Things don’t always go as planned, but even in failure lies opportunity. Learn how to use an after-action report format to improve your safety processes with clear action steps and examples to ensure high-quality emergency response for the next time.
Emergency Management Feb 18, 2026
How to Write an After-Action Report [+Template]
After-Action Report Template
Identify gaps in your emergency response, learn from mistakes, and ensure your organization is better prepared moving forward.
When an incident unfolds—whether it’s a workplace injury, severe weather disruption, cybersecurity breach, or operational failure—teams move quickly to respond. But once the immediate crisis passes, organizations often rush back to business as usual. Without a structured review and documented report, valuable lessons fade, and the same gaps can resurface in the next event.
That’s where an after-action report becomes critical—turning discussion into documented improvement.
Learning from experience
Stan Szpytek, President and CEO at Fire & Life Safety, Inc., explains on The Employee Safety Podcast how the simple after-action report format can elevate your emergency response. “If you experience your own incident, even if it didn’t turn out to be a major catastrophe, my advice to you is always do an after-action review and develop an after-action report where you can cite your strengths, your vulnerabilities, your gaps, your opportunities for improvement, and then make changes to your plans based on what people have learned.”
With an after-action report, you can capture lessons learned from training drills, tabletop exercises, and emergency events. This post will walk you through how to create an AAR to help your business break down how things went and lay out critical tasks to improve your preparedness and response for next time.
After-Action Report Template
Identify gaps in your emergency response, learn from mistakes, and ensure your organization is better prepared for whatever comes next.
What Is an After-Action Report (AAR)?
An after-action report—also known as a post-action report—is a strategic document internal stakeholders use to summarize observations and key takeaways following a drill or an actual event that impacts the business. The objectives of an after-action review or hot wash process are to ascertain vital details: how the event went, what went well, and areas of improvement. This thoughtful AAR process leads to a concrete plan for improving the response should another similar incident occur.
Safety and business continuity professionals commonly use after-action reports. They are an essential tool for reflecting on preparedness drills and supporting emergency management by ensuring that the business is ready and has learned from past mistakes before an emergency occurs.
Even if real emergencies aren’t occurring to test your plans, you can run practice drills and tabletop exercises followed by post-action reviews. These exercises allow your organization to identify gaps in your response plans, learn from mistakes or oversights, establish your core capability, and be better prepared before an emergency.
After-Action Report vs. After-Action Review: What’s the Difference?
Many organizations use the terms after-action review and after-action report interchangeably—but they refer to different parts of the same improvement process.
- After-Action Review (AAR): The structured discussion that takes place after an incident, exercise, or event. Participants analyze what happened, why it happened, and how to improve.
- After-Action Report: The formal, written document that captures the findings of the review and outlines corrective actions and next steps.
In other words:
- The review is the conversation.
- The report is the documented outcome and action plan.
The practice originated in the U.S. military and is sometimes referred to as a “hot wash,” meaning an immediate debrief while details are still fresh. Today, organizations across industries use after-action reviews and reports to strengthen resilience and improve operational performance.
Both are essential—but without the report, insights from the review may never translate into measurable improvement.
Learn a step-by-step framework for developing an after-action report to ensure your organization is prepared for any emergency scenario.
Why After-Action Reports Should Be Standard Protocol
Nearly every business will experience an emergency or unplanned event that impacts employee safety or the bottom line—which is why emergency preparedness and business continuity are foundational components of organizational resilience planning. But you come by preparedness and continuity only with diligent practice and procedure updates. Resilience comes with experience, awareness, and adaptation.
Compared to a more formal postmortem or tabletop exercise overview, an after-action report goes beyond general reflection and includes a tactical plan for preparing your business to act next time. The plan lists specific responsible parties and due dates, so action items are straightforward and easy to follow through on.
These reports can also be maintained and updated in tandem with several drills and events so you can track trends. If you see the same problems coming up repeatedly, you know you need to pay special attention to improving that aspect of your response plan.
Resilience comes with experience, awareness, and adaptation.
Get Your Free After-Action Report Template Here
Prepare for Your AAR
Before meeting to review your emergency response or drill, clarify your intentions for the exercise and the people and parameters that will make it successful.
Using an after-action report template like this can make this process easier by giving you a single place to document your preparations alongside your actual report and action items.
