Following an unexpected disruption it is very important that you conduct debrief meetings and update your Business Continuity Plan Template.
The Hot Debrief meeting should be immediately after the incident (within two days), this is to capture any immediate learning opportunities that are top of mind in the heat of the moment, but quickly forgotten.
I recently had the opportunity to use these five simple questions following an unexpected incident and got surprising results.
The incident affected two teams and the debrief response from one team was very enlightening. I shared it with the other team, who had no idea of the knock-on effects their emergency process had caused.
It was a wonderful learning and collaboration opportunity, that could have been missed without a simple debrief.
Here are the questions I asked:
- What was your key learning?
- Strengths: What went well? Why?
- Weaknesses: What did not go well? Why?
- Opportunities: Recommendations for improvement?
- Threats: Did you identify any new risks or threats?
I posed the question to my BCP Builder Community Members – What questions do you ask in a post-incident debrief? And they added the following:
- How are you feeling? (to check those involved are in the right frame of mind to go over the incident)
- Why did the incident happen?
- How could it have been prevented?
- Are you confident the issue has been resolved?
- How do you feel you performed?
- What did we do that we should keep doing?
- If you could do it again tomorrow – what would you do differently?
- What were your primary objectives within your function?
- What challenged you from achieving those objectives?
- Ask participants to rate their level of comfort/ familiarity before and after the debrief meeting
Schedule a Cold Debrief a week later to ask for any further reflections.
Once you have gathered this valuable information, produce a brief report for distribution to interested parties.
No Blame Culture
In every situation there is an opportunity to learn!
Everybody makes mistakes; try to avoid singling out anyone in a report and give the main players the opportunity of a final debrief to review and revise your report.
“Who” made the mistake does not matter because in most cases they did what they thought was best for the company. If there was no process to explain what to do then that is an organisational failing.
It is only when employees feel free to discuss their errors and learn from them that long-lasting improvements can be made.
Tracking Actions – Post Debrief
Once you have completed your report, you will have a list of action items that have been assigned to individuals or departments. It is important that you keep track of these actions and monitor them over time, to ensure they are completed and important lessons are not lost.
Follow these steps to successfully record and track post-incident actions:
- Create a Corrective Actions Register
- Ensure each Action has an Owner and a Completion Date
- Record the most important items in your calendar for follow up
- Post any residual risks in the risk register that should be regularly reviewed by the Risk and Audit Committee
- Undertake a regular review with Governance or Business Continuity Steering Group (status report style) each month
- Add to KPI’s and quarterly reporting within your organizational resilience programme
- Check the Corrective Actions Register before running any further exercises (and build it into your exercise planning meeting agenda or facilitation guidance)
- Include lessons learned from previous debriefs into your exercise presentation, so you can reiterate and actively demonstrate actions and resolutions
