Overview of Root Cause Analysis: Getting to the Why

By Jonathan T. Marks, CPA, CFF, CFE and NACD Board Fellow[1]

When Edward Hodnett, author of The Art of Problem Solving, offered his thoughts on asking the right questions, he was, in effect, describing some of the fundamental principles of root cause analysis. Initially developed in the early 20th century by pioneering Japanese industrialist Sakichi Toyoda, root cause analysis today is one of the most widely practiced management and problem-solving techniques.

Yet despite its worldwide recognition, root cause analysis is often overlooked, short-circuited, ineffectively executed, or simply misunderstood in the context of fraud detection, deterrence, and remediation. Effective root cause analysis should be a critical component of every anti-fraud initiative, regardless of scope or area of focus.

DOJ Guidance Highlights Root Cause Analysis

Recent guidance from the U.S. Department of Justice (DOJ) has generated renewed attention to the importance of root cause analysis in the realm of fraud deterrence and ethics. In June 2020, the DOJ’s Criminal Division issued an updated version of its Evaluation of Corporate Compliance Programs guidance.[2]

The purpose of such guidance is to direct federal prosecutors in their decision-making. While it does not have the force of law, it provides a valuable roadmap organizations can use to develop, update, and implement their anti-fraud and compliance programs. It also provides insights into what law enforcement and regulatory authorities regard as high priorities and risks.

An essential highlight of the 2020 guidance was the recommendation that investigators look for evidence that an organization is performing a root cause analysis for any compliance violation that could lead to a self-disclosure or enforcement action. It categorically declares that “a hallmark of a compliance program that is working effectively in practice is the extent to which a company is able to conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.”[3]

One of the most often overlooked concepts of the root cause process which the guidance highlights is the concept of “appropriately addressing the root causes.” Too often there is unnecessary time and effort spent on trying to “eliminate” the root cause instead of “addressing” it. The goal of the root cause analysis is to not only identify the reason or reasons for a noted deviation in a process, but also to develop, implement, and execute an action to address the root cause and reduce the amount of risk.

It then instructs prosecutors to consider the answers to several probing questions in seven broad areas as they contemplate how to manage fraud or other noncompliance issues. Two of those categories and the questions prosecutors should raise relate directly to root cause analysis:

“Root Cause Analysis – What is the company’s root cause analysis of the misconduct at issue? Were any systemic issues identified? Who in the company participated in making the analysis?”

“Prior Indications – Were there prior opportunities to detect the misconduct in question, such as audit reports identifying relevant control failures or allegations, complaints, or investigations [involving similar issues]? What is the company’s analysis of why such opportunities were missed?”

?One month after that guidance was published, the DOJ and the Securities and Exchange Commission issued a major update to their joint publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, which incorporates the DOJ’s foundational guidance “Hallmarks of an Effective Compliance Program.”[4]?In the section titled, “Investigation, Analysis, and Remediation of Misconduct,” that guidance states explicitly:

Root cause analysis is a high priority among federal law enforcement and regulatory agencies, which means it should also be a top priority for those responsible for corporate compliance and ethics programs.

Root Cause Analysis: What It Is and Is Not

One leading online analytics and software company describes root cause analysis as a “collection of principles, techniques, and methodologies that can all be leveraged to identify the root causes of an event or trend.”[6]?To put it another way, root cause analysis helps identify what and how an event occurred and why it happened.

When we can determine why an event—such as a fraud incident or compliance failure—occurred, we can recommend workable corrective measures to deter or proactively detect similar events in the future.

?It is essential to distinguish between root cause analysis, risk management, and anti-fraud tools, such as risk assessments and investigations. For example, root cause analysis is performed after an incident occurs, so in a sense, it could be considered a reactive activity, unlike a risk assessment, which is inherently proactive.

Yet, the distinction is not that simple. While root cause analysis does occur in reaction to a problem, its purpose is to detect or prevent future recurrences of the problem—a decidedly proactive objective. Also, it is worth noting that in many instances, root cause analysis may very well be addressing an issue that was previously identified through a risk assessment.

