Upload
mario-takao-roma-momma
View
358
Download
2
Embed Size (px)
Citation preview
Literature Review
A risk management approach of possible risks faced by hotels during the current technological transition
Mario Roma Momma D14126773
The Effective Manager (MANG9001)
MSc Hospitality Management
18/11/2015
2,751 words
2
TABLE OF CONTENTS
1 – INTRODUCTION 3
1.1 DEFINITION OF RISK FROM A BUSINESS PERSPECTIVE 3
1.2 RISK MANAGEMENT AND STRATEGIC FLEXIBILITY 3
1.3 THE PURPOSE OF THIS PAPER 4
2 – THE SOURCES OF RISKS 5
2.1 WHICH ONES ARE THEY? 5
2.2 - HOTEL INFORMATION TECHNOLOGY (IT) SECURITY 8
2.3 – THE COST OF (NOT) MANAGING THE RISK OF IT SECURITY 8
2.4 - THE RISK OF BAD ONLINE REVIEWS 9
3 - CONCLUSION 10
4 – SAFE ASSIGNMENT (4%) 11
3
1 – Introduction
1.1 Definition of risk from a business perspective
Risk management is a model that qualitatively or quantitatively analyses a business
environment in terms of risks, based on a particular strategy that aims to reduce
and/or eliminate potential negative outcomes derived from exploring opportunities
(Waring & Glendon, 1998; Crockford, 1991; Aven, 2009). Thus, properly managing the
risks involved in exploring opportunities can lead to positive outcomes, as it is
demonstrated by Grace, Leverty, Philips & Shimpi (2015). In addition, Aven (2009)
defends that one of the main categories of risk management in a company is the
strategic risk, which is related to its long-term strategy and plans, being technology,
amongst others risks, a crucial one. (Aven, 2009, Waring & Glendon, 1998: 333-58).
1.2 Risk Management and Strategic flexibility
According to Vecchiato (2015), companies need to be prepared to radically transform
an organization given the rapid evolution of technology, the rivalry environment
amongst competitors and globalization. This scenario forces companies to always be
alert for the need to change, to be agile and adaptable (Markides, 2004).Hence it is
relevant to assess the extent to which a company can manage the risks involved in
quickly adapting to radical changes. In addition, given an uncertain new scenario, it is
crucial to understand not only what could be a detriment but more importantly, what
the potential benefits of managing risks are (Aven, 2009).
Technology has been rapidly evolving and according to Thakran & Verma (2013) the
hotel industry is passing from a disintermediation era to a hybrid era, driven by new
interactive technology, which affects the way that rooms are distributed and the
relationship between hotels and guests, implying that hotels must change the way that
technology has been lately seen and used.
Certainly, hotels have to define corporate and marketing strategies under this
uncertain new technological environment and it is suggested that risk management
plays an important role in order to be strategically flexible (Dwyer, Cvelbar, Edwards,
Mihalic, 2014). Assessing uncertainties starts by gathering information about the
possible problems and threats, followed by assessing the risk big picture, estimating
4
risk frequencies, analyzing causes, consequences, cost-benefit and cost-effectiveness.
As a final phase, the risk must be treated by comparing with acceptance criteria and,
when needed, implement risk reduction measures. (Waring & Glendon, 1998: 25;
Aven, 2009:9).
1.3 The purpose of this paper
The next paragraphs address the relevant aspects regarding the way that hotels could
proactively manage risk when facing new technologies. The objective is to analyze
what risks a hotel is facing by having to adapt to new technologies, as Waring &
Glendon (1998) argue that one of the major concern of a firm is related to the timing
and speed of changing to a new technology as well as choosing the wrong technology
for a firm’s changing needs. As a conclusion, this paper recommends risk management
strategies for hotels in order to successfully adapt to new, as well as to suggest
possible areas for future research.
