Root-cause analysis


In science and reliability engineering, root-cause analysis is a method of problem solving used for identifying the root causes of faults or problems. It is widely used in IT operations, manufacturing, telecommunications, industrial process control, accident analysis, medical diagnosis, the healthcare industry. Root-cause analysis is a form of inductive inference and deductive inference.
RCA can be decomposed into four steps:
  1. Identify and describe the problem clearly
  2. Establish a timeline from the normal situation until the problem occurrence
  3. Distinguish between the root-cause and other causal factors
  4. Establish a causal graph between the root-cause and the problem.
RCA generally serves as input to a remediation process whereby corrective actions are taken to prevent the problem from recurring. The name of this process varies between application domains. According to ISO/IEC 31010, RCA may include these techniques: five whys, failure mode and effects analysis, fault tree analysis, Ishikawa diagrams, and Pareto analysis.

Definitions

There are essentially two ways of repairing faults and solving problems in science and engineering.

Reactive management

Reactive management consists of reacting quickly after the problem occurs, by treating the symptoms. This type of management is implemented by reactive systems, self-adaptive systems, self-organized systems, and complex adaptive systems. The goal here is to react quickly and alleviate the effects of the problem as soon as possible.

Proactive management

Proactive management, conversely, consists of preventing problems from occurring. Many techniques can be used for this purpose, ranging from good practices in design to analyzing in detail problems that have already occurred and taking actions to make sure they never recur. Speed is not as important here as the accuracy and precision of the diagnosis. The focus is on addressing the real cause of the problem rather than its effects.
Root-cause analysis is often used in proactive management to identify the root cause of a problem, that is, the factor that was the leading cause. It is customary to refer to the "root cause" in singular form, but one or several factors may constitute the root cause of the problem under study.
A factor is considered the "root cause" of a problem if removing it prevents the problem from recurring. Conversely, a "causal factor" is a contributing action that affects an incident/event's outcome but is not the root cause. Although removing a causal factor can benefit an outcome, it does not prevent its recurrence with certainty.
A great way to look at the proactive/reactive picture is to consider the model. In the center of the model is the event or accident. To the left, are the anticipated hazards and the line of defenses put in place to prevent those hazards from causing events. The line of defense is the regulatory requirements, applicable procedures, physical barriers, and cyber barriers that are in place to manage operations and prevent events. A great way to use root-cause analysis is to proactively evaluate the effectiveness of those defenses by comparing actual performance against applicable requirements, identifying performance gaps, and then closing the gaps to strengthen those defenses. If an event occurs, then we are on the right side of the model, the reactive side where the emphasis is on identifying the root causes and mitigating the damage.

Example

Imagine an investigation into a machine that stopped because it was overloaded and the fuse blew. Investigation shows that the machine was overloaded because it had a bearing that was not being sufficiently lubricated. The investigation proceeds further and finds that the automatic lubrication mechanism had a pump that was not pumping sufficiently, hence the lack of lubrication. Investigation of the pump shows that it has a worn shaft. Investigation of why the shaft was worn discovers that there is not an adequate mechanism to prevent metal scrap getting into the pump. This enabled scrap to get into the pump and damage it.
The apparent root cause of the problem is that metal scrap can contaminate the lubrication system. Fixing this problem ought to prevent the whole sequence of events from recurring. The real root cause could be a design issue if there is no filter to prevent the metal scrap getting into the system. Or if it has a filter that was blocked due to a lack of routine inspection, then the real root cause is a maintenance issue.
Compare this with an investigation that does not find the root cause: replacing the fuse, the bearing, or the lubrication pump will probably allow the machine to go back into operation for a while. However there is a risk that the problem will simply recur until the root cause is dealt with.
The above does not include cost/benefit analysis: does the cost of replacing one or more machines exceed the cost of downtime until the fuse is replaced? This situation is sometimes referred to as the cure being worse than the disease.
As an unrelated example of the conclusions that can be drawn in the absence of the cost/benefit analysis, consider the tradeoff between some claimed benefits of population decline: In the short term there will be fewer payers into pension/retirement systems; whereas halting the population decline will require higher taxes to cover the cost of building more schools. This can help explain the problem of the cure being worse than the disease.
Costs to consider go beyond finances when considering the personnel who operate the machinery. Ultimately, the goal is to prevent downtime; but more so prevent catastrophic injuries. Prevention begins with being proactive.