Root cause analysis is also distinct from a fraud or compliance investigation. The purpose of an investigation is to either prove or disprove a known allegation. For example, in a compliance investigation, investigators may be trying to prove or disprove that certain transactions could form the basis of a corrupt payment or bribe. They do this by gathering evidence to support or refute specific allegations, but the investigation itself does not assess blame. That is the point where root cause analysis should follow to determine how the compliance failure occurred or was allowed to happen.

The most practical examples of root cause analysis generally take a research-based approach to identify the underlying source or reason for a problem or an issue—not just the proximate cause of the incident. For example, Thwink.org, a research organization focused on environmental and sustainability-related issues, offers an extensive online discussion of this concept. It explains its focus by noting: “The practice of root cause analysis is predicated on the belief that problems are best solved by attempting to correct or eliminate root causes, as opposed to merely addressing the immediately obvious symptoms.”[7]

A Four-Step Process

There is no single right way to perform a root cause analysis. Over the years, numerous quality engineers, auditors, consultants, investigators, and specialists from almost every industry have proposed various multistep processes. The first step in most of these formulas is to define the problem accurately and precisely. Subsequent steps then apply a combination of investigative, inquisitive, and analytical techniques to identify the various processes or control failures that led to the outcome. The ultimate objective is to track things back to that first domino that caused all the rest of the dominos to fall one by one.

One protocol, articulated by The Compass, takes a slightly different approach. On its website, the organization—a curated collection of social and behavior change resources supported by the United States Agency for International Development and Johns Hopkins University—advocates a four-step process that also addresses significant communication challenges and prioritizes corrective actions.

In this model, the specific issues being addressed are defined earlier in a separate situational analysis. Then, once the problem is appropriately identified, the model goes on to spell out the steps.[8]

Step 1: Identify Possible Causal Factors

Identify things that cause or contribute to the compliance failure. It includes asking such questions as:

• “What sequence of events leads to the problem?”
• “What conditions allow the problem to occur?”
• “What problems co-exist with the central problem and might contribute to it?”

Step 2: Identify the Root Cause

“Start with the problem and brainstorm causal factors for that problem by asking why? Connect them in a logical cause and effect order until arriving at the root of the problem.” (We look at some questioning techniques and other tools later.)

Step 3: Identify Communication Challenges

Ask which root causes are communication challenges that compliance can and should address and which are not. Share findings of other root causes with other leaders or organizations that might be able to address them.

Step 4: Prioritize Compliance Challenges

If the root cause analysis identifies more than one compliance failure, decide which failure to address first. Rank root causes in order, starting with the leading cause, and consider factors such as the potential impact of addressing the failure, the difficulty associated with treating it, and mandates attached to necessary funding.

The Five Whys

One of the most widely used root cause analysis tools is the five whys approach. Sakichi Toyoda himself is widely credited for developing this concept.[9]?When a problem occurs, he reportedly advised his factory managers to ask, “Why?” five times to find the source of the problem before putting into place something to prevent the problem from recurring.

Most contemporary management frameworks, such as Six Sigma and Lean, use this method to solve problems, improve quality, and reduce costs. It is equally applicable—particularly relevant—to fraud and ethics investigations, where it is critical to evaluate and understand underlying issues, such as why necessary controls did not exist, broke down or were overridden.

Repeatedly asking, “Why?” peels away the layers of symptoms, ultimately leading to the root cause of a problem or compliance failure. Early questions usually yield superficial or obvious answers, but the later questions lead to more substantive results. Although the five questions are a good rule of thumb, there can be instances when more (or fewer) questions might be necessary. Also, be aware that when searching for the root cause and asking “why” multiple times, receiving the same response does not necessarily indicate you have identified the root cause. Always verify that the information and data support the consistent response you are receiving.

Example of The Five Whys: The Truth Behind a Monumental Mystery

Problem: One of the monuments in Washington, DC, is deteriorating.

Why #1: Why is the monument deteriorating? Because harsh chemicals are frequently used to clean the monument.

Why #2: Why are harsh chemicals needed? To clean off a large number of bird droppings on the monument.

Why #3: Why is there a large number of bird droppings on the monument? Because the large population of spiders in and around the monument is a food source to the local birds

Why #4: Why is there a large population of spiders in and around the monument? Because vast swarms of insects, on which the spiders feed, are drawn to the monument at dusk.

Why #5: Why are swarms of insects drawn to the monument at dusk? Because the lighting of the monument in the evening attracts the local insects

Solution: Change how the monument is illuminated in the evening to prevent the attraction of swarming insects.

