SOX audit software
ComplianceESGJune 04, 2019

ISO 31000 blog series – Risk evaluation with BowTieXP

ISO icon

Two ways to evaluate your risk

How do you evaluate risk? In this blog, we describe two functionalities that will help you to evaluate your risks and to see the strengths and weaknesses of your processes. The previous blog describes different approaches to evaluate risk, namely the qualitative way and quantitative way. In this part of the series, we will show you how to do a qualitative risk evaluation in two ways using BowTieXP.

The two ways that help you to create a clearer picture and evaluate the risks are:
1. Risk matrices
2. Consequence categories

1. Risk Matrix

The risk matrix is an effective tool to evaluate risks in a qualitative way. In BowTieXP it is possible to assess the risk on an inherent level and residual level concerning the hazard, top event and consequence. There are a couple of steps you need to go through to use the risk matrices to its full functionality.

  • Change the risk matrix to your organization’s standards. Go to case > risk matrices. Click on a risk matrix and give it a name. To add risk categories, right click under risk categories. Here you can add a new category, select a color and change the text.
ISO iconFigure 1: Add a risk category
Right click on columns and rows to add more or to delete. Now that you have the right axis, you can color the matrix with the risk categories. It is like painting; click on one risk category and color the boxes in the risk matrix you want in that color.
ISO icon
  • Now you have your risk matrix, you can start using them on the hazard, top event or consequence. Let’s say we want to use it on the consequence. Hover over the consequence and click on the pencil icon and go to the risk assessment tab. Here you can asses the inherent and the residual risk. 
ISO icon
  • Now you have assessed the risk of the consequence, but it does not automatically show on the diagram. Click on the eye icon to tick the box for inherent and residual. 

It is also possible to use the risk matrix on the hazard or top event. Organizations choose to do so to show the overall risk assessment of that hazard for example. The process works the same as for the consequence, but sometimes the risk assessments are shown on the top event, while you actually want to see it on the hazard. Go to the large eye icon in the toolbar.

ISO iconFigure 2: Change display options

Under hazard risk assessment, you can tick the box to show the risk matrix on the top event. If this box is not ticked, it will be shown on the hazard.
In this same overview, you also have the option to hide the unassessed risk assessments. If you do not tick this box, the unassessed risk assessments are shown as grey.

2. Consequence categories

Some organizations do not use risk matrices, but they use the consequence types or categories. For example, you can create two categories; 1. ALARP and 2. Not ALARP. Go to the lookup tables in the treeview. Right click on Consequence categories and select new consequence category.

ISO iconFigure 3: Create a new consequence category – 1
Now you are creating a new category. Fill in a code, name, description (if required) and select a color, like in the example below.
ISO iconFigure 4: Create a new consequence category – 2
To add one of these newly created categories to one of your consequences, click on the consequence of your choice using the pencil icon. To show the consequence category. Click on the eye-icon and choose categories.
ISO iconFigure 5: Show the consequence category

These are just two examples of how to do a qualitative risk evaluation in BowTieXP. Which of these two ways do you prefer?

What’s next?

When you have completed this risk evaluation phase, your diagram will directly show you where you need to improve safety. But how? You’ll find out in our next blog about risk treatment.

Related Insights

  • Artificial intelligence in auditing: Enhancing the audit lifecycle
    Article
    Compliance
    April 17, 2024
    Artificial intelligence in auditing: Enhancing the audit lifecycle
    Using artificial intelligence in auditing improves performance across the audit lifecycle.
    Learn More
  • Auto finance digital transformation index
    Article
    Compliance
    April 17, 2024
    Auto finance digital transformation index
    Navigate auto lending's changing landscape with our Automotive Finance Digital Transformation Index. Learn about critical digital transformation drivers and insights for thriving in the new digital era.
    Learn More
  • Common concerns of businesses that file their own UCC filings
    Article
    Compliance
    Finance
    April 17, 2024
    Common concerns of businesses that file their own UCC filings
    Variations in state laws complicate UCC filings, requiring precise adherence to jurisdiction-specific guidelines to avoid rejections.
    Learn More
  • The value of recurring search
    Article
    Compliance
    Finance
    April 17, 2024
    The value of recurring search
    Utilize recurring searches for strategic decision-making and risk mitigation. Optimize operations and ensure compliance with tailored search profiles and integrated systems through effective public records monitoring.
    Learn More