Risk management

We deliver on our commitment to responsible business practices through our robust and effective risk management system, which continues to evolve in step with our business, and results in sustainable, long-term growth.

Our Winning Model strategy and risk

Our strategy and business model create a number of risks and opportunities for the business. The Board is ultimately accountable for the effectiveness of our risk management and internal control systems, and is supported by the Audit Committee, Executive Committee and delegated committees, who oversee our risk management system to ensure that risks are appropriately identified and managed within IHG’s risk appetite.

Risk appetite

IHG’s risk appetite reflects the nature andextent of risk that the Board is willing to take in pursuit of strategic and other business objectives. The risk appetite is then cascaded through the goals we set, the strategy we choose, decisions we make and how we allocate resources. IHG’s risk appetite is further reflected in our governance committees, structures, policies and targets we select, as well as in development guidelines for new hotels. In 2016, the Audit Committee also considered IHG’s approach to risk appetite more generally and in relation to the principal risk areas.

Our risk management system

Our risk management system is fully integrated with the way we run the business through our culture, our controls and our reporting, and is reflected in our strategy. The Global Risk Management function is responsible for the support, enhancement and monitoring of the effectiveness of this system and includes the following key areas.

Risk and culture

Tone, attitudes, ethical values and policies

IHG’s culture is supportive of considered and conscious risk-taking in pursuit of business objectives, and is embedded through, for example, our Winning Ways and our Code of Conduct, which consolidates and clarifies our ethical values and expected standards of behaviour.

The Code of Conduct is applicable to all Directors, officers and employees. It is supported by an e-learning programme and key policies in areas such as bribery, gifts and entertainment, and handling personal data. We also have a confidential disclosure channel to provide employees with a means to report any ethical concerns they may have.

Governance and committee structures

IHG has an operational committee structure in place, which includes regional operating and expenditure committees, franchise and management deal approval committees, and compliance committees, to ensure effective oversight and review of the Group’s activities. These committees oversee, manage and mitigate risk in relation to their activities.

We continue to review and adjust management committees in light of changing business needs and to ensure they support effective and efficient decision-making, including appropriate consideration of risk.

In 2015, we have confirmed and reinforced committee accountabilities in relation to our brand and marketing activities, our programme portfolio management, and our owner strategy.

Risk and control management

Three Lines of Defence

As well as continued reinforcement of ‘first line’ accountability for risk management, we have continued to enhance our capability in ‘second line’ subject matter expertise. In 2015, this included enhancements to procurement and HR processes, and continuing focus on regulatory compliance. ‘Third line’ independent assurance is primarily provided by Global Internal Audit, whose audit plan is aligned with the Group’s principal risks.

Risk and strategy

In developing our strategy, we seek to mitigate or exploit a number of strategic risks to our business. Our strategic planning process involves the Executive Committee and relevant regions and functions, who develop plans that consider and address strategic risks, business-as-usual operational risks and financial control and compliance considerations within the framework of our broader risk appetite.

Risk monitoring and reporting

Risk and performance monitoring

Risk and performance information is crucial to effective management of known risks. Through regular review of key risk indicators and progress against our key performance indicators and our internal performance measures, we are able to monitor risk trends and emerging risks effectively.

Principal risk reporting

IHG’s principal risk review process engages management to identify, assess, manage and monitor the principal risks and uncertainties affecting the Group. It considers risks relating to our strategy, operations and to our financial reporting and compliance responsibilities, reporting to the Board and Audit Committee on a biannual basis.

IHG’s principal risks, uncertainties and review process

The external risk environment remains dynamic. However, the Group’s asset-light business model, diverse brand portfolio and wide geographical spread contribute to IHG’s resilience to events that could affect specific segmental or geographical areas. Our Risk Working Group, chaired by the General Counsel and Company Secretary and comprised of the heads of Global Risk Management, Global Strategy and Global Internal Audit, provides input on, and oversight of, the principal risk review process, which identifies and assesses risks for ongoing monitoring and review by senior management.

The Directors have carried out an assessment of the principal risks facing the Group, including those that would threaten its business model, future performance, solvency or liquidity. These risks are reviewed formally by the Directors on a biannual basis and are considered in more detail through the activities of the Board and Committees. The approach to principal risks was further strengthened in 2016 through an increased consideration of risks within the strategic planning processes and the engagement of all Executive Committee members in the discussion of principal risks throughout the year. We have a standing risk working group who provide guidance and oversight with regard to the principal risks and risk management system.

