CumplimientoESG08 junio, 2021

How does bowtie help you comply with regulations?

In our recent short video on combining risk management and compliance, we talked about finding appropriate standards or regulations as one of the steps.

It is key to comply to those standards and regulations, but how do you practically do this? In this blog you will find a framework to construct your compliance on and pin your objectives to: the bowtie model.

Benefits of bowtie as a framework for compliance

In any angle concerned with risk management, bowtie offers a fixed framework that creates overview. Using the power of its capacity to hit the right spot in terms of complexity, it is both easy to understand, as well as comprehensive in covering every risk scenario (see figure 1 below). Considering different risk situations (e.g. operational, but also enterprise level), while using the method as a thorough means of doing your analysis, will give you a maximum scope to cover your objectives.

Figure 1: An example of the bowtie framework, click here for full image

Besides that, bowtie is not only a methodologically exhaustive framework to connect your compliance standards to, it is also a good way of letting compliance land within and across different departments. The figure below shows an example of how the bowtie framework could help you determine coverage and maturity of compliance objectives.

Since bowtie is a popular and communicative means for risk management, adhering to standards is easier to broadly imbed withing the organization. This is how complying to regulations will not only become a ‘check-box exercise’, but rather has a genuine chance for fruition and maturity.

Barrier-based compliance

The practical implications of using the bowtie model as a framework, lie in the fact that it is a barrier-based methodology. Realistic contexts and scenarios are being mapped out in bowties, on which the actual barriers or controls that should provide control over your risks, reside where they should have an effect. Assessing whether these barriers cover certain objectives from your compliance standards, enables you to engage in a barrier-based compliance approach.

When engaging in a barrier-based risk management approach, you will be in control to understand what can go wrong and what kind of measures you have in place to prevent this from going wrong. Actively assessing how these measures are performing by connecting regulations or standards to your bowtie barriers, will uptake your barrier management to an advanced level, since you will have more assurance data to verify these barriers are working effectively. The image below shows an example of how the bowtie framework can be used to display assurance data.

Setting this barrier-centered Plan-Do-Check-Act (or Deming) cycle in motion will create a win-win situation for your organization:

1) you know what controls are protecting your operations,
2) you experience how they’re functioning on a day-to-day business
3) you’re actively assessing if this performance is meeting your standards
4) you’re adjusting your process if anything is out of acceptable boundaries

Consider digitalization

Since it is an enormous manual exercise to create audit or compliance frameworks from scratch, have you ever considered using our software solutions to achieve this otherwise? Our way of working in using bowties to base your compliance on, is endorsed by several regulators in multiple industries. See our past years blog on reasons to adopt the bowtie methodology for further reading on implementing compliance frameworks within bowties.

© CGE Risk. 2021 – The copyright of the content of this blog belongs to CGE Risk Management Solutions B.V.