Cavite State University- Main Campus
Home Economics, Vocational and Technical
Education Department
BSHM 55 RISK MANAGEMENT AS
APPLIED TO SAFETY SECURITY AND
SANITATION
Module 1: Introduction to Risk management.
Compiled by:
Sean Bradley P. Peñaflrida
Instructor
1
� Preface
This module intends to orient and introduce the students to risk management. It aims
to define terminologies in order to explain risk management concepts, discuss the different
components of the industry as well as their respective characteristics and importance. Other
topics include the nature of a tour, the tourist product and tourist destination, and the tourist
services.
This module was created to provide foundational knowledge and background
information for the students with regards to the basic know-hows of risk management. This is
also a great opportunity to straighten out facts and debunk myths about the nature of the
field/course that they intend to partake in the future.
1
� Table of Contents
Learning Objectives ……………………………………………………..…………………i
Instructions to the learner …………………………………………………………………ii
Learning Topics: Introduction to Tourism and Hospitality
A. The Relationship of Tourism and Hospitality ……………………………….1
B. Components of Tourism and Hospitality ……………………………………1
1. Food and Beverage ……………………………………………………2
2. Lodging and Accommodation ………………………………………...2
3. Recreation, Leisure and Entertainment ……………………………..3
4. Transportation ………………………………………………………….3
5. Travel and Tourism ……………………………………………………3
C. What is Tourism and Hospitality? Who is a Tourist?………………………4
D. Elements of Travel ……………………………………………………………6
E. Nature of a Tour ………………………………………………………………7
F. The Tourist Product …………………………………………………………..7
G. The Tourist Destination ……………………………………………………...8
H. Tourist Services ………………………………………………………………9
I. Characteristics of Tourism and Hospitality Industry ……………………….9
J. Importance of Tourism and Hospitality Industry ………………………….10
Post-Test ………………………………………………………………………………...11
Key to Correction………………………………………………………………………..12
References ………………………………………………………………………………13
1
�learning objectives
After the completion of this module, the student will be able to:
1. explain the relationship of tourism and hospitality;
2. discuss the components of the tourism and hospitality industry;
3. differentiate tourists from excursionists;
4. understand the various elements of travel used as criteria for defining travelers
and/or tourists;
5. describe the characteristics of a tourist product and tourist destination;
6. compare and contrast tourism and hospitality with other industries; and
7. appreciate the importance of tourism and hospitality industry
Instruction to learners.
• Make sure to read the lecture notes thoroughly and jot down unfamiliar terms and
take time to research its definitions by any means possible.
• Several learning activities and supplementary readings are required for some
topics which will further enhance your comprehension and understanding about the
subject matter so make sure to accomplish them.
• You may also be asked to watch video clips related to certain topics so please be
mindful of footnotes regarding the links to such learning materials.
• Do not forget to answer the post-test after completing this module since it is one of
the tools in assessing what you have learned from the included topics.
• Should there be any clarification or queries, feel free to communicate your
concerns with your instructor through any means possible and within the specified
consultation hour/period.
Risk Management Defined
1
�Risk management is the process of identifying, assessing and controlling
threats to an organization's capital and earnings. These threats, or risks, could
stem from a wide variety of sources, including financial uncertainty, legal
liabilities, strategic management errors, accidents and natural
disasters. IT security threats and data-related risks, and the risk management
strategies to alleviate them, have become a top priority
for digitized companies. As a result, a risk management plan increasingly
includes companies' processes for identifying and controlling threats to its
digital assets, including proprietary corporate data, a customer's personally
identifiable information (PII) and intellectual property.