General principles

Despite the different approaches among the various schools of root-cause analysis and the specifics of each application domain, RCA generally follows the same four steps:
  1. Identification and description: Effective problem statements and event descriptions are helpful and usually required to ensure the execution of appropriate root-cause analyses. Problem statements are the North Star of the RCA as it keeps the team focused on what they are investigating and prevents them from going astray.
  2. Gathering, organizing and analyzing information: Most RCAs begin with a fact finding session to gather available information such as witness statements, the chronology of events and applicable requirements for the evolutions that were taking place at the time of the event. The information can be used to establish a sequence of events or timeline for the event, and to identify the line of the defenses that should have prevented the event. Available databases should also be queried and analyzed, and data analysis tools such as Pareto charts, process maps, fault trees, and other tools that provide us with insights into performance gaps. Any number of data analysis tools can be brought to bear, including data analysis tools from Lean Six Sigma, statistical analysis tools, and others such as hierarchical clustering and data-mining solutions. Another consists in comparing the situation under investigation with past situations stored in case libraries, using case-based reasoning tools and can include change analysis, comparative timeline analysis and task analysis.
  3. Analysis of Defenses: After identifying the defenses in place that should have prevented the event or accident, it is highly recommended to conduct an analysis of defenses in every case including non-RCA investigations. One method is to list the defenses on chart or a virtual white board. Then, for each defense, look at the information and data that was gathered for evidence of the effectiveness of that defense. We are actually looking for deficiencies or gaps in performance where the administrative requirements were not met, or where the physical or cyber barriers were bypassed. These initial gaps in performance are merely symptoms of deeper-seated causes. We use these symptomatic performance gaps to develop lines of inquiry questions as outlined below, to pursue the symptoms back to their points of origin using cause-and-effect analysis.
  4. Generating focused, unbiased lines of inquiry questions: After gathering available information, organizing it into charts with timelines and other data, after analyzing available data, and after conducting an analysis of our defenses, we use those insights to generate great questions. These questions will become our lines of inquiry for cause-and-effect analysis. The questions must be unbiased, and to prevent any bias from the RCA team from tainting the investigation, questions should be tied to a specific defense, or to a specific insight from our data analysis and other tools that provide us with insights into performance gaps. There should not be any curiosity questions, questions that reflect "confirmation bias", or questions that are accusatory in nature that will cause those helping the investigation to close down and withdraw.
  5. Cause-and-Effect Analysis: Once we have developed a robust set of lines of inquiry questions from the factual evidence collected, the applicable requirements, and an analysis of the available data, we can take those questions to the organization's subject matter experts. This begins the process of cause-and-effect analysis. Once we pose a question to the affected organization, we use their answer to pose a follow-up Socratic questions. Socratic questions keep the investigation flowing down to the next deeper causal factors until the organization runs out of answers, or the last causal factor is beyond the organization's control. There are many skills involved in conducting an effective cause-and-effect analysis, including facilitation skills, communication skills, and Socratic questioning. When conducted properly, this will take the RCA down to the deepest-seated root causes. A word of caution: Ishikawa or the Fishbone Diagram, and the 5-Whys methods, are not rigorous enough for conducting a root-cause analysis. The Fishbone is from the 1940s and the 5-Whys is from the 1930, and there are much more advanced methods available. Look for methods that were developed in this century, as they are more likely to account for the new dynamics of the modern sociotechnical work environments.
  6. Charting the Results of the RCA: The best way to chart the results of an RCA investigation is to start populating the final chart from the start. This process has become much easier with the advent of virtual white boards. In a single , we can display the timelines, the lines of defenses, the data analysis, the lines of inquiry questions, the cause-and-effect analysis, the root causes, and the corrective action plan.
  7. Corrective Actions to Prevent Recurrence: From a management perspective, the RCA effort is not complete without a comprehensive corrective action plan to address the root causes, the contributing factors, and the "Extent of the Causes." The corrective action plan should be developed by the issue owners and does not require participation by the RCA team, although the team is an excellent source of guidance for the issue owners. The Extent of Cause reviews are conducted to determine the extent of the damage or impact that the root causes and contributing factors had on humans, equipment, or facilities. Extent of Cause reviews are an Achilles heel in the vast majority of organizations and a primary reason why RCAs and corrective action plans fail to prevent recurrence. Also, care must be taken to avoid corrective action plans that simply add more administrative requirements and more training to the organization. To avoid this, use the Hierarchy of Hazard Controls and as guidelines for developing effective corrective actions that have a much higher likelihood of preventing recurrence.
  8. Effectiveness Reviews: After a pre-determined period after the implementation of the corrective action plan, an effectiveness review is scheduled to evaluate the . This requires specifying a set of metrics or indicators that will be monitored prior to and after the corrective actions are implemented, so we can measure their impact. If the desired results are not achieved, which in most cases is a significant reduction in the magnitude or frequency of the event or problem, then the RCA must be reopened as it was not effective.
To be effective, root-cause analysis must be performed systematically. The process enables the chance to not miss any other important details. A team effort is typically required, and ideally all persons involved should arrive at the same conclusion. In aircraft accident analyses, for example, the conclusions of the investigation and the root causes that are identified must be backed up by documented evidence.