Use the COVID-19 Hiatus to Review and Improve Travel Risk Management
These are challenging times and for many companies’ travel is the last thing on their minds; however, in due course, the requirement to travel will return and focus on safety and security for travelling colleagues will be at the forefront of their minds. The current travel hiatus gives travel procurement departments and travel risk managers the time and space to review and improve their travel risk management programs.
Any Travel Risk program should include a due diligence process to help ensure that hotel companies provide safety and security that meets the buying company’s travel risk appetite.
In this blog, we will seek to give readers some insights into managing accommodation risk that may assist their review process. During my time in corporate hotel security, I was more surprised by the questions I was not asked by companies conducting accommodation security due diligence; some of those unasked questions will be included here.
Define What You Want to Achieve
Critically you need to be honest about what you are trying to achieve: protecting your company from a liability perspective or to truly protect your travelers.
Hopefully both but if your program is weighted towards the former, the depth of your hotel Due Diligence requirements will probably be met by hotel company statements about safety and security that will be accepted without question and will enable boxes to be ‘ticked’.
Those seeking to do their best for colleague’ safety and security will be more inquisitive and seek evidence that hotel safety and security is as claimed.
Travel Risk Managers and accommodation buyers rarely scrutinize the hotel operator corporate security and safety structure and capability. This is important because effective and consistent hotel safety and security are largely driven by corporate safety and security programs. These programs will set standards, procedures and ways of working. Critically there will be a system of measuring hotel safety and security risk management performance and a program of continual improvement. The better the corporate program, the greater the chance of good hotel safety and security.
Corporate questions to consider:
- Who is responsible for safety and security and at what level in the organisation do they sit?
- To whom do they report?
- Does this person have the expertise and experience?
- What is the size, makeup and experience of the security and safety team – is this commensurate with the number of hotels in the chain or group?
- Does the company have a formal safety and security strategy, standards and policy?
- Does the company have a crisis management program that covers corporate and hotels?
- How does the company manage cybersecurity, does it have a Chief Security Information officer?
- Does the company collect and analyse security threat intelligence?
- Is there a hotel safety and security compliance program?
- How often are hotels audited for safety and security, what do such audits inspect?
In my experience, the standard of safety and security at hotels depends on the Hotel Manager’s leadership qualities and engagement; the hotel may have a great Security Manager but without the Hotel Manager’s support, his/her hands are tied.
Questions to ask of hotels:
- Do the hotels have a security policy, in date and signed by the Hotel Manager? (Ask to see a copy).
- Who is responsible for security and safety management, what are their experience and knowledge?
- To whom do they report? (preferably they will sit on the Hotel Executive or at least report to the Hotel Manager)
- Does the hotel understand the security threat environment in which they operate?
- How does the hotel protect guest data and what security is in place for guest wi-fi networks?
- Does the Hotel have security, crisis management, fire safety and emergency response plans that have been reviewed and updated annually?
- Does the hotel have a formal security and safety training and testing program?
- Do hotel Heads of Departments have clauses in their Job Descriptions describing their responsibility for security and safety within their departments
- When was the hotel last subjected to a safety and security audit, what was the grading/finding? (Hotel are unlikely to answer the latter, but this is a question worth asking.
The above is not an exhaustive list and there are a few companies that provide an independent hotel safety and security auditing capability but buyer beware; if you decide to employ a hotel auditing company be sure you select a company that has proven hotel experience. Hotels are complex operations with unique cultures; a hotel security and safety auditor needs to have a deep understanding of these before they can make valued insightful judgement on safety and security. So, conduct due diligence on 3rd party hotel auditing companies as much as the hotel companies and their hotels.
Some hotels have signed up for hotel security certification programs, such as SafeHotels, which provide a 3rd party annual certification rather than more traditional audits. Hotel selection based on certification is an accommodation Due Diligence solution being increasingly adopted by large corporation procurement teams.