skip to main content

Final Days of the GHS/HazCom Software Sale! Take advantage of these special offers. Learn More >

by Phil Molé

Welcome to the fifth and final installment of our “Bowtie Analysis Blog” series. Today, we’ll wrap the series by talking about how risk bowties enable a more active and holistic risk management framework that’s integrated with layers of protection analysis (LOPA) and critical controls verification.

It’s OK if you haven’t read our previous blogs in this series yet, but they’re good background for understanding what we’ll be talking about this time around. If you get to the end and realize you’d like to catch up on earlier installments, we’ve got you covered with an index of the previous posts.

Now then, let’s see how all the pieces of a comprehensive view of risk work together with risk bowties, and what benefits to our safety and our business result.

Register Types

Let’s start by talking about register types, which define master bowties and critical controls present in that type of register. They allow risk managers to link to a standardized set of bowties and critical controls. Managers responsible for multiple facilities can then present the facility managers with a list of critical controls and the control assurance program they’re expected to implement.

The advantages of register types really come into focus for risk managers who are responsible for multiple facilities. Let’s see how this works with a specific industry sector, in this case, explosives distribution. This is a high-risk business, with many facilities performing the same or very similar operations. It’s not a good strategy to  let each facility reinvent the wheel by developing its own risk register, or to develop individual risk registers on behalf of the facilities, because in both cases, we’re replicating work and creating opportunities for mistakes.

In a previous post, we shared how useful master bowties are for just this kind of scenario. Now imagine that you not only give your individual facilities the standardization that comes with master bowties, but also assure that all receive the same guidance on critical controls to implement. It takes chance out of the equation, which is not a bad shorthand description of what risk management is all about.

Base Controls

Base controls are another important element. These are standardized controls which are common across multiple risk events or risk registers. They can be used to standardize the practical risk reduction you get from a type of control (e.g. pressure safety valves) in a bowtie or LOPA study. Risk managers can use them to build a consistent library of controls for developing your safety case.

Here’s how you can streamline risk management through base controls. Suppose you’re responsible for several different facilities that have similar operations, and you want to figure out a measure of training effectiveness that has the right amount of “granularity.” Some of your facilities may have training objectives that are too strict, while others may have some that are too low. Others may have objectives that lack the right amount of specificity, such as objectives that employees will, “understand the hazards of chemicals they work with,” which while technically correct, don’t really help you know whether you’ve met the objectives. How do you know that employees have understood the hazards?

This example helps us see two main advantages of using base controls:

  • Ensuring that controls are structured for maximum effectiveness. You can structure your base controls to sharpen their effectiveness, honing in on what matters most. You can also ensure that you’re putting thought into structuring the controls for all your facilities in a way that allows you to confirm that they’re actually working. Thus, there’s a direct connection between base controls and critical controls verification.
  • Harmonizing and reducing the overall number of controls. Having a smaller set of harmonized controls makes it easier for you to track the effectiveness of controls. You’ve reduced variability from one facility to another, so you know you’re comparing “apples to apples” and measuring real trends. The smaller number of base controls also means reducing unnecessary work, tracking a larger number that brings no additional management insight. And when an ad-hoc or non-standard (non-base) control does appear within the context of a specific facility/operation/or risk, you can be more confident about predicting how it would impact a similar risk/facility within your organization.

Critical Controls Verification

Setting up your base controls builds them into your existing risk data. From there, you’re better prepared to verify the effectiveness of your controls—a crucial step in risk management, as we’ve previously blogged about.

Critical controls verification capabilities within software like the Risk Management solution from VelocityEHS give you the accessibility you need to view all your controls throughout your operations. You’ll also be able to confirm that controls were installed as planned and that they are effective at delivering the expected level of risk reduction.

Taking the time to configure these factors during risk analysis sets the framework for greater efficiency down the track. If done correctly, you can automatically generate inspection or audit tools that target your critical controls or major accident events. Setting up base controls also reduces the complexity of bowtie diagrams, by reducing the number of seemingly unique risk controls in play. They can also be used to tag your critical controls in preparation for an assurance program.

Escalation Factors

Escalation factors are another aspect of controls that risk bowties can help you visualize clearly and manage easily. Simply put, escalation factors are conditions that lead to increased risk by defeating or reducing the effectiveness of controls.

For example, let’s say you have a risk control with a baseline effectiveness of 0.99, or 99%. You identify a factor, let’s say missing the scheduled maintenance date for a control, that reduces the effectiveness of that control by an average of 30%. Therefore, the control effectiveness when accounting for the escalation factor is only (100%-30%) = 70% of what it would have been otherwise, so the modified effectiveness is (0.99*.7) = 69.3%.

You can add escalation factors to our bowties to get more realistic views of risk, and help employees understand that mitigating the escalating factors is essential to improving the effectiveness of controls. This is especially useful for abnormal or nonroutine operations where controls can be bypassed or made less effective, especially because such operations account for a very large amount of major accidents across multiple industries.

