Risk Management

Risk Management

By Name


Tutor’s Name




Table of Contents

Abstract. 3

Introduction. 4

Disaster Background. 4

Risk Management Cycle. 5

Risk Identification. 5

Risk measurement 6

Risk analysis. 7

Risk Decision. 8

Risk Implementation. 9

Risk Monitor and Review.. 10

Policy. 10

Risk Management Strategy. 11

Conclusion. 12

Works Cited. 13

Appendices. 14


This paper intends to highlight and discuss the risks a New York hotel faces after a natural disaster. In the aftermath of Hurricane Sandy, this hotel loses parts of its structure to the super storm, as it is wretched. This in turn leads to closure of the hotel for the next one month as it undergoes renovation. Other important issues discussed are the various aspects of risk management cycle as they relate to the case of this hotel. The company adopts different managerial strategies after Hurricane Sandy, to address the risk and alleviate its effects on the company in future. This comes after realization that insuring the company only is not enough to address risks, since after Hurricane Sandy, the hotel’s insurance was not sufficient in addressing the risk.


Natural disasters have negative impact on the economic development of a country. Vulnerability to natural calamities can be reduced if effective strategies are designed to deal with this. This will ensure employment and investments in the country are retained after natural calamities. In the global agenda, disaster preparedness is highly regarded as it ensures sustainable development. Therefore, long-term strategies can serve countries and specific companies well in case of a natural disaster or any other calamity. The case of this hotel in New York shows the importance of companies adopting and being committed to effective strategies of risk management, before, during, and after a risk. This new hotel registers poor risk management before hurricane Sandy, but the effects of the risk compels it to adopt newer strategies in order to risk manage the entire hotel from future natural disasters. (“World Economic Forum” 2011).

Disaster Background

Hurricane Sandy had devastating effects on the United States of America, as parts of it are vulnerable. The geographic location of this company puts it at a risk, as that it is still more prone to similar natural disasters in future. Hurricane Sandy led to the loss of life of more than 100 people in the U.S and the Caribbean, in addition to the damage worth billions of dollars. The scene around the hotel is still not pretty today as it was before the hurricane. Parts of the hotel building were destroyed because of the flooding waters and the strong winds and this left the hotel in bad shape. Because of this, all the clients had to be evacuated and the hotel could not open up to more clients. Water supply, power supply, communication lines, and roads leading to the hotel were disrupted. This compelled the hotel to close for one month in order to undergo renovation. This led to loss of many profits, which will have a long-term impact on the future of financial health of the hotel. Additionally, the hotel’s insurance company did not come in handy in fully compensating the losses experienced by the hotel. Moreover, the quoted insurance premiums for the next season have been hiked, because the insurer used a lot of money to compensate most of its clients affected by Hurricane Sandy. Alternative courses of action to address this predicament are, developing this risk management cycle, which will boost disaster preparedness and therefore minimize the height of damages in future. The hotel will consider alternative insurance products, distributed energy systems, boats for circumnavigating around the flooded area, and a backup for all hotel data. In the aftermath of hurricane Sandy, the company is faced with yet another storm to weather. The hotel’s insurer did not cover for some components of damages caused by Sandy. For example, damages caused by rain and wind were covered, however, damages caused by flood and storm surge were excluded, while others were covered with lower limits, leading to very high deductibles (Harrington & Niehaus, 2004).

Risk Management Cycle

The risk management cycle shows the procedure and steps a company will follow to alleviate future impact of risks (Ayling, 2008). The risk in this company was not a control risk, therefore, a considerable impact was certain whether risk preparedness was observed or not. However, risk preparedness would make the impact less immense. The steps are as follows.

Risk Identification

In risk management cycle, it is important to first identify the risk. The short history of this hotel shows that it had never been affected by a natural disaster, owing to its newness. This natural disaster led to the halting of hotel operations for three weeks, in which it had to cater for the high cost of renovation. Employees still had to be paid for this period, yet the business had come to a standstill. The expenditures ranked higher while the profits were null in this period. What heightened the situation is the little compensation offered by the hotel’s insurer, which did not count as the company footed most of the costs. More risk information will be sourced from employees, who have different opinions on the further risks that this situation presents to the company. Additionally, environmental websites will be useful in identifying further risks. Various tools and techniques including: Structured interviews, surveys and questionnaires, post-event reports, focus groups will be used to source for more risk information. Considering that this risk was in form of a natural disaster, identification of such global risks is essential. Therefore, the company will keep in touch with worldwide environmental events, and governments’ and public reactions to them. The importance of identifying risks is that it leads to a better understanding of the risk and helps in evaluating current controls and determining appropriate risk treatment strategies. Confusion to risk meaning is also minimized as risk duplication is prevented.