During this process we consider the potential impact on our ability to meet our commitment to responsible business. In addition to the principal risks, during 2016 we performed detailed risk assessments with regards to a number of areas of responsible business, including human rights, supply chain and water amongst others. The outcomes of our risk assessments are reviewed regularly and are used to guide our behaviours and activities.

Our principal risks remain unchanged, however, reflecting the dynamic environment in which we operate, we continue to review and refine the approach we take to mitigating our risk.

Principal risks

 

How the external environment for each principal risk has changed over the past year (Trend):

  • Increased risk Increased risk

  • No change in risk No Change in risk

How each principal risk links to our strategic priorities (Impact):

  • Winning model Winning Model

  • Targeted portfolio Targeted Portfolio

  • Disciplined execution Disciplined Execution

  • Responsible business Responsible Business

 

Failure to deliver preferred brands and loyalty could impact our competitive positioning, our growth ambitions and our reputation with guests, owners and investors.

Trend

No change in risk

Impact

Winning model

Targeted portfolio

Initiatives to manage these risks

  • Each of the brands in our portfolio is designed, and continues to evolve, to meet specific guest needs and occasions, through distinct and complementary brand propositions informed by guest research and insights.
  • We continue to innovate and evolve our hotel-room and public-space designs to ensure we deliver differentiated, relevant guest experiences. In 2016, we introduced several new design initiatives across our Holiday Inn and Holiday Inn Express brands.
  • We manage brand consistency through the entire hotel life cycle, supported by clear contractual terms, new hotel opening processes, brand standard requirements and compliance processes. Tools, training and guidance assist owners and those working at our hotels to deliver brand consistency.

Failure to operate an appropriate risk management system which safeguards the safety and security of our guests and employees could impact our reputation.

Trend

No change in risk

Impact

Winning model

Targeted portfolio

Responsible business

Initiatives to manage these risks

  • We manage this risk by promoting a strong safety culture through our values and attitudes, our ‘Winning Ways’ and a strong governance system.
  • In 2016, we enhanced oversight through the development of a Safe Hotel Advisory Group comprising risk and standards measurement.
  • We continuously monitor and refresh our brand safety standards where necessary, and work with our hotels to ensure that brand safety standards are met throughout the hotel life cycle across our entire portfolio.
  • Our operational safety and security teams have extensive subject matter expertise and experience, and provide support to line management to equip them to plan for, and respond to, incidents across all of our regions.

Failure to recruit and retain the right leadership and talent, and to give them the tools, guidance and support to be successful, could impact the delivery of our strategic ambition.

Trend

No change in risk

Impact

Winning model

Disciplined execution

Responsible business

Initiatives to manage these risks

  • We have a comprehensive, global people strategy in place, which includes a talent leadership programme, both in hotels and at a corporate level.
  • The talent development programme also reflects our culture and values. Our leadership framework, support tools, and training and development programmes help our people grow their careers
  • Our HR strategy manages specific training programmes globally, catering to specific talent needs in local markets, e.g. Greater China.
  • We pro-actively manage succession planning at all levels and consider the diversity (more broadly than gender) of our people and leadership.

Failure to maintain and enhance our channel management and technology platforms could impact on our ability to deliver revenue.

Trend

Increased risk

Impact

Winning model

Disciplined execution

Initiatives to manage these risks

  • We recognise that technological advances, the growth of intermediaries and the sharing economy, and changing guest expectations mean that we must continually invest in, and improve, our technological systems to build lifetime relationships with our guests. Our focus is on encouraging guests to use direct booking channels. However, recognising that some travellers use intermediaries, we seek to secure improved terms with those intermediaries for our hotels.
  • This year, we extended our Your Rate by IHG Rewards Club loyalty benefit to further markets, allowing more guests to get the best hotel rates by booking directly through IHG’s booking channels.
  • We remain on track to roll out our new Guest Reservation System in 2017, providing easier booking interfaces for both guests and hotels, enhanced digital functionality and easier technology upgrades to better meet guest needs.
  • We have a multi-award-winning mobile app, which has been downloaded over seven million times since launching. Consistent with our philosophy and focus, our app includes the most advanced loyalty functionality across the industry.

Failure to maintain strong relationships with owners, and to demonstrate attractive returns on investment, which we call our owner proposition, could impact the retention and growth of IHG’s System size and development pipeline.

