Risk and Audit Committee paper appendices Appendix 1: Risk Appetite Statement Risk categoryPrinciples and guidanceRisk appetitePandemicSignificant uncertainty with different countries having variations on regulations relating to travel, lockdowns, the opening of venues and other factors. Need to comply with health directives in different countries. Unable to estimate the financial and other impacts on the business.ModerateCyber and data securityClean Hotels is the holder of sensitive data, and there is a rapid evolution in societal, regulatory and media scrutiny of privacy arrangements. There is potential for financial and reputational damage due to a data breach.LowLegal, ethical and regulatory complianceFailure to operate within contractual and regulatory requirements, or within societal expectations, will result in loss of reputation, fines and impact Clean Hotels’ operations.LowHealth and safetyClean Hotels seeks to create authentic customer experiences and relationships and ensure all employees return home safely. Failure to meet legislative requirements, and to operate within Clean Hotels’ policies and procedures, can lead to death or serious injury to customers or hotel staff.Low Risk categoryPrinciples and guidanceRisk appetiteFood safety and hygieneClean Hotels seeks to create authentic customer experiences and relationships. Failure to manage supply chain and preparation and storage of food may result in food poisoning, leading to financial and reputational damage.LowChangeThe flexibility and resilience to execute change relating to external and internal challenges.ModerateGrowthClean Hotels is looking to increase its portfolio of hotels in the target regions. The risk has increased due to uncertainty relating to the COVID-19 pandemic.HighForeign exchangeClean Hotels operates in multiple locations with different currencies. Variation in exchange rates will impact the profitability of hotels and the value of hotels within consolidated financial statements. Foreign exchange is linked to demand for travel, so fluctuations will impact demand.ModerateInterest ratesClean Hotels is the holder of freehold land with debt required to operate the business and acquire land. Fluctuations in interest rates can lead to reduced profitability and cash flow.Low Digital transformationClean Hotels seeks to innovate, implement emerging technologies to improve cost management and create an authentic customer experience. Clean Hotels is willing to be a first mover with the implementation of technology.Low Appendix 2: Risk Register Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk ratingAPandemicLoss of revenue due to regulation on travel, lockdowns and venue capacity or opening hours. Failure to comply with health directives resulting in fines and/or reputational damage. Variation in regulation and health directives in each location leading to increased risk. Increased risk of cyber and data security due to increased remote working. Reduced availability of critical workforce.LikelyCatastrophicVery highNon-essential employees are working from home where possible avoiding the risk of cross-infection. Annual business plan updated with all discretionary spending reduced to minimum possible. Personalised training for team members on regulatory requirements and health directives.PossibleMajorHighBCyber and data securityData breach (customer, employee, and other sensitive data) resulting in financial and reputational damage.LikelyMajorHighIT security controls are in place.PossibleMinorLow Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk rating A continuous cybersecurity program is managed across the hotels (reviewed by the Executive Committee). Adoption of the NIST cybersecurity framework. IT strategy is in place, providing a structured approach to Clean Hotels’ management of IT, data and cybersecurity. CLegal, ethical and regulatory complianceFailure to comply with regulatory requirements or failing to act in good faith when applying regulation leading to a breach of societal expectations.LikelyMajorHighLegal counsel reviews and approves all contracts with liability caps included, with obligations tracked in legal database. Clean Hotels adopts a self-disclosure policy for all regulatory breaches.PossibleMediumModerate Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk rating Legal counsel reviews all proposed legislation and updates policies and procedures where required. Staff training presented monthly. DHealth and safetyDeath or serious injury to guest or hotel staff.LikelyMajorHighClean Hotels maintains health and safety procedures which comply with regulatory requirements. Monthly compulsory staff training is run on health and safety procedures. Clean Hotels maintains access to all appropriate plant and equipment to ensure it uses the right tools for the job. A safety and risk culture is embedded within the Clean Hotels group, ensuring all staff have the right to speak up and report safety issues.PossibleMediumModerate Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk ratingEFood safety and hygieneDeath or illness to guests or hotel staff due to food contamination.PossibleMediumModerateQualified food service staff are employed, with all staff completing a food safety qualification. Weekly training provided to all staff in food preparation and service. Procurement contracts require supply chain to comply with all food safety requirements with Clean Hotels able to complete unannounced audits.UnlikelyMinimalVery LowFChangeFailure to implement technology effectively resulting in reduced profitability and a loss of market share.Almost certainMajorVery highThe growing hotel chain is adopting new and emerging technologies to serve customers better.PossibleMediumModerate Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk rating Existing legacy booking systems are being replaced with new technology that interface with different devices and booking apps for a seamless booking process for customers. Digital capability increased, such as using social networks to enhance the customer experience. Change management, project management, and capability increased to ensure projects are financially and operationally viable, with all change projects required to proceed through a change management process based on the size and complexity of the project. Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk ratingGGrowthFailure to integrate existing hotels and new acquisitions resulting in failure to achieve group synergies and meet return on asset targets. This strategic priority may be an opportunity if there are distressed high-quality properties available in the market. It may also be a high risk if there is uncertainty in the market.Almost certainMajorVery highCentralised digital hub for policies, procedures and learning materials to ensure single source of knowledge for employees. Governance and control framework with established delegation of authority enabling decisions on investment decisions to be made quickly and efficiently. Established approach to investment decision- making and system development requiring decision to pass a gating process (Clean Hotels Investment Review).PossibleMajorHigh Inherent risk assessment Residual risk assessment Risk categoryRisk descriptionLikelihoodConsequenceRisk ratingKey controlsLikelihoodConsequenceRisk ratingHForeign exchangeFluctuations in foreign exchange rates resulting in: traveller demand and therefore profitabilityPossibleMajorHighClean Hotels promotes locally to ensure a mix of international and local guests. Supply chain contracts are entered into with local currency where possible. Material foreign exchange transactions are hedged.PossibleMediumModerateIInterest ratesIncreased interest rates leading to reduced profitability and cash flow.PossibleMajorHighTreasury department sources the cheapest interest rate available and monitors changing rates. Treasury department uses interest rate swaps to fix cash flows on variable debt.PossibleMinorLowJDigital transformationFailure to implement digital transformation resulting in reduced customer experience and loss of revenue.LikelyMajorHighIT strategy includes identification, review and implementation of new technology.PossibleMinorLow Almost certain 5 Likely 4 Possible 3 B J I C D F H G A Unlikely 2 E Rare 1 1 Minimal 2 Minor 3 Medium 4 Major 5 Catastrophic sAppendix 3 – Risk Matrix Likelihood Consequence Level
Related Posts
Question 1 Janet Brown is 45 and divorced. She has two children who live with her and are dependent on her. Stephen is 12. Sarah is 17 and has been certified as eligible for the disability credit. Janet’s financial information for 2019 and 2020 includes the following: 2020 2019 Salary and taxable benefits $105,000 $100,000 Car expenses deducted in computing employment income
Uncategorized / By
Scenario: You are employed by Pacific IT Solutions as a solutions integrator. Your job description is to implement IT solutions and provide customer support. One of your long-time customers, Western Mining, has their head office in Sydney and is opening a branch office in Brisbane. You have been contracted to setup the network. A meeting has been held to start the project. The minutes of the meeting are as follows:
Uncategorized / By
