Causes and effects
Build your bow-tie by identifying what could trigger the risk and what would happen if it occurs. Access the bow-tie view from the Bow-tie tab on any risk detail page.
Adding causes
Causes appear on the left side of the bow-tie. Each cause represents an event or condition that could trigger the risk event.
How to add a cause
- 1Click "Add Cause" on the left side of the bow-tie diagram.
- 2Search for an existing event or type a new title to create one.
- 3The cause appears connected to the central risk event by a line.
Tip: Causes answer the question "What could trigger this risk?"
Adding effects
Effects appear on the right side of the bow-tie. Each effect represents a consequence that could follow if the risk materialises.
How to add an effect
- 1Click "Add Effect" on the right side of the bow-tie diagram.
- 2Search for an existing event or type a new title to create one.
- 3The effect appears connected from the central risk event by a line.
Tip: Effects answer the question "What happens if this risk occurs?"
Events can play multiple roles
The same event can serve as a cause for one risk and an effect for another. This reflects how risks cascade through an organisation.
- A "Server Outage" might be an effect of a "Power Failure" risk.
- The same "Server Outage" can be a cause of a "Data Loss" risk.
Use this to model risk cascades and identify critical points where a single measure can reduce exposure across multiple bow-ties.
Drag-and-drop to reorganise
Risk Companion supports drag-and-drop so you can reorganise your bow-tie as your understanding evolves. Drag causes up or down on the left side, or effects up or down on the right side, to reorder them visually.
Reordering items
Group related causes or effects together and prioritise by importance. You can also drag measures between connection lines if you realise a measure belongs on a different pathway.
Example: data breach risk
Causes (triggers):
- - Successful phishing attack
- - Unpatched software vulnerability
- - Insider threat or malicious employee
- - Third-party vendor compromise
- - Lost or stolen device
Effects (consequences):
- - Financial loss from regulatory fines
- - Reputational damage
- - Customer churn
- - Legal liability and lawsuits
- - Operational disruption
See also
- Creating measures — attach prevention and mitigation measures to your causes and effects
- Adding & managing risks — the risk detail page is where you build your bow-tie