Ishikawa or Fishbone Diagrams

Although the five whys methodology is a popular stand-alone technique, it is often used in conjunction with another widely used root cause analysis tool, the cause-and-effect diagram also called the “Ishikawa diagram” (after its creator, Kaoru Ishikawa) or a “fishbone diagram” (because it resembles the skeleton of a fish).[10]

Figure 2: Cause and Effect Diagram[11]

?

?

The standard categories of contributing factors (or fishbone branches) are:

• People: Anyone involved with the process;
• Methods: How the process is performed and the specific requirements for doing it, such as policies, procedures, rules, regulations, and laws;
• Machines: Any equipment, computers, tools, etc. involved in the process;
• Materials: Raw materials, parts, pens, paper, etc. that are used in the process;
• Measurements: Data generated from the process that is used to evaluate the quality; and
• Environment: The conditions, such as location, dates and times, and culture in which the process operates.

A fishbone diagram organizes information to clarify the relationships between a failure and its main causes. It can be beneficial in identifying multiple causes that contributed to a single failure. Once all inputs are established on the fishbone, the five whys technique helps drill down to the root causes. By listing multiple causal factors under each category, it is possible to visually depict how many things could have contributed to the issue.

Socratic Questioning

Designing and implementing compliance, ethics, and anti-fraud initiatives inevitably involves asking a lot of questions. But in a root cause analysis, merely asking a lot of questions is not necessarily enough. Those conducting the root cause analysis must be thinking critically, asking the right questions (sometimes probing), applying the proper level of skepticism, and, when appropriate, examining the information from multiple perspectives.

A theoretical model of professional skepticism has these fundamental characteristics:[12]

• ?“A questioning mind: Not accepting information at face value but instead looking for evidence or proof to justify the information”
• “Suspension of judgment: A propensity to withhold acceptance or rejection until all information has been found and considered”
• “A search for knowledge: As evidenced by genuine curiosity and enjoyment of learning”
• “Interpersonal understanding: Recognizing that individuals might have different perceptions of the same information”
• “Self-confidence: Valuing one’s insights and being willing to challenge the assumptions of others”
• “Self-determination: The personal initiative to take action based on the evidence.”

For millennia, the use of Socratic questioning has been recognized as a useful tool for learning new information that might otherwise go undetected—it is at the heart of critical thinking. Socratic questioning is based on logic and structure, emphasizing that any one statement only partially reveals the thinking underlying that statement. The purpose of Socratic questioning is to expose the reasoning behind someone’s thought processes.

Socratic questioning is not random; instead, it is a highly disciplined questioning technique used to explore complex ideas, get to the truth, open up issues and problems, uncover assumptions, distinguish what is known from what is not, and follow the logical implications of a thought or idea. Socratic questions are traditionally organized into the following six categories:

Questions for clarification. These are basic “tell me more” questions designed to get individuals to go deeper and prove the concepts behind their statements. Always avoid the simple “yes or no” questions. Examples include:

• Why do you say that?
• How does this relate to our discussion?
• Can you give me an example?
• Can you rephrase that?

Questions that probe assumptions. Probing assumptions makes people think about the presuppositions and unquestioned beliefs on which they are founding their argument. Examples include:

• What could we assume instead?
• How can you verify or disapprove of that assumption?
• What would happen if…?

Questions that probe reasons and evidence. These questions dig into the reasoning behind a position or statement rather than assuming it is a given. Drawing out the rationale for a statement helps reveal if people have failed to think things through or do not fully understand the process that led to their position. Examples include:

• ?What would be an example of that?
• What is that analogous to?
• What do you think causes this to happen? Why?
• What evidence is there to support what you are saying?
• On what authority are you basing your argument?

Questions about viewpoints and perspectives. Most arguments are given from a particular position. Questioning or attacking that position can show that there are other, equally valid viewpoints. Examples include:

• What would be an alternative?
• What is another way to look at it?
• Would you explain why it is necessary or beneficial, and who benefits?
• Why do you do it this way and why is it the best?
• What are the strengths and weaknesses of…?
• How are … and … similar?
• What is a counterargument for…?

