I have to start this out by thanking Alice Mariano. She posted this comment on LinkedIn in response
to my previous post. It was just too
good. I had to steal … I mean, borrow … it
for the title of this particular post.
Last week I shared what I saw as an almost perfect example
of root cause analysis. The problem of
high infant mortality was traced all the way back to poor teacher
training. The footwork and analysis
behind this discovery is quite impressive. And, while none of us may be dealing with something as earthshattering
as infant mortality, we would like to think that, no matter the impact of our
issues, we can be just as effective at getting to the kind of root cause that
actually gets to (you’ll excuse the expression) the root of what is causing the
When talking about root cause analysis, a tool that seems to
spring instantly from the lips of any internal auditor is the 5 whys. I alluded to it in the previous post. And the example that was discussed literally
asked “Why” five times.
Quick lesson: For
those who don’t know (in fact, even as a refresher to those of you who do), the 5
whys is an analysis technique whereby repeatedly asking the question “Why?” allows
the user to dig through the symptoms to the actual cause. Asking five times is considered a good rule
of thumb. Accordingly, “The 5 whys.”
Of course, five is not a sacred number. I’ve also heard it called the three
whys. And, in the Implementation Guide
of the International Professional Practices Framework, the IIA uses four. Here is its example:
“The worker fell. Why? Because oil
was on the floor. Why? Because a part was leaking. Why? Because the part keeps
failing. Why? Because the quality standards for suppliers are insufficient.”
But whether it is five or three or four or any number that makes you
feel warm and fuzzy all over, I’m still not convinced we do a good job of
getting to real root causes. To my mind,
even The IIA’s example doesn’t quite get there. Ask “why” one more time and you could reveal deeper and more impactful
Why were quality standards insufficient? Because no one even considered developing
standards for suppliers. Because the metrics we use do not match the metrics
used by the suppliers. Because there is so much turnover in suppliers that
consistent standards cannot be applied. Because there wasn’t time to develop standards
with the necessary detail. Etc., etc.,
Each of these answers then raises even more questions. And that consistent digging — that trying to
find a more impactful and fundamental root cause — may eventually lead to broader
organizational issues that could impact more than the area that was originally
Go back to the “supplier” example. Why were quality standards insufficient?
Because turnover in suppliers does not allow for consistent application of
standards. Why is there constant
turnover? Because we are being forced to keep our margins at such a low point
that we cannot retain suppliers consistently.
Now we are really starting to get to some significant root
causes. Something as relatively simple as
a falling workman has led to the broader issue of the organization’s focus on
expense reduction resulting in poor vendor relations, unsafe working
conditions, and increased regulatory scrutiny.
One small problem, a series of whys, and suddenly something incredibly
more substantive shows up.
Of course, not every issue is going to part of an
organizationwide conspiracy — I mean, problem. But it shows how important it is to have asked “Why?” the appropriate
number of times.
And that requires a certain art. Don’t dig enough, and you aren’t there. Dig too deeply, and every root cause is “The
people in charge are idiots.” However, find
that sweet spot, and you are starting to provide real value by identifying more
And now we are finally getting to one of the main things I was
thinking about when I started this series of posts. As you better identify true root causes,
might it be that certain ones tend to repeat themselves? Might there actually be a list or inventory of
“common” root causes? And, if there were
such a list, might internal auditors be able to use it to feel more secure that
they have found the actual root cause?
At this point, I cannot apologize enough. I hate to leave this hanging until the next
blog post, but it looks like that is the way it is going to work out. (What is
the root cause of that problem? Maybe we’re
better off not asking.)
Until then, what are your thoughts? Do you think such an inventory is even
possible — or worthwhile? And what do
you think some of those basic, fundamental root causes might be?