The cash box contained three pence.
Risk is a hazard of just about any activity, although smash-and-grabs are not necessarily seen as the most serious risk presented to the hotel industry, even when successful. Whitbread Hotel Company, for example, identifies the number one risk as the death of a customer due to the company’s negligence.
Risk is a hot topic for managers because of The Turnbull Report. Published in September 1999 by the Institute of Chartered Accountants in England & Wales Internal Control Working Party, The Turnbull Report is clear about what risk means to companies. Paragraph 10 states that ‘a company’s system of internal control has a key role in the management of risks that are significant to the fulfilment of its business objectives. A sound system of internal control contributes to safeguarding the shareholders’ investment and the company’s assets.
Dr Rob Chapman, founder of risk consultant CAPRO Consulting says: ‘Risk management should underpin a company’s routine activities and is fundamental to its long-term prospects.’
He adds that risk management is not simply a matter for the finance director, but should permeate all levels of business activity and be embedded in the company culture.
It seems very likely that facilities professionals will be at the sharp end of risk mitigation and recovery.
But what is risk? Chris Smith, security and loss prevention manager for Whitbread Hotel Company, offers a simple, but wide ranging definition: ‘What is there out there that is going to harm you?’
He explains: ‘In about February 2000 we looked closely at what our responsibilities were. We had previously done a risk matrix and, with Turnbull, decided to revamp it.’ The matrix described the risk, picked the 10 most serious and categorised them as operation, and/or external and/or financial.
Plan of action
The company then carried out a severity and probability analysis. This identified the death of a customer, through the company’s negligence, as the top risk. The effects are devastating, of course for the victim’s family and individual hotel, but also for a company’s brand and by extension its share price. This compares to airlines. The risk of a crash is very remote, but when it happens it is front-page news. Witness Air France after Concorde.
The team then looked at existing standards and controls and identified monitoring and reporting procedures, including who has line responsibility.
‘For each risk,’ says Smith, ‘we asked if we had a recovery plan and had it tested.’
They were not just tested on the desktop. Two crisis management exercises were run, scripted by an outside agency and involved real journalists demanding the story.
‘It tested our ability to measure effectiveness, says Smith, adding that the exercises highlighted scope for improvement. A particular area for improvement was communication, both internal and external.
We track everything. I can tell you where the beef in this sandwich came from, when it was delivered and at what temperature it was stored
As already noted, the biggest risk was death of a customer or staff member through the company’s negligence.
For Whitbread Hotel Company the second most serious risk is extensive damage caused by fire. Fire highlights the way in which the management of risk can vary between sectors and even within: hotels have sprinklers as an integral part of fire protection, while pubs do not always, because layout can render them ineffective and a potential source of panic.
External risks on a similar scale to this include terrorism and violent crime. Such risks highlight the need for specialised preventative measures. ‘You were probably given a pretty good look over,’ says Smith, referring to the relaxed wait in the lobby of the County Hall Marriott in London, where the interview took place. These kinds of crimes require planning, and the company invests in profiling so that staff are more alert to suspicious characters. Also, whether through blackmail or simple complicity this is a risk that can become internal.
There are less intense risks, which can still create headaches. Legislation is one. No reputable company wants to be prosecuted for non-compliance to regulations and it is not just high profile things like fire regulations. ‘We live in a bureaucratically challenging environment, says Smith. So the requirement to get planning permission to cut down trees, although understandable, is tricky to monitor when a team of professional gardeners needs to be kept briefed. Such risks, although nowhere near as severe as those highlighted above, are much more frequent and consuming of management time. Hence their appearance in the top ten.
Food for thought
Perhaps surprisingly, given that many hotels are used for banquets, food poisoning ranks only seventh on the risk list. ‘We track everything. I can tell you where the beef in this sandwhich came from, when it was delivered and at what temperrature it was stored,’ says Smith. There is a clear defence of due diligence and if procedures are followed the only real risk comes from rare, but nasty, air-borne bugs. But, adds Smith ‘It is very emotive.’
With computerised booking and billing on the increase, breaches of IT security is a relatively new entrant to the list. Meanwhile, what turned out to be a non-risk in itself, the millennium bug, was a good opportunity to examine contingency planning.
Risk profiles do not only change between sectors. Moving up the corporate hierarchy raises fresh issues: what, for example, are the implications of a competitor’s activity: will it be subject to a takeover bid, for example? Have we identified how the sector is changing (what, for instance, are the implications of demand for internet access?) Although moving from the province of facilities professionals, this point emphasises Chapman’s point that awareness of risk must permeate the company.
Studying risk, especially while being mindful of Turnbull, generates the need for constant checking. Whitbread Hotel Company carries out monthly evaluations to see how risk profiles have changed (terrorism has not dropped down the list yet). ‘We have to be mindful of the question “Do we have sound business practices,”’ says Smith.
The arrival of Turnbull, combined with the company’s previous risk assessment work has ‘given the company a sensible perspective on risk’ says Smith. And it has moved the paradigm from insuring against risk to mitigation.
Smith says that this process fits with the company’s vision and values. ‘If we have a safe and secure environment, it’s got to be good for our staff, who feel safe and secure, and our customers and by extension our investors.’
This brings us to a sting in the tale of the attempted robbery from the city centre hotel. The thieves may have been outwitted by a quick-thinking cashier, but says Smith: ‘One young member of staff was absolutely terrified and could not return to work for three weeks.’
For any company such events bring home the critical nature of risk management.
Source
The Facilities Business
