Bowtie analysis risk management software: how Risk Companion makes it work for any team

Bowtie analysis has spent most of its life locked inside specialist software that many organisations cannot afford, cannot justify, and cannot maintain without a dedicated risk team. The methodology is excellent, but the accessibility has always held it back.

Bowtie analysis risk management software connects causes, risk events, and consequences in a single visual model, with preventive barriers on the left and recovery barriers on the right. When it works, it gives your team a shared understanding of a risk that a row in a spreadsheet never quite manages. The question is whether you need a dedicated bowtie tool to get there, or whether bowtie thinking can be part of your everyday risk workflow.

We think bowtie thinking belongs in your everyday workflow, and the rest of this article explains why.

Where bow-tie diagrams came from, and why they spread

The bow-tie method emerged from safety engineering in the late 1970s as a structured way to visualise fault trees and event trees together. Shell adopted and popularised it in the 1990s as a core part of its process safety management approach, and from there it spread across the oil and gas, chemical, and aviation industries, where the cost of getting risk wrong is measured in lives and catastrophic asset losses.

The method works because it forces two questions at once: what could cause this risk event, and what happens if it occurs? Other risk analysis tools typically ask one or the other, with a fault tree working backwards from an event to find causes and an event tree working forwards to model consequences. A bow-tie does both at the same time, in one diagram your entire team can read.

The reason bow-tie diagrams became standard in high-hazard industries is precisely the reason they are underused everywhere else. The dedicated tools, BowTieXP, Bowtie Master, Synergi Life, and their equivalents, were built for process safety engineers and HSE specialists in large organisations with the budget and the expertise to support them. An SME or mid-market team cannot sustain that overhead, and so a methodology that genuinely improves risk thinking stays out of reach.

What a bow-tie diagram actually contains

A bow-tie has five structural elements:

The central risk event sits in the middle. This is the thing that could happen: a data breach, a key contractor failure, a regulatory enforcement action, a production shutdown. It is specific and stated as a concrete event rather than a general worry.

Causes appear on the left. These are the conditions or failures that could trigger the central event. A data breach might have causes including unpatched software, phishing exposure, or a misconfigured access control. Mapping these causes explicitly forces you to think about where the risk actually originates, breaking a single undifferentiated threat into the specific conditions that produce it.

Consequences appear on the right. If the central event occurs, what follows? A data breach might lead to regulatory fines, customer notification costs, reputational damage, and operational disruption. These are distinct consequences with different owners and different response requirements.

Preventive measures sit between the causes and the central event. They are barriers that reduce the probability of the event occurring at all: patching schedules, phishing simulations, access reviews. In bow-tie methodology, these are sometimes called threat barriers or prevention controls.

Recovery measures sit between the central event and the consequences. They cannot stop the event but they limit the damage once it happens: an incident response plan, a communications protocol, cyber insurance, a backup and recovery procedure.

That left-right structure carries real weight. The distinction between preventive and recovery measures changes how you allocate resources, how you assign owners, and how you evaluate whether your risk posture is actually improving.

How bow-ties work in Risk Companion

In Risk Companion, every risk in the register can have a bow-tie diagram attached to it. You start with the central risk event, which is the risk you have already defined in the register. From there, you map causes on the left and consequences on the right.

Then you add measures. Preventive measures attach to the left side, between each cause and the event. Recovery measures attach to the right side, between the event and each consequence. These are measures tracked directly in the Risk Companion register, each one with an owner, a due date, and a progress tracking status.

That connection is what makes the bow-tie useful beyond the workshop where it was drawn.

Picture a construction project manager building a bow-tie for the risk of a key subcontractor defaulting mid-project. The causes on the left might include cash flow pressure on the subcontractor, lack of performance bond, and inadequate pre-qualification. The consequences on the right might include programme delay, cost overruns from emergency procurement, and contractual disputes. The preventive measures attach to those causes: financial health checks at onboarding, a performance bond requirement in the contract, a quarterly review process. The recovery measures attach to the consequences: a vetted backup supplier list, a delay claim mechanism, a defined escalation path to the project board.

Every one of those measures is owned by a named person, has a due date, and appears in the team's measure view. The bow-tie diagram shows the structure, and the register makes someone accountable for carrying it out.

That is the barrier management problem many organisations never actually solve: diagrams and action tracking live in different places, so a barrier can look complete in the diagram while the underlying measure is sitting with no owner and no progress. Connecting bow-ties to measures closes that gap without requiring two systems.

The argument for prevention and recovery as separate categories

We think the preventive-recovery distinction is the most practically valuable thing about bow-tie thinking, and it is consistently underused.

When teams list risk measures without distinguishing between prevention and recovery, they tend to over-index on preventive controls because those feel more proactive. The recovery side gets thinner attention, which means that when a risk event does occur, the response gets improvised on the spot instead of following a plan that was already in place.

A bow-tie makes the imbalance visible. If your left side has eight measures and your right side has one, you are probably underinvested in recovery. That is a useful thing to know before the event happens, and a probability-impact score has no way of showing it.

This is also where bow-tie thinking connects to cause and effect analysis in a way that enriches your assessment. Understanding which causes have strong preventive barriers and which are exposed changes how you score probability. Understanding which consequences have limited recovery measures changes how you score impact. The bow-tie and the assessment inform each other.

When bow-tie analysis is worth doing

Bow-tie diagrams take time to build well. A single risk with four causes, three consequences, and a full set of measures on both sides is a serious piece of work. The question worth asking is whether that level of analysis is warranted.

Our view: it is warranted for risks that are high-consequence, complex in their causation, or genuinely hard to communicate to a non-specialist audience. If a risk is simple, well-understood, and low-stakes, a standard register entry with a current assessment and a couple of measures is enough.

The risks where bow-tie thinking adds the most are the ones where:

• Multiple distinct causes require separate preventive measures
• The consequences vary significantly depending on when the event is caught
• Ownership of prevention and recovery sits with different teams
• You need to communicate the risk to a board, a client, or a regulator who needs to understand the whole picture without reading the register

For the typical organisation, that is a subset of their register, perhaps ten to twenty percent of risks. The rest get assessed and measured without a full bow-tie.

Dedicated bow-tie tools are built for environments where nearly every risk warrants this depth of analysis, because the regulatory or safety stakes require it. For SMEs and mid-market teams, the right approach is to reserve bow-tie analysis for the risks that genuinely need it, using a tool that connects that analysis directly to the rest of your risk management process and keeps it out of a separate diagram file nobody opens again.

Bow-tie analysis in Risk Companion compared with dedicated bowtie software

BowTieXP and Bowtie Master are excellent tools for what they are designed for. They are built for high-hazard industries with specialist HSE teams, and they offer depth in barrier classification, regulatory reporting, and process safety management that goes well beyond what Risk Companion provides.

If you are managing major hazard installations, running a barrier integrity programme for an offshore facility, or operating under COMAH regulations in the UK, you probably need one of those tools. Risk Companion is the wrong fit.

But the majority of organisations using spreadsheets or generic project management tools to track risk are in a different situation entirely. They want to understand their risks better, communicate them more clearly, and make sure the barriers they identify are actually being managed. A dedicated bowtie diagram software tool adds implementation effort, licensing costs, and a training curve that is hard to justify when only twenty risks a year warrant that level of analysis, out of a register many times that size.

Risk Companion gives you bowtie analysis as part of an integrated risk register, without the overhead of a separate system. The bow-tie is one way of working with a risk, alongside the risk matrix, the current and target assessments, and the measures view, applied selectively to the risks that need that level of depth.

What the AI adds to bow-tie building

One of the reasons bow-tie analysis stays in specialist tools is that starting from a blank diagram is hard. People tend to stare at the central event and struggle to generate causes and consequences systematically under workshop conditions.

Risk Companion's AI risk identification here. The AI can suggest causes and effects for an existing risk based on the risk description and category, giving your team a populated draft to react to from the outset. The suggestions are options for your team to accept, refine, or reject. Starting from a populated draft changes the quality of the conversation in a workshop, and it changes the time it takes to get from a blank diagram to something useful.

The part that matters most

A bow-tie diagram that sits in a file and never gets updated is decoration. The value of the methodology lives in the thinking the diagram forces you to do, and in the measures that thinking produces.

When causes are named, someone can be accountable for reducing them. When consequences are named, someone can be accountable for limiting them. When preventive and recovery measures are distinct, the gap between them becomes visible and manageable.

That is what bow-tie analysis delivers, if the tool you are using connects the diagram to the work.

Risk Companion's free 14-day trial includes the bow-tie feature alongside the full risk register, so you can build a real bow-tie for one of your high-consequence risks and see whether the causes-and-consequences structure changes the conversation you have around it. No credit card needed.