Bow-Tie Risk Model (Royal Dutch Shell Influence)

By /

1. Introduction to the Model

The Bow-Tie Risk Model is a visual risk analysis framework that illustrates the pathway from causes (threats) to consequences (outcomes), with preventive and mitigative controls placed in between. It resembles a bow-tie shape, where the centre represents the critical event, the left side shows causes, and the right side shows consequences.

The purpose of this model is to help investigators and decision-makers understand how risks develop, how they can be prevented, and how impacts can be controlled if an incident occurs. It provides a clear and structured way to analyze risk relationships and control measures.

For trainees, this model is essential because it develops the ability to visualize risk pathways, identify control points, and manage threats systematically. It enhances skills in risk assessment, incident analysis, and preventive planning.

The model is widely used in safety management, security operations, investigations, and high-risk industries, where understanding risk is critical.

Ultimately, the model reinforces the principle that effective risk management requires both prevention of causes and mitigation of consequences.

2. Background of the Model

The Bow-Tie Risk Model was popularized by Royal Dutch Shell as part of its safety and risk management practices in high-risk industries such as oil and gas.

The model was developed to address the need for:

  • Clear visualization of risk pathways
  • Identification of control measures
  • Integration of prevention and mitigation strategies

It combines elements from:

  • Fault Tree Analysis (identifying causes)
  • Event Tree Analysis (identifying consequences)

The model integrates principles from:

  • Risk management and safety engineering
  • Systems thinking
  • Incident analysis frameworks

Over time, it has been widely adopted in law enforcement, security, aviation, and industrial safety, due to its clarity and effectiveness.

Its continued relevance lies in its ability to provide a comprehensive and visual understanding of risk and control mechanisms.

3. What is the Model

The Bow-Tie Risk Model is a visual risk analysis framework that maps causes, a central event, and consequences, along with preventive and mitigative controls.

It aims to support risk understanding and management.

4. Components / Stages of the Model

The Bow-Tie Model consists of structured components that represent the full risk pathway.

  1. Hazard (Source of Risk)

The hazard is the potential source of danger, such as:

  • Criminal activity
  • System vulnerability
  • Environmental risk

This represents the origin of risk.

Key Principle: Hazards are the starting point of risk analysis.

  1. Threats (Causes of the Event)

Threats are factors that can lead to the central event, including:

  • Human error
  • System failures
  • External actions

These represent potential causes.

Key Principle: Threats are conditions that can trigger the event.

  1. Preventive Controls (Barriers on the Left Side)

Preventive controls are measures designed to stop threats from leading to the central event, such as:

  • Policies and procedures
  • Security measures
  • Training and supervision

Key Principle: Prevention reduces the likelihood of the event occurring.

  1. Top Event (Critical Incident)

The top event is the point where control is lost, such as:

  • A security breach
  • A fraud incident
  • A system failure

This is the central focus of the model.

Key Principle: The top event represents the moment of failure or incident occurrence.

  1. Consequences (Outcomes of the Event)

Consequences are the results of the top event, including:

  • Financial loss
  • Injury or harm
  • Reputational damage

These represent the impact of the event.

Key Principle: Consequences define the severity of the incident.

  1. Mitigative Controls (Barriers on the Right Side)

Mitigative controls are measures designed to reduce the impact of consequences, such as:

  • Emergency response plans
  • Damage control measures
  • Recovery strategies

Key Principle: Mitigation reduces the severity of outcomes.

  1. Escalation Factors and Controls

Escalation factors are conditions that can:

  • Weaken controls
  • Increase risk

Additional controls are needed to manage these factors.

Key Principle: Managing escalation ensures control effectiveness.

Overall Integration of the Components

The Bow-Tie Model integrates all components into a comprehensive risk pathway:

  • Hazard defines the source
  • Threats lead to the event
  • Preventive controls block threats
  • Top event represents loss of control
  • Consequences show impact
  • Mitigative controls reduce damage
  • Escalation factors affect control effectiveness

Critical Insight: Effective risk management requires controlling both causes and consequences simultaneously.

5. How the Model Works in Investigation

In practice, investigators identify hazards, threats, and the central event.

They analyze preventive and mitigative controls, identifying weaknesses and gaps.

This helps them understand how the incident occurred and how similar risks can be managed in the future.

6. Case Study / Practical Example

In a security breach investigation:

  • Hazard: Sensitive data system
  • Threat: Unauthorized access attempt
  • Preventive control: Access control systems
  • Top event: Data breach
  • Consequence: Data loss and reputational damage
  • Mitigative control: Incident response and recovery

Analysis reveals that weak preventive controls allowed the breach.

This example demonstrates how the model identifies risk pathways and control gaps.

7. Application of the Model (Where & When to Use)

The Bow-Tie Model is most effective in:

  • Risk assessment and management
  • Incident and accident investigations
  • Security and safety analysis
  • Situations involving complex risk environments

It is particularly useful when:

  • Understanding risk pathways is critical
  • Both prevention and mitigation are required

It may be less effective when:

  • Risks are simple or minimal

Key Principle: Use the model when analyzing and managing complex risks.

8. Strengths of the Model

The model offers several strengths:

  • Provides a clear visual representation of risk
  • Integrates prevention and mitigation
  • Supports systematic risk analysis
  • Identifies control gaps
  • Easy to communicate and understand

9. Limitations of the Model

The model has limitations:

  • May oversimplify complex systems
  • Requires accurate identification of threats and controls
  • Can become complex with many variables
  • Dependent on quality of analysis
  • Requires expertise

10. Summary of Key Points

The Bow-Tie Risk Model provides a structured and visual approach to understanding risk pathways, causes, and consequences, along with preventive and mitigative controls.

It is highly effective in identifying control gaps and managing risks, making it a valuable tool in investigations and safety management. While it requires careful analysis, it significantly enhances risk understanding and decision-making.

For trainees, mastering this model strengthens risk assessment, analytical thinking, and preventive planning, making it an essential tool in modern investigative practice.

(C) Copy Rights Reserved, Alan Elangovan - LPS Academy
Shopping Cart
Scroll to Top