be written about a hazard or potential hazard in the workplace. There are many details that are included within the report and an incident report template is very beneficial as it gives a good place to start.


 The form should be completed soon after an incident occurs. Even if the event is seen as minor by those involved, an incident report should still be filed. Something that is deemed as minor could have an impact in the long term, for example, a small injury that could affect an employee’s ability to work in the future. In the event of an emergency, the incident report template should be filled out within 24 to 48 hours, depending on the nature of the emergency.


Why are incident reports important?

 Incident reports could flag an unnoticed issue in the workplace environment. Sharp edges, unorganised wires, unmaintained equipment and other items or activities that are seen as harmless could pose a danger. By reporting an accident, a near miss or a hazard, future incidents can be avoided. An investigation needs to follow to find out how and why the event occurred. This will help in raising awareness about potential risks and improving workplace safety.


Why is an incident report template important?

 An unplanned event can cause a lot of chaos, uncertainty and confusion. There might be a lot of information, different people involved and there are some essential details that need to be included in the report. An incident report template allows workers to fill out the form with all the information required. It acts as a ‘to do list’. It gives them a place to start and there can be different templates depending on the issue. 


 There may be varying incident report templates to account for the different types of incidents that could occur. For example, a near miss incident report template might not be the same as one for an accident that causes injury.  The facts in each report might slightly differ, but they are all written with the purpose of protecting employees. A template needs to be prepared in advance, not after the incident has taken place. 


What needs to be included in an incident report template?

There are quite a few things that need to be recorded. 

-Type of incident (Near miss, accident etc.)

-Personal details of the affected individual(s). This includes full name, home address, contact number 

-Position of the individual(s). They could be an employee, contractor, visitor etc. 

-Date, place and time of the incident

-A comprehensive recount of the incident. This should also include damage caused to those involved and property as well as details of the actions taken by every individual involved..

-Witness statements and their names if the event was observed by bystanders


-Corrective action

Incident report template

How should an incident report template be completed? 

 There is a lot of relevant information that should be included in the report. It is crucial to note how this information should be added to the template. Some things to remember are:

  • Thorough description
  • Objective recounts
  • Accurate witness statements
  • Types of evidence

Thorough description

A good incident report template should encourage the writers to provide a lot of detail regarding the incident. An exhaustive recap is essential for managers and owners to understand what unfolded. Especially if there is an injury or a hazard involved, the description needs to be precise. When writing precisely what occurred, no information is “too much”. Every little detail is necessary to ensure an accurate recollection of the incident and a safer workplace.   

Objective recounts

When describing the environment, the damages and when giving witness statements, no emotions should be recorded. The incident report needs to state explicitly what happened without taking into account the feelings of those involved. Emotions could complicate the situation by providing a false picture of the incident. Witnesses should also focus on being objective rather than creating bias.

Accurate witness statements

If the event was observed by a bystander, then the bystander needs to contribute to the incident report by giving their point of view of the incident. Their responsibility is to provide accurate and clear information, not opinions or vague statements. Their statement is crucial in reinforcing the gravity of the occurrence and can help in providing corrective action. If the witness is not personally completing a report then the witness statements should be quoted and the reporter should refrain from using their own words.  

Types of evidence

 Evidence can support the investigation by confirming the facts in the incident report and highlighting how the incident occurred. In addition to witness statements, employees could provide photos or CCTV footage if there are cameras in the area. That is why recording the time and date of the incident is essential. Photos could show the damage to property and any injuries inflicted on the individual. The CCTV could include the whole accident happening on camera or how a hazard could pose a potential danger to those working within the space. 


 A general incident report template is the best option as it can be created to fit any event. It makes situations simpler and removes the need for having multiple documents for the same purpose. Incident reports are easy to create. The template should emphasise the four points above and include space for all the required details. It makes the investigation easier the more specific the information is. 

 Police should be notified in the case of an emergency and if they are notified it would be a good idea to include this in the report. An ambulance might be needed to treat any serious injuries. The Work Health and Safety regulator should be the first person contacted if the incident is not as urgent. If one is not available then the next person of contact should be the manager or owner.

This Incident report template is an example of what an incident report template should look like. A business can choose to make changes and add more elements to it if they deem it necessary.

Book a Demo Now

Learn more about how Polonious can help you conduct a fair and organised incident investigation.

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.