Risk Management Assignment: Case Study Analysis Of Clean Hotels Limited

Question

Task:
Emerging risks board paper

Background information
A small hotel chain, Clean Hotels Limited (Clean Hotels), operates in Australia, New Zealand, and the United Kingdom in the following locations:

Sydney, Australia
Melbourne, Australia
Auckland, New Zealand
Edinburgh, Scotland
Glasgow, Scotland
Liverpool, England
Brighton, England.

Clean Hotels operates mid-tier hotels that cater to families, couples, friends, and some business travellers. The business directly invests in good quality, freehold properties in key locations in the cities in which it operates.

Clean Hotels has experienced strong revenue growth and has expanded over the last few years. Recent events have caused a reduction in revenue and, therefore, profitability; however, it has managed to remain sustainable. Clean Hotels’ strategy of acquiring hotels and freehold land has ensured it maintains control over all aspects of the hotel operation; however, it does mean the business is highly leveraged.

The hotel industry generally operates on tight margins, therefore changes in cost structure can have a major impact on hotel operations and services; when fixed costs change, only variable costs linked to customer service can be adjusted.

Clean Hotels is considered a niche hotel chain; its focus market is non-business travellers looking to stay in major cities. The business competes with similar niche hotels, as well as larger hotel chains. Many customers are pricesensitive, but are still looking for a personalised touch and a high standard of customer service. Competitors use automated processes and have introduced emerging technologies to enable higher levels of service to be provided, while still maintaining cost control to ensure rates remain competitive.

Additional information
Technology

Clean Hotels believes that, since it has introduced change effectively in recent times, by integrating hotels into the group, any introduction of new technology could also be implemented effectively.

However, where new technology has been introduced in the past, implementation has generally been late and over budget. At times, it has not met the needs of the business. The IT department has no clear policy on how new technology should be implemented, or what direction the business should take with technology, apart from the strategic priority identified by the board (see below).

Reputation management
As a niche hotel chain, Clean Hotels values its reputation and seeks to maintain this reputation by delivering on its strategy, while still operating its business within broader societal expectations.

Clean Hotels aims to be carbon neutral through the acquisition of renewable energy products and considering its carbon footprint in all decisions. The business believes this is a key element when creating authentic customer experiences and relationships, which is one of the strategic objectives noted by the board (see below).
Clean Hotels also understands its reputation is reliant on employee satisfaction and engagement, and that a key driver of employee engagement is wellbeing, health and safety. The business considers itself to be compliant with all key requirements; unfortunately, a recent increase in incidents has caused concern. Following investigations of incidents resulting in injury, it has become clear that many were avoidable as similar near miss events had occurred in the past. Near misses are reported to supervisors, and each supervisor has their own process for tracking and reporting near misses and incidents; they are rarely shared between departments.
The board believes a strong risk culture is required to deliver on its strategies and that risk culture starts at the top, ie the board. The board includes experienced professionals, however a board gap analysis identified that the CFO manages legal risks, as opposed to a general counsel, and uses several legal firms for ad hoc matters.
The board believes introducing a whistleblowing policy and improving risk management systems are key to improving the risk culture and delivering on its strategies.

The board
The board consists of the Chairperson, Chief Executive Officer (CEO), Chief Financial Officer (CFO (and Board Secretary)) and four independent non-executive directors. The board members are responsible for strategy, performance, people and risk. Their top strategic objectives are:

1. to innovate and grow the Clean Hotels brand through the acquisition of additional hotels in current markets

2. to create authentic customer experiences and relationships

3. to integrate emerging technologies to improve value for Clean Hotels and improve the overall customer experience.

The Board has recently implemented a risk and audit committee, which includes three independent non-executive directors, one of which is the chairperson.

Risk and audit committee
At the first risk and audit committee meeting, there were two agenda items:

1. The CFO was asked to present the RAS, risk register and risk matrix of the key business risks for the committee’s consideration at the next meeting.

2. At a recent board meeting, it was noted that one of the board members attended a presentation from an internet of things (IoT) vendor (software supplier). The vendor, Biz4intellia (see https://www.biz4intellia.com/iot-in-hospitality/) is planning to expand into Australia, Asia and the United Kingdom. The presentation was impressive, and the board member believes that the software could help the Clean Hotels chain achieve its three strategic objectives and manage principal risks. The other board members are not convinced and have asked the risk and audit committee to consider the benefits of introducing Biz4intellia and the impacts on Clean Hotels’ risk management process.

At the second risk and audit committee meeting, the following was noted:

1. The CFO presented the work to date to the risk and audit committee in a paper. An extract from the paper is attached and shows the current RAS and risk register.

2. The risk and audit committee reviewed the paper; while it is a good start, it appears the risk management process requires some further work. The CFO advised that he does not have time to complete the requirements.

