What are Lessons Learned?

From Compliance to High Reliability

In Australian risk management and occupational health and safety, "Lessons Learned" encompasses far more than retrospective documentation of an incident. Without a functional lessons learned mechanism, your organisation is destined to suffer from systemic entropy, where repeated minor failures inevitably drift toward catastrophic collapse.

The definition implies a transformation. A "lesson identified" is merely data—an observation recorded in an incident report or audit log. A "lesson learned" only exists when your organisation has undergone tangible change.

This change might manifest as a revised engineering standard, a modified roster pattern to combat fatigue, a new physical guard on machinery, or a fundamental shift in organisational values regarding production pressure. Until your system of work has been altered to prevent recurrence or replicate success, the lesson remains unlearned.

Why Lessons Learned Matters

Legal Mandate

In Australia, the lessons learned process is not merely good practice—it's a strict legal obligation. The harmonised Work Health and Safety (WHS) laws create a regulatory environment where failure to learn from incidents can lead to criminal prosecution.

Regulation 38 of the model WHS Regulations mandates that you must review and as necessary revise control measures when a control is ineffective, before workplace changes, when new hazards are identified, or when workers request it through consultation.

If a second incident occurs because you failed to review controls after the first incident, penalties can escalate to Category 1 offences (Reckless Conduct) if it can be proven you were aware of the risk and indifferent to it.

Officer Due Diligence

Section 27 of the WHS Act places a positive duty on Officers (directors and senior executives) to exercise due diligence. This includes ensuring your PCBU has appropriate processes for receiving and considering information regarding incidents, hazards, and risks—and responding in a timely way.

If an Officer receives a board report about a serious near miss and fails to ask "What have we learned, and have we implemented the changes?", they may be personally failing in their due diligence obligations. This is a personal duty that cannot be insured against.

ISO Standards Framework

ISO 45001:2018 and ISO 31000:2018 explicitly position "continuous improvement" as fundamental principles. These standards mandate that risk management is not static but dynamic, responding to change through learning.

ISO 45001 links emergency preparedness directly to learning, requiring you to test plans through drills and "make improvements based on lessons learned" from both drills and actual occurrences. This ties theory (the plan) to empirical reality (the drill or event), using learning as the bridge.

The Six-Phase Learning Cycle

An effective lessons learned process transforms raw data into organisational wisdom through six distinct phases:

1. Identification – Capturing the Signal

The first challenge is recognising there's a lesson to capture. You typically rely on three streams of data:

Reactive sources are triggered by negative outcomes: incident reports, injury data, equipment failure logs, and workers' compensation claims. The limitation is that harm has already occurred.

Proactive sources indicate potential failure: hazard reports, near miss reports, safety observations, audit findings, and emergency drill debriefs. These "weak signals" are the most valuable because they allow learning without suffering.

External sources include Safety Alerts from regulators like Safe Work Australia, Coroner's Court findings, and industry association bulletins. High-reliability organisations actively scan the horizon for these warnings.

Identification is impossible without a culture of reporting. If your workers fear blame, they will hide near misses. A "Just Culture"—where honest errors are met with support while reckless violations are met with discipline—is a prerequisite for healthy identification.

2. Investigation – From "Who" to "What"

Once an event is identified, it must be investigated to generate the lesson. The depth of investigation determines the quality of the lesson.

Basic investigations often stop at the immediate cause ("Worker didn't wear PPE"). The lesson generated ("Remind worker to wear PPE") is weak and unlikely to prevent recurrence.

Systemic investigations utilizing methodologies like ICAM (Incident Cause Analysis Method) or "The 5 Whys" drill down to organisational factors. Why no PPE? Not available. Why not available? Procurement backlog. Why backlog? Budget cuts in safety supplies. The lesson shifts from "worker behaviour" to "procurement efficiency."

3. Analysis – Taxonomies and Trends

Individual investigations are valuable, but real power comes from aggregate analysis. Lessons must be coded with metadata: Hazard Type, Activity, and Root Cause.

By analysing your database, you can see patterns invisible in single reports. Finding that 40% of hand injuries occur during the last hour of a shift might generate a lesson regarding fatigue management or shift design, rather than just "hand safety."

4. Documentation – The Repository

A functional "Lessons Learned Database" must be searchable and accessible. It should not be a dump of investigation reports but contain distilled "Safety Lessons" or "One-Pagers."

