Bow-Tie Diagram - Analysis and Proactivity in Risk Management
Daniel Burghelea, PMP, PMI-ACP, PMI-RMP
Risk & Project Management Trainer, Project Manager at ICEPRONAV ENGINEERING SRL
Bow Tie analysis is a lesser known tool among project managers and even among risk management practitioners. The tool is not mentioned in the PMBOK? Guide nor in The Standard for Risk Management, but it is referenced in the International Standard IEC 31010:2019. It provides substantial benefits in terms of understanding the causes and consequences of a risk in an intuitive way. The main benefits of this tool are:
There are a few elements that are important to mention:
A.???? Bow-Tie is not just a visual tool. It is a methodology that assists risk analysis within the project and/or organization. The methodology proposes a set of working steps, which use (as a visual basis) a diagram working from left to right, thus following the sequencing over time (from causes to effects).
B.???? The use of this methodology is aligned both with the process approach (up to PMBOK? Guide Sixth edition) and with the principles described in PMBOK? Guide seventh edition. By proactively addressing mechanisms to control causes and mitigate effects, the methodology aligns with the principle of Adaptability and Resilience, whereby the organisation and projects must be able to respond to changes that occur, absorb the impact suffered and recover quickly from setbacks or failures.
C.???? In contrast to the simplistic approach usually presented in risk analysis, the emphasis here is on the cumulative effect of several causes leading to the manifestation of an uncertain event. Furthermore, the analysis encourages several "layers" of control mechanisms to help identify the most effective cause control mechanisms. In the mirror, it is proposed to identify several effects, which in turn have mitigation mechanisms and contingency plans, for the situation where the initial plan has failed.
D.???? Even if we have multiple causes and multiple effects, it is easy to trace the induced Cause - Risk - Effect traceability. This methodology requires defining risks using the risk statement format.
The diagram began to be used consistently in the early 1980s, initially in the study of risks in the petrochemical, financial, aviation and engineering industries. All these industries are faced with the need to avoid serious effects by implementing cause control mechanisms.
领英推荐
Bow-Tie analysis involves a number of 6 steps, which start by sketching the diagram from the middle, where the uncertain event (risk) is drawn. Note that in some publications, you will find variants where above the event (risk) is mentioned a hazard, which can initiate the risk if a number of causes are cumulatively met.? In the second and third steps, the causes and consequences of the risk being studied are identified, and the next step is dedicated to the traceability of cause - risk - effect and the logical link between these elements. These steps support the idea that a risk can have several causes and effects and encourage a comprehensive identification of the causes and effects associated with the risk.
The next two steps emphasise the idea of pro-activity, of controlling the causes and effects of that risk. Control mechanisms are identified and then implemented only to the extent that they are effective, including in terms of the associated costs. Moreover, the control mechanisms to be put in place must be complemented by the identification of potential escalation factors. These escalating factors are the elements that can make a control mechanism not effective at all or not as efficient as expected.
The steps above give you just a very rough picture of what such an analysis entails. Note that this analysis does not work by itself. It brings together several techniques, in particular data collection, data analysis, interpersonal and team skills and data representation.
You may have already noticed common elements of this analysis with the methodology used in FMEA - Failure Mode and Effect Analysis. The common elements relate mainly to the multiple causes of risks, as well as the detectability of the manifestation of the causes, through various control elements. On the other hand, FMEA emphasises the parameters of occurrence and severity in order to prioritise the failure modes of a system or subsystem.
Going further on the idea of multiple causes, this methodology helps us to observe and control the cascading effect of different causes leading to a certain risk. Taking an actual example, the likelihood of the initial cause "lack of agreed acceptance criteria" can be decreased by control measures; even so, there may be escalating factors (e.g. "lack of communication of acceptance criteria to the new members of the project team"), that produce the occurrence of the event, if not controlled in turn. Imposing control measures for escalation factors is not only proactive, but also recognises that an uncertain event is usually caused by a combination of factors, not just one factor.
Finally, it is worth noting that the analysis lends itself very well to projects with high stakes/exposure to risk, as well as to strategic risks that arise at the organisational level. Any organisation will accept a degree of risk in its strategic initiatives in anticipation of a win. In this case, a risk management system is needed, designed to reduce the likelihood that the risks taken will actually materialise and to improve the company's ability to manage or limit risk events should they occur. Such a system would not prevent organisations from carrying out risky activities; on the contrary, it would enable companies to take on higher risk and higher reward businesses than competitors with less effective risk management.