An after-action review (AAR) is a tool that supports organizational continual learning and improvement. Like any tool, it is only as good as its application, so a careful evaluation process and comprehensive data collection and analysis is critical. The AAR has been refined over years of application and is considered a best practice. So why do so many AARs fail to meet the needs of the organization?
An AAR is a crucial part of the iterative cycle of emergency management. It is a critical review and assessment of actions taken as part of a response during an exercise or an event in order to ascertain and benefit from best practices, identify opportunities for improvement, and promote organizational learning and continual improvement. For an AAR to be effective, the process must have the support of senior decision makers and their commitment to continual organizational improvement through the implementation of the recommendations. Without this support, the AAR will be challenged to meet the needs of the organization.
When endorsed by senior leaders, a well designed AAR will support critical thinking regarding the event, explore root causes of both failures and successes, allow cross-sector learning and collaboration, build consensus on areas to improve upon, document lessons learned, and provide a platform for advocacy and organizational improvement. Despite the known benefits of a well-designed AAR, organizations are often challenged to perform an AAR that provides them with the results they are looking for.
This may be because although an AAR methodology or framework is important, it is not enough. There are many validated methodologies publicly available and they each have similar areas of focus. Accessing an AAR methodology is not the challenge, it is the administration of the AAR. The methodologies all depend upon expert application and a deep understanding of systemic and human factors that influence emergency response.
Whether led by an employee of the organization or a consultant, the design of the AAR should consider the intended audience and their needs, the complexity of the event and its impact in order to inform the data collection requirements, and be led by a subject matter expert who can clarify best practices and appropriate objectives.
The assigned lead needs to understand what and who influences the decisions made during a response. This includes the people or agencies who have direct responsibilities but also those impacted by the response or may hold less apparent influence over decisions made. In order to collect the data necessary for a robust analysis, the data collection plan must consider how to include these perspectives, the potential barriers to contribution, and how to address them.
Finally, the analysis and recommendations must be informed by the data collected as well as best practices. This is most likely achieved when performed by a subject matter expert who can provide context beyond the collected data. The analysis must identify trends, opportunities for improvement and best practices, but also gaps or deficiencies. To be effective it depends on a current understanding of relevant best practices and the ability to make recommendations that not only align with the needs of the organization and are achievable, but are also grounded in a deep understanding of the real factors that influence organizational resilience.
By ensuring senior level support for the AAR, having a well developed, inclusive data collection process and assigning an appropriate subject matter expert to lead the AAR, the organization has an opportunity to benefit from the organizational learning and improvement possible through this best practice. An effective After Action Review (AAR) is an essential way to evaluate the event and inform ongoing improvement and resiliency.
décembre 14, 2021
LOG4j Vulnerability – What You Need to Know to Protect Your Network
This week, cybersecurity and IT teams around the world are scrambling to protect their networks and data from the Apache Log4j vulnerability. This high-risk vulnerability, which has the potential to affect millions of Java-based applications, is being actively exploited, causing a full-blown,...
octobre 28, 2021
Sacha Gera, President of IT and Cyber Solutions, weighs in on today's top cybersecurity threats faced by businesses.
The Ottawa-based leader and Forty Under 40 recipient has nearly twenty years of experience in SaaS industries, professional services and M&A, working in technology for both start-ups and large multinational organizations, such as IBM, Nortel and CGI. Sacha joined Calian in September...
juillet 5, 2021