Roads to Resilience

Business structure The company has invested a lot of time and effort in defining a structure that ensures that risk management is embedded throughout the organisation: “ IHG recognises the importance of having in place an effective system of internal controls and risk management to achieve our Vision of becoming one of the great companies in the world. Our Board and Committees work together with senior management to identify, assess, prioritise and mitigate risks ” 6 . IHG aims to raise risk awareness at the Board, the Executive Committee, throughout the leadership teams in the Regions and Functions, in every hotel and with all employees. Day-to-day, the various processes for dealing with risk are applied across three levels: for analysing strategic risks (long-term business plans in the different IHG regions and functions); tactical risks (key initiatives and projects); and operational risks (impacting the operations of the IHG central system and across the owned, managed, and franchised hotels) 7 . At IHG the understanding of risk is intricately linked to reputation: “ The purpose of risk management is to champion and protect the trusted reputation of IHG and its brands ” (SVP Head of Global Risk Management). To achieve this, the company created a new function in 2011 called ‘Business Reputation and Responsibility’ (BRR), which brings together: Risk Management; Internal Audit; Legal and Company Secretariat; and Corporate Responsibility. The Risk Management department is comprised of subject matter experts in areas such as Safety, Security, Fraud, Business Continuity Management, Risk Training, Corporate Risk Management, and Risk Financing. The team provides risk management leadership and seeks to embed capability through developing ‘tools to do the job’ (e-learning, checklists and guidelines), support, and oversight. The ambition is “ to foster a culture that is well-informed, curious, alert, responsive, consistent and accountable so that risk management becomes instinctive ” 8 and where everyone perceives their role as being both an IHG brand champion and a protector of IHG’s reputation. Risk Governance is established through the Risks Working Group, “ which looks at the major risks facing the organisation, it’s a cross-functional group and we meet four times a year to produce the Major Risk Review that gets discussed and agreed at the Board ” (SVP Head of Global Risk Management). The Risk Working Group is chaired by the General Counsel and Company Secretary and includes the Global Heads of Strategy, Project Management Office, Risk Management and Internal Audit. Information on risks is constantly collected, communicated and assessed. “ The risk process combines bottom-up risk information from the Regions and Functions, is synthesised and prioritised with a global and strategic view at the Risk Working Group and the output is used to drive discussions at the Executive Committee, Audit Committee and Board ” (SVP Head of Global Internal Audit). At the operational level, when hotels are audited they are expected to have a defined risk profile, including the different things about their particular hotel, to have policies and standards, training plans, checklists and the like. It is through having risks identified and plans to deal with situations already in place that IHG had developed an ability to deal with unexpected situations. Training and informal discussion groups are used and “ crisis management scenario planning sharpens the whole culture ” (SVP Head of Global Risk Management). 6 From 2012 Annual Report, p38. See http://www.ihgplc.com/index.asp?pageid=326 7 From 2012 Annual Report, pp42-44. See http://www.ihgplc.com/index.asp?pageid=326 8 From 2012 Annual Report, p38. See http://www.ihgplc.com/index.asp?pageid=326

115

Roads to Resilience: Building dynamic approaches to risk to achieve future success