A lion escapes from a zoo. This sounds like an actual nightmare. And yet such incidents have happened a few times in the past.

In such cases, zookeepers and emergency responders quickly attempt to locate the escaped lion and use tranquilizers to subdue the animal. Thanks to zoos’ well-designed safety measures, including regular cage maintenance and inspection, proper staff training and supervision, and emergency protocols, these situations can usually be handled quickly and without major damage.

Although such incidents are a frightening experience for all involved, zoos demonstrate their commitment to the safety and well-being of all visitors and staff. Visitors receive reassurance and are provided with updated information and counseling services while the zoo investigates the cause of the outbreak and takes corrective action to prevent future incidents. In general, normal operations can resume quickly and the zoo can continue to be perceived as a safe place.

Now you’re probably wondering what all this has to do with a blog about Enterprise Architecture? Read on to find out how our example relates to Enterprise Architecture Risk Management, bow ties, and, for all cheese lovers, Swiss cheese.

The Swiss Cheese Model and its relation to the Bowtie Risk Management Method

The Swiss cheese model states that multiple layers of defense or control barriers are required to prevent an adverse event from occurring.

Visual Representation of the Swiss Cheese Model

The Bowtie Risk Management Method can be viewed as a practical application of the Swiss Cheese Barrier Model. It is a visual and qualitative risk assessment tool that provides a clear understanding of the potential risks, threats, consequences and controls associated with a particular risk event.

It’s structured in the form of a “bow tie” with the risk event in the center, threats on the left, consequences on the right, and preventive and mitigative controls on either side of the “bow tie.”

Visual Representation of the Bowtie Risk Management Method

This method helps organizations identify and manage potential risks effectively, with a focus on prevention and mitigation.

How to create Bowtie models?

One of the most widely used languages for visualizing Enterprise Architectures is ArchiMate. The ArchiMate community is also addressing the question of how to model risk as part of their work on “Modeling Enterprise Risk Management and Security with the ArchiMate® Language”. That being said, before we get into Enterprise Architectures, let’s go back to our zoo example. The risk scenario might look like this in ArchiMate. The shape of the bow tie is clearly recognizable.

Example of an ArchiMate Bowtie Risk Management Model

After barriers or controls have been identified, the model could look like this.

Example of an ArchiMate Bowtie Risk Management Model including controls

However, barriers are never perfect. Even the best barriers can fail. That’s why you need to be aware of their quality. If you now use a heatmap, you can, for instance, highlight the barriers that don’t work in red. The ones that work well can be marked in green.

Example of a heatmapped ArchiMate Bowtie Risk Management Model

The implementation of controls can naturally also be modelled in ArchiMate. Elements such as business processes, roles, application and technology services are available for this purpose. However, this is a topic for another blog post.

Bowtie models embedded in an Architecture Risk Management approach

At this point, you’re probably wondering for which of your risks you should be creating bowtie models in the first place. Typically, you need to perform the following steps for your area of responsibility:

  • Identify risks: Identify all potential risks.
  • Analyse risks: Assess the likelihood and impact of each risk.
  • Assess risks: Determine the risk tolerance level.

By analysing your enterprise architecture, you can identify and collect all the potential relevant risks. One possible approach is to identify risks along the value chain.

Hint: Read our Milky Way Map Blog Post for more information on this approach.

You then proceed to evaluate the identified risks using a risk assessment matrix. It visualizes the risks together with the possible impact and their likelihood of occurrence.

Hint: Check out the Risk Assessment section in our “Boosting Enterprise Architecture – Five (EA) Services Every Team Lead Should Know” blog post.

This initial assessment often doesn’t go deep enough. In addition, critics of risk matrices argue that risk matrices are not objective tools and provide an illusion of control that can discourage key players from more actively managing risk. This is where our bowties come in. Bowtie models put action at the center. They help you better understand the risk situation and possible mitigation measures.

Bowtie models should therefore be created and coordinated for all risks identified as critical.

Why Bowtie modelling is a great extension to your EA

Bowtie modelling is an effective and valuable addition to your Enterprise Architecture (EA) strategy and offers the following benefits:

1. Clear and intuitive visualization

The Bowtie modelling approach provides a straightforward and easily understandable visual representation of potential risks, threats, consequences, and controls associated with a specific hazard or event. This visual representation simplifies risk information for stakeholders, facilitating their understanding and communication.

2. Identification of gaps and weaknesses

Utilizing this technique helps in identifying potential gaps or weaknesses in an organization’s defenses or controls. This identification enables proactive measures to strengthen risk management strategies and mitigate vulnerabilities effectively.

3. Effective risk communication

It further serves as a communication tool that promotes discussions and collaboration among various stakeholders, including employees, management, regulators, and external partners. It facilitates the exchange of risk-related information, ensuring everyone has a shared understanding of risks and control measures.

4. Cultivating a culture of continuous improvement

When applying the Bowtie modelling approach, organizations can foster a culture of continuous improvement. It offers a framework for ongoing monitoring and evaluation of risks and controls, allowing org

5. Comprehensive visibility and readiness

Last but not least, by integrating Bowtie models in your EA initiatives, your organization maintains complete visibility of all risks, preventive and mitigating controls, and their effectiveness and equips your organization to be well-prepared for current and future incidents.


The Bowtie Risk Management method provides a visually appealing and intuitive approach to risk management. It enables organizations to identify vulnerabilities, communicate risks effectively, drive continuous improvement, and maintain full visibility of risks and controls. By integrating the Bowtie modelling approach with your EA initiatives, your organization gains comprehensive visibility of risks and controls.

To build your Bowtie model efficiently and seamlessly, we recommend our renowned EA suite, ADOIT, built on the powerful ArchiMate modelling language that provides a practical solution for quick and effortless modeling.

Experience the benefits of ADOIT by trying it for free today and empower your entire organization to tackle current and future business transformations with confidence.

Get started with Bowtie Modelling with free tool support


Get expert advice on how to get these practices off the ground


Get the industry proven
EA tool.

Get our weekly updates.

Never miss the freshest content.

"*" indicates required fields

Send me latest scoop on...
Terms & Conditions*
This field is for validation purposes and should be left unchanged.