5
2 – The sources of risks
Technology has been rapidly advancing and the hotel industry is trying to keep up with
the technological advancements (Carlino, 2014). It is suggested that the businesses
that struggle to adapt miss good opportunities and run the risk of allowing competitors
to build better competitive advantages (Vecchiato, 2015). It is argued that the hotel
industry is facing the need of changing to self-service technology (SST) as well as to
adapt to new security needs, which combined can form the competitive advantages of
better enhanced customer services and safe operations (Kim, Farrish and Schrier,
2011; Kelly, Lawlor & Mulvey, 2013). Also, Thakran & Verma (2013) argue that hotels
are now living the hybrid technological era where guests today have a combination of
different devices (computers, tablets, smartphones and possibly interactive glasses) to
visit the hotel’s channels to compare and book rooms, and to share experiences at any
time of the day (Carlino, 2014; Thakran & Verma, 2013). Therefore, it is plausible to
accept that such real-time long-reaching exposure can offer significant risks to a hotel
that deserve to be properly managed.
2.1 Which ones are they?
According to Meuter, Ostrom, Roundtree & Bitner (2000) SST is a technology-based
service that allows customers to independently generate outcomes, without the need
of an employee involvement. Besides the fact that literature specifically discussing the
risks that SSTs offer to a hotel do not seem to be a priority, analyzing studies on
consumer behavior and evaluation of SSTs usage (Shamdasani, Mukherjee & Malhotra,
2008; Kelly et al., 2013; Meuter et al., 2000) as well as the long term effect of SSTs
(Scherer, Wünderlich & Wangenheim, 2015), can indicate the potential risks involved.
Carlino (2014) interviewed hotel owners and operators about the technological trends
and it is implied that guests, specially the premium ones, tend to prefer SST check-ins.
However Kelly et al. (2013), with their exploring study on customer experience with
SSTs provided insights in terms of potential risks generators for hotels. Such topics
include consumer preferences, price, security, trust, privacy and effectiveness. In
relation to preferences and price, Kelly et al. (2013) argue that yet, that are people
that would rather speak to a person instead of engaging with a SST kiosk because of
6
various reasons. Hence, there is a contrast between Kelly’s et al. (2013) findings and
the observations made by one of Carlino’s (2014) interviewee, and this contrast
configures a risk in the sense that, from a hotel point of view, it is not straightforward
to understand if it is good to invest in a technology that some customers might like it
and some others would not. In addition, in terms of price, customers expect to pay a
lower price when booking online instead of buying through a person (Kelly et al.,
2013). The risk thus increases: not only a hotel would not know the acceptance level of
the investment made on SSTs but also its customer is expecting a lower price. It is not
clear that the hotel could reduce its price by having the costs of investment in a SST
technology, the regular maintenance of it and yet having a payroll as an expense.
In terms of security and privacy, when a money transaction occurs, customers prefer
to deal only with trusted companies, which reinforces the argument that technology
risk is the main concern when purchasing online and can significantly reducing the
consumer intention to spend in case the hotel does not have a certain level of trust
amongst customers for instance (Herrero & San Martin, 2012).
Despite the difficulty of finding articles specifically discussing the risks involved in
implementing SSTs in hotels, one can argue that, according to Waring & Glendon
(1998) and Aven (2009), hotel managers and owners should assess these risks by
understanding the causes and consequences as well as the cost-benefit and cost-
effectiveness of the risks. One of the interviewees from Carlino (2014) argues that, in a
hotel, the two major concerns in terms of technology are the costs involved and the
return on investment (ROI). Here, it would not be a bad idea for researchers to focus
on empirically studying the financial return and feasibility of hotel investments on SST.
The financial risk in terms of investments in new technologies and the respective ROI
cannot be neglected. As it is suggested by Scherer et al. (2015), firms should not switch
to SSTs completely, implying that customers would be disloyal to a firm if they faced
the extremes of either having only the option of a technology-based SST or only the
option of a personal service. A mix of service channels could thus be the solution. If yet
there are people that look for a personal assistance, and the reasons for that seem to
be significant (Kelly et al., 2013), a hotel must assess the risk of investing a
considerable amounting of money to implement SST and still need to have employees
to do the same job that the SST does. It is not yet clear if a hotel would have double
7
the cost instead of reducing costs in the case where SST entirely substitutes
employees. For instance, what if there is a high perceived risk when using a hotel SST
due to a potential cyber attack (Cellan-Jones, 2015), or even because of several
possible dissatisfaction incidents (Meuter et al., 2000), customers stopped using SST
and went all back to the regular face to face mode? This is the type of assessment that
Waring & Glendon (1998) exemplifies and that is not very clear in a hotel context. As it
is suggested by Aven (2009) and Waring & Glendon (1998) this is an investment risk
that should be measured and carefully dealt in terms of feasibility, measured by the
savings estimations versus the cost that employees would still represent for the
company.
