Main Page

From CGE Barrier Based Risk Management Knowledge base

Welcome to the CGE Knowledge Base

The goal of the knowledge base is to share all information about barrier based risk management. In short,
barrier based risk management structures and unites all safety-related data on barriers, which creates the
possibility to make safety-related decisions based on all related data. The most used method within barrier
based risk management is the bowtie method, which is built around a bowtie diagram. The bowtie method
can be used across all industries but originates from the oil and gas industry.

Most popular topics:

Risk Management
◾ 3 questions

◾ Advanced barrier Management

◾ Risk assessment
◾ Barriers
◾ The history of bowtie
◾ The bowtie method
◾ Barrier effectiveness
◾ Barrier types
◾ Barrier families
◾ Chaining bowties
◾ Human error in bowtie
◾ Escalation factors
◾ HAZOP

◾ Risk monitoring and Risk review

◾ Barrier based auditing
◾ Incident analysis methods
◾ BSCAT
◾ Tripod Beta
◾ TOP-SET

Continue to the cge website > [1] (http://www.cgerisk.com)

Retrieved from "https://www.cgerisk.com/knowledgebase/index.php?title=Main_Page&oldid=305"

◾ This page was last modified on 24 July 2017, at 14:29.

◾ Copyright 2017 CGE Risk Management Solutions | All Rights Reserved
The bowtie method
From CGE Barrier Based Risk Management Knowledge base

A 'bowtie' is a diagram that visualizes the risk you are dealing with in just one, easy to understand the picture. The diagram is
shaped like a bow-tie, creating a clear differentiation between proactive and reactive risk management. The power of a
BowTieXP diagram is that it gives you an overview of multiple plausible scenarios, in a single picture. In short, it provides a
simple, visual explanation of a risk that would be much more difficult to explain otherwise.

go to El método bowtie for the spanish version of this page.

An example of a bowtie diagramm.

Contents
◾ 1
Hazard
◾ 2
Top event
◾ 3
Threats
◾ 4
Consequences
◾ 5
The picture so far
◾ 6
Barriers: controlling unwanted scenarios
◾ 6.1 Control and Recovery Barriers
◾ 7 Escalation factors & Escalation factor barriers

Hazard
The start of any bowtie is the 'hazard'. A hazard is something in, around or part of the organization which has the potential to
cause damage. Working with hazardous substances, driving a car or storing sensitive data are for instance hazardous aspects of
an organization while reading this article on your computer is not. The idea of a hazard is to find the things that are part of your
organization and could have a negative impact if control over that aspect is lost. They should be formulated as normal aspects
of the organization. The rest of the bowtie is devoted to how we keep that normal but hazardous aspect from turning into
something unwanted. The first step is always the hardest and this is also the case here. Normally, starting with for instance a
HAZID is a good way to get a long list of all possible hazards. Bowties are then done only for those hazards with a high
potential to cause extensive harm. Normally, 5 to 10 hazards is a good starting point.
Top event
Once the hazard is chosen, the next step is to define the 'top event. This is the moment when control is lost over the hazard.
There is no damage or negative impact yet, but it is imminent. This means that the top event is chosen just before events start
causing actual damage. The top event is a choice though, what is the exact moment that control is lost? This is to a large extent
a subjective and pragmatic choice. Often, the top event is reformulated after the rest of the bowtie is finished. Don’t worry too
much at the beginning about formulation. You can start with a generic 'loss of control' and revisit it a couple of times during the
bowtie process to sharpen the formulation.

Threats
'Threats' are whatever will cause your top event. There can be multiple threats. Try to avoid generic formulations like 'human
error', 'equipment failure' or 'weather conditions. What does a person actually do to cause the top event? Which piece of
equipment? What kind of weather or what does the weather impact? You can be too specific as well, but generally, people tend
to be too generic.
Consequences
'Consequences' are the result from the top event. There can be more than one consequence for every top event. As with the
threats, people tend to focus on generic categories instead of describing specific events. Try not to focus on injury/ fatality,
asset damage, environmental damage, reputation damage or financial damage. Those are broader categories of damage rather
than specific consequence event descriptions. Try to describe events like 'car roll over', 'oil spill into sea' or 'toxic cloud forms'.
Besides containing more specific information, you’re also helping yourself to think more specifically when coming up with
barriers. Think how you want to prevent 'environmental damage' versus 'oil spill into sea'. The second is an actual scenario
which makes it much easier to come up with specific barriers.

The picture so far

At this stage we have a clear understanding of the risk and what needs to be controlled. The hazard, top event, threats and
consequences give us an overview of everything we don’t want around a certain hazard. Every line through the bowtie
represents a different potential incident. Besides containing incident scenarios that might already have occurred, part of the
strength of the bowtie is that there is also room for scenarios which have not occurred yet. This makes it a very proactive
approach.

Barriers: controlling unwanted scenarios

Now that we have the unwanted scenarios, it’s time to look at how to control these scenarios as an organization. This is done
using 'barriers'.

Control and Recovery Barriers

Barriers in the bowtie appear on both sides of the top event. Barriers interrupt the scenario so that the threats do not result in a
loss of control (the top event) or do not escalate into an actual impact (the consequences).

There are different types of barriers, which are mainly a combination of human behavior and/or hardware/technology. Once the
barriers are identified, you have a basic understanding of how risks are managed. You can build on this basic barrier structure
further to deepen your understanding of where the weaknesses are. Barriers can be extended beside barrier types to include for
instance barrier effectiveness. This lets you assess how well a barrier performs. After that, you can look at the activities you
have to implement and maintain your barriers.
This essentially means mapping you Safety
Management System (SMS) on the barriers.
Also determining who is responsible for a
barrier and assessing the criticality of a barrier
are things you can do to increase your
understanding of the barriers.

Escalation factors &

Escalation factor barriers
Barriers are never perfect. Even the best
hardware barrier can fail. Given this fact, what
you need to know is why a barrier will fail. This
is done using the 'escalation factor'. Anything
Barriers with additional meta data
that will make a barrier fail can be described in
an escalation factor. For instance, a door that
opens and closes automatically using an electrical mechanism might fail if there’s a power failure.

Escalation factor with Escalation factor barrier

Warning: be careful with escalation factors. You do not describe all the potential failure modes. Only describe the real
weaknesses of your control framework and how you want to manage that.

The logical next step to manage escalation factors is to create barriers for you escalation factors, aptly named 'escalation factor
barriers'. In this case it could be a backup generator.

Continue to the cge website > [1] (http://www.cgerisk.com)

Retrieved from "https://www.cgerisk.com/knowledgebase/index.php?title=The_bowtie_method&oldid=325"

◾ This page was last modified on 24 July 2017, at 14:36.

◾ Copyright 2017 CGE Risk Management Solutions | All Rights Reserved