BowTie is one of my favorite risk management tools. It supports a complex analysis but is so simple that can even a five-year-old can understand it. It is also visual which makes it a great communication tool.
BowTie analysis draws its name from its shape reminiscent of a traditional necktie. The precise origin of this method is unclear, but it seems to have evolved from cause and consequence diagrams in the 1970s. A major limitation of ‘cause-event-consequence’ diagrams is that they don’t show the full complexity of a scenario.
The first formal use of BowTie as a documented method appeared in the 1990s when Shell Group adopted the method to show causal links between sources of risk and consequences. The oil & gas industry and many other industries have since adopted it.
Figure 1: Risk BowTie
You can consider multiple Events if the causal links from risk Sources to the Event(s) to Consequences are credible but usually the focal point for BowTie analysis is a single risk Event. At the center of the BowTie diagram is the risk Event. In this example, a fire. To the left is what might cause the Event to occur (e.g., lightning, arson, an electrical fault). On the right-hand side are the potential outcomes (e.g., death, building damage, financial loss).
The left and right sides are larger than the center because there are many Sources that might lead to a single risk Event. That single Event, can in turn lead to many Consequences.
Figure 2: Risk Causation
In reality, most sources of risk can create many events. Even a single event can cause many consequences.
Figure 3: Risk Causation Example
Choosing an ‘Event’ at the center of the BowTie provides a focus for analysis.
Structure and Application
BowTie expresses likelihood and consequence management via the left and right-hand sides of the Event using similar concepts to the Swiss Cheese Model and Escalation Factors.
Figure 4: Risk Controls
BowTie diagrams depict the relationship between Sources of risk, Controls, Escalation Factors, Events, and Consequences. Some benefits include:
full range of initiating causes can be shown
existing controls (intervening safeguards/barriers) are depicted
causal pathway in which these combine and escalate can be shown
consequence management (right) side shows post-event controls
multiple possible consequence outcomes can be depicted
causal pathway effects of controls are made explicit
In the BowTie, Controls change the likelihood or consequence of a risk but Escalation Factors are conditions that can vary the effectiveness of likelihood or consequence Controls. Escalation Factors might include fatigue, competency, the environment, foreign exchange, drug use, human error, etc.
On an oil rig for example, Controls such as fire detection and suppression systems might be more likely to fail due to the corrosive salt water environment. In this instance, Controls such as regular inspections, testing, and preventative maintenance programs might mitigate that Escalation Factor.
It’s important to remember that, as illustrated below, not all controls will be effective at managing all sources of risk, nor mitigating all consequences.
Figure 5: Control Relationships
Figure 6: BowTie Structure Example
Sources of risk. Threats, hazards, exposures, vulnerabilities, opportunities, or circumstances which cause a risk event.
Likelihood controls. Measures to reduce the likelihood of negative risk events or increase the likelihood of positive events.
Likelihood escalation factors. Elements that might change the effectiveness of likelihood controls.
Likelihood escalation controls. Resources, risk treatments, mitigations, or barriers that affect or manage escalation factors.
Event(s). Incident(s) or risk event(s) which may occur as a result of the sources of risk and could impact on objectives.
Consequence controls. Measures to support or change the consequences of the risk event(s).
Consequence escalation factors. Elements that through cascading or cumulative effects could lead to changes in the effect of consequence controls.
Consequence escalation controls. Resources, risk treatments, mitigations, or barriers that modify the effect of escalation factors.
Consequences. Outcome(s) of a risk event that could affect objectives.
Figure 7: Factory Fire Example
Advantages of BowTies
Bow-ties are not a universal panacea but they have practical benefits including many we find which in only a few methodologies:
Repeatable. A robust and consistent method for documenting existing controls and linking them to the risks that they are treating.
Integrated. A framework where risks and management procedures can be linked and compared.
Causal. Highlighting causal links between risks, controls, sources, events, and potential consequences.
Systems and gap analysis. Facilitates identification of deficiencies or missing risk controls.
Visual. Risks are easily communicated and understood at all levels of an organization.