But this risk either seems to be neglected or really well assessed. The number of hotels
opting for self service check-in is growing (Worgull, 2014). From a different angle, yet it
is not clear either how to manage the risks related to mass dismissal of employees in
case they all were substituted, or the risk of data security, as passport details, needed
for checking-in, could be stolen.
Customer perceptions of technological risks can be related to security and privacy as
pointed by Kelly et al (2013) and Shamdasani et al. (2008) argue that the usage of SSTs
is subject to a certain level of uncertainty that directly affects the perceived value of
service quality however, when this uncertainty is properly managed, it raises the
chance of its continuous usage and could improve customer satisfaction. Hence,
deeply understand the customers’ perceived risks of implementing SST is crucial in
order to not lose customers due to low levels of quality service perception. As it is
suggested by Shamdasani et al. (2008), a possible way to overcome this potential risk is
to educate customers by providing easy step-by-step guides and live demonstrations
of how secure to perform transactions online is. Although Shamdasani’s et al. (2008)
findings come from the context of internet banking, these insights could also be
studied in a hotel context. Herrero & San Martin (2012) suggest that companies
offering e-commerce platforms can reinforce safety and privacy in order to strengthen
their trust. This addresses the issue of sales decrease due to the technology risk but, it
does not address the issue from a risk management perspective, and that is where the
gap lies on. One could question the extent to which a firm is losing because of that
8
perceived risk and assess the level of riskiness and then decide whether or not, to
invest in technology.
These literature gaps offer researchers insights for further investigation. For example,
to evaluate the technological-based risks of SSTs and the impact on ROI or on
customer retention in hotels.
2.2 - Hotel information technology (IT) security
Not only should hotel managers consider internal system failure and environmental
hazards that could damage the system, but external threat is a major risk to be
managed (Waring & Glendon, 1998). A hotel operator interviewed by Carlino (2014)
argued that maintain IT security is not an easy task. Despite the facts that, (a) it is a
Payment Card Industry (PCI) Security Standards Council’s (SSC) requirement to have IT
security policies (PCI, 2015), and (b) hotels seem to not face significant budget
constraints to invest in IT security measures (Kim et al., 2011), O’Connor (2007) argues
that the majority of third-party online companies are not able to ensure that
customers’ data are protected, supporting the argument that hotels lack of technology
security risk management (Kim et al., 2011). The heart of the IT risk lies on not having
(a) a dedicated it department (Kim’s et al., 2011), (b) a high level of IT security
expertise (DeMicco, 2007), (c) employees with IT training and background and (d) high
protection data software that meets PCI’s requirements (Kim et al., 2011). The possible
consequences of badly managing this risk is alarming: according to PCI SSC, a firm
having an IT security incident faces severe reputation damage, catastrophic losses,
lawsuits and cancelled accounts (PCI).
2.3 – The cost of (not) managing the risk of IT security
DeMicco (2007) argue that the most frequent computer crimes committed to a hotel
are hacking (accessing private data without authorization), theft of technology and
fraud. The same month that this paper was being written, Talk Talk, a phone and
broadband service provider that has more than four million customers in the UK, had
their entire customer’s data, that were not all encrypted (safe), stolen, including
names, addresses, dates of birth, emails, phone numbers, credit card numbers and
bank details, which resulted in an instantly share price drop of circa 10% (Cellan-Jones,
9
2015). According to Law & Jogaratnam (2005), Kim, Lee & Ham (2013) and O’Connor
(2007), hotel information systems hold important information about customers,
making hotels an easy prey for cyber criminals. And it is not only about a hotel
assessing the level of vulnerability, it is also about assessing the quantitative risk, or
potential losses (Waring & Glendon, 1998). With the Talk Talk example, the question
that could have been asked before the incident is what the maximum compensation to
be paid per customer would be, which multiplied by over four million customers would
have given the total possible loss of such an unmanaged risk. That number might have
motivated the company to at least make sure the data was encrypted.
