Getting the best of both worlds: bowtie analysis, risk analytics and business intelligence
Every business that deals with principal hazards, major accident events or critical risks needs to have access to risk analytics. Each site or operating area will have a hazard register, and the risk management team need to be able to review how these hazards link up with business-wide major hazards. This allows the business to monitor risk exposure levels and improve the performance of critical controls.
This can become challenging when using a more detailed risk assessment method such as bowtie risk assessments or layers of protection analysis. These kinds of diagrammatic assessments are great for analysing individual scenarios, but often create complexity that gets in the way of good risk analytics and business intelligence.
There are ways to get the best of both worlds: risk assessments based on bowtie analysis, but with the ability to review trends, control performance and risk analytics broadly.
Building the linkages inside the bowtie
Getting the best of both worlds depends on marking out the right data points to make analytics possible. In plain English, we need to mark out the ground ahead of time.
Within a bowtie or layers of protection analysis (LOPA) diagram, there are many data points present. The qualitative risk rating or quantitative risk score is one of the most important. There are also others that we need to consider, including:
- The date stamp of the risk assessment or latest risk review
- The meta-event that the bowtie is linked to (e.g. Principal Hazard, Major Accident Event, etc.)
- The types of cause and consequence that are present in the scenario
Staking out these data points will allow us to analyse data across scenarios. This will include:
- The changes in risk profile over time (as individual risk assessments or aggregated risk scores for a site or operating area)
- The risk exposure of particular Principal Hazards or MAEs, and the changes in risk levels over time
- The contribution of particular types of cause or consequence to risk exposure, and how these change over time
In a platform like Meercat RiskView, marking out these linkages makes the broader data analysis possible. Most bowtie diagramming platforms focus on creating a diagram file that includes all the interactions (much like a canvas). With RiskView, we’re actually creating a database hidden behind the diagram which can then be combined with other data to tell us about our broader risk exposure.
So in RiskView we use the in-built features to stake out our data points as follows:
1. The date stamp of the risk assessment or latest risk review is automatically set. We can document individual risk reviews in the bowtie/LOPA properties for greater accuracy.
2. Principal Hazards, Major Accident Events and Critical Risks can all be defined and mapped within RiskView. We then simply link each bowtie/LOPA to the appropriate MAE so that RiskView can track the data.
3. Different types of cause or consequence can be defined as part of the risk assessment process. Causes can be linked to Cause Groups. Consequences are linked the Consequence Category that best fits them.
In our example bowtie diagram below, all the above data points have been set up. The Principal Hazard (traffic collision) is linked and displayed on the top event. Our causes are categorised according to cause groups, and consequences are assigned to the appropriate category.
How the risk analytics look
Having staked out the ground in our bowtie risk assessments or LOPA diagrams, we’ll immediately be able to review our risk exposure using the RiskView dashlets. The changes to our risk exposure and control performance over time will be displayed once we start reviewing our risk assessments and completing control verification audits.
What we’ll see is this kind of risk analytics:
1. Our risk exposure across our entire database of bowties can be displayed in a few different ways. It is immediately helpful to be able to view our top 10 highest-risk scenarios, which is based on the risk scores of all our bowties.
We can also review our changing risk exposure over time. This can be done with a comparison of all bowties within a register, or as a comparison across registers. We can click on any entry in the report to drill down to look at the bowtie itself.
2. Our risk exposure by Principal Hazards or MAEs can be presented in a simple bar chart. The dashlet will display either the operating site we have selected, or the sum results for all our operating sites (within a certain region) combined. The screenshot below shows Principal Hazards ranked according to their total current risk contribution.
This data can be reviewed at the individual register level, or at a parent register level to review the risk exposure across the business.
3. The contribution of causes and consequences to our risk exposure can be reviewed from the dashboard as well. The risk analytics for our cause groups looks like the below:
We can review the consequence contribution to our risk exposure as a simple chart like the one below.
In the upcoming 7.9 release, we will also be able to filter other dashlets (like the ones above) to view the risk exposure of different consequence types separately. This would support risk analytics such as risk exposure across a register within a particular category of consequence, or the highest risk scenarios for a that type of consequence.
These kinds of analytics can be applied to any size business, whether the register included 2 bowties or 200 bowties. As long as we map out the data points that we want to be reporting on, RiskView can do the back-end data processing to make risk analytics possible. This is how we can obtain digestible analysis on the dashboard without sacrificing the level of detail in our bowties or LOPA. The best of both worlds!