Every business and organization faces the risk of unexpected, harmful events
that can cost the company money or cause it to permanently close. Risk
management allows organizations to attempt to prepare for the unexpected by
minimizing risks and extra costs before they happen
1
�Identifying ISO 31000
ISO 31000 was published as a standard on the 13th of November 2009, and
provides a standard on the implementation of risk management. A revised and
harmonized ISO/IEC Guide 73 was published at the same time. The purpose
of ISO 31000:2009 is to be applicable and adaptable for "any public, private or
community enterprise, association, group or individual." Accordingly, the
general scope of ISO 31000 – as a family of risk management standards – is
not developed for a particular industry group, management system or subject
matter field in mind, rather to provide best practice structure and guidance to
all operations concerned with risk management. It began the process for its
first revision on May 13, 2015.A draft International standard (DIS), which was
open for public comment, was published on February 17, 2017. The ISO
31000 has been criticized for lack of solidness and misleading language.
An update to ISO 31000 was added in early 2018. The update is different in
that "ISO 31000:2018 provides more strategic guidance than ISO 31000:2009
and places more emphasis on both the involvement of senior management
and the integration of risk management into the organization."
One of the key paradigm shifts proposed in ISO 31000 is a controversial
change in how risk is conceptualized and defined. Under both ISO
31000:2009 and ISO Guide 73, the definition of "risk" is no longer "chance or
probability of loss", but "effect of uncertainty on objectives" ... thus causing the
word "risk" to refer to positive consequences of uncertainty, as well as
negative ones.
A similar definition was adopted in ISO 9001:2015 (Quality Management
System Standard), in which risk is defined as, "effect of uncertainty."
Additionally, a new risk related requirement, "risk-based thinking" was
introduced there.
Likewise, a broad new definition for stakeholder was established in ISO 31000,
"Person or persons that can affect, be affected by, or perceive themselves to
1
� be affected by a decision or activity." It is the verbatim definition given for the
term "interested party" as defined in ISO 9001:2015.
The risk management process outlined in the ISO 31000 standard includes
the following activities:
● Risk identification: identifying what could prevent us from achieving our
objectives.
● Risk analysis: understanding the sources and causes of the identified risks;
studying probabilities and consequences given the existing controls, to identify
the level of residual risk.
● Risk evaluation: comparing risk analysis results with risk criteria to determine
whether the residual risk is tolerable.
● Risk treatment: changing the magnitude and likelihood of consequences,
both positive and negative, to achieve a net increase in benefit.
● Establishing the context: this activity, which was not included in earlier risk
management process descriptions, consists of defining the scope for the risk
management process, defining the organization’s objectives, and establishing
the risk evaluation criteria. The context comprises both external elements
(regulatory environment, market conditions, stakeholder expectations) and
internal elements (the organization’s governance, culture, standards and
rules, capabilities, existing contracts, worker expectations, information
systems, etc.).
● Monitoring and review: this task consists of measuring risk management
performance against indicators, which are periodically reviewed for
appropriateness. It involves checking for deviations from the risk management
plan, checking whether the risk management framework, policy and plan are
still appropriate, given organizations’ external and internal context, reporting
on risk, progress with the risk management plan and how well the risk
management policy is being followed, and reviewing the effectiveness of the
risk management framework.
● Communication and consultation. This task helps understand stakeholders’
interests and concerns, to check that the risk management process is focusing
on the right elements, and also helps explain the rationale for decisions and
for particular risk treatment options.
1
�Hotel insurance
A hotel business has three fundamentals. The first is your property/premises,
the second your staff and guests, and the third is your income. Keeping these
three things safe should be at the heart of a hotel insurance policy.
Protection for your property comes under the buildings and contents
insurance, and should someone get hurt you have public and employers’
liability insurance. To protect the income, you take from your business, there
is also business interruption insurance. From then on everything else
becomes much more dependent on the different requirements and services
you may offer.
Hotels provide guests with many services, and each one that a hotel offers
exposes the hotel to certain potential risks. Almost any hotel, for instance,
might be sued by a guest who’s injured while spending the night or could have
property damaged during a burglary. Additionally, a hotel that serves food may
be found liable for any food-borne illnesses its dishes spread, and one that
has a pool might be held responsible for any accidents that occur in the pool
area. These are just a few of the many possible risks that a hotel may face.