2.4 - The risk of bad online reviews
As implied by Thakran & Verma (2013), a bad online review can be disseminated to
anywhere in the globe in seconds through several devices and in several platforms.
Perhaps this is a risk that could also be managed simply because not surprisingly,
negative online reviews can reduce a hotel’s sales (Xie, Zhang & Zhang, 2014).
However, despite the fact that most managers are aware of the importance that
customers give to online reviews, only a reduced number actually respond to negative
ones Freed (2011). Cheng & Loi (2014) argue that not only controlling the internal
problem that generated the bad online review, managers can control how to
effectively respond to bad online reviews. However, Xie et al. (2014) argue that when
bad reviews are specifically related to cleanliness, the more the manager respond to
such reviews the worse is the guest’s cleanliness perception.
Despite the fact that this topic has been well discussed over the past years, and
provides possible solutions from a risk management perspective, an empirical study
measuring the possible online risk generators, their actual value to the hotel and the
possible paths to the decision making process could be considered.
10
3 - Conclusion
It was strived to demonstrate that as the technology advances and hotels become
more adept to implement technology-based platforms, risks emerge in terms of (1)
system failure, consumer behavior disapproval and investments, (2) hacking,
customers’ data theft and trust, and (3) bad online reviews. In a rapidly evolving
business landscape these risks configure a major threat by potentially (a) losing the
basis to create competitive advantage, which is financial resources, customer
relationship and quality service (Kim et al., 2011; Kelly et al., 2013; Scherer et al., 2015;
Shamdasani et al., 2008; DeMicco, 2011), and (b) being less strategic flexible because
of lack of understand and management of external uncertainties (Vechiatto, 2015;
Markides, 2004; Shimizu & Hitt, 2004). Saied (1990) published a very general guide
demonstrating the appropriate approaches that managers needed to consider in
regards to hotel risk management. Evidentially, given the article’s date of publication,
online-based technology was not part of the content, however security, training and
emergency procedures (crisis situation) had a clear list of indispensable “checklist” in
order to maintain the hotel’s security. Scholars could turn their attention to such
approach and empirically update it by including the risks involving the new
technologies above discussed.
As shown, literature forming the basis of potential IT security risks that hotels face is
available. The literatures here reviewed provide basis for the problem definition and
objects of risk, the initial steps of risk management (Waring & Glendon, 1998; Aven,
2009). However, the only hotel risk management article was published in 1990 when
hotels did not depended on the same technology available today.
It is clear the risks for a hotel in adapting to new technologies, what is not clear is the
hotel’s approach to risk assessment, analysis of cause and consequences, cost-benefit
and cost-effectiveness in the context of having to change or adapt to new
technologies.
11
4 – Safe Assignment (4%)
12
List of References
Aven, T. (2009) Risk Analysis, Assessing Uncertainties Beyond Expected Values and
Probabilities, England: Wiley Carlino, N (2014) Owners/operators share their top technology needs, goals, Hotel Business,
Tech Trends, August, pp. 18-26 Cellan-Jones, C. (2015) TalkTalk cyber-attack: Website hit by 'significant' breach, United
Kingdom: BBC. Available from: http://www.bbc.com/news/uk-34611857 [31/10/2015] Cheng, V. T. P. & Loi, M. K. (2014) Handling Negative Online Customer Reviews: The Effects of
Elaboration Likelihood Model and Distributive Justice, Journal of Travel & Tourism Marketing, 31, pp. 1-15
Crockford, N. (1991) Risk Management – Insurance Learner, London: Whiterby DeMicco (2007) To Be Secure or Not to Be: Isn’t This the Question? A Critical Look at Hotel’s
Network Security, International Journal of Hospitality & Tourism Administration, 8(1), pp. 43-59