Questions that probe implications and consequences. The argument or information an individual presents might have logical or unforeseen implications that can be forecast. Examples include:

• ?Do these make sense? Are they desirable?
• What generalizations can you make?
• What are the consequences of that assumption?
• What are you implying?
• How does … affect …?
• How does … tie in with what we learned?
• What is the best …? Why?

Questions about the question. This reflexive approach is designed to turn the question in on itself, challenge the other person’s position, or bounce the ball back into their court. Examples include:

• ?What was the point of this question?
• Why do you think I asked this question?
• What does … mean?

The key to distinguishing Socratic questioning from other types of questioning is that Socratic questioning is systematic, disciplined, and deep. Usually, it focuses on fundamental concepts, principles, theories, issues, or problems. Knowledge of the process in question is critical in the effective utilization of this questioning technique.

Operational Knowledge and a Skeptical Approach

It should be clear by now that there are multiple ways to perform a root cause analysis. It is not simply a matter of sitting down and asking a multitude of questions. Effective root cause analysis seeks to understand why people make bad decisions, take inappropriate actions, or fail to implement proper safeguards. The people, or human element, is what most miss or gloss over. Ineffective root cause analysis, on the other hand, stops with the identification of physical or process components, systems, policies, or training.

In addition to having a firm grasp of the traditional three lines of defense,[13]?those conducting root cause analyses should also have a sound operational understanding of how the organization operates and how it has developed its customer base or clientele. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework can provide a systematic and structured way of organizing this knowledge while also providing a model for describing and analyzing the internal control systems in an organization.

The five components of the COSO Framework—monitoring, information and communication, control activities, risk assessment, and control environment—depict the activities, principles, and factors necessary for an organization to manage its risks through the effective implementation of internal control. Still, the framework does not articulate who is responsible for the specific duties outlined. When used together, the Enterprise Risk Resilient Ecosystem and the COSO Framework can provide meaningful steps to remediate gaps and enforce an individual’s responsibilities regarding risk and control and how those duties fit into the organization’s overall risk and control structure.

When trying to determine the “why,” I have found the enemies of internal controls help too. Knowing your enemy means recognizing the risks that are relevant to your organization. I define the significant enemies as follows.

Figure 4: Enemies of Internal Controls

People

No matter how detailed, inclusive, and illustrative the policies and procedures may be over a particular process; there will still be a reliance on people to execute the process steps per the established policies and procedures. There are multiple challenges when it comes to this enemy. First, there is no certainty or confirmation that all team members have been given, read, and understand the process requirements. They may say they know what to do, but not truly grasp all of the process requirements. Second, tenure affects compliance with policy and procedure requirements in that experienced personnel develop their own techniques to complete a task that may not specifically comply with all process requirements. And lastly, process personnel develop workarounds to expedite the process, which inherently leads to specific policy requirements being excluded. In the end, it is critically important that all process team members understand that the policies and procedures are not a suggestion guide on how to do their job, but a mandatory requirement for department compliance.

Time

One commodity that can never be purchased is time. When time requirements are altered in a business process, it will pressure the process personnel to achieve the business objective more quickly. There is no way to properly execute the process requirements according to the policies and procedures, so steps are inevitably rushed or skipped to meet the new time requirements for completing the tasks. Be aware of the budgeted or allotted time for any tasks and verify that those requirements are realistic and never altered because it will result in a weakened control environment. Be cognizant that the policies and procedures were built with specific requirements including the associated time needed to complete them completely and effectively. Any alteration in the time requirement usually results in errors.

Judgments

Every person has their unique way of executing their job responsibilities, usually developed over time and with experience. While this can be advantageous to a department, it can also be detrimental. Policies and procedures are built specifically with the objective in mind and contain specific internal and external compliance requirements. When judgment or discretion is allowed into the processing requirements, it weakens the control environment because it usually means that basic (or even critical) processing steps are inadvertently omitted due to individual judgment. Experience on a team is great, but it will not take the place of process requirements for departmental and regulatory compliance.

