In the events and incidents scheme, everything is entered by event and depending on the analysis and classification, it may still be an event in which it must remain in the risk module, but if it is classified as an incident there is automatically the system transfers it to the incident security module, the application should not duplicate the events in incidents because it lends itself to misinterpretation by the auditor. They must improve that process.