The Benefits of Bowtie Risk Management in Compliance · PDF file ...

www.etq.com info@etq.com www.aloftaviationconsulting.com info@aloftaviationconsulting.com

The Benefits of Bowtie Risk Management in Compliance Systems

Why do this?

Risk at the centre

Focus for all system activities becomes risk

Cumulative learning

Every report, investigation, audit adds to our overall understanding of the risks to our operation – in reality not just in potential

Better use of scarce skills and resource

Currently much of the effort is spent on interpreting, coding and classifying incoming data to help build understanding

Under this approach much of the classifying and coding and some of the interpreting happens automatically.

The result is we monitor risk management performance continuously.

If we move to a system which combines BowTie risk models with Safety/Quality/Compliance data what benefits does that bring?

+ The Challenge Managing safety/quality/compliance data to understand risk

www.etq.com info@etq.com

The Deluge! Sa

Safety Trends

Investigation Report XXX

Tech Analysis

Ramp Safety

Committee Minutes

Engineering Audit March

Confidential Reports

Safety Committee

Minutes

SMS Audit June

Major Event

involving YYY

Safety Action

Closeout Trends

Regulatory Compliance

And So On... www.etq.com info@etq.com www.aloftaviationconsulting.com info@aloftaviationconsulting.com

+ The “Adding Up” Problem

An increase in safety reports, some fairly concerning audit findings, neck hairs rising –

what does it all add up to?

The range of data we have has grown dramatically – better safety reporting,

observational programs, culture surveys, a range of audits, training data, technical

reliability, ...

We tend to store that data, classify it and report it the way we collect it.

Combining data relies on the “wet” computer.

But the human brain has some built in limitations in dealing with risk and data – in fact

we’re not very good at it.

So, is it really adding up?

5 www.etq.com info@etq.com www.aloftaviationconsulting.com info@aloftaviationconsulting.com

+ Risk Management – the weak link?

Risk management is the core of safety management

A lot of SMS effort – both operators and regulators is focused on process

But the challenge lies in the content

Hazard identification – Can’t manage unidentified hazard

Risk Assessment – wrong risk level miss directs attention

And we humans are not naturally good at either of these

+ We’re not naturally very good at risk

We can fail to identify critical hazards: Lack imagination – typical scenario is much stronger than “odd” scenario

Don’t expect unexpected

Wrong mental model – simple linear process narrative not complex noisy parallel chaos

Over reliance on procedure

Group think – social effects dominate rational judgement

We can miss-estimate risk: Poor risk calculators

Overconfidence bias

Understanding of complex systems is actually poor

Intuitive sense of random is wrong!

Small data window

The Matrix

+ The Matrix!

Judgement based (about the future)

Standardisation hard

Sensitive to Risk Scenario

Qualitative (but looks quantitative)

Multiple hidden assumptions

Many start towards measuring risk by adding risk measures based on something like this to their data – but...

Catastrophic

Hazardous

Negligible

Frequent 5 5A 5B 5C 5D 5E

Occasional 4 4A 4B 4C 4D 4E

Remote 3 3A 3B 3C 3D 3E

Improbable 2 2A 2B 2C 2D 2E

Extremely

improbable1 1A 1B 1C 1D 1E

Risk Severity

Risk Probability

+ Risk Scenarios

Worst Case?

Worst Conceivable Case?

Worst Credible Case?

Worst Feasible Case?

Hazard Outcome

Story that links Hazard to Outcome

Will involve barrier failures

Basis for assessing likelihood and

severity

There even if not explicit

+ Multiple Risk Scenarios

Threat Risk Control

Undesired

Operational

Recovery

ControlConsequence

Threat

Risk Control Risk Control

Risk ControlRisk ControlRisk Control

Recovery

Control

Recovery

Control

Recovery

Control

Recovery

Control

Recovery

Control

Recovery

Control

Recovery

Control

Consequence

Hazard Different scenarios may map to

same risk level

But, may not...

