What does the bowtie model in risk management illustrate?

The bowtie model in risk management is a comprehensive tool that visually represents the relationship between risks, their potential consequences, and the controls in place to manage them. This model is particularly effective because it clearly illustrates both proactive and reactive measures for managing risks.

In the center of the bowtie diagram is the risk event, which is shown in the middle, flanked by two sides. On the left side are the various risk factors or causes that may lead to the occurrence of this risk event, while on the right side, the consequences of the risk event are depicted. The proactive controls, often referred to as preventative measures or risk mitigations, are illustrated on the left, indicating actions taken to prevent the risk from occurring. Reactively, on the right side, the controls show responses or measures taken to manage the consequences if the risk event does occur.

This dual aspect of the model—addressing both prevention and response—is what makes it a powerful tool in operational risk management, helping organizations to visualize and improve their risk management strategies by ensuring that they are not only prepared for potential problems but also equipped to deal with them should they arise.