Establish the intent
You need to be clear on the end goal when answering reflection questions.
- Are you trying to prevent this type of incident from happening again?
- Are you trying to understand the cause of a misstep or breakdown in the process?
- Are you tracking the time needed for an emergency response or drill to accelerate response times in the future?
Knowing what you hope to accomplish will help you give more impactful answers in your report.
Identify exercise participants
A comprehensive after-action report involves all critical stakeholders in the conversation. Before you set up your discussion meeting, consider who needs to contribute to the review and report creation.
- Which departments and personnel were impacted by the incident or involved in executing the response plan?
- Who was involved in decision-making? Was there a point of contact?
- Who provided data or evidence to understand the event’s location, scale, and impact?
If you also played a key role in executing the emergency response plan, consider inviting an external facilitator to moderate the discussion and ensure the after-action report captures your inputs.
Determine logistics
Meeting logistics are a critical yet often overlooked component of developing after-action reports. This step is crucial if your business is a remote or hybrid work environment. For some businesses, an in-person meeting will facilitate the best conversation. For others, virtual meetings can be just as effective. You also need to consider the number of participants. Regardless of the meeting format or location, schedule ample time to allow all stakeholders to go through the drill or incident thoroughly, ask probing questions to identify the root cause of issues and document lessons learned before adjourning.
Gather supporting data before the review
Effective after-action reports rely on objective information—not just memory. Before conducting the review discussion, collect relevant materials such as:
- Incident timelines
- Communication logs
- System or response metrics
- Policies and procedures in place at the time
Reviewing data alongside participant perspectives ensures the final report reflects facts, not assumptions.
Set ground rules
An after-action review should focus on systems and processes—not blame. Establish ground rules that encourage honest discussion, psychological safety, and shared accountability. When participants feel safe contributing candid feedback, the final report becomes more accurate and actionable. When discussing critical events—particularly incidents that impacted personal safety or caused prolonged disruptions—these ground rules facilitate an open and honest discussion. For example, you might set the expectation that…
- All answers will be taken seriously
- Participants should be honest and respectful
- All statements will be kept anonymous
- No ideas should be discounted or shut down without posing alternative solutions
Document and distribute these rules to all team members and review them before starting the meeting.
Benefits and Challenges of After-Action Reports
After-action reports (AARs) are invaluable tools for fostering continuous learning and enhancing organizational resilience, an they can have significant benefits for organizations of all sizes in all industries. However, implementing these reports into your security or business continuity program can sometimes come with challenges. Here are some of the pros—and potential cons—of AARs.
Benefits:
- Capture lessons learned to enhance plans, policies, and procedures
- Foster continuous learning and performance improvement by identifying gaps
- Engage cross-functional teams for diverse insights and future planning
- Inform exercise and training development, ensuring targeted improvements
- Encourage participation with incentives and recognition
Challenges:
- Creating a safe, non-punitive environment for honest feedback can be difficult
- Ensuring insights lead to actionable changes and integration into workflows requires follow-up
- Overcoming time constraints in fast-paced settings might prove challenging
- Maintaining consistency to embed AARs as part of organizational best practices will take time
How to Write an After-Action Report (AAR)
Once you’ve done your pre-work, you can start on the actual after-action report, which has four stages. These stages offer a structured way to review the event, analyze performance, and address any necessary improvement actions. They also provide a single source of truth for documenting improvement planning processes, exercise objectives, and contact information like phone numbers for key stakeholders.
The four parts of the after-action review process are:
- Post-incident recap
- Incident review
- Incident analysis
- Planned improvements
1. Post-incident recap — In this scenario, what was expected?
Tabletop Exercise Template
Follow the steps in this guide to conduct exercises that test your team's emergency response procedures.
In the first stage, you’ll discuss what was expected from your team leader and project team and the goals of the drill—or, if you are analyzing an emergency event itself, what you expected to happen in this kind of scenario. Setting these expectations before reviewing the incident/drill itself will help you later on when you analyze the successes and complications in the following sections.
Ask questions such as: What resources did we have available? Could we have predicted this event before it happened? What responsibilities did leaders have during the event? What relevant plans did we follow?
