Bow Tie Analysis: A Complete Risk-Management Framework
Visualize risk paths, controls, and outcomes in one intuitive diagrammatic structure
What Is Bow Tie Analysis?
Definition and Core Concept
The Bow Tie Analysis methodology is a risk-assessment technique that uses a central “top event” to map threats on one side and consequences on the other, with controls or barriers depicted in between.
This visual tool helps organisations connect hazards, preventive measures, event control and impact mitigation.
Origins and Development
Bow-tie diagrams emerged in the safety and process-industry domain as a way to integrate fault-tree (causes) and event-tree (consequences) analyses in one simple graphic.
It gained popularity because it offers intuitive risk-communication for complex systems.
Why It’s Called “Bow Tie”
The shape resembles a bow-tie: the central knot is the “top event”, the left wing shows threats leading to it, and the right wing shows the possible outcomes after the event.
This naming emphasises its visual structure and aids stakeholder understanding.
Key Components of the Bow Tie Diagram
Hazard and Threats
Hazard: The potential source of harm or loss.
Threats: The initiating events or conditions that may trigger the top event (loss of control of the hazard).
For example: in a chemical plant, a hazard might be “flammable vapour build-up”, threats might include “equipment failure”, “human error”.
Top Event
The “knot” in the bow-tie: where control over the hazard is lost and an incident is initiated.
Defining this clearly is critical because everything on both sides (prevention and mitigation) is structured around it.
Consequences
These are the possible outcomes or impacts when the top event occurs and control is lost. They can include injuries, environmental damage, financial loss, reputational harm. The right wing of the diagram maps these.
Preventive and Mitigative Barriers
Preventive barriers: controls designed to stop the threat from triggering the top event.
Mitigative barriers: controls designed to reduce the severity or likelihood of consequences once the top event has occurred.
These are represented as layers (or “barriers”) on each side of the top event.
Escalation Factors and Barrier Degradation
Escalation factors: conditions that can weaken or bypass barriers (e.g., maintenance backlog, human fatigue).
Barrier degradation: the reality that barriers are not static—they may deteriorate over time and reduce effectiveness. Recognising these is critical for realistic risk-assessment.
How to Build a Bow Tie Analysis Step-by-Step
Define the Scope and Hazard
Start by deciding the system, process or asset you’re analysing, and identify the hazard (what could go wrong). Clear scoping prevents uncontrolled complexity.
Identify Threats and the Top Event
Work with cross-functional stakeholders to list all credible threats that could lead to loss of control of the hazard and determine the top event. Use a workshop approach if possible.
Map Consequences
On the right side of the diagram, list all credible consequences if the top event occurs (and barriers fail). Ensure breadth (including reputational, regulatory, financial) not just physical harm.
Identify Barriers and Controls
For each threat (left side) and consequence (right side), identify barriers: preventive controls for threats; mitigative controls for consequences. Include ownership, performance standards, monitoring.
Assess Barrier Effectiveness
Review each barrier: How well does it perform? Are there escalation factors? Does the barrier degrade? This assessment helps prioritise control investments.
Review and Maintain the Diagram
Bow-tie analysis is not a one-off. Regular reviews post-incident, when process changes, when new threats emerge, are necessary to keep the model current and reliable.
Bow Tie Analysis in Practice
Oil and Gas Industry
In high-hazard sectors such as oil & gas, bow-tie methods are widely used to visualise major incident risks, regulatory compliance, barrier performance and audit trails.
Aviation and Transport
The structured mapping of threats, controls and consequences supports safety-case logic in aviation, rail and transport domains—where clarity of risk communication is vital.
Healthcare Applications
Healthcare uses bow-tie diagrams for patient-safety events, process failures, cascading errors: visualising who controls what, what can go wrong, what happens if control fails.
Cybersecurity and Enterprise Risk
The method is increasingly applied in cyber risk and enterprise-risk contexts: mapping threat vectors, controls, breach events and business impact scenarios with a bow-tie style.
Benefits and Limitations
Key Advantages
- Intuitive visual representation of risk pathways and controls—improves stakeholder understanding.
- Structured risk assessment: systematically identifies threats, barriers, consequences.
- Improved communication and accountability: ownership of barriers, clear lines of control.
- Integration: aligns with frameworks such as ISO 31010 as a recognised risk-assessment technique.
