Have you identified your principal/critical risks?

How are you maintaining your due diligence obligations?

What’s your risk appetite?

Have you identified what can go wrong, how can it happen and what the result will be?

What is a Principal/Critical Risk?

WorkSafe NZ refer to principal hazards or risks as part of their narrative and the term is heavily referenced in the mining regulations. But, this term does not not only apply to mining.

All organisations (and the staff that work for them) face risk to a varying degree on a daily basis. A hazard that has the potential to create multiple fatalities from a single event, or a single fatality from recurring accidents is a principal/critical risk.

How Do We Assess Principal/Critical Risks?

At Intesafety we use a Broad-Brush Risk Assessment (BBRA) approach to assess the risks for the organisation and its operations.

The primary objective of the resulting risk register is to undertake a structured and systematic assessment process to enable critical and objective assessment of the company’s risks. It also works to:

• Assist the company to identify hazards and manage associated risks whilst operating and to satisfy their obligations in accordance with:
  • The company’s Health & Safety Management Plan
  • Applicable industry legislation
  • Recognised Standard for Risk Management ISO 31000
• Facilitate a process to:
  • Identify potential ‘high consequence’ Health & Safety (or other) risks and their potential impacts on business goals
  • Identify planned and existing controls
  • Assess the consequence and likelihood with the planned/existing controls in place; and
  • Identify risk reduction strategies to reduce the risk to an acceptable level
• Record the process and provide a report consistent with the scope

The developed risk register allows the company to identify its principal/critical risks and prioritise its resources for the mitigation of these risks.

 Principal/Critical Risk Analysis using the InControl Bowtie Method

The bowtie method is a common risk evaluation method that can be used to analyse and demonstrate causal relationships in principal/critical risk scenarios.

The method takes its name from the shape of the diagram that you create, which looks like a men’s bowtie.

Below is an example format for the bowtie, showing the hazards feeding into the top event in the centre. Threats and controls are shown on the left of the event while the recovery barriers and consequence and escalation details are recorded on the right.

Our partners INX provide a health and safety management database InControl which (among many other functions) provides a risk assessment and analysis based on the Bowtie methodology.

InControl data entry requires identification of activity tasks along with the examination of causal factors and controls. Outcome consequences and escalation factors are also reviewed with each element linked to an action module, which can then be assigned to responsible staff to maintain the controls status.

The InControl mobile application allows easy access for staff to report, action or view data within the database. The scheduled outputs can include comprehensive reporting and analysis processes for up to date, accurate, and detailed reports for supervisors and management team.

What’s your critical risk? Don’t assume it is being adequately managed – verify that it is.

The bowtie risk analysis model is used to help simplify risk assessment and support business understanding of risk. Much like the name suggests, this style of risk assessment uses a format that looks like a bowtie.

It enables users to conceptualise the interaction of causes, controls and consequences of a business risk. The bowtie risk analysis model can also provide a systematic examination of the business, identifying all circumstances which may give rise to risks.

Essentially, it provides a detailed study of the cause and recovery mechanisms for the principal risks within an organisation.

Key Steps for a Bowtie Risk Analysis

1. Define the top event (define what the unwanted event is that you are actually assessing)
2. Then identify the various threats which could cause the top event to be realised
3. Detail the existing protection barriers (controls) for each threat identified
4. Then for each barrier, define their escalation factors (these are factors that could make the barrier fail)
5. Identify for each barrier their escalation factor controls – i.e. Controls that prevent or minimise the possibility of the barrier or the recovery measures becoming ineffective
6. Then identify the consequences of the top event occurring – noting the top event could have several consequence outcomes
7. Identify the recovery measures to the top event – these are the factors that control that risk issues
8. Identify for each recovery measure their escalation factors and escalation factor controls
9. For each barrier, recovery measure and escalation factor controls, identify further safety actions that will prevent them from being realised
10. Ensure these actions are then assigned for review and follow up to the responsible staff member

This process may sound complex but worked through logically, it can deliver key outcomes and understanding of business risks. A vast amount of detail is generated from this process – it’s important to capture it all to enable full understanding.

In its basic form, the bowtie process can look like this following diagram:

Bowtie Risk Analysis

A bowtie can also provide an excellent tool to demonstrate the principal risks and controls to workers and senior executives. It enables the reader to work through the different stages of how an event could occur through outlining the potential precursor events and recovery mechanisms.

One of the many benefits of the InControl HSQE software is that its risk assessment technique is based on the bowtie risk analysis process. This enables users to very simply bring this complex risk management technique into their standard operational HSQE Management processes.

As well as being able to complete and store the bowtie process within the InControl software, these assessments can be linked to events (i.e. incidents, near misses, hazards etc.). As these are reported into the same system, this can prompt a review of existing threats/controls and provide detailed risk analysis of the reported event data against the business risks.

This functionality brings detailed risk analysis alive within the business.

Below is an example of the bowtie within InControl:

What next?

As the NZ partner for INX InControl software solution, Intesafety can assist you by providing a comprehensive software package to manage and centralise all your HSQE functions. We can also assist with facilitation of your bowtie risk assessments – ensuring they are fully detailed within the system, actions are assigned and risks regularly reviewed.

Get your business fully understanding its risk profile. Call us today for a free demonstration of the InControl software and our specialist Health and Safety Management Services.