RISK MANAGEMENT APPLICABLE TO THE

INDUSTRY OF TOURISM

1
Risk Defined
•Implies awareness that risk is something foreseeable in every kind
of business even in the tourism and hospitality world.

•Risk, according to UNWTO, is a situation that exposes someone or

something to danger harm or loss. Risk can be a physical safety
matter, a risk of property loss, a financial business risk and more.

•Risk as the probability of threat of damage, injury, liability, or any

other adverse occurrence that is caused by external or internal
vulnerabilities, and that may be avoided through pre-emptive
action.

•Risk implies future uncertainty about deviation from expected

earnings or expected outcome. Risk measures the uncertainty that
an investor is willing to take to realize a gain from an investment.

2
Risk vs. Hazard

Hazard pertains to any source of potential damage, harm or

adverse health effects on something or someone, while risk is the chance
of probability that a person will be harmed or experience an adverse
health effect if exposed to a hazard.

According to workSMARK, (n.d.) a hazard is something that can

cause harm while risk is a chance that any hazard will cause harm to
somebody.
RISK
HAZARD How great the
Anything that can cause harm chance that
(eg. A chemical electricity,
someone will
ladders, etc)
be harmed by
the hazard

Risk management, as defined in ISO 31000, is the

identification, evaluation, and prioritization of risks. It is
followed by coordinated and economical application of
resources to minimize, monitor, and control the
probability of unfortunate events (Hubbard, 2009) to
achieve the desired output.
3
Source of Risk
Risk can come from different sources like the following:
1. Uncertainty in financial markets;
2. Threats from project failures (at any phase in design, development,
production, or sustainment life-cycles);
3. Legal liabilities;
4. Credit risk;
5. Accidents;
6. Natural causes and disasters;
7. Deliberate attack from an adversary; or
8. Events of uncertain or unpredictable root-cause

Credit Risk

•Credit risk as defined in Principles for the Management

of Credit Risk, is the potential that a bank borrower or
counterparty will fail to meet its obligations following
agreed terms.

4
Accidents

A. The following are some of the common injuries in the hospitality

industry:
1. Slip-and-fall injuries;
2. Musculoskeletal injuries;
3. Skin reactions.
4. Respiratory illness
5. Security-related accidents
6. Food poisoning
7. Elevator and escalator accidents

5
 B. Accidents in the Tourism Industry
Accidents occur when there is an unintentional external action
at a particular time and place, with the non-apparent and deliberate cause
but with marked effects.
1. Accidents due to fortuitous events or acts of God
Listed below are some of the natural phenomena identified
1.1 Earthquakes 1.5 Erosion
1.2 Volcanic eruption 1.6 Fire
1.3 Flood 1.7 Storm
1.4 Landslides 1.8 Typhoon

2. Transport accidents
Some road traffic/accident figures:
1. 13 million – Total driver’s licenses issued
2. 7,463,393 – Total motor vehicles registered
3. 270,000 km – Total length of roads nationwide
4. 132,089 – Violators of the Seatbelt Use Act
5. 79% - Road crash fatalities caused by driver error
6. 11% - Road crash fatalities caused by defective vehicles
7. 10% - Road crash fatalities caused by dangerous road
conditions and ill-maintained roads.
8. 16% - Road crashes caused by trucks in the first half of 2013
9. 12% - Road crashes caused by trucks in 2012
10. 7.5% - Percentage of the Road Users Tax collected annually
that will be allotted for road safety measures
6
3. Accidents due to Activities

A. Pool accident
B. Animal bites or attacks
C. Drowning
D. Electrocution

Natural Causes and Disasters

The movement of the earth may include earthquake, volcanic

eruption, and tsunamis. Disasters related to weather include
hurricanes, tornadoes, el nino, la nina, extreme heat, and freezing
water. Floods, mudslide, landslides, and famine are considered as
magnitude of the occurrences of the extreme weather events. They
are the result of unforeseen conditions

Deliberate Attack from an Adversary

Terrorism, according to Albu (2016),has become

one of the more and more active and threatening
calamities that affect the international community.

7
Events of Uncertain or Unpredictable Root-cause

The strategies to manage risk typically include transferring the

risk to another party, avoiding the risk, reducing the adverse effect or
probability of the risk, or even accepting some or all of the potential or
actual consequences of a particular risk.

Two Types of Events in Risk Management

There are two types of events, to wit:
1. Negative event of risk;
2. Positive event or opportunities

Strategies to Manage Threats (Uncertainties with Negative

Consequences)
The following strategies of managing uncertainties can be
dealt with using the following elements in order
1. Avoid the threat;
2. Reduction of the adverse effect or probability of the threat
3. Transfer of all or part of the threat to another party;
4. Retaining some or all of the potential or actual consequences
of a particular threat, and the opposites for opportunities
(uncertain future states with benefits).
8
How to Implement the Strategies to Manage
Uncertainties (Method)

The different strategies of managing uncertainties can be

dealt with using the following elements in order:

1. Threat identification or characterization;

2. Assessment of the vulnerability of critical assets to specific
threats;
3. Risk determination;
4. Identification of the techniques to reduce those risk;
5. Prioritization of the measures

9
Risk management Principles

The following are some of the risk management principles enunciated by the International
Organization for Standardization:

1. Risk management should create a value wherein the resources expended to mitigate risk
should be less than the consequences if inaction;
2. It should be an integral part of the organizational processes;
3. The risk management should become part of the decision-making processes;
4. It should explicitly address uncertainty and assumptions;
5. It should be placed in a systematic and structured process;
6. The best available information should be the bases of risk management;
7. Risk management should be tailorable;
8. It should take human factors into account;
9. It should be transparent and inclusive;
10. The dynamism, interactivity, and responsiveness to change must be evident on the risk
management.
11. Risk management should be capable of continual improvement and enhancement;
12. There is a need for a continuous and periodic re –assessment of the risk management.

