Sirvel
Executive MBA
Email rejoy.sirvel@yahoo.com
Table of Contents
1. Executive Summary ....4
2. Introduction to Risk Management ....4
2.1 Examples of the drivers of key Risks .5
3. Types of Possible Risk @ Marriott Sprowston Manor Hotel .6
3.1 Risk Chart ..10
3.2 Risk Table...10
4. Purpose of Strategic Plan ..13
4.1 Status of Strategy Plan ...13
4.2 Key Issues ..14
5. ERM Framework for Marriott Sprowston Manor Hotel ..15
5.1 Enterprise Risk Management Framework Objectives....18
5.2 Enterprise Risk Management Key Concepts .....19
5.3 Implementation of Enterprise Risk Management Process .21
5.4 ERM Communication and Consultation ...22
5.5 Roles & Responsibilities ...23
1
Table of Figures
Risk Chart -- Figure 1 ..10
ERM Framework -- Figure 2 ..15
ERM Process -- Figure 3 .21
Risk Matrix -- Figure 4 22
1. Executive Summary
This report has designed a strategic risk management plan for Marriott Sprowston Manor Hotel
in Norwich. The objective of the strategic risk management plan is to manage the Hotel risk
swiftly and effectively to an interruption to normal business operations, protecting the associates
and assets of the hotel, and ensuring the continuity of critical business functions.
Enterprise risk management framework is used as a strategy to develop the plan for Hotel to deal
with risk and opportunities by enterprise risk management process. Enterprise risk management
process helps to ensure effective reporting and compliance with laws and regulations, and helps
avoid damage to the business reputation and associated consequences. This report shows how
enterprise risk management helps the Hotel to achieve its objectives and get to where it wants to
go and avoid pitfalls and surprises along the way.
increases the probability of success, and reduces both the probability of failure and the
uncertainty of achieving the organizations overall objectives.
It must be integrated into the culture of the organization with an effective policy and a
programme led by the most senior management. It must translate the strategy into tactical and
operational objectives, assigning responsibility throughout the organization with each manager
and employee responsible for the management of risk as part of their job description. It supports
accountability, performance measurement and reward, thus promoting operational efficiency at
all levels.
Competition
Interest Rates
Customer Changes
Foreign Exchange
Industry Changes
Credit
Customer Demand
Internally Driven
Liquidity & Cash Flow
Internally Driven
Accounting Controls
Operational Risk
Hazard Risks
Externally Driven
Externally Driven
Regulations
Natural Events
Culture
Environment
Suppliers
Internally Driven
A. Financial Risk
in next 5 years.
B. Strategic Risk
Financial risk for the hotel concerns
money, including capital availability,
cash-flow management, investmentStrategic risk arises out of volatility in the
evaluation and credit default. Followinghospitality industry, market changes and
types of financial risk;
challenges to brand and reputation; may
Global Economic Crisis Risk
Economic
conditions
continue
to
Competition Risk
margins.
Due
to
have number of different branded hotels providing high quality of service to guest and offering
competitive rates to customers to achieve business. Due to increasing competition in Norfolk the
business at hotel is declining and its has created more complexity for Marriott to attract more
customers and gain business. Because of the recession corporate companies are spending less
and looking to move their business to different hotels for possible competitive rates. It will be a
challenge for Marriott to gain more business and remain competitive in increasing competition.
Reputational Risk
Managing reputational risk is a paramount concern for any organization that has valuable brands;
and brand value is the one of the most important asset. Reputation is very significant for the hotel
to be competitive in fast growing market. Reputation risk is becoming a key source of
competitive advantage as products / services become less differentiated. Failure to provide high
quality of service according to set Marriott brand standards and dissatisfying customer needs
could impair bad hotel reputation. Its very important for the hotel to focus on how to enhance
and protect that asset
C. Operational Risk
Operational risk arises out of the daily operations at the hotel and, ultimately, affects bottom line;
includes the traditionally insurable risks, such as fire, natural disasters, guest and associate
injuries and theft at the hotel; also include many uninsurable risks, such as guest and employee
satisfaction, information security and efficiency in operating the hotel. Following types of
operational risk;
Technology Risk
A failure to keep pace with developments in technology could damage operation or competitive
position. Hospitality industry continue to demand the use of sophisticated technology and
systems, including those used for reservation, revenue management and property management
systems and technologies that are available for guest during their stay. These technologies and
systems must be refined, updated or replaced with more advanced systems on a regular basis. If
hotel is unable to do so as quickly as competitors or within budgeted costs then business could
suffer.
Hazards Risk
Hotels. Large or small, rural or city based, can be hazardous places. The following details
highlight some of the hazards and risks that might exist in hotel. They are by no means
exhaustive and will vary depending on the particular business.
2. Technical Hazards
Flooding
Power failure/fluctuation
Fire
HVAC failure
Earthquakes
Tornadoes
Hurricanes
Gas leaks
Winter storms
D. Compliance Risk
Compliance risk such as traditional contract and regulatory compliance; also focuses on accurate
and timely financial reporting, adherence to company policies, and workplace health and safety.
Its Important for a risk manager to manage the hotels risk productively. In doing so, it
can make difference in hotels bottom line, while at the same time protecting the reputation
of Marriott brand.
C.A.
D.
B.
Figure 1
Numbers
A
Types of Risk
Impact / Likelihood
Financial Crisis
Global Economic Crisis
Risk
Strategic Risk
Competition Risk
Reputational Risk
High / Likely
Operational Risk
Technology Risk
Hazards Risk
Compliance Risk
High / Moderate
The impact of war, actual or threatened terrorist activity and heightened travel
security measures instituted in response to war, terrorist activity or threats
10
The availability and cost of capital to allow hotel and potential hotel owners and
joint venture partners to fund investments
2. Examples of risk (incidents) that cause direct and indirect disruptions to the
Hotel business
1
Disruption to hotel business can occur through many Direct & in-Direct means
Whilst intentional security related incidents such as Criminal & Terrorism, many
other serious disruptions are created though unintentional Accidental, Climate or
Environmental incidents and disasters
Crime/Fraud/ Terrorism
Fire
Pandemic Issue
Flooding
Currency Fluctuation
Bomb threat
Legislative Practices
IT Failure
Power Outage
Transport Disruptions
Industrial Action
11
The Strategic plan aims to identify the main objectives and activities that Marriott Sprowston
Manor Hotel will focus on over the next five years.
The most significant issues to be addressed are:1
The importance of the risk management system to the future viability of the Hotel
Jan 2011
Strategy approved by
Jan 2011
st
Management Plan
Annually
This Plan is an integral support document for the organization and guide for the Hotel and policy
making in the area of risk management.
Strengths :-
Opportunities :-
Well Managed
management
Utilization of talented staff
Weaknesses :
Process
Threats :documentation
in
risk
management is lacking
Lack of knowledge at a supervisor level
regarding risk management
Resources
appear to be inadequate in
13
Risk Management is important to the operations of the hotel. The identification, assessment and
control of all risks are important to the successful achievement of the hotels vision and mission.
An important part of the enterprise risk management strategy is the development of processes for
the smooth flow of business. As a Marriott brand it is important for the hotel to maintain the
standards and provide high quality of service to customer, and maintain the reputation risk.
Marriott Sprowston Hotel is subject to various risks that could have a negative effect on the
company and its financial condition. Marriott considers the skills, resources and technology
required to manage and monitor risk exposures in the context of risk appetite. It does this by
helping staff to understand the relative significance of the risks faced by the hotel and thus better
priorities risk monitoring and control activities. The aim of the plan is to plot the risk for the
hotel for next 5 years that might impact on adverse incidents and may interrupt normal business
1
4
operations. This plan will show the implementation of strategies in hotel operation for efficient
flow during the 5 years period.
Example -Marriott recognizes that it is too late to plan an effective response to an adverse incident
and resulting business interruption once the incident has occurred.
The extraordinary events that have occurred since September 2001 have only served to re
emphasize the need and to be prepared to respond to old as well as new challenges to the
world in which it operate. As the old adage tells, Failing to Prepare is Preparing to Fail
Enterprise business risk is defined as threats to the organization's capability to achieve its
objectives and execute its business strategies successfully. The organization's value creation
objectives
define the context for management's determination of risk management goals and
objectives
which, in turn, drive and focus the process of managing business risk.
The top face of the cube in figure 2 indicates that enterprise risk management spans the
hotels decision making process both strategically and its day to day operation. Enterprise
risk management is also integrated into the hotels reporting structure and all that it does
to meet compliance. The right hand side of the cube demonstrates that enterprise risk
management is considered throughout all levels of the hotel. The eight interrelated
components represented on the front face of the cube form the basis for establishing and
putting enterprise risk management into practice at the hotel. Each component is described
in more detail as follows;
Internal Environment The internal environment comprises the Hotels history, culture,
values, organizational structure, strategy, policies and procedures. It forms the foundation for
1
Objective Setting The objective setting is the process of determining the strategic objectives
for the Hotel and its risk strategy. The Hotels risk tolerance and the alignment between its risk
appetite and its objectives form part of the overall hotel strategy.
Risk Assessment Risk Assessment describes the extent to which potential events and trends
might affect Hotels objectives. Events and trends are assessed by two criteria impact and
likelihood. Risk assessment can be done by qualitative or quantitative methods. Inherent and
residual risk assessments are employed. Both positive and negative impacts of events should be
examined.
Risk Response The risk response is assessed for each risk event and trend by considering the
Hotels risk tolerance. Typical risk responses considered for a risk event include avoidance,
reduction, transferring, sharing or acceptance.
Control Activities Control activities include the policies, procedures, reporting and initiatives
performed by the Hotel to ensure that the desired risk response is carried out. These activities
take place at all levels and functions of the hotel.
16
Monitoring Monitoring refers to managing risk in the course of day to day operations.
Periodic evaluations where management defines the scope, methodology and frequency are done
to ensure currency of information in the Hotel business.
Enterprise risk management is not strictly a serial process, where one component affects only the
next. It is a multinational, iterative process in which almost any component can and does
influence another.
A. Incorporate a consistent approach to risk management into the culture and strategic planning
process of the hotel, supporting the setting of priorities and making of decision making at the
management level within the operation.
B. Apply a consistent approach to risk response and control activities to support the hotel
governance responsibilities for innovation and responsible risk taking, policy development,
programs and objectives. In all cases appropriate measures will be put in place to address
unfavorable impacts from risks and favorable benefits from opportunities.
C. Manage a transparent approach to risk through formal and informal communication and
monitoring of all key risks, balancing the cost of managing the risk with the anticipated benefit.
Risk management practices will be adapted to encompass best practices, specific circumstances
and mandate.
17
A hotel has complicated operations generating a risk that is broad and diverse. Risk is defined as
those potential events and trends that may significantly affect the hotels ability to achieve its
strategic goals or maintain its operation either positively or negatively. Once the event or trend
happens, it is no longer a risk; rather it is an issue for the hotel to deal with.
Good Managers address risk by implicitly building it into their programming and decision
making. The enterprise risk management framework is a methodology that formalizes risk
management and provides an all encompassing view of risk in order to aid in the operation of the
hotel.
A. The enterprise risk manager facilitates achieving the hotels strategic objectives by bringing a
systematic approach to evaluating and improving the effectiveness of risk management and
control.
B. All risks facing the hotel whether quantifiable or not is to be considered. Several types of risk
that are not easily quantified can potentially hold significant impact on a hotel, e.g. reputation,
customer experience.
C. All risks facing the hotel will be evaluated based on the likelihood of the risk occurring as
well as the impact on the Hotel if the risk event were to occur. The likelihood and impact of each
risks is evaluated both at an inherent (without Management) and residual (with Management)
level.
D. The following elements are essential when managing risk:-
1. Assurance: - Stakeholders are assured that risk is being managed within the hotels risk
tolerance and receive information regarding the quality and type of control in place.
2. Oversight and responsibility: - All critical risks facing the hotel have been identified,
managed and reported on at a level and frequency that support the hotels risk tolerance.
18
3. Ownership: - Risks owners are assigned and understand their responsibility for management,
oversight and assurance.
E. Risk response for identified risks will be assessed according to the hotels risk appetite.
The Five possible risk responses are to:-
F. A formal or informal evaluation of risk will be considered depending on the scope of the
decision or action taken at the Hotel. This will be done both at the onset and throughout the life
of the decision or action. Where applicable and quantifiable, the expected cost of the risk will be
considered in the business case used in the decision and evaluation process.
G. There will be a desire to learn from events that have transpired the risk management process
is a cycle where experience providers key information for new decision and actions. Open and
appropriate communication of results and lessons learned is required to facilitate learning.
H. The hotel business risk will be evaluated annually. New risks will be considered. Risks no
longer relevant will be removed. The risk will be refreshed by rating the likelihood and impact
for each risk. The information is used to prioritize the risks and this in turn flows into the Hotels
business planning cycle.
Internal
Environment
Objective
setting
Event
identification
Risk
Assessment
Risk
Response
Control
Activities
Information /
Communicati
on
Monitoring
Significant
Moderate
Considerable
Must manage
Extensive
management
and
management
required
monitor risks
essential
Risks may be
Management
Management
worth
effort
effort
20
accepting with
worthwhile
required
Accept
Accept,
Manage and
risk
but monitor
monitor
risk
risks
Low
Medium
High
36 month
18 to 36 months
12-18 months
monitoring
Minor
Likelihood
Risk Matrix -- Figure 4
of external parties, such as customers, vendors, business partners, external auditors, regulators
and financial analysts often provide information useful in effecting enterprise risk
21
management, but they are not responsible for the effectiveness of, nor are they a part of, the
entitys enterprise risk management.
Position
Responsibilities
The General Manager should discuss with the Executive Directors the
state of the hotels enterprise risk management and provide oversight
General Manager
Executive Directors
Personnels
With this foundation for mutual understanding, all parties will be able to speak a common
language and communicate more effectively. Management will be positioned to assess the hotel
enterprise risk management process against a standard, and strengthen the process and move the
enterprise toward established goals.
Who
When
A. Financial Risk :-
Directors
2011 Jan
2016)
Annually
01/11 / Review
between Jan
(Jan2011 Jan
2016)
lines by
market
Quarterly
Directors
Review between
(Jan 2011 Jan
2016)
Develop
promotions
strategies to
incremental
and
help hotel
revenue
and
Monthly review
sales
to drive General Manager / Director
capture
of Sales
Cancel bonuses of
all
2011 Jan
2016)
Annually
head of
between (Jan
Review between
23
Director
B. Strategic Risk :-
Competition Risk
Implement pricing strategy tool and
Directors
01/11 / Review
Between (Jan
2011 Jan
2016)
Annually
Director of Sales
market
review between
(Jan 2011 Jan
2016)
To
understand
weaknesses
of
strengths
the hotels
&
in
Quarterly
Director of Sales/ Sales
review between
2016 )
Daily review
between (Jan
2011 Jan
between (Jan
2011 Jan 2016
to gain business
Monthly review
2016)
Reputational Risk
Regular review
between (Jan
24
Directors
Hotel Associates
Regular review
between (Jan
Regular review
between (Jan
2011 Jan 2016
C. Operational Risk :-
Technology Risk
Improve technology and systems, and
Information Resources
Manager
Regular review
between (Jan
2011 Jan 2016
on regular basis
Information Resources
Manager
to increase revenue
Review and control costs for smooth
meet
between (Jan
of Finance
Regular review
of Finance
between (Jan
between (Jan
01/11/ review
Regular review
Annually
review between
(Jan 2011 Jan
2016)
1
Regular review
between (Jan
2016)
2011 Jan
Hazard Risk
between (Jan
Director
2011 Jan
2016)
and
01/11 / review
between (Jan
D. Compliance Risk :
Quarterly
Loss & Prevention Director
review between
(Jan 2011 Jan
2016)
C. Disaster Recovery: Procedures to ensure the availability of mission critical computer systems, applications and
telecommunications
D. Business Resumption:Procedures to ensure the continuity and/or resumption of business operations in the event of a
partial or complete closure of a Marriott-managed property or corporate office.
The above four components will enable Marriott hotel to respond swiftly and effectively to an
interruption to normal business operation, protecting associates and assets, and ensuring the
continuity of critical business functions.
8. Conclusion
This report has developed the strategic risk management plan for Marriott Sprowston Manor
hotel to manage the hotel business risk and mitigating the risk. The main aim was to devise a
strategic risk management plan for next 5 years. The pan has developed an Enterprise risk
management strategy to respond the hotel risk effectively within a specific risk category.
Every step has taken to ensure that there was continuity throughout the whole plan and each risk
management elements are explained in detail. This will enable to understand each and every step
of risk management plan clearly. Continue assessment of all the modes will make the strategic
risk management plan successful and protect the Marriott brand in the fast growing hospitality
industry.
9. References
1. Strategic Risk Risk management & different types of risk in business (Viewed 24
Nov)
< http://www.strategicrisk.co.uk/>
th
28
2. The Risk Management Universe: A Guided Tour by David Hillson Risk management
best practices and future development, understanding risk, (Viewed Nov 2010)
3. World Economic Forum Global Risk Report 2010 (Viewed 26
rd
Nov 2010)
< http://www.weforum.org/en/initiatives/globalrisk2010//index.htm>
th
th
Nov
st
2
9