Dwyer, L. M., Cvelbar, L. K., Edwards, D. J. & Mihalic, T. A. (2014) Tourism Firms’ Strategic
Flexibility: the Case of Slovenia, International Journal of Tourism Research, 16, pp. 377-387
Freed, J. Q. (2011) How to respond to hotel reviews, Hotel News Now. Available from
http://www.hotelnewsnow.com/Article/5276/How-to-respond-to-hotel-reviews [30/10/2015]
Grace, M.F., Leverty, J. T., Philips, R. D. & Shimpi, P. (2015) The value of investing in enterprise
risk management, The Journal of Risk and Insurance, 82(2), pp. 289-316 Herrero, A. & San Martin, H. (2012) Effects of the risk sources and user involvement on e-
commerce adoption: application to tourist services, Journal of Risk Research, 15(7), pp. 841-855
Kelly, P., Lawlor, J. & Mulvey, M. (2013) Customer decision-making processes and motives
for self-service technology usage in multi-channel hospitality environments, International Journal Electronic Customer Relationship Management, 7(2), pp. 98-116
Kim, H., Lee, D. & Ham, S. (2013) Impact of hotel information security on system reliability,
International Journal of Hospitality Management, 35, pp. 369-379 Kim, J. S., Farrish, J. & Schrier, t. (2013) Hotel Information Technology Security: Do Hoteliers
Understand the Risks?, International Journal of Hospitality & Tourism Administration, 14, pp. 282-303
Law, R. & Jogaratnam, G. (2005) A study of hotel information technology applications,
International Journal of Contemporary Hospitality Management, 17(2), pp. 170-180
13
Madanoglu, M. (2011) Entrepreneur’s Dilemma: Hotel Investments in Emerging Markets, FIU Hospitality Review, 29(2), pp. 55-69
Markides, C. (2004) What is strategy and how do you know if you have one?, Business Strategy
Review, 15(2), pp 5-12 Meuter, M. L., Ostrom, A. L., Roundtree, R. I. & Bitner, M. J. (2000) Self-Service Technologies:
Understanding Customer Satisfaction with Technoiogy-Based Service Encounters, Journal of Marketing, 64, pp. 50-64
O’Connor, P., 2007. Online consumer privacy: an analysis of hotel company behavior.
Cornell Hotel & Restaurant Administration Quarterly, 48(2), pp. 183–200. Payment Card Industry (PCI) Security Standards Council (2015) Requirements and Security
Assessment Procedures Version 3.1, PCI Data Security Standard Payment Card Industry (PCI) Why Comply with PCI Security Standards?, PCI Security Standards
Council. Available from https://www.pcisecuritystandards.org/security_standards/why_comply.php [30/10/2015]
Saied, J. (1990) Approaches to risk management, The Cornell H.R.A. Quarterly, August, pp. 45-
55 Scherer, A., Wünderlich, N. V. & von Wangenheim, F. (2015) The value of self-service: long-
term effects of technology-based self-service usage on customer retention, MIS Quarterly, 39(1), pp 177-200
Scott, I. (2015) How to respond to negative online reviews, Hotel News Now. Available from
http://www.hotelnewsnow.com/Article/15854/How-to-respond-to-negative-online-reviews [30/10/15]
Shamdasani, P., Mukherjeeb, A. & Malhotrac, N. (2008) Antecedents and consequences of
service quality in consumer evaluation of self-service internet technologies, The Service Industries Journal, 28(1), pp. 117-138
Shimizu, K. & Hitt, M.A. (2004) Strategic flexibility: Organizational preparedness to reverse
ineffective strategic decisions, Academy of Management Executive, 18(4), pp. 44-59 Thakran, K. & Verma, R. (2013) The emergence of hybrid online distribution channels in
travel, tourism and hospitality, Cornell Hospitality Quarterly, 54(3), pp. 240-247 Vecchiato, R. (2015) Strategic planning and strategic flexibility in turbulent environments,
Foresight, 17(3), pp. 257-273 Xie, K.L., Zhang, Z. & Zhang, Z. (2014) The business value of online consumer reviews and
management response to hotel performance, International Journal of Hospitality Management, 43, pp. 1-12
Waring, A. E. & Glendon, A. I. (1998) Managing Risk, Critical issues for survival and success into the 21st century, London: Cengage, pp. 3-45; 108-125; 333-358; 391-423
14
Worgull, S. (2014) More hoteliers opt for self-service check in, Hotel News Now, Available from: http://www.hotelnewsnow.com/Article/14752/More-hoteliers-opt-for-self-service-check-in [30/10/2015]