2. Incident review — What occurred?
The second stage is a review of what actually happened. Describe the event, who responded or was involved, what/when events occurred, where it happened, etc. Additionally, document what tools or systems you used so that you can assess how they performed in the next step. Make sure every participant has an opportunity to share their experience.
3. Incident analysis — What went well, what didn’t, and why?
The third step is to review your response’s elements and assess how they went. Document any challenges that your response team ran into. These might be failed technology, additional threats piling on, or other areas for improvement.
Then, recall what went well so you can replicate or expand that response for the future. Maybe an employee went above and beyond in their role, or a strategy for risk mitigation performed better than expected.
During the review process, guide participants through four essential questions:
- What was supposed to happen?
- What actually happened?
- Why were there differences?
- What should we improve moving forward?
These questions create a consistent structure for both the discussion and the final written report. As with the previous step, you want to promote general participation from your whole group. Once everyone has made their voices heard, then you can move on to takeaways.
4. Planned improvements — What can be updated, and how?
In the fourth step, review the elements that did not meet expectations or standards for success. These may be communication breakdowns, problems in the response strategy itself, or any other challenges with policies or procedures. Be sure to discuss these areas for improvement without assigning blame or attacking any of the stakeholders or participating organizations. With this after-action report, you’ll have a better foundation for an effective response, and you’ll be sure not to repeat issues.
Action items & follow-up
Once you have collected all your observations and conclusions from these four report elements, compile a list of action items and assign each to a responsible party. These items can be as simple as updating documents or as vital as setting up an emergency communication system. These corrective actions should support the measures discussed in the incident analysis and prevent future failures.
Develop metrics to track the progress of the changes and check in frequently with those responsible. Continue to run regular drills and iterate on your after-action reports.
The importance of accurate incident reporting and documentation
The effectiveness of an after-action report depends on the quality of the data behind it.
Accurate documentation during an emergency—including timelines, communications, response actions, and system performance—provides the foundation for meaningful analysis. Without reliable records, reviews rely on memory, which can be incomplete or biased.
Strong incident reporting allows organizations to:
- Reconstruct events accurately
- Identify root causes
- Measure response effectiveness
- Strengthen compliance documentation
When documentation is thorough and consistent, after-action reports become powerful improvement tools. Better data leads to clearer insights—and clearer insights lead to stronger responses the next time an incident occurs.
How After-Action Reports Compare to Other Post-Incident Methods
Organizations may use several approaches to evaluate performance after an event. Understanding the differences helps ensure you select the right process.
Debriefs
Often informal and short-term. Debriefs typically focus on immediate impressions but may not result in formal documentation or follow-up action.
Post-mortems
Common in technology and project management environments, post-mortems analyze system failures in depth. They can be highly technical and sometimes involve third-party review.
Morbidity and Mortality (M&M) conferences
Used in healthcare settings to review clinical outcomes and identify areas for improvement.
After-action reviews and reports
Structured, repeatable, and focused on continuous improvement. The review facilitates discussion, and the report formalizes findings, assigns accountability, and tracks corrective actions.
For most organizations, after-action reports provide the most scalable and actionable framework for strengthening operational resilience.
6 Ways to Get More Value From Your After-Action Review Process
| Make It Routine Conduct after-action reviews consistently—not just after major crises. | Collect the Right Inputs Combine participant insights with performance data. | Include Key Stakeholders Involve decision-makers and frontline participants for a complete perspective. |
| Focus on Systems, Not Individuals Improvement comes from strengthening processes. | Document and Share Findings Distribute the final report to relevant stakeholders and leadership. | Turn Insights Into Action Assign owners, set deadlines, and revisit corrective actions to ensure implementation. |
The true value of an after-action report lies in follow-through.
After-Action Report Examples
Diverse organizations have found success with after-action reports, and many of these organizational templates are available online for free. Be advised that relying on someone else’s plan might not work for your company, as many specific variables will differ. You can look to the template’s structure for general guidance, or use the following examples for inspiration and ideas for your own AAR format.