Risk measurement

In risk measurement, risk information and data is used to determine the degree of risk impact. This in turn helps to determine the probability of the risk to recur. Risk measurement can be qualitative or quantitative. In qualitative measurement, the probability of risk recurrence is generally determined, while in the quantitative measurement, the absolute severity is measured in financial terms, including the precise probability of risk recurrence. Qualitative risk measurement is generalized and easy to determine, as it does not measure precisely the extent of the risk. Nonetheless, this measurement is quite hard to determine (Goel, 2009).

This company uses the qualitative risk measurement due to some reasons. Most importantly, being a new company, this is the first natural disaster to hit the company, therefore, there are no past risk data or information on the same, from which the exact aspects of quantitative measurement can be determined. Hurricane Sandy affected many companies. Specifically, this hotel had to close business for three weeks to pave way for renovations and stable environment. Millions of profits were lost in this case, as the costs incurred were higher. Natural disasters are common, however, they are beyond the control of the company, and its employees, therefore, blame cannot be transferred to any parties. However, to reduce this risk, the strategies of risk management adopted must be highly adhered to by the whole company.

Risk analysis

In risk analysis, the available information is used systematically to determine the probability of a similar event happening in future. The degree of effects is also analyzed. This process also includes identifying the nature, extent, and degree of threat,  specifying the degree of the consequences, determining the available resources to manage the risk, developing methods to  protect people and  key resources and reduce overall losses; and finally, designing effective and appropriate management systems to implement and control.

The risk experienced by this hotel is an external risk. External risks are risks occurring due to forces acting from outside the company. These are caused by societal, global, and political trends. These are normally additional risks for companies to manage, since most companies concentrate more on the internal risks. This external risk was therefore, caused by forces in the natural environment, which are beyond the control of the company. Its impact was adverse on the company, as the company infrastructure was destroyed, as well as loss of profits. The company had specified controls in place to deal with such an issue. These controls were aimed at leveling the risk to an acceptable level, and were in form of a risk and disaster management program. However, evaluation of these controls through control self-assessment rendered them ineffective. This strategy was weak and ineffective due to its failure to address all issues encompassing this situation. This risk is most probably to recur in future, owing to the climate changes and the concept of global warming the earth is faced with. This is a reality the company has to accept, and instead of being caught unprepared by such events, the company is now investing in a detailed risk assessment strategy, which will come in handy in future. If this risk was to happen again, with poor company preparedness, the company may experience more loses, considering that it will have not fully recovered from this present predicament. However, if this company successfully implements its preparedness strategies, then it is more likely to be less affected in case of a recurrence of this event in future. This risk evaluation presents a high risk level, therefore, further risk treatment actions are required to level the risk and future risks.

Possible risk treatment options for risk management include avoiding the risk, reducing cause of the risk, reduce impact of the risk, share or transfer impact of the risk, or retain the risk by accepting the impact. Some of these actions must be applied as the current controls are incapable of managing the risk within defined tolerance levels.  Therefore, in addition to strengthening the current controls, the company will adopt additional controls. The choice of additional controls will be influenced by the cost of the action, cost benefit analysis. After selection of the actions, the company will incorporate the costs of the actions in the company budgeting process, and select an effective committee that will be responsible for execution of the actions. Setting the date of implementation is necessary. The performance measures will be performed by a higher panel, which will assess the progress of the committee. All tis will aim at reducing impact of the risk, since te company cannot transfer blame to a different party.

Risk Decision

Although risk measurements and analysis are taken, the risk does not go away. Therefore, important ways of dealing with the risk need to be adopted in order to alleviate the current risk. Risk decisions are made before, during, and after a risk. Before Hurricane Sandy, the company had not adopted a strong risk management strategy and did not anticipate a natural disaster. This lack of preparedness was wrong. However, when Sandy took effect, the company closed down, giving employees time to come in terms with the event, even as the hotel was under renovation. After the disaster, the employees were compensated, and the innovation of the hotel took into consideration future events, and so used stronger building materials. Alternative insurance products were also acquired to ensure full insurance against future natural disasters (Harrington & Niehaus, 2004). In addition, the decision to close the hotel is justified as this risk was whole-encompassing, affecting the whole organization.

Risk Implementation

This is an important step in the risk management cycle as here; crucial decisions are made on the adoption of strategies to alleviate future effects of risks (Crockford, 1991). The company made some commendable steps before and after the hurricane Sandy strike. First, the company ensured that none of its employees or clients was injured physically. Upon the government issuance of hurricane alert, the company advised its clients and employees to leave the premises for their own safety. In addition, the company renovated the destroyed sections of the hotel, and used stronger material in reinforcing the whole hotel structure, so that future storms do not wreck the hotel. The company also ensured integrity by compensating its employees for the three weeks they did not report to work, thus boosting their motivation. Finally, buying new insurance products for natural disasters was essential in ensuring full coverage of future natural disasters. The current hotel insurer did not cater for full compensation, hence increasing hotel expenditure.

