Risk Management – History’s lessons aide successful Managers


It was Winston Churchill that said: “Those that fail to learn from history are doomed to repeat it”. And whilst many organisations have successfully adopted this approach, there are a worrying number that are still making the same mistakes time after time.

As human beings, we tend to live our lives routinely utilising our experience to improve even in the most mundane of day-to-day activities. For example, we review the weather at the start of the day, assess this prediction against our experiences, and take the necessary precautions to ensure we are not caught out. This shows that we have learnt from a previous experience and put into place a standard practice to avoid such bad experiences as getting saturated in a rain shower! Also, we generally remember these experiences and pass on this knowledge to others in the hope that they will learn the lessons of the past without the need to suffer the experiences themselves!

However, when it comes to the business environment, past experiences are often disregarded as one-offs by managers that are keen to assert their positions within their organisations. It is a fact of life that people tend to believe that they can do things better than their predecessor and can avoid making the same mistakes.

So, how can we, as knowledgeable managers, ensure we capture and use the lessons of our past?

Learning from the Past

Simply, an organisation must define what is a lessons, how it’s captured, disseminated and used. The value of lessons learned is the ability to apply them proactively to ensure to an undertaking in order to achieve the success we expect. This principle is closely aligned to that of risk management, where we look to manage potential future events to ensure the success of an activity. Hence, it’s logical to apply risk management principles and tools to lessons learned as we can effectively borrow the key elements for our purpose!

The Principles

Although there is no rigorous needs analysis supporting a lessons learned system, the following elements of the ISO31000 Risk Management standard are considered relevant and appropriate:

  • Culture: The organisation must have a culture that supports the capture and effective use of its past experiences.
  • Process: The process must be simple and effective.
  • Training: Training is necessary to harmonise the organisation’s perspective on lessons learned and to reinforce the cultural aspects.
  • Tools: There is a need for a tool to record and disseminate the lessons gathered.

The Culture

Any organisation introducing a concept such as lessons learned will encounter significant resistance. Recognised ‘mentors’ in the organisation will feel slighted as their value could be diminished and their position of power removed. Policy and procedures, the bastion of current lessons learned theory, would need to be amended/pruned. And staff will need to be to encourage to put forward lessons, particularly those that had negative connotations, as they generally would like most of these experiences forgotten.

There are no recommendations provided on how to achieve this change as each organisation’s culture is different and requires thorough analysis before determining the best path.

The Process

As previously discussed, lessons learned can effectively use the well oiled and understood process of risk management. In fact, by capturing lessons learned data in the same format as a risk, we realise further benefits for the organisation as all existing support directed to risk management can be used!

Consider the following elements of the risk management process as they apply to lessons learned:

  • Establish Context: No change is expected.
  • Identify: Lessons learned currently reside in many locations. For example, they exist as risks/issues in current risk management registers, they reside in archived files from previous projects and they form the experience base of your staff. Hence the process of identifying candidate lessons learned will need to be tailored to the organisation’s modus operandi.
  • Analyse: Candidate lessons would need to be reviewed for their relevance to the current organisation and its activities, and then rewritten to ensure the lesson is as generic as possible (to make it as broadly acceptable to all activities of the organisation as possible). Information captured in a lesson learned should include:
  • Description. The lesson description must reflect a generic event back upon factual information so staff utilising the lessons will not casually dismiss it.
  • Causes. The causes provide the historical context to the lesson being presented. These causes provide the user with vital ‘that could happen to me’ prompts and hence a cue to using the information contained in the lesson.
  • Consequences. The consequences in the lesson must indicate either factual information of what really happened, or comments on expected outcomes (that were successfully treated and hence didn’t occur). These comments provide the reader with the impetus to proactively manage their own future.
  • Treatments applied. What treatment strategies were applied and, importantly, how effective where they in reduce the impact of the risk.
  • A point of contact in the organisation. A point of contact in the organisation. Subject to the approval of the person(s) involved, the lesson should have contact details for those staff that had the experience and nominated it for prosperity. This allows current users to seek further information when necessary.
  • Evaluate: Captured lessons learned are as then evaluated by staff within the organisation for their relevance to planned activities. Those lessons consider relevant are then copied to the new activity’s risk register and treated in accordance with the company risk management plan
  • Treat: Not used.
  • Monitor: Monitor the organisation’s activities on a regular basis to ensure the capture of new lessons learned.

The Training

As lessons can be effectively dealt with as risks, the organisation’s existing training regime can be easily changed to accommodate a lessons learned module. However, some additional thought will be necessary to ensure the training regime addresses the cultural changes necessary to make lessons learned capture acceptable to all staff.

The Tool

Predict! 4, the latest version of Risk Decisions’ powerful suite of risk management and analysis tools, provides an effective solution as it provides a hierarchy structure that can replicate existing organisational processes. The lessons learned hierarchy will form part of this and will be read-only for the majority of users with sub folders reflecting the various forms of knowledge to be captured for an organisation (for example, software integration, cantilever bridge type A, contract management, circuit design etc). Staff can access the Lessons learned and copy lessons relevant to them to their own hierarchy location. Predict! Risk Controller Lite can also be used to assist this process.


In summary, there is no doubt that the value of a lesson learned is the ability to proactively use the information, whether this is with internal project staff, strategic partners or contractors, to improve the outcomes of future activities. What more could be wanted?