The bow tie risk management methodology is a diagrammatic illustration of the hazard, the undesirable event, the trigger events/threats and potential outcomes, and the risk controls put in place to minimise the risk.
Construction of a Bow Tie diagram involves asking a structured set of questions:
What is the hazard?
What happens when hazard control is lost?
What safety event (threat) could release the hazard?
What are the potential outcomes?
How can we avoid the undesired/hazardous event?
How can we recover if the event occurs? How can the potential outcome likelihood or consequence severity be limited?
How might controls fail? How could their effectiveness become undermined?
How do we make sure that controls do not fail?
Bow Tie Diagram
The Bow Tie methodology is an excellent way of visualising risk management and communicating the context of the controls (barriers and mitigations) put in place to manage risks.