+ BowTie Risk Concepts

Threat Barrier

Undesired Operational

Recovery Control

Consequence

System & Culture

Threat

Barrier Barrier

Barrier Barrier Barrier

Recovery Control

Consequence

Hazard

+ Example – Rail Transport

Source: CGE BowTieXP

+ Adding Barriers

+ Adding Data

Threats Safety Reports Observations Barrier Failures Safety Reports Observations Investigation Findings Audit Findings Technical Data

Undesired Operational State

Safety Reports Observations Investigation Findings Technical Data

Recovery Failures Safety Reports Observations Investigation Findings Technical Data

Consequences Industry Data

Contro

Undesire

tional

Contro

quence

Contro

quence

Taming The Deluge!

ThreatRisk Control

Risk Control

Recovery Control

Risk Control

Consequence

Recovery Control

Safety System and Culture Threats

Threat

Consequence

System Performance • Compliance • SMS Functioning • Safety Culture

Safety Focus Areas

+ Monitoring the whole risk picture

ThreatRisk

Control

Recovery Control

Consequence

System & Culture

Threat

Risk Control

Recovery Control

Consequence

Hazard

Risk Precursor Threat Vulnerability

System Weaknesses

Safety Reports

Threat Rates

Consequence Rates

Control Failures

Recovery Activation

Risk Register

Vulnerability Assessment

Risk Precursor

Continuously updated risk picture

ThreatRisk Control

Risk Control

Recovery Control

Risk Control

Consequence

Recovery Control

Safety System and Culture Threats

Threat

Consequence

Turning the Theory into Reality

Organisational Learning Engine

Data Classification

Engine

Internal Data Shared Industry Risk Experience

BowTie Risk Models

Semi-Automatic Data Management

Runway Excursion - TO

Loss of Control in Flight

Runway Excursion - Landing

Controlled Flight Into Terrain

In-Flight Fire

Mid-Air Collision

Turbulence Injury

Threats

Controls

Distraction

Bird Hazard

AC Malfunction

Runway State

Weather

Weight and Balance

Threat Drivers

A320 A330 A340 B747 B777

Procedures

Competence/Training

Hardware

Software

Control Framework

Risk Dashboards

Tools to Implement the Vision 21

EtQ Exchange EtQ Reliance Risk Register

Shared Barrier Models

Dynamic Forms

Auto Import of BTXP into Reliance

Reliance Modules: •Safety Reports •Audit •Etc

APF Metrics

Reliance Dashboards

Complete Compliance Management Solution

• Applications for any organization, any industry

– Small or large organization

– Regulated or non-regulated

– Focus on Risk or Regulatory Compliance

• Applications to manage any compliance initiative

• Pre-configured with best practices

• Risk “at the core”

Application Breakdown As of version 10.0a of EtQ Reliance: QMS GMP EHS F&B SMS

Aspects, Objectives, & Targets • •

Audits Management • • • • •

Calibration and Maintenance • • • • •

Change Management • • • • •

Complaints Handling •

Corrective Action and Preventive Action (CAPA) • • • • •

Customer Feedback • • •

Deviation • • • • •

Document Control • • • • •

Emergency Preparedness Plans • •

Employee Training • • • • •

Enterprise Risk Management (ERM) • • • • •

Failure Mode and Effects Analysis (FMEA) • • •

Hazard Analysis Critical Control Points (HACCP) •

Incidents, Accidents and Safety Reporting • •

Job Safety Analysis (JSA) • •

Legislative and Regulatory Requirements • • • • •

Material Returns • • •

Material Safety Data Sheets (MSDS) • •

Meetings Management • • • • •

Monitoring & Inspection • •

Nonconformance Management • • •

Product Specification Management • • •

Production Part Approval Process (PPAP) • •

Project Control • • • • •

Quality Records Management • • • • •

Receiving & Inspection • • •

Risk Register • • • • •

Supplier Rating • • • •

Sustainability •

Complete Compliance Management Solution

• Integrated Risk Assessment

– Measure risk in any process, in context

– Track risk levels in centralized Risk Register

• Predictive Analysis using Risk Management

– Identify controls to mitigate risks

– Manage controls (documents, metrics, audits, etc…)

