When most people think of risk management they focus on the health and safety issues such as:
· Food Safety and Allergens
· Slips, Trips, Fall and other physical hazards
However, there are a few other areas that also need to be considered, these are:
· Cyber Security
· Natural Disasters
· Reputation risks i.e online reviews
The Food and Hospitality industry unlike most industries does not have a standardised or regulatory framework to guide risk assessment management strategies. So, while most business are aware that they must manage health and safety risks in the workplace ensuring that people are protected as far as is reasonably practicable, they often forget to carry out risk assessments to protect their business.
In 2019 55% of businesses faced a cyber-attack, with the average cost coming to a shocking £176,000 according to the insurance provider Hiscox. However, the hospitality business sector has invested the least financially. While you maybe thinking that you do not hold a large database of personal data regarding your customers, you still hold employee files, recipes, and other confidential information in electronic format. Any organisations reliant on computer systems for data storage, to manage order and control operations are attractive targets.
Just think about how much we do using computer systems, not only do you most likely use a computer for your ordering, finances, emails, and your reservations system, your entire till system will be a computer-based system that could be hijacked. Imagine coming into work one morning and not being able to do something as basic as put through a payment, do you have a plan in place? If 2020 has taught us anything it is to expect the unexpected and plan for it.
Hackers could also hijack your payment system if you use a web-based system, redirecting all payments to themselves, causing cash flow issues. Not to mention the damage a cyber attack could do to your reputation. The most common hacker attack is ransomware that either encrypts your data or locks you out of your systems, where the hackers then demand payment to access your own software
So, what can you do to protect yourself:
· Invest in antivirus software – it does not have to be the most expensive or the most up to date software just make sure that the patches are up to date and you have done your homework to ensure you are getting the protection you need
· Carry out regular data backups and testing that it can be quickly restored.
· Store your back ups separately and keep them isolated from the main system
· Train your employees on recognising and avoiding phishing emails
· Use sensible passwords and have a security policy in place
· Do not punish employees for security mistakes and encourage employees to report any security issues quickly
· Ensure your insurance covers cyber attacks for worst case scenarios
· Check any contracts you have with your and suppliers
It is most likely that before COVID-19 you did not really think much about natural disasters outside of your insurance policy. However, 2020 has made the entire industry sit up and take notice that there are times when things happen that are beyond our control, however we still need to carry out assessments in case the worst happens.
When most people think of natural disasters they think of floods or fires and what would happen if this were to happen, pretty much all businesses will have a clause in their insurance for if this, which will allow you to be able to get back open as quickly as possible. However, what would you plan be if you are forced to close for a pandemic? Hopefully this will not happen again any time soon, but we should learn from it. If you were told in a year, 5 years etc that you had to close your business again, would you have the procedures in place to do this?
Once you are back on your feet it is time to put in place systems that should the worst happen again your business is ready. Things you will need to consider are
· Create and implement emergency procedure policies (if you do not already have them)
· Put in place procedures for raw materials, ingredients, and products, you might want to consider talking with your suppliers to add a clause to your contract regarding returning items to them in the event you have to close
· Redistribution of surplus ingredients or products can keep revenue coming in during a closure by offering different experience and product i.e. delivery service or you could put in place a policy where excess goes to local food banks or other organisations that need those supplies
· Put in place a procedure for the cleaning of all your equipment and machines in event of a long closure (clean your beer lines and leave the water in them, turning off coolers etc)
· Pest control, if your business is closed for an extended period you will need to ensure that no pests can get in
· Who will be looking after the premises while it is closed? Designate a caretaker who will take care of the site while the business is closed.
· Do you need to arrange extra/cancels waste collections?
· Employee communication and training – this is crucial as any form of closure is likely to be stressful to your employees. Ensure they know what will happen in any closure event, will there be opportunities for work, what your plans are, when will you be opening again etc
· Have a rainy-day fund, how many of us wish we had one of these for 2020? Start putting away some money just in case the worst happens, being able to support your business through a closure takes some of the stress off you and will enable you to be able to plan for what happens next.
It is important to recognise the impact that a positive or negative reputation can have on the success of any business. You could offer the best food in the world, but if you have a bad reputation it will not matter. With the ever-increasing reliance of customers on review sites like trip advisor your reputation has never been more important, one bad review is now available for the world to see.
So what can you do to control the risks to your reputation?
· Brainstorm potential scenarios that could damage the public’s perception of your business, once you have identified the risk you can look at putting procedure to minimise the risk to your business
· Put in place control processes, whether these are standardisation, technological, policies or procedures. These will reduce the likelihood and severity of events that could damage your reputation.
· Understand that all actions can affect public perception.
· Managers should lead by example
· Ensure all employees are trained in the procedures you have put in place and are aware of how to respond and what they can do in certain situations i.e., can they offer free drinks or desserts, at what point should they get a manager involved etc
For more information regarding handling complaint see out blog on complaint handling
We could not do a risk management blog with out looking at Health and Safety Risk as this is the biggest area within our industry when it comes to risk assessments and is an area that we are required by law to ensure we comply with. As a business owner you are required to assess all activities that could cause harm and take the steps necessary to reduce the risk.
You can do this by:
· Walking around the premises and looking to see what could cause harm, with a focus on risks that could cause serious injury or ill health
· Speak with your employees to see if they have any concerns regarding potential risks
There is no official template format for what a health and safety risk assessment should look like, however the format should include the following:
· Description of the Task
· Who will be carrying it out?
· Who will be affected?
· What are the hazards
· What could go wrong
· Any potential injuries and the severity
· How like is the risk
· What can be done to minimise the risk?
· Any information required to minimise the risk i.e. PPE, procedures
· When the risk will be reviewed
Generally, risk assessments are carried out yearly or when new equipment is purchased.