The CMO Survey - Highlights and Insights Report - Spring 2024
Operational Safety & Risk Management Based on Bow Tie Methodology (39
1. Operational Safety & Risk
management
Based on Bow Tie methodology
Arthur Groot
04 februari 2014
2. What is risk management?
Four elements in risk management:
Risk Treatment
Avoidance
Optimization
Transfer
Retention
Risk Acceptance
2
Risk Analysis
Source Identification
Risk Estimation
Risk Communication
04 februari 2014
4. Why Bow Tie?
Visual overview
Clear and understandable diagram
Makes communication easy
4
The full picture
Extra focus on recovery, consequences
04 februari 2014
5. History of the BowTie
Possibly evolved from CauseConsequence-Diagrams of the 70’s
Assessing Hazards and Operational
Risks
Piper Alpha incident 1988
5
“Butterfly diagrams”
The Royal Dutch / Shell Group 90’s
04 februari 2014
7.
IADC HSE Case Guidelines
Demonstrate Internal Assurance
Meet Stakeholders Expectations
04 februari 2014
Global Leadership for the Drilling Industry
10. Why qualitative risk management?
Multi causality in previous incidents
Involvement of the workforce
10
Complexity of the world
Most often the world is too complex to accurately quantify
04 februari 2014
11. Quantitative vs Qualitative
Quantification works best in static or linear environments
where the number of outcomes is finite or known
Qualification works best in dynamic or non-linear
environments (e.g. human factors present) where the
number of outcomes is infinite or uncertain
11
04 februari 2014
12. Quantitative vs. Qualitative
12
QRA and BowTie method are complementary to each other
Bowtie is in principle a qualitative method
Barrier effectiveness
Risk assessment
Acceptance criteria
But also when to stop
Threats
Consequences
Escalation factors
04 februari 2014
17. The BowTie can be applied to any kind of risk!
17
Oil spill of explosive and toxic substance inside the process
plant
Tank rupture
Confined space entry with internal hazards, fall protection,
silica, falling brick hazards
Falling ice from high structure
Slip, trip and fall on ice
Welding/cutting hot work, ignition prevention
Oil spill to soil
Working with chemicals
Working near/with cranes
Working in open trenches
Fire pumps impaired
Etc.
04 februari 2014
18. Applying risk graph/matrix into the Bow Tie
Residual risk = likelihood x severity
Likelihood = sum of the independent
causes (taking into account
only the proactive controls)
Severity incl. reactive controls
Likelihood
severity
Consequence
18
04 februari 2014
An unwanted event resulting from the release
of the Hazard
19. Barrier types
Source: Guldenmund, F., Hale, A., Goossens, L., Betten, J., &
Duijm, N. J. (2006). The development of an audit technique
to assess the quality of safety barrier management. Journal
of hazardous materials, 130(3), 234-41.
19
04 februari 2014
25. Services Royal HaskoningDHV
Policy and strategy
Culture
•Development of Environment & Safety Policy
•Corporate Environment Plan
•Stakeholder Analysis
•Carbon Capture and Storage
•REACH and GHS
•Corporate Social Responsibility
•Carbon Trading
•Policy on the Prevention of Serious Accidents
•Energy
•SHWE growth model (based
on Hearts and Minds)
•Safety culture scan
•Incident analysis (TRIPOD)
•Management system audits
•Compliance Audits
Organization and processes
•Environmental Management Systems
•Safety Management Systems
•Occupational Health Management Systems
•HSE Risk Management
•Interim HSE Management
•Training and Coaching
•Environmental and Sustainability Reporting
•Process safety management
25
04 februari 2014
Compliance
•Environmental impact
assessment (EIA)
•Environmental permitting
•Safety Report
•Fire Report
•QRA/external Safety
•EIA
•Emission studies
•Noise/odor dispersion studies
•IPPC studies
HSE engineering
•Safety Case
•HAZID and HAZOP
•ENVID
•Fire Protection Analyses
•QRA, IRPA
•Technical Safety Review
•Process Hazard Analysis
•Hazard Consequence Modeling
•Asset integrity studies (SIL, IPF
and LOPA)
•Reliability, Availability &
Maintainability Studies (RAMS)
•FME(C)A studies
•BowTie Risk Analyses
•Escape, Evacuation &
Rescue Analysis (EERA)
Editor's Notes
Another thing to define as clearly as possible going on is What is Risk Management? What do we do when managing risks? What are the steps to take and inputs and outputs do we need to get a good overview of what we are doing?Risk Management is often described in several phases:First we need to analyze what out Risks are. This means indentifying the sources of risk and estimating what the potential consequences of these risks are. The second step is to decide how we can treat our risks; what are the best ways to control our business? Do we want to avoid certain risks because the potential outcomes are simply too bad? How can we optimize the controls that we have in place to avoid certain events? Can we transfer certain controls, or retain them?The next step is to accept that we are dealing with certain risks when doing business. We know the risks, we know how to treat them and we accept that they are part of our organizational environment. This leading to the next step: Risk Communication. As said in the part about Risk Perception; it is of major importance that people are aware of the risks they are dealing with and know what their role is in keeping controls and barriers working. This can only be done when Risk Communication properly.
New systems Sil systems
BowTieXL is the latest addition to the BowTieXP software. It adds Excel type functionality to a Bowtie, allowing you to make calculations and more.
In 1990 psychologist James T. Reason proposed the Swiss Cheese metaphor as an accident causation model. Reason hypothesized that hazards are prevented from causing losses by a series of barriers, known as controls in the bowtie method. He states that these barriers however are never 100% effective. Each barrier has unintended (inconstant) weaknesses and when these so called ‘holes’ line up a hazard can be released. According to Reason the common causes of the weaknesses in barriers can often be found in the organization (latent failures). E.g. cost & time cutting on maintenance management can eventually lead to the deterioration of the integrity of many hardware barriers within a system. In the Bowtie method these weaknesses are defined as Escalation Factors and are important features to fight the illusion of control that organizations sometime tend to have.
Bowtie was created by mixing two existing risk analysis tools, namely Fault trees and Event trees.Fault trees flow from bottom to top and show all the ways in which the Top Event, the event at the top, can happen. Fault trees have AND/OR gauges to model whether controls are parallel or sequential.Event trees work the other way around. They start with a single event, and model what consequences can result from that. They do that by having combinations of conditions, and based on a particular combination, a certain consequence occurs. Often Event trees also have calculated frequencies for their consequences.
Bowtie adds the two together, and forms one diagram.
Bowtie also takes out the complexity of both the Fault tree and Event tree, making it an excellent tool for communication of risk at all levels of the organisation, not only for the experts at the HSE department. Taking out the complexity has some consequences, which we will discuss later on.Important to note is that the Bowtie method is meant for a higher abstraction level. Whereas Fault trees and Event trees are focused sometimes on the level of a single valve, Bowtie tends to focus on a higher level, and thus provides an excellent overview. It also means that Fault trees and Event trees are not obsolete, they can still be used for a more detailed picture.
Residual! After implementing everything, all tasks, accountabilities etc
Guldenmund, F., Hale, A., Goossens, L., Betten, J., & Duijm, N. J. (2006). The development of an audit technique to assess the quality of safety barrier management. Journal of hazardous materials, 130(3), 234-41.