Operational risk management addresses the new threats of the 21st century

June 2004 Security Services & Risk Management

As indubitably the most prestigious international hotel chain in South Africa, it possibly comes as no surprise to find that the Intercontinental Sandton Sun & Towers (which operate as two separate hotels) recently appointed a risk manager.

While the introduction of operational risk management may not be something new in terms of leading European or American hotels, it is believed to be a first in South Africa. The new appointee is Phillip Hulatt who had over 12 years' experience with the Sun International group before being headhunted for his present position. Hulatt occupied many positions at Sun International and benefited greatly from the group's extensive training programme. Although born in the UK, Hulatt opted to do his National Service with the SANDF and after completing his training at the Infantry School in Oudtshoorn he moved on to the 1st Parachute Battalion in Bloemfontein where he ended up as an instructor. Hulatt remains an active member of the SANDF's Reserve Force and has gained extensive experience in the security field.

Phillip Hulatt, Intercontinental 
Sun & Towers
Phillip Hulatt, Intercontinental Sun & Towers

Hulatt took up his new position earlier this year and there is still much to be done to achieve his goals. After his systems have been tried and proven at Sandton he hopes to roll out the system to the other Intercontinental in Johannesburg and the one located at Johannesburg International. While Hulatt sits in the office next to the Hotel's general manager, he reports to the Group Head Office in a multifaceted approach where he interacts with the group risk manager, the financial manager and the two general managers. While this may seem strange it will become clearer through further reading of this article that risk has multiple dimensions, not just security.

Security is, of course, very high up on his agenda as the Intercontinental has hosted many foreign dignitaries, including President Clinton, high profile businessmen and cabin crews from many airlines, all of whom could be subject to terrorist attacks. In all of these cases Hulatt liaises closely with their own security detail, who often visit the hotel in advance. In more sensitive situations, such as the recent inauguration ceremonies, he also calls on élite local units such as the bomb squad, special forces, embassy protection teams and others to provide a coordinated security solution.

As indicated, risk management is a very broad portfolio and Hulatt often assists in a marketing role where he is able to ensure potential VIP residents that they will be totally secure and will also enjoy the high level of service excellence offered by the hotel. In certain circumstances local police or security units will be used to sweep suites for possible explosive or eavesdropping devices. Both of these are highly unlikely because of the already comprehensive security where card access to rooms is logged and identifies the person. Unauthorised entry by someone not on the housekeeping staff, for example, would raise an alert that would immediately be investigated. In the last resort a VIP who is still uncomfortable would be offered his choice from a number of virtually identical suites.

While security services (personnel) for the hotel are outsourced, Hulatt has his own security manager and shift security managers. Monitoring of all the CCTV cameras (which, by the way, are unobtrusive and have to be pointed out), room access, fire and smoke alarms, etc, are managed from a single control room and all senior hotel management members of staff are available on a 24/7 basis being contacted via their cellphones which must always be switched on.

Being the luxury hotel that it is, security is almost invisible but being a new venue for me it was interesting to note that as soon as you appeared confused as to where you should go next (the two hotels are connected by an overhead ramp) there was always a bellboy at your side to offer advice, often walking personally with you to the area required. Although the older Sandton Sun is directly connected to the shopping mall this entry method to the hotel premises is sealed off after normal shopping/entertainment hours.

The possibility of fire is another major concern for hotels this size and fire prevention and reaction to it is another one of Hulatt's responsibilities. Obviously every room has a smoke detector and alarms from these are monitored from the control room. An alarm from a non-smoking room is an immediate concern and will result in rapid reaction with a personal visit to the room by one of the floor staff.

The Intercontinental has its own well-trained fire team and members of these would be the first responders in the event of an outbreak with backup being requested from the Sandton fire brigade, if required. The fire equipment (hoses, fire extinguishers and fire blankets) is meticulously maintained and checked and sealed at the stipulated intervals. At present evacuation drills are being carried out once a month, but this will decrease to once every two months once everyone is fully up to speed. Note that the hotel is frequented by the flight crews of many major international airlines and care is taken to isolate their rooms to this necessary but inconvenient drill (if you have spent the night on your feet).

The structure of the hotel itself with its central open atrium reduces the effect of the biggest killer, namely smoke, and provides the fire team with vital additional minutes in which to respond. A major fire hazard is of course the kitchen, a vast area to cover. Here, in addition to hoses and extinguishers, a powerful automatic sprinkler system is installed over critical areas (deep frying for example). In all sensitive areas of the kitchen large boards show contact numbers of people from the hotel sister to the manager in the event of any incident. In this and other areas fully equipped medical kits are readily accessible. Fireman's lifts are provided in the service lift system with automatic fire doors to prevent further spreading of the fire. Hulatt spends much of his time 'managing by walking about' and on our visit to the kitchen a group of staff in a remote area were severely criticised for having temporarily blocked a fire exit with a loaded trolley. Incidentally, in the area behind the banqueting and function rooms there is a large storage area for tables, chairs and the likes, and here the maximum storage height (to allow the sprinklers to operate effectively) is clearly demarcated with a broad solid yellow line - nothing is left to chance!