Common Pitfalls
- Oversimplification: risk scenarios may be too complex for a simple bow-tie and may require deeper quantitative techniques.
- Barrier detail lacking: if barrier performance, escalation factors, degradation aren’t captured, the diagram may give false assurance.
- Static diagrams: without regular review and updates, the bow-tie becomes outdated and misleading.
Complementary Techniques
Bow-tie analysis works best when combined with other techniques such as fault-tree analysis (FTA), event-tree analysis (ETA), layer of protection analysis (LOPA), quantitative risk models.
Implementation Best Practices
Team Collaboration and Workshops
Bring together diverse stakeholders—operations, safety, audit, maintenance, IT—to build the bow-tie in a workshop setting. This fosters shared understanding and barrier ownership.
Software Tools and Templates
Use dedicated software or templates that support drawing, updating, linking controls to tasks, tracking degradation, and integrating with risk registers.
Monitoring Risk Indicators
Link barrier performance to measurable indicators (e.g., overdue inspections, failure-rates, training completion) to track health of controls proactively.
Integrating with Risk-Management Systems
Ensure the bow-tie diagram is not stand-alone: link it to your broader risk-registry, audit processes, incident investigations, management-review cycles.
Measuring Success and Improvement
Tracking Barrier Performance
Define key performance indicators (KPIs) for each critical barrier and monitor over time—e.g., number of barrier failures, number of overdue maintenance tasks.
Reviewing Diagrams Post-Incident
After an incident (or near-miss), revisit the bow-tie: did a barrier fail? Was an escalation factor present? Use lessons learned to update controls and barriers.
Updating and Refining Models
Update the diagram when new threats emerge, technology changes, process modifications occur. Regularly refine to keep it relevant and reliable.
Conclusion and Next Steps
Summary of Key Insights
Bow-tie analysis offers a visual, structured approach to risk management, linking hazards, threats, top events, controls and consequences in a clear diagram. It supports better understanding, communication, and barrier-management.
Practical First Steps
- Select a high-risk process or system to pilot a bow-tie.
- Convene a cross-functional workshop and map hazard → top event → threats → consequences → barriers.
- Assign ownership for each barrier, establish performance indicators, and schedule periodic review.
Resources for Further Learning
Explore the Center for Chemical Process Safety (CCPS) book Bow Ties in Risk Management for in-depth guidance. Review the supporting tool templates from the Health and Safety Executive (HSE) for practical worksheets.
Get expert advice from Aura Safety & Risk Consultant
What we offer
Our Services
Identify, evaluate, and control process hazards with expert risk assessments, ensuring safe, reliable, and compliant industrial operations.
Identify, evaluate, and control process hazards with expert risk assessments, ensuring safe, reliable, and compliant industrial operations.
Implement site safety plans, audits, and training to prevent accidents, ensuring safer construction environments and regulatory compliance.
Design, engineer, and audit fire protection systems ensuring reliable performance, asset safety, and adherence to national safety standards.
Empowering workforce with certified HSE, fire, and industrial safety training programs for skill development and regulatory competence.
Create immersive, interactive VR safety training modules for realistic learning experiences in hazard recognition and emergency preparedness.
How it works
Industry Consultation
Project Scoping & Industry Brief
Service Selection
Site Visit & Inspection
Audit & Analysis
Report Submission & Discussion
Frequently Ask Question
A fault-tree analysis focuses only on causes leading to an event; a bow-tie diagram combines causes (left side) and consequences (right side) around a central top event, making it more holistic and easier to communicate.
While often qualitative, bow-tie models can be extended to semi-quantitative or quantitative risk assessments by linking probabilities and barrier effectiveness data.
The diagram should be reviewed whenever major changes occur (process, equipment, controls), after incidents/near-misses, and at regular intervals (e.g., annually) to ensure it remains valid.
Industries with high hazards use it frequently—oil & gas, chemical processing, aviation/transport, healthcare, cybersecurity, and enterprise risk management.
Common mistakes include failing to capture barrier degradation/escalation factors, using it as a one-off rather than a living model, oversimplifying complex scenarios, and not integrating with broader risk systems.
By clearly documenting hazards, threats, controls and consequences, bow-tie diagrams provide auditable evidence of risk-management logic and barrier ownership, which supports compliance in many regulatory frameworks.
Not strictly. You can start with templates or drawing tools, but specialized software offers advantages like version control, linking barriers to tasks/KPIs, collaboration features, and audits.