From a big picture, compliance transformation standpoint, root cause analysis is the key to preventing future gaps in risk mitigation efforts after problems are identified. It is also especially helpful when deciding to spend resources on process updates, new or more people, and often costly technology solutions.
Root cause analysis, done thoroughly and honestly, prevents the following pitfalls:
- Deciding a problem is solved when the problem remains.
- Deciding a problem is not solved when it is.
- Devoting effort in solving the wrong problem.
The output solution should directly address the root cause issue(s), and result in a plan that is:
- Feasible -the solution can accomplish the goal(s) within the established time, regulatory and resource limitations.
- Acceptable - the solution must balance cost and risk with the advantage gained.
- Suitable-the plan solves the actual problem(s) identified.
When root cause analysis is done correctly and utilized as a part of your remediation strategy going forward, it is primarily there to develop preventive actions. A preventive action is something to prevent recurrence of the problem. You can adjust with a corrective action, but the ultimate goal is to engineer out or fix the system and processes, so you do not have the opportunity for that flaw to occur again. Another way to consider it, as stated by Ben Locwin, is “We have a problem. Let’s not run away from it. Let’s embrace it.”