Overrides/Workarounds

Overriding internal controls, especially management override of internal controls, has long been recognized as a major impediment to fraud prevention efforts and should not be overlooked when determining the root cause of ethic lapse or an alleged fraud.[14]?As mentioned in the “people” element, or human element, included with the enemies of control, workarounds are common within a process as individuals seek ways to expedite their tasks. In this effort to save time, the process itself may suffer because most self-developed workarounds bypass an established control in the policies and procedures. While the process’s end result may be correct, these workarounds omit critical documentation and verification steps detailed in the established policies and procedures. Discretion and override or workaround capabilities should only be placed in the most experienced hands in the department and have strict documentation requirements showing why this particular item deviated from the standard process requirements and detail/document what alternate steps were taken to complete the process and comply with established policies and procedures.

Incentives

It can be argued that money is one of the greatest elixirs that can fix anything. While incentives are a motivator for anyone, there can be an associated danger often overlooked within the ecosystem. Any time incentives are linked to the completion of work, there is a greater risk that specific process requirements will not receive the proper attention to detail and will lack the appropriate documentation as outlined in the established policies and procedures. Established process incentives require a detailed monitoring control to ensure that the particular requirements of the incentive are achieved and that no controls were overridden to receive the incentive. Unbelievably, when incentives are used, the control environment demands an additional level of checks and balances to ensure performance integrity.?

In addition to understanding the enemies, it is also important to understand contributing factors (see Figure 5). A contributing factor is a condition that influences the effect by increasing its likelihood, accelerating the effect

in time, affecting the severity of the consequences, etc.; eliminating a contributing factor(s) will not eliminate the impact, but it will give you better insight into risk and loopholes being exploited.

A loophole is an ambiguity or inadequacy in the control environment, such as poorly designed internal controls or policies and procedures, and often creates opportunities to override or circumvent controls. Remember, the risk landscape and controls should be continuously evaluated along with the associated policies and procedures and revised, when needed and appropriate, to close all gaps and loopholes quickly. The failure to monitor and use that feedback to enhance the compliance program increases the risk of fraud, waste, or abuse.

Figure 5: Key Root Cause Categories

“Informed, knowledgeable skepticism is a professional asset for compliance professionals, auditors, board members, and financial executives.”[15]

Finally, an effective root cause analysis requires that this knowledge and understanding be overlaid with the professional skepticism each member of the root cause team brings to the process. Those conducting the analysis should not accept an answer as it is provided to them, as they might in a casual conversation. Rather than merely identifying the physical or process components that failed or the systems, policies, or training that must be corrected or enhanced, effective root cause analysis goes further.?

When performed appropriately, root cause analysis helps us understand why people make bad decisions, take inappropriate actions, or fail to implement proper safeguards. That type of knowledge and feedback is essential business intelligence or actionable information that helps senior management, managers, and other corporate end-users make informed business decisions, including enhancing the compliance and ethics program, which should help in the fight against fraud. Using business intelligence is a step toward enterprise resiliency, or an organization’s capacity to anticipate, react, and adapt to changes and new risks—not only to survive but also to evolve!

In practice, a key lesson learned is that not performing a sound root cause analysis could mean recommendations are designed to treat the symptoms and not the root cause, which could lead to recidivism, a word that no one wants to hear in the boardroom.

Remember, a root cause analysis plays a role in how prosecutors will evaluate a compliance program. Also, when assessing a company’s investigations function, prosecutors are instructed to ask whether investigations have been used to identify root causes, system vulnerabilities, and accountability lapses, including among supervisory ?managers or gatekeepers and senior executives. In my opinion, this is being done because the goal of any root cause analysis ?should be to understand the fundamental cause(s) of non-compliance that gave rise to a problem and develop a plan to apply corrective action(s) ; however, simply applying a corrective action(s) to a symptom(s) ?and not the root cause increases the likelihood of a reoccurrence .

Currently

The DOJ has explicitly called out the failure to conduct root cause analysis in several enforcement actions, emphasizing its importance in compliance programs and the prevention of future violations. Here are a few notable instances:

• ?Digital Technology Case (2022): In December 2022, the DOJ reached a $315 million resolution with the Company, highlighting the company’s failure to conduct an effective root cause analysis following previous FCPA violations. Although the Company did undertake significant remediation efforts, the DOJ noted that their initial lapses in root cause analysis contributed to repeated misconduct.
• Bank (2021): Bank’s settlement with the DOJ included partial credit for remediation, but the DOJ criticized the Company’s delayed and incomplete root cause analysis. The DOJ emphasized that effective root cause analysis is crucial for identifying systemic issues and implementing corrective measures, and the lack of timely analysis in this case was a significant factor in the enforcement action .
• Healthcare Fraud Settlements (2023): Several False Claims Act (FCA) settlements in 2023 involved healthcare entities that failed to conduct proper root cause analyses of compliance violations. For example, a dermatology management company and a mobile cardiac PET company faced substantial fines for Stark Law and Anti-Kickback Statute (AKS) violations partly because they did not adequately address the root causes of their misconduct, leading to repeated violations .
• Environmental Justice Enforcement (2023): The DOJ’s environmental justice strategy also highlighted the importance of root cause analysis. In several cases, the DOJ emphasized the need for root cause analysis to identify and remediate systemic issues causing environmental harm in underserved communities .

These examples illustrate that the DOJ consistently stresses the importance of conducting thorough root cause analyses not only to address immediate compliance failures but also to implement systemic changes that prevent future violations.

Best!

Jonathan M.

?

Disclaimer

The information and guidance provided in this writing are for general informational purposes only and are not intended to replace professional advice. Every situation is unique, and the applicability of the provided guidance may vary based on individual circumstances. Always consult with a qualified professional before making any decisions or taking any actions based on the information provided. I assume no responsibility or liability for any errors or omissions in the content or for any actions taken based on this guidance.

References and Sources

1Jonathan T. Marks is a principal in the Forensic Services Practice, with BDO USA, P.C.. He also serves as a board fellow with the National Association of Corporate Directors and is a member of the American Institute of Certified Public Accountants Fraud Task Force.

2U.S. Dep’t of Justice, Criminal Div., Evaluation of Corporate Compliance Programs (Updated June 2020), https://www.justice.gov/criminal-fraud/page/file/937501/download.

3? U.S. Dep’t of Justice, Evaluation of Corporate Compliance Programs, 17.

4? Jonathan T. Marks, “DOJ Revises its Guidance on the Evaluation of Corporate Compliance Programs,” Board and Fraud (blog), June 3, 2020, https://boardandfraud.com/2020/06/03/doj-revises-its-guidance-on-the- evaluation-of-corporate-compliance-programs/

5U.S. Dep’t of Justice and the Enforcement Div. of the U.S. Securities and Exchange Comm’n, FCPA:A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition, July 2020, 67, https://www.justice.gov/criminal- fraud/file/1292051/download.

6“Root Cause Analysis Explained: Definition, Examples, and Methods,” Tableau, accessed July 27, 2021, https://www.tableau.com/learn/articles/root-cause-analysis.

7“Root Cause Analysis,” Glossary, Thwink.org, accessed July 27, 2021, https://www.thwink.org/sustain/glossary/RootCauseAnalysis.htm.

8“How to Conduct a Root Cause Analysis,” How-to Guides, The Compass, accessed July 27, 2021, https://www.thecompassforsbc.org/how-to-guides/how-conduct-root-cause-analysis.

9Wikipedia, s.v. “Five whys,” last edited July 13, 2021, https://en.wikipedia.org/wiki/Five_whys.

10Wikipedia, s.v. “Ishikawa diagram,” last edited July 14, 2021, https://en.wikipedia.org/wiki/Ishikawa_diagram.

11Copyright 2020, Jonathan T. Marks; used with permission.

12Jonathan T. Marks, “Skepticism – A Key Tool in the Fight Against Fraud,” Board and Fraud (blog), September 2, 2019,

13Douglas J. Anderson and Gina Eubanks, Leveraging COSO Across the Three Lines of Defense, Institute of Internal Auditors, July 2015, https://global.theiia.org/standards-guidance/Public%20Documents/2015-Leveraging- COSO-3LOD.pdf.

14Carol C. Bishop, Dana R. Hermanson, Jonathan T. Marks, and Richard A. Riley, Jr., “Unique Characteristics of Management Override Fraud Cases,” Journal of Forensic and Investigative Accounting 11, no. 3 (July–December 2019), https://web.nacva.com/JFIA/Issues/JFIA-2019-No3-1.pdf.

15 Jonathan T. Marks, “Skepticism – A Key Tool in the Fight Against Fraud,” Board and Fraud (blog), September 2, 2019

McDermott Will & Emery on JD Supra

National Law Review

Vinson & Elkins LLP