Learning the lessons
The previous tips ‘Return journey’ and ‘Home from home?’ touched on the importance of post-incident reviews to ensure that issues and problems encountered, lessons learned, gaps in capability and follow-up actions from our recent experiences are captured.
But it’s not enough to just capture and record these things for posterity. Lessons simply recorded are not lessons learned until they’ve been acted upon – until then they are merely lessons identified.
It’s not uncommon for organisations to identify the same ‘lessons learned’ – from exercises or real incidents – multiple times, implying that the lessons weren’t learned at all. They may have been logged, but recommendations weren’t subsequently acted upon and, surprise, surprise, the same issues and problems were experienced again (and sometimes again and again).
In much the same way that simply writing your risks in a risk register doesn’t make your organisation any more resilient until you implement some mitigation measures, merely recording lessons identified in a report won’t improve your business continuity or crisis management capability unless you do something to address them.
So make sure your post-incident reviews are worthwhile and beneficial, by ensuring there’s a mechanism in place to follow up on the recommended actions and confirm that the problems and issues that prompted them have, in fact, been resolved.
The starting point, of course, is to actually conduct a post-incident review, which many organisations still haven’t done. Perhaps, for some, that’ll be a lesson ‘learned’ when they experience similar issues again in the future!
Stop press :
If you need some help with facilitating your post incident reviews and/or following up to ensure the lessons identified are actually learned and follow-up actions completed give us a call.