Completion requirements
View
3. Risk management
Introduction
The occurrence of the covid 19 epidemy in 2019-2020 and the imposed personal isolation produced a shock for the tourism industry, which had disastrous effects for the whole sector and persons employed in it internationally. This fact has put a pressure to companies to think about measures to ensure the business continuity.
Of course risk was not a
new-born concept. Risk is an inevitable part of both personal and
business life and inherent factor in all entrepreneurship. To
avoid adverse consequences and attain favourable results, it is
crucial to handle risks efficiently. Risk management is a
systematic approach that involves identifying, evaluating, and
mitigating potential risks that can impact individuals or
organizations. This process entails assessing the likelihood and
potential consequences of risks and devising measures to minimize
their probability or impact. For example, the likelihood of
occurrence of a problem if you use the remnants of a dinner
buffet to include them in next morning’s breakfast may be low, if
the food is kept following the correct rules. The severity of
consequences though may be very high if a customer gets food
poisoning. In this chapter, we will delve into the fundamental
principles, methods, and difficulties of risk
management.
Principles of Risk Management:
The first step in risk management is to identify and define the risks that could impact an organization or individual. Risk assessment involves evaluating the likelihood and potential impact of each identified risk and prioritizing them based on their severity. Risk mitigation involves developing and implementing strategies to reduce or eliminate the likelihood or impact of risks. Risk monitoring and review involve regularly assessing and updating the risk management plan to ensure its effectiveness and relevance.
Risk Management Techniques
There are several techniques that can be used to manage risks effectively. Risk management involves avoiding activities or situations that could lead to potential perils. An example may be offering discount prices for booking some months in advance and applying severe refund rules to mitigate the risk of a non-previewed even occurring to affect tourism (e.g. a terrorist attack in that city) or having an individual power generator to face potential blackouts during summer. Risk reduction involves implementing measures to reduce the likelihood or impact of risks, such as applying safety procedures or redundancies. Risk management also involves transferring the risk to another party, such as through insurance or contracts. Risk management additionally involves accepting the risk and developing contingency plans to mitigate its impact if it occurs.
Risk Management Process Description
The project risk management process defines the activities to identify, assess, prioritise, manage and control risks that may affect the execution of the project and the achievement of its objectives. This process is divided into four steps:
Step 1: Risk Identification
The purpose of this step is to facilitate the identification and documentation of risks that can impact the project objectives e.g. the risk not to find trained staff for the summer period, the risk the chef of the cuisine leaves you at the middle of the touristic period etc.
Various techniques will be used for risk identification which typically focus on past trends or future exposure, on a bottom-up or a top-down analysis.
Some organisations have a Risk Typology that groups various types of risks into categories and it will be used as reference, e.g. risks related to force majeure (for example due to bad weather, geopolitical tensions etc.), due to the lack (or quitting) of the adequate personnel, to an event that impacts badly the reputation of the location as tourist destination, to bad competition, to infrastructure problems etc.
Risks are continuously identified throughout the project lifecycle; however, very early during the Initiating phase, an initial risk list will be created which is thereafter frequently updated.
Step 2: Risk Assessment
The purpose of this step is to assess the likelihood and impact of the identified risks in terms of their influence on the project objectives. This assessment is necessary before any risk response planning can be done.
Risks are assessed based on their likelihood of occurrence and the impact on project objectives. The product of their likelihood and impact defines the Risk Level, which is then used as a reference for their prioritisation and risk response development.
Depending on the stakeholders' risk appetite, evaluation scales and tolerances will be defined based on which the most appropriate risk response strategies are chosen.
Step 3: Risk Response Development
The purpose of this step is to select the best risk response strategy and identify and plan the actions to control the risks.
The selection of the risk response strategy will be based on the results of the risk assessment (risk level), the type of risk, on the effects on the overall project objectives (e.g. schedule and costs), as well as on the cost of the strategy and its benefits (cost/benefit analysis). The strategy (or strategies) selected for each risk are documented in the Risk Log.
There are four strategies to be considered as risk responses: Reduce, Avoid, Transfer, or Accept a risk. For the risks that have been accepted, contingency plans may be applied to help control their impact in case they occur.
After the strategy for each risk has been selected, specific actions to implement the strategy will be defined, described, scheduled and assigned (e.g., self-owned generator for blackouts, private fresh water tank for water shortages, lifeguard shifts for swimming safely, training to newly appointed staff etc.), while a Risk Owner assumes the responsibility for its implementation.
Actions will detail concrete activities, milestones and deliverables and will be documented in the Risk Log. Moreover, they will clearly identify the target resolution date, as well as the estimation of resources involved and dependencies. These actions (at least the most effort/cost consuming ones) will be incorporated into the Project Work Plan, to have a consolidated view of all project related activities.
Step 4: Risk Control
The purpose of this step is to monitor and control the implementation of the risk response activities while continuously monitoring the project environment for new risks or changes (e.g. probability and/or impact) in the risks already identified.
The Project Follow-up Meetings are used to revise the status of risks and related actions, and to identify new risks that may have a negative impact on project milestones, deliverables or objectives.
Challenges of Risk Management
There are several challenges and obstacles that can hinder effective risk management. One of the main challenges is uncertainty, as risks are inherently unpredictable and can have unforeseen consequences. Limited resources and competing priorities can also make it difficult to allocate sufficient resources to risk management activities. Resistance to change and complacency can lead to a lack of urgency or commitment to risk management. In addition, the complexity of modern organizations and systems can make it difficult to identify and evaluate all potential risks.
Case study
A case study about risk management from a resort in Malaysia:
Conclusion
Effective risk management is essential for achieving desired outcomes and avoiding negative consequences. By applying the principles and techniques discussed in this chapter and being aware of the challenges and obstacles, individuals and organizations can develop a proactive and comprehensive approach to risk management. By continuously monitoring and reviewing the risk management plan, and adapting it as necessary, individuals and organizations can minimize the likelihood and impact of risks and achieve their goals.