Layers of Protection

We’ve touched on Layers of Protection Analysis (LOPA) analysis earlier in this blog series, and pointed out that it is a specialized usage of Event Tree analysis.  Risk managers sometimes use this methodology to assess the effectiveness of a combination of controls— as a kind of  “lines of defense” model— to avoid serious loss. It helps us identify the operations and processes lacking adequate controls, so we can determine how to improve our controls to reduce risks to tolerable levels.

A common obstacle to wider adoption of LOPA is the lack of easy tools with which to build these types of risk models. Even if you know your general industry sector risks and specific facility risks well, you may be missing the ability to translate that knowledge into useable models for analysis. This is where having a single platform for bowties, LOPA, and quantitative risk assessment is a real advantage. A key benefit here is the ability to pick the right style of model for the job, without needing to start over. It’s even better to have a common library of causes, risk controls, consequences, and other factors being drawn from all our models in one place.

Modern software, like Risk Management from VelocityEHS that includes risk bowties alongside other risk tools, allows you to have a common library of causes, risk controls, consequences, and other factors for all our risk analysis and modelling. This in turn benefits businesses that would potentially need to use more than one type of model to manage all their risks. For example, a mineral mining business might need to use bowtie risk assessments for the safety of workers at the mine, but then use LOPA to analyze risks at the refining plant that uses toxic chemicals.

Modeling Resilience

The model of risk management you’re getting by combining risk bowties with LOPA, risk registers and critical controls verification not only gives us a common grounding for several complementary risk assessment methodologies, but also gives us greater agility, and more confidence about the continuity of our business. It provides a more holistic model. Risk bowties help us visualize your risk pathways and ensure a common understanding of risks and associated controls. And because capabilities to perform LOPA concentrate on defense in-depth, they help you understand how well the business can “absorb” and “bounce back” from threats. Each control represents a point of elasticity at which a disruption can be slowed, reduced, or stopped.

This ability to model and mold your resilience has huge implications for your business. It informs your emergency planning and gives you an active role in planning for business continuity. Studies have shown that most facilities that don’t come back online after a major accident lacked a continuity plan. Therefore, by giving yourself the right Risk Management tools, you improve your approach to business continuity and help ensure the future of your business, and the confidence of investors and stakeholders in the future of your business.

The Big Picture

Since we’re nearing the end of this post, as well as the end of our “Bowtie Analysis Blog” series, it’s a good time to step back and look at the big picture of how risk bowties help you:

  1. Bowties help visualize risk.
  2. Risk bowties make it easy to train you workers.
  3. Risk bowties combine info from many different assessments.
  4. When used in conjunction with risk registers, master bowties and base controls, risk bowties help streamline and standardize approaches to risk management across multiple facilities.
  5. Using risk bowties as part of a comprehensive risk management approach helps build and understand resilience, making it more likely that you can maintain business continuity if major accident or “loss of control” event should happen.

By using risk bowties alongside other risk management methods, you get the tools you need to accurately assess risks of all of your operations, keep your workers well-informed about risk, and be able to adapt our approaches when needed. And you build better engagement with your workers by sharing responsibility for safety, and given them a safer and more productive workplace.

Additional Resources

Check out our webinar on chemical accidents to learn more about common risk management failings identified in major chemical facility accidents, and how the kind of mature risk management capabilities we’re talking about here can help prevent incidents like them. The webinar is now available on-demand. You can watch whole presentation at the link below.

Major Chemical Safety Incidents – A Review of Common Causes

Looking for more information about how to improve your risk management? Download our risk bowties infographic to learn how risk bowties can help you develop and share an accurate view of risk pathways with your workers:

 Risk Bowties: A Tool for Risk Management and Training

And, if you’d like a really deep dive into risk management, register for our upcoming 8-hour, 2-day training course:

Introduction to Bowtie Analysis: An 8-Hour Virtual Training Course

And, as promised earlier, here’s an index to the previous installments of our “Bowtie Analysis Blog” series:

Post #1: Read about the ways that risk bowties can help us keep your workers trained about risk pathways and controls, and why you can create them more easily than we might think.

Post #2: Here’s where we talk about the ability of risk bowties to synthesize data from many different types of risk assessments into a single, intuitive view of risk, and to overcome the limitations of tabular risk data.

Post #3: This post provides a high-level discussion of the ways that risk bowties simplify your ability to manage and verify the effectiveness of our risk controls.

Post #4: Learn how master bowties simplify your ability to manage risks across multiple facilities.

We’re always adding more content to our blog and our Resources page, so be sure to check back often!

Let VelocityEHS Help

Our customers consistently report that our bowtie analysis capabilities have helped them achieve dramatic improvements to workplace productivity, knowledge sharing and risk management program performance.

Bowtie analysis is just one of many tools within our Risk Management solution, which also includes risk registers, qualitative and quantitative risk analysis, layers of protection analysis (LOPA), critical controls verification and much more!

Ready to see more? Visit our Risk Management page to request a demo with one of our customer solutions consultants today!