Barriers that are defined in the Safety Management Systems are the means to manage safety. Information on the quality of the barrier is therefore of vital importance. A common way of assessing the quality of your safety management system is to perform audits. A Dutch study [1] suggests that we should move away from traditional categorical audits and move on to scenario (risk) based audits.

Assessing safety management systems

Safety Management Systems (SMS) can be represented using the bowtie methodology. The method structures the SMS by identifying barriers that should prevent incident scenarios from becoming reality. Process safety is thus ensured by managing the effectiveness of these barriers. It can therefore be said that the quality of the SMS is defined by the quality its barriers. In order to adequately manage your barriers, it is important to know the quality of your barriers. For example, it can be dangerous to rely on barriers that are defined in the SMS but are in reality inadequate. Good ways to gain insight into barrier quality are: Incident analysis and auditing. This article will take a closer look into the auditing part.

Traditional auditing

A traditional audit is often directed to assess a specific part of a process. It focusses on a predetermined category selected from a list of categories. For example, in order to comply with OSHA legislation, companies have to be subjected to Process Safety Management (PSM) audits. The audits provided by PSM identify 14 elements that cover a broad spectrum of process safety issues (i.e. employee participation, operating procedures, mechanical integrity etc.). These elements and audit formats have been heavily standardized. The results can therefore be easily compared between companies or sites.

Risk based auditing

However, a study has argued that traditional categorical audits may not be as effective as once thought. It has exposed three main shortcoming of categorical auditing: Poor hazard identification (1), they are not scenario based (2) and they neglect human factor related issues (3). First, it is argued that most audits do not take hazard identification as the starting point. Hazard identification is the first step of designing a SMS. If this stage is poorly executed, the SMS will not deal with the actual hazards. Audits should take the hazard as a starting point to ensure that the SMS that is being assessed is capable of handling the actual hazards. Secondly, the traditional category approach is not scenario based. It looks at individual elements, often neglecting the way they need to work together in case of an incident. By auditing from the perspective of a possible incident scenario, the system is tested as the sum of its parts. This is a better reflection of realistic situations. Thirdly, human factors are often mentioned in traditional audits as being relevant, but do not specify which types of human factors are encountered. This makes it difficult to generate adequate solutions that effectively improve the human factor issues. Human factor issues can be difficult to identify from abstract categories and are better described with real-life examples. Because scenario audits take a more lifelike approach, human factor issues are more likely to come to light. Once identified properly, they can be adequately addressed.

Bowtie diagram and Risk Based Auditing

Barrier based auditing
The red line represents an incident scenario. The driver loses attention, thus losing control over the car and hits a pedestrian.

Risk based audits can be based on BowTie diagrams. They graphically represent the various incident scenarios and the barriers that should prevent them from evolving. Creating a pathway from a threat, through a top event to a consequence is a possible scenario. The audit should assess whether the barriers in between are adequate in such a scenario. The hazards represented in these scenarios are used to set the criteria which the barriers should meet. This allows criteria to be defined more specific and risk based. Such an approach will generate relevant feedback that directly applies to the barriers defined in the SMS.


Risk based audits are a more risk based approach to auditing. Instead of focusing on abstract categories, the scenario focuses on the barriers that reduce the unique risks of an organization. The direct link to scenarios and barriers makes it easier to make concrete recommendations for improvement. This means that resources invested in scenario auditing return more valuable feedback that improves the safety of and organization.

  1. Zemering C Swuste P (2005). De Scenario audit Voorstel ter preventie van incidenten en rampen in de procesindustrie. Tijdschrift voor toegepaste Arbowetenschap 18(4):79-88
Back To Top