Bow Tie Analysis

Bowties - History

Early Stages

The exact starting point of the Bowtie Methodology has been lost in time but it is
believed that they were originally called “Butterfly diagrams” and evolved from the Cause
Consequence Diagram of the 1970s.

It is then thought that David Gill of ICI plc developed the methodology and called them
bowties in the late 70’s. It is generally accepted that the earliest mention of the bowtie
methodology appears in the ICI Hazan Course Notes 1979, presented by The University
of Queensland, Australia.

Early 1990's

The technique was given a huge boost in the early to mid 90’s when the Royal
Dutch/Shell Group developed the technique as a result of the Piper Alpha disaster. The
team started working with Shell in the late 90s to improve the quality and effectiveness
of the bowties being developed and allow the company to get the most out of the
technique.

Shell is acknowledged as the first major company to integrate the whole bowtie
methodology fully into its business practices but as the 1990's grew to an end the
approach became a standard method within many other companies.

The structured approach of the bowtie methodology was particularly popular in risk
analysis within safety cases where quantification is not possible or desirable.

Bowtie analysis can be used for assessing any type of risk, e.g. environmental, safety,
business, political, security, etc. and is currently used in a wide range of companies,
industries, countries and regulators.

The bowtie diagram provides a powerful graphical representation of the risk assessment
process which is readily understood by the ‘non-specialist’.

Page 1 of 5
What is a bowtie diagram?

The bowtie has become popular as a structured method to assess risk where a
qualitative approach may not be possible or desirable. The success of the diagram is
that it is simple and easy for the non- specialist to understand. The idea is a simple one
of combining the cause (fault tree) and the consequence (event tree). When the fault
tree is drawn on the left hand side and the event tree is drawn on the right hand side
with the hazard drawn as a "knot" in the middle the diagram looks a bit like a bowtie, as
shown.

bowties - The Process

A bowtie diagram can easily be created by defining the:

• Event to be prevented
• Threats that could cause the event to occur
• Consequences of the event occurring
• Controls to prevent the event occurring
• Controls to mitigate against the consequences

This is shown in the example below where we have a tiger escaping from a cage.

Page 2 of 5
The threats that will cause the
tiger to escape are identified and
listed to the left, i.e. it could
escape if the cage is not strong
enough or the gate is left open.
The consequences of the tiger
escaping have been identified and
displayed to the right, i.e. it could
maul/kill a member of the public or
could itself be killed.

The level of risk associated with each consequence can be assigned according to the
organization’s risk matrix and displayed on the diagram.

Now that the hazard has been defined, we can put threat controls in place which will
stop the hazard from occurring and consequence controls which will prevent the
outcome. (click on the image to see a larger version)

Controls can be linked to specific sections or procedures of the organization’s safety

management system, can have responsibilities and inspection frequency assigned, and
be ranked and colour coded for effectiveness. The diagram below represents a simple
bowtie diagram.

On each control there is the ability to identify:

Page 3 of 5
 • the task

• who is responsible for the task

• classify the control as appropriate

• Any documents that may be applicable

• How the task/control will be validated

The controls can be categorised by Basic Risk Factors (BRFs) / General Failure Types
(GFTs) as described by James Reason.

The control can also have "Threats to the Controls" (sometimes called escalation
factors) which weaken the effectiveness as shown below. Each threat to the control can
in turn have barriers to prevent the threat from occurring.

bowties - The Uses

The bowtie methodology can be used for any type of hazard analysis, from major
accidents, through occupational and environmental to business, IT and security risks.

Typical examples are:

Demonstrating control of Risks

The bowtie methodology is an effective way of demonstrating that an organization’s risks

are reduced to ALARP (As Low As Reasonably Practicable) without the over reliance on
qualitative risk assessments that has been apparent in the past. The bowtie
methodology is accepted by safety case regulators as a demonstration of ALARP.

Controls on the diagrams can be categorised by Safety Integrity Levels (SIL),

Effectiveness and other types of control that may be required.

Page 4 of 5
Communication and Training

As the bowtie is a graphical representation of the issue and is readily understood by a

wide audience it is commonly used in communication. Bowtie diagrams have been
printed out in anything from full colour A1 size posters to A5 pocket booklets as an aid in
communicating HSE issues. As bowtie diagrams are easy to understand, all members of
the workforce can participate in the process.

Organizational Improvements

It is possible to use bowties in conjunction with numerous techniques to identify the

branches which are weak. The use of BowTie allows ownership and critical tasks to be
given to controls ensuring that critical controls do not get over looked. In a similar way
BowTie also allows the controls to be categorised by Basic Risk Factors (BRFs) /
General Failure Types (GFTs) as described by James Reason and so linked into an
accident investigation.

Identifying Risks

Bowtie diagrams are an effective means of systematically identifying hazards, assessing

the controls and promoting discussion. The bowtie diagram graphically demonstrates
that controls are in place to reduce the risk to ALARP and document the HAZID results.

Maintaining a Risk Register

Bowtie diagrams provide a simple, easily understood and readily updated representation
of the hazards involved in an organization’s activities and the measures taken to control
the risk.

Page 5 of 5