3. The CFO agreed to consider how the introduction of Biz4intellia would impact Clean Hotels, as well as its risk management process, at the next risk and audit committee meeting.

4. Committee members discussed several articles relating to technology implementation and the importance of cyber security they had come across recently and asked that these be considered.

https://www.cyberscoop.com/sabre-corp-data-breach-settlement/
https://www.forbes.com/sites/forbestechcouncil/2021/01/11/four-reasons-why-new-tech-fails-and-how-to-avoidthese-pitfalls/?sh=669fecb05b1f
https://www.business2community.com/digital-marketing/digital-transformations-and-why-businesses-fail-toimplement-them-properly-02376009

The following was recorded in the committee minutes:

Motion
That the risk and audit committee receive the paper and engage an external consultant to:

review the risk register and make any recommendations to ensure the risk register aligns with the RAS and that both include all key business risks
assess the Biz4intellia solution as proposed by the Board and how the introduction of Biz4intellia would impact the existing risk management process.

Both are to be presented at the next risk and audit committee meeting in the form of a board paper. The motion was unanimously agreed.’

Your task
You are an external consultant and the CFO has asked you to produce a report for Clean Hotels’ risk and audit committee. The report should be evidence-based using credible sources, and no more than 1,000 words.

Clean Hotels has advised that where risks and controls are listed, they should be assumed to be effective. Risk assessment of likelihood and impact is also deemed to be correct based on the controls in place. However, Clean Hotels does not believe all its strategic objectives are included in the risk register.

Some resources that could be used in the paper are listed below. You can also use other resources. Any sources used in the paper need to be appropriately referenced.

1. Kansakar, P., Munir, A. and Shabani, N., 2019. ‘Technology in the hospitality industry: Prospects and challenges’, IEEE Consumer Electronics Magazine, vol. 8, no. 3, pp.60-65.

2. IoT Alliance Australia Resources: https://iot.org.au/resources/

Requirements to be covered in this risk management assignment
The CFO requires you to focus on the following items in your report:

1. Evaluate the current risk management for Clean Hotels (excluding Biz4intellia):

a) Identify where the RAS is misaligned with the risk register and make relevant recommendations to the risk and audit committee.

b) Considering Clean Hotels' strategic objectives, assess which risk category is missing from the RAS and risk register. Recommend four steps management should take to include the identified risk in the risk management process.

2. For the proposed Biz4intellia solution:

a) Evaluate how introducing the Biz4intellia IoT solution will increase or decrease the residual risk rating for one relevant risk listed in the risk register.

b) Previous Clean Hotels projects have not been well managed due to poor risk identification and management. For each of the following project risk categories, evaluate one key risk and one potential mitigation strategy (for the selected risk) that Clean Hotels should consider for the project implementation of the Biz4intellia IoT solution:

i. project scope - what needs to be achieved to deliver the project

ii. project schedule - what needs to be done, which resources must be utilised, and when the project is due

iii. project cost - total funds needed to monetarily cover and complete the project scope

iv. customer acceptance - the extent to which a consumer will use a certain innovation

v. staff acceptance - employee acceptance of the strategic objectives and goals

vi. information technology (IT) - management of increased cyber security risks and ensuring access to appropriate technology.

c) Continuing on from the customer acceptance section in b) above, evaluate one relevant ethical issue to be considered, and explain why this issue is important to Clean Hotels

Answer

Executive summary

The case study examined in the present context of risk management assignment discusses about the areas of misalignment between the RAS and risk register. It further gives recommendation to fix the misalignment. The later part of the study gives a brief about one missing risk category and provides with the mitigation strategies. Lastly, the case study focuses on the IoT technology and its integration in the company.

Background

Clean hotels are set up in major locations in the city and serve business travelers, friends, couples, and families. All organizations must focus on the ways to tackle unpredicted risks and calmly respond to them. The global pandemic has forced the Chief risk officers to reassess their risk management and finding better ways to understand the risk that will help in decision making.

1 A. Areas of misalignment between RAS and the risk register with recommendations

The four areas of misalignment between the RAS and the risk register:

Risk Category	Risk Ratings		Recommendations
Risk Category	RAS	Risk register
Pandemic	Moderate	High	The pandemic must plan on the basis of PPRR model. The model comprises of prevention, preparedness, response, recovery. Identification of contingency plans, considering the financial implications, cross-skilling, telecommunicating must be arranged, work health and safety inductions must be conducted, Personal Protection Equipment must be provided to the employees.
Legal, ethical, and regulatory compliance	Low	Moderate	Identification of complications by putting a framework The primary step of an organization is to develop a framework to ensure that the company understands and identifies its liabilities, obligations, and duties towards the employee as well as the government. Implementation of new cadence to check updated or new compliances that can be accommodated by the organization (Papazafeiropoulou, and Spanaki, 2016). Certain software is there that can identify and organize the policies, regulations, and legislation in one place. Assessment of risk Assessment of risk is an important measure to identify the threats that might be risky for an organization. If any compliance has not complied into the organization it can lead to a potential risk for the organization (Brandis, et.al., 2019). Thus after knowing the compliance obligations, it is necessary to conduct a risk assessment. Incorporation of procedures and policies to meet the compliance An organization must make certain procedures and policies may be in the form of contracts to make sure that obligations are fulfilled on time. Certain employees should be given this responsibility so that the application of standards is monitored and subsequent planning is done to overcome the risk. Compliance management reports It is necessary to regularly report on the compliance environment of an organization. Internal or external audits will help to monitor the compliance and check if all the criteria are met (Brandis, et.al., 2019).
Health and safety	Low	Moderate	A group of technically strong engineers must train each employee to create awareness and improvise the working techniques. A training session should be conducted for the new joinees and must be provided with learning material. Also, periodic sessions must be taken on health and safety concepts.
Digital transformation	Low	Moderate	Implementing IoT technology into hotels with bringing immense profits to the company and customer satisfaction. Implementing IoT services will improve the maintenance of the company premises with effective cost. Using IoT-powered devices will improve the guest experience and entire convenience (Mercan, et.al., 2020). Implementing smart rooms like smart door locks, automated room lights, temperature control allows the standard of living to the guests and thus increases the business. Smart room sustainability is another essential aspect that comes along with IoT integration. It saves the operating cost and improves the business profits (Amer, and Alqhtani, 2019).

1B. Missing risk category

Environmental risk

To ensure ethical and good business practices the organization must follow certain policies, and regulations that are incorporated by the government bodies. Not incorporating such regulations and policies into an organization may lead to penalty charges, fines, loss of work time, and cleanup cost (Accastello, et.al., 2019). Environmental risk may hamper the organization to achieve its objectives and operations of the business. It is very difficult to navigate the changing rules and regulations regarding the waste generation, safety and hazards, and environmental factors thus environmental risk management is important for the sustainable growth of the company. It is important for the organization and the committee members to understand the various risk posing environmental threats and thus comply with them to achieve the company objectives and growth. A compliance program must be developed with the organization based on the internal procedures. It develops a compliance culture within the organization and helps the organization to constantly develop as per the change in the laws.

Steps

According to the ISO31000:2018 risk management process, the company should implement following steps.

Step	Recommendations
Risk Identification	The primary step of an organization is to develop a framework to ensure that the employee understands and identifies its duties towards the company. Identification of all new hazards and proper induction to the employees by the organization (Accastello, et.al., 2019). Treat all the hazardous waste with safety and following all the norms.
Risk Analysis	Assessment of risk is an important measure to identify the threats that might be risky for an organization. The employees must understand the harm associated with each hazard and not dealing with them properly in the organization can lead to a potential risk for the organization (Singjai, et.al., 2018). Thus, after knowing the hazardous risks, it is necessary to conduct a risk assessment.
Risk Evaluate	An organization must make certain procedures and policies may be in the form of induction and training to make sure that obligations are fulfilled on time. Certain employees should be given this responsibility so that the application of standards is monitored and subsequent planning is done to overcome the risk.
Treatment, monitoring, and review	It is necessary to regularly report on the compliance environment of an organization. Internal or external audits will help to monitor the quality and check if all the criteria are met (Singjai, et.al., 2018).

2.A Implementation of Biz4Intellia solution increase or decrease the residual risk of Change risk category

There are several IoT solution for each segment and has revolutionized every corner of the Clean hotels. The incorporation of IoT solutions into the hospitality sector is beneficial to the organization as it brings innovations. Implement IoS solutions to the restaurants, entertainment, security, and supply chain brings high profits. This technology improves the experiences of guests as it enhances the overall productivity, decreases the overall cost of operations, and optimizes the process (Kansakar, et.al., 2019). It substantially improves the business growth and makes it smarter and optimized in every manner.

Key project risks and mitigation strategies

The six key project risks categories with mitigation strategies are discussed below:

Technical risks – any issue in the software, hardware, or manual documents that are related to the project falls under this category. Resolve the technical glitches, and implementation of user-friendly reference guidelines are the mitigation strategies (Kansakar, et.al., 2019).
External risks- It is associated with projects that are outside the organization. To overcome external risk it is necessary to analyze the market, determining the problems that might arise with the suppliers, the impact of the customer change, and reviewing all the compliances.
Organizational risk: It refers to the culture and resources of the company that might impact the implementation of the project (Hopkin, 2018). Organizational risk can be overcome by reviewing the staff members and if there is enough staff to work on it. Focusing on the financial processes for proper functioning with other stakeholders.
Project management risk: It involves the internal aspects (team working on the project) that might impact the success of the project. While working on it, this can be resolved by proper identification of team, reviewing communication channels among the team members and the lead, involving each member in planning to come up with the best solution (Hopkin, 2018).
Technological risk: It is necessary to grow fast with the world. The development of IT is a key step to overcome any other risk. Evaluation, control, assess, monitor is the fundamental duty of IT. Monitoring and growing IT can help the company overcome technological risk (Mercan, et.al., 2020).
Financial risk: It is associated with the money earned and invested in the business. Financial management is crucial to grow the company worldwide and prevent the company from any major loss.

