8 Steps to using Bow Tie Analysis for Risk Management

When it comes to understanding risk analysis people are used to using a risk matrix and walking through a step by step risk analyses process, it's probably the default way of looking at the analysis of risk, but it's not the only way.

The bow tie method is a really visual way of understanding the impacts of a hazard, the risk it presents, the consequences and the controls that should be put in place. On of the benefits of it being so visual is that it's easy to training and easy for anyone to pick up and use so is really great for introducing people to the concept of risk analysis. It looks like this (and you can see why it's called bow tie analysis!):

How It Works 

Firstly, you ready this diagram from left to right, that also helps you understand if it makes sense, there should be a logical flow. If this threat / potential cause does happen will that, when combined with the hazard, create the event, if it does create the event will the potential outcome listed be a real consequence of the event. If any of those questions are not right, then your diagram is wrong.

Creating a Bow Tie Analysis 

Step 1 

Before starting it's worth reminding everyone that a hazard is something that has the potential to cause harm or trigger an Event, for that to happen something must occur to allow the hazard to occur and the event take place. For example a heavy box on a top shelf could be the hazard, the event is that the box falls from the top shelf, the threat or thing that could cause that could be a something hitting the shelf causing it to shake, the consequences of that could be that it falls on someone, it damages everything in the box and so on.

Creating the Bow tie starts in the middle with the hazard and the Event that you are looking to analyse, make sure it's written in plain English though to ensure that everyone understand what they are trying to analyse. There is typically very little debate about this part, so it sets the focus of everyone involve onto the same thing.

Step 2 

On the left had side list all of the potential causes or threats that would lead to the event happening, these would range from things that are almost certain to happen to things that are remote, that's ok list them all. Don't worry about trying to rank them just get them all included.

Step 3 

  On the right-hand side list all the consequences that could happen if the event linked to the hazard was to occur, again there will be a range of them to consider.

Step 4 

Walk through the logical flow of the chart as you have it now and think about it a bit like this, if A happens then B happens then C happens, i.e. if this potential threat happens, then this event (linked to the hazard) could happen and the consequence listed could happen. If that flows logically then you have things right, if you have a lot of debate or it doesn't feel right then it's not a real cause or consequence.

Now it is time to introduce countermeasures or Controls & Mitigation steps to your thinking.

Step 5 

Again, starting on the right, for each Potential cause what control measures could you put in place that would prevent that possible cause from happening. While our diagram has shown only 1, you can have as many controls as you need for each cause to prevent it from happening. As you mark them on the chart think about them as breaking the flow of the potential cause, if I put this control in how definite is it that this will break the chain of events for example. It's easy to list the things that are already in place but don't forget to think about what else you could do either as well as or instead of what's there that would be more beneficial.

For each of the control you put in rank it High, Medium, or Low in terms its effectiveness in being able to stop the potential cause from occurring, I like to colour these Red (low), Amber (medium) and Green (high) to easily identify the effectiveness of the controls. A few highly effective controls are better than a myriad of low effective ones.

Step 6 

Repeat this process for the right-hand side, this time thinking about the mitigation steps you can put in if the event actually does occur that would limit or stop the potential outcome or consequences from impacting. Once again, a few really good mitigations that will break the flow of the event are better than a multitude of smaller ones that might work or have to combine to work.

Step 7 

Step 8 

As a final step of the process review the chart and identify where you have listed equipment. By definition (assuming you are using the bow tie to do a safety risk assessment) these items are safety critical equipment. That means you need to think about defining what the level of the Functionality (what it should do) performance (how well it should do it), availability (is it ok to only be able to used 50% of the time?), survivability (i.e. will it keep working in an event) and any dependencies that the equipment has e.g. it needs electricity to function.

Summary 

By following these 8 steps you end up with a complete analysis of the risk management for a hazard and event, best of all it's easy to do, most of it can be done on a white board or with post it notes. It creates an easy to follow risk analysis process that can be applied to any form of risk in the organisation, not just health & safety and importantly it make it easy for everyone to get involved and to understand it. Once completed it 's a great idea, for example, to put it up on display for others to read and comment on, again further involving people in your organisation's risk management systems.