Bowtie forms the basis of barrier based EHS risk management
Organizations have various specific reasons to adopt the bowtie method. It is generally accepted that risk control and regulatory compliance are the main reasons for using bowtie in EHS risk management. In the first blog of this series, we discussed the use of bowtie in regulatory compliance. In the second blog, we introduced the initial risk-related intentions of bowtie users and their expectations in respect of the functions of bowties in risk control.
In this blog, we would like to wrap up the reasons for adopting bowtie within a structure of EHS risk management and see how to use the bowtie model to facilitate risk management functions.
The Structure of EHS (Risk) Management – Two Systems
In an organization, the EHS management system should have two distinct functional constituent parts: a risk control system and a learning system (see figure 1). Although organizations may name them differently, the EHS management systems commonly contain these two functions. By using the bowtie method and applying barrier thinking, these two systems function systematically.
With the facilitation of CGE Risk, end-users are enabled to conduct this EHS barrier based risk management structure effectively. As the bowtie model can display critical information of this EHS management system, all specific reasons for bowtie applications are based on this framework.
Figure 1 – Example of an EHS risk management system, adapted from Andrew Hale and Yuling Li
The risk control system
Below we will elaborate on the different parts of this system and see what role bowtie plays in them.
1 – Business process – Define project scope
In an organization, there are various primary business processes, which determine the scope of bowtie projects. For example, the scope of a new chemical plant from scratch is different to the same scale chemical plant that ran for many years, because the major risks in operations are diverse. The former needs to identify and control risk in the construction process; the latter focuses on the operational risks of the chemical plant process.
The first step also determines the goals of risk management. If this is in a high-risk industry, safety, health, and environment are probably the main management goals. If this is a process of product manufacturing, the risk control in product quality should be considered. Therefore, the business process determines the boundaries of your bowtie project.
Although CGE Risk’s software solutions do not cover the definition of risk located processes, this is a primary step for any type of bowtie project. You can simply display this context information in BowTieXP.
2 – Risk inventory and analysis – Create bowties and register risks
Based on the above, you identify the risks and analyze them. As we explained in the previous blog, risk analyses can be done by a variety of techniques. However, only by the bowtie model, can we visualize the risk scenarios and add relevant risk information in one diagram. This enables easy risk communication across a big organization.
In order to create a pragmatic risk inventory, an organization needs to register risks and accumulate bowtie analyses. Some experienced organizations may have already prepared a risk inventory. With bowties, you can analyze these risks and continually monitor the controls. When a risk is not critical anymore, the feedback will continuously improve the risk inventory. By using our product portfolio, you can create, store, analyze and update a selection of bowties with reference information.
3 – Barriers and Controls – Identify the risk controls (barriers)
Barriers are developed to control business risk in the process. These barriers are intrinsic in some circumstances. If the risk level is unacceptable or can’t meet the requirement of the business risk, additional or improved barriers are required in the scenarios. In the previous blog, we showed that one of the main reasons to use bowtie, is the ability to visualize risk controls in scenarios. In this way, a bowtie can display how barriers control risks and facilitate risk-informed decision-making.
Plenty of data can be assigned to barriers and displayed on the bowtie diagram. This advantage is distinct in risk management compared to traditional spreadsheets. With this data, any further study around barriers is both flexible and convenient. You can create, store, analyze, monitor and manage barriers within this EHS risk management framework.
4 – Management systems – Implement the management activities on barriers
Management activities are implemented to ensure the functions of barriers for EHS management. Traditionally, some organizations are using paper-based documents to record the process of activities. It generates excessive amounts of administrative work and requires a high level of competence to deliver all flawlessly. With our product portfolio, you can digitalize the management activities and link them to particular barriers and store the reference information. Thus, it’s easy to repeat the delivery of any activity and provide records for reviewing them.
The learning system
Below we will elaborate on the different parts of this system and see how bowties come to play.
5 – Inspection and monitoring – Check barrier performance
Organizations are always required to inspect and monitor the performance of risk controls in order to achieve the internal and external goals on EHS aspects. There’s an increasing need for real-time performance information. Digitalizing all monitoring and inspection indicators and providing the actual information in time, is the solution for efficient EHS management. The CGE Risk product suite offers a platform for learning from barrier inspection and monitoring.
6 – Audit and management review – check and review management performance
EHS management needs to be audited and reviewed for continuous improvement. Management reviews and audits ensure that activities are implemented and functioning well. From the perspectives of external parties or authorities, organizational management activities do not only ensure their risk controls and operations but also provide feedback to the authorities’ rules and procedures. CGE Risk solutions take advantage of barrier thinking and highlights the evidence of performing risk controls, which benefit the compliance audit as well. In the first blog of this series, we introduced examples of using CGE solutions to achieve regulatory compliance.
7 – Incident Registration and Analysis – learning from incidents
In the interaction of the normal primary process and controls, something can go wrong. It may be the failure of either the primary operation or the barrier. Organizations need to register incidents and analyze them. Incident analysis requires incident analysis methods and tools which are not always related to bowties. However, the unwanted event chains and the ineffectiveness of barriers can be displayed in bowtie models. Thus, the visualization of bowtie creates efficient learning from incidents with registration data. The Bowtie model summarizes incident scenarios as it can display collective information of scenarios. With our bowtie based solutions, incident analyses can automatically be registered in bowties.
In general, a continuous improvement cycle is always integrated into the generic EHS management framework. The risk control system (Figure 1) which adopted the bowtie method has its loop for continuous improvement. It also shows the primary reasons for adopting the bowtie method. Even though the learning system normally is not the initial reason, the learning system collects feedback for the risk control system. Therefore, based on bowties, the CGE portfolio supports the continual improvement of EHS management.
This blog introduced the structure of an EHS risk management system, and also the general functions that the CGE portfolio can achieve. Many end users have particular reasons for adopting the bowtie method, especially because of risk visualization and communication. The advantage of using a bowtie is far greater than a specific function in risk management. Bowtie forms the basis of barrier based EHS risk management and structures the functional modules holistically as is shown in figure 1. This structure offers the common risk language, risk management mindset, a set of digitalized tools and advises you on the approach how to apply them in the EHS management.
Curious about the features of our software that enable you to conduct every step of the EHS risk framework? Send an email to firstname.lastname@example.org.