We all forget things from time to time, after all we are busy people and often we are under pressure to move on to the next task, the next deadline, the next target. ‘It’s done, move on.’ Rarely do we afford ourselves the luxury of looking back over something we have done.

We are like mountaineers desperate to reach an unachievable summit to the point that we can’t even take a moment to take a look at the view and acknowledge where we have come from, what we have achieved, what has gone on.

I was discussing an incident with one of my clients recently and in particular some of the feedback from one or two stakeholders about how the situation was managed.

Now, it’s all well and good getting feedback and I would definitely encourage it, but if it is informal or adhoc then it will not be structured or balanced in it’s view and at worse could even be factually incorrect leading to inappropriate decisions and follow up actions.

My point is that we write into our processes and procedures that Post Incident Reviews will be carried out, but go back to the opening paragraph for a second or two – yes you, go back and read it!

So, Post Incident Reviews can, and do, get dropped or missed from the process. Everyone’s too busy, too busy sorting out the next incident, too busy cleaning up the mess but actually they are too busy working on stuff that could be prevented or managed more effectively. It’s a false economy guys!

The purpose of the Post Incident Review is to gather together the relevant expertise to ensure the risk of a repeat is minimised, the response is more effective and the impact reduced. There will always be learnings and in my experience the one thing that really irks our stakeholders is when we have not learnt from past experiences.

So, the Business Continuity Process does not finish when the organisation is back up to running at full speed after an incident or Business Continuity event, oh no, no, no! We need to learn and work to make sure we improve for the future. Do your Post Incident Review!

Rather than having ‘water cooler’ conversations or email sniping about who let the side down, get some discipline in place, get some structure and go through the steps to fully establish the facts from all sides and reach agreement on what needs to be done. Don’t accept excuses from people who cannot or will not participate otherwise they will ignore the findings. Get the team together, thrash it out and take the right action.

Clearly your organisation is not going to undertake Post Incident Reviews on every incident so it is important to set a threshold level to which the process will apply. Think about your incident severity ratings and decide where the process should kick in. Additionally, set a standard about how soon after the event they should be undertaken. Document the meeting, record the actions and make sure they are followed up to completion. Easy.

The hardest part is stopping us all from being too busy to complete this important step. When the next one comes up you’ll be thinking ‘I really don’t have time for this’, but you need to, and your stakeholders will thank you for it. You never know, it may even make your life easier next time something similar occurs.