If a daily risk report shows a significant policy breach, what systematic steps would you take to investigate and escalate the issue?