10
Steps on Risk management Process as per ISO 31000

The following are the steps for the implementation of the

risk management process based on ISO 31000:

1. Context establishment;
2. Identification of the potential risk;
3. Risk assessment;
4. Creation of risk options;
5. Identification of potential risk management
treatments;
6. Make a risk management plan;
7. Execute the plan.

11
Context Establishment
Establishing the context of risk management involves the following;

a. Risk identification in a selected domain of interest;

b. Planning the rest of the whole risk management process;
c. Plotting out the :
 Scope of risk management
 Identify and objectives of stakeholders
 Bases of risk evaluation and constraints.
d. The framing of risk management activity and agenda for
identification;
e. Analysis of risk involved in the process;
f. Giving of a solution of risk using available technological, human
and organizational resources.
Identification of the potential risk

Good managers must possess the ability to forecast the

problem that may arise out of the current endeavor that
they have been attending. It may start with the source
identification, whether from the competitors or with the
problem itself.
12
The sources of risk may be classified as
 Internal; and
 External

The following factors could be considered as determinants in choosing

a method of identifying risk: culture, industry practice, and
compliance. The methods of identifying risks are as follow:

a. Objectives-based risk identification;

b. Scenario-based risk identification;
c. C. Taxonomy-based risk identification;
d. Common-risk checking;
e. Risk charting

 Objectives-based risk identification.

The mission, vision, and goals of any organization illustrate

where the organization should be in particular point of
time.

13
 Scenario-based risk identification
Different scenarios must be considered in the determination of
applicable risk management techniques. Scenarios are the alternatives of
the objective or an analysis of the interaction of forces.

 Taxonomy-based risk identification

According to Sei.cmu.edu. (retrieved, 2012), taxonomy-based risk
identification is the breakdown of possible risk resources.

 Common-risk checking
Another method to identify risk in any organization is the
common-risk checking which lists the known risks available.

 Risk charting (Common Vulnerability and Exposures list,

2102)
This method is the combination of all approaches or
techniques discussed above which enumerates the resources at risk,
threats to those resources, modifying factors which may increase or
decrease the risk and consequences it wishes to avoid.

14
Risk Assessment
According to RFC4949, risk assessment is the
determination of a quantitative or qualitative estimate of risk related
to a clear situation and recognized threat (also called hazard). There
are two components for quantitative risk assessment, to wit:
1. The magnitude of potential loss (L)
2. The probability (p) of the occurrence of the risk

In the study conducted by Lyon and Popov (2017), they said

that risk assessment alone does not suffice as the risk
communication is required to reduce uncertainty and manage
operational risk.

15
Risk Options

The following are some of the options to mitigate risks.

1. Project a novel business procedure with sufficient built-in
control and containment measures from the start.
2. Conduct a periodic reassessment of risk that are acceptable in
ongoing processes as a regular feature of business operations
and modify mitigation measures.
3. Handover risks to an external agency like an insurance
company
4. Avoid risks altogether (e.g., by closing down a particular high-
risk business area)
In the study of Somerville (2004), he discussed the
environmental challenges of travel and tourism ranging from
the impact of aircraft noise, mainly at significant departure
airports, through the provision of infrastructure at
destinations, to interact with communities and wildlife.

Based on the study of Shih-Chieh Chuang (2007), academics

and marketers know relatively little about how emotions
affect people’s choice of travel and tour commodities.
16
5. Potential risk treatments

The techniques in managing risk may be categorized into the following:

a. Avoidance (eliminate, withdraw from or not become involved)
b. Reduction (optimize-mitigate)
c. Sharing (transfer – outsource or insure
d. Retention (accept and budget)

 Risk Avoidance
According to https://searchcompliance.techtarget.com/definition/risk-
avoidance(2018), risk avoidance is the elimination of hazards,
activities, and exposures that can negatively affect an organization’s
asset.

Risk Reduction
Risk reduction is the optimization or mitigation of the hazards in any
form of business.

Sharing
Sharing is a technique in risk management wherein the
management is transferring the burden to another person
or juridical entity
17
Risk management Plan
According to Dcosta (2015), the risk management plan evaluates
identified risks and outlines mitigation actions.

1. Risk and consequences. It usually identifies the risks associated with

the project and the probability that it could affect the schedule, the
resourcing, or the budget;
2. Probability. This could be a percentage or a number
3. Impact. The determination of the impact or the variant effect of the
risk to the business is necessary as well in the matrix.
4. Priority. The column would merely state which among the identified
risks should be attended first because of its severity of effect or impact.
5. Mitigation. This is the overview of the mitigation steps for the
reduction or elimination of the risk.

18
Implementation

The actual implementation of the plan.

The ability of the risk manager to ascertain the necessary insurance for the
given situation.
Risks are supposedly anticipated.

Review and evaluation of the plan

An update periodic management plan is needed because of the following
reasons:
1. Determined of the applicability and effectiveness of the previous
security controls;
2. Understand the possible changes in risk level in the business
environment.

19
 -End-
Thank you for listening 

20