Printer Friendly

Viewing risk from a high level: where FMEA, fault tree and other risk management methods drill down to the tiniest detail, Bow Tie methods allow for a broader view of risk throughout the enterprise.

Pharmaceutical manufacturers face large and complex risks in developing and manufacturing drugs. The costs of failure, particularly compliance failure (Box), can be extremely high. Today, a growing number of drug companies are applying modem risk management methods, including FMEA, HAZOP, Fault Tree and Fishbone analysis, to ensure control over day-today risks.

This article will briefly introduce a method that is relatively new to many pharma companies, "Bow Tie" risk management, and show how it might prove a useful addition to a pharmaceutical manufacturer's risk management tool kit.

The approach differs from the more established methods in that it allows for a higher-level view into potential risks at the enterprise level. Where Fault Tree and other methods can get very detailed and specific, in some cases down to the level of the individual valve, Bow Tie allows for a quick overview, and can facilitate communication about risk with both senior management and the plant floor.

How and when the method originated is not completely clear, but the first Bow Tie risk diagrams are said to have appeared at the UK petrochemicals company, ICI, in lecture notes taken from a hazard analysis course given at the University of Queensland, Australia in 1979.

In 1988, a catastrophic incident on the Piper Alpha oil platform in Scotland's North Sea, which killed 167 men, served as a wakeup call to the oil and gas industry, prompting companies to adopt better risk-management practices.

Lord Cullen, senior member of the Scottish judiciary, studied the accident for 13 months, and issued a report that drew attention to the industry's insufficient understanding of risk. The rig was undergoing maintenance, but was still in full production.

After the report was released, petrochemical companies moved to increase their grasp of potential operating hazards and their accompanying risks, and began to use formal risk management methods to gain insight in the causality of seemingly independent events and conditions. The goal: a systemic and systematic way to prevent catastrophic accidents.

In the early 1990s, the Royal Dutch / Shell Group adopted the Bow Tie method as a company standard for analyzing and managing risks. Shell facilitated extensive research in the application of the Bow Tie method and developed its own best practices for applying the method. The company's main motivation was assuring that appropriate risk barriers were put in place, consistently, throughout all of its global operations.

After Shell adopted it, the Bow Tie method rapidly gained support throughout the industry, as Bow Tie diagrams appeared to be a suitable visual tool to keep overview of risk management practices, rather than replacing any of the commonly used systems.

Within the past decade, the method has moved beyond oil and gas to other industries, including aviation, chemical and healthcare, including pharma.


Bow Tie was created by combining two fairly well-known risk analysis tools: Fault Trees and Event Trees. (Figure 1) Fault Trees flow from bottom to top and show all the ways in which the top event (point at which control over a hazard is lost) can happen. They have gauges that model whether barriers to a hazard are parallel or sequential.

Event Trees work the other way around. They start with a single event, and model what consequences can result from that. They do that by featuring combinations of conditions, so that, based on a particular combination, a certain consequence can occur. Event trees can also include calculated frequencies for their consequences.

Bow Tie uses elements from both Fault Tree and Event Tree approaches, providing a simpler, less detailed view (Figure 2). Removing some of the complexity has some consequences, but it makes the method an excellent risk communication tool for reaching, not only top management but all levels within the organization.

In developing a Bow Tie analysis (Figure 3), the first step is identifying hazards. A hazard is anything that can potentially harm safety, health, the environment, property, plant, products, or corporate reputation. Often, things are not innately hazardous, but have the potential to become hazards, under the right conditions. For instance, a glass of water isn't dangerous in itself, but if you knock it over it could destroy your laptop or electronics.

The next step is to define what you are trying to prevent (for instance, a rig explosion). In Bow Tie, these are referred to as top events or critical events (different industries and different countries may use slightly different terms for the same concepts), informally and universally known as the "oh, #$%* *" moments. These are events because you try to prevent them from happening because you are afraid of the potential consequences.

During the top event, a hazard is released, and that release maybe only the first event in a chain of negative events with undesired consequences.

The goal is to prevent that top event, and subsequent events that can lead to losses and damage.

Consequences, in Bow Tie methodology, are defined as unwanted events resulting from release of the hazard. The term denotes risk, not the severity of that risk.

The next step is defining preventive measures, or barriers that would prevent events from happening. A barrier can be any measure taken that acts against some undesirable force or intention, in order to maintain a desired state. This requires asking questions like: "What do we have in place to make sure that this doesn't happen?"

The primary purpose of risk evaluation and management is to identify how adequate the adequacy of existing preventive steps, or barriers are (these can be engineered barriers, procedural barriers or management barriers), and to identify where additional barriers are necessary. It is important to remember that the actual risk cannot be reduced until a new risk barrier measure has been fully implemented.

