Root Cause Analysis can be conducted in many ways but the essential elements involve starting with the event (actual or potential) and then considering what immediate causes might or did lead to the event. The next step is to consider the underlying root cause. The objective is to identify and mitigate the underlying root causes. For example, a security breach might have been caused but a faulty CCTV camera. The root cause however might traceback to a cut in maintenance budgets five years previously.
The following examples illustrate how a complex analysis of an incident can be summarized and presented in a single diagram. The first two diagrams are two halves of a single diagram, separated here for clarity.
In the first diagram, a hypothetical release of nerve gas on a subway starts from the event in the centre of the diagram. The immediate causes are shown on the left, then leading back to the underlying root cause and vulnerabilities. Directly to the left of each of these root causes are potential remedial actions. The causes and treatments have also been grouped in terms of their practice areas (Information, ICT, PhysicalSecurity, etc.) as shown on the far left.
The second diagram, illustrates the post-event (right hand side of the event). Immediate consequences have been plotted, along with the root causes of those consequences, and then recommended remedial actions. The diagram highlights the complexity of causation as most immediate causes have multiple root causes.
The third diagram plots the same hypothetical example using the HFACS framework to highlight four levels of causation.
See also: Human Factors (HFACS),Ishikawa Diagrams, Swiss-Cheese, DDDRR, and Human Factors (HFACS).