The illusory Bow Tie

The illusory Bow Tie. This article tells the story of some of my learning in the last 2-3 years of reviewing a range of bow tie material risk, critical risk and safety risk presentations for a number of organisations.

The pitfalls of using bow tie for something that it is not and the hybrid bow tie presentations in excel all come under scrutiny.............. read on.

I have been lucky to have branched into a new area of specialization due to the oil and gas slow down- conducting studies or reviews of Bow tie risk presentations in a range of applications such a rail operations, mining, minerals processing, oil and gas, shipping, drilling/associated operations and finally Industrial fired appliance designs and fuel systems design.

What have I learned? Well, quite few things.

Firstly the bow tie is a visual representation of a form of FMEA (Failure modes and effects analysis).

The role of a bow tie in my opinion is to express in a picture what is too complex to be explained in words to most people.

The bow tie is a three dimensional model that identifies causes, preventive controls, preventive controls assurance, the event to be avoided, the controls to mitigate the event, mitigating controls assurance and finally the range of consequences that may occur depending on how many of the mitigating controls work.

It can be seen that there is a certain logic that must be followed to arrive at a consistent answer.

I have seen all manner of answers for a number of reasons.

1. The cause definition: Accurately defining the cause allows logical selection of controls. Many causes I have seen are defined as "failure of" - a subset of controls failure or the failure of assurance. The logic of the bow tie is to show the control, not it's failure, the control of the failure is shown by assurance activities. The logic of the presentation is lost throughout the bow tie from that point. An example in fire or explosion risk is that the only causes can be the limbs of the fire triangle - there are no others. Yet I regularly encounter "failure of scanners", "incorrect logic in BMS programming" etc as causes. Each risk area has it own "fire triangle" - the challenge is to find it.
2. The consequence definition: Many of the causes yield various potentials for harm, either in safety, damage, environmental emissions, political or otherwise, yet there is a tendency to have the bow tie team go through the exercise without filtering the benign from the serious (or indeed the impossible). I have added a new tab in the excel versions I review called "basis of cause" where scientific examination of the respective "fire triangle" consequences are assessed and documented for likelihood and damage potential. This then allows ranking to occur during the process.
3. The controls definition: The control has to define how it takes out one of the limbs of the "fire triangle", if that can't be clearly shown it isn't a control.
4. Controls assurance depiction: The problem with excel spreadsheet bow ties is that they are 2D whereas XP Bow tie is 3D (That's why I have a XP Bow tie licence, to sense check the logic of the bow ties I review). On an excel spreadsheet bow tie the user has to trace causes downwards to preventive controls, upwards and inwards to events, sideways to consequences, downwards to mitigating controls and then find tabs of the grouped controls on different pages under "preventive" and "mitigating" control groups for assurance identification. A very long winded and illogical exercise due the absence of the visibility of the controls assurance dimension available with XP Bow Tie.
5. The absence of mitigation: Whilst most corporate groups mandate that the top consequences must be quantified for "Safety", "Environment", "Social impact", Collateral damage", "Political", "Licence to operate" and many more. Following that detailed (and often manufactured) analysis there is regularly no (or just one) mitigating control nominated. I have sold the idea of doing 2 things to my clients in mitigation, the first is to take credit for on-site infrastructure and organisations that deal with emergencies and secondly revised, drilled, tired and tested business continuity planning formalizes all your efforts to get emergencies swiftly under control and the mechanisms to get back to work minimize non-productive losses which significantly reduce consequences.
6. Misunderstanding legal risk: Many bow ties I have see contain ALARP/SFAIRP phrases where the complete presentation is given to a "risk owner" by the presenter and "controls owners" who end the annual process by signing off that everything is ALARP/SFAIRP. This couldn't be farther from the truth. ALARP/SAFIRP will be determined in court, this presentation type process also denies the control owner legal defence by documenting that they relied on others to identify and monitor the nature of their organisational risks rather that to go out and find our or seek assurance for themselves.
7. Review: The organisations I have helped have reported that they are benefiting from the "ALARP" - style review process I have developed for them which tests the controls assurance and management action aspect of the bow tie severely. Dusting off the bow tie once a year is not a good thing to do as most people have forgotten what is in it and the work to accurately define why we have certain controls and not others is a key message for the organisation. The bow tie is an educational tool that is best used to show staff how serious potential events are controlled and to explain to those involved what is expected of them.

In conclusion, the bow tie is a wonderful tool to map how serious events are controlled in an organisation. it must follow a logical reasoned path to provide appropriate information and accurately define what can bite you and what you don't need to bother about as much, who needs to do what and when.

It can be used as an assurance tool but I don't believe it can be used as a control system for your risks or that it can be signed off as a determinant of your legal ALARP/SFAIRP status.

I believe I have added greatest value in recent times by mentoring review teams to manage the logic of the information documented in support of the argument ultimately presented. As with most formula based processes, controlling he data going in improves the quality of the answers provided by the process.