Bowtie risk visualization and Critical Control Effectiveness monitoring work hand-in-hand. Unlike traditional risk evaluation tools, the bowtie method makes the direct link between risk, controls and the management system to implement these.
Risk and critical control effectiveness
The Critical Control Effectiveness Monitoring (CCEM) process is based on a comprehensive baseline risk assessment conducted across the site to identify ‘Priority Unwanted Events’, or events that could lead to multiple fatalities.
Once you have identified the controls necessary to manage Priority Unwanted Events, you need to assess their effectiveness through comprehensive risk assessment exercises. Best practice for accomplishing this is to make use of bowtie risk analysis. Once you have identified the critical controls, you can implement processes for monitoring their effectiveness. These processes require ongoing, visible reporting and accountability.
The following tasks flow from a single identified critical control:
- Creating actions plans to ensure the control is implemented and effective. These are tracked through to completion
- Scheduling, tracking and actioning control self-assessments on an ongoing basis
- Scheduling, tracking and actioning specific checks (inspections)
- Encouraging that specific behaviors be checked and reinforced (BBS or VFL)
- Measuring, tracking and actioning Key Performance Indicators (data from multiple sources such SCADA, smart meters, drones, GIS, or a spatial information platform)
- Reviewing and communicating procedures
- Recording incidents, near hits, non-conformances, and investigating and actioning
- Conducting audits and tracking findings.
All of this can be managed within risk management software, but without a clear, diagrammatic representation of the risk, it can become difficult to manage effectively.
The bowtie diagram concept
The Bowtie Risk Analysis Method is a simple, cause-and-effect analysis that helps to visualize the multidimensional characteristics of a risk event. The bowtie demonstrates the relationships between causes of unwanted events, the escalation of these events, the controls that prevent the event from occurring, and the measures in place to limit the impact of the event, should it occur.
Bowtie diagrams help distill complex risk scenarios into simple visualizations of risk that would otherwise be more difficult to explain. This method is a useful way of visualizing and communicating the effectiveness of the implemented risk treatment methods. The concept is elegant in its simplicity, and useful because it is widely understood by each individual involved in the critical control effectiveness monitoring process.
Bowties are particularly useful to analyze specific risks – such as non-routine activities and particularly problematic areas – to provide reassurance that everything that can be reasonably done to reduce and manage the risk has been actioned. Bowtie analyses are best suited to analyzing and determining the most critical controls.
Limitations of bowtie risk assessment
Bowties are not a magic potion for all risk management problems. If you want to quantify your level of risk in absolute terms then the bowtie method will not help directly. If you want to model complex inter-relationships between your risk controls, there are better ways than using bowties. Similarly, if you want to identify individual safeguards for every line of every section of every unit of your process facility, other solutions may be better suited. Bowtie risk visualization is particularly well suited to obtaining insights about critical controls in a way that is easy to understand and easy to communicate.
From static to live
In its simplest, graphical form, the diagram can be understood by personnel at all levels of an organization, including those who are not connected with the day-to-day business operations. The bowtie lends itself to being displayed on posters to highlight key risk control issues. However, this static representation of risk does not give an indication of the real-time likelihood of the risks occurring.
The bowtie can become a living document, showing the current state of all critical controls at any point in time, by linking performance information to individual bowties and individual critical controls, because they exist in real or near-real time within risk management software.
Bowtie in IsoMetrix
While your risk management software allows you to identify and assess controls, it is not necessarily visual, and this is where bowtie risk visualization comes in. In most cases, however, the causes and consequences disappear off the page, creating a cumbersome diagram that is difficult to work with.
IsoMetrix allows you to build the entire bowtie visually within the software. As related risk modules are populated, the information is fed through into the bowtie. This allows you to, at any time, double-click onto a control to view all the related information. In this way, the bowtie remains relevant because the system creates a live, connected bowtie. It is easy to view the actions coming out of this bowtie, and assess whether those actions are in place and are being managed.
If there are incidents that relate to a control on this bowtie, they are immediately visible, and if you click on the control, you can view the incidents related to that control. The related information is available because the bowtie remains live and fully connected to all the other components in your management system.
Visualizing risk allows it to be better controlled. IsoMetrix has embraced the bowtie methodology as part of our efforts to help our customers to reduce risk, minimize injury and save lives.