AlertMedia’s simple After-Action Report Template
Cybersecurity and Infrastructure Security Agency’s template (CISA.gov)
Public Health Foundation’s guide and examples
An example after-action report from the U.S. Department of Homeland Security
You can also find real-world examples of organizations conducting after-action debriefings to learn from their experiences, as well as case studies. For instance, following the Norfolk Southern train derailment on February 3, 2023, the East Palestine Village Council performed an After-action review (AAR) and reported their findings. The council and their contracted partners reviewed public data and information sources and conducted interviews and focus-group sessions. They divided their review into four typical emergency management phases: preparedness, response, recovery, and mitigation. They reviewed communications, incident command, liaison efforts, interactions with federal, state, regional, and private sector agencies, interstate mutual aid, and interpersonal skills and personal performance for each phase. You can find their complete after-action report/improvement plan here to see their findings and use as an example.
Integrating after-action reports in your organization
After-action reports (AARs) offer the most benefit when integrated into overall organizational practices. To do this, it’s essential to embed them into your company culture as a routine part of learning and improvement. Leadership must champion AARs by demonstrating their value and prioritizing them in post-incident or project workflows.
Establishing clear guidelines and processes ensures AARs are consistently conducted, with defined timelines and responsibilities. Organizations should emphasize a no-blame approach to foster engagement, encouraging honest feedback and collaborative problem-solving.
Embedding AAR insights into corrective action plans and updated policies and procedures reinforces their relevance, while regular follow-ups on action items signal a commitment to continuous learning. Additionally, incorporating AARs into training and exercise development helps teams see their tangible impact, making them a cornerstone of performance improvement and organizational resilience.
Looking Inward, Facing Outward
It can be easy to write off emergency events as accidents or one-offs—something that probably won’t affect your business moving forward. But you’re more likely to have holes in your emergency management planning and repeat mistakes without a standard way to process and understand the plan’s effectiveness in real time. When you take the time to reflect, analyze, and improve, you’ll develop better strategies and prepare resources for those moments when you need to act fast and face the disruptions the world throws at you.
FAQ
- What is an after-action report (AAR)? An after-action report (AAR) is a structured, written document that summarizes what occurred during an incident, drill, or exercise. It captures key observations, identifies strengths and gaps, outlines lessons learned, and assigns corrective actions to improve future response efforts.
- What is an after-action review? An after-action review is the facilitated discussion that takes place after an incident, drill, or event. During the review, participants analyze what happened, why it happened, what worked well, and what needs improvement. The insights gathered during the review are then documented in the after-action report.
- What is the difference between an after-action review and an after-action report? An after-action review is the structured conversation where stakeholders evaluate performance after an event. An after-action report is the formal document that captures the findings of that discussion and outlines corrective actions. The review is the discussion process, while the report is the documented outcome and improvement plan.
- When should an after-action review and report be conducted? After-action reviews and reports should be conducted after emergency incidents, workplace disruptions, cybersecurity events, severe weather responses, drills, tabletop exercises, and other operational events. Conducting them consistently—not just after major crises—helps organizations build resilience and continuously improve their response capabilities.
- What are the four main stages of an after-action report? An after-action report typically includes four stages. The first stage is a post-incident recap that outlines expectations going into the event. The second stage is an incident review that documents what actually occurred. The third stage is an incident analysis that evaluates what went well, what did not, and why. The fourth stage defines planned improvements, including corrective actions, responsible parties, and follow-up timelines.
- Who should participate in an after-action review? Participants should include key stakeholders involved in the incident response, such as decision-makers, department leaders, frontline personnel, and individuals responsible for executing emergency plans. In some cases, an external facilitator may help guide the discussion to ensure balanced participation and objective analysis.
- Why are after-action reports important for organizational resilience? After-action reports help organizations document lessons learned, identify root causes, strengthen policies and procedures, and assign measurable corrective actions. By turning reflection into structured improvement, AARs enhance emergency preparedness, support compliance efforts, and improve long-term operational resilience.
- How do after-action reports differ from debriefs or post-mortems? Debriefs are often informal and may not result in formal documentation or follow-up action. Post-mortems can be highly technical and focused on system failures. After-action reviews and reports provide a structured, repeatable framework that combines facilitated discussion with documented findings, assigned accountability, and tracked corrective actions to ensure measurable improvement.
After-Action Report Template
Identify gaps in your emergency response, learn from mistakes, and ensure your organization is better prepared for whatever comes next.
AlertMedia, Risk Intelligence and Response
