Junior explorers rely on six control categories. Not all are equally reliable. Controls that are tested, scheduled, and owned hold. Controls written and assumed to work without verification are decorative.
| Control type | What it is | Test: will it hold? |
|---|---|---|
| Engineering | Physical barrier, maintenance, design. Eg. rig certification, ground strapping, water suppression. | Yes, if: built into design, maintained on schedule, defects trigger immediate suspension. No, if: one-time approval with no refresh. |
| Procedural | Written process or protocol. Eg. traffic plan, incident response, shift handover. | Yes, if: taught before work, tested quarterly, breaches trigger investigation. No, if: written and filed but nobody reads it. |
| PPE | Personal protective equipment. Eg. hard hats, high-visibility vests, harnesses. | Yes, if: task-specific, fitted to person, compliance checked visually each shift. No, if: handed out at induction and assumed in use. |
| Training | Initial competency and refresh. Eg. rig operator certification, WHS induction, rescue procedures. | Yes, if: role-specific, refreshed annually, competency re-tested. No, if: one-off at hire and never updated. |
| Supervision | Direct oversight and decision authority. Eg. site supervisor, drill manager, safety officer. | Yes, if: one person accountable, has authority to stop work, does so. No, if: everyone's job and nobody's accountable. |
| Assurance | Audit, inspection, check. Eg. rig pre-shift inspection, monthly safety audit, WHS spot check. | Yes, if: happens on schedule, uses checklist, defects logged and tracked. No, if: ad hoc with findings going nowhere. |
A bowtie is the control map that a risk register cannot show you. It surfaces the chain of failures that could let a hazard turn into a disaster. Bowties are usually built by consultants at five grand a pop, presented in colour-coded decks, filed, and then ignored. A junior's ARC does not need the deck. It needs the method.
A risk register is a ledger. It says: we have a risk, it has a likelihood and a consequence, we have rated it high, and we have controls. A bowtie is a logic chain. It says: we have a top event, here are the things that could cause it, here are the consequences, here are the controls that stop each cause, and here are the controls that limit each consequence.
A register will tell you that drilling fatality is red. A bowtie will show you that fatality is one consequence of a drill-rig collapse, which flows from: rig instability, crew fatigue, unexpected ground conditions, or vehicle interaction. The bowtie then names which controls prevent each threat and which controls limit each consequence.
Do not build a bowtie for every line on the risk register. A junior explorer with thirty registered risks does not have time to bowtie all thirty. Pick the three to five events that would kill the company or kill a person. For most juniors exploring, those are drilling fatality, major environmental non-compliance with regulator enforcement, and loss of tenure.
The selection is simple: if the event triggered director enforcement, ASIC investigation, suspension from the ASX listing, or a funeral, it gets a bowtie. Everything else is managed through the register with a standard control checklist. The bowtie is reserved for what matters.
Start with the top event as one sentence: "A member of the drilling crew is fatally injured during an active drilling programme." The top event is the endpoint. Everything else flows from it.
On the left side of the bowtie, name the threats: rig structural failure, crew member lost situational awareness, ground collapse around rig, vehicle/rig collision. Each threat must have preventive controls. For rig failure: certification before site arrival, daily pre-shift inspection, immediate work suspension if defects appear. For crew fatigue: shift limits, roster management to avoid back-to-back shifts, fitness-for-duty checks. For ground conditions: geotechnical assessment before drilling. For vehicle interaction: traffic management plan and safety perimeter.
On the right side, name the consequences branching from fatality: serious injury (others on site), regulatory enforcement (WorkCover investigation), loss of licence to operate (regulator suspension of future drilling). For each consequence, name mitigative controls. For fatality itself: on-site paramedic or medical training, emergency protocols, rapid transport access. For enforcement: documented procedures, incident investigation, regulator engagement. For loss of licence: regulator communication and evidence of corrective action.
Your bowtie now shows: hazard, four threats, four consequences, preventive control lines, mitigative control lines. It fits on a whiteboard or a spreadsheet.
For each control on the bowtie, ask: how would I prove this control actually works? If you cannot describe a test, the control is aspirational. If the test exists but is not documented, the control is undisciplined. If the test exists and is documented but has not been run this quarter, the control is out of service. The ARC question lands here: has this control been tested in the past ninety days, and by whom?
A control that cannot be tested is not a control. It is a wish.
The ARC can tell the difference
The ARC will approach the bowtie with three questions. If your bowtie shows tests, backups, and named owners, you will pass. If it shows engineering controls that are "designed" but not inspected, or procedural controls that are written but not trained, or supervision that is "everyone's responsibility", the ARC will flag it as a gap.
Have you tested the preventive controls recently, or are you assuming? If assumption, the control is unverified. The control regularly tested by someone other than the owner is the one that holds.
Is this a single point of failure? If a fatigue control slips because the roster manager is on leave, does a second control still hold — a deputy or supervisor with authority to pull the operator?
Is there a named person whose job includes owning this line? If accountability is diffuse, the ARC will assume it is nobody's job. A bowtie with no owner is a museum piece.
The bowtie is not a replacement for the risk register. It is the detail layer underneath it. The register has one line: "Drilling fatality — high — red." The bowtie attached to that line answers: what would have to fail for this fatality to happen, and what controls are we running to stop it?
Five moves. Done in one board cycle, they take the bowtie from a one-off whiteboard exercise to a working evidence layer the ARC can rely on.
The ISO 31000 register that fits on one page, with the director-duty overlay.
Read pillar →Thirty pre-populated risks. Attach your bowtie as the detail layer.
Get the template →Limb (f) verification runs on the evidence your bowtie produces.
Read article →Tuned for the junior miner operating rhythm: quarterly lodgement windows, AGM timing, tenement renewal cycles, and the regulatory news that actually matters.
Bring your register and existing bowties. We'll sense-check the threat chains and flag controls that are doing work versus decorative.