Complementary. Aligns with and complements other methodologies such as Likelihood and Consequence Management, P2R2, Swiss Cheese, and Root Cause Analysis.
Aligned with better practice methodologies to support management decision-making and evaluation of risks.
Adequacy of Existing Controls. Existing Controls are identified, listed, linked to specific threats, and can be assessed by their effectiveness.
Scenario-modeling. Typical scenarios and relationships can be and depicted on the pre-event side (left side) of the BowTie diagram.
Vulnerabilities. BowTie can highlight areas where controls are poor.
Audit. BowTie diagrams can show auditors and managers the conceptual application of management systems.
Defining. Define the meaning and relative roles of key terms.
Figure 8: Example of Using Bow-Tie to Define Terms
It is important to understand there isn’t a single correct way and BowTies can be adapted for each specific context and organization.
Figure 9: Second Example of Defined Terms Illustrated by Bow-Tie
BowTie can also illustrate the Sources, Controls and risk Events that could turn an opportunity into a benefit. When managing a project or implementing a plan for example, starting a business, or choosing to start a project, the intention is to increase the positive consequences.
The following example illustrates a funds management product.
Figure 10: Financial Product Example
Although unusual, positive and negative consequences can be plotted in a single BowTie to illustrate Sources (Threats and Opportunities) and Consequences (Benefits and Losses) of a single event as illustrated.
Figure 11: Threats and Opportunities
Even terrible events such as car accidents can generate both positive outcomes. Accidents are good for repair businesses, new car salespeople, and demand for enhanced safety features.
Figure 12: Car Crash Example
Although useful as a visual metaphor or illustration of risk controls, we magnify the power of the BowTie method when used in a table. This level of analysis is only worth the effort for major projects or enterprise risk assessments.
In a table, the BowTie model moves the left to right ’Source to Consequence’ elements to a top-to-bottom format. Each part in the BowTie can then be linked to specific controls. This is best done by creating a separate list of controls because many controls relate to more than one escalation factor or barrier.
Figure 13: BowTie Diagram to Table
The following example highlights one approach in which a BowTie table might produce a comprehensive evaluation of a risk event.
Table 1: Example of a BowTie Table Structure
Table 2: Example of Structure of Blank BowTie Table
Table 3: Example of Structure of Blank BowTie Controls Table
BowTie Controls Example
The Controls shown in the table below are examples only and are cross-referenced in the Bow Tie Assessment Table.
It may be appropriate to document organizational Controls before establishing the BowTie table and again when the BowTie table is complete.
The inability to list an existing control that is proposed in the BowTie table highlights a gap in Control systems.
Not all Controls have a reference number.
Not all Controls are documented because some are cultural, social, or physical.
Controls that have a physical form (e.g., handrails) should have a specific documented reference such as a policy, procedure, or engineering specification.
Controls should have enough detail to be auditable, or some form of evidence produced.
If a Control exists but isn’t documented, you may need to create a controlled record such as a photograph, sworn statement, archived computer log, or cultural survey.
Table 4: Example of BowTie Controls Table
BowTie Table Example
This table is an example of how a complex analysis can be conducted for security-related events.
The BowTie in the example below relates to a security risk analysis but the same approach will work well for safety, environment, financial, project, enterprise risk management or any risk analysis.
Note: Reference numbers refer to controls from the above BowTie Table. Superscript text <Ref # xxx> refers to the control numbers listed in a separate Controls table.
Table 5: Example of Complex BowTie Table
How to Use BowTie Technique
Bow-Tie method can be used in a number of different ways including as the focus of a facilitated group workshop or for risk analysis. One of the best uses is to analyze, report, and communicate potential risks, actual incidents and near-misses.
In another article, I will talk about how it can be expanded for Root Cause Analysis (RCA).
This article is an excerpt from the a book a few of us are working on. If you would like to know more about the guide to the risk management body of knowledge or contribute to it, please subscribe to my occasional newsletters. I promise not to email too frequently.
The plan is to publish the guide as an ebook and hard copy in early 2020. To make it widely available and keep it current, I will also create a wiki or a similar process so that others can contribute to version 2.0 and access the material online.
If you have any suggestions or questions about this article let me know.