Risk Monitor and Review

In order to ensure currency of risk information, regular monitoring and review of the risk information is crucial. This is because of the high dynamics in the contemporary world, leading to the dynamism of the risks as well. Wrong risk information is lethal, as leads to wrong decisions, which in turn deter risk management efforts. In this case, the company will use its key risk and control review as well as will update responsibilities so as to ensure continued currency of information regarding this risk presented as a natural disaster. In addition, the company will review the risk information on an annual basis. This company will be committed to risk monitoring and review by ensuring its full participation, including the employees, and to some extent, some external risk treatment experts. Additionally, the effectiveness of the risk management framework will undergo regular monitoring and reviewing. This review framework will address the extent to which risks of natural disasters will be managed throughout the company. Finally, the risk management process in the company will be enhanced by continued risk reporting at different stages in the process (Mitroff & Anagnos, 2001).


This final stage of the risk management cycle aims at ensuring that all the risk information gathered are used to adopt and implement effective policies that will help alleviate future risks. Hurricane Sandy has taught the company to remain committed to disaster preparedness, reduction, and response. The kind of policies adopted are in the form of guidelines, and promulgated protocols, and plans. The employees have been trained on these, and the company has involved external experts to contribute to the company’s risk management process. In this company, there were a number of flaws in past strategies dealing with natural disasters. The company, being new, assumed the occurrence of a natural disaster and so did not adopt effective disaster preparedness measures. However, during and after the disaster, the company took all the corrective measures to address the risk. The additional risk controls involve the internal and external company environments. Nonetheless, with regular reviews of these, the company boasts of an achievement toward alleviation of impact of future natural disasters.

Risk Management Strategy

The risk management strategy will involve the systematic application of management policies, practices, and procedures to company operation and the tasks of identifying, analyzing, assessing, treating and monitoring risk. As a process, it involves risk analysis, determining impact of the risk, and its importance to the company. It evaluates all relevant elements in the understanding of current or future hazards and their impact on the company. This evaluation is crucial in determining the vulnerability, reduction, prevention, and mitigation of risks. This will also help in the preparedness and response of the company to risks (Doherty, 2000).

The company has taken strategies to reduce future impact of risks by natural disasters. First, it has bought new insurance policies, which will fully compensate for all damages. Secondly, renovation of the hotel structure with stronger building material to withstand future storm will minimize havoc on the hotel structure. In addition to the laid down policies, the company has put in place structures and systems to ensure that stakeholders contribution to the company’s risk management. This is through the company’s current involvement with some national bodies concerned with disaster reduction and responsiveness activities, and disaster management systems. Capacity enhancement through training of the employees on disaster preparedness will enhance future response to disasters. Finally, the company has set aside resources in form of finances to address and facilitate all projects related to risk management in the company. The disaster management strategies will be reviewed time after time to enhance effectiveness. Most importantly, the committees set to address risk management will be instrumental in the recording the company developments and improvements in risk management.


In summary, the increasing global natural disasters continue to raise concerns on the concept of risk management in companies. Companies therefore need to put in place effective strategies to ensure reduction of the adverse effects presented by natural disasters. In the case of the highlighted company, risk and disaster preparedness before Hurricane Sandy was ineffective. Correct steps were only taken after the occurrence of the storm, which devastated the company. The realization that dependence on the company’s insurer was ineffective in fully addressing risks, prompted the company to adopt alternative course of actions, which are highlighted. The risk management cycle of the company reveals that most of the steps taken before the risk were wrong. However, it is also clear that the company should expect more natural disasters in future, hence the need to strengthen its risk management strategies. Nonetheless, the company has adopted commendable strategies, which are in line with the risk management cycle, to address risks and these will only be useful to the company if they are successfully implemented. Hurricane Sandy came as a blessing in disguise for this company, as it has opened the company to the aspect if risk management, which the company had paid little attention to.


Works Cited

Ayling, D 2008, “Corporate Risk Management.” Lecturer delivered for module ASB-4414 on 28

October 2008 at University of Wales, Bangor.

Crockford, N 1991, “Risk Management.” (1st ed.). London, Witherley.

Doherty, N 2000, “Integrated Risk Management: Techniques and Strategies for Managing

Corporate Risk.” London, McGraw Hill Professional.

Goel, S 2009, “Crisis Management: Master the Skills to Prevent Disasters.”New Jersey, Global

India Publications.

Harrington, S., & Niehaus, G 2004 “Risk management and insurance”. 2nd ed. New York, Tata

Mc Graw-Hill Education.

Mitroff, I. & Anagnos, G 2001, “Managing Crises Before They Happen: What Every Executive

and Manager Needs to Know About Crises Management.” New Jersey, AMACOM Div

American Mgmt Assn.

“World Economic Forum” 2011, A vision for managing natural disaster risk. Retrieved,





Diagram 1: The Risk Management Cycle

Source: (Ayling, 2008)


Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.