Effective databases separate the "Context" (what happened), the "Cause" (why it happened), and the "Recommendation" (what you must do). The IChemE database is a global example of this best practice.

5. Dissemination – Closing the Loop

A lesson recorded is not a lesson learned. Information must be pushed to the people who need it.

Push methods include sending Safety Alerts, email bulletins, or holding Toolbox Talks immediately after an event.

Pull methods integrate the database into workflow—for example, requiring project managers to search the database for "similar projects" during the risk assessment phase of a new job.

The "Safety Moment" at the start of meetings is powerful when relevant. Reading a driving safety alert to office workers is tick-the-box. Reading an ergonomics alert to office workers is value-adding.

6. Integration – Institutionalisation

This is the final and most difficult step. The lesson must be "baked" into your system so reliance on memory is removed.

If a lesson reveals that a valve can be opened by mistake, the integration step is to install a lock or redesign the valve—not just tell people to be careful. Once your Standard Operating Procedures, training packages, and engineering standards are updated, the lesson is "learned" permanently, even if staff changes.

Learning Methodologies: Choosing the Right Tool

Different situations require different tools. A one-size-fits-all approach leads to shallow learning.

Traditional Root Cause Analysis (ICAM / 5 Whys)

These structured, linear investigation tools work backward from the event, peeling away layers of causation to find the "root." They're rigorous, auditable, and well-understood by regulators.

However, they can fall into the trap of looking for a single "root" cause when complex accidents usually have multiple emergent causes. They can also feel inquisitorial to workers.

Learning Teams (Human and Organisational Performance)

This newer methodology aligns with Safety II, focusing on operational learning rather than investigation. A facilitator gathers workers (usually those who do the job) to discuss a successful operation, near miss, or problem.

In the first session, the group explores "how work is actually done," discussing constraints, frustrations, and workarounds. No solutions are proposed—the goal is pure understanding. After reflection time, the group reconvenes to design their own solutions.

This builds high trust, uncovers "blue line" reality (work-as-done), and generates solutions workers actually own and use. However, it requires skilled facilitation and a culture that permits open discussion of workarounds without discipline.

After Action Reviews (AAR)

Originally a military tool, AARs are quick tactical debriefs used immediately after an event or shift. The team answers four questions: What was supposed to happen? What actually happened? Why was there a difference? What will we do differently next time?

They're fast, low-resource, and capture memory while fresh—excellent for emergency services and healthcare. However, they can be superficial if not facilitated well and often lack depth to find systemic engineering issues.

Single-Loop vs Double-Loop Learning

Understanding the depth of your learning capability is essential for building resilience.

Single-loop learning involves detecting and correcting an error without questioning underlying governing values or policies. It's the thermostat approach.

If a worker falls from a ladder, single-loop learning asks "Did the worker follow the procedure?" If no, the "fix" is to retrain or discipline them. The underlying system—why the ladder was used, why the schedule was tight, why the scaffold wasn't available—remains unquestioned. The goal is to return the system to status quo.

This is the most common form of "learning" in Australian industry, but it offers the least resilience.

Double-loop learning occurs when an error is corrected by first examining and altering the governing variables. It's the engineer approach.

Using the same ladder example, double-loop learning asks "Why do we use ladders for this task at all? Is our procurement process for scaffolding too slow, forcing workers to improvise? Do we value speed over stability?" The "learning" might result in a policy change that bans ladders for that task or restructures the maintenance schedule.

The transition from single to double-loop learning is difficult because it threatens existing power structures and admits that the "system" (managed by leadership) was flawed, rather than just the "worker."

Barriers to Learning

Despite clear legal and operational benefits, many organisations suffer from "Learning Disabilities" that prevent the lessons learned cycle from functioning.

Institutional Amnesia

Organisations have short memories. Institutional amnesia describes when your organisation "forgets" what it once knew, leading to repetition of past mistakes.

High staff turnover means when a veteran leaves, their tacit knowledge leaves with them. If lessons are buried in unsearchable PDFs, they're effectively forgotten. Sometimes leadership changes lead to deliberate discarding of "old ways," inadvertently discarding the safety wisdom embedded in those ways.

"Tick-the-Box" Compliance

When safety becomes performative, learning stops. An investigation is rushed to meet a KPI ("Close all actions in 30 days"). The "lessons" are generic and low-effort: "Worker counselled," "Procedure re-issued," "Toolbox talk held."

