Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

​How Many "Whys" Does It Take to Get to the Center of a Tootsie Roll's Problem?​

Comments Views

I have to start this out by thanking Alice Mariano. She posted this comment on LinkedIn in response to my previous post. It was just too good. I had to steal … I mean, borrow … it for the title of this particular post. 

Last week I shared what I saw as an almost perfect example of root cause analysis. The problem of high infant mortality was traced all the way back to poor teacher training. The footwork and analysis behind this discovery is quite impressive. And, while none of us may be dealing with something as earthshattering as infant mortality, we would like to think that, no matter the impact of our issues, we can be just as effective at getting to the kind of root cause that actually gets to (you’ll excuse the expression) the root of what is causing the problem.

When talking about root cause analysis, a tool that seems to spring instantly from the lips of any internal auditor is the 5 whys. I alluded to it in the previous post. And the example that was discussed literally asked “Why” five times.

Quick lesson: For those who don’t know (in fact, even as a refresher to those of you who do), the 5 whys is an analysis technique whereby repeatedly asking the question “Why?” allows the user to dig through the symptoms to the actual cause. Asking five times is considered a good rule of thumb. Accordingly, “The 5 whys.”

Of course, five is not a sacred number. I’ve also heard it called the three whys. And, in the Implementation Guide of the International Professional Practices Framework, the IIA uses four. Here is its example: 

“The worker fell. Why? Because oil was on the floor. Why? Because a part was leaking. Why? Because the part keeps failing. Why? Because the quality standards for suppliers are insufficient.”

But whether it is five or three or four or any number that makes you feel warm and fuzzy all over, I’m still not convinced we do a good job of getting to real root causes. To my mind, even The IIA’s example doesn’t quite get there. Ask “why” one more time and you could reveal deeper and more impactful issues.

Why were quality standards insufficient? Because no one even considered developing standards for suppliers. Because the metrics we use do not match the metrics used by the suppliers. Because there is so much turnover in suppliers that consistent standards cannot be applied. Because there wasn’t time to develop standards with the necessary detail. Etc., etc., etc.

Each of these answers then raises even more questions. And that consistent digging — that trying to find a more impactful and fundamental root cause — may eventually lead to broader organizational issues that could impact more than the area that was originally under review.

Go back to the “supplier” example. Why were quality standards insufficient? Because turnover in suppliers does not allow for consistent application of standards.  Why is there constant turnover? Because we are being forced to keep our margins at such a low point that we cannot retain suppliers consistently.

Now we are really starting to get to some significant root causes. Something as relatively simple as a falling workman has led to the broader issue of the organization’s focus on expense reduction resulting in poor vendor relations, unsafe working conditions, and increased regulatory scrutiny. 

One small problem, a series of whys, and suddenly something incredibly more substantive shows up.

Of course, not every issue is going to part of an organizationwide conspiracy — I mean, problem. But it shows how important it is to have asked “Why?” the appropriate number of times.

And that requires a certain art. Don’t dig enough, and you aren’t there. Dig too deeply, and every root cause is “The people in charge are idiots.” However, find that sweet spot, and you are starting to provide real value by identifying more impactful concerns.

And now we are finally getting to one of the main things I was thinking about when I started this series of posts. As you better identify true root causes, might it be that certain ones tend to repeat themselves? Might there actually be a list or inventory of “common” root causes? And, if there were such a list, might internal auditors be able to use it to feel more secure that they have found the actual root cause?

At this point, I cannot apologize enough. I hate to leave this hanging until the next blog post, but it looks like that is the way it is going to work out. (What is the root cause of that problem? Maybe we’re better off not asking.)

Until then, what are your thoughts? Do you think such an inventory is even possible — or worthwhile? And what do you think some of those basic, fundamental root causes might be?​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3