Trend

No change in risk

Impact

Winning model

Targeted portfolio

Disciplined execution

Responsible business

Initiatives to manage these risks

  • Our franchise and managed owner offer includes tools such as IHG Green Engage system and IHG Academy, hotel solutions, revenue delivery systems, operational support and guidance to allow us to support our hotels and maintain relationships with owners throughout the hotel life cycle.
  • We carefully monitor net System size growth, and focus on contract renewals and renegotiations, to ensure that our owners receive the best value with IHG franchise and management agreements.
  • Through the IHG Owners Association, we work with our owners to understand their key priorities and perspectives, for example, in respect of the use of the System Fund.
  • In 2016, we reviewed and enhanced the hotel budget guidance process to provide owners with better information.

The threat faced from the risk of cybersecurity and information governance is constantly evolving and, in 2016, has impacted a large number of organisations across multiple industries, including a number of cyber attacks on the hospitality industry. This threat could impact our operations, result in fines and legal actions, and undermine stakeholder trust in our business. In 2016, our Kimpton Hotels & Restaurants business in The Americas was subject to a cyber attack, and an investigation into another such attack at hotels in The Americas region is ongoing.

Trend

Increased risk

Impact

Winning model

Disciplined execution

Responsible business

Initiatives to manage these risks

  • We have applied a risk-based methodology to considering the value of our information assets, including Payment Card Information (PCI), other Personally Identifiable information (PII), non-public financial information and employee data, to formulate a set of policies, processes, guidance and accountabilities with regards to information security.
  • We monitor the evolution of this risk through our Information Security team and our Threats and Intelligence team, using forward-looking indicators and intelligence to inform our approach to managing this risk.
  • We are implementing a number of initiatives to address specific elements of this risk. These include the role out of a Secure Payment System, tokenisation of key systems, the development of a revised information-management policy and increased focus on information shared with our suppliers and business partners.
  • The approach to the risk is overseen by an Information Security Committee, who led and sponsored a full review of all relevant policies in 2016.
  • We have a clearly defined incident management capability, which we are continuously developing and embedding across the organisation. We have deployed our incident response plan to develop and implement investigation, containment and mitigation steps in relation to both the Kimpton Security Incident and the Americas Security Incident.

Failure to effectively manage our programme and project delivery could impact the value realised from our investments.

Trend

No change in risk

Impact

Winning model

Disciplined execution

Initiatives to manage these risks

  • Our programme management capability is overseen by our Strategic Portfolio Governance Group and implemented by our Strategic Portfolio Management team.
  • The Strategic Portfolio Management team ensure strategic alignment and prioritisation of key programmes, develop organisational capability through training and implement the Group’s project delivery approaches and tools. This team is supported by regional and functional project management teams, who manage and monitor specific programmes and projects.
  • In 2016, we continue to streamline our priorities to ensure we focus on those core programmes that have a significant impact on our business, including Crowne Plaza Accelerate and our new Guest Reservation System.

While the hotel sector is not subject to stringent industry-specific regulations, failure to ensure legal, regulatory and ethical compliance could impact our reputation.

Trend

Increased risk

Impact

Disciplined execution

Responsible business

Initiatives to manage these risks

  • Our regulatory compliance programme works to identify and respond to relevant regulatory requirements. These include, but are not limited to, anti-bribery and corruption, data privacy and antitrust.
  • We ensure that our corporate employees conduct annual Code of Conduct training that highlights, on a rolling basis, key areas such as anti-bribery and competition law to ensure that we consistently adhere to the highest legal and ethical standards. Our hotels across the globe also provide training to their employees to ensure they are aware of their obligations.

Increased public scrutiny, litigation and regulatory investigation highlight the need for companies to ensure that their financial management and control systems are robust.

Trend

No change in risk

Impact

Targeted portfolio

Disciplined execution

Responsible business

Initiatives to manage these risks

  • The maintenance of a sound financial-reporting and control environment is achieved through an effective policy framework, training programmes, and layered performance and review processes.
  • IHG has a mature, experienced and stable global finance function that includes, among others, the following teams: Group Tax; Group Treasury; Procurement and Cost Efficiency; Global BSC Operations; Global and Regional Financial Planning and Analysis; Global Financial Reporting; and Governance and Compliance including compliance with the Sarbanes-Oxley Act 2002 (SOX).