Complex, serious, or pervasive problems are rarely the result of a singular event or failure. Frequently, a “perfect storm” of several causes forms to create an ideal environment for the failure to occur. Moreover, simply getting to the root cause to prevent it from happening again may not be enough — the consequences have to be addressed.
To better understand root cause analysis, two general myths need to be dispelled — the myth of the single root cause, and the myth that fixing the root cause alone fixes the problem. Upon recognizing these false notions, internal auditors can use several methods to perform root cause analysis more effectively on their engagements.
Jimmy Parker, a senior manager for internal audits at Verizon, shares his take on how auditors can perform multiple root cause analyses on agency problems. Identification of the problem, measurement, prioritization, and developing audit recommendations that address both conditions and cause are covered. He also recommends considering how the effects of root problems drive how they should be addressed.
Internal auditors should consider that the level of the effect will drive the nature of the root cause analysis and the type of recommendation and action plan:
- Direct, one-time effect on the process (condition-based recommendation and action plan).
- Cumulative effect on the process (cause-based recommendation and action plan).
- Cumulative effect on the organization (recovery-focused recommendation and action plan).
- High-level, systemic effect (recovery-focused recommendation and action plan).