Another of Hulatt's concerns is shrinkage resulting from both staff and guests. Obviously in a hotel of this calibre no one is going to worry about a missing miniature from the mini-bar. On the other hand the cutlery and plates used are expensive and the same person that delivers room service re-collects the remains and ensures that all coffee pots, plates and cutlery are present. The rooms are fully checked after a guest's departure. This serves a dual purpose, first ensuring that nobody has walked off with the hairdryer or television, but more importantly to ensure that the guest has left nothing behind. If something like a cellphone charger has been forgotten it is sent on to the person concerned or if it is a frequent guest, the item will be bagged and tagged and will be in the guest's room on their next arrival. The equipment and assets belonging to the hotel must also be managed and here Hulatt has introduced a control release book that ensures that when hotel goods go out they do actually come back.

Today of course and with 11 September in mind, asymmetrical terrorist attacks (such as white powder) are a great fear. Hulatt has developed a master disaster plan that will cope with any scenario although he did say that he could do little about an aircraft flying into the building. However, the effect of that or any other disaster is minimised through having proper evacuation procedures that are well known by every member of staff, and by ensuring that as many staff as possible are trained in basic first aid. Naturally in the event of a power failure the hotels possess generators that will immediately kick in. As an added precaution non-mains powered lighting is provided in the internal fire escapes.

In terms of risk, even the outdoor pool area is of concern and an emergency phone is conveniently located here. Glass breakages in this area are immediately cleared up while even the chlorine level in the pool is carefully checked daily to ensure that it will not bleach the ladies' hair.

The environment also falls under the risk manager's portfolio and Intercontinental have strict rules in this regard. Frequent checks are made for the unlikely but highly dangerous Legionnaire's disease.

If you thought that risk management was just about security then this feature has probably broadened your perspective. As Hulatt correctly pointed out, the job of the general manager of a hotel is to generate revenue and not necessarily to look after the other aspects of day-to-day control. Today, those other crucial aspects relating to the safety and security of guests can be addressed through the use of an internal risk manager.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Key timelines to ensure compliance
Security Services & Risk Management
Regulations to the Occupational Health and Safety Act that apply to major hazard installations require that certain actions be taken to manage health and safety risks – some with timelines for compliance that must be monitored.

Best practice tips for strengthening data privacy system
Security Services & Risk Management Cyber Security
International cybercriminals are increasingly targeting South African organizations, making data privacy more difficult to maintain. A standardization expert offers insight to help combat this threat.

Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

Five ways to reduce your cyber insurance premiums
Security Services & Risk Management News
With the global costs of cybercrime expected to soar to $13 trillion within the next five years, cyber insurance is booming as organisations try to mitigate the risk of financial losses.

Client satisfaction boosted by 85% at Thungela Mine
Thorburn Security Solutions News Security Services & Risk Management Mining (Industry)
Thorburn Security, a division of Tsebo Solutions Group, has announced its recent collaboration with Kwa-Zulu Natal security company, Ithuba Protection Services, as part of its Enterprise Supplier Development (ESD) initiatives across Africa.

Migrating to the cloud? Beware the many hurdles
IT infrastructure Security Services & Risk Management
While there are undoubtedly many benefits, there are also numerous hurdles to cloud adoption. Some of the biggest challenges revolve around managing cloud spend, understanding the cost components of cloud infrastructure, and how those costs can scale.

Key strategies for businesses in the face of cyber threats
Cyber Security Security Services & Risk Management
Businesses face severe financial and reputational consequences due to data breaches and daily website hacks, and not all organisations are adequately prepared to combat these escalating threats.

Planning for the worst is key to success
Technews Publishing Security Services & Risk Management
Planning for the worst is key to success when disaster strikes. Amidst frequent load shedding and often unpredictable stages of power outages, many businesses are concerned about the possibility of a total blackout.

Protecting South African systems through XDR cybersecurity
Cyber Security Security Services & Risk Management
Carlo Bolzonello, Country Lead for Trellix South Africa, discusses how the country can protect its valuable digital assets through the artificial intelligence-enabled Extended Detection and Response (XDR) cybersecurity approach.

[Sponsored] Protecting Against Ransomware Attacks: Lessons from Recent POPIA Fine
Cyber Security Security Services & Risk Management
According to Sophos' most recent ransomware report, an alarming 78% of the South African organisations that Sophos surveyed experienced ransomware attacks in the past year.