How does bowtie help you comply with regulations?

^{Figure 1: An example of the bowtie framework, click here for full image}

Besides that, bowtie is not only a methodologically exhaustive framework to connect your compliance standards to, it is also a good way of letting compliance land within and across different departments. The figure below shows an example of how the bowtie framework could help you determine coverage and maturity of compliance objectives.

Since bowtie is a popular and communicative means for risk management, adhering to standards is easier to broadly imbed withing the organization. This is how complying to regulations will not only become a ‘check-box exercise’, but rather has a genuine chance for fruition and maturity.

Barrier-based compliance

The practical implications of using the bowtie model as a framework, lie in the fact that it is a barrier-based methodology. Realistic contexts and scenarios are being mapped out in bowties, on which the actual barriers or controls that should provide control over your risks, reside where they should have an effect. Assessing whether these barriers cover certain objectives from your compliance standards, enables you to engage in a barrier-based compliance approach.

When engaging in a barrier-based risk management approach, you will be in control to understand what can go wrong and what kind of measures you have in place to prevent this from going wrong. Actively assessing how these measures are performing by connecting regulations or standards to your bowtie barriers, will uptake your barrier management to an advanced level, since you will have more assurance data to verify these barriers are working effectively. The image below shows an example of how the bowtie framework can be used to display assurance data.

Setting this barrier-centered Plan-Do-Check-Act (or Deming) cycle in motion will create a win-win situation for your organization:

1) you know what controls are protecting your operations,
2) you experience how they’re functioning on a day-to-day business
3) you’re actively assessing if this performance is meeting your standards
4) you’re adjusting your process if anything is out of acceptable boundaries

Consider digitalization

Since it is an enormous manual exercise to create audit or compliance frameworks from scratch, have you ever considered using our software solutions to achieve this otherwise? Our way of working in using bowties to base your compliance on, is endorsed by several regulators in multiple industries. See our past years blog on reasons to adopt the bowtie methodology for further reading on implementing compliance frameworks within bowties.

© CGE Risk. 2021 – The copyright of the content of this blog belongs to CGE Risk Management Solutions B.V.