2.B One key risk and its mitigation strategy

Elements for project implementation	One key risk	Mitigation strategy
Scope	Deprived of IoT solutions	Implementing IoT services will improve the maintenance of the company premises with effective cost.
Schedule	Bringing automations instead of manual technology to uplift the growth of the organization.	Guest room automation, e-key cards, IoT-based voice assists, personalized controls, smart logistics management, cloud access with ease, cross-property engagement, and smart contracts are the uses of IoT in the hospitality industry (Amer, and Alqhtani, 2019).
Project cost	The amount of money required to fulfil the entire project.	It is associated with the money earned and invested in the business. Financial management is crucial to grow the company worldwide and prevent the company from any major loss.
Customer acceptance	Customer acceptance and satisfaction are the two things that needs to be focused.	Implementing IoT technology into hotels with bringing immense profits to the company and customer satisfaction. Using IoT-powered devices will improve the guest experience and entire convenience (Mercan, et.al., 2020).
Staff acceptance	The staff must accept the culture and ready to work as per the needs of the company.	It involves the internal aspects (team working on the project) that might impact the success of the project. While working on it, this can be resolved by proper identification of team, reviewing communication channels among the team members and the lead, involving each member in planning to come up with the best solution (Hopkin, 2018).
Information technology (IT)	Poor development of IT as per the needs and requirements of the company.	It is necessary to grow fast with the world. The development of IT is a key step to overcome any other risk. Evaluation, control, assess, monitor are the fundamental duty of IT. Monitoring and growing IT can help the company overcome technological risk (Mercan, et.al., 2020).

2C. Ethical issue of customer acceptance

Marketing ethics plays an essential role in the customer satisfaction. It has significant effects on the service process, service structure. Implementing smart rooms like smart door locks, automated room lights, temperature control allows the standard of living to the guests and thus increases the business. Smart room sustainability is another essential aspect that comes along with IoT integration. It saves the operating cost and improves the business profits (Amer, and Alqhtani, 2019). Thus, one of the important business trends to succeed in the marketplace is automation. Integration of IoT by Clean hotels will help them fight in the market and develop into one of the top-notch hotels. Ethical cues create a sense of satisfaction in the customers while the unethical cues dissatisfies the customer.

Conclusion

From the above case study, risk register and RAS plays a crucial role in alignment and is responsible for the growth and profits of the company. Risk assessment, complications identification must be done by the risk and audit committee. Environmental risk management is mandatory to understand the responsibilities of a employees and organization towards environment. Lastly, implementation of IoT technology in hospitality industry brings profits and customer satisfaction.

References

Accastello, C., Blanc, S. and Brun, F., 2019. A framework for the integration of nature-based solutions into environmental risk management strategies. Sustainability, 11(2), p.489.
Amer, M. and Alqhtani, A., 2019. IoT applications in smart hotels. International Journal of Internet of Things and Web Services, 6.
Brandis, K., Dzombeta, S., Colomo-Palacios, R. and Stantchev, V., 2019. Governance, risk, and compliance in cloud scenarios. Applied Sciences, 9(2), p.320.
Hopkin, P., 2018. Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.
Kansakar, P., Munir, A. and Shabani, N., 2019. Technology in the hospitality industry: Prospects and challenges. IEEE Consumer Electronics Magazine, 8(3), pp.60-65.
Maverick, J.B., 2019. Financial Risk: The Major Kinds That Companies Face. Investopedia Available at https://www. investopedia. com/ask/answers/062415/what-are-major-categoriesfinancial-risk-company. asp [accessed 17 Jul 2019].
Mercan, S., Akkaya, K., Cain, L. and Thomas, J., 2020, November. Security, Privacy and Ethical Concerns of IoT Implementations in Hospitality Domain. Risk management assignment In 2020 International Conferences on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics) (pp. 198-203). IEEE.
Papazafeiropoulou, A. and Spanaki, K., 2016. Understanding governance, risk and compliance information systems (GRC IS): The experts view. Information Systems Frontiers, 18(6), pp.1251-1263.
Singjai, K., Winata, L. and Kummer, T.F., 2018. Green initiatives and their competitive advantage for the hotel industry in developing countries. International Journal of Hospitality Management, 75, pp.131-143.