At this stage, one defines how the organization is preventing certain events from taking place, asking such questions as:

* Can the causes be eliminated?

* Is there a better way?

* How can the Top Event be prevented?

* How effective are the barriers?

* What is being barriered? Is it a threat, a top event, or a consequence?

* Is the effect delivered before or after the top event?

The next step involves defining "escalation factors/' conditions that could lead to a barrier failing or becoming less effective. An example would be an earthquake, which could lead to cracking in the protective concrete floor surrounding pipelines.


One can then develop "escalation factor barriers" to prevent escalation factors from weakening preventive measures. These barriers do not operate directly on the possible cause but act upon the possible escalation factors

This article was meant as a brief introduction to the Bow Tie risk assessment and management method. (For insights on how Celgene Corp. has been evaluating the method, see Box, p. 88).

To summarize, Bow Tie is another risk management tool available to pharmaceutical manufacturers today, to help prevent noncompliance, damage and loss. The method can:

* Enable structural thinking about underlying causes, which can result in proactive and reactive risk barriers

* Allow organizations to dig deeper into implicit knowledge throughout the enterprise, and make it explicit.

* Uncover hidden dependencies, for instance, cases where a single job title might either permit or prevent an entire line of threats

* Help facilitate more effective communication with both managers and workers on the plant floor.

Because it is visual and intuitive, and gives an overview, it can be easily understood by all layers in any organization.


* $3 Billion Criminal plea for HCC (GSK, 2012)

* $515 Million for HCC (BMS, 2007)

* $520 Million for HCC (AZ, 2010)

* $634 Million for HCC, w/Criminal (Purdue, 2007)

* And many others, resulting in:

* Deferred Prosecution Agreements

* Corporate Integrity Agreements

* Consent Decrees

* Huge Settlement Amounts

* Criminal prosecution (both corporate and individual)

* Debarment from Government Payer programs OR personal debarment from working in industry

* The Bottom Line

* Risks are Complex


Celgene Corporation is evaluating Bow Tie methodology as part of a pilot program that aims to provide a "big picture," enterprise-level view of compliance and risk metrics. The pilot's goal is to demonstrate proof of concept for an enterprise compliance dashboard using Bow Tie methods, as Kenneth Ray, Senior Director of Corporate Compliance and Governance at Celgene, explained at a webcast hosted by Contract Pharma in July (for more information, visit The goal, Ray said, is to drive decisions on the most important issues, and the areas that might be most vulnerable.

Currently, at many pharma companies, it can be easy to get lost in complexity. Celgene is aiming for an information- driven reflection of reality, he said.

Right now the company is focusing on the left side of the Bow Tie, control, and identifying controls for each threat that is identified. These controls can take the form of policies, procedures, activities or technologies.

Figure 4 shows a hypothetical example of how Bow Tie analysis would treat the potential risk of off-label promotion.

Work so far has shown that the same or similar threats can appear in multiple business activities, so Bow Tie analyses can be linked, Ray said. At this point, he explains, Celgene is identifying data to inform the control framework, including audits, operations, processes, records, and reports. This data typically resides in individual business functions, and is process or workflow oriented.

In addition, Celgene's pilot is also looking at audit and assessment data, including independent assessments of the effectiveness of different procesees, as well as sampling.

Anecdotal data is also being collected, including observations and notes from employee interviews. "All these forms of data have value in the control framework," Ray said.

So far, Celgene's pilot has developed the following:

* 3-4 Compliance oriented Bowtie Control frameworks Core quality system modules to provide Operational data for GxP functions (4 modules)

* Enterprise Regulatory Inspections Module

* Enterprise Compliance Hotline Module

Ray expects Celgene to roll out its Enterprise Audit Module during the third quarter of this year. The company is piloting the identification, capture and transfer of existing assessment data into the framework, as well asestablishing governance and taxonomy. He expects Celgene to be able to use the Control Framework as part of its 2015 HCC Audit Risk Assessment and Audit Plan.

Robert Dodd

Aloft Aviation Consulting

ROBERT DODD spent several years at Quantas, and managed his own consulting firm providing aviation safety management and regulatory advice, As a General Manager with Australia's Civil Aviation Safety Authority, he helped guide the newly formed organization into a new world of system based safety regulation. Bob consults for a number of different industries, including pharmaceuticals and healthcare, He can be reached at
COPYRIGHT 2014 Rodman Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Dodd, Robert
Publication:Contract Pharma
Date:Sep 1, 2014
Previous Article:Risk and quality management: connecting the dots: a brief review of pharma's new thinking regarding quality and risk management, and key risk...
Next Article:Taking a proactive approach to patient safety monitoring: stringent pharmacovigilance standards are needed during drug development and post-approval...

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters