Page 1
Risk and Technology Case Study Part (a) v3
Assessment 2
Case study
Emerging risks board paper
Background information
A small hotel chain, Clean Hotels Limited (Clean Hotels), operates in Australia, New Zealand, and the United Kingdom
in the following locations:
• Sydney, Australia
• Melbourne, Australia
• Auckland, New Zealand
• Edinburgh, Scotland
• Glasgow, Scotland
• Liverpool, England
• Brighton, England.
Clean Hotels operates mid-tier hotels that cater to families, couples, friends, and some business travellers. The
business directly invests in good quality, freehold properties in key locations in the cities in which it operates.
Clean Hotels has experienced strong revenue growth and has expanded over the last few years. Recent events have
caused a reduction in revenue and, therefore, profitability; however, it has managed to remain sustainable. Clean
Hotels’ strategy of acquiring hotels and freehold land has ensured it maintains control over all aspects of the hotel
operation; however, it does mean the business is highly leveraged.
The hotel industry generally operates on tight margins, therefore changes in cost structure can have a major impact on
hotel operations and services; when fixed costs change, only variable costs linked to customer service can be adjusted.
Clean Hotels is considered a niche hotel chain; its focus market is non-business travellers looking to stay in major
cities. The business competes with similar niche hotels, as well as larger hotel chains. Many customers are pricesensitive, but are still looking for a personalised touch and a high standard of customer service. Competitors use
automated processes and have introduced emerging technologies to enable higher levels of service to be provided,
while still maintaining cost control to ensure rates remain competitive.
Additional information
Technology
Clean Hotels believes that, since it has introduced change effectively in recent times, by integrating hotels into the
group, any introduction of new technology could also be implemented effectively.
However, where new technology has been introduced in the past, implementation has generally been late and over
budget. At times, it has not met the needs of the business. The IT department has no clear policy on how new
technology should be implemented, or what direction the business should take with technology, apart from the strategic
priority identified by the board (see below).
Page 2
Risk and Technology Case Study Part (a) v3
Reputation management
As a niche hotel chain, Clean Hotels values its reputation and seeks to maintain this reputation by delivering on its
strategy, while still operating its business within broader societal expectations.
1. Clean Hotels aims to be carbon neutral through the acquisition of renewable energy products and considering its
carbon footprint in all decisions. The business believes this is a key element when creating authentic customer
experiences and relationships, which is one of the strategic objectives noted by the board (see below).
2. Clean Hotels also understands its reputation is reliant on employee satisfaction and engagement, and that a key
driver of employee engagement is wellbeing, health and safety. The business considers itself to be compliant with all
key requirements; unfortunately, a recent increase in incidents has caused concern. Following investigations of
incidents resulting in injury, it has become clear that many were avoidable as similar near miss events had occurred
in the past. Near misses are reported to supervisors, and each supervisor has their own process for tracking and
reporting near misses and incidents; they are rarely shared between departments.
3. The board believes a strong risk culture is required to deliver on its strategies and that risk culture starts at the top, ie
the board. The board includes experienced professionals, however a board gap analysis identified that the CFO
manages legal risks, as opposed to a general counsel, and uses several legal firms for ad hoc matters.
4. The board believes introducing a whistleblowing policy and improving risk management systems are key to improving
the risk culture and delivering on its strategies.
The board
The board consists of the Chairperson, Chief Executive Officer (CEO), Chief Financial Officer (CFO (and Board
Secretary)) and four independent non-executive directors. The board members are responsible for strategy,
performance, people and risk. Their top strategic objectives are:
1. to innovate and grow the Clean Hotels brand through the acquisition of additional hotels in current markets
2. to create authentic customer experiences and relationships
3. to integrate emerging technologies to improve value for Clean Hotels and improve the overall customer experience.
The Board has recently implemented a risk and audit committee, which includes three independent non-executive
directors, one of which is the chairperson.
The board has prepared its risk appetite statement (RAS), which has been communicated through the Annual Report:
‘The board is responsible for setting the risk appetite for achieving Clean Hotels’ strategic objectives. The risk
appetite is cascaded down through business goals and objectives, the employee code of conduct, and the formal
delegation of authority policy, including the governance structure of approval committees, decisions made and the
allocation of resources.’
Risk and audit committee
At the first risk and audit committee meeting, there were two agenda items:
1. The CFO was asked to present the RAS, risk register and risk matrix of the key business risks for the committee’s
consideration at the next meeting.
