Step 2. Identify causes and consequence scenarios
Causes and consequences for the bow-tie diagram are normally derived from the regulations as well as through consultation with risk owners and subject matter experts.
Common consequence scenarios for compliance risks (just a quick example, there is more) include:
| Risk area | Examples of consequence scenarios |
| Licensed activities and subsoil use |
|
| Environmental management (ecology) |
|
| Sanctions compliance |
|
| Anti-monopoly compliance |
|
| Tax compliance |
|
| Fire supervision, emergency protection |
|
| Labor and industrial safety |
|
| Covenant compliance |
|
| Economic and information security, state secret |
|
| Land and property relations |
|
| Construction and reconstruction of hazardous facilities |
|
| Physical security of production facilities and vehicles |
|
An example for a bow-tie for a typical compliance risk is presented below:
Where, V – means several events can occur at the same time, and XOR means the variability of either one event or the other. For example, fines can be either for three days of water pollution (small), or for a year (moderate) or three years (large), and criminal prosecution and termination of business can occur simultaneously.
To be continued…
Check out other decision making books
RISK-ACADEMY offers online courses
Informed Risk Taking
Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!
ISO31000 Integrating Risk Management
Alex Sidorenko, known for his risk management blog http://www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.
Advanced Risk Governance
This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.
