[OR] [P2-S5] What is "Improve Lesson Learnt" in Operational Resilience?

Written by Moh Heng Goh | Jul 23, 2022 11:54:49 AM

What is "Improve Lesson Learnt"?

The key to improving "Lesson Learnt" is for an organisation to promote a culture of continuous learning and to improve from scenario testing and actual incidents.

It is essential to improve and communicate remediation and vulnerabilities after scenario testing.

What Should Organisation Be "Learning"?

Lessons learnt in Operational Resilience by an organisation before and after an operational disruption should include the following:

Be able to anticipate disruptive events.
Be constantly learning from adverse events affecting the organisation or the industry.
Be able to form part of an organisation's incident and crisis management processes.
Be able to provide feedback and define better controls or mitigation measures for its key processes and resources.
Be conducted as part of a series of scenario testing exercises in preparation for the actual operational disruption.

After implementing the OR program, an organisation can still experience a disruption or outage in a critical business service. This can be due to an unpredictable "black swan" event, such as the COVID-19 pandemic, CrordStrike outage, unidentified interdependencies, or "black spots" within the organisation.

These may be some good documentation to refer to in your organisation:

Post-incident report
Lesson learned report

Continuous Learning

In addition to the learning as previously described, the business landscape will constantly shift, moving the threats and challenges, and impact tolerances need to be set each year.

Hence, there is a need to learn and ensure that operational resilience is continuously improved. This includes defining the current and desired positions, and steps should be identified to close the gap between the two.

How to Improve and Communicate Lessons Learned?

Improving and communicating lessons learned is critical for continuously enhancing operational resilience and fostering a learning culture.

The following steps should be taken:

AnalySe and Consolidate Lessons Learned

Identify valuable insights from scenario testing, real-world disruptions, and post-incident reviews.
Analyze common themes and trends across learning sources.
Categorize lessons learned based on impact, urgency, and feasibility of implementation.

Develop and Implement Action Plans

Prioritize high-impact lessons and translate them into actionable improvement plans.
Assign ownership and responsibilities for implementing each action plan.
Set clear timelines and milestones for achieving improvement goals.

Cultivate a Culture of Continuous Improvements

Champion the value of learning from failures and near misses.
Encourage open communication and reporting of potential risks and vulnerabilities.
Foster a collaborative environment where everyone feels empowered to contribute to improvement efforts.

Communicate Lessons Learned Effectively

Tailor communication strategies to different stakeholder groups (management, employees, regulators, etc.).
Utilize diverse communication channels (reports, meetings, training sessions, etc.) to disseminate lessons and best practices.
Create a compelling narrative highlighting the value and impact of operational resilience improvement initiatives.

Monitor and Evaluate Improvement Efforts

Track progress towards achieving action plan goals.
Measure the effectiveness of implemented improvements through ongoing testing and monitoring.
Adapt and refine action plans based on the collected data and learnings.

Summing Up ...

Overall, by the completion of Stage 5, "Improve Lesson Learnt" of the “Implement” phase of the Operational Resilience Planning Methodology, the professional will have demonstrated the skills and knowledge to:

Leverage valuable insights from experience to enhance operational resilience.
Drive continuous improvement efforts within their organizations.
Foster a culture of learning and open communication.
Effectively communicate the value and impact of operational resilience to stakeholders.

By completing this phase, OR professionals will contribute to building a more resilient and adaptable organization that is prepared to withstand and recover from disruptions.

Definition	Explanation	Definition
Critical Business Service	Defining critical business services at the correct scope level is vital. The challenge is not to be both too granular or not granular, which will result in excessive work if it requires a detailed drill down and too high level, which results in not being able to manage the OR gaps.
Internal and Underpinning Services are NOT Business Services	Differentiate business services into three categories: business services, internal services, and underpinning services. Internal service and underpinning services are NOT business services.
Levels of Harm	Defining levels of harm, especially "intolerable harm", is crucial to supporting the identification of Important Business Services. The challenge is that what constitutes intolerable harm and the potential consequences of a disruption to individual stakeholders and customers are not apparent.
Time Criticality	When looking at "intolerable harm" caused to the customers and stakeholders by the disruptive event, time criticality is often the most significant indicator. One of the most crucial considerations is the long-term nature of fulfilling the committed obligation to deliver products and services.
Scenario Testing: Business Continuity Vs Operational Resilience	Scenario testing as part of business continuity and disaster recovery often focuses on short-term disruptions posed by technology failures or the unavailability of people, processes and infrastructure. For operational resilience, scenario testing builds and demonstrates an organisation's capacity to anticipate, prepare for, respond to, and adapt to incremental changes and sudden shocks (external disruptive events) in its operating environment.
Internal and External Communications	The ability to communicate effectively is paramount during disruptive events. Built robust internal and external communication strategies to allow organisations to act quickly and effectively to reduce potential harm.

"Implement" Phase of the OR Planning Methodology

Identify Important Business Services	Map Processes and Resources	Set Impact Tolerance	Conduct Scenario Testing	Improve Lesson Learnt

More Information About Operational Resilience OR-5000 [BL-OR-5] or OR-300 [BL-OR-3] Course

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.



	If you have any questions, click to contact us.

View full post