– Measure the effectiveness of controls (risk levels)

• Reduce Risk through Continuous Improvement

– Monitor control effectiveness through dashboard

– Test controls through Audits

– Survey potential risks using ERM

– Improve controls through CAPA and Change

Document Control

Training

Finding

Risk Assessment

Reporting

FMEA Job Safety Analysis

Effectiveness Effectiveness

Risk-Based Compliance

Effectiveness

Other Event

triggers

Risk Risk

Change Control

Effectiveness

Controls Hazard Analysis

EtQ Risk Register

Incident

Effectiveness Effectiveness

Complaint

Audit Change Control

Planned Deviation

Document Control

Training

ERP, MES

Investigation

Finding

EtQ Risk Register

Hazards Controls Risk levels Effectiveness

Effectiveness

Ad Hoc Event

Ad Hoc Request

Regulatory Compliance

Other processes Legislative and Regulatory Requirements Supplier Management Product Registration Recalls HACCP Calibration & Maintenance Incident / Safety Report

Effectiveness

Investigation

CONTACT US

info@AloftAviationConsulting.com

www.AloftAviationConsulting.com

bob.dodd@aloftaviationconsulting.com

info@etq.com

www.etq.com

The Benefits of Bowtie Risk Management in Compliance · PDF file ...

Documents

Bowtie Methodology Manual...create, which looks like a men's bowtie. The bowtie method has several goals: Provide a structure to systematically analyse a hazard. Help make a decision

BowTie in Healthcare - HU-TECH

Bowtie finals

Internship Project - Bowtie

Hfss Tutorial Slot Bowtie

NLS BIFURCATIONS ON THE BOWTIE COMBINATORIAL GRAPH … › ~goodman › publication › bowtie › bowtie.pdf · 2020-05-02 · future directions. 1.2. NLS on combinatorial and metric

Bowtie Analysis without Expert Acquisition for Safety ...depts.washington.edu/sctlctr/sites/default/files/research_pub_files/Bowtie Analysis...reliable manner. Further, a substantial

Improvement of an octave bandwidth bowtie antenna design ...publications.lib.chalmers.se/records/fulltext/249121/local_249121.pdf · Improvement of an Octave Bandwidth Bowtie Antenna

BowTie - A deep learning feedforward neural network for ... · BowTie-Adeeplearningfeedforwardneuralnetworkfor sentimentanalysis ApostolVassilev NationalInstituteofStandardsandTechnology

BowTie in Aviation: Masterclass using BowTieXP€¦ · BowTie in Aviation: Masterclass using BowTieXP BowTie is a great way to manage high-consequence risk, but BowTie models are

Quarters Presetation Bowtie - ETC

WIDEBAND PARTIALLY-COVERED BOWTIE ANT FOR GEO RADARS.pdf

BowTie Pro The fast, easy to use assessment tool Introduction to BowTie Pro

Agriculture Law: bowtie

Bowtie creative

Case for Safety - Bowtie Analysis

Plasmonic Resonance Enhanced Polarization-Sensitive ...yep/Papers/ACS Nano... · enhancement by bowtie plasmonic structures. In the second design, we use bowtie apertures (or bowtie

Active Risk Manager - Sword GRC · 2020-05-27 · Active Risk Manager Risk Vizualisation - ARM BOWtie. ARM BOWtie ARM BOWtie allows users to create classic Bow-Tie structures, including

International SOS Foundation Travel Risk Mitigation BowTie

Tunable optical response of bowtie nanoantenna arrays on ...capolino.eng.uci.edu/Publications_Papers (local...Tunable optical response of bowtie nanoantenna arrays on thermoplastic