Because they’re exposed to so many perils, it’s important for hotels to have
robust hotel insurance policies.
Hotel insurance is a type of insurance that’s specifically designed to meet the
needs of hotels. It’s normally written as a package policy, which means one
policy contains multiple individual coverages. The individual coverages
contained within a policy are often customized for a particular hotel’s situation.
Hotel Security Design
In today’s technologically advanced world, guest and staff security are more
critical than ever. Luckily, you can take plenty of steps to make improvements.
From smart surveillance technology to secure Wi-Fi networks.
1
�• Surveillance Cameras
• Most commercial properties have some type of video surveillance
system. Security staff can monitor sensitive areas, such as the
front desk, cash drawer, and common areas. However, improved
software allows hotel owners to match up specific transactions
with the surveillance footage, eliminating the need to sift through
hours of film to find fraudulent activity.
• Mobile Room Keys
• Traditional hotel keys can get lost or stolen. Mobile keys, on the
other hand, strengthen security and allow guests to bypass the
front desk altogether. Everything takes place right from a
smartphone, eliminating the effort of collecting keys from guest,
rooms and elsewhere on the property.
• Guest Safety
• Guests need to feel safe and welcome at your establishment.
Consider how you can improve hotel rooms to increase security.
A straightforward update is an in-room safe. It's easy to come up
with relevant items to stash inside, especially when traveling.
Guests can stow essential documents, passports, collectible
coins, souvenir gifts and more.
• Beyond a safe, consider upgrading all room locks, including on
the doors and windows. Most guests prefer an in-room lock that
can't open from the outside. This security measure allows guests
to feel safe inside, especially when they tuck themselves into bed
for a good night's sleep.
•
• Staff Training
• A safe and secure environment all starts with knowledgeable
staff. Set up regular meetings with all employees to talk about
guest safety.
• Consider the most effective ways to train staff. Try out instruction
videos or bring in a professional lecturer. Hand out worksheets
that outline vital statistics and data. Offer easy ways for
employees to ask questions and raise complaints, including
anonymously.
1
�1
�Risk in hospitality
involves keeping abreast of rapid and often dramatic change, especially as
new technologies emerge.
Potential risks in the hospitality industry include innovation, safety issues,
natural disasters, and reputational risk.
Innovation
The fourth industrial revolution has brought about unprecedented digital
connections. With them comes cybersecurity risk. The internet of things; the
use of mobile applications to procure services, unlock hotel room doors and
perform other tasks; artificial intelligence, and other technologies may give
cybercriminals increased opportunities to access customers’ personal
information, payment card information, and valuables.
Safety issues
These include food safety, slips and falls, and other physical hazards.
Natural disasters
Natural disasters include volatile weather events and disease epidemics, both
becoming more common as the global climate warms.
Reputational risk
As consumers increasingly rely on online customer reviews, reputational risk
is a key area to monitor for hospitality
Unlike in other industries, hospitality businesses have no single industry
standard or regulatory framework to guide risk management strategies.
Therefore, some choose to add a Chief Risk Officer to the C-suite who can
oversee hospitality risk from risk assessment all the way through compliance.
CROs are becoming increasingly common in the hotel industry and among
hospitality businesses in general—Hilton, for instance, has a CRO. A spate of
cyberattacks on major hotel chains including Marriott in recent years may be
fueling this trend.
1
�But hoteliers aren’t the only hospitality companies grappling with risk. Data
security, for instance, is a concern throughout the sector.
The tourism industry, including travel agencies and tour operators;
restaurants, and others in the hospitality industry collect increasing amounts of
customer data, tracking their habits and choices with an eye toward providing
individualized, personalized service. Payment card data, too, is at
risk. Managing the risks to data privacy and security is critical to these
companies’ reputations and bottom lines.
If yours is a hospitality sector enterprise, take note: Quality GRC software can
connect you with the risk management frameworks best suited to your
business and automate many of your compliance tasks—leaving you free to
focus on serving your customers and boosting your profits.