These single-loop fixes don't address the hazard. Your workforce becomes cynical, viewing safety as bureaucratic burden rather than protective value. This leads to "Malicious Compliance," where workers follow rules they know are unsafe or inefficient just to avoid trouble.

Blame Culture and Legal Fear

If your organisation responds to an incident by firing or disciplining the individual involved, you destroy the flow of information. Workers will actively hide mistakes to protect themselves and their mates.

It's cognitively easier for management to believe an accident was caused by a "bad apple" (rogue worker) than a "bad barrel" (flawed system). Blaming the worker absolves management of the need to spend money on system redesign. However, it guarantees the accident will happen again with the next worker.

Data Silos

In large organisations, different departments often hold different pieces of the puzzle. The maintenance team knows the pump is vibrating (CMMS system). The safety team knows there was a noise complaint (EHS system). The HR team knows the operator is on overtime (Payroll system).

Because these systems don't talk, the lesson that "vibration + fatigue = failure" is never synthesised until the pump explodes. Integrated learning requires data interoperability.

Best Practices for Implementation

Build the Learning Engine

Don't rely on a spreadsheet. Invest in a proper knowledge management system with taxonomy aligned to industry standards (e.g., TOOCS—Type of Occurrence Classification System in Australia). Users must be able to type "Excavator" and see every lesson related to excavators from the last 10 years.

Make reporting as easy as posting to social media. If it takes 20 minutes to log a lesson, no one will do it.

The "Safety Moment" Strategy

Transform the "Safety Moment" from generic platitude into strategic tool. Never share a generic lesson. If the meeting is about finance, share a lesson on the cost of accidents. If it's about design, share a lesson on "Safety in Design."

Don't just read the alert. Ask "Could this happen here? What controls do we have that would stop it?"

Democratise the Learning

Stop hoarding information. Unless strictly legally privileged, all safety lessons should be available to all staff. Post "One Point Lessons" (visual, single-page summaries) on noticeboards in crib rooms and workshops.

Humans learn through stories, not statistics. Write lessons as narratives: "On Tuesday, John was doing X when Y happened..." This engages the emotional brain and aids retention.

Cross-Industry Collaboration

Regularly review Safe Work Australia's "Data and Research" section for national trends. Subscribe to safety alerts from WorkSafe Victoria, SafeWork NSW, and Resources Safety & Health Queensland.

Join industry bodies like the Australian Pipeline and Gas Association or Master Builders Association to access shared industry lessons. In the offshore sector, Step Change in Safety provides a model for how competitors can collaborate on safety to save lives.

The Legal Professional Privilege Trap

A significant tension exists between the need to investigate for learning (prevention) and the need to investigate for legal defence (protection).

Legal Professional Privilege protects confidential communications between a lawyer and client made for the dominant purpose of providing legal advice or for litigation. Following a serious incident, a company's immediate instinct is often to engage external counsel to conduct the investigation under privilege, preventing the report from being seized by regulators or used in prosecution.

However, this severely hampers organisational learning. To maintain privilege, the report cannot be widely circulated. It's often locked away, accessible only to the legal team and senior executives. The engineers, supervisors, and workers who need the lessons most are denied access. Sharing the "lessons learned" in a safety alert can inadvertently waive privilege over the entire report.

Progressive Australian organisations are adopting a dual-process approach: a privileged investigation directed by legal counsel to determine liability, and a separate non-privileged "Learning Team" focused purely on systemic improvements. This satisfies both the legal need for protection and the safety need for learning.

Case Study: Urban Utilities – The Safety II Transformation

Urban Utilities, a major water and sewage service provider in South-East Queensland, faced a plateau in safety performance. Traditional compliance-based methods were no longer yielding improvements.

Led by Kym Bancroft, the organisation embarked on a transition to "Safety II." Rather than a forced top-down rollout, they invited a "Vanguard" of early adopters to experiment with new methods. They replaced standard investigations for certain events with "Learning Teams" focused on understanding the constraints and pressures of everyday work.

The shift resulted in significant increase in worker engagement. By focusing on "learning from normal work" (success), they uncovered systemic risks—such as design flaws in equipment—that had been tolerated for years.

The lesson: trust is the currency of safety. Without psychological safety, you cannot access the "blue line" reality of how work is done.