2. At a recent board meeting, it was noted that one of the board members attended a presentation from an internet of
things (IoT) vendor (software supplier). The vendor, Biz4intellia (see https://www.biz4intellia.com/iot-in-hospitality/) is
planning to expand into Australia, Asia and the United Kingdom. The presentation was impressive, and the board
member believes that the software could help the Clean Hotels chain achieve its three strategic objectives and
manage principal risks. The other board members are not convinced and have asked the risk and audit committee to
consider the benefits of introducing Biz4intellia and the impacts on Clean Hotels’ risk management process.
Page 3
Risk and Technology Case Study Part (a) v3
At the second risk and audit committee meeting, the following was noted:
1. The CFO presented the work to date to the risk and audit committee in a paper. An extract from the paper is attached
and shows the current RAS and risk register.
2. The risk and audit committee reviewed the paper; while it is a good start, it appears the risk management process
requires some further work. The CFO advised that he does not have time to complete the requirements.
3. The CFO agreed to consider how the introduction of Biz4intellia would impact Clean Hotels, as well as its risk
management process, at the next risk and audit committee meeting.
4. Committee members discussed several articles relating to technology implementation and the importance of cyber
security they had come across recently and asked that these be considered.
• https://www.cyberscoop.com/sabre-corp-data-breach-settlement/
• https://www.forbes.com/sites/forbestechcouncil/2021/01/11/four-reasons-why-new-tech-fails-and-how-to-avoidthese-pitfalls/?sh=669fecb05b1f
• https://www.business2community.com/digital-marketing/digital-transformations-and-why-businesses-fail-toimplement-them-properly-02376009
The following was recorded in the committee minutes:
‘Motion
That the risk and audit committee receive the paper and engage an external consultant to:
• review the risk register and make any recommendations to ensure the risk register aligns with the RAS and that both
include all key business risks
• assess the Biz4intellia solution as proposed by the Board and how the introduction of Biz4intellia would impact the
existing risk management process.
Both are to be presented at the next risk and audit committee meeting in the form of a board paper.
The motion was unanimously agreed.’
Page 4
Risk and Technology Case Study Part (a) v3
Your task You are an external consultant and the CFO has asked you to produce a report for Clean Hotels’ risk and audit committee. The report should be evidence-based using credible sources, and no more than 1,000 words. Clean Hotels has advised that where risks and controls are listed, they should be assumed to be effective. Risk assessment of likelihood and impact is also deemed to be correct based on the controls in place. However, Clean Hotels does not believe all its strategic objectives are included in the risk register. Some resources that could be used in the paper are listed below. You can also use other resources. Any sources used in the paper need to be appropriately referenced. 1. Kansakar, P., Munir, A. and Shabani, N., 2019. ‘Technology in the hospitality industry: Prospects and challenges’, IEEE Consumer Electronics Magazine, vol. 8, no. 3, pp.60-65. 2. IoT Alliance Australia Resources: https://iot.org.au/resources/ |
Requirements The CFO requires you to focus on the following items in your report: 1. Evaluate the current risk management for Clean Hotels (excluding Biz4intellia): a) Identify where the RAS is misaligned with the risk register and make relevant recommendations to the risk and audit committee. b) Considering Clean Hotels’ strategic objectives, assess which risk category is missing from the RAS and risk register. Recommend four steps management should take to include the identified risk in the risk management process. 2. For the proposed Biz4intellia solution: a) Evaluate how introducing the Biz4intellia IoT solution will increase or decrease the residual risk rating for one relevant risk listed in the risk register. b) Previous Clean Hotels projects have not been well managed due to poor risk identification and management. For each of the following project risk categories, evaluate one key risk and one potential mitigation strategy (for the selected risk) that Clean Hotels should consider for the project implementation of the Biz4intellia IoT solution: i. project scope – what needs to be achieved to deliver the project ii. project schedule – what needs to be done, which resources must be utilised, and when the project is due iii. project cost – total funds needed to monetarily cover and complete the project scope iv. customer acceptance – the extent to which a consumer will use a certain innovation v. staff acceptance – employee acceptance of the strategic objectives and goals vi. information technology (IT) – management of increased cyber security risks and ensuring access to appropriate technology. c) Continuing on from the customer acceptance section in b) above, evaluate one relevant ethical issue to be considered, and explain why this issue is important to Clean Hotels. |
AssignmentTutorOnline