Risk Management is defined as:

An iterative process consisting of well-defined steps which, taken in sequence, support better decision-making by contributing a greater insight into risks and their impacts. The risk management process can be applied to any situation where an undesired or unexpected outcome could be sig- nificant or where opportunities are identified (p. iii).

These terms are important because they draw our attention to proactive opportunities to take control of a situation through early identification and prevention of risk, as well as strategies to manage risks that emerge from time to time. There is always a chance of some undesirable event occurring, so effective risk management aims to prevent an event esca- lating ‘out of control’ and becoming a crisis. According to the Pacific Asia Travel Association (PATA, 2003, p. 2), a Crisis can be defined as:

Any situation that has the potential to affect long-term confidence in an organization or a product, or which may interfere with its ability to continue operating normally.

When a Crisis, in turn, escalates we then have a Disaster, defined by Zamecka and Buchanan (2000, p. 8) as:

A catastrophic event that severely disrupts the fabric of a community and requires the intervention of the various levels of government to return the community to normality.

The view presented in the APEC report was that a systematic approach to risk man- agement by both the tourism industry and governments will in many cases prevent a crisis or disaster from occurring (Wilks & Moore, 2004). However, not all adverse events can be avoided, so risk management must be used to respond quickly and effectively to negative situations. Government leadership is critical for the success of this process, since in the final analysis it is the government at each tourist destination that has the resources and the responsibility to provide a safe experience for visitors.

The benefit of the WTO framework for identifying sources of risk is that it shows where tourism is exposed to threats. For the tourism-related areas and with individual travellers the industry can take an active and leading role in risk management. Where events exter- nal to tourism are the source of threats the industry must establish partnerships with other specialist agencies.

disaster response agencies (International Strategy for Disaster Reduction, 2002). Indeed, many of the traditional crisis and emergency classification frameworks are now being chal- lenged and replaced by the risk management approach advocated here (see Crondstedt, 2002).

The Australian and New Zealand Standard for Risk Management (Standards Australia and Standards New Zealand, 1999) provides a step-by-step framework for taking control of risks and their impacts. The basic framework is presented in Figure 1.2, and is well suited to managing the risks associated with the tourism industry.

The important thing to note about effective risk management is that the five central steps need to be implemented in sequence and then continually evaluated through monitoring/review and communication/consultation. Having a documented plan that sits on the shelf is often more dangerous than not having a plan at all. For the purpose of this chap- ter, only the first two steps in the risk management process will be discussed. It is in starting the process that most current issues and challenges for tourism are to be found. A full descrip- tion of the process, with tourism examples provided is available in Wilks and Moore (2004).

Risk Management Step 1 — Establish the Context

The first step in the risk management process is focused on the environment in which any tourism organization or destination operates. This is the point where basic parame- ters or boundaries are set within which risks must be managed. This step requires an understanding of crucial elements that will support or impair the risk management process. Among the crucial elements are internal and external stakeholders. In the case of tourism, without the support of senior government officials there is little point in con- tinuing the process. This was the point made about government leadership previously. In addition to the national government, the following stakeholder groups should be involved in the risk management process at this early stage:

● Politicians (at all levels of government) who may have an electoral or portfolio interest

● Union groups

Communicate and consult

Establish context

Identify risks

Analyse risks

Evaluate risks

Treat risks

Monitor and review

Figure 1.2: Risk management overview.

Source: Standards Australia and Standards New Zealand (1999). With permission.

● Financial institutions

● Insurance organizations

● Tourism businesses and related commercial interests at each destination

● Regulators and other government organizations that have authority over activities (e.g., police, emergency services)

● Non-government organizations such as environmental and public interest groups

● The media, who are potential stakeholders as well as conduits of information to other stakeholders.

A critical decision at this first stage is which group or agency should be given the lead role in risk management/crisis or disaster response. This is where an understanding of the risk, crisis and disaster definitions is important. Traditionally, risk planning and low-level prob- lems are retained by tourism authorities (e.g. educational campaigns for tourists about sun protection). A crisis response is traditionally coordinated by police (e.g. a hotel fire), whereas a disaster (e.g. a major flood) is managed by emergency services, often with assis- tance from the military. In establishing the risk management context for any tourism des- tination, the roles and responsibilities of various stakeholders must be made clear at the outset. This should be documented as part of national policy, and linked to any wider gov- ernment disaster management plan. Legislative authority and resources must be in place.

The view expressed in the APEC report (Wilks & Moore, 2004) was that, where possi- ble and appropriate, the police should be given the lead coordinating role in all levels of risk response, since they have legal authority to act on behalf of the government in a range of situations. Tourism has a major responsibility to ensure that policy, plans and partner- ships are in place across the tourism sector to support the active role of the police in the event of a crisis situation. One way of achieving these aims is through the formation of a National Tourism Safety and Security Committee (Wilks, 2003b).

There are two main issues for tourist health, safety and security at this first step. One is that tourism traditionally does not engage fully with health, law enforcement or emergency service agencies in prevention and planning activities, instead relying on these agencies only when problems arise. The general lack of coordination between tourism and health authorities in many destinations affected by SARS is testimony to this lack of existing col- laborative relationships. The second issue is the need to convince governments at the high- est level of the importance of protecting tourism. In the APEC report this formed the lead chapter titled ‘Protecting Tourism’, which documented the economic benefits of tourism to the 21 APEC member states through income, jobs and foreign investment and trade oppor- tunities (Wilks & Moore, 2004). Only by having genuine commitments at the highest lev- els of government can the tourism industry cater for the safety of visitors in turbulent times.

Risk Management Step 2 — Risk Identification

The second step in the risk management process is identifying the risks to be managed.

According to the Australian/New Zealand Standard, comprehensive identification using a well-structured systematic process is critical, because a potential risk not identified at this stage is excluded from further analysis. Identification should include all risks, whether or not they are under the control of the tourist destination or national government.

Examination of the potential ‘indirect’ shocks to the tourism industry identified in the

Queensland Tourism Crisis Management Plan (Table 1.3) shows that risks such as cur- rency fluctuations and economic downturns are largely beyond the ability of any one gov- ernment to control. However, a fairly comprehensive general list of possible risks can be developed based on the WTO framework and the various tourism industry and government sources discussed earlier.

It is also worth adding general business industry publications to the list of risk sources because for a destination they can be very influential, even if they are not specif- ically directed at tourism. A good example is the annual RiskMap published by Control Risks Group in London (www.crg.com). RiskMap is described as a guide to conducting business in an uncertain world. Countries are rated according to two types of risk — Political and Security — on a five level scale (insignificant, low, medium, high and extreme) with accompanying commentary. For potential investors and global companies involved in tourism-related activities these risk assessments can have far-reaching con- sequences. By way of illustration, the 2003 ratings for APEC economies are presented in Table 1.4.