Man works at desktop
Compliance ESG25 April, 2019|UpdatedFebruary 17, 2022

ISO 31000 blog series – Risk analysis

In our previous blogs, we talked about risk identification. Walking through this process, you end up with a large list of potential incidents scenarios, in other words: a risk register.

A question we often get is: “Do we need to make a bowtie for every risk identified?” Well, the answer is no. ISO 31000 recommends taking the high-risk scenarios from the risk register, i.e. major hazards or occupational hazards. If you don’t know where to start or if there are still a lot of high risks; make a top 10.

There are many methodologies you can use in the risk analysis phase of ISO31000. In this blog, we will show you how to get it done with the bowtie method. Please note that bowtie risk analysis is a qualitative method but can also be used as semi-quantitative (e.g. Bowtie adapted LOPA).

Bowtie risk analysis in 8 steps

Once you have a list of high risks, you can start your bowtie risk analysis. Creating the basis of the bowtie consists of 6 steps, sometimes you need a step 7 and 8.

1 – Define the hazard
The hazard is “something that is dangerous and likely to cause damage” (Cambridge University Press, 2019). In the hazard, you describe the activity that the organization is doing but has the potential to cause harm. So, this is a neutral thing, like flying an aircraft from A to B or storing chemicals in a closed tank.

2 – Define the top event
The top event is the center knot of the bowties and defines the moment we lose control over the hazard. It is not the major accident yet, but one step before the accident occurs. Examples are: loss of control, loss of separation, or loss of containment.

3 – Define the consequences
The consequences are the incidents and accidents we want to prevent. Usually, these are already defined in risk identification. Sometimes, the consequences are the easiest to define because we all know what we want to prevent, based on incidents that have happened in the past.

4 – Define the threats
Threats are the causes of the top event. Threats should directly and independently lead to the top event. Be aware that threats are not barrier failures.

5 – Preventative barriers
Preventative barriers are the barriers on the left side of the bowties. These barriers make sure the threat does not lead to the top event.

6 – Recovery barriers
Recovery barriers are located on the right side of the top event and take their effect once control over the hazard is lost. The recovery barriers make sure we do not have an accident and recover as fast as possible to normal operations.

Please note that you do not have to do this step by step. Sometimes you get stuck when you are defining the consequences or the threats, and you come to the conclusion that you need to redefine the hazard and top event. This is normal in the process of creating bowties.

Sometimes you need a step 7 and 8. These are the Escalation Factors and Escalation Factor barriers. Escalation factors degrade the effectiveness of the barrier. For example, if we have a seatbelt in the car as a barrier, an escalation factor could be ‘refusing or forgetting to wear the seatbelt’. Of course, we want to prevent this and therefore we add escalation factor barriers. In the seatbelt example, this could be a seatbelt alarm.

Factors to consider when creating your bowtie risk analysis

According to the ISO31000 guideline, you should consider multiple factors during the risk analysis phase. In our next blog post about risk evaluation, we will go deeper into that.

Back To Top