Root-Cause Analysis Methods

Systematic techniques for tracing engineering failures back to their origins, from the simple 5-Whys to probabilistic fault trees and barrier analysis used in aerospace, process-plant, and infrastructure investigations.

Last updated: 10 Jun 2026

A bridge has fallen, a reactor has tripped, a fuselage panel has separated in flight. The immediate cause is obvious from the wreckage. What is far less obvious, and far more important, is why that immediate cause was able to happen. Root-cause analysis (RCA) is the structured process engineers use to keep asking why until they reach the conditions, decisions, or gaps in a system that made the failure possible in the first place.

The discipline ranges from a conversation tool you can sketch on a whiteboard in twenty minutes to a full probabilistic model that takes months to build. At the lightweight end sits the 5-Whys and the fishbone diagram, good for straightforward industrial incidents and for framing early-stage hypotheses. At the quantitative end sits Fault Tree Analysis (FTA), Failure Mode and Effects Analysis (FMEA), and its quantitative extension, FMECA, tools that aerospace, nuclear, and process-plant industries have used for decades to demonstrate safety cases before a failure happens and to reconstruct it precisely after one does.

What connects all these methods is a common goal: to distinguish the root cause, the condition whose removal would break the failure chain entirely, from the proximate cause and the contributing factors that sit on top of it. Get that distinction wrong and you fix the symptom, reassure management, and wait for the next incident to remind you that the real problem is still in the ground.

Key terms

Root cause: The deepest systemic reason for a failure. Eliminating it prevents recurrence; eliminating only proximate causes often does not.
5-Whys: An iterative questioning technique that moves from a symptom to underlying causes by asking 'why?' repeatedly until a systemic explanation is reached.
Fault Tree Analysis (FTA): A top-down, deductive Boolean logic model that works backward from a specific undesired top event through AND/OR gates to identify minimal cut sets of basic failure combinations.
FMEA / FMECA: Failure Mode and Effects Analysis is a bottom-up, inductive method listing what can fail in each component and the effect on the system. FMECA adds a criticality ranking combining probability and severity.
Barrier Analysis: A method that identifies the physical, administrative, and procedural barriers that should have prevented harm, and asks which barriers were absent, inadequate, or defeated.
Minimal cut set: In a fault tree, the smallest set of simultaneously failing basic events that is sufficient to cause the top event. Identifies the most dangerous failure combinations for design and maintenance attention.

The 5-Whys and Ishikawa (fishbone) diagrams

Fast, conversational, and often surprisingly deep.

Taiichi Ohno of Toyota developed the 5-Whys as part of the Toyota Production System in the 1950s. The premise is disarmingly simple: once you state the problem, ask why it occurred. Take the answer and ask why again. Repeat until you reach something actionable at the system level rather than the component level. The canonical Toyota example runs from a machine stopping (why? overload tripped the fuse; why? bearing was insufficiently lubricated; why? the oil pump was not drawing enough oil; why? the pump inlet strainer was clogged; why? no schedule existed for cleaning it) to a maintenance scheduling gap, which is the actual fix.

The Ishikawa (fishbone or cause-and-effect) diagram, developed by Kaoru Ishikawa in the 1960s for quality control at Kawasaki, takes the same idea and makes it spatial. The problem sits at the head of the fish. Six categories of cause radiate off the spine: Machine, Method, Material, Man (human), Measurement, and Environment (the 6M model in manufacturing, or 8P in service industries). Each branch is populated through brainstorming. The result is a visual map that shows which cause categories are dense with potential contributors.

Ishikawa fishbone diagram structure for root-cause analysis.

For forensic engineering, fishbone diagrams are most useful in the early scoping phase of an investigation, when the team is mapping what it does not yet know. They keep attention on all cause categories and prevent premature focus on the most visible physical failure before the human, procedural, and organisational branches have been explored.

Fault Tree Analysis: Boolean logic for system failures

Work backward from the accident to the combinations of events that made it possible.

Fault Tree Analysis was developed at Bell Telephone Laboratories in 1961 for the US Air Force Minuteman missile program. NASA and the nuclear-power industry adopted it in the 1960s, and it became the de facto standard for safety cases in aerospace (MIL-STD-1629A) and process industries (IEC 61511). The formal method works as follows.

Define the top event
State the specific undesired outcome (for example, 'loss of structural integrity of main span') precisely enough that you can evaluate whether each lower event contributed to it.
Decompose through logic gates
AND gates indicate that all inputs must occur for the output to occur. OR gates indicate that any single input is sufficient. Work downward, branching each intermediate event until you reach basic events: hardware failures, human errors, or external events that are not further decomposed.
Identify minimal cut sets
Using Boolean algebra (or software), determine the minimal cut sets: the smallest combinations of basic events that together cause the top event. A single-event minimal cut set (a cut set of order one) is a single-point failure requiring immediate attention.
Assign probabilities (quantitative FTA)
Attach failure probability or failure rate data to each basic event from plant records, generic databases (IEEE Std 493, OREDA), or test data. Propagate probabilities through gates to estimate the top-event frequency. This converts the tree from a qualitative logic model into a quantitative risk metric.

Simplified fault tree with AND and OR logic gates.

Method	Direction	Best for	Output
Fault Tree Analysis (FTA)	Top-down (deductive)	Specific known failure, safety case for a system	Minimal cut sets, top-event probability
FMEA	Bottom-up (inductive)	Design review, no failure yet observed	Failure mode list, effect severity
FMECA	Bottom-up (inductive)	Prioritising corrective actions by risk	Criticality ranking, Risk Priority Number
Event and Causal Factor Chart (ECFC)	Chronological	Accident sequence reconstruction	Timeline with barriers and decisions

FMEA and FMECA: building the failure-mode inventory

Start from each component and ask what it can do wrong before the system fails.

FMEA was formalised by the US military in MIL-P-1629 in 1949, initially for the design of military aircraft and missile systems. It is now mandated or strongly recommended across automotive (AIAG FMEA manual, 4th edition), aerospace (SAE J1739), semiconductor, and medical-device industries. The core worksheet captures five things for each failure mode: the component that fails, the mode of failure (how it fails), the effect on the next higher assembly and on the system, the current controls in place, and the severity rating.

In a post-failure forensic investigation, FMEA works in reverse. The investigator constructs the failure-mode inventory for the failed component, asks which mode matches the observed fracture surface, deformation pattern, or functional loss, then checks whether that mode was foreseen in the original design review. If the failure mode appears in the original FMEA with a high-severity rating but no corrective action was taken, that is a significant finding for a liability determination.

Design FMEA (DFMEA): applied at the design stage to the product concept and component specifications before manufacturing.
Process FMEA (PFMEA): applied to the manufacturing or assembly process, asking how production variation can create a non-conforming part.
System FMEA: applied to higher-level system interfaces, particularly relevant for software-hardware integration failures.

Event and Causal Factor Charting

Time is a dimension of root cause, not just a backdrop.

Event and Causal Factor Charting (ECFC) is a timeline-based RCA method that places events on a horizontal time axis and arranges causal factors and conditions on branches beneath them. Unlike FTA, which is atemporal, ECFC preserves the sequence of decisions, actions, and missed opportunities that led to an incident. It was developed in the 1980s by the US Department of Energy for nuclear plant incidents and is now widely used in oil-and-gas, transportation, and healthcare investigations.

The timeline structure is particularly valuable for forensic engineering because most major failures are not caused by a single event but by a sequence of small decisions, deferred maintenance items, and ignored signals that converge. The Texas City refinery explosion in 2005 is a clear example: the ECFC produced by the Baker Panel showed that at least fifteen decision points preceding the blowdown drum over-pressurisation were visible opportunities to interrupt the chain. Each looked manageable on its own. Placed on a chart together, they form a damning progression.

Barrier Analysis

Every harm means a barrier was missing, weak, or defeated.

Barrier Analysis, drawn from Haddon's energy-release model and developed further by Johnson (MORT) and Svenson, asks a focused question: what barriers should have stood between the hazard and the target, and why did they not? A barrier is anything, physical, procedural, administrative, or protective equipment, whose purpose is to prevent the hazard from reaching the person, asset, or environment.

Physical barriers: pressure-relief valves, crash barriers, interlocks, containment walls.
Administrative barriers: permit-to-work systems, maintenance schedules, operating procedures, training.
Behavioural barriers: supervisory checks, buddy systems, stop-work authority.

For each barrier the analyst asks: was this barrier present? Was it adequate for the actual hazard energy or magnitude? Was it used correctly? A barrier may be present on paper, absent in practice, degraded through wear, or bypassed by a workaround that gradually became routine. Barrier Analysis often reveals that the same failure would have been prevented if any one of three or four independent barriers had actually functioned, making it powerful evidence that the failure was a systemic management problem rather than a single operator mistake.

Selecting and combining methods in practice

No single technique covers every kind of failure; investigators mix them deliberately.

A real forensic investigation rarely uses one RCA method in isolation. A typical approach starts with a 5-Whys and fishbone session to build the initial hypothesis map, then moves to ECFC to lay out the timeline and identify missed barriers, then uses FTA for any sub-system where a quantitative probability argument is needed for litigation. FMEA worksheets from the original design review, if available, are compared to the observed failure mode to assess foreseeability.

Investigation phase	Recommended method	Output used for
Initial scoping and hypothesis generation	5-Whys, Ishikawa diagram	Identifying areas for further investigation
Sequence reconstruction	Event and Causal Factor Chart	Establishing timeline, finding decision points
System safety analysis	Fault Tree Analysis	Quantifying failure probability, identifying single-point failures
Design foreseeability	FMEA / FMECA review	Establishing whether the failure mode was anticipated
Barrier and management failure	Barrier Analysis / MORT	Attributing responsibility to organisational controls

A court case adds one further demand: the method chosen must be explainable to a non-specialist fact-finder. FTA diagrams can be presented as exhibits if simplified carefully. FMEA worksheets translate well because they are tabular and reference specific component names. The investigator's job is both to use rigorous methods and to make those methods accessible enough that the conclusions can be tested under cross-examination rather than accepted on authority.

Worked example

Applying FTA to a runway excursion: landing gear retraction failure

A hydraulic system failure on landing, reconstructed through fault tree and barrier analysis.

A commercial aircraft lands with the nose gear partially extended. The crew receives a gear-down indication but the nose gear collapses on touchdown, causing a runway excursion. No fatalities, but substantial airframe damage and a civil liability dispute between the airline, the maintenance contractor, and the gear actuator manufacturer.

The investigator defines the top event: 'Nose gear fails to lock in down position at landing'. Using aircraft maintenance records and the failed actuator, three intermediate events are identified beneath the top event through an AND gate: the mechanical lock mechanism failed to engage (hardware), the cockpit warning system gave a false 'down and locked' indication (instrumentation), and the pre-flight gear-swing check was not performed (procedural). All three had to be present for the crew to proceed to landing with a false sense of safety.

Hardware branch: FTA identified a second-order cut set. The locking pin had fatigue cracks at the thread root (missed in the last scheduled inspection) and the backup spring had been incorrectly installed with reduced pre-load during a recent actuator overhaul. Either defect alone would not have caused the failure. Both together defeated the lock.
Instrumentation branch: the position sensor had a known intermittent fault logged in the aircraft's maintenance tracking system. The fault had been deferred twice on minimum-equipment list grounds without root-cause investigation. This OR-gate basic event feeds directly into the false indication event.
Procedural branch: barrier analysis showed that the gear-swing check was mandatory under the maintenance manual but had no verifiable sign-off in the aircraft's technical log for the previous flight cycle. The barrier existed on paper and was absent in practice.
Liability mapping: FMEA review of the actuator design showed the fatigue-prone thread root geometry was a known failure mode at high RPN in the design FMECA, with a corrective action status of 'deferred pending redesign'. This supports a design-defect argument against the manufacturer. The missed gear-swing check and deferred sensor repair support a maintenance-negligence argument.

The intersection of hardware, instrumentation, and procedural failures is what makes the ECFC timeline so important in court: it shows the jury not one single human error but a multi-year accumulation of deferred actions and unverified barriers. Any one of them, addressed on its own schedule, would have broken the chain. That is the systemic message RCA exists to deliver.

Check your understanding

Question 1 of 4· 0 answered

An AND gate in a fault tree means that the output event occurs when:

Key Takeaways

Root-cause analysis aims beyond the proximate failure to the systemic conditions whose correction prevents recurrence, not just repair of the immediate damage.
The 5-Whys and Ishikawa fishbone are rapid qualitative tools for framing hypotheses; Fault Tree Analysis and FMECA provide quantitative rigor for high-consequence systems in aerospace, nuclear, and process industries.
FTA works top-down from a defined undesired event; FMEA works bottom-up from individual component failure modes. The two methods are complementary, not competing.
Minimal cut sets from a fault tree identify the most dangerous combinations of simultaneous failures; first-order cut sets are single-point failures requiring immediate design attention.
Barrier Analysis asks which physical, administrative, and procedural barriers should have stopped the harm and classifies each as absent, inadequate, or defeated, translating RCA findings directly into liability and corrective-action language.

What is the difference between a root cause and a contributing factor?

A root cause is the deepest systemic reason why a failure occurred: if it were corrected, the failure chain would break. A contributing factor worsens or enables the failure without being its primary driver. Good investigations name both, because correcting contributing factors alone often leaves the root cause in place to generate a different failure later.

When should you use Fault Tree Analysis instead of FMEA?

Fault Tree Analysis (FTA) starts from one known undesired top event and works backward through logic gates to find combinations of basic failures that cause it. Use FTA when the failure is specific and already observed. FMEA starts from individual components and asks what could go wrong with each, making it better for prospective design review before a failure has occurred.

What is a minimal cut set in fault tree analysis?

A minimal cut set is the smallest combination of basic failure events that, if they all occur simultaneously, is sufficient to cause the top event. Identifying minimal cut sets tells engineers which combinations of simultaneous failures are most dangerous and guides both design and maintenance scheduling.

What does FMECA add to FMEA?

FMECA adds a criticality analysis to FMEA. It combines probability of occurrence with severity of consequence to produce a risk priority number or criticality ranking for each failure mode, allowing engineers to triage corrective action toward the highest-risk items first.

Is the 5-Whys method scientifically validated?

Not in a formal statistical sense. Its strength is speed and accessibility: it can be run by a small team in an hour and reliably surfaces proximate causes. Its weakness is that stopping at a predetermined number of iterations can miss deeper systemic causes and that different analysts asking the same questions often reach different roots. It is best used as a starting point, not as a substitute for quantitative methods in high-consequence investigations.

Test yourself on Forensic Engineering with free, timed mocks.

Practice Forensic Engineering questions

Found this useful? Pass it along.

Spotted an error in this page? Report a correction or read our editorial standards.

Method

Direction

Best for

Output

Fault Tree Analysis (FTA)

Top-down (deductive)

Specific known failure, safety case for a system

Minimal cut sets, top-event probability

FMEA

Bottom-up (inductive)

Design review, no failure yet observed

Failure mode list, effect severity

FMECA

Bottom-up (inductive)

Prioritising corrective actions by risk

Criticality ranking, Risk Priority Number

Event and Causal Factor Chart (ECFC)

Chronological

Accident sequence reconstruction

Timeline with barriers and decisions

Investigation phase

Recommended method

Output used for

Initial scoping and hypothesis generation

5-Whys, Ishikawa diagram

Identifying areas for further investigation

Sequence reconstruction

Event and Causal Factor Chart

Establishing timeline, finding decision points

System safety analysis

Fault Tree Analysis

Quantifying failure probability, identifying single-point failures

Design foreseeability

FMEA / FMECA review

Establishing whether the failure mode was anticipated

Barrier and management failure

Barrier Analysis / MORT

Attributing responsibility to organisational controls

Key Takeaways

Root-cause analysis aims beyond the proximate failure to the systemic conditions whose correction prevents recurrence, not just repair of the immediate damage.

The 5-Whys and Ishikawa fishbone are rapid qualitative tools for framing hypotheses; Fault Tree Analysis and FMECA provide quantitative rigor for high-consequence systems in aerospace, nuclear, and process industries.

FTA works top-down from a defined undesired event; FMEA works bottom-up from individual component failure modes. The two methods are complementary, not competing.

Minimal cut sets from a fault tree identify the most dangerous combinations of simultaneous failures; first-order cut sets are single-point failures requiring immediate design attention.

Barrier Analysis asks which physical, administrative, and procedural barriers should have stopped the harm and classifies each as absent, inadequate, or defeated, translating RCA findings directly into liability and corrective-action language.

What is the difference between a root cause and a contributing factor?

When should you use Fault Tree Analysis instead of FMEA?

What is a minimal cut set in fault tree analysis?

What does FMECA add to FMEA?

Is the 5-Whys method scientifically validated?

Your journey to becoming a forensic